This flag isn't necessary as we can set txn_savepoint->stmt to NULL when
a savepoint is created inside an empty transaction. Using a separate
flag for this purpose obscures the code flow and complicates further
progress so let's remove it.

* Add NULL key word to whitelist of keywords available before box.cfg.

Closes #3032

libunwind get_proc_name consumes too much time, so use a hash for
to cache mapping of ip (instruction pointer) to proc_name+offset.

Fixes #2877

Before this patch, we would only allow alphabetical characters
plus underscore in identifier names. And we did not treat
all identifiers the same way: column names were not checked
at all.

SQL ANSI ISO allow delimited identifiers cantain any character
from source language character set.

After this patch, checks for allowed characters in identifier
names follow the same ruls for all identifiers: column names,
function names, user names, space names, index names.

In other words, this patch makes tarantool itentifier rules closer
to ANSI ones.

Closes #2914

According to offsetof(3) type of its return value is size_t.
Assigning result of offsetof() to a variable of type ptrdiff_t
may result in compilation warnings on certain platforms:

  src/box/key_def.cc:57:2: error: non-constant-expression cannot be narrowed from type 'size_t' (aka 'unsigned long') to 'ptrdiff_t' (aka 'long') in initializer list [-Wc++11-narrowing]
          OPT_DEF_ENUM(PART_OPT_TYPE, field_type, struct key_part_def, type,
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  src/box/opt_def.h:76:19: note: expanded from macro 'OPT_DEF_ENUM'
          { key, OPT_ENUM, offsetof(opts, field), sizeof(int), #enum_name, \
                           ^~~~~~~~~~~~~~~~~~~~~
  src/trivia/util.h:193:32: note: expanded from macro 'offsetof'
  #define offsetof(type, member) ((size_t) &((type *)0)->member)
                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fix this by changing the type of opt_def::offset from ptrdiff_t to
size_t.

Closes #2930

The box/access test doesn't destroy the temporary sequence it creates,
which makes the box/sequence test fail.

Fixes cc3a18b7 Add on_access_denied trigger

Closes #3058

iproto_msg used to be a non-POD struct because of : public cmsg, and
offsetof(), introduced in the fix for gh-946, couldn't be legally used
with it.

Make it a POD struct, in preparation for moving iproto to plain C.

Currently, if a CALL/EVAL request leaves an open transaction at return,
we silently rollback it and print a warning to the log mentioning the
function name or eval expression to facilitate further debugging. After
issue #946 was fixed, we can't do that anymore, because request input,
which stores CALL/EVAL parameters, may be discarded before request
completion and hence be unavailable for logging. Without additional
information pointing at the culprit, the log message is pointless (see
issue #1100). We could copy the arguments, but that would slow down CALL
execution, which can't be justified solely by the need of verbose
logging. So let's stop being lenient and fail requests that do not close
transaction at return. This should encourage negligent users to finally
fix their code.

Follow-up #946

Currently, a long polling request can stall all other connections,
because the input buffer can't be reclaimed until it is completed.
Funny thing is CALL/EVAL only needs input for a short time, to decode
arguments from msgpack and push them to stack, after that point the
input can be safely discarded.

So this patch makes tx_process_call() setup a trigger before executing
the CALL/EVAL request. The trigger is invoked on fiber yield. The
trigger's callback sends a message back to the iproto thread notifying
it that tx has processed the request input. Upon receiving such a
message, iproto discards the request input and resumes suspended
connections, if any.

Closes #946

The iproto subsystem switches between two output buffers once in a while
in order to reclaim memory so passing a pointer to the output buffer
directly to box_process_call() or box_process_eval() is incorrect in
case the called function yields. To fix that, let's make these functions
return the CALL/EVAL result in a port object, which then can then be
encoded in msgpack with port_dump().

Needed for #946

So that it can be used not only for serializing a list of tuples, but
also for serializing a Lua stack that stores output of CALL/EVAL.

Needed for #946

Remove all non-LTS versions of Ubuntu.

Currently, we execute a Lua function/expression and dump the result to
an output buffer in the same function invoked under lua_cpcall().
Although this allows us to use only one pcall to handle a call request,
this also makes box_lua_call() and box_lua_eval() dependent on the
iproto format (they have to use iproto_reply_select()), which is ugly.
What is worse, the caller has to pass the output buffer right away while
in case of iproto it can change if the invoked Lua function yields
(iproto switches buffers once in a while to reclaim memory).

That being said, we'd better decouple the call itself from the result
dump. Let's start from using two pcalls - one for executing the Lua
expression and another for dumping arguments - and moving iproto
dependent code out of Lua callbacks.

