[people/arne_f/ipfire-3.x.git] / dhcp / patches / 0015-dhcp-capability.patch

diff -up dhcp-4.3.4/client/dhclient.8.capability dhcp-4.3.4/client/dhclient.8
--- dhcp-4.3.4/client/dhclient.8.capability	2016-04-29 12:19:40.657129322 +0200
+++ dhcp-4.3.4/client/dhclient.8	2016-04-29 12:19:40.715129297 +0200
@@ -134,6 +134,9 @@ dhclient - Dynamic Host Configuration Pr
 .B -w
 ]
 [
+.B -nc
+]
+[
 .B -B
 ]
 [
@@ -318,6 +321,32 @@ has been added or removed, so that the c
 address on that interface.
 
 .TP
+.BI \-nc
+Do not drop capabilities.
+
+Normally, if
+.B dhclient
+was compiled with libcap-ng support,
+.B dhclient
+drops most capabilities immediately upon startup.  While more secure,
+this greatly restricts the additional actions that hooks in
+.B dhclient-script (8)
+can take.  (For example, any daemons that 
+.B dhclient-script (8)
+starts or restarts will inherit the restricted capabilities as well,
+which may interfere with their correct operation.)  Thus, the
+.BI \-nc
+option can be used to prevent
+.B dhclient
+from dropping capabilities.
+
+The
+.BI \-nc
+option is ignored if
+.B dhclient
+was not compiled with libcap-ng support.
+
+.TP
 .BI \-B
 Set the BOOTP broadcast flag in request packets so servers will always
 broadcast replies.
diff -up dhcp-4.3.4/client/dhclient.c.capability dhcp-4.3.4/client/dhclient.c
--- dhcp-4.3.4/client/dhclient.c.capability	2016-04-29 12:19:40.691129307 +0200
+++ dhcp-4.3.4/client/dhclient.c	2016-04-29 12:21:07.620091930 +0200
@@ -40,6 +40,10 @@
 #include <isc/file.h>
 #include <dns/result.h>
 
+#ifdef HAVE_LIBCAP_NG
+#include <cap-ng.h>
+#endif
+
 /*
  * Defined in stdio.h when _GNU_SOURCE is set, but we don't want to define
  * that when building ISC code.
@@ -237,6 +241,9 @@ main(int argc, char **argv) {
 	int timeout_arg = 0;
 	char *arg_conf = NULL;
 	int arg_conf_len = 0;
+#ifdef HAVE_LIBCAP_NG
+	int keep_capabilities = 0;
+#endif
 
 	/* Initialize client globals. */
 	memset(&default_duid, 0, sizeof(default_duid));
@@ -537,6 +544,10 @@ main(int argc, char **argv) {
 			}
 
 			dhclient_request_options = argv[i];
+		} else if (!strcmp(argv[i], "-nc")) {
+#ifdef HAVE_LIBCAP_NG
+			keep_capabilities = 1;
+#endif
 		} else if (argv[i][0] == '-') {
 			usage("Unknown command: %s", argv[i]);
 		} else if (interfaces_requested < 0) {
@@ -597,6 +608,19 @@ main(int argc, char **argv) {
 		path_dhclient_script = s;
 	}
 
+#ifdef HAVE_LIBCAP_NG
+	/* Drop capabilities */
+	if (!keep_capabilities) {
+		capng_clear(CAPNG_SELECT_CAPS);
+		capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
+				CAP_DAC_OVERRIDE); // Drop this someday
+		capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
+				CAP_NET_ADMIN, CAP_NET_RAW,
+				CAP_NET_BIND_SERVICE, CAP_SYS_ADMIN, -1);
+		capng_apply(CAPNG_SELECT_CAPS);
+	}
+#endif
+
 	/* Set up the initial dhcp option universe. */
 	initialize_common_option_spaces();
 
