return MR_BAD_CHAR;
}
- /* check initial query access, unless we're acting as a proxy */
- if (!cl->proxy_id)
- {
- status = check_query_access(q, Argv, cl);
- if (status != MR_SUCCESS && status != MR_PERM)
- return status;
- if (status == MR_SUCCESS)
- privileged++;
- }
+ /* Check initial query access. If we're acting as a proxy, only allow
+ * access if the query has "default" as a capacl.
+ */
+ status = check_query_access(q, Argv, cl);
+ if (status != MR_SUCCESS && status != MR_PERM)
+ return status;
+ if (status == MR_SUCCESS && (!cl->proxy_id || q->everybody))
+ privileged++;
/* validate arguments */
if (v && v->valobj)