This file is indexed.

postinst is in freeradius 2.2.8+dfsg-0.1build2.

This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
#! /bin/sh

set -e

update_fs_from_statoverride() {
  # I wish a simple dpkg-statoverride --update $file just did
  # the right thing, but it doesn't, so we have to do it manually.
  type=$1
  user=$2
  group=$3
  mode=$4
  file=$5
  if [ -n "$type" -a -n "$group" -a -n "$mode" -a -n "$file" ]; then
    if [ "$(find $file -maxdepth 0 -type $type -group $group -perm $mode)" = "" -a -$type $file ]; then
      chgrp $group $file
      chmod $mode $file
    fi
  fi
}

handle_config_files() {
  runmode=$1

  for file in /etc/freeradius/preproxy_users \
              /etc/freeradius/policy.conf \
              /etc/freeradius/eap.conf \
              /etc/freeradius/experimental.conf \
              /etc/freeradius/huntgroups \
              /etc/freeradius/proxy.conf \
              /etc/freeradius/attrs.pre-proxy \
              /etc/freeradius/hints \
              /etc/freeradius/sql.conf \
              /etc/freeradius/ldap.attrmap \
              /etc/freeradius/attrs \
              /etc/freeradius/policy.txt \
              /etc/freeradius/attrs.accounting_response \
              /etc/freeradius/attrs.access_reject \
              /etc/freeradius/attrs.access_challenge \
              /etc/freeradius/clients.conf \
              /etc/freeradius/acct_users
  do
    set +e
    so=$(dpkg-statoverride --list $file)
    ret=$?
    set -e
    case "$runmode" in
      initial)
        if [ $ret != 0 ]; then
          dpkg-statoverride --add --update root freerad 0640 $file
        fi
        ;;
      upgrade)
        update_fs_from_statoverride f $so
        ;;
    esac
  done

  for dir in /etc/freeradius/certs \
             /etc/freeradius/sites-available \
             /etc/freeradius/sites-enabled
  do
    set +e
    so=$(dpkg-statoverride --list $dir)
    ret=$?
    set -e
    case "$runmode" in
      initial)
        if [ $ret != 0 ]; then
          dpkg-statoverride --add --update freerad freerad 2751 $dir
        fi
        ;;
      upgrade)
        update_fs_from_statoverride d $so
        ;;
    esac
  done
}

case "$1" in
  configure)
        if [ -z "$2" ]; then

          # Changed in 1.1.5-1 for new installs (we used to start at S50
          # and stop at K50)  We now start at S50 and stop at K19 so we
          # start after services which may be used and stop before them.
          update-rc.d freeradius start 50 2 3 4 5 . stop 19 0 1 6 . >/dev/null

          # Set up initial permissions on all the freeradius directories

          if ! dpkg-statoverride --list /var/run/freeradius >/dev/null; then
            dpkg-statoverride --add --update freerad freerad 0755 /var/run/freeradius
          fi

          if ! dpkg-statoverride --list /var/log/freeradius >/dev/null; then
            dpkg-statoverride --add --update freerad freerad 0750 /var/log/freeradius
          fi

          for file in radius.log radwtmp; do
            [ ! -f "/var/log/freeradius/${file}" ] && install -o freerad -g freerad -m 644 /dev/null /var/log/freeradius/${file}
          done

          handle_config_files initial

          action="start"

        else

          handle_config_files upgrade
          action="restart"

        fi

        # Create links for default sites, but only if this is an initial
        # install or an upgrade from before there were links; users may
        # want to remove them...
        if [ -z "$2" ] || dpkg --compare-versions "$2" lt 2.0.4+dfsg-4; then
          for site in default inner-tunnel; do
            if [ ! -e /etc/freeradius/sites-enabled/$site ]; then
              ln -s ../sites-available/$site /etc/freeradius/sites-enabled/$site
            fi
          done
        fi

	# Create stub SSL certificate file that became necessary in 2.1.8,
	# with analogous disclaimers, because the admin may yet choose to
	# switch to /usr/share/doc/freeradius/examples/certs/ stuff.
        if [ -z "$2" ] || dpkg --compare-versions "$2" lt 2.1.8+dfsg-1; then
          if egrep -q '^[ 	]*\$INCLUDE eap.conf' /etc/freeradius/radiusd.conf && \
             egrep -q '^[ 	]*certdir = \${confdir}/certs' /etc/freeradius/eap.conf && \
             egrep -q '^[ 	]*cadir = \${confdir}/certs' /etc/freeradius/eap.conf
          then
            echo "Updating default SSL certificate settings, if any..." >&2
            test -d /etc/freeradius/certs || mkdir /etc/freeradius/certs
            if test ! -e /etc/ssl/certs/ssl-cert-snakeoil.pem || \
               test ! -e /etc/ssl/private/ssl-cert-snakeoil.key
            then
               make-ssl-cert generate-default-snakeoil
            fi
            if egrep -q '^[ 	]*certificate_file = \${certdir}/server.pem' /etc/freeradius/eap.conf && \
               test ! -f /etc/freeradius/certs/server.pem
            then
              serverpem=wasnotthere
	      ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/freeradius/certs/server.pem
	    fi
            if ( egrep -q '^[ 	]*private_key_file = \${certdir}/server.pem' /etc/freeradius/eap.conf && \
                 [ "$serverpem" = "wasnotthere" ] ) \
               || \
               ( egrep -q '^[ 	]*private_key_file = \${certdir}/server.key' /etc/freeradius/eap.conf && \
                 test ! -f /etc/freeradius/certs/server.key )
            then
	      ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/freeradius/certs/server.key
	      sed -i -e 's,^\([ 	]*private_key_file = \${certdir}\)/server.pem$,\1/server.key,' /etc/freeradius/eap.conf
	      if getent group ssl-cert >/dev/null; then
                # freeradius-common dependency also provides us with adduser
	        adduser --quiet freerad ssl-cert
	      fi
	    fi
            if egrep -q '^[ 	]*CA_file = \${cadir}/ca.pem' /etc/freeradius/eap.conf && \
               test ! -f /etc/freeradius/certs/ca.pem
            then
	      ln -s /etc/ssl/certs/ca-certificates.crt /etc/freeradius/certs/ca.pem
	    fi
            if egrep -q '^[ 	]*random_file = \${certdir}/random' /etc/freeradius/eap.conf && \
               test ! -f /etc/freeradius/certs/random
            then
	      sed -i -e 's,^\([ 	]*random_file = \)\${certdir}/random$,\1/dev/urandom,' /etc/freeradius/eap.conf
	    fi
            if egrep -q '^[ 	]*dh_file = \${certdir}/dh' /etc/freeradius/eap.conf && \
               test ! -f /etc/freeradius/certs/dh
            then
              # ssl-cert dependency also provides us with openssl
	      openssl dhparam -out /etc/freeradius/certs/dh 1024
	    fi
	  fi
	fi

        if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
          invoke-rc.d freeradius $action || true
        else
          /etc/init.d/freeradius $action
        fi
        ;;
  abort-upgrade)
        if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
          invoke-rc.d freeradius restart || true
        else
          /etc/init.d/freeradius restart
        fi
        ;;
  abort-remove)
        if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
          invoke-rc.d freeradius start || true
        else
          /etc/init.d/freeradius start
        fi
        ;;
  abort-deconfigure)
        ;;
esac



exit 0