diff -up dhcp-4.3.4/client/dhclient-script.8.capability dhcp-4.3.4/client/dhclient-script.8
--- dhcp-4.3.4/client/dhclient-script.8.capability	2016-04-29 12:19:40.668129317 +0200
+++ dhcp-4.3.4/client/dhclient-script.8	2016-04-29 12:19:40.717129296 +0200
@@ -243,6 +243,16 @@ repeatedly initialized to the values pro
 the other.   Assuming the information provided by both servers is
 valid, this shouldn't cause any real problems, but it could be
 confusing.
+.PP
+Normally, if dhclient was compiled with libcap-ng support,
+dhclient drops most capabilities immediately upon startup.
+While more secure, this greatly restricts the additional actions that
+hooks in dhclient-script can take. For example, any daemons that
+dhclient-script starts or restarts will inherit the restricted
+capabilities as well, which may interfere with their correct operation.
+Thus, the
+.BI \-nc
+option can be used to prevent dhclient from dropping capabilities.
 .SH SEE ALSO
 dhclient(8), dhcpd(8), dhcrelay(8), dhclient.conf(5) and
 dhclient.leases(5).
diff -up dhcp-4.3.4/client/Makefile.am.capability dhcp-4.3.4/client/Makefile.am
--- dhcp-4.3.4/client/Makefile.am.capability	2016-04-29 12:19:40.652129324 +0200
+++ dhcp-4.3.4/client/Makefile.am	2016-04-29 12:19:40.717129296 +0200
@@ -13,7 +13,7 @@ dhclient_SOURCES = clparse.c dhclient.c
 		   scripts/bsdos scripts/freebsd scripts/linux scripts/macos \
 		   scripts/netbsd scripts/nextstep scripts/openbsd \
 		   scripts/solaris scripts/openwrt
-dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \
+dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la $(CAPNG_LDADD) \
 		 $(BIND9_LIBDIR) -lirs-export -ldns-export -lisccfg-export -lisc-export
 man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
 EXTRA_DIST = $(man_MANS)
diff -up dhcp-4.3.4/configure.ac.capability dhcp-4.3.4/configure.ac
--- dhcp-4.3.4/configure.ac.capability	2016-04-29 12:19:40.652129324 +0200
+++ dhcp-4.3.4/configure.ac	2016-04-29 12:19:40.717129296 +0200
@@ -585,6 +585,41 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],
 # Look for optional headers.
 AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h)
 
+# look for capabilities library
+AC_ARG_WITH(libcap-ng,
+    [  --with-libcap-ng=[auto/yes/no]  Add Libcap-ng support [default=auto]],,
+    with_libcap_ng=auto)
+
+# Check for Libcap-ng API
+#
+# libcap-ng detection
+if test x$with_libcap_ng = xno ; then
+    have_libcap_ng=no;
+else
+    # Start by checking for header file
+    AC_CHECK_HEADER(cap-ng.h, capng_headers=yes, capng_headers=no)
+
+    # See if we have libcap-ng library
+    AC_CHECK_LIB(cap-ng, capng_clear,
+                 CAPNG_LDADD=-lcap-ng,)
+
+    # Check results are usable
+    if test x$with_libcap_ng = xyes -a x$CAPNG_LDADD = x ; then
+       AC_MSG_ERROR(libcap-ng support was requested and the library was not found)
+    fi
+    if test x$CAPNG_LDADD != x -a $capng_headers = no ; then
+       AC_MSG_ERROR(libcap-ng libraries found but headers are missing)
+    fi
+fi
+AC_SUBST(CAPNG_LDADD)
+AC_MSG_CHECKING(whether to use libcap-ng)
+if test x$CAPNG_LDADD != x ; then
+    AC_DEFINE(HAVE_LIBCAP_NG,1,[libcap-ng support])
+    AC_MSG_RESULT(yes)
+else
+    AC_MSG_RESULT(no)
+fi
+
 # Solaris needs some libraries for functions
 AC_SEARCH_LIBS(socket, [socket])
 AC_SEARCH_LIBS(inet_ntoa, [nsl])
diff -up dhcp-4.3.4/relay/dhcrelay.c.capability dhcp-4.3.4/relay/dhcrelay.c
--- dhcp-4.3.4/relay/dhcrelay.c.capability	2016-04-29 12:19:40.694129306 +0200
+++ dhcp-4.3.4/relay/dhcrelay.c	2016-04-29 12:22:30.278056386 +0200
@@ -32,6 +32,11 @@
 #include <sys/time.h>
 #include <isc/file.h>
 
