基于openSER 的 sip register 注册过程

authenticate 身份鉴定

authorize 授权, 批准

challenge 查问身份

subscriber 用户


openSER.cfg 中注册的配置摘录如下:

route [0] {
#----------------------------------------
# Block begin: REGISTER
#----------------------------------------
if (method=="REGISTER") {
    if (uri==myself) {
        if(!check_uri())
        {
            sl_send_reply("403", "Forbidden");
            break;
        }
        
        if(lookup_contact("subscriber")){
            if (!www_authorize("unused", "subscriber")) {
                www_challenge("unused", "0");
                break;
            }

            save("location");
            break;
        }
        sl_send_reply("403", "Forbidden");
        break;
    }
    sl_send_reply("403", "Forbidden");
    break;
}


注册下载包连接 http://download.csdn.net/detail/xuyunzhang/4329549

1. 用户发request REGISTER,contact头置空,表明用户希望向服务器询问当前的联系列表,请求的号码103是否已被注册或被允许使用。

2. check_uri( )检查request line (REGISTER sip:192.168.1.55 SIP/2.0) 中的uri ( sip:192.168.1.55)所含的主机地址是自己(sip register server)的地址,同事还会查看是否在同一网段内 等有效性检查。如果非法或无效,回 403 Forbidden 包(如下所示),否则 继续。

3.lookup_contact( ) 将REGISTER包的contact header 中的 Contact: <sip:[email protected]:5060>注册号码103 取出,执行数据库(如:mysql)查找,即执行db_query( )。如果事先在sip registar 表格上填了对应的号码103(db中保存此项,允许使用),则查询成功。

4. 继续查看是否经cred认证过(www_authorize),由于contact头为空,认证失败(其实注册成功时有个Expires时间, 如Expires: 180,在每次expire之前用户会发request REGISTER表示要自己存在并且继续使用该号码,contact当然不为空,相当于keep alive, 否则expire后,register server收回注册号码等资源), challenge 回 401 Unauthorized 要求用户给出认证信息(www_challenge)。用户再次发REGISTER request,并且在Authorization头域中给出认证信息,同样经历1、2、3过程。认证信息 如:

Digest username="103",

realm="10.0.0.55",

nonce="4d1fa76b8b83f4952d9887a9fd5e38784517577a",

uri="sip:192.168.1.55",

response="89c2a21daae7c38270d12b4240d258c2",

algorithm=MD5

sip register server 进行哈希运算得出用户密码,并检测用户名和密码

5. 认证成功回200 OK表示允许使用, 否则回403 Forbidden 注册失败,整个注册过程结束。



注册数据包:

REGISTER sip:192.168.1.55 SIP/2.0
From: "103"<sip:[email protected]>;tag=c0a8011e-13c44d1fa63f
To: <sip:[email protected]>
Call-ID: [email protected]
CSeq: 15135 REGISTER
Via: SIP/2.0/UDP 192.168.1.30:5060;rport;branch=z9hG4bK-4d1fa63f-a32af64-2369
Max-Forwards: 70
Supported: 100rel,replaces
User-Agent: IP2061-V1.0.1_ICON_VN
Contact: <sip:[email protected]:5060>
Expires: 180
Content-Length: 0
------------------------------------------------------------------------------------------------------------------------------------

SIP/2.0 401 Unauthorized
From: "103"<sip:[email protected]>;tag=c0a8011e-13c44d1fa63f
To: <sip:[email protected]>;tag=414c40746541a2c9f630b7b3ee2781c7.6e19
Call-ID: [email protected]
CSeq: 15135 REGISTER
Via: SIP/2.0/UDP 192.168.1.30:5060;rport=5060;branch=z9hG4bK-4d1fa63f-a32af64-2369
WWW-Authenticate: Digest realm="10.0.0.55", nonce="4d1fa76b8b83f4952d9887a9fd5e38784517577a"
Content-Length: 0
------------------------------------------------------------------------------------------------------------------------------------

REGISTER sip:192.168.1.55 SIP/2.0
From: "103"<sip:[email protected]>;tag=c0a8011e-13c44d1fa63f
To: <sip:[email protected]>
Call-ID: [email protected]
CSeq: 15136 REGISTER
Via: SIP/2.0/UDP 192.168.1.30:5060;rport;branch=z9hG4bK-4d1fa63f-a32af78-468f
Max-Forwards: 70
Supported: 100rel,replaces
User-Agent: IP2061-V1.0.1_ICON_VN
Contact: <sip:[email protected]:5060>
Expires: 180
Authorization: Digest username="103", realm="10.0.0.55", nonce="4d1fa76b8b83f4952d9887a9fd5e38784517577a", uri="sip:192.168.1.55", response="89c2a21daae7c38270d12b4240d258c2", algorithm=MD5
Content-Length: 0

------------------------------------------------------------------------------------------------------------------------------------


SIP/2.0 200 OK
From: "103"<sip:[email protected]>;tag=c0a8011e-13c44d1fa63f
To: <sip:[email protected]>;tag=414c40746541a2c9f630b7b3ee2781c7.28d7
Call-ID: [email protected]
CSeq: 15136 REGISTER
Via: SIP/2.0/UDP 192.168.1.30:5060;rport=5060;branch=z9hG4bK-4d1fa63f-a32af78-468f
Contact: <sip:[email protected]:5060>;q=0.00;expires=180
Content-Length: 0


------------------------------------------------------------------------------------------------------------------------------------

SIP/2.0 403 Forbidden
From: "101"<sip:[email protected]>;tag=c0a8011e-13c44d1e7872
To: <sip:[email protected]>;tag=414c40746541a2c9f630b7b3ee2781c7.01a9
Call-ID: [email protected]
CSeq: 11432 REGISTER
Via: SIP/2.0/UDP 192.168.1.30:5060;rport=5060;branch=z9hG4bK-4d1e7890-43146c0-1d93
Content-Length: 0


你可能感兴趣的:(基于openSER 的 sip register 注册过程)