........S. [ZBXNEXT-6855] added initial draft

4 files changed, 244 insertions, 2 deletions

diff --git a/src/libs/zbxaudit/Makefile.am b/src/libs/zbxaudit/Makefile.am
index 6bff91983eb..08f8ee9c3b3 100644
--- a/src/libs/zbxaudit/Makefile.am
+++ b/src/libs/zbxaudit/Makefile.am
@@ -8,4 +8,6 @@ libzbxaudit_a_SOURCES = \
 	audit_host.c \
 	audit_host.h \
 	audit_item.c \
-	audit_item.h
+	audit_item.h \
+	audit_trigger.c \
+	audit_trigger.h
diff --git a/src/libs/zbxaudit/audit_trigger.c b/src/libs/zbxaudit/audit_trigger.c
new file mode 100644
index 00000000000..0cc6a3940ac
--- /dev/null
+++ b/src/libs/zbxaudit/audit_trigger.c
@@ -0,0 +1,171 @@
+/*
+** Zabbix
+** Copyright (C) 2001-2021 Zabbix SIA
+**
+** This program is free software; you can redistribute it and/or modify
+** it under the terms of the GNU General Public License as published by
+** the Free Software Foundation; either version 2 of the License, or
+** (at your option) any later version.
+**
+** This program is distributed in the hope that it will be useful,
+** but WITHOUT ANY WARRANTY; without even the implied warranty of
+** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+** GNU General Public License for more details.
+**
+** You should have received a copy of the GNU General Public License
+** along with this program; if not, write to the Free Software
+** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+**/
+
+#include "dbcache.h"
+
+#include "log.h"
+#include "audit_trigger.h"
+
+#define	PREPARE_AUDIT_TRIGGER(funcname, auditentry, audit_resource_flag)					\
+void	zbx_audit_##funcname##_create_entry(int audit_action, zbx_uint64_t triggerid, const char *name)		\
+{														\
+	zbx_audit_entry_t	local_audit_trigger_entry, **found_audit_trigger_entry;				\
+	zbx_audit_entry_t	*local_audit_trigger_entry_x = &local_audit_trigger_entry;			\
+														\
+	RETURN_IF_AUDIT_OFF();											\
+														\
+	local_audit_trigger_entry.id = triggerid;								\
+														\
+	found_audit_trigger_entry = (zbx_audit_entry_t**)zbx_hashset_search(zbx_get_audit_hashset(),		\
+			&(local_audit_trigger_entry_x));							\
+	if (NULL == found_audit_trigger_entry)									\
+	{													\
+		zbx_audit_entry_t	*local_audit_trigger_entry_insert;					\
+														\
+		local_audit_trigger_entry_insert = (zbx_audit_entry_t*)zbx_malloc(NULL,				\
+				sizeof(zbx_audit_entry_t));							\
+		local_audit_trigger_entry_insert->id = triggerid;						\
+		local_audit_trigger_entry_insert->name = zbx_strdup(NULL, name);				\
+		local_audit_trigger_entry_insert->audit_action = audit_action;					\
+		local_audit_trigger_entry_insert->resource_type = audit_resource_flag;				\
+		zbx_json_init(&(local_audit_trigger_entry_insert->details_json), ZBX_JSON_STAT_BUF_LEN);	\
+		zbx_hashset_insert(zbx_get_audit_hashset(), &local_audit_trigger_entry_insert,			\
+				sizeof(local_audit_trigger_entry_insert));					\
+														\
+		if (AUDIT_ACTION_ADD == audit_action)								\
+		{												\
+			zbx_audit_update_json_append_uint64(triggerid, AUDIT_DETAILS_ACTION_ADD,		\
