From 5d04c22d15583ec4c446f467ad00376270b0c807 Mon Sep 17 00:00:00 2001
From: zacheiss <zacheiss>
Date: Wed, 25 Sep 2002 20:43:48 +0000
Subject: [PATCH] Don't disallow proxy'ed users from accessing queries with a
 capacl of "default".

---
 server/qrtn.pc | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/server/qrtn.pc b/server/qrtn.pc
index 5b6ebd70..a7c0ddf6 100644
--- a/server/qrtn.pc
+++ b/server/qrtn.pc
@@ -564,15 +564,14 @@ int mr_verify_query(client *cl, struct query *q, int argc, char *argv_ro[])
 	return MR_BAD_CHAR;
     }
 
-  /* check initial query access, unless we're acting as a proxy */
-  if (!cl->proxy_id)
-    {
-      status = check_query_access(q, Argv, cl);
-      if (status != MR_SUCCESS && status != MR_PERM)
-	return status;
-      if (status == MR_SUCCESS)
-	privileged++;
-    }
+  /* Check initial query access.  If we're acting as a proxy, only allow
+   * access if the query has "default" as a capacl.
+   */
+  status = check_query_access(q, Argv, cl);
+  if (status != MR_SUCCESS && status != MR_PERM)
+    return status;
+  if (status == MR_SUCCESS && (!cl->proxy_id || q->everybody))
+      privileged++;
 
   /* validate arguments */
   if (v && v->valobj)
-- 
2.45.1