The 'copy' ptr is checked for NULL after dereferencing. Found by PVS.

https://jira.vk.team/browse/TNT-698

It can hardly result in a null-ptr dereference, because vy_stmt_dup()
uses malloc(), which doesn't normally fail (instead, the OOM killer just
kills the process if there's a severe shortage of memory, see #3534).
Still, PVS rightfully complains about it so let's fix it.

Fixes commit 902d212b ("vinyl: zap vy_write_iterator->format")

NO_DOC=bug fix
NO_TEST=unreproducible
NO_CHANGELOG=unreproducible

This commit adds function stubs security_init and security_free that
are called after auth_init and before auth_free, respectively. We'll
define them in the EE repository along with the enabling macros:
ENABLE_SECURITY and SECURITY_SOURCES. We'll start with adding extra
authentication methods in security_init. Later on, we'll implement more
security features, like password strength enforcement or authentication
delay.

Needed for https://github.com/tarantool/tarantool-ee/issues/295

NO_DOC=internal
NO_TEST=internal
NO_CHANGELOG=internal

After checking that the received authentication method and type are
compatible with auth_request_check(), authenticate() tries to
authenticate it using the user's authentication method with
authenticate_request(). The problem is the user may use a different
authenticate method from the one received in the request while
authenticate_request() expects the request to be valid. As a result,
it may crash in this case. Fix this by ensuring that the user's
authentication method matches the one received in the request.

Follow-up commit b5754d3f ("box: make auth subsystem pluggable")
Follow-up #7986

NO_DOC=bug fix
NO_CHANGELOG=unreleased
NO_TEST=will be added to EE, because CE supports just one auth method

The authentication method can be specified via the 'auth_type' uri
parameter, e.g.

  box.cfg({replication = 'user:password@host:port?auth_type=chap-sha1'})

The only authentication method supported by Community Edition (CE)
is 'chap-sha1' so we don't document or announce this feature in CE.
More methods and tests will be added to Enterprise Edition (EE).

Part of #7988

NO_DOC=ee
NO_CHANGELOG=ee

This commit adds a new option for net.box.connect - auth_type.
The option takes an authentication method name (string) that will
be used to authenticate the client on connect. Like user name and
password, the new option may also be passed via uri parameters, e.g.

  net.connect('host:port', {
      user = 'user',
      password = 'password',
      auth_type = 'chap-sha1',
  })
  net.connect('user:password@host:port?auth_type=chap-sha1')

The only authentication method supported by Community Edition (CE)
is 'chap-sha1' so we don't document or announce this feature in CE.
More methods and tests will be added to Enterprise Edition (EE).

Part of #7988

NO_DOC=ee
NO_CHANGELOG=ee

This commit adds a new box configuration option - box.cfg.auth_type.
The option takes an authentication method name (string) that will be
used by box.schema.user.passwd to generate user authentication data.

The only authentication method supported by Community Edition (CE)
is 'chap-sha1' so we don't document or announce this feature in CE.
More methods and tests will be added to Enterprise Edition (EE).

Part of #7988

NO_DOC=ee
NO_CHANGELOG=ee

The dependency is redundant, because the library is now bundled into
tarantool (see PR #6877).

There is a practical reason to remove it: this way we'll verify that
presence of system libunwind headers is not necessary to build
tarantool. In other words, we'll verify that #8025 will not appear
again.

Follows up #8025
Follows up #6877
Part of #6998

NO_DOC=No user visible changes, just some validation for a build fix.
NO_TEST=See NO_DOC.
NO_CHANGELOG=See a changelog entry in the previous commit.

The problem is described in a previous commit. In short: inclusion of
`fiber.h` leads to inclusion of `libunwind.h`, but it is not necessarily
in include paths that used for testing sources.

We can add the include path or eliminate the `fiber.h` dependency. I
have no strict preference here. However the latter allows to write
public API and internal API calls differently in the testing code and it
looks more clean.

The implementation is based on the `tnt_internal_symbol()` function,
which was introduced to make a dark magic of this kind. See commit
395c30e8 ("fiber_channel: add accessor to internal functions").

Fixes #8025

NO_DOC=It is a fix of a build failure.
NO_TEST=It is a fix of a build failure.

