# -*- text -*-
##
## test.conf	-- Virtual server configuration for testing radiusd.
##
##	$Id$
##

test_port	= 10000

correct_escapes = true

#  Only for testing!
#  Setting this on a production system is a BAD IDEA.
security {
	allow_vulnerable_openssl = yes
}

modules {
	$INCLUDE ${maindir}/mods-enabled/
	$INCLUDE ${testdir}/config/eap-test
}

realm test.example.com {
	authhost = 127.0.0.1:${test_port}
	secret = testing123
}

policy {
	files.authorize {
		if (User-Name == "bob") {
			update control {
				&Cleartext-Password := "bob"
			}
		}
	}

	$INCLUDE ${maindir}/policy.d/
}


#
#  This virtual server is chosen for processing requests when using:
#
#	radiusd -Xd src/tests/ -i 127.0.0.1 -p 12340 -n test
#
server test {
	listen {
		ipaddr = 127.0.0.1
		port = ${test_port}
		type = auth
	}

authorize {
	update reply {
		&Test-Server-Port = "%{Packet-Dst-Port}"
	}

	if (User-Name == "bob") {
		#
		#  Digest-* tests have a password of "zanzibar"
		#  Or, a hashed version thereof.
		#
		if (Digest-Response) {
			if (&Test-Number == "1") {
				update control {
					&Cleartext-Password := "zanzibar"
				}
			}
			elsif (Test-Number == "2") {
				update control {
					&Digest-HA1 := 12af60467a33e8518da5c68bbff12b11
				}
			}
		}	
		else {
			update control {
				&Cleartext-Password := "bob"
			}
		}
	}

	if (User-Name =~ /^(.*)@test\.example\.com$/) {
		update request {
			&Stripped-User-Name := "%{1}"
		}
		update control {
			&Proxy-To-Realm := test.example.com
		}
	}

	chap
	mschap
	digest
	eap-test
	pap
}

authenticate {
	pap
	chap
	mschap
	digest
	eap-test
}

accounting {
	if (Packet-Src-IP-Address != 255.255.255.255) {
		detail
	}

	ok
}

}