+#ifdef HAVE_LIBCAP_NG
+#  include <cap-ng.h>
+   int keep_capabilities = 0;
+#endif
+
 TIME default_lease_time = 43200; /* 12 hours... */
 TIME max_lease_time = 86400; /* 24 hours... */
 struct tree_cache *global_options[256];
@@ -454,6 +459,10 @@ main(int argc, char **argv) {
 				usage(use_noarg, argv[i-1]);
 			dhcrelay_sub_id = argv[i];
 #endif
+		} else if (!strcmp(argv[i], "-nc")) {
+#ifdef HAVE_LIBCAP_NG
+			keep_capabilities = 1;
+#endif
 		} else if (!strcmp(argv[i], "-pf")) {
 			if (++i == argc)
 				usage(use_noarg, argv[i-1]);
@@ -528,6 +537,17 @@ main(int argc, char **argv) {
 #endif
 	}
 
+#ifdef HAVE_LIBCAP_NG
+	/* Drop capabilities */
+	if (!keep_capabilities) {
+		capng_clear(CAPNG_SELECT_BOTH);
+		capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
+				CAP_NET_RAW, CAP_NET_BIND_SERVICE, -1);
+		capng_apply(CAPNG_SELECT_BOTH);
+		log_info ("Dropped all unnecessary capabilities.");
+	}
+#endif
+
 	if (!quiet) {
 		log_info("%s %s", message, PACKAGE_VERSION);
 		log_info(copyright);
@@ -680,6 +700,15 @@ main(int argc, char **argv) {
 	signal(SIGTERM, dhcp_signal_handler);  /* kill */
 #endif
 
+#ifdef HAVE_LIBCAP_NG
+	/* Drop all capabilities */
+	if (!keep_capabilities) {
+		capng_clear(CAPNG_SELECT_BOTH);
+		capng_apply(CAPNG_SELECT_BOTH);
+		log_info ("Dropped all capabilities.");
+	}
+#endif
+
 	/* Start dispatching packets and timeouts... */
 	dispatch();
 
diff -up dhcp-4.3.4/relay/Makefile.am.capability dhcp-4.3.4/relay/Makefile.am
--- dhcp-4.3.4/relay/Makefile.am.capability	2016-04-29 12:19:40.653129323 +0200
+++ dhcp-4.3.4/relay/Makefile.am	2016-04-29 12:19:40.718129295 +0200
@@ -2,7 +2,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst
 
