本文详细解析了SIP Digest认证的过程,包括输入参数的MD5计算、比对及认证逻辑。通过具体实例展示了认证流程及日志信息。
直接看最后认证的源代码(sofia_reg.c:sofia_reg_parse_auth):
for_the_sake_of_interop:
if ((input = switch_mprintf("%s:%q", regstr, uri))) {
switch_md5_string(uridigest, (void *) input, strlen(input));
}
if (nc && cnonce && qop) {
input2 = switch_mprintf("%s:%s:%s:%s:%s:%s", a1_hash, nonce, nc, cnonce, qop, uridigest);
} else {
input2 = switch_mprintf("%s:%s:%s", a1_hash, nonce, uridigest);
}
if (input2) {
switch_md5_string(bigdigest, (void *) input2, strlen(input2));
}
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "input=%s, input2=%s, bigdigest=%s, response=%s\n",
input, input2, bigdigest, response);
if (input2 && !strcasecmp(bigdigest, response)) {
ret = AUTH_OK;
} else {
if ((profile->ndlb & PFLAG_NDLB_BROKEN_AUTH_HASH) && strcasecmp(regstr, "REGISTER") && strcasecmp(regstr, "INVITE")) {
/* some clients send an ACK with the method 'INVITE' in the hash which will break auth so we will
try again with INVITE so we don't get people complaining to us when someone else's client has a bug......
*/
switch_safe_free(input);
switch_safe_free(input2);
regstr = "INVITE";
goto for_the_sake_of_interop;
}
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "ndlb=%u, regstr=%s\n", profile->ndlb, regstr);
ret = AUTH_FORBIDD
最低0.47元/天 解锁文章
扫一扫
5775
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
