5 update_fs_from_statoverride() {
6 # I wish a simple dpkg-statoverride --update $file just did
7 # the right thing, but it doesn't, so we have to do it manually.
13 if [ -n "$type" -a -n "$group" -a -n "$mode" -a -n "$file" ]; then
14 if [ "$(find $file -maxdepth 0 -type $type -group $group -perm $mode)" = "" -a -$type $file ]; then
21 handle_config_files() {
24 for file in /etc/freeradius/preproxy_users \
25 /etc/freeradius/policy.conf \
26 /etc/freeradius/eap.conf \
27 /etc/freeradius/experimental.conf \
28 /etc/freeradius/huntgroups \
29 /etc/freeradius/proxy.conf \
30 /etc/freeradius/attrs.pre-proxy \
31 /etc/freeradius/hints \
32 /etc/freeradius/sql.conf \
33 /etc/freeradius/ldap.attrmap \
34 /etc/freeradius/attrs \
35 /etc/freeradius/policy.txt \
36 /etc/freeradius/attrs.accounting_response \
37 /etc/freeradius/attrs.access_reject \
38 /etc/freeradius/attrs.access_challenge \
39 /etc/freeradius/clients.conf \
40 /etc/freeradius/acct_users
43 so=$(dpkg-statoverride --list $file)
48 if [ $ret != 0 ]; then
49 dpkg-statoverride --add --update root freerad 0640 $file
53 update_fs_from_statoverride f $so
58 for dir in /etc/freeradius/certs \
59 /etc/freeradius/sites-available \
60 /etc/freeradius/sites-enabled
63 so=$(dpkg-statoverride --list $dir)
68 if [ $ret != 0 ]; then
69 dpkg-statoverride --add --update freerad freerad 2751 $dir
73 update_fs_from_statoverride d $so
83 # Changed in 1.1.5-1 for new installs (we used to start at S50
84 # and stop at K50) We now start at S50 and stop at K19 so we
85 # start after services which may be used and stop before them.
86 update-rc.d freeradius start 50 2 3 4 5 . stop 19 0 1 6 . >/dev/null
88 # Set up initial permissions on all the freeradius directories
90 if ! dpkg-statoverride --list /var/run/freeradius >/dev/null; then
91 dpkg-statoverride --add --update freerad freerad 0755 /var/run/freeradius
94 if ! dpkg-statoverride --list /var/log/freeradius >/dev/null; then
95 dpkg-statoverride --add --update freerad freerad 0750 /var/log/freeradius
98 for file in radius.log radwtmp; do
99 [ ! -f "/var/log/freeradius/${file}" ] && install -o freerad -g freerad -m 644 /dev/null /var/log/freeradius/${file}
102 handle_config_files initial
108 handle_config_files upgrade
113 # Create links for default sites, but only if this is an initial
114 # install or an upgrade from before there were links; users may
115 # want to remove them...
116 if [ -z "$2" ] || dpkg --compare-versions "$2" lt 2.0.4+dfsg-4; then
117 for site in default inner-tunnel; do
118 if [ ! -e /etc/freeradius/sites-enabled/$site ]; then
119 ln -s ../sites-available/$site /etc/freeradius/sites-enabled/$site
124 # Create stub SSL certificate file that became necessary in 2.1.8,
125 # with analogous disclaimers, because the admin may yet choose to
126 # switch to /usr/share/doc/freeradius/examples/certs/ stuff.
127 if [ -z "$2" ] || dpkg --compare-versions "$2" lt 2.1.8+dfsg-1; then
128 if egrep -q '^[ ]*\$INCLUDE eap.conf' /etc/freeradius/radiusd.conf && \
129 egrep -q '^[ ]*certdir = \${confdir}/certs' /etc/freeradius/eap.conf && \
130 egrep -q '^[ ]*cadir = \${confdir}/certs' /etc/freeradius/eap.conf
132 echo "Updating default SSL certificate settings, if any..." >&2
133 test -d /etc/freeradius/certs || mkdir /etc/freeradius/certs
134 if test ! -e /etc/ssl/certs/ssl-cert-snakeoil.pem || \
135 test ! -e /etc/ssl/private/ssl-cert-snakeoil.key
137 make-ssl-cert generate-default-snakeoil
139 if egrep -q '^[ ]*certificate_file = \${certdir}/server.pem' /etc/freeradius/eap.conf && \
140 test ! -f /etc/freeradius/certs/server.pem
142 serverpem=wasnotthere
143 ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/freeradius/certs/server.pem
145 if ( egrep -q '^[ ]*private_key_file = \${certdir}/server.pem' /etc/freeradius/eap.conf && \
146 [ "$serverpem" = "wasnotthere" ] ) \
148 ( egrep -q '^[ ]*private_key_file = \${certdir}/server.key' /etc/freeradius/eap.conf && \
149 test ! -f /etc/freeradius/certs/server.key )
151 ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/freeradius/certs/server.key
152 sed -i -e 's,^\([ ]*private_key_file = \${certdir}\)/server.pem$,\1/server.key,' /etc/freeradius/eap.conf
153 if getent group ssl-cert >/dev/null; then
154 # freeradius-common dependency also provides us with adduser
155 adduser --quiet freerad ssl-cert
158 if egrep -q '^[ ]*CA_file = \${cadir}/ca.pem' /etc/freeradius/eap.conf && \
159 test ! -f /etc/freeradius/certs/ca.pem
161 ln -s /etc/ssl/certs/ca-certificates.crt /etc/freeradius/certs/ca.pem
163 if egrep -q '^[ ]*random_file = \${certdir}/random' /etc/freeradius/eap.conf && \
164 test ! -f /etc/freeradius/certs/random
166 sed -i -e 's,^\([ ]*random_file = \)\${certdir}/random$,\1/dev/urandom,' /etc/freeradius/eap.conf
168 if egrep -q '^[ ]*dh_file = \${certdir}/dh' /etc/freeradius/eap.conf && \
169 test ! -f /etc/freeradius/certs/dh
171 # ssl-cert dependency also provides us with openssl
172 openssl dhparam -out /etc/freeradius/certs/dh 1024
177 if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
178 invoke-rc.d freeradius $action || true
180 /etc/init.d/freeradius $action
184 if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
185 invoke-rc.d freeradius restart || true
187 /etc/init.d/freeradius restart
191 if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
192 invoke-rc.d freeradius start || true
194 /etc/init.d/freeradius start