From 6704426c19b9702447c8bde621a4971fbe030248 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Mon, 29 Nov 2021 10:47:36 +0100
Subject: [PATCH] interfaces: repair getenv() breakage in ea6b5bda52409 the
 right way #5367

Moral of the story: don't try to call backend scripts to grab env
variables that you could easily read using the acual nameserver
script sort of like dhclient-script is doing it.

ALLOWOVERRIDE is silly as we guard against that in get_nameservers().
---
 src/etc/inc/interfaces.inc                    | 13 ++++++++--
 src/etc/inc/system.inc                        | 10 ++++----
 src/etc/rc.newwanipv6                         | 25 -------------------
 .../scripts/interfaces/dhclient-script        |  7 ++----
 4 files changed, 18 insertions(+), 37 deletions(-)

diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc
index 6ad5ab7c5..0037c389b 100644
--- a/src/etc/inc/interfaces.inc
+++ b/src/etc/inc/interfaces.inc
@@ -2995,15 +2995,24 @@ if [ -n "{$syscfg['dhcp6_debug']}" ]; then
 fi
 case \$REASON in
 REQUEST)
+    /usr/bin/logger -t dhcp6c "dhcp6c \$REASON on {$wanif} - running newipv6"
+    rm -f /tmp/${wanif}_nameserverv6 /tmp/{$wanif}_pdinfo /tmp/${wanif}_searchdomainv6
     if [ -n "\${PDINFO}" ]; then
         echo \${PDINFO} > /tmp/{$wanif}_pdinfo
     fi
-    /usr/bin/logger -t dhcp6c "dhcp6c \$REASON on {$wanif} - running newipv6"
+    if [ -n "\${new_domain_name}" ]; then
+        echo \${new_domain_name} > /tmp/${wanif}_searchdomainv6
+    fi
+    if [ -n "\${new_domain_name_servers}" ]; then
+        for NAMESERVER in \${new_domain_name_servers}; do
+            echo \${NAMESERVER} >> /tmp/${wanif}_nameserverv6
+        done
+    fi
     /usr/local/sbin/configctl -d interface newipv6 {$wanif}
     ;;
 EXIT|RELEASE)
     /usr/bin/logger -t dhcp6c "dhcp6c \$REASON on {$wanif} - running newipv6"
-    rm -f /tmp/{$wanif}_pdinfo
+    rm -f /tmp/${wanif}_nameserverv6 /tmp/{$wanif}_pdinfo /tmp/${wanif}_searchdomainv6
     /usr/local/sbin/configctl -d interface newipv6 {$wanif}
     ;;
 *)
diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc
index 1913c4007..1beab3c21 100644
--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -336,7 +336,7 @@ function get_nameservers($interface = null)
     $master_list = array();
 
     $dns_lists = glob('/tmp/*_nameserver*');
-    $exclude_interfaces = array();
+    $exclude_interfaces = [];
 
     if (!empty($interface)) {
         /* only acquire servers provided for this interface */
@@ -349,16 +349,16 @@ function get_nameservers($interface = null)
     }
 
     if (isset($config['system']['dnsallowoverride_exclude'])) {
-        foreach (explode(",", $config['system']['dnsallowoverride_exclude']) as $intf) {
+        foreach (explode(',', $config['system']['dnsallowoverride_exclude']) as $intf) {
             if (isset($config['interfaces'][$intf])) {
-                $exclude_interfaces[] = $config['interfaces'][$intf]['if'];
+                $exclude_interfaces[] = get_real_interface($intf);
+                $exclude_interfaces[] = get_real_interface($intf, 'inet6');
             }
         }
     }
 
     foreach ($dns_lists as $fdns) {
-        $intf = explode("_", $fdns)[1];
-        $intf = strpos($intf, "v6") === 0 ? substr($intf, 2) : $intf;
+        $intf = explode('_', basename($fdns))[0];
         if (in_array($intf, $exclude_interfaces)) {
             continue;
         }
diff --git a/src/etc/rc.newwanipv6 b/src/etc/rc.newwanipv6
index 9c8e657bf..60aaa7081 100755
--- a/src/etc/rc.newwanipv6
+++ b/src/etc/rc.newwanipv6
@@ -75,31 +75,6 @@ if (!is_ipaddr($ip) && substr($interface_real, 0, 4) != 'ovpn') {
     return;
 }
 
-$searchdomain_file = "/tmp/{$interface_real}_searchdomainv6";
-$nameserver_file = "/tmp/{$interface_real}_nameserverv6";
-
-/* XXX from configd we don't get the caller's environment at all? */
-$new_domain_name_servers = getenv('new_domain_name_servers');
-if (!empty($new_domain_name_servers)) {
-    $name_servers = explode(" ", $new_domain_name_servers);
-    $valid_ns = array();
-    foreach ($name_servers as $ns) {
-        if (is_ipaddr(trim($ns))) {
-            $valid_ns[] = trim($ns);
-        }
-    }
-
-    if (count($valid_ns) > 0) {
-        @file_put_contents($nameserver_file, implode("\n", $valid_ns));
-    }
-}
-
-/* XXX from configd we don't get the caller's environment at all? */
-$new_domain_name = getenv('new_domain_name');
-if (!empty($new_domain_name)) {
-    @file_put_contents($searchdomain_file, $new_domain_name);
-}
-
 interfaces_vips_configure(false, $interface);
 
 if (count(link_interface_to_track6($interface, true))) {
diff --git a/src/opnsense/scripts/interfaces/dhclient-script b/src/opnsense/scripts/interfaces/dhclient-script
index f334a8bde..232e7e894 100755
--- a/src/opnsense/scripts/interfaces/dhclient-script
+++ b/src/opnsense/scripts/interfaces/dhclient-script
@@ -225,15 +225,12 @@ add_new_resolv_conf() {
         rm -f /tmp/${interface}_nameserver
 
 	if [ -n "$new_domain_name_servers" ]; then
-		ALLOWOVERRIDE=$(grep -c dnsallowoverride /conf/config.xml)
 		for nameserver in $new_domain_name_servers; do
 			# Add a route to the nameserver out the correct interface
 			# so that mulitple wans work correctly with multiple dns
 			# also backup the nameserver for later route removal
-			if [ $ALLOWOVERRIDE -gt 0 ]; then
-				echo $nameserver >> /tmp/${interface}_nameserver
-				route add $nameserver -iface $interface
-			fi
+			echo $nameserver >> /tmp/${interface}_nameserver
+			route add $nameserver -iface $interface
 		done
 	fi