--- asterisk/channels/chan_sip.c 2005-01-15 01:45:07.000000000 -0500 +++ /usr/src/asterisk/channels/chan_sip.c 2005-01-01 19:32:32.000000000 -0500 @@ -5380,7 +5380,7 @@ ast_mutex_lock(&userl.lock); user = find_user(of); /* Find user based on user name in the from header */ - if (user && ast_apply_ha(user->ha, sin)) { + if (!mailbox && user && ast_apply_ha(user->ha, sin)) { p->prefs = user->prefs; p->nat = user->nat; #ifdef OSP_SUPPORT @@ -5437,7 +5437,7 @@ if (user && debug) ast_verbose("Found user '%s'\n", user->name); } else { - if (user && debug) + if (!mailbox && user && debug) ast_verbose("Found user '%s', but fails host access\n", user->name); user = NULL; } @@ -7526,8 +7526,8 @@ if (!p->lastinvite) { char mailbox[256]=""; - char rbox[256]; int found = 0; + /* Handle authentication if this is our first subscribe */ res = check_user_full(p, req, cmd, e, 0, sin, ignore, mailbox, sizeof(mailbox)); if (res) { @@ -7556,14 +7556,23 @@ p->subscribed = 2; else if (!strcmp(get_header(req, "Accept"), "application/simple-message-summary")) { /* Looks like they actually want a mailbox */ - snprintf(rbox, sizeof(rbox), ",%s@%s,", p->exten, p->context); - if (strstr(mailbox, rbox)) + + /* At this point, we should check if they subscribe to a mailbox that + has the same extension as the peer or the mailbox id. If we configure + the context to be the same as a SIP domain, we could check mailbox + context as well. To be able to securely accept subscribes on mailbox + IDs, not extensions, we need to check the digest auth user to make + sure that the user has access to the mailbox. + + Since we do not act on this subscribe anyway, we might as well + accept any authenticated peer with a mailbox definition in their + config section. + + */ + if (!ast_strlen_zero(mailbox)) { found++; - if (!found) { - snprintf(rbox, sizeof(rbox), ",%s,", p->exten); - if (strstr(mailbox, rbox)) - found++; } + if (found) transmit_response(p, "200 OK", req); else {