## The problem

Case: a build host has no libunwind installed into the system. Dispite
that tarantool has libunwind bundled as a git submodule (see PR #6877),
the build fails in the case:

NO_WRAP
```
In file included from <...>/src/lib/core/fiber.h:47,
                 from <..some test/**/*.{c,cc} file..>:
<...>/src/lib/core/backtrace.h:14:10: fatal error: libunwind.h: No such file or directory
   14 | #include "libunwind.h"
      |          ^~~~~~~~~~~~~
```
NO_WRAP

The problem appears when `ENABLE_BACKTRACE` and
`ENABLE_BUNDLED_LIBUNWIND` CMake options are enabled. They're enabled by
default for most targets.

The compilation fails for testing files, which include `fiber.h`. The
`fiber.h` header includes `backtrace.h`, which includes `libunwind.h`.
The `libunwind.h` header couldn't be found if appropriate include
directory is not passed to a compiler.

Almost half (45/102) of unit tests includes `fiber.h` directly or
indirectly. Swim fuzzers include it too.

## The solution

Just add libunwind's include directory to compilation of those files.

The include path is added as a system one to suppress warnings from the
third party project. It follows the way the directory is included into
tarantool's build, see PR #6877.

The uri unit test includes `fiber.h`, but actually doesn't use it. The
test has no CMake dependency on the `core` library and so the build
system may attempt to build it before `libunwind.h` is installed into
`LIBUNWIND_INCLUDE_DIR`. Eliminated redundant includes from the test.

Note: this commit solves only a part of the problem: it fixes
compilation of unit tests and fuzzers. There are other test files that
include `fiber.h` and it'll be fixed in the next commit.

Part of #8025

NO_DOC=It is a fix of a build failure.
NO_TEST=It is a fix of a build failure.
NO_CHANGELOG=Only part of the problem is solved here. A following commit
             will add a changelog entry.

ChristopherHX/github-act-runner@0.4.1, which we use on FreeBSD,
is incompatible with newest actions/checkout@v3.2.0, aliased to @v3.
Until this is resolved, FreeBSD workflows will use fixed version
actions/checkout@v3.1.0.

actions/checkout@v3.2.0 fails with an unclear error:

> ⭐  Run actions/checkout@v3
>   ☁️  git clone 'https://github.com/actions/checkout' # ref=v3
> Error: Unable to resolve v3: unsupported object type
> Error: Unable to resolve v3: unsupported object type
> Error:   ❌  Failure - actions/checkout@v3
> Error: unsupported object type

NO_DOC=CI
NO_TEST=CI
NO_CHANGELOG=CI

Fixes #7714

@TarantoolBot document
Title: TT_PRELOAD

A script file or a module may be specified in the `TT_PRELOAD`
environment variable to load before the main script. For example:

```shell
$ TT_PRELOAD=/path/to/foo.lua tarantool main.lua
```

The `foo.lua` script will be executed before `main.lua`.

```shell
$ TT_PRELOAD=foo.bar.baz tarantool main.lua
```

The `foo.bar.baz` module will be loaded before executing `main.lua`.

A value that ends with `.lua` is considered as a script file, otherwise
it is considered as a module name.

Several files or modules may be passed as a semicolon separated list:

```shell
$ TT_PRELOAD="/path/to/foo.lua;foo.bar.baz" tarantool main.lua
```

Don't forget quotes, a shell interprets a semicolon on its own.

Redundant (duplicated, leading, trailing) semicolons are ignored.

If something goes wrong at script/module execution, tarantool reports
the problem and exits.

A script receives a path to the file in `...`, a module gets the module
name. `arg` is the same as for the main script.

Support for OpenSUSE 15.1/15.2 has been recently dropped.
There is no sense to keep the dead code. So removing it.

Follows up #8021

NO_DOC=cd
NO_TEST=cd
NO_CHANGELOG=cd

Not used anywhere anymore. No need in it, because SHA1 is provided by
the OpenSSL library.

Closes #7987

NO_DOC=code cleanup
NO_TEST=code cleanup
NO_CHANGELOG=code cleanup

Since commit f6ea7180 ("Try to load several variants of libssl.")
the digest module uses an internal version of SHA1. Back then, we didn't
link the OpenSSL library. Instead, we tried to load it dynamically.
Since on some distributions the library could be missing, it was decided
to implement an internal version of SHA1, see #405.

However, since commit 59a55740 ("Link against libssl and libcrypto.
Issue #1382") we link the OpenSSL library unconditionally so there's no
need in having an internal implementation of SHA1. Let's drop it and
switch the digest module to the version of SHA1 implemented by the
crypto module using OpenSSL.

Part of #7987

NO_DOC=code cleanup
NO_TEST=code cleanup
NO_CHANGELOG=code cleanup

We added an internal version of SHA1, because initially we didn't link
the OpenSSL library. However, since commit 59a55740 ("Link against
libssl and libcrypto. Issue #1382") we do so there's no need in it.

