XHDR and XPAT were not checking the permissions the user has to read
articles when using a message-ID. Now fixed, as well as calls to ARTclose().

http://inn.eyrie.org/viewcvs/branches/2.4/nnrpd/article.c?r1=8004&r2=8003&pathrev=8004&view=patch

--- 2.4/nnrpd/article.c	2008/09/05 19:13:28	8003
+++ 2.4/nnrpd/article.c	2008/09/06 08:49:55	8004
@@ -688,6 +688,7 @@
     if (ac > 1)
 	ARTnumber = tart;
     if ((msgid = GetHeader("Message-ID")) == NULL) {
+        ARTclose();
         Reply("%s\r\n", ARTnoartingroup);
 	return;
     }
@@ -745,9 +746,9 @@
         if (!ARTopen(ARTnumber))
             continue;
         msgid = GetHeader("Message-ID");
+        ARTclose();
     } while (msgid == NULL);
 
-    ARTclose();
     Reply("%d %d %s Article retrieved; request text separately.\r\n",
 	   NNTP_NOTHING_FOLLOWS_VAL, ARTnumber, msgid);
 }
@@ -1008,6 +1009,12 @@
 		Printf("%d No such article.\r\n", NNTP_DONTHAVEIT_VAL);
 		break;
 	    }
+            if (!PERMartok()) {
+                ARTclose();
+                Printf("%s\r\n", NOACCESS);
+                break;
+            }
+                
 	    Printf("%d %s matches follow (ID)\r\n", NNTP_HEAD_FOLLOWS_VAL,
 		   header);
 	    if ((text = GetHeader(header)) != NULL
@@ -1047,8 +1054,8 @@
 		    SendIOb(buff, strlen(buff));
 		    SendIOb(p, strlen(p));
 		    SendIOb("\r\n", 2);
-		    ARTclose();
 		}
+                ARTclose();
 	    }
 	    SendIOb(".\r\n", 3);
 	    PushIOb();