dhcp: priv-sep for prefix update closes #2079

src/etc/inc/services.inc

@@ -1324,8 +1324,10 @@ EOD;
     /* fire up dhcpd in a chroot */
     if (count($dhcpdv6ifs) > 0) {
         mwexec('/usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid ' . join(' ', $dhcpdv6ifs));
-        /* XXX prefixes.php is a backend script we must priv-sep! */
-        mwexec('/usr/local/sbin/dhcpleases6 -c /usr/local/opnsense/scripts/dhcp/prefixes.php -l /var/dhcpd/var/db/dhcpd6.leases');
+        mwexecf('/usr/local/sbin/dhcpleases6 -c %s -l %s', array(
+            '/usr/local/sbin/configctl dhcpd update prefixes',
+            '/var/dhcpd/var/db/dhcpd6.leases',
+        ));
     }
 
     if ($verbose) {

src/opnsense/service/conf/actions.d/actions_dhcpd.conf

@@ -3,3 +3,9 @@ command:/usr/local/opnsense/scripts/dhcp/get_leases.py /inactive %s
 parameters:%s
 type:script_output
 message:list dhcp leases %s
+
+[update.prefixes]
+command:/usr/local/opnsense/scripts/dhcp/prefixes.php
+parameters:
+type:script
+message:update IPv6 prefixes