+					#auditentry".triggerid", triggerid);					\
+		}												\
+	}													\
+}
+
+PREPARE_AUDIT_TRIGGER(trigger, trigger, AUDIT_RESOURCE_TRIGGER)
+PREPARE_AUDIT_TRIGGER(trigger_prototype, triggerprototype, AUDIT_RESOURCE_TRIGGER_PROTOTYPE)
+#undef PREPARE_AUDIT_TRIGGER
+
+#define TR_OR_TRP(s) (ZBX_FLAG_DISCOVERY_NORMAL == flags) ? "trigger."#s : "triggerprototype:"#s
+void	zbx_audit_trigger_update_json_add_data(zbx_uint64_t triggerid, zbx_uint64_t templateid, unsigned char recovery_mode,
+		unsigned char status, unsigned char type, zbx_uint64_t value, zbx_uint64_t state,
+		unsigned char priority, const char *comments, const char *url, unsigned char flags,
+		unsigned char correlation_mode, const char *correlation_tag, unsigned char manual_close,
+		const char *opdata, unsigned char discover, const char *event_name)
+{
+	char	audit_key[AUDIT_DETAILS_KEY_LEN], audit_key_event_name[AUDIT_DETAILS_KEY_LEN],
+		audit_key_opdata[AUDIT_DETAILS_KEY_LEN],
+		audit_key_comments[AUDIT_DETAILS_KEY_LEN], audit_key_flags[AUDIT_DETAILS_KEY_LEN],
+		audit_key_priority[AUDIT_DETAILS_KEY_LEN], audit_key_state[AUDIT_DETAILS_KEY_LEN],
+		audit_key_status[AUDIT_DETAILS_KEY_LEN], audit_key_templateid[AUDIT_DETAILS_KEY_LEN],
+		audit_key_type[AUDIT_DETAILS_KEY_LEN], audit_key_url[AUDIT_DETAILS_KEY_LEN],
+		audit_key_value[AUDIT_DETAILS_KEY_LEN], audit_key_recovery_mode[AUDIT_DETAILS_KEY_LEN],
+		audit_key_correlation_mode[AUDIT_DETAILS_KEY_LEN], audit_key_correlation_tag[AUDIT_DETAILS_KEY_LEN],
+		audit_key_manual_close[AUDIT_DETAILS_KEY_LEN], audit_key_discover[AUDIT_DETAILS_KEY_LEN];
+
+	RETURN_IF_AUDIT_OFF();
+	
+#define AUDIT_KEY_SNPRINTF(r) zbx_snprintf(audit_key_##r, sizeof(audit_key_##r), TR_OR_TRP(r));
+
+	AUDIT_KEY_SNPPRINTF(event_name)
+	AUDIT_KEY_SNPPRINTF(opdata)
+	AUDIT_KEY_SNPPRINTF(comments)
+	AUDIT_KEY_SNPPRINTF(flags)
+	AUDIT_KEY_SNPPRINTF(priority)
+	AUDIT_KEY_SNPPRINTF(state)
+	AUDIT_KEY_SNPPRINTF(status)
+	AUDIT_KEY_SNPPRINTF(templateid)
+	AUDIT_KEY_SNPPRINTF(type)
+	AUDIT_KEY_SNPPRINTF(url)
+	AUDIT_KEY_SNPPRINTF(value)
+	AUDIT_KEY_SNPPRINTF(recovery_mode)
+	AUDIT_KEY_SNPPRINTF(correlation_mode)
+	AUDIT_KEY_SNPPRINTF(correlation_tag)
+	AUDIT_KEY_SNPPRINTF(manual_close)	  
+	if (ZBX_FLAG_DISCOVERY_PROTOTYPE == flags)
+		AUDIT_KEY_SNPPRINTF(discover)
+#undef AUDIT_KEY_SNPRINTF
+
+	zbx_audit_update_json_append_no_value(triggerid, AUDIT_DETAILS_ACTION_ADD, audit_key);
+#define ADD_STR(r) zbx_audit_update_json_append_string(triggerid, AUDIT_DETAILS_ACTION_ADD, audit_key_##r, r)
+#define ADD_UINT64(r) zbx_audit_update_json_append_uint64(triggerid, AUDIT_DETAILS_ACTION_ADD, audit_key_##r, r)
+#define ADD_INT(r) zbx_audit_update_json_append_int(triggerid, AUDIT_DETAILS_ACTION_ADD, audit_key_##r, r)
+	ADD_STR(event_name)
+	ADD_STR(opdata)
+	ADD_STR(comments)
+	ADD_INT(flags)
+	ADD_INT(priority)
+	ADD_INT(state)
+	ADD_INT(status)
+	ADD_UINT64(templateid)
+	ADD_INT(type)
+	ADD_STRING(url)
+	ADD_INT(value)
+	ADD_INT(recovery_mode)
+	ADD_INT(correlation_mode)
+	ADD_STR(correlation_tag)
+	ADD_INT(manual_close)
+	ADD_UINT64(discover)
+#undef ADD_STR
+#undef ADD_UINT64
+	  }
+
