From ceedb10bbf882f25e7830ce2b84c97aabb09e0a5 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Thu, 11 Jan 2018 08:23:23 +0100
Subject: [PATCH] dhcp: priv-sep for prefix update closes #2079

---
 src/etc/inc/services.inc                               | 6 ++++--
 src/opnsense/service/conf/actions.d/actions_dhcpd.conf | 6 ++++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/etc/inc/services.inc b/src/etc/inc/services.inc
index b63c1e2f1..1e50ff99e 100644
--- a/src/etc/inc/services.inc
+++ b/src/etc/inc/services.inc
@@ -1324,8 +1324,10 @@ EOD;
     /* fire up dhcpd in a chroot */
     if (count($dhcpdv6ifs) > 0) {
         mwexec('/usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid ' . join(' ', $dhcpdv6ifs));
-        /* XXX prefixes.php is a backend script we must priv-sep! */
-        mwexec('/usr/local/sbin/dhcpleases6 -c /usr/local/opnsense/scripts/dhcp/prefixes.php -l /var/dhcpd/var/db/dhcpd6.leases');
+        mwexecf('/usr/local/sbin/dhcpleases6 -c %s -l %s', array(
+            '/usr/local/sbin/configctl dhcpd update prefixes',
+            '/var/dhcpd/var/db/dhcpd6.leases',
+        ));
     }
 
     if ($verbose) {
diff --git a/src/opnsense/service/conf/actions.d/actions_dhcpd.conf b/src/opnsense/service/conf/actions.d/actions_dhcpd.conf
index ae19e92c2..5848795f2 100644
--- a/src/opnsense/service/conf/actions.d/actions_dhcpd.conf
+++ b/src/opnsense/service/conf/actions.d/actions_dhcpd.conf
@@ -3,3 +3,9 @@ command:/usr/local/opnsense/scripts/dhcp/get_leases.py /inactive %s
 parameters:%s
 type:script_output
 message:list dhcp leases %s
+
+[update.prefixes]
+command:/usr/local/opnsense/scripts/dhcp/prefixes.php
+parameters:
+type:script
+message:update IPv6 prefixes