Part of #7987

NO_DOC=code cleanup
NO_TEST=code cleanup
NO_CHANGELOG=code cleanup

Scramble is used only by the chap-sha1 authentication mechanism,
which has a proper API. There's no need in a standalone scramble lib.

Part of #7987

NO_DOC=code cleanup
NO_TEST=code cleanup
NO_CHANGELOG=code cleanup

Authentication salt is expected to be 20 byte long (SCRAMBLE_SIZE).
However, IPROTO sends 36 bytes (IPROTO_SALT_SIZE). Let's add a few
assertions ensuring that we never pass less than 20 bytes to
authentication methods.

Part of #7987

NO_DOC=code cleanup
NO_TEST=code cleanup
NO_CHANGELOG=code cleanup

box_cfg_xc() initializes a lot of storage-specific modules like
gc, engine, schema, etc.

These modules were supposed to be destroyed by box_free(), but it
didn't happen if an exception was thrown during box_cfg_xc().

For example, memtx engine might be initialized and even have a
snapshot thread running, then SIGTERM would arrive, and the
process would try to free all initialized modules skipping the
box-ones.

It sometimes resulted in fiber_free() being called, all fiber
stacks freed, and then the snapshot thread ending. Its join was
already started in memtx_engine_wait_checkpoint(), it already had
an on-exit callback prepared. The callback was stored on the stack
of one of the deleted fibers in a struct cord_on_exit. The struct
was garbage and the callback invocation would crash.

The patch makes the storage-specific modules be destroyed even if
box.cfg{} didn't end but those modules were initialized.

The test is a bit more complicated. Just testing that the process
can finish without crashes wouldn't be possible:

- Luatest server:stop() doesn't waitpid() the child process. As a
  result the exit code is just lost. Even if the process would
  crash somewhere in the end, it wouldn't be detected.

- On MacOS a crash in any non-main thread is ignored because all
  threads but the main one have all the signals blocked (see
  tt_pthread_create()). On Mac apparently the blockage of
  SIGSEGV/SIGABRT or some other signal causes their turning into
  mach exceptions which are simply not handled atm. As a result,
  the "crashed" thread is just frozen and the main thread ends
  fine (in a test for this particular bug) (#8023).

Closes #7743

NO_DOC=bugfix

It is a wrapper around pthread cancel and join. It was repeated
many times and was dangerous, because left cord.id set. An
accidental attempt to cord_join/cojoin() such cord would lead to
UB then.

The patch introduces a function which encapsulates the blocking
cancellation. It is going to be used in a next patch to count the
number of cords in the process. Which in turn is needed for a new
test.

The counter is atomic in case some cords would be created not by
the main cord.

There are now also more sanity checks against accidental attempts
to join the same cord twice.

Needed for #7743

NO_DOC=internal
NO_CHANGELOG=internal

Added tarantool.compat option that allows yaml.encode() to encodes all
strings containing a newline in a more convenient block scalar style.
This is a breaking change, programs that rely on precise lyaml encoding
may fail if the new behavior is selected.

Closes #3012
Requires #7060
Requires #8007

@TarantoolBot document
Title: YAML formatter improvement

Now yaml.encode() can encode strings with a newline in block scalar style,
see https://yaml.org/spec/1.2-old/spec.html#style/block/literal and
https://github.com/tarantool/tarantool/wiki/compat%3Ayaml_pretty_multiline

old:
```
tarantool> compat.yaml_pretty_multiline = 'old'
---
...

tarantool> return "Title: xxx\n- Item 1\n- Item 2\n"
---
- 'Title: xxx

  - Item 1

  - Item 2

  '
...

```

new:
```
tarantool> compat.yaml_pretty_multiline = 'new'
---
...

tarantool> return "Title: xxx\n- Item 1\n- Item 2\n"
---
- |
  Title: xxx
  - Item 1
  - Item 2
...

```

For unknown reason in upstream lua_cjson '/' was escaped
while according to the standard [rfc4627] it is unnecessary and is
questionably compatible with other implementations.

It was decided that the change will be introduced using
tarantool.compat (gh-7000). The patch adds json_escape_forward_slash
option to compat and its logic in lua_cjson and msgpuck.