+void	zbx_audit_trigger_update_json_add_expr(zbx_uint64_t triggerid, unsigned char flags, const char *expression)
+{
+	char	buf[AUDIT_DETAILS_KEY_LEN];
+
+	RETURN_IF_AUDIT_OFF();	
+
+	zbx_snprintf(buf, sizeof(buf), TR_OR_TRP(expression));
+	zbx_audit_update_json_append_string(triggerid, AUDIT_DETAILS_ACTION_ADD, buf, expression);
+}
+
+
+void	zbx_audit_trigger_update_json_add_rexpr(zbx_uint64_t triggerid, unsigned char flags, const char recovery_expression)
+{
+	char	buf[AUDIT_DETAILS_KEY_LEN];
+
+	RETURN_IF_AUDIT_OFF();	
+
+	zbx_snprintf(buf, sizeof(buf), TR_OR_TRP(recovery_expression));
+	zbx_audit_update_json_append_string(triggerid, AUDIT_DETAILS_ACTION_ADD, buf, recovery_expression);
+}
+
+#define PREPARE_AUDIT_TRIGGER_UPDATE(resource, type1, type2)		\
+void	zbx_audit_trigger_update_json_update_##resource(zbx_uint64_t triggerid, unsigned char flags,		\
+		type1 resource##_old, type1 resource##_new)
+{
+	char	buf[AUDIT_DETAILS_KEY_LEN];
+
+	RETURN_IF_AUDIT_OFF();
+
+	zbx_snprintf(buf, sizeof(buf), TR_OR_TRP(resource));
+
+	zbx_audit_update_json_update_##type2(triggerid, buf, resource##_old, resource##_new);
+}
+
+PREPARE_AUDIT_TRIGGER_UPDATE(flags, int, int)
+PREPARE_AUDIT_TRIGGER_UPDATE(recovery_mode, int, int)
+PREPARE_AUDIT_TRIGGER_UPDATE(correlation_mode, int, int)
+PREPARE_AUDIT_TRIGGER_UPDATE(manual_close, int, int)
+PREPARE_AUDIT_TRIGGER_UPDATE(opdata, const char*, string)
+PREPARE_AUDIT_TRIGGER_UPDATE(discover, int, int)
+PREPARE_AUDIT_TRIGGER_UPDATE(event_name, const char*, string)
+PREPARE_AUDIT_TRIGGER_UPDATE(templateid, zbx_uint64_t, uint64)
+
+#undef PREPARE_AUDIT_ITEM_UPDATE
+#undef TR_OR_TRP
diff --git a/src/libs/zbxaudit/audit_trigger.h b/src/libs/zbxaudit/audit_trigger.h
new file mode 100644
index 00000000000..e85bd7ce36b
--- /dev/null
+++ b/src/libs/zbxaudit/audit_trigger.h
@@ -0,0 +1,29 @@
+/*
+** Zabbix
+** Copyright (C) 2001-2021 Zabbix SIA
+**
+** This program is free software; you can redistribute it and/or modify
+** it under the terms of the GNU General Public License as published by
+** the Free Software Foundation; either version 2 of the License, or
+** (at your option) any later version.
+**
+** This program is distributed in the hope that it will be useful,
+** but WITHOUT ANY WARRANTY; without even the implied warranty of
+** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+** GNU General Public License for more details.
+**
+** You should have received a copy of the GNU General Public License
+** along with this program; if not, write to the Free Software
+** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+**/
+
+#ifndef ZABBIX_AUDIT_TRIGGER_H
+#define ZABBIX_AUDIT_TRIGGER_H
+
+#include "common.h"
+#include "audit.h"
+
+#include "../zbxdbhigh/template.h"
+
+
+#endif	/* ZABBIX_AUDIT_TRIGGER_H */
diff --git a/src/libs/zbxdbhigh/trigger_linking.c b/src/libs/zbxdbhigh/trigger_linking.c
index 29e37f31d6f..6b41a97a33f 100644
--- a/src/libs/zbxdbhigh/trigger_linking.c
+++ b/src/libs/zbxdbhigh/trigger_linking.c
@@ -284,7 +284,7 @@ static void	DBresolve_template_trigger_dependencies(zbx_uint64_t hostid, const z
 
