DHCP execute script "on demand"

frankh · Jan 1, 2019, 8:42 PM

Hi,
After doing some research, I figured out how to enable my own custom DHCP settings. All settings seem to work fine - but the dhcp daemon does not seem to find the script for execution... I also tried different locations such as /var/dhcpd/scripts/

The script itself is executable and permissions are set for dhcpd Daemon...

[2.4.4-RELEASE][admin@gateway.example.com]/: ls -al /usr/local/sbin/dhcpevent.py
-rwxr-xr-x  1 dhcpd  _dhcp  356 Jan  1 21:17 /usr/local/sbin/dhcpevent.py

2019-01-01 21:23:11 Fehler 192.168.xxx.x local7 dhcpd execute: /usr/local/sbin/dhcpevent.py exit status 32512
2019-01-01 21:23:11 Fehler 192.168.xxx.x local7 dhcpd Unable to execute /usr/local/sbin/dhcpevent.py: No such file or directory
2019-01-01 21:23:11 Debug 192.168.178.2 local7 dhcpd execute_statement argv[4] = MyiPad
2019-01-01 21:23:11 Debug 192.168.178.2 local7 dhcpd execute_statement argv[3] = 78:7b:xx:xx:xx:xx
2019-01-01 21:23:11 Debug 192.168.178.2 local7 dhcpd execute_statement argv[2] = 192.168.xxx.x
2019-01-01 21:23:11 Debug 192.168.xxx.x local7 dhcpd execute_statement argv[1] = commit
2019-01-01 21:23:11 Debug 192.168.xxx.x local7 dhcpd execute_statement argv[0] = /usr/local/sbin/dhcpevent.py

Would someone be able to help me where to put the script (already tried several locations...)?

The following are the settings for my DHCP option

subnet 192.168.xxx.x netmask 255.255.255.0 {
	pool {
		range 192.168.xxx.100 192.168.xxx.200;
	}
	option routers 192.168.xxx.x;
	option domain-name "example.com";
	option domain-name-servers 192.168.xxx.x;
	set ClientHost = pick-first-value( 
		host-decl-name,
		option fqdn.hostname,
		option host-name,
		"none"
	);
	on commit {
		set clip = binary-to-ascii(10, 8, ".", leased-address);
		set clhw = binary-to-ascii(16, 8, ":", substring(hardware, 1, 6));
		execute("/usr/local/sbin/dhcpevent.py", "commit", clip, clhw, ClientHost);
	}
}

THX and a happy new year to everybody!

foobert · Jan 4, 2019, 8:08 PM

dhcpd is chroot'ed to /var/dhcpd

So, your script will have to live somewhere inside that dir tree. EG: with your current settings of /usr/local/sbin/dhcpevent.py, you'd want to place it in /var/dhcpd/usr/local/sbin/dhcpevent.py

Can you share what's initiating your script execution?

frankh · Jan 4, 2019, 8:38 PM

THX, I was not aware about the fact it is chroot'ed!

Looks like it would work - still getting exit code 6 as I will need some libraries to run the script. I probably have to use some other method (curl) or get the basics of python running in the chroot'ed environment!

What would you like me to share? If it is about how the script is called - that's already in my previous post (see: on commit section of DHCP (dhcp.conf). Otherwise I would be happy to explain anything else how I got to the current state...

frankh · Jan 4, 2019, 9:40 PM

@foobert

Maybe you wanted to know this...

Put the following as first line in your script
#!/usr/local/bin/python2.7
Make the script executeable
chmod +x /var/dhcpd/usr/local/sbin/dhcpevent.py
Make the binary of Python and it’s required modules available to the chroot’ed dhcpd...

Copying python is possible - same should apply for required modules to be loaded as long as they are not linked. But I will need to further investigate...

Hopefully that was the answer you expected?

foobert · Jan 4, 2019, 9:58 PM

@frankh Applogies for the lack of clarity in my question -- what I'm really wondering is how you overcame the pfsense GUI operations in order to make hand-edited changes to the chroot'd dhcpd.conf "sticky"?

The chroot'd file is overwritten anytime the gui interface starts the service.

frankh · Jan 4, 2019, 11:08 PM

@foobert
Ok! You can write a startup script which does the following (when starting DHCP services)

Stop DHCP (kill)
Copy the modified conf
Start DHCP again

I found a guide somewhere on the web... but I don’t think I should post some external links in the forum...?

Will send you a PM!

Inq · Jan 5, 2019, 11:02 AM

My solution was to modify /etc/inc/services.inc as follows :
/* write dhcpd.conf */
if (!@file_put_contents("{$g['dhcpd_chroot_path']}/etc/dhcpd.conf.auto", $dhcpdconf)).
After that at every boot pfsense rewrites dhcpd.conf.auto not dhcpd.conf. Manually modify dhcpd.conf as you wish, it should be persistent between reboots or service restarts.
The above solution is a hack, i do not recommend using it for production systems and it could completely break your pfsense install.

frankh · Jan 5, 2019, 1:43 PM

Better solutions are always welcome! Although I use pfSense at home office - which is only partially production like.

Is the described (better) option upgrade save?

Inq · Jan 5, 2019, 3:41 PM

Better?.... Don't know. You'd be the judge. My solution completly cuts any links between gui and dhcpd.conf. You'd have to manually edit the configuration file for every change. Don't forget to backup dhcpd.conf before every pfsense upgrade and remodify services.inc after that.