From 27f6873c7fd501aca2409fe8e15b49ea25f266d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?=
 <jaramago.fernandez.javier@gmail.com>
Date: Wed, 16 Mar 2022 17:05:06 +0100
Subject: [PATCH] Add regex support for 'spiffe_id' user attribute

---
 lib/MySQL_Protocol.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/MySQL_Protocol.cpp b/lib/MySQL_Protocol.cpp
index 88b2a795c..48fbb9926 100644
--- a/lib/MySQL_Protocol.cpp
+++ b/lib/MySQL_Protocol.cpp
@@ -2233,7 +2233,13 @@ bool MySQL_Protocol::verify_user_attributes(int calling_line, const char *callin
 				ret = false;
 				std::string spiffe_val = j["spiffe_id"].get<std::string>();
 				if ((*myds)->x509_subject_alt_name) {
-					if (strncmp(spiffe_val.c_str(), "spiffe://", strlen("spiffe://"))==0) {
+					if (spiffe_val.rfind("!", 0) == 0 && spiffe_val.size() > 1) {
+						string str_spiffe_regex { spiffe_val.substr(1) };
+						re2::RE2::Options opts = re2::RE2::Options(RE2::Quiet);
+						re2::RE2 subject_alt_regex(str_spiffe_regex, opts);
+
+						ret = re2::RE2::FullMatch((*myds)->x509_subject_alt_name, subject_alt_regex);
+					} else if (strncmp(spiffe_val.c_str(), "spiffe://", strlen("spiffe://"))==0) {
 						if (strcmp(spiffe_val.c_str(), (*myds)->x509_subject_alt_name)==0) {
 							ret = true;
 						}