 	DBfree_result(result);
 
-	if (0 == dep_list_ids.values_num)	/* not all trigger template have a dependency trigger */
+	if (0 == dep_list_ids.values_num)	/* not all trigger templates have a dependency trigger */
 	{
 		zbx_vector_uint64_destroy(&all_templ_ids);
 		zbx_vector_uint64_pair_destroy(&dep_list_ids);
@@ -814,6 +814,9 @@ static int	execute_triggers_updates(zbx_hashset_t *zbx_host_triggers_main_data)
 			{
 				zbx_snprintf_alloc(&sql, &sql_alloc, &sql_offset, "flags=%d", (int)found->flags);
 				d = ",";
+
+				zbx_audit_trigger_update_json_update_flags(found->triggerid, found->update_flags,
+						found->flags_orig, found->flags);
 			}
 
 			if (0 != (found->update_flags & ZBX_FLAG_LINK_TRIGGER_UPDATE_RECOVERY_MODE))
@@ -821,6 +824,9 @@ static int	execute_triggers_updates(zbx_hashset_t *zbx_host_triggers_main_data)
 				zbx_snprintf_alloc(&sql, &sql_alloc, &sql_offset, "%srecovery_mode=%d", d,
 						found->recovery_mode);
 				d = ",";
+
+				zbx_audit_trigger_update_json_update_recovery_mode(found->triggerid,
+						found->update_flags, found->recovery_mode_orig, found->recovery_mode);
 			}
 
 			if (0 != (found->update_flags & ZBX_FLAG_LINK_TRIGGER_UPDATE_CORRELATION_MODE))
@@ -828,6 +834,10 @@ static int	execute_triggers_updates(zbx_hashset_t *zbx_host_triggers_main_data)
 				zbx_snprintf_alloc(&sql, &sql_alloc, &sql_offset, "%scorrelation_mode=%d", d,
 						found->correlation_mode);
 				d = ",";
+
+				zbx_audit_trigger_update_json_update_correlation_mode(found->triggerid,
+						found->update_flags, found->correlation_mode_orig,
+						found->correlation_mode);
 			}
 
 			if (0 != (found->update_flags & ZBX_FLAG_LINK_TRIGGER_UPDATE_MANUAL_CLOSE))
@@ -835,6 +845,9 @@ static int	execute_triggers_updates(zbx_hashset_t *zbx_host_triggers_main_data)
 				zbx_snprintf_alloc(&sql, &sql_alloc, &sql_offset, "%smanual_close=%d", d,
 						found->manual_close);
 				d = ",";
+
+				zbx_audit_trigger_update_json_update_manual_close(found->triggerid,
+						found->update_flags, found->manual_close_orig, found->manual_close);
 			}
 
