rgw: cors rules num limit

According to AWS S3, an cors rules can
have up to 100 rules.

Signed-off-by: yuliyang <yuliyang@cmss.chinamobile.com>

diff --git a/src/common/legacy_config_opts.h b/src/common/legacy_config_opts.h
index c58e923cab84692eaedafbe298181e93a90d77b2..6180beb2a40f37ebf7dc738285dd5af8c02f2c71 100644 (file)
--- a/src/common/legacy_config_opts.h
+++ b/src/common/legacy_config_opts.h
@@ -1540,3 +1540,4 @@ OPTION(rgw_max_objs_per_shard, OPT_INT)
 OPTION(rgw_reshard_thread_interval, OPT_U32) // maximum time between rounds of reshard thread processing
 
 OPTION(rgw_acl_grants_max_num, OPT_INT) // According to AWS S3(http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html), An ACL can have up to 100 grants.
+OPTION(rgw_cors_rules_max_num, OPT_INT) // According to AWS S3(http://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html), An cors can have up to 100 rules.

diff --git a/src/common/options.cc b/src/common/options.cc
index c5afe4c7a895446a65a82a6bcf5226548de3b71d..72c482fc942c7f426a736fd569782518fd5484f5 100644 (file)
--- a/src/common/options.cc
+++ b/src/common/options.cc
@@ -4941,6 +4941,10 @@ std::vector<Option> get_rgw_options() {
     .set_default(100)
     .set_description("Max number of ACL grants in a single request"),
 
+    Option("rgw_cors_rules_max_num", Option::TYPE_INT, Option::LEVEL_ADVANCED)
+    .set_default(100)
+    .set_description("Max number of cors rules in a single request"),
+
     Option("rgw_rados_tracing", Option::TYPE_BOOL, Option::LEVEL_ADVANCED)
     .set_default(false)
     .set_description("true if LTTng-UST tracepoints should be enabled"),

diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc
index 6fdea97419b68ea840efd24658eaf6c3830e4d5b..ffc6c5dd6b901c0de11b8c4b02552caaccb1b70c 100644 (file)
--- a/src/rgw/rgw_common.cc
+++ b/src/rgw/rgw_common.cc
@@ -75,6 +75,7 @@ rgw_http_errors rgw_http_s3_errors({
     { ERR_MALFORMED_DOC, {400, "MalformedPolicyDocument"}},
     { ERR_INVALID_TAG, {400, "InvalidTag"}},
     { ERR_MALFORMED_ACL_ERROR, {400, "MalformedACLError" }},
+    { ERR_INVALID_CORS_RULES_ERROR, {400, "InvalidRequest" }},
     { ERR_INVALID_ENCRYPTION_ALGORITHM, {400, "InvalidEncryptionAlgorithmError" }},
     { ERR_LENGTH_REQUIRED, {411, "MissingContentLength" }},
     { EACCES, {403, "AccessDenied" }},

diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h
index 86141c725afccd1b9ed072065c919091cd647548..b1462839d3e27f53fb1ff742060778cf6bc1ba2a 100644 (file)
--- a/src/rgw/rgw_common.h
+++ b/src/rgw/rgw_common.h
@@ -217,6 +217,7 @@ using ceph::crypto::MD5;
 #define ERR_MALFORMED_ACL_ERROR  2212
 #define ERR_ZONEGROUP_DEFAULT_PLACEMENT_MISCONFIGURATION 2213
 #define ERR_INVALID_ENCRYPTION_ALGORITHM                 2214
+#define ERR_INVALID_CORS_RULES_ERROR                     2215
 
 #define ERR_BUSY_RESHARDING      2300
 

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index 95ab37aec9b14e5e25e9dfcf2fdeb3681061d47f..2bb55e8a521e37720e99e6c0d3c3f5ef7444033e 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -2379,6 +2379,23 @@ int RGWPutCORS_ObjStore_S3::get_params()
     return -EINVAL;
   }
 
+#define CORS_RULES_MAX_NUM      100
+  int max_num = s->cct->_conf->rgw_cors_rules_max_num;
+  if (max_num < 0) {
+    max_num = CORS_RULES_MAX_NUM;
+  }
+  int cors_rules_num = cors_config->get_rules().size();
+  if (cors_rules_num > max_num) {
+    ldout(s->cct, 4) << "An cors config can have up to "
+                     << max_num
+                     << " rules, request cors rules num: "
+                     << cors_rules_num << dendl;
+    op_ret = -ERR_INVALID_CORS_RULES_ERROR;
+    s->err.message = "The number of CORS rules should not exceed allowed limit of "
+                     + std::to_string(max_num) + " rules.";
+    return -ERR_INVALID_REQUEST;
+  }
+
   // forward bucket cors requests to meta master zone
   if (!store->is_meta_master()) {
     /* only need to keep this data around if we're not meta master */