cmake_minimum_required(VERSION 3.10) project(credentials-fetcher) include(GNUInstallDirs) set(CMAKE_MODULE_PATH ${PROJECT_SOURCE_DIR}/cmake) set(CMAKE_CXX_FLAGS "-std=c++11 -g -Wall -Werror -pthread") set(protobuf_MODULE_COMPATIBLE TRUE) find_package(Protobuf REQUIRED) find_package(gRPC REQUIRED) set(_PROTOBUF_LIBPROTOBUF protobuf::libprotobuf) set(_REFLECTION gRPC::grpc++_reflection) find_program(_PROTOBUF_PROTOC protoc) find_program(_GRPC_CPP_PLUGIN_EXECUTABLE grpc_cpp_plugin) file(STRINGS /etc/os-release DISTRO REGEX "^NAME=") string(REGEX REPLACE "NAME=\"(.*)\"" "\\1" DISTRO "${DISTRO}") set(CMAKE_VERBOSE_MAKEFILE ON) set(config) add_subdirectory(config) set(api) add_subdirectory(api) set(renewal) add_subdirectory(renewal) set(daemon) add_subdirectory(daemon) set(metadata) add_subdirectory(metadata) if (NOT CF_KRB_DIR) set(CF_KRB_DIR "/var/credentials-fetcher/krbdir") endif() if (NOT CF_UNIX_DOMAIN_SOCKET_DIR) set(CF_UNIX_DOMAIN_SOCKET_DIR "/var/credentials-fetcher/socket") endif() if (NOT CF_LOGGING_DIR) set(CF_LOGGING_DIR "/var/credentials-fetcher/logging") endif() if (NOT CF_TEST_DOMAIN_NAME) set(CF_TEST_DOMAIN_NAME "contoso.com") endif() if (NOT CF_TEST_GMSA_ACCOUNT) set(CF_TEST_GMSA_ACCOUNT "webapp01") endif() configure_file(${CMAKE_SOURCE_DIR}/config/config.h.in ${CMAKE_BINARY_DIR}/config.h @ONLY) if(DISTRO MATCHES "^(Amazon Linux)$") file(WRITE scripts/systemd/credentials-fetcher.service "[Unit]\n" "Description=credentials-fetcher systemd service unit file.\n\n" "[Service]\n" "ExecStartPre=mkdir -p ${CF_KRB_DIR} ${CF_UNIX_DOMAIN_SOCKET_DIR} ${CF_LOGGING_DIR}\n" "ExecStartPre=chgrp ec2-user /var/credentials-fetcher ${CF_KRB_DIR} ${CF_UNIX_DOMAIN_SOCKET_DIR} ${CF_LOGGING_DIR}\n" "ExecStartPre=chmod 755 /var/credentials-fetcher ${CF_KRB_DIR} ${CF_UNIX_DOMAIN_SOCKET_DIR} ${CF_LOGGING_DIR}\n" "ExecStart=/usr/sbin/credentials-fetcherd\n" "ExecStartPost=chgrp ec2-user /var/credentials-fetcher/socket/credentials_fetcher.sock\n" "ExecStartPost=chmod 660 /var/credentials-fetcher/socket/credentials_fetcher.sock\n" "Environment=\"CREDENTIALS_FETCHERD_STARTED_BY_SYSTEMD=1\"\n" "Type=notify\n" "NotifyAccess=main\n" "WatchdogSec=5s\n" "Restart=on-failure\n\n" "[Install]\n" "WantedBy=multi-user.target\n" ) else() file(WRITE scripts/systemd/credentials-fetcher.service "[Unit]\n" "Description=credentials-fetcher systemd service unit file.\n\n" "[Service]\n" "ExecStartPre=mkdir -p ${CF_KRB_DIR} ${CF_UNIX_DOMAIN_SOCKET_DIR} ${CF_LOGGING_DIR}\n" "ExecStart=/usr/sbin/credentials-fetcherd\n" "Environment=\"CREDENTIALS_FETCHERD_STARTED_BY_SYSTEMD=1\"\n" "Type=notify\n" "NotifyAccess=main\n" "WatchdogSec=5s\n" "Restart=on-failure\n\n" "[Install]\n" "WantedBy=multi-user.target\n" ) endif() set(sources ${daemon} ${config} ${renewal}) add_executable(credentials-fetcherd ${sources}) cmake_policy(SET CMP0083 NEW) include(CheckPIESupported) check_pie_supported() if (CMAKE_C_LINK_PIE_SUPPORTED) set_property(TARGET credentials-fetcherd PROPERTY POSITION_INDEPENDENT_CODE TRUE) set_property(TARGET cf_gmsa_service_private PROPERTY POSITION_INDEPENDENT_CODE TRUE) endif () find_path(GLIB_INCLUDE_DIR glib.h "/usr/include" "/usr/include/glib-2.0") find_path(GLIB_CONFIG_DIR glibconfig.h "/usr/include" "/usr/lib64/glib-2.0/include") target_include_directories(credentials-fetcherd PUBLIC common ${GLIB_INCLUDE_DIR} ${GLIB_CONFIG_DIR} ${CMAKE_CURRENT_BINARY_DIR}) find_program(DOTNET dotnet ~/.dotnet /usr/bin) if (NOT DOTNET) message(FATAL_ERROR ".NET compiler is not found") endif() add_custom_command( TARGET credentials-fetcherd PRE_LINK COMMAND bash -c "CURR_DIR=$PWD && echo $CURR_DIR && cd ${CMAKE_CURRENT_SOURCE_DIR}/auth/kerberos/src/utf16_decode && ./build-using-csc.sh Program.cs && cp Program.exe $CURR_DIR/credentials_fetcher_utf16_private.exe && cp Program.runtimeconfig.json $CURR_DIR/credentials_fetcher_utf16_private.runtimeconfig.json" VERBATIM) target_include_directories(credentials-fetcherd PUBLIC common) target_link_libraries(credentials-fetcherd PUBLIC systemd boost_program_options krb5 glib-2.0 cf_gmsa_service_private boost_filesystem boost_system crypto kadm5srv_mit kdb5 gssrpc gssapi_krb5 gssrpc k5crypto com_err krb5support resolv) target_link_libraries(credentials-fetcherd PUBLIC ${_REFLECTION} ${_GRPC_GRPCPP} ${_PROTOBUF_LIBPROTOBUF}) install(FILES ${CMAKE_BINARY_DIR}/credentials-fetcherd DESTINATION "/usr/sbin/" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) install(FILES ${CMAKE_SOURCE_DIR}/scripts/systemd/credentials-fetcher.service DESTINATION "/usr/lib/systemd/system/") install(FILES ${CMAKE_BINARY_DIR}/credentials_fetcher_utf16_private.exe DESTINATION "/usr/sbin/" PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ) install(FILES ${CMAKE_BINARY_DIR}/credentials_fetcher_utf16_private.runtimeconfig.json DESTINATION "/usr/sbin/" PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ) enable_testing() add_test(NAME check_help COMMAND ${CMAKE_BINARY_DIR}/credentials-fetcherd "--help") add_test(NAME run_self_test COMMAND ${CMAKE_BINARY_DIR}/credentials-fetcherd "--self_test") set_tests_properties(check_help PROPERTIES WILL_FAIL TRUE) set_tests_properties(run_self_test PROPERTIES WILL_FAIL FALSE)