 			if (0 != (found->update_flags & ZBX_FLAG_LINK_TRIGGER_UPDATE_OPDATA))
@@ -844,12 +857,18 @@ static int	execute_triggers_updates(zbx_hashset_t *zbx_host_triggers_main_data)
 				zbx_snprintf_alloc(&sql, &sql_alloc, &sql_offset, "%sopdata='%s'", d, opdata_esc);
 				zbx_free(opdata_esc);
 				d = ",";
+
+				zbx_audit_trigger_update_json_update_opdata(found->triggerid,
+						found->update_flags, found->opdata_orig, found->opdata);
 			}
 
 			if (0 != (found->update_flags & ZBX_FLAG_LINK_TRIGGER_UPDATE_DISCOVER))
 			{
 				zbx_snprintf_alloc(&sql, &sql_alloc, &sql_offset, "%sdiscover=%d", d, found->discover);
 				d = ",";
+
+				zbx_audit_trigger_update_json_update_discover(found->triggerid,
+						found->update_flags, found->discover_orig, found->discover);
 			}
 
 			if (0 != (found->update_flags & ZBX_FLAG_LINK_TRIGGER_UPDATE_EVENT_NAME))
@@ -860,6 +879,9 @@ static int	execute_triggers_updates(zbx_hashset_t *zbx_host_triggers_main_data)
 						found->event_name);
 				d = ",";
 				zbx_free(event_name_esc);
+
+				zbx_audit_trigger_update_json_update_discover(found->event_name,
+						found->update_flags, found->event_name_orig, found->event_name);
 			}
 
 			zbx_snprintf_alloc(&sql, &sql_alloc, &sql_offset, "%stemplateid=" ZBX_FS_UI64, d,
@@ -1001,6 +1023,16 @@ static int	execute_triggers_inserts(zbx_vector_trigger_copies_insert_t *trigger_
 
 		zbx_vector_uint64_append(new_triggerids, triggerid);
 
+		zbx_audit_trigger_create_entry(AUDIT_ACTION_ADD, triggerid, trigger_copy_template->description);
+		zbx_audit_trigger_update_json_add_data(triggerid, trigger_copy_template->templateid,
+				trigger_copy_template->recovery_mode, trigger_copy_template->status,
+				trigger_copy_template->type, TRIGGER_VALUE_OK, TRIGGER_STATE_NORMAL,
+				trigger_copy_template->priority, trigger_copy_template->comments,
+				trigger_copy_template->url, trigger_copy_template->flags,
+				trigger_copy_template->correlation_mode, trigger_copy_template->correlation_tag,
+				trigger_copy_template->manual_close, trigger_copy_template->opdata,
+				trigger_copy_template->discover, trigger_copy_template->event_name);
+
 		triggerid++;
 	}
 
@@ -1067,9 +1099,14 @@ static int	execute_triggers_inserts(zbx_vector_trigger_copies_insert_t *trigger_
 			zbx_snprintf_alloc(&sql_update_triggers_expr, &sql_update_triggers_expr_alloc,
 					&sql_update_triggers_expr_offset,
 					"update triggers set expression='%s'", esc);
+
+			/* technically this is an update SQL operation, but logically it is add, so we audit it as such */
+			zbx_audit_trigger_update_json_add_expr(triggerid, trigger_copy_template->flags, new_expression);
+
 			zbx_free(esc);
 			zbx_free(new_expression);
 
+			
 			if (TRIGGER_RECOVERY_MODE_RECOVERY_EXPRESSION == (int)trigger_copy_template->recovery_mode)
 			{
 				zbx_eval_compose_expression(&ctx_r, &new_expression);
@@ -1077,6 +1114,9 @@ static int	execute_triggers_inserts(zbx_vector_trigger_copies_insert_t *trigger_
 				zbx_snprintf_alloc(&sql_update_triggers_expr,
 						&sql_update_triggers_expr_alloc, &sql_update_triggers_expr_offset,
 						",recovery_expression='%s'", esc);
+
+				zbx_audit_trigger_update_json_add_rexpr(triggerid, trigger_copy_template->flags, new_expression);
+
 				zbx_free(esc);
 				zbx_free(new_expression);
 			}