set -e
+update_fs_from_statoverride() {
+ # I wish a simple dpkg-statoverride --update $file just did
+ # the right thing, but it doesn't, so we have to do it manually.
+ type=$1
+ user=$2
+ group=$3
+ mode=$4
+ file=$5
+ if [ -n "$type" -a -n "$group" -a -n "$mode" -a -n "$file" ]; then
+ if [ "$(find $file -maxdepth 0 -type $type -group $group -perm $mode)" = "" -a -$type $file ]; then
+ chgrp $group $file
+ chmod $mode $file
+ fi
+ fi
+}
+
+handle_config_files() {
+ runmode=$1
+
+ set +e
+ so=$(dpkg-statoverride --list /etc/freeradius)
+ ret=$?
+ set -e
+ case "$runmode" in
+ initial)
+ if [ $ret != 0 ]; then
+ dpkg-statoverride --add --update freerad freerad 2751 /etc/freeradius
+ fi
+ ;;
+ upgrade)
+ update_fs_from_statoverride d $so
+ ;;
+ esac
+
+ set +e
+ so=$(dpkg-statoverride --list /etc/freeradius/radiusd.conf)
+ ret=$?
+ set -e
+ case "$runmode" in
+ initial)
+ if [ $ret != 0 ]; then
+ dpkg-statoverride --add --update root freerad 0640 /etc/freeradius/radiusd.conf
+ fi
+ ;;
+ upgrade)
+ update_fs_from_statoverride f $so
+ ;;
+ esac
+
+ # Relax permissions on local dictionary - allows radclient to run and should
+ # not contain secrets. At any rate, only do it on fresh install
+ set +e
+ so=$(dpkg-statoverride --list /etc/freeradius/dictionary)
+ ret=$?
+ set -e
+ case "$runmode" in
+ initial)
+ if [ $ret != 0 ]; then
+ dpkg-statoverride --add --update root freerad 0644 /etc/freeradius/dictionary
+ fi
+ ;;
+ upgrade)
+ update_fs_from_statoverride f $so
+ ;;
+ esac
+}
+
case "$1" in
configure)
if [ -z "$2" ]; then
# group if authenticating by another mechanism
adduser --quiet freerad shadow
- if ! dpkg-statoverride --list | grep -qw /etc/freeradius$; then
- dpkg-statoverride --add --update freerad freerad 2751 /etc/freeradius
- fi
-
- if ! dpkg-statoverride --list | grep -qw /etc/freeradius/radiusd.conf$; then
- dpkg-statoverride --add --update root freerad 0640 /etc/freeradius/radiusd.conf
- fi
-
- # Relax permissions on local dictionary - allows radclient to run and should
- # not contain secrets. At any rate, only do it on fresh install
- if ! dpkg-statoverride --list | grep -qw /etc/freeradius/dictionary$; then
- dpkg-statoverride --add --update root freerad 0644 /etc/freeradius/dictionary
- fi
+ handle_config_files initial
+ else
+ handle_config_files upgrade
fi
;;
esac
case "$1" in
remove)
for file in /etc/freeradius/radiusd.conf /etc/freeradius/dictionary; do
- if dpkg-statoverride --list | grep -qw $file$; then
+ if dpkg-statoverride --list $file >/dev/null; then
dpkg-statoverride --remove $file
fi
done
- if dpkg-statoverride --list | grep -qw /etc/freeradius$; then
+ if dpkg-statoverride --list /etc/freeradius >/dev/null; then
dpkg-statoverride --remove /etc/freeradius
fi
;;
set -e
+update_fs_from_statoverride() {
+ # I wish a simple dpkg-statoverride --update $file just did
+ # the right thing, but it doesn't, so we have to do it manually.
