debian/freeradius.postinst

   1 #! /bin/sh
   2
   3 set -e
   4
   5 case "$1" in
   6   configure)
   7         if [ -z "$2" ]; then
   8           # Changed in 1.1.5-1 for new installs (we used to start at S50
   9           # and stop at K50)  We now start at S50 and stop at K19 so we
  10           # start after services which may be used and stop before them.
  11           update-rc.d freeradius start 50 2 3 4 5 . stop 19 0 1 6 . >/dev/null
  12
  13           # Set up initial permissions on all the freeradius directories
  14
  15           if ! dpkg-statoverride --list | grep -q /var/run/freeradius$; then
  16             dpkg-statoverride --add --update freerad freerad 0755 /var/run/freeradius
  17           fi
  18
  19           if ! dpkg-statoverride --list | grep -q /var/log/freeradius$; then
  20             dpkg-statoverride --add --update freerad freerad 0750 /var/log/freeradius
  21           fi
  22
  23           for file in radius.log radwtmp; do
  24             [ ! -f "/var/log/freeradius/${file}" ] && install -o freerad -g freerad -m 644 /dev/null /var/log/freeradius/${file}
  25           done
  26
  27           for file in /etc/freeradius/preproxy_users \
  28             /etc/freeradius/policy.conf \
  29             /etc/freeradius/eap.conf \
  30             /etc/freeradius/experimental.conf \
  31             /etc/freeradius/huntgroups \
  32             /etc/freeradius/proxy.conf \
  33             /etc/freeradius/attrs.pre-proxy \
  34             /etc/freeradius/hints \
  35             /etc/freeradius/sql.conf \
  36             /etc/freeradius/ldap.attrmap \
  37             /etc/freeradius/attrs \
  38             /etc/freeradius/policy.txt \
  39             /etc/freeradius/attrs.accounting_response \
  40             /etc/freeradius/attrs.access_reject \
  41             /etc/freeradius/attrs.access_challenge \
  42             /etc/freeradius/clients.conf \
  43             /etc/freeradius/acct_users
  44           do
  45             if ! dpkg-statoverride --list | grep -qw $file$; then
  46               dpkg-statoverride --add --update root freerad 0640 $file
  47             fi
  48           done
  49
  50           for dir in /etc/freeradius/certs/ \
  51             /etc/freeradius/sites-available/ \
  52             /etc/freeradius/sites-enabled/
  53           do
  54             if ! dpkg-statoverride --list | grep -qw $dir$; then
  55               dpkg-statoverride --add --update freerad freerad 2751 $dir
  56             fi
  57           done
  58
  59           action="start"
  60         else
  61           action="restart"
  62         fi
  63
  64         # Create links for default sites, but only if this is an initial
  65         # install or an upgrade from before there were links; users may
  66         # want to remove them...
  67         if [ -z "$2" ] || dpkg --compare-versions "$2" lt 2.0.4+dfsg-4; then
  68           for site in default inner-tunnel; do
  69             if [ ! -e /etc/freeradius/sites-enabled/$site ]; then
  70               ln -s ../sites-available/$site /etc/freeradius/sites-enabled/$site
  71             fi
  72           done
  73         fi
  74
  75         # Create stub SSL certificate file that became necessary in 2.1.8,
  76         # with analogous disclaimers, because the admin may yet choose to
  77         # switch to /usr/share/doc/freeradius/examples/certs/ stuff.
  78         if [ -z "$2" ] || dpkg --compare-versions "$2" lt 2.1.8+dfsg-1; then
  79           if egrep -q '^[       ]*\$INCLUDE eap.conf' /etc/freeradius/radiusd.conf && \
  80              egrep -q '^[       ]*certdir = \${confdir}/certs' /etc/freeradius/eap.conf && \
  81              egrep -q '^[       ]*cadir = \${confdir}/certs' /etc/freeradius/eap.conf
  82           then
  83             echo "Updating default SSL certificate settings, if any..." >&2
  84             test -d /etc/freeradius/certs || mkdir /etc/freeradius/certs
  85             if test ! -e /etc/ssl/certs/ssl-cert-snakeoil.pem || \
  86                test ! -e /etc/ssl/private/ssl-cert-snakeoil.key
  87             then
  88                make-ssl-cert generate-default-snakeoil
  89             fi
  90             if egrep -q '^[     ]*certificate_file = \${certdir}/server.pem' /etc/freeradius/eap.conf && \
  91                test ! -f /etc/freeradius/certs/server.pem
  92             then
  93               serverpem=wasnotthere
  94               ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/freeradius/certs/server.pem
  95             fi
  96             if egrep -q '^[     ]*private_key_file = \${certdir}/server.pem' /etc/freeradius/eap.conf && \
  97                [ "$serverpem" = "wasnotthere" ]
  98             then
  99               ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/freeradius/certs/server.key
 100               sed -i -e 's,^\([         ]*private_key_file = \${certdir}\)/server.pem$,\1/server.key,' /etc/freeradius/eap.conf
 101               if getent group ssl-cert >/dev/null; then
 102                 # freeradius-common dependency also provides us with adduser
 103                 adduser --quiet freerad ssl-cert
 104               fi
 105             fi
 106             if egrep -q '^[     ]*CA_file = \${cadir}/ca.pem' /etc/freeradius/eap.conf && \
 107                test ! -f /etc/freeradius/certs/ca.pem
 108             then
 109               ln -s /etc/ssl/certs/ca.pem /etc/freeradius/certs/ca.pem
 110             fi
 111             if egrep -q '^[     ]*random_file = \${certdir}/random' /etc/freeradius/eap.conf && \
 112                test ! -f /etc/freeradius/certs/random
 113             then
 114               ln -s /dev/urandom /etc/freeradius/certs/random
 115             fi
 116             if egrep -q '^[     ]*dh_file = \${certdir}/dh' /etc/freeradius/eap.conf && \
 117                test ! -f /etc/freeradius/certs/dh
 118             then
 119               # ssl-cert dependency also provides us with openssl
 120               openssl dhparam -out /etc/freeradius/certs/dh 1024
 121             fi
 122           fi
 123         fi
 124
 125         if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
 126           invoke-rc.d freeradius $action || true
 127         else
 128           /etc/init.d/freeradius $action
 129         fi
 130         ;;
 131   abort-upgrade)
 132         if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
 133           invoke-rc.d freeradius restart || true
 134         else
 135           /etc/init.d/freeradius restart
 136         fi
 137         ;;
 138   abort-remove)
 139         if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
 140           invoke-rc.d freeradius start || true
 141         else
 142           /etc/init.d/freeradius start
 143         fi
 144         ;;
 145   abort-deconfigure)
 146         ;;
 147 esac
 148
 149 #DEBHELPER#
 150
 151 exit 0