[v4_3] dhclient can now enforce require options statement in -6 mode

        Merges in rt41473.

4 files changed, 31 insertions, 2 deletions

diff --git a/RELNOTES b/RELNOTES
index 8aaa5891..8272e2a5 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -114,6 +114,13 @@ by Eric Young (eay@cryptsoft.com).
   BlueCat Networks for bringing the matter to our attention.
   [ISC-Bugs #43592]
 
+- When running in -6 mode, dhclient can enforce the require option statement
+  and will discard offered leases that do not contain all the required
+  options specified in the client configuration.  If not enabled the client
+  will still consider such leases.  This must be enabled at compile time
+  (see ENFORCE_DHCPV6_CLIENT_REQUIRE in includes/site.h).
+  [ISC-Bugs #41473]
+
 			Changes since 4.3.5b1
 
 - Corrected a bug which could cause the server to sporadically crash while
diff --git a/client/dhc6.c b/client/dhc6.c
index c8d16e8a..450afe5f 100644
--- a/client/dhc6.c
+++ b/client/dhc6.c
@@ -141,6 +141,8 @@ static isc_result_t dhc6_check_status(isc_result_t rval,
 				      struct option_state *options,
 				      const char *scope,
 				      unsigned *code);
+static int dhc6_score_lease(struct client_state *client,
+			    struct dhc6_lease *lease);
 
 extern int onetry;
 extern int stateless;
@@ -3133,6 +3135,15 @@ init_handler(struct packet *packet, struct client_state *client)
 		return;
 	}
 
+	int lease_score =  dhc6_score_lease(client, lease);
+#ifdef ENFORCE_DHCPV6_CLIENT_REQUIRE
+	if (lease_score == 0) {
+		log_debug("RCV:Advertised lease scored 0, toss it.");
+		dhc6_lease_destroy(&lease, MDL);
+		return;
+	}
+#endif
+
 	insert_lease(&client->advertised_leases, lease);
 
 	/* According to RFC3315 section 17.1.2, the client MUST wait for
@@ -3146,8 +3157,7 @@ init_handler(struct packet *packet, struct client_state *client)
 	 * should not if the advertise contains less than one IA and address.
 	 */
 	if ((client->txcount > 1) ||
-	    ((lease->pref == 255) &&
-	     (dhc6_score_lease(client, lease) > SCORE_MIN))) {
+	    ((lease->pref == 255) && (lease_score > SCORE_MIN))) {
 		log_debug("RCV:  Advertisement immediately selected.");
 		cancel_timeout(do_init6, client);
 		start_selecting6(client);
diff --git a/client/dhclient.conf.5 b/client/dhclient.conf.5
index d0ff1145..966970bd 100644
--- a/client/dhclient.conf.5
+++ b/client/dhclient.conf.5
@@ -266,6 +266,11 @@ options will be ignored.  There is no default require list.
 		also require domain-search;
 	}
 .fi
+
+NOTE: For ISC DHCP release 4.3.5 and earlier, dhclient running in -6 mode does
+not discard offers as described above. This has been corrected as of release
+4.3.6 but must be enabled at compile time (see ENFORCE_DHCPV6_CLIENT_REQUIRE
+in includes/site.h).
 .PP
 .I The
 .B send
diff --git a/includes/site.h b/includes/site.h
index 1f4407f4..4a2166cc 100644
--- a/includes/site.h
+++ b/includes/site.h
@@ -318,6 +318,13 @@
    allow at one time.  A value of 0 means there is no limit.*/
 #define MAX_FD_VALUE 200
 
+/* Enable enforcement of the require option statement as documented
+ * in man page.  Instructs the dhclient, when in -6 mode, to discard
+ * offered leases that do not contain all options specified as required
+ * in the client's configuration file. The client already enforces this
+ * in -4 mode. */
+/* #define ENFORCE_DHCPV6_CLIENT_REQUIRE */
+
 /* Include definitions for various options.  In general these
    should be left as is, but if you have already defined one
    of these and prefer your definition you can comment the