rgw: cumulatively fix 6 AWS SigV4 request failure cases

[mattbenjamin]

These changes address checksum header identification and signing
algorithm selection, including checksum trailer verification
for signed- and unsigned-payload cases.

These changes address all the actual S3 request failures I have
so far been able to reproduce, with and without content checksums
and/or new trailing checksum headers, and with and without
SSL.

Fixes: https://tracker.ceph.com/issues/63153

Specifically, it fixes the request failures that motivated the
initial tracker filing. It extracts but does not validate new client content
checksums if present. Validation and management of new
S3 content-checksum headers will follow in a subsequent change.

squashed commits:

• wip chunk meta parsing--seem to have first AWSv4ComplMulti::ChunkMeta::create_next sort of parsing
• use constexpr sarlen(...) for static array lengths throughout rgw_auth_s3.cc
• link AWSv4CompleMulti::ChunkMeta to its enclosing completer
• capture original content-length header before AWSv4ComplMulti overwrites it
• mostly extract the trailer
• fix misordered content-length, experiment w/exbuf
• save leftover bytes between calls to AWSv4ComplMulti::recv_chunk()
• propagate data_offset_in_stream from AWSv4ComplMulti::recv_chunk()
• clean up trailer section extract
• trailer section cleanup and introduce extract_helper
• unrolled checksum extract--fixup
• integrate matching with types from rgw_cksum.h
• fix sv_trailer end pos, and cleanup
• add proplist interface to rgw::auth::Completer and AWSv4ComplMulti
• spliterate trailers
• check completer props
• redefine prop_map to point into already-allocated trailer_vec
• hax: thread a counter onto AWSv4ComplMulti recv_body() and recv_chunk path
• fix apparent bug where due to reads less than chunk_size induce a final, zero-length read that was skipped before forcing recognition of the last chunk in the stream
• check only for a trailing checksum named in x-amz-trailer
• don't try to match signatures when no signature provided (because streaming unsigned)
• oops, fix content_length decl
• fix recognition of next chunk envelope in unsigned aws-chunk case
• clean up AWSv4CompMulti flags and correctly detect aws unsigned chunked
• rework checksum-trailer extraction and introduce AWSv4ComplMulti::calc_v4_trailing_signature
• thread const struct req_state* into AWSv4ComplMulti
• large cleanup of trailer parsing, no regression
• fix trailer signature calculation--checks
• correctly generate final chunk hmac
• typo in comment
• verify trailing signature when expected (using expected final chunk signature)
• move trailer_vec back onto recv_body()'s stack
• remove strange completer comment
• remove last_frag (now points into parsing_buf)
• remove implied dependency on content_length
• move trailer recognition to AWSv4ComplMulti::complete()
• remove now-unused is_last_chunk() predicate

Contribution Guidelines

• To sign and title your commits, please refer to Submitting Patches to Ceph.

• If you are submitting a fix for a stable branch (e.g. "quincy"), please refer to Submitting Patches to Ceph - Backports for the proper workflow.

• When filling out the below checklist, you may click boxes directly in the GitHub web UI. When entering or editing the entire PR message in the GitHub web UI editor, you may also select a checklist item by adding an x between the brackets: [x]. Spaces and capitalization matter when checking off items this way.

Checklist

• Tracker (select at least one)
  • References tracker ticket
  • Very recent bug; references commit where it was introduced
  • New feature (ticket optional)
  • Doc update (no ticket needed)
  • Code cleanup (no ticket needed)
• Component impact
  • Affects Dashboard, opened tracker ticket
  • Affects Orchestrator, opened tracker ticket
  • No impact that needs to be tracked
• Documentation (select at least one)
  • Updates relevant documentation
  • No doc update is appropriate
• Tests (select at least one)
  • Includes unit test(s)
  • Includes integration test(s)
  • Includes bug reproducer
  • No tests

Show available Jenkins commands

• jenkins retest this please
• jenkins test classic perf
• jenkins test crimson perf
• jenkins test signed
• jenkins test make check
• jenkins test make check arm64
• jenkins test submodules
• jenkins test dashboard
• jenkins test dashboard cephadm
• jenkins test api
• jenkins test docs
• jenkins render docs
• jenkins test ceph-volume all
• jenkins test ceph-volume tox
• jenkins test windows
• jenkins test rook e2e

[cbodley]

looking good, the parsing changes make sense

[mattbenjamin]

@cbodley this should be ready for re-review
junit test suite is here: git@github.com:linuxbox2/jcksum.git (52 tests)

[mattbenjamin]

jenkins test windows

[mattbenjamin]

something broke the windows build mid-morning. it's complaining about an invalid boost submodule hash. this PR doesn't touch boost.

[cbodley]

i tend to view const_cast as a code smell, since it's usually just a shortcut to avoid propagating const correctly. it's necessary here because a) we only get access to const req_state* in the constructor, and b) RGWEnv only exposes a const-qualified get_map()

since put_prop() is only called during AWSv4ComplMulti::complete() now, could we extend the Completer interface to take a non-const RGWEnv& env there so we can call env.set(k, v) instead?

that way we preserve the original intent for the Completer to have const-only access to the input req_state, while
the complete(RGWEnv& env) signature hopefully makes it clear that it may add trailing headers

[mattbenjamin]

I think the current dance around hiding things from Completer is kind of daft, to be honest. I'd prefer not to make further backflips here. Notice that the code I submitted does not widen Completer at all, only AWSv4ComplMulti, which has a reason to modify the req_state.

[mattbenjamin]

(at the same time, there's clearly no good justification for unwinding the the haskellish style of this entire subsystem--that said, what I'm trying to say is, yes, there's a clear inconsistency--but having a special call to modify the req_state is the code smell, imo.)

[mattbenjamin]

I added logic to throw an exception if we would exceed trailer_buf_size-1 bytes of trailer, using ERR_LIMIT_EXCEEDED as the error code

[mattbenjamin]

jenkins test windows

[github-actions]

This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved

[cbodley]

This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved

apologies, i had forgotten about these conflicts when i merged #55250

[cbodley]

looks great if it's passing tests

[cbodley]

The following tests FAILED:
235 - unittest_posix_bucket_cache (Failed)

[cbodley]

jenkins test make check

[cbodley]

The following tests FAILED:
34 - run-rbd-unit-tests-127.sh (Timeout)
198 - unittest_osdmap (Subprocess aborted)

[cbodley]

jenkins test make check

[cbodley]

passed qa in https://pulpito.ceph.com/cbodley-2024-02-15_03:24:02-rgw-wip-accept-new-awssigv4-distro-default-smithi/

verified that java test are running in teuthology.log:

Tests run: 33, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 8.619 s -- in io.ceph.jcksum.PutObjects

[WGH-]

For cross-reference, this likely fixes an issue in some Go S3 client: minio/minio-go#1235. That one is about 0-byte chunk-signature for empty object.