+ type=$1
+ user=$2
+ group=$3
+ mode=$4
+ file=$5
+ if [ -n "$type" -a -n "$group" -a -n "$mode" -a -n "$file" ]; then
+ if [ "$(find $file -maxdepth 0 -type $type -group $group -perm $mode)" = "" -a -$type $file ]; then
+ chgrp $group $file
+ chmod $mode $file
+ fi
+ fi
+}
+
case "$1" in
configure)
for file in /etc/freeradius/sql/mysql/counter.conf \
/etc/freeradius/sql/mysql/nas.sql \
/etc/freeradius/sql/mysql/schema.sql
do
- if ! dpkg-statoverride --list | grep -qw $file$; then
- dpkg-statoverride --add --update root freerad 0640 $file
+ set +e
+ so=$(dpkg-statoverride --list $file)
+ ret=$?
+ set -e
+ if [ -z "$2" ]; then
+ if [ $ret != 0 ]; then
+ dpkg-statoverride --add --update root freerad 0640 $file
+ fi
+ else
+ update_fs_from_statoverride f $so
fi
done
for dir in /etc/freeradius/sql \
/etc/freeradius/sql/mysql
do
- if ! dpkg-statoverride --list | grep -qw $dir$; then
- dpkg-statoverride --add --update root freerad 2751 $dir
+ set +e
+ so=$(dpkg-statoverride --list $dir)
+ ret=$?
+ set -e
+ if [ -z "$2" ]; then
+ if [ $ret != 0 ]; then
+ dpkg-statoverride --add --update root freerad 2751 $dir
+ fi
+ else
+ update_fs_from_statoverride d $so
fi
done
#DEBHELPER#
exit 0
-
-
/etc/freeradius/sql/mysql/nas.sql \
/etc/freeradius/sql/mysql/schema.sql
do
- if dpkg-statoverride --list | grep -qw $file$; then
+ if dpkg-statoverride --list $file >/dev/null; then
dpkg-statoverride --remove $file
fi
done
for dir in /etc/freeradius/sql \
/etc/freeradius/sql/mysql
do
- if dpkg-statoverride --list | grep -qw $dir$; then
+ if dpkg-statoverride --list $dir >/dev/null; then
dpkg-statoverride --remove $dir
fi
done
set -e
+update_fs_from_statoverride() {
+ # I wish a simple dpkg-statoverride --update $file just did
+ # the right thing, but it doesn't, so we have to do it manually.
+ type=$1
+ user=$2
+ group=$3
+ mode=$4
+ file=$5
+ if [ -n "$type" -a -n "$group" -a -n "$mode" -a -n "$file" ]; then
+ if [ "$(find $file -maxdepth 0 -type $type -group $group -perm $mode)" = "" -a -$type $file ]; then
+ chgrp $group $file
+ chmod $mode $file
+ fi
+ fi
+}
+
case "$1" in
configure)
for file in /etc/freeradius/sql/postgresql/cisco_h323_db_schema.sql \
/etc/freeradius/sql/postgresql/update_radacct_group_trigger.sql \
/etc/freeradius/sql/postgresql/voip-postpaid.conf
do
- if ! dpkg-statoverride --list | grep -qw $file$; then
- dpkg-statoverride --add --update root freerad 0640 $file
+ set +e
+ so=$(dpkg-statoverride --list $file)
+ ret=$?
+ set -e
+ if [ -z "$2" ]; then
+ if [ $ret != 0 ]; then
+ dpkg-statoverride --add --update root freerad 0640 $file
+ fi
+ else
+ update_fs_from_statoverride f $so
fi
done
for dir in /etc/freeradius/sql \
/etc/freeradius/sql/postgresql
do
- if ! dpkg-statoverride --list | grep -qw $dir$; then
- dpkg-statoverride --add --update root freerad 2751 $dir
+ set +e
+ so=$(dpkg-statoverride --list $dir)
+ ret=$?
