From ded783a603943ad9f4b19727864307d522d4e4ee Mon Sep 17 00:00:00 2001
From: Florian Schlichting <fsfs@debian.org>
Date: Tue, 9 Jan 2018 00:58:45 +0100
Subject: [PATCH] DAVPrincipal->FetchProxyGroups(): disable
 grants_proxy_access_from_p()

I just don't get how it's supposed to work, but it doesn't seem to
return the expected proxy delegates. This SQL doesn't expand groups,
which is a feature, and in general we only look at the grants table and
completely disregard any default privileges the principal might have
set.
---
 inc/DAVPrincipal.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/inc/DAVPrincipal.php b/inc/DAVPrincipal.php
index f5e28b68..8e1119e6 100644
--- a/inc/DAVPrincipal.php
+++ b/inc/DAVPrincipal.php
@@ -220,7 +220,10 @@ class DAVPrincipal extends Principal
       }
     }
 
+    /* grants_proxy_access_from_p() is too clever and doesn't return any results, so do it on foot
     $sql = 'SELECT principal_id, username, pprivs(principal_id,:request_principal::int8,:scan_depth::int) FROM principal JOIN usr USING(user_no) WHERE usr.active=true AND principal_id IN (SELECT * from grants_proxy_access_from_p(:request_principal,:scan_depth))';
+     */
+    $sql = 'SELECT principal_id, username, pprivs(principal_id,:request_principal::int8,:scan_depth::int) FROM principal JOIN usr USING(user_no) WHERE usr.active=true AND principal_id IN (SELECT to_principal FROM grants WHERE by_principal = :request_principal AND (privileges & 5::BIT(24)) != 0::BIT(24) AND by_collection IS NULL AND to_principal != :request_principal )';
     $qry = new AwlQuery($sql, $params ); // reuse $params assigned for earlier query
     if ( $qry->Exec('DAVPrincipal') && $qry->rows() > 0 ) {
       while( $relationship = $qry->Fetch() ) {