Commit 2bb0f230 authored by Franco Fichtner's avatar Franco Fichtner

unbound: fix/secure unbound control

Turns out unbound reload flushes cache as well.  Also, unbound-control
may hang when it runs into an "undefined state" (stoping a stopped
service, right), and lastly it wants to chroot after being chrooted
on reload, something that cannot be fixed with using unbound-control.

Keep unbound-control-setup in case somebody finds the facility useful.
parent d539e535
...@@ -455,22 +455,28 @@ function unbound_execute($cmd) ...@@ -455,22 +455,28 @@ function unbound_execute($cmd)
$local_domain = !empty($config['system']['domain']) ? $config['system']['domain'] : "local"; $local_domain = !empty($config['system']['domain']) ? $config['system']['domain'] : "local";
killbypid('/var/run/unbound_dhcpd.pid', 'TERM', true); killbypid('/var/run/unbound_dhcpd.pid', 'TERM', true);
if (isset($config['unbound']['regdhcp'])) { if (isset($config['unbound']['regdhcp'])) {
mwexec('/usr/local/opnsense/scripts/dns/unbound_dhcpd.py /domain "'.$local_domain.'"'); mwexecf('/usr/local/opnsense/scripts/dns/unbound_dhcpd.py /domain %s', $local_domain);
} }
mwexec("/usr/local/sbin/unbound -c {$g['unbound_chroot_path']}/unbound.conf"); mwexecf('/usr/local/sbin/unbound -c %s', "{$g['unbound_chroot_path']}/unbound.conf");
break; break;
case 'stop': case 'stop':
killbypid('/var/run/unbound_dhcpd.pid', 'TERM', true); killbypid('/var/run/unbound_dhcpd.pid', 'TERM', true);
mwexec("chroot -u unbound -g unbound / /usr/local/sbin/unbound-control stop", true); killbypid('/var/run/unbound.pid', 'TERM', true);
break; break;
case 'reload': case 'reload':
killbypid('/var/run/unbound.pid', 'HUP'); killbypid('/var/run/unbound.pid', 'HUP');
break; break;
case 'unbound-anchor': case 'unbound-anchor':
mwexec("chroot -u unbound -g unbound / /usr/local/sbin/unbound-anchor -a {$g['unbound_chroot_path']}/root.key", true); mwexecf(
'chroot -u unbound -g unbound / %s -a %s',
array('/usr/local/sbin/unbound-anchor', "{$g['unbound_chroot_path']}/root.key")
);
break; break;
case 'unbound-control-setup': case 'unbound-control-setup':
mwexec("chroot -u unbound -g unbound / /usr/local/sbin/unbound-control-setup -d {$g['unbound_chroot_path']}", true); mwexecf(
'chroot -u unbound -g unbound / %s -d %s',
array('/usr/local/sbin/unbound-control-setup', $g['unbound_chroot_path'])
);
break; break;
default: default:
break; break;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment