#  -*- text -*-
#
#  test configuration file.  Do not install.
#
#  $Id: 16513bbc9a7a8cbc6b74d86a1d57b8aff143cf72 $
#

#
#  Minimal radiusd.conf for testing
#
top_srcdir   = $ENV{TOP_SRCDIR}
testdir      = $ENV{TESTDIR}
output       = ${top_srcdir}/$ENV{OUTPUT}
run_dir      = ${output}
raddb        = raddb
pidfile      = ${run_dir}/radiusd.pid
panic_action = "gdb -batch -x src/tests/panic.gdb %e %p > ${run_dir}/gdb.log 2>&1; cat ${run_dir}/gdb.log"

maindir      = ${raddb}
radacctdir   = ${run_dir}/radacct
modconfdir   = ${maindir}/mods-config
certdir      = ${maindir}/certs
cadir        = ${maindir}/certs
test_port    = $ENV{TEST_PORT}

client docnet {
	ipaddr = 192.0.2.1
	secret = testing123123
}

#  Only for testing!
#  Setting this on a production system is a BAD IDEA.
security {
	allow_vulnerable_openssl = yes
}

policy {
	files.authorize {
		if (&User-Name == "bob") {
			update control {
				&Password.Cleartext := "hello"
			}
		}
	}
	$INCLUDE ${maindir}/policy.d/
}

modules {
	expr {

	}

	sql {
		driver = "rlm_sql_sqlite"
		dialect = "sqlite"
		sqlite {
			# Path to the sqlite database
			filename = "$ENV{SQL_NASTABLE_DB}"

			# How long to wait for write locks on the database to be
			# released (in ms) before giving up.
			busy_timeout = 200

			# The bootstrap is handled by src/tests/sql_nas_table/all.mk
		}

		radius_db = "radius"

		acct_table1 = "radacct"
		acct_table2 = "radacct"
		postauth_table = "radpostauth"
		authcheck_table = "radcheck"
		groupcheck_table = "radgroupcheck"
		authreply_table = "radreply"
		groupreply_table = "radgroupreply"
		usergroup_table = "radusergroup"
		read_groups = yes
		read_profiles = yes

		# Set to 'yes' to read radius clients from the database ('nas' table)
		# Clients will ONLY be read on server startup.
		read_clients = yes

		# Table to keep radius client info
		client_table = "nas"

		# The group attribute specific to this instance of rlm_sql
		group_attribute = "SQL-Group"

		# Read database-specific queries
		$INCLUDE ${modconfdir}/${.:name}/main/${dialect}/queries.conf
	}

	always reject {
		rcode = reject
	}
	always fail {
		rcode = fail
	}
	always ok {
		rcode = ok
	}
	always handled {
		rcode = handled
	}
	always invalid {
		rcode = invalid
	}
	always notfound {
		rcode = notfound
	}
	always noop {
		rcode = noop
	}
	always updated {
		rcode = updated
	}
}

#
#  This virtual server is chosen for processing requests when using:
#
#	radiusd -Xd src/tests/ -i 127.0.0.1 -p 12340 -n test
#
server extra {
	listen {
		ipaddr = 127.0.0.1
		port = ${test_port}
		type = auth
	}

	authorize {
		if (&User-Name == "bob") {
			accept
		} else {
			reject
		}
	}

	authenticate {

	}
}