 sbin_PROGRAMS = dhcrelay
 dhcrelay_SOURCES = dhcrelay.c
-dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \
+dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la $(CAPNG_LDADD) \
 		 $(BIND9_LIBDIR) -lirs-export -ldns-export -lisccfg-export -lisc-export
 man_MANS = dhcrelay.8
 EXTRA_DIST = $(man_MANS)
Commit	Line	Data
d8feb2d7 SS	1	diff -up dhcp-4.3.4/client/dhclient.8.capability dhcp-4.3.4/client/dhclient.8
	2	--- dhcp-4.3.4/client/dhclient.8.capability 2016-04-29 12:19:40.657129322 +0200
	3	+++ dhcp-4.3.4/client/dhclient.8 2016-04-29 12:19:40.715129297 +0200
	4	@@ -134,6 +134,9 @@ dhclient - Dynamic Host Configuration Pr
6df985df SS	5	.B -w
	6	]
	7	[
	8	+.B -nc
	9	+]
	10	+[
	11	.B -B
	12	]
	13	[
d8feb2d7	14	@@ -318,6 +321,32 @@ has been added or removed, so that the c
6df985df SS	15	address on that interface.
	16
	17	.TP
	18	+.BI \-nc
	19	+Do not drop capabilities.
	20	+
	21	+Normally, if
	22	+.B dhclient
	23	+was compiled with libcap-ng support,
	24	+.B dhclient
	25	+drops most capabilities immediately upon startup. While more secure,
	26	+this greatly restricts the additional actions that hooks in
	27	+.B dhclient-script (8)
	28	+can take. (For example, any daemons that
	29	+.B dhclient-script (8)
	30	+starts or restarts will inherit the restricted capabilities as well,
	31	+which may interfere with their correct operation.) Thus, the
	32	+.BI \-nc
	33	+option can be used to prevent
	34	+.B dhclient
	35	+from dropping capabilities.
	36	+
	37	+The
	38	+.BI \-nc
	39	+option is ignored if
	40	+.B dhclient
	41	+was not compiled with libcap-ng support.
	42	+
	43	+.TP
	44	.BI \-B
	45	Set the BOOTP broadcast flag in request packets so servers will always
	46	broadcast replies.
d8feb2d7 SS	47	diff -up dhcp-4.3.4/client/dhclient.c.capability dhcp-4.3.4/client/dhclient.c
	48	--- dhcp-4.3.4/client/dhclient.c.capability 2016-04-29 12:19:40.691129307 +0200
	49	+++ dhcp-4.3.4/client/dhclient.c 2016-04-29 12:21:07.620091930 +0200
	50	@@ -40,6 +40,10 @@
	51	#include <isc/file.h>
6df985df SS	52	#include <dns/result.h>
	53
	54	+#ifdef HAVE_LIBCAP_NG
	55	+#include <cap-ng.h>
	56	+#endif
	57	+
	58	/*
	59	* Defined in stdio.h when _GNU_SOURCE is set, but we don't want to define
	60	* that when building ISC code.
d8feb2d7	61	@@ -237,6 +241,9 @@ main(int argc, char **argv) {
6df985df SS	62	int timeout_arg = 0;
	63	char *arg_conf = NULL;
	64	int arg_conf_len = 0;
	65	+#ifdef HAVE_LIBCAP_NG
	66	+ int keep_capabilities = 0;
	67	+#endif
	68
	69	/* Initialize client globals. */
	70	memset(&default_duid, 0, sizeof(default_duid));
d8feb2d7	71	@@ -537,6 +544,10 @@ main(int argc, char **argv) {
6df985df SS	72	}
	73
	74	dhclient_request_options = argv[i];
	75	+ } else if (!strcmp(argv[i], "-nc")) {
	76	+#ifdef HAVE_LIBCAP_NG
	77	+ keep_capabilities = 1;
	78	+#endif
	79	} else if (argv[i][0] == '-') {
d8feb2d7	80	usage("Unknown command: %s", argv[i]);
6df985df	81	} else if (interfaces_requested < 0) {
d8feb2d7	82	@@ -597,6 +608,19 @@ main(int argc, char **argv) {
6df985df SS	83	path_dhclient_script = s;
	84	}
	85
	86	+#ifdef HAVE_LIBCAP_NG
	87	+ /* Drop capabilities */
	88	+ if (!keep_capabilities) {
	89	+ capng_clear(CAPNG_SELECT_CAPS);
	90	+ capng_update(CAPNG_ADD, CAPNG_EFFECTIVE\|CAPNG_PERMITTED,
	91	+ CAP_DAC_OVERRIDE); // Drop this someday
	92	+ capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE\|CAPNG_PERMITTED,
