After construction and initialisation, your instance will be
called upon to handle requests that are sent to it. For each request
received, the Handler.pm
module will call
($result, $reason) = Radius::AuthXYZ->handle_request($p,
$rp)
, where $p
is a reference to the
Radius::Radius
packet received from the client, and
$rp
is an empty reply packet, ready for you to fill.
Client.pm
and Handler.pm
will
filter out duplicate requests, requests from unknown clients and requests
with bad authenticators, so your handle_request
will
only be called for new, good requests from known clients. The contents of
the request will have been unpacked into the
Radius::Radius
instance passed in as
$p
, so you can immediately start examining attributes
and doing things.
handle_request
returns an
array. The first element is a result
code, and the
second is an optional reason
message.
The
result code from handle_request
will indicate whether
Handler.pm
should automatically send the reply to the
original requester:
- If
handle_request
returns
$main::ACCEPT
, Handler.pm
will send back $rp
as an accept message
appropriate to the type of request received (i.e. it will turn
$rp
into an Access-Accept if the original request
was an Access-Request). In the case of Accounting-Request, this is the
only result code that will cause a reply to be sent back.
- If
handle_request
returns
$main::REJECT
, Handler.pm
will send back $rp
as a reject message
appropriate to the type of request received (i.e. it will turn
$rp
into an Access-Reject if the original request
was an Access-Request). In this case the reason message should be
supplied.
- If
handle_request
returns
$main::CHALLENGE
, Handler.pm
will send back $rp
as a Access-Challenge
message.
- If
handle_request
returns
$main::IGNORE
, Handler.pm
will not send any reply back to the originating client. You should
only use this if the request is to be completely ignored, or if your
module undertakes to send its own reply some time in the future. If
the Handler or Realm has more than one AuthBy handler module
specified, it will continue calling handlers in the order in which
they were specified until one returns something other than
$main::IGNORE
. You can change this behaviour with
AuthByPolicy, for more information, see Section 3.31.12. AuthByPolicy.
Your handle_request
function may want to
use utility functions in Radius::Radius
(see
Radius.pm
) to examine attributes in the incoming
request, and to construct replies. There are some convenience routines in
Client.pm
for packing and sending replies to the
original requester, such as
$p->{Client}->replyTo($rp, $p);
If
your handler cannot successfully handle the request, perhaps due to some
unforeseen event, software failure, system unavailability etc., it is
common to not reply at all to the original request. This will usually
force the original NAS to retransmit to another server as a fallback. You
can do this by returning $main::IGNORE
from
handle_request
.