Requires #7060
Requires #8007
Fixes #6200
See also #7000

@TarantoolBot document
Title: new compat option json_escape_forward_slash

In the new behavior forward slash is not escaped in `json.encode()`
and msgpack:

```
tarantool> compat.json_escape_forward_slash = 'new'
---
...

tarantool> json.encode('/')
---
- '"/"'
...

tarantool> compat.json_escape_forward_slash = 'old'
---
...

tarantool> json.encode('/')
---
- '"\/"'
...
```

The `recursive_rmdir` can start execution while tarantool instance
started by the tarantoolctl is in the process of shutdown. As a result
the instance pid file can be available at the name collection, but by
the time of its removal the instance deletes it by itself.

NO_DOC=test
NO_CHANGELOG=test

Closes #3211

NO_TEST=Documentation

@TarantoolBot document
Title: Per-module log level
Root document: https://www.tarantool.io/en/doc/latest/reference/configuration/#logging

Since version 2.11 it is possible to specify the log level for each
module separately, e.g.:

box.cfg {
    log_level = 5,
    log_modules = {
        ['foo.bar'] = 1,
        expirationd = 'debug'
    }
}

The name of a module is determined automatically during the execution
of `require('log')` in the module's source code. The name is derived
from its filename, including a part of the path. Also it is possible
to create a logger with a custom name by using `log.new()`.

---

Root document: https://www.tarantool.io/en/doc/latest/reference/reference_lua/log/
New function: log.new(name)
Creates a new logger with a custom name.

Parameter `name`:
Type: string
Optional: false

Example:
box.cfg{log_level='error', log_modules={my_module='info'}}
log = require('log')
my_log = log.new('my_module')
my_log.info('Info')

Now the name of a module, from which the logging function was called,
is determined automatically during the execution of `require('log')`
in the module's source code. This is implemented by overriding the
built-in `require` function.

Part of #3211

NO_DOC=See next commit
NO_CHANGELOG=See next commit

Co-authored-by: AnastasMIPT <beliaev.ab@tarantool.org>

Now it is possible to specify the log level for each module separately,
e.g.:

box.cfg {
    log_level = 5,
    log_modules = {
        ['foo.bar'] = 1,
        expirationd = 'debug'
    }
}

Part of #3211

NO_DOC=See next commit
NO_CHANGELOG=See next commit

Co-authored-by: AnastasMIPT <beliaev.ab@tarantool.org>

It allows to create a new instance of a log module, with a custom name:
local my_log = require('log').new('my_module')

The name is added to the log message after fiber name:
YYYY-MM-DD hh:mm:ss.ms [PID]: CORD/FID/FIBERNAME/MODULENAME LEVEL> MSG

Part of #3211

NO_DOC=See next commit
NO_CHANGELOG=See next commit

Co-authored-by: AnastasMIPT <beliaev.ab@tarantool.org>

This commit introduces an abstraction for the authentication code so
that one can easily add new methods. To add a new method, one just needs
to define a set of authentication callbacks in a struct auth_method and
register it with auth_method_register.

The IPROTO_AUTH and _user.auth formats were initially designed with
extensibility in mind: both take the authentication method name
(currently, only 'chap-sha1' is supported) so no changes to the schema
are required.

Note that although 'chap-sha1' is now implemented in its own file
src/box/auth_chap_sha1.c, we don't merge src/scramble.c into it.
This will be done later, in the scope of #7987.

Since we call authentication plug-ins "methods" (not "mechanisms"),
let's rename BOX_USER_FIELD_AUTH_MECH_LIST to BOX_USER_FIELD_AUTH while
we are at it. Anyway, the corresponding field of the _user system space
is called 'auth' (not 'auth_mech_list').

Closes #7986

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=refactoring

We will need to store some extra data in the user_def struct to support
different authentication mechanisms. Let's introduce convenient helpers
for allocating and freeing this struct so that we don't have to patch
all the places in the code where it's allocated or freed when we extend
the struct.

While we are at it, switch to grp_alloc, shorted the license text, and
replace include guards with pragma.

Needed for #7986

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=refactoring

C++ features aren't really needed there. Let's drop exceptions and
convert to C to simplify further development.

While we are at it, shorten the License text, replace ifdef guards
with pragma, and clean up the include list.

Needed for #7986

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=refactoring

This option enables emission of the DWARF CFI (Call Frame Information)
directives to the assembler. It is enabled by default on most compilers,
but on GCC 7 for AArch64 and older it wasn't [1], so turn it on explicitly.
When enabled, the compiler emits .cfi_* directives that are required for
the stack unwinding, and defines __GCC_HAVE_DWARF2_CFI_ASM.