	93	+ CAP_NET_ADMIN, CAP_NET_RAW,
	94	+ CAP_NET_BIND_SERVICE, CAP_SYS_ADMIN, -1);
	95	+ capng_apply(CAPNG_SELECT_CAPS);
	96	+ }
	97	+#endif
	98	+
	99	/* Set up the initial dhcp option universe. */
	100	initialize_common_option_spaces();
	101
d8feb2d7 SS	102	diff -up dhcp-4.3.4/client/dhclient-script.8.capability dhcp-4.3.4/client/dhclient-script.8
	103	--- dhcp-4.3.4/client/dhclient-script.8.capability 2016-04-29 12:19:40.668129317 +0200
	104	+++ dhcp-4.3.4/client/dhclient-script.8 2016-04-29 12:19:40.717129296 +0200
	105	@@ -243,6 +243,16 @@ repeatedly initialized to the values pro
6df985df SS	106	the other. Assuming the information provided by both servers is
	107	valid, this shouldn't cause any real problems, but it could be
	108	confusing.
	109	+.PP
	110	+Normally, if dhclient was compiled with libcap-ng support,
	111	+dhclient drops most capabilities immediately upon startup.
	112	+While more secure, this greatly restricts the additional actions that
	113	+hooks in dhclient-script can take. For example, any daemons that
	114	+dhclient-script starts or restarts will inherit the restricted
	115	+capabilities as well, which may interfere with their correct operation.
	116	+Thus, the
	117	+.BI \-nc
	118	+option can be used to prevent dhclient from dropping capabilities.
	119	.SH SEE ALSO
	120	dhclient(8), dhcpd(8), dhcrelay(8), dhclient.conf(5) and
	121	dhclient.leases(5).
d8feb2d7 SS	122	diff -up dhcp-4.3.4/client/Makefile.am.capability dhcp-4.3.4/client/Makefile.am
	123	--- dhcp-4.3.4/client/Makefile.am.capability 2016-04-29 12:19:40.652129324 +0200
	124	+++ dhcp-4.3.4/client/Makefile.am 2016-04-29 12:19:40.717129296 +0200
	125	@@ -13,7 +13,7 @@ dhclient_SOURCES = clparse.c dhclient.c
	126	scripts/bsdos scripts/freebsd scripts/linux scripts/macos \
6df985df SS	127	scripts/netbsd scripts/nextstep scripts/openbsd \
6df985df SS	128	scripts/solaris scripts/openwrt
d8feb2d7 SS	129	-dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \
	130	+dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la $(CAPNG_LDADD) \
	131	$(BIND9_LIBDIR) -lirs-export -ldns-export -lisccfg-export -lisc-export
6df985df SS	132	man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
6df985df SS	133	EXTRA_DIST = $(man_MANS)
d8feb2d7 SS	134	diff -up dhcp-4.3.4/configure.ac.capability dhcp-4.3.4/configure.ac
	135	--- dhcp-4.3.4/configure.ac.capability 2016-04-29 12:19:40.652129324 +0200
	136	+++ dhcp-4.3.4/configure.ac 2016-04-29 12:19:40.717129296 +0200
	137	@@ -585,6 +585,41 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],
6df985df SS	138	# Look for optional headers.
	139	AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h)
	140
	141	+# look for capabilities library
	142	+AC_ARG_WITH(libcap-ng,
	143	+ [ --with-libcap-ng=[auto/yes/no] Add Libcap-ng support [default=auto]],,
	144	+ with_libcap_ng=auto)
	145	+
	146	+# Check for Libcap-ng API
	147	+#
	148	+# libcap-ng detection
	149	+if test x$with_libcap_ng = xno ; then
	150	+ have_libcap_ng=no;
	151	+else
	152	+ # Start by checking for header file
	153	+ AC_CHECK_HEADER(cap-ng.h, capng_headers=yes, capng_headers=no)
	154	+
	155	+ # See if we have libcap-ng library
	156	+ AC_CHECK_LIB(cap-ng, capng_clear,
	157	+ CAPNG_LDADD=-lcap-ng,)
	158	+
	159	+ # Check results are usable
	160	+ if test x$with_libcap_ng = xyes -a x$CAPNG_LDADD = x ; then
	161	+ AC_MSG_ERROR(libcap-ng support was requested and the library was not found)
