Don't disallow proxy'ed users from accessing queries with a capacl of

"default".

diff --git a/server/qrtn.pc b/server/qrtn.pc
index 5b6ebd70139f8819704322fe75bc88f684f189fe..a7c0ddf61f5070dec80fa668f58959d5a23cd672 100644 (file)
--- a/server/qrtn.pc
+++ b/server/qrtn.pc
@@ -564,15 +564,14 @@ int mr_verify_query(client *cl, struct query *q, int argc, char *argv_ro[])
        return MR_BAD_CHAR;
     }
 
-  /* check initial query access, unless we're acting as a proxy */
-  if (!cl->proxy_id)
-    {
-      status = check_query_access(q, Argv, cl);
-      if (status != MR_SUCCESS && status != MR_PERM)
-       return status;
-      if (status == MR_SUCCESS)
-       privileged++;
-    }
+  /* Check initial query access.  If we're acting as a proxy, only allow
+   * access if the query has "default" as a capacl.
+   */
+  status = check_query_access(q, Argv, cl);
+  if (status != MR_SUCCESS && status != MR_PERM)
+    return status;
+  if (status == MR_SUCCESS && (!cl->proxy_id || q->everybody))
+      privileged++;
 
   /* validate arguments */
   if (v && v->valobj)