aherman
/
proxysql
mirror of https://github.com/sysown/proxysql
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add regex support for 'spiffe_id' user attribute

Browse Source
pull/3820/head
Javier Jaramago Fernández 4 years ago
parent d24dfdd6a0
commit 27f6873c7f
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File

8
lib/MySQL_Protocol.cpp
Unescape View File

@ -2233,7 +2233,13 @@ bool MySQL_Protocol::verify_user_attributes(int calling_line, const char *callin
ret = false;
std::string spiffe_val = j["spiffe_id"].get<std::string>();
if ((*myds)->x509_subject_alt_name) {
if (strncmp(spiffe_val.c_str(), "spiffe://", strlen("spiffe://"))==0) {
if (spiffe_val.rfind("!", 0) == 0 && spiffe_val.size() > 1) {
string str_spiffe_regex { spiffe_val.substr(1) };
re2::RE2::Options opts = re2::RE2::Options(RE2::Quiet);
re2::RE2 subject_alt_regex(str_spiffe_regex, opts);
ret = re2::RE2::FullMatch((*myds)->x509_subject_alt_name, subject_alt_regex);
} else if (strncmp(spiffe_val.c_str(), "spiffe://", strlen("spiffe://"))==0) {
if (strcmp(spiffe_val.c_str(), (*myds)->x509_subject_alt_name)==0) {
ret = true;
}

Write Preview
Loading…
Cancel
Save