	162	+ fi
	163	+ if test x$CAPNG_LDADD != x -a $capng_headers = no ; then
	164	+ AC_MSG_ERROR(libcap-ng libraries found but headers are missing)
	165	+ fi
	166	+fi
	167	+AC_SUBST(CAPNG_LDADD)
	168	+AC_MSG_CHECKING(whether to use libcap-ng)
	169	+if test x$CAPNG_LDADD != x ; then
	170	+ AC_DEFINE(HAVE_LIBCAP_NG,1,[libcap-ng support])
	171	+ AC_MSG_RESULT(yes)
	172	+else
	173	+ AC_MSG_RESULT(no)
	174	+fi
	175	+
	176	# Solaris needs some libraries for functions
	177	AC_SEARCH_LIBS(socket, [socket])
	178	AC_SEARCH_LIBS(inet_ntoa, [nsl])
d8feb2d7 SS	179	diff -up dhcp-4.3.4/relay/dhcrelay.c.capability dhcp-4.3.4/relay/dhcrelay.c
	180	--- dhcp-4.3.4/relay/dhcrelay.c.capability 2016-04-29 12:19:40.694129306 +0200
	181	+++ dhcp-4.3.4/relay/dhcrelay.c 2016-04-29 12:22:30.278056386 +0200
	182	@@ -32,6 +32,11 @@
6df985df	183	#include <sys/time.h>
d8feb2d7	184	#include <isc/file.h>
6df985df SS	185
	186	+#ifdef HAVE_LIBCAP_NG
	187	+# include <cap-ng.h>
	188	+ int keep_capabilities = 0;
	189	+#endif
	190	+
	191	TIME default_lease_time = 43200; /* 12 hours... */
	192	TIME max_lease_time = 86400; /* 24 hours... */
	193	struct tree_cache *global_options[256];
d8feb2d7 SS	194	@@ -454,6 +459,10 @@ main(int argc, char **argv) {
	195	usage(use_noarg, argv[i-1]);
	196	dhcrelay_sub_id = argv[i];
6df985df SS	197	#endif
	198	+ } else if (!strcmp(argv[i], "-nc")) {
	199	+#ifdef HAVE_LIBCAP_NG
	200	+ keep_capabilities = 1;
	201	+#endif
	202	} else if (!strcmp(argv[i], "-pf")) {
	203	if (++i == argc)
d8feb2d7 SS	204	usage(use_noarg, argv[i-1]);
d8feb2d7 SS	205	@@ -528,6 +537,17 @@ main(int argc, char **argv) {
6df985df SS	206	#endif
	207	}
	208
	209	+#ifdef HAVE_LIBCAP_NG
	210	+ /* Drop capabilities */
	211	+ if (!keep_capabilities) {
	212	+ capng_clear(CAPNG_SELECT_BOTH);
	213	+ capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE\|CAPNG_PERMITTED,
	214	+ CAP_NET_RAW, CAP_NET_BIND_SERVICE, -1);
	215	+ capng_apply(CAPNG_SELECT_BOTH);
	216	+ log_info ("Dropped all unnecessary capabilities.");
	217	+ }
	218	+#endif
	219	+
	220	if (!quiet) {
	221	log_info("%s %s", message, PACKAGE_VERSION);
	222	log_info(copyright);
d8feb2d7 SS	223	@@ -680,6 +700,15 @@ main(int argc, char **argv) {
d8feb2d7 SS	224	signal(SIGTERM, dhcp_signal_handler); /* kill */
6df985df SS	225	#endif
	226
	227	+#ifdef HAVE_LIBCAP_NG
	228	+ /* Drop all capabilities */
	229	+ if (!keep_capabilities) {
	230	+ capng_clear(CAPNG_SELECT_BOTH);
	231	+ capng_apply(CAPNG_SELECT_BOTH);
	232	+ log_info ("Dropped all capabilities.");
	233	+ }
	234	+#endif
	235	+
	236	/* Start dispatching packets and timeouts... */
	237	dispatch();
	238
d8feb2d7 SS	239	diff -up dhcp-4.3.4/relay/Makefile.am.capability dhcp-4.3.4/relay/Makefile.am
	240	--- dhcp-4.3.4/relay/Makefile.am.capability 2016-04-29 12:19:40.653129323 +0200
	241	+++ dhcp-4.3.4/relay/Makefile.am 2016-04-29 12:19:40.718129295 +0200
	242	@@ -2,7 +2,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst
	243
6df985df SS	244	sbin_PROGRAMS = dhcrelay
6df985df SS	245	dhcrelay_SOURCES = dhcrelay.c
d8feb2d7 SS	246	-dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \
	247	+dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la $(CAPNG_LDADD) \
	248	$(BIND9_LIBDIR) -lirs-export -ldns-export -lisccfg-export -lisc-export
6df985df SS	249	man_MANS = dhcrelay.8
6df985df SS	250	EXTRA_DIST = $(man_MANS)