From: tmarkwalder <tmark@isc.org>
Date: Wed, 3 May 2017 13:28:12 +0000 (-0400)
Subject: [master] dhclient now enforces require options statement in -6 mode
X-Git-Tag: v4_4_0b1_f1~102
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1d7fceeb40c13e085da05722ca7a275e35a16b5a;p=thirdparty%2Fdhcp.git

[master] dhclient now enforces require options statement in -6 mode

    Merges in rt41473.
---

diff --git a/RELNOTES b/RELNOTES
index cdda8cd9e..4a353befd 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -179,6 +179,13 @@ by Eric Young (eay@cryptsoft.com).
   BlueCat Networks for bringing the matter to our attention.
   [ISC-Bugs #43592]
 
+- When running in -6 mode, dhclient now enforces the require option statement
+  and will discard offered leases that do not contain all the required
+  options specified in the client configuration.  Prior to this the client
+  would still consider such leases.  This may be disabled at compile time
+  (see ENFORCE_DHCPV6_CLIENT_REQUIRE in includes/site.h).
+  [ISC-Bugs #41473]
+
 			Changes since 4.3.0 (bug fixes)
 
 - Tidy up several small tickets.
diff --git a/client/dhc6.c b/client/dhc6.c
index be604ac98..f7cc90fe0 100644
--- a/client/dhc6.c
+++ b/client/dhc6.c
@@ -141,6 +141,8 @@ static isc_result_t dhc6_check_status(isc_result_t rval,
 				      struct option_state *options,
 				      const char *scope,
 				      unsigned *code);
+static int dhc6_score_lease(struct client_state *client,
+			    struct dhc6_lease *lease);
 
 extern int onetry;
 extern int stateless;
@@ -3133,6 +3135,15 @@ init_handler(struct packet *packet, struct client_state *client)
 		return;
 	}
 
+	int lease_score =  dhc6_score_lease(client, lease);
+#ifdef ENFORCE_DHCPV6_CLIENT_REQUIRE
+	if (lease_score == 0) {
+		log_debug("RCV:Advertised lease scored 0, toss it.");
+		dhc6_lease_destroy(&lease, MDL);
+		return;
+	}
+#endif
+
 	insert_lease(&client->advertised_leases, lease);
 
 	/* According to RFC3315 section 17.1.2, the client MUST wait for
@@ -3146,8 +3157,7 @@ init_handler(struct packet *packet, struct client_state *client)
 	 * should not if the advertise contains less than one IA and address.
 	 */
 	if ((client->txcount > 1) ||
-	    ((lease->pref == 255) &&
-	     (dhc6_score_lease(client, lease) > SCORE_MIN))) {
+	    ((lease->pref == 255) && (lease_score > SCORE_MIN))) {
 		log_debug("RCV:  Advertisement immediately selected.");
 		cancel_timeout(do_init6, client);
 		start_selecting6(client);
diff --git a/includes/site.h b/includes/site.h
index d4140d919..ccd4b2409 100644
--- a/includes/site.h
+++ b/includes/site.h
@@ -325,6 +325,13 @@
  * supported by the configure script. */
 /* #define EUI_64 */
 
+/* Enable enforcement of the require option statement as documented
+ * in man page.  Instructs the dhclient, when in -6 mode, to discard
+ * offered leases that do not contain all options specified as required
+ * in the client's configuration file. The client already enforces this
+ * in -4 mode. */
+#define ENFORCE_DHCPV6_CLIENT_REQUIRE
+
 /* Include definitions for various options.  In general these
    should be left as is, but if you have already defined one
    of these and prefer your definition you can comment the