SIP INVITE的星号摘要式身份验证会导致“用户不匹配”错误

时间:2016-05-03 08:05:25

标签: asterisk sip digest-authentication

我正在构建一个基本的SIP UA。我发送以下INVITE,如Asterisk控制台中所示(仅显示与身份验证相关的标头):

INVITE sip:104@192.168.1.92 SIP/2.0
From: "110"<sip:110@192.168.1.92>;tag=80859256
To: <sip:104@192.168.1.92>
Call-ID: 80859256
CSeq: 80859256 INVITE
Via: SIP/2.0/UDP 192.168.1.92:6000;branch=z9hG4bK-80859256
Contact: <sip:110@192.168.1.92>

作为回应,我遇到了以下挑战:

 SIP/2.0 401 Unauthorized
 Via: SIP/2.0/UDP 192.168.1.92:6000;branch=z9hG4bK-   80859256;received=127.0.0.1
 From: "110"<sip:110@192.168.1.92>;tag=80859256
 To: <sip:104@192.168.1.92>;tag=as25af7f49
 Call-ID: 80859256
 CSeq: 80859256 INVITE
 Server: Asterisk PBX 13.7.2
 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
 Supported: replaces, timer
 WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="20e95772"
 Content-Length: 0

我回复以下内容:

 ACK sip:104@192.168.1.92 SIP/2.0
 From: "110"<sip:110@192.168.1.92>;tag=80859256
 To: <sip:104@192.168.1.92>;tag=as25af7f49
 Call-ID: 80859256
 CSeq: 80859256 ACK
 Via: SIP/2.0/UDP 192.168.1.92:6000;rport;branch=z9hG4bK-80859256
 Contact: <sip:110@192.168.1.92>
 Content-Length: 0


 INVITE sip:104@192.168.1.92 SIP/2.0
 From: "110"<sip:110@192.168.1.92>;tag=80859256
 To: <sip:104@192.168.1.92>
 Call-ID: 80859256
 CSeq: 80859257 INVITE
 Via: SIP/2.0/UDP 192.168.1.92:6000;rport;branch=z9hG4bK-80859257
 Max-Forwards:5
 Allow: REGISTER, INVITE, ACK, BYE, REFER, NOTIFY, CANCEL, INFO, OPTIONS, PRACK, SUBSCRIBE
 Contact: <sip:110@192.168.1.92>
 Authorization: Digest
 username="110",realm="asterisk", nonce="20e95772",uri="sip:104@192.168.1.92",response="ed2de012b2255e85ddb0ee724b9a3ffd"
 Session-Expires: 1800
 Min-SE: 90
 Content-Type: application/sdp

我上面没有包含邀请发送的实际SDP。扩展名110的密码是sip.conf中定义的110。

问题: 我收到了这个错误:

 WARNING...: chan_sip.c:16702 check_auth: username mismatch, have <110>, digest has <>
 NOTICE...: chan_sip.c:25603 handle_request_invite: Failed to authenticate device "110"<sip:110@192.168.1.92>;tag=76981187

接下来是“SIP / 2.0 403 Forbidden”消息。

我不相信我在第二次邀请中发送的摘要计算是错误的。

需要改变什么?我花了很多时间来调试这个...... 任何帮助都将非常感激。

1 个答案:

答案 0 :(得分:1)

响应中的用户名被Asterisk解析为空,因为Authorization标头字段在单词&#34; Digest&#34;之间的CR + LF之后结束。和&#34;用户名&#34;。为了在新行上继续标题字段,该行需要以空格开头;来自RFC3261

Header fields can be extended over multiple lines by preceding each extra line with at least
one SP or horizontal tab (HT).  The line break and the whitespace at the beginning of the
next line are treated as a single SP character.

删除CR + LF,或在新行的开头插入空格应该可以解决问题。

相关问题
最新问题