WL#7194: Define and implement authorization model to manage XA-transactions

Affects: Server-8.0   —   Status: Complete

In current server implementation there is an issue with ability to
commit/rollback XA transaction by a user who doesn’t have sufficient
privileges to access to tables involved in transaction.

Lets consider the following use case:

$ mysql -u root
mysql> CREATE USER u1@localhost;
Query OK, 0 rows affected (0,01 sec)

mysql> CREATE USER u2@localhost;
Query OK, 0 rows affected (0,01 sec)

mysql> CREATE SCHEMA u1_test;
Query OK, 1 row affected (0,01 sec)

mysql> CREATE TABLE u1_test.t1 (a INT);
Query OK, 0 rows affected (0,03 sec)

mysql> GRANT SELECT, INSERT ON u1_test.t1 TO u1@localhost;
Query OK, 0 rows affected (0,01 sec)

mysql> ^DBye

Using the statements listed above, we have created two users. One of them
(u2@localhost) doesn't have permissions to access the table u1_test.t1.

Then a new connection is established to a server using credential of the user
u1@localhost:

$ client/mysql -u u1 u1_test

mysql> XA START 'xid1';
Query OK, 0 rows affected (0,00 sec)

mysql> INSERT INTO t1 VALUES (100);
Query OK, 1 row affected (0,00 sec)

mysql> XA END 'xid1';
Query OK, 0 rows affected (0,00 sec)

mysql> XA PREPARE 'xid1';
Query OK, 0 rows affected (0,00 sec)

mysql> ^DBye

The statements listed above start an XA transaction, insert a row in a table,
end transaction and prepare it to successive commit/rollback.
Since the user u1@localhost has permission on the table u1_test.t1 all these
statements are executed successfully.

Now we connect to a server using credential of the user u2@localhost that
doesn't have permissions to access to the table u1_test.t1.

$ client/mysql -u u2
mysql> XA COMMIT 'xid1’;    <<<===== This statement is executed successfully.
Query OK, 0 rows affected (0,00 sec)

mysql> SELECT * FROM u1_test.t1;
ERROR 1142 (42000): SELECT command denied to user 'u2'@'localhost' for table
't1'
mysql> ^DBye

So as we can see the issue is that an unprivileged user, who  doesn't have
access privileges for the underlying table(s), still can commit/rollback
a prepared XA transaction on behalf of any other user.

The goal of the WL is to add a functionality that allows to restrict capability
for fetching information about a prepared XA transaction to further finalize its
state.