Part of #7960

[1] https://gcc.gnu.org/pipermail/gcc-patches/2018-March/495549.html

NO_DOC=internal
NO_CHANGELOG=internal
NO_TEST=Tested by test/app-luatest/fiber_parent_backtrace_test.lua

This feature was disabled due to a crash in libunwind. After commit
5b08d71a ("libunwind: use latest release v1.6.2 as a base") the
crash is gone.

Closes #7960

NO_DOC=internal
NO_CHANGELOG=internal
NO_TEST=<Leak backtraces are tested by test/unit/fiber.cc; the crash in
libunwind is observable on test/box-luatest/gh_6310_grant_rw_access_on_
_session_settings_space_to_public_role_test.lua>

An encoder function may only fail if it fails to allocate memory from
fiber->gc. The amount of memory it allocates is fairly small. It's used
as an extra stack to return the encoded data. This should never fail,
because there's no hard limit for runtime memory (and we're not planning
to ever add one). Let's make all encoder functions return void and drop
the untested checks for OOM.

To avoid confusion, let's make xrow_header_encode, xrow_encode_dml, and
xrow_to_iovec return the number of io vectors in a new out argument,
because a return value of type int is usually used to indicate an error.

See also #3534

NO_DOC=code cleanup
NO_TEST=code cleanup
NO_CHANGELOG=code cleanup

* Prepare workspace before actions/checkout to prevent
  git-related workflow failures.
* Replace tarantool/actions/cleanup, because it solves
  just the same problem.

Resolves tarantool/tarantool-qa#285

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

Since we are going to introduce zlib compression in enterprise version,
we need to find zlib package there, so let's search for zlib package
only if it has not been found before.

NO_TEST=cmake
NO_CHANGELOG=no behavior changes
NO_DOC=no behavior changes

It was decided not to proceed with support for these distros.

Closes tarantool/infra#162

NO_DOC=ci/cd
NO_TEST=ci/cd
NO_CHANGELOG=ci/cd

In order to send IPROTO packets using `box_iproto_send` (#7897) we need to
have some session identifier source in the C API: for now, export an analog
of `box.session.id`.

Closes #7895

@TarantoolBot document
Title: Document export of current session's identifier to C API
For the API description and usage examples, see:
* [design document](https://www.notion.so/tarantool/box-iproto-override-44935a6ac7e04fb5a2c81ca713ed1bce#0900ff9cb6b148378ce0b185d3f628b9);
* tarantool/tarantool#7895.

Currently, we stop without checking the authentication request body if
the specified user doesn't exist. As a result, one can check if a user
exists by sending a malformed authentication request: for an existing
user, the server will reply with ER_INVALID_MSGPACK error while if the
user doesn't exist, the error will be set to ER_CREDS_MISMATCH. To fix
this, let's parse the authentication request body even if the user
doesn't exist.

Closes https://github.com/tarantool/security/issues/21

NO_DOC=bug fix

The triggers are supposed to run on any authentication attempt,
successful or not. Without it, the admin may not notice a malefactor
enumerating user names.

Closes #8017

NO_DOC=bug fix

The guest can't have a non-empty password - it's explicitly prevented by
the _user trigger callback:

https://github.com/tarantool/tarantool/blob/2ed06651c317f2d46631b0d55e4b88f2c8a6c0a0/src/box/alter.cc#L2930-L2936

So there's no need to check the guest user password in authenticate.

NO_DOC=code cleanup
NO_TEST=code cleanup
NO_CHANGELOG=code cleanup

1. Fixed modification of a variable passed to the logging function
   (both log formats)

   tarantool> a = {foo = 'bar', file = 'c://autorun.bat'}
   tarantool> log.info(a)
   [...]
   tarantool> a
   (before) - foo: bar
    (after) - foo: bar
              file: c://autorun.bat

2. Fixed the drop of fields with reserved internal names (plain log format)

   tarantool> log.info({foo = 'bar', pid = 666})
   (before) {"foo":"bar"}
    (after) {"foo":"bar","pid":666}

3. Now if 'message' field is absent, it is set to the first field of the
   table (JSON log format)

   tarantool> log.info({'Hello, world', key = 'value'})
   (before) {[...], "1":"Hello, world", "key":"value", [...]}
    (after) {[...], "message":"Hello, world", "key":"value", [...]}

4. Fixed assertion on a table without string keys (JSON log format)

   If a Lua table, passed to say(), contains only integer indexes,
   json.encode() will encode it as an array rather than a map, thereafter
   say_format_json() will produce improperly formatted JSON string, or get
   assertion failure. Fix it by encoding all kinds of tables as maps.

Closes #3853
Closes #7955

NO_DOC=Mostly bug fixes, the format of the JSON log is not documented.