#
#  Minimal radiusd.conf for testing modules
#

raddb		= raddb

modconfdir	= ${raddb}/mods-config

correct_escapes	= true

#  Only for testing!
#  Setting this on a production system is a BAD IDEA.
security {
	allow_vulnerable_openssl = yes
}

modules {
	$INCLUDE ${raddb}/mods-enabled/always

	$INCLUDE ${raddb}/mods-enabled/pap

	$INCLUDE ${raddb}/mods-enabled/expr

	$INCLUDE $ENV{MODULE_TEST_DIR}/module.conf
}

server default {
	authorize {
		#
		# Include the test file specified by the
		# KEYWORD environment variable.
		#
		$INCLUDE $ENV{MODULE_TEST_UNLANG}

		pap
	}

	authenticate {
		pap
	}
}

policy {
	test_pass {
		update control {
			&Tmp-String-8 := "%{expr:%{%{control:Tmp-String-8}:-0} + 1}"
			&Auth-Type := Accept
		}
	}

	test_fail {
		update reply {
			&Reply-Message := "fail %{%{control:Tmp-String-8}:-0}"
		}
		reject
	}

	#
	#  Outputs the contents of the control list in debugging (-X) mode
	#
	debug_control {
		if("%{debug_attr:control:}" == '') {
			noop
		}
	}

	#
	#  Outputs the contents of the request list in debugging (-X) mode
	#
	debug_request {
		if("%{debug_attr:request:}" == '') {
			noop
		}
	}

	#
	#  Outputs the contents of the reply list in debugging (-X) mode
	#
	debug_reply {
		if("%{debug_attr:reply:}" == '') {
			noop
		}
	}

	#
	#  Outputs the contents of the session state list in debugging (-X) mode
	#
	debug_session_state {
		if("%{debug_attr:session-state:}" == '') {
			noop
		}
	}

	#
	#  Outputs the contents of the main lists in debugging (-X) mode
	#
	debug_all {
		debug_control
		debug_request
		debug_reply
		debug_session_state
	}
}