+ set -e
+ if [ -z "$2" ]; then
+ if [ $ret != 0 ]; then
+ dpkg-statoverride --add --update root freerad 2751 $dir
+ fi
+ else
+ update_fs_from_statoverride d $so
fi
done
#DEBHELPER#
exit 0
-
-
-
/etc/freeradius/sql/postgresql/update_radacct_group_trigger.sql \
/etc/freeradius/sql/postgresql/voip-postpaid.conf
do
- if dpkg-statoverride --list | grep -qw $file$; then
+ if dpkg-statoverride --list $file >/dev/null; then
dpkg-statoverride --remove $file
fi
done
for dir in /etc/freeradius/sql \
/etc/freeradius/sql/postgresql
do
- if dpkg-statoverride --list | grep -qw $dir$; then
+ if dpkg-statoverride --list $dir >/dev/null; then
dpkg-statoverride --remove $dir
fi
done
set -e
+update_fs_from_statoverride() {
+ # I wish a simple dpkg-statoverride --update $file just did
+ # the right thing, but it doesn't, so we have to do it manually.
+ type=$1
+ user=$2
+ group=$3
+ mode=$4
+ file=$5
+ if [ -n "$type" -a -n "$group" -a -n "$mode" -a -n "$file" ]; then
+ if [ "$(find $file -maxdepth 0 -type $type -group $group -perm $mode)" = "" -a -$type $file ]; then
+ chgrp $group $file
+ chmod $mode $file
+ fi
+ fi
+}
+
+handle_config_files() {
+ runmode=$1
+
+ for file in /etc/freeradius/preproxy_users \
+ /etc/freeradius/policy.conf \
+ /etc/freeradius/eap.conf \
+ /etc/freeradius/experimental.conf \
+ /etc/freeradius/huntgroups \
+ /etc/freeradius/proxy.conf \
+ /etc/freeradius/attrs.pre-proxy \
+ /etc/freeradius/hints \
+ /etc/freeradius/sql.conf \
+ /etc/freeradius/ldap.attrmap \
+ /etc/freeradius/attrs \
+ /etc/freeradius/policy.txt \
+ /etc/freeradius/attrs.accounting_response \
+ /etc/freeradius/attrs.access_reject \
+ /etc/freeradius/attrs.access_challenge \
+ /etc/freeradius/clients.conf \
+ /etc/freeradius/acct_users
+ do
+ set +e
+ so=$(dpkg-statoverride --list $file)
+ ret=$?
+ set -e
+ case "$runmode" in
+ initial)
+ if [ $ret != 0 ]; then
+ dpkg-statoverride --add --update root freerad 0640 $file
+ fi
+ ;;
+ upgrade)
+ update_fs_from_statoverride f $so
+ ;;
+ esac
+ done
+
+ for dir in /etc/freeradius/certs \
+ /etc/freeradius/sites-available \
+ /etc/freeradius/sites-enabled
+ do
+ set +e
+ so=$(dpkg-statoverride --list $dir)
+ ret=$?
+ set -e
+ case "$runmode" in
+ initial)
+ if [ $ret != 0 ]; then
+ dpkg-statoverride --add --update freerad freerad 2751 $dir
+ fi
+ ;;
+ upgrade)
+ update_fs_from_statoverride d $so
+ ;;
+ esac
+ done
+}
+
case "$1" in
configure)
