From 62ec6c1b2287e2474b4dfdbd7cb5421761a942b8 Mon Sep 17 00:00:00 2001
From: Ilya <markovilya197@gmail.com>
Date: Tue, 26 Dec 2017 15:00:25 +0300
Subject: [PATCH] Fix access checks on CALL

CALL should check only EXECUTE access on universe instead of
READ, WRITE, EXECUTE.

Closes #3017
---
 src/box/call.cc         | 2 +-
 test/box/net.box.result | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/box/call.cc b/src/box/call.cc
index b65c590a52..d730369459 100644
--- a/src/box/call.cc
+++ b/src/box/call.cc
@@ -65,7 +65,7 @@ access_check_func(const char *name, uint32_t name_len, struct func **funcp)
 	 * No special check for ADMIN user is necessary
 	 * since ADMIN has universal access.
 	 */
-	if ((credentials->universal_access & PRIV_ALL) == PRIV_ALL) {
+	if ((credentials->universal_access & PRIV_X) == PRIV_X) {
 		*funcp = func;
 		return 0;
 	}
diff --git a/test/box/net.box.result b/test/box/net.box.result
index ed29060f88..894fb91a21 100644
--- a/test/box/net.box.result
+++ b/test/box/net.box.result
@@ -96,15 +96,15 @@ cn = remote.connect(box.cfg.listen)
 ...
 cn:call('unexists_procedure')
 ---
-- error: Execute access is denied for user 'guest' to function 'unexists_procedure'
+- error: Procedure 'unexists_procedure' is not defined
 ...
 cn:call('test_foo', {'a', 'b', 'c'})
 ---
-- error: Execute access is denied for user 'guest' to function 'test_foo'
+- [[{'a': 1}], [{'b': 2}], 'c']
 ...
 cn:call(nil, {'a', 'b', 'c'})
 ---
-- error: Execute access is denied for user 'guest' to function 'nil'
+- error: Procedure 'nil' is not defined
 ...
 cn:eval('return 2+2')
 ---
-- 
GitLab