From 27f6873c7fd501aca2409fe8e15b49ea25f266d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?= Date: Wed, 16 Mar 2022 17:05:06 +0100 Subject: [PATCH 1/2] Add regex support for 'spiffe_id' user attribute --- lib/MySQL_Protocol.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/MySQL_Protocol.cpp b/lib/MySQL_Protocol.cpp index 88b2a795c..48fbb9926 100644 --- a/lib/MySQL_Protocol.cpp +++ b/lib/MySQL_Protocol.cpp @@ -2233,7 +2233,13 @@ bool MySQL_Protocol::verify_user_attributes(int calling_line, const char *callin ret = false; std::string spiffe_val = j["spiffe_id"].get(); if ((*myds)->x509_subject_alt_name) { - if (strncmp(spiffe_val.c_str(), "spiffe://", strlen("spiffe://"))==0) { + if (spiffe_val.rfind("!", 0) == 0 && spiffe_val.size() > 1) { + string str_spiffe_regex { spiffe_val.substr(1) }; + re2::RE2::Options opts = re2::RE2::Options(RE2::Quiet); + re2::RE2 subject_alt_regex(str_spiffe_regex, opts); + + ret = re2::RE2::FullMatch((*myds)->x509_subject_alt_name, subject_alt_regex); + } else if (strncmp(spiffe_val.c_str(), "spiffe://", strlen("spiffe://"))==0) { if (strcmp(spiffe_val.c_str(), (*myds)->x509_subject_alt_name)==0) { ret = true; } From 00aba4de7ac092657f623f700b4bc0144a42d853 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?= Date: Wed, 16 Mar 2022 19:43:58 +0100 Subject: [PATCH 2/2] Add missing includes for 're2' library --- lib/MySQL_Protocol.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/MySQL_Protocol.cpp b/lib/MySQL_Protocol.cpp index 48fbb9926..c597da282 100644 --- a/lib/MySQL_Protocol.cpp +++ b/lib/MySQL_Protocol.cpp @@ -1,6 +1,8 @@ #include #include "proxysql.h" #include "cpp.h" +#include "re2/re2.h" +#include "re2/regexp.h" #include "MySQL_PreparedStatement.h" #include "MySQL_Data_Stream.h"