if [ -z "$2" ]; then
+
# Changed in 1.1.5-1 for new installs (we used to start at S50
# and stop at K50) We now start at S50 and stop at K19 so we
# start after services which may be used and stop before them.
# Set up initial permissions on all the freeradius directories
- if ! dpkg-statoverride --list | grep -q /var/run/freeradius$; then
+ if ! dpkg-statoverride --list /var/run/freeradius >/dev/null; then
dpkg-statoverride --add --update freerad freerad 0755 /var/run/freeradius
fi
- if ! dpkg-statoverride --list | grep -q /var/log/freeradius$; then
+ if ! dpkg-statoverride --list /var/log/freeradius >/dev/null; then
dpkg-statoverride --add --update freerad freerad 0750 /var/log/freeradius
fi
[ ! -f "/var/log/freeradius/${file}" ] && install -o freerad -g freerad -m 644 /dev/null /var/log/freeradius/${file}
done
- for file in /etc/freeradius/preproxy_users \
- /etc/freeradius/policy.conf \
- /etc/freeradius/eap.conf \
- /etc/freeradius/experimental.conf \
- /etc/freeradius/huntgroups \
- /etc/freeradius/proxy.conf \
- /etc/freeradius/attrs.pre-proxy \
- /etc/freeradius/hints \
- /etc/freeradius/sql.conf \
- /etc/freeradius/ldap.attrmap \
- /etc/freeradius/attrs \
- /etc/freeradius/policy.txt \
- /etc/freeradius/attrs.accounting_response \
- /etc/freeradius/attrs.access_reject \
- /etc/freeradius/attrs.access_challenge \
- /etc/freeradius/clients.conf \
- /etc/freeradius/acct_users
- do
- if ! dpkg-statoverride --list | grep -qw $file$; then
- dpkg-statoverride --add --update root freerad 0640 $file
- fi
- done
-
- for dir in /etc/freeradius/certs/ \
- /etc/freeradius/sites-available/ \
- /etc/freeradius/sites-enabled/
- do
- if ! dpkg-statoverride --list | grep -qw $dir$; then
- dpkg-statoverride --add --update freerad freerad 2751 $dir
- fi
- done
+ handle_config_files initial
action="start"
+
else
+
+ handle_config_files upgrade
action="restart"
+
fi
# Create links for default sites, but only if this is an initial
serverpem=wasnotthere
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/freeradius/certs/server.pem
fi
- if egrep -q '^[ ]*private_key_file = \${certdir}/server.pem' /etc/freeradius/eap.conf && \
- [ "$serverpem" = "wasnotthere" ]
+ if ( egrep -q '^[ ]*private_key_file = \${certdir}/server.pem' /etc/freeradius/eap.conf && \
+ [ "$serverpem" = "wasnotthere" ] ) \
+ || \
+ ( egrep -q '^[ ]*private_key_file = \${certdir}/server.key' /etc/freeradius/eap.conf && \
+ test ! -f /etc/freeradius/certs/server.key )
then
ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/freeradius/certs/server.key
sed -i -e 's,^\([ ]*private_key_file = \${certdir}\)/server.pem$,\1/server.key,' /etc/freeradius/eap.conf
if egrep -q '^[ ]*CA_file = \${cadir}/ca.pem' /etc/freeradius/eap.conf && \
test ! -f /etc/freeradius/certs/ca.pem
then
- ln -s /etc/ssl/certs/ca.pem /etc/freeradius/certs/ca.pem
+ ln -s /etc/ssl/certs/ca-certificates.crt /etc/freeradius/certs/ca.pem
fi
if egrep -q '^[ ]*random_file = \${certdir}/random' /etc/freeradius/eap.conf && \
test ! -f /etc/freeradius/certs/random
then
- ln -s /dev/urandom /etc/freeradius/certs/random
+ sed -i -e 's,^\([ ]*random_file = \)\${certdir}/random$,\1/dev/urandom,' /etc/freeradius/eap.conf
fi
if egrep -q '^[ ]*dh_file = \${certdir}/dh' /etc/freeradius/eap.conf && \
test ! -f /etc/freeradius/certs/dh
rm_conffile "$file"
# must get rid of the overrides otherwise they corrupt the database
- if dpkg-statoverride --list | grep -qw $file$; then
+ if dpkg-statoverride --list $file >/dev/null; then
dpkg-statoverride --remove $file
fi
/etc/freeradius/clients.conf \
/etc/freeradius/acct_users
do
- if dpkg-statoverride --list | grep -qw $file$; then
+ if dpkg-statoverride --list $file >/dev/null; then
dpkg-statoverride --remove $file
fi
done
/var/run/freeradius \
/var/log/freeradius
do
- if dpkg-statoverride --list | grep -qw $dir$; then
+ if dpkg-statoverride --list $dir >/dev/null; then
dpkg-statoverride --remove $dir
fi
done