aherman
/
proxysql
mirror of https://github.com/sysown/proxysql
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3820 from sysown/v2.x-spiffe_regex_support

Browse Source 
Add regex support for 'spiffe_id' user attribute
pull/3856/head
René Cannaò 4 years ago committed by GitHub
parent 20446ebae7 00aba4de7a
commit cbabdf6b7b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File

10
lib/MySQL_Protocol.cpp
Unescape View File

@ -1,6 +1,8 @@
#include <openssl/rand.h>
#include "proxysql.h"
#include "cpp.h"
#include "re2/re2.h"
#include "re2/regexp.h"
#include "MySQL_PreparedStatement.h"
#include "MySQL_Data_Stream.h"
@ -2233,7 +2235,13 @@ bool MySQL_Protocol::verify_user_attributes(int calling_line, const char *callin
ret = false;
std::string spiffe_val = j["spiffe_id"].get<std::string>();
if ((*myds)->x509_subject_alt_name) {
if (strncmp(spiffe_val.c_str(), "spiffe://", strlen("spiffe://"))==0) {
if (spiffe_val.rfind("!", 0) == 0 && spiffe_val.size() > 1) {
string str_spiffe_regex { spiffe_val.substr(1) };
re2::RE2::Options opts = re2::RE2::Options(RE2::Quiet);
re2::RE2 subject_alt_regex(str_spiffe_regex, opts);
ret = re2::RE2::FullMatch((*myds)->x509_subject_alt_name, subject_alt_regex);
} else if (strncmp(spiffe_val.c_str(), "spiffe://", strlen("spiffe://"))==0) {
if (strcmp(spiffe_val.c_str(), (*myds)->x509_subject_alt_name)==0) {
ret = true;
}

Write Preview
Loading…
Cancel
Save