authenticate 身份鉴定
authorize 授权, 批准
challenge 查问身份
subscriber 用户
openSER.cfg 中注册的配置摘录如下:
route [0] {
#----------------------------------------
# Block begin: REGISTER
#----------------------------------------
if (method=="REGISTER") {
if (uri==myself) {
if(!check_uri())
{
sl_send_reply("403", "Forbidden");
break;
}
if(lookup_contact("subscriber")){
if (!www_authorize("unused", "subscriber")) {
www_challenge("unused", "0");
break;
}
save("location");
break;
}
sl_send_reply("403", "Forbidden");
break;
}
sl_send_reply("403", "Forbidden");
break;
}
注册下载包连接 http://download.csdn.net/detail/xuyunzhang/4329549
1. 用户发request REGISTER,contact头置空,表明用户希望向服务器询问当前的联系列表,请求的号码103是否已被注册或被允许使用。
2. check_uri( )检查request line (REGISTER sip:192.168.1.55 SIP/2.0) 中的uri ( sip:192.168.1.55)所含的主机地址是自己(sip register server)的地址,同事还会查看是否在同一网段内 等有效性检查。如果非法或无效,回 403 Forbidden 包(如下所示),否则 继续。
3.lookup_contact( ) 将REGISTER包的contact header 中的 Contact: <sip:[email protected]:5060>注册号码103 取出,执行数据库(如:mysql)查找,即执行db_query( )。如果事先在sip registar 表格上填了对应的号码103(db中保存此项,允许使用),则查询成功。
4. 继续查看是否经cred认证过(www_authorize),由于contact头为空,认证失败(其实注册成功时有个Expires时间, 如Expires: 180,在每次expire之前用户会发request REGISTER表示要自己存在并且继续使用该号码,contact当然不为空,相当于keep alive, 否则expire后,register server收回注册号码等资源), challenge 回 401 Unauthorized 要求用户给出认证信息(www_challenge)。用户再次发REGISTER request,并且在Authorization头域中给出认证信息,同样经历1、2、3过程。认证信息 如:
Digest username="103",
realm="10.0.0.55",
nonce="4d1fa76b8b83f4952d9887a9fd5e38784517577a",
uri="sip:192.168.1.55",
response="89c2a21daae7c38270d12b4240d258c2",
algorithm=MD5
sip register server 进行哈希运算得出用户密码,并检测用户名和密码
5. 认证成功回200 OK表示允许使用, 否则回403 Forbidden 注册失败,整个注册过程结束。
注册数据包:
REGISTER sip:192.168.1.55 SIP/2.0
From: "103"<sip:[email protected]>;tag=c0a8011e-13c44d1fa63f
To: <sip:[email protected]>
Call-ID: [email protected]
CSeq: 15135 REGISTER
Via: SIP/2.0/UDP 192.168.1.30:5060;rport;branch=z9hG4bK-4d1fa63f-a32af64-2369
Max-Forwards: 70
Supported: 100rel,replaces
User-Agent: IP2061-V1.0.1_ICON_VN
Contact: <sip:[email protected]:5060>
Expires: 180
Content-Length: 0
------------------------------------------------------------------------------------------------------------------------------------
SIP/2.0 401 Unauthorized
From: "103"<sip:[email protected]>;tag=c0a8011e-13c44d1fa63f
To: <sip:[email protected]>;tag=414c40746541a2c9f630b7b3ee2781c7.6e19
Call-ID: [email protected]
CSeq: 15135 REGISTER
Via: SIP/2.0/UDP 192.168.1.30:5060;rport=5060;branch=z9hG4bK-4d1fa63f-a32af64-2369
WWW-Authenticate: Digest realm="10.0.0.55", nonce="4d1fa76b8b83f4952d9887a9fd5e38784517577a"
Content-Length: 0
------------------------------------------------------------------------------------------------------------------------------------
REGISTER sip:192.168.1.55 SIP/2.0
From: "103"<sip:[email protected]>;tag=c0a8011e-13c44d1fa63f
To: <sip:[email protected]>
Call-ID: [email protected]
CSeq: 15136 REGISTER
Via: SIP/2.0/UDP 192.168.1.30:5060;rport;branch=z9hG4bK-4d1fa63f-a32af78-468f
Max-Forwards: 70
Supported: 100rel,replaces
User-Agent: IP2061-V1.0.1_ICON_VN
Contact: <sip:[email protected]:5060>
Expires: 180
Authorization: Digest username="103", realm="10.0.0.55", nonce="4d1fa76b8b83f4952d9887a9fd5e38784517577a", uri="sip:192.168.1.55", response="89c2a21daae7c38270d12b4240d258c2", algorithm=MD5
Content-Length: 0
------------------------------------------------------------------------------------------------------------------------------------
SIP/2.0 200 OK
From: "103"<sip:[email protected]>;tag=c0a8011e-13c44d1fa63f
To: <sip:[email protected]>;tag=414c40746541a2c9f630b7b3ee2781c7.28d7
Call-ID: [email protected]
CSeq: 15136 REGISTER
Via: SIP/2.0/UDP 192.168.1.30:5060;rport=5060;branch=z9hG4bK-4d1fa63f-a32af78-468f
Contact: <sip:[email protected]:5060>;q=0.00;expires=180
Content-Length: 0
------------------------------------------------------------------------------------------------------------------------------------
SIP/2.0 403 Forbidden
From: "101"<sip:[email protected]>;tag=c0a8011e-13c44d1e7872
To: <sip:[email protected]>;tag=414c40746541a2c9f630b7b3ee2781c7.01a9
Call-ID: [email protected]
CSeq: 11432 REGISTER
Via: SIP/2.0/UDP 192.168.1.30:5060;rport=5060;branch=z9hG4bK-4d1e7890-43146c0-1d93
Content-Length: 0