cvs diff -r 1.604 -r 1.605 chan_sip.c
Index: chan_sip.c
===================================================================
RCS file: /usr/cvsroot/asterisk/channels/chan_sip.c,v
retrieving revision 1.604
retrieving revision 1.605
diff -u -d -b -w -r1.604 -r1.605
--- chan_sip.c  29 Dec 2004 12:15:44 -0000      1.604
+++ chan_sip.c  29 Dec 2004 12:43:08 -0000      1.605
@@ -5540,7 +5540,7 @@
                return 0;
        user = find_user(of);
        /* Find user based on user name in the from header */
-       if (user && ast_apply_ha(user->ha, sin)) {
+       if (!mailbox && user && ast_apply_ha(user->ha, sin)) {
                /* copy vars */
                for (v = user->vars ; v ; v = v->next) {
                        if((tmpvar = ast_new_variable(v->name, v->value))) {
@@ -5609,7 +5609,7 @@
                        ast_verbose("Found user '%s'\n", user->name);
        } else {
                if (user) {
-                       if (debug)
+                       if (!mailbox && debug)
                                ast_verbose("Found user '%s', but fails host access\n", user->name);
                        ASTOBJ_UNREF(user,sip_destroy_user);
                }
@@ -7768,8 +7768,8 @@
 
                if (!p->lastinvite) {
                        char mailbox[256]="";
-                       char rbox[256];
                        int found = 0;
+
                        /* Handle authentication if this is our first subscribe */
                        res = check_user_full(p, req, cmd, e, 0, sin, ignore, mailbox, sizeof(mailbox));
                        if (res) {
@@ -7798,14 +7798,23 @@
                                    p->subscribed = 2;
                                else if (!strcmp(get_header(req, "Accept"), "application/simple-message-summary")) {
                                        /* Looks like they actually want a mailbox */
-                                       snprintf(rbox, sizeof(rbox), ",%s@%s,", p->exten, p->context);
-                                       if (strstr(mailbox, rbox))
-                                               found++;
-                                       if (!found) {
-                                               snprintf(rbox, sizeof(rbox), ",%s,", p->exten);
-                                               if (strstr(mailbox, rbox))
+
+                                       /* At this point, we should check if they subscribe to a mailbox that
+                                         has the same extension as the peer or the mailbox id. If we configure
+                                         the context to be the same as a SIP domain, we could check mailbox
+                                         context as well. To be able to securely accept subscribes on mailbox
+                                         IDs, not extensions, we need to check the digest auth user to make
+                                         sure that the user has access to the mailbox.
+                                        
+                                         Since we do not act on this subscribe anyway, we might as well 
+                                         accept any authenticated peer with a mailbox definition in their 
+                                         config section.
+
+                                       */
+                                       if (!ast_strlen_zero(mailbox)) {
                                                        found++;
                                        }
+
                                        if (found)
                                                transmit_response(p, "200 OK", req);
                                        else {