Needed for #946

Currently, they look pretty much the same, but this is going to change
soon so let's separate them.

We can do it for free now as all functions used by call.cc have already
been converted to C and there's nothing in call.cc that really needs any
C++ features.

Replace tnt_raise() with diag_set() and add a wrapper that raises
exception in case of error to be used in C++ code.

While we are at it, let's also move access_check_session_xc() to
the header file, because it's a trivial wrapper.

It is a C function so it is supposed to return -1 on error, not throw
an exception. This misbehavior doesn't result in any runtime errors,
because its only user box_process_call() is called from a try-catch
block, but this is going to change soon.

'echo $TEST_VAR' exits almost instantly, which may be detected by
log_pipe_init(), resulting in the test failure:

    app-tap/logger_pipe.test.lua                        [ fail ]

    Test failed! Result content mismatch:
    --- app-tap/logger_pipe.result  Wed Jan 17 14:15:24 2018
    +++ app-tap/logger_pipe.reject  Wed Jan 17 14:47:35 2018
    @@ -1 +1,3 @@
     48
     +IllegalParams: logger process died
     +failed to initialize logging subsystem

Fix this by appending 'cat > /dev/null' to the pipe logger command.

Fixes 0ab233cd Don't discard environment variables in pipe logger

Closes #3048

say_logger_init() zeroes the default logger object (log_default) before
proceeding to logging subsystem configuration. If configuration fails
for some reason (e.g. error opening the log file), the default logger
will be left uninitialized, and we will crash trying to print the error
to the console:

  #0  0x564065001af5 in print_backtrace+9
  #1  0x564064f0b17f in _ZL12sig_fatal_cbi+e2
  #2  0x7ff94519f0c0 in __restore_rt+0
  #3  (nil) in +0
  #4  0x564064ffc399 in say_default+d2
  #5  0x564065011c37 in _ZNK11SystemError3logEv+6d
  #6  0x5640650117be in exception_log+3d
  #7  0x564064ff9750 in error_log+1d
  #8  0x564064ff9847 in diag_log+50
  #9  0x564064ffab9b in say_logger_init+22a
  #10 0x564064f0bffb in load_cfg+69a
  #11 0x564064fd2f49 in _ZL13lbox_cfg_loadP9lua_State+12
  #12 0x56406502258b in lj_BC_FUNCC+34
  #13 0x564065045103 in lua_pcall+18e
  #14 0x564064fed733 in luaT_call+29
  #15 0x564064fe5536 in lua_main+b9
  #16 0x564064fe5d74 in run_script_f+7b5
  #17 0x564064f0aef4 in _ZL16fiber_cxx_invokePFiP13__va_list_tagES0_+1e
  #18 0x564064fff4e5 in fiber_loop+82
  #19 0x5640651a123b in coro_init+4c
  #20 (nil) in +4c

Fix this by making say_logger_init() initialize the default logger
object first and only assign it to log_default on success.

See #3048

* Add box_on_access_denied API method
* Modify access error handlers in order to call the mentioned trigger
* Add new type of error - AccessDeniedError

Related #2911 "add audit log triggers"

Before this patch `box.cfg { log = "|wrapper" }` started `wrapper` by
invoking /bin/sh -c 'wrapper' with empty environment. This patch makes
/bin/sh -c 'wrapper' invocation to inherit parent's environment.

Closes #3041

* Add calls to on_auth trigger in case of failed authentication.
* Add bool parameter to the mentioned trigger.

Closes #3039

With review remarks by @kostja

Currently, we have three variables related to replication timeouts:
applier_timeout, relay_timeout, and replication_cfg_timeout. They are
all set to the value of box.cfg.replication_timeout. We use these
variables in four different cases:

 - Sending heartbeat messages periodically from master to slave and back
   (relay_timeout, applier_timeout).

 - Reconnecting applier after a disconnect (applier_timeout).

 - Disconnecting a replica if no hearbeat message has been receivied
   within the specified timeout (TIMEOUT_PERIODS * replication_timeout).

 - Waiting for box.cfg() to succeed (replication_connect_quorum_timeout).

This is confusing. Let's keep just one variable, replication_timeout,
that would determine the heartbeat interval and introduce the following
helpers for the three other cases:

 - replication_reconnect_timeout()
 - replication_disconnect_timeout()
 - replication_connect_quroum_timeout()

Also, let's make replication_connect_quorum_timeout() return 4 times the
configured timeout in the scope of this patch, because, as pointed out by
@kostja,

> We need another replication_timeout variable, using the same variable
> for everything doesn't work.  Please try setting a broken
> box.cfg.replication second time, and you'll see that it doesn't try to
> reconnect, because reconnect timeout = replication timeout. This is
> broken, reconnect_timeout should be < replication_timeout, to allow for
> at least a few reconnects.

