# Set up initial permissions on all the freeradius directories
if ! dpkg-statoverride --list | grep -q /var/run/freeradius$; then
+ mkdir -p /var/run/freeradius
dpkg-statoverride --add --update freerad freerad 0755 /var/run/freeradius
fi
if ! dpkg-statoverride --list | grep -q /var/log/freeradius$; then
+ mkdir -p /var/log/freeradius
dpkg-statoverride --add --update freerad freerad 0750 /var/log/freeradius
fi
[ ! -f "/var/log/freeradius/${file}" ] && install -o freerad -g freerad -m 644 /dev/null /var/log/freeradius/${file}
done
- for file in /etc/freeradius/preproxy_users \
+ for file in /etc/freeradius/mods-config/files/pre-proxy \
+ /etc/freeradius/mods-config/files/accounting \
+ /etc/freeradius/mods-config/preprocess/huntgroups \
+ /etc/freeradius/mods-config/preprocess/hints \
/etc/freeradius/experimental.conf \
- /etc/freeradius/huntgroups \
/etc/freeradius/proxy.conf \
- /etc/freeradius/hints \
- /etc/freeradius/clients.conf \
- /etc/freeradius/acct_users
+ /etc/freeradius/clients.conf
do
if ! dpkg-statoverride --list | grep -qw $file$; then
dpkg-statoverride --add --update root freerad 0640 $file
for dir in /etc/freeradius/certs \
/etc/freeradius/sites-available \
/etc/freeradius/sites-enabled \
- /etc/freeradius/filter \
+ /etc/freeradius/mods-config/attr_filter \
/etc/freeradius/policy.d
do
if ! dpkg-statoverride --list | grep -qw $dir$; then
action="restart"
fi
- # Create links for default sites, but only if this is an initial
- # install or an upgrade from before there were links; users may
- # want to remove them...
- if [ -z "$2" ] || dpkg --compare-versions "$2" lt 2.0.4+dfsg-4; then
- for site in default inner-tunnel; do
- if [ ! -e /etc/freeradius/sites-enabled/$site ]; then
- ln -s ../sites-available/$site /etc/freeradius/sites-enabled/$site
- fi
- done
- fi
-
- # Create stub SSL certificate file that became necessary in 2.1.8,
- # with analogous disclaimers, because the admin may yet choose to
- # switch to /usr/share/doc/freeradius/examples/certs/ stuff.
- if [ -z "$2" ] || dpkg --compare-versions "$2" lt 2.1.8+dfsg-1; then
- if egrep -q '^[ ]*\$INCLUDE eap.conf' /etc/freeradius/radiusd.conf && \
- egrep -q '^[ ]*certdir = \${confdir}/certs' /etc/freeradius/modules/eap && \
- egrep -q '^[ ]*cadir = \${confdir}/certs' /etc/freeradius/modules/eap
- then
- echo "Updating default SSL certificate settings, if any..." >&2
- test -d /etc/freeradius/certs || mkdir /etc/freeradius/certs
- if test ! -e /etc/ssl/certs/ssl-cert-snakeoil.pem || \
- test ! -e /etc/ssl/private/ssl-cert-snakeoil.key
- then
- make-ssl-cert generate-default-snakeoil
- fi
- if egrep -q '^[ ]*certificate_file = \${certdir}/server.pem' /etc/freeradius/modules/eap && \
- test ! -f /etc/freeradius/certs/server.pem
- then
- serverpem=wasnotthere
- ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/freeradius/certs/server.pem
- fi
- if egrep -q '^[ ]*private_key_file = \${certdir}/server.pem' /etc/freeradius/modules/eap && \
- [ "$serverpem" = "wasnotthere" ]
- then
- ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/freeradius/certs/server.key
- sed -i -e 's,^\([ ]*private_key_file = \${certdir}\)/server.pem$,\1/server.key,' /etc/freeradius/modules/eap
- if getent group ssl-cert >/dev/null; then
- # freeradius-common dependency also provides us with adduser
- adduser --quiet freerad ssl-cert
- fi
- fi
- if egrep -q '^[ ]*CA_file = \${cadir}/ca.pem' /etc/freeradius/modules/eap && \
- test ! -f /etc/freeradius/certs/ca.pem
- then
- ln -s /etc/ssl/certs/ca.pem /etc/freeradius/certs/ca.pem
- fi
- if egrep -q '^[ ]*random_file = \${certdir}/random' /etc/freeradius/modules/eap && \
- test ! -f /etc/freeradius/certs/random
- then
- ln -s /dev/urandom /etc/freeradius/certs/random
- fi
- if egrep -q '^[ ]*dh_file = \${certdir}/dh' /etc/freeradius/modules/eap && \
- test ! -f /etc/freeradius/certs/dh
- then
- # ssl-cert dependency also provides us with openssl
- openssl dhparam -out /etc/freeradius/certs/dh 1024
- fi
- fi
- fi
-
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
invoke-rc.d freeradius $action || true
else
/etc/init.d/freeradius $action
fi
;;
+
abort-upgrade)
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
invoke-rc.d freeradius restart || true
/etc/init.d/freeradius restart
fi
;;
+
abort-remove)
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
invoke-rc.d freeradius start || true
/etc/init.d/freeradius start
fi
;;
+
abort-deconfigure)
;;
esac