#
#  Minimal radiusd.conf for testing keywords
#

raddb		= raddb
keyword		= src/tests/keywords

modconfdir	= ${raddb}/mods-config

correct_escapes	= true

#  Only for testing!
#  Setting this on a production system is a BAD IDEA.
security {
	allow_vulnerable_openssl = yes
}

modules {
	$INCLUDE ${raddb}/mods-enabled/always

	$INCLUDE ${raddb}/mods-enabled/pap

	$INCLUDE ${raddb}/mods-enabled/expr

	$INCLUDE ${raddb}/mods-enabled/unpack

	test {

	}

	unix {
	}

	cache {
		driver = "rlm_cache_rbtree"

		key = "%{Tmp-String-0}"
		ttl = 2

		update {
			&request:Tmp-String-1 := &control:Tmp-String-1
			&request:Tmp-Integer-0 := &control:Tmp-Integer-0
			&control: += &reply:
		}

		add_stats = yes
	}
}

policy {
	#
	#  Outputs the contents of the control list in debugging (-X) mode
	#
	debug_control {
		if("%{debug_attr:control:}" == '') {
			noop
		}
	}

	#
	#  Outputs the contents of the request list in debugging (-X) mode
	#
	debug_request {
		if("%{debug_attr:request:}" == '') {
			noop
		}
	}

	#
	#  Outputs the contents of the reply list in debugging (-X) mode
	#
	debug_reply {
		if("%{debug_attr:reply:}" == '') {
			noop
		}
	}

	#
	#  Outputs the contents of the main lists in debugging (-X) mode
	#
	debug_all {
		debug_control
		debug_request
		debug_reply
	}

	#
	#  Just check that this can be referred to as "virtual_policy.post-auth"
	#
	virtual_policy {
		ok
	}

	with.dots {
		ok
	}
}

instantiate {
	#
	#  Just check that this can be referred to as "virtual_instantiate.post-auth"
	#
	load-balance virtual_instantiate {
		ok
		ok
	}
}

server default {
	authorize {
		update control {
			Cleartext-Password := 'hello'
		}

		#
		# Include the test file specified by the
		# KEYWORD environment variable.
		#
		$INCLUDE ${keyword}/$ENV{KEYWORD}

		pap
	}

	authenticate {
		pap
	}
}