Suggested by @kostja

Follow-up #2958

To avoid rescanning the last recovered xlog in case it has been properly
finalized, recover_remaining_wals() skips xlogs whose signature is less
than the signature of the current recovery position. This assumption is
incorrect if this function is used for replication. For example consider
the following scenario in case of master -> slave replication:

 1. Master temporarily shuts down.
 2. Slave bumps its LSN while master is down.
 3. Master is brought back online.
 4. Slave reconnects to master.

In such a case the recovery vclock signature sent by slave on reconnect
will be greater than the signature of the xlog file created after master
restart, causing replication to silently freeze.

Instead of comparing xlog signature to recovery position, we should
compare it to the signature of the last scanned xlog. To do that, we
need to remove TRASH() from xlog_cursor_close() so that xlog cursor
meta isn't overwritten on close. To make sure nobody attempts to use a
closed cursor, let's add corresponding assertions to each public xlog
cursor function.

Fixes b25c60f0 ("recovery: do not rescan last xlog")

Closes #3038

'replication_connect_quorum' seems to be a better name for this option
is ignored once connections to remote masters have been established.

Suggested by @kostja

Follow-up #2958

Delete specifc access denied error code (ER_FUNCTION_ACCESS_DENIED,
ER_SPACE_ACCESS_DENIED, ER_FUNC_ACCESS_DENIED) and always
ER_ACCESS_DENIED code, which now contains object name and type

Pass operation type (create, drop, grant, revoke) to ER_ACCESS_DENIED.
Add a helper function schema_find_name() to schema.[h,cc].

In scope of gh-2911 "add triggers for audit log".

Heavily edited by @kostja

Move access_check_ddl outside of raw msgpack constructors
of defs to make code more clear

Add an ability to treat single '/' as no-op.
Ignore duplicate '/' in pathjoin.

Closes #2968

If one cluster node is down permanently for some reason, no other node
can restart - they will stall in box.cfg{} until all other nodes are up
and running. This complicates a tarantool cluster deployment in real
world scenarios.

To address this issue, let's complete the configuration as soon as
connections have been established connections to the number of hosts
specified by the new configuration option, box.cfg.replication_quorum,
assuming the rest will connect asynchronously. If the option is unset,
it defaults to the number of entries in box.cfg.replication so this
patch shouldn't affect the behavior of existing setups.

Closes #2958

 - Fold call to replicaset_update() in replicaset_connect().
   These two functions are always called one after another.

 - Factor out replicaset_follow() to resume all appliers
   registered with the replica set.

Needed for #2958

The logic of applier_connect_all() does not really belong to applier.cc,
because it operates on a set of appliers while applier.cc is all about
an individual applier implementation. Let's move it to replication.cc
and rename it to replicaset_connect().

Needed for #2958

Do not use the generic applier_on_state infrastructure, which is used to
advance a single applier to a particular state as it doesn't really fit
the case when we need to wait for multiple appliers and it utterly fails
when it comes to waiting for an arbitrary subset of all appliers.

Needed for #2958

Fix segfault in case when ibuf.rpos is null
Now error is raised in the case

Closes #3005

If the value of range_size is absent in the _index system space, it will
be initialized to 0 in struct index_def. This will lead to insane range
splitting in vinyl and, as a result, file descriptor exhaustion. We ran
into this problem after restoring memtx spaces as vinyl using tarantool
dump utility (the latter simply replaces 'memtx' with 'vinyl' in the
_space system space on restore). To avoid a debacle like this in future,
let's use hardcoded defaults if vinyl options were omitted in the _index
system space on insertion. The default values are the same we use for
the corresponding box.cfg options. We already do it for run_size_ratio,
run_count_per_level, and bloom_fpr so let's do it for range_size and
page_size too.

Closes #3019

That is convenient for environments where python3 is the primary
interpreter.

Crash details on SIGSEGV added

* more details printed in fatal signals handler
* dump x86-64 registers on crash
* registers dump is disabled for non-linux platforms

Currently we requrie read and write on system spaces to be able to
create objects, and only object definer can drop an object.

Release 1.7.7 adds 'create' and 'drop' acls, which can
be used to explicitly pass around create/drop privileges.

Automatically grant 'create' privilege to all users created
pre-1.7.7 who have global read and write privileges on universe
during 1.7.7 automatic upgrade.