Revert "Add the ability to supply filters to watches set with keyctl"

This reverts commit 5ac409b01cc4fcb69d903408da90df2d34d4f32a which was from
the wrong branch and expects /dev/watch_queue to be available.

Signed-off-by: David Howells <dhowells@redhat.com>

6 files changed, 23 insertions, 269 deletions

diff --git a/keyctl.c b/keyctl.c
index b1e100e..cc25ac0 100644
--- a/keyctl.c
+++ b/keyctl.c
@@ -139,10 +139,10 @@ static const struct command commands[] = {
 	{ act_keyctl_timeout,	"timeout",	"<key> <timeout>" },
 	{ act_keyctl_unlink,	"unlink",	"<key> [<keyring>]" },
 	{ act_keyctl_update,	"update",	"[-x] <key> <data>" },
-	{ act_keyctl_watch,	"watch",	"[-f<filters>] <key>" },
+	{ act_keyctl_watch,	"watch",	"<key>" },
 	{ act_keyctl_watch_add,	"watch_add",	"<fd> <key>" },
 	{ act_keyctl_watch_rm,	"watch_rm",	"<fd> <key>" },
-	{ act_keyctl_watch_session, "watch_session", "[-f<filters>] [-n <name>] <notifylog> <gclog> <fd> <prog> [<arg1> <arg2> ...]" },
+	{ act_keyctl_watch_session, "watch_session", "[-n <name>] <notifylog> <gclog> <fd> <prog> [<arg1> <arg2> ...]" },
 	{ act_keyctl_watch_sync, "watch_sync",	"<fd>" },
 	{ act_keyctl_test,	"--test",	"..." },
 	{ NULL,			NULL,		NULL }
diff --git a/keyctl_watch.c b/keyctl_watch.c
index 5415d4c..191fe51 100644
--- a/keyctl_watch.c
+++ b/keyctl_watch.c
@@ -38,16 +38,6 @@ static key_serial_t session;
 static int watch_fd;
 static int debug;
 
-static struct watch_notification_filter filter = {
-	.nr_filters	= 0,
-	.filters = {
-		/* Reserve a slot */
-		[0]	= {
-			.type			= WATCH_TYPE_KEY_NOTIFY,
-		},
-	},
-};
-
 static inline bool after_eq(unsigned int a, unsigned int b)
 {
         return (signed int)(a - b) >= 0;
@@ -182,6 +172,17 @@ int consumer(FILE *log, FILE *gc, int fd, struct watch_queue_buffer *buf)
 	exit(0);
 }
 
+static struct watch_notification_filter filter = {
+	.nr_filters	= 1,
+	.__reserved	= 0,
+	.filters = {
+		[0]	= {
+			.type			= WATCH_TYPE_KEY_NOTIFY,
+			.subtype_filter[0]	= UINT_MAX,
+		},
+	},
+};
+
 /*
  * Open the watch device and allocate a buffer.
  */
@@ -198,8 +199,7 @@ static int open_watch(struct watch_queue_buffer **_buf)
 	if (ioctl(fd, IOC_WATCH_QUEUE_SET_SIZE, BUF_SIZE) == -1)
 		error("/dev/watch_queue(size)");
 
-	if (filter.nr_filters &&
-	    ioctl(fd, IOC_WATCH_QUEUE_SET_FILTER, &filter) == -1)
+	if (ioctl(fd, IOC_WATCH_QUEUE_SET_FILTER, &filter) == -1)
 		error("/dev/watch_queue(filter)");
 
 	page_size = sysconf(_SC_PAGESIZE);
@@ -213,84 +213,18 @@ static int open_watch(struct watch_queue_buffer **_buf)
 }
 
 /*
- * Parse a filter character representation into a subtype number.
- */
-static bool parse_subtype(struct watch_notification_type_filter *t, char filter)
-{
-	static const char filter_mapping[] =
-		"i" /* 0 NOTIFY_KEY_INSTANTIATED */
-		"p" /* 1 NOTIFY_KEY_UPDATED */
-		"l" /* 2 NOTIFY_KEY_LINKED */
-		"n" /* 3 NOTIFY_KEY_UNLINKED */
-		"c" /* 4 NOTIFY_KEY_CLEARED */
-		"r" /* 5 NOTIFY_KEY_REVOKED */
-		"v" /* 6 NOTIFY_KEY_INVALIDATED */
-		"s" /* 7 NOTIFY_KEY_SETATTR */
-		;
-	const char *p;
-	unsigned int st_bits;
-	unsigned int st_index;
-	unsigned int st_bit;
-	int subtype;
-
-	p = strchr(filter_mapping, filter);
-	if (!p)
-		return false;
-
-	subtype = p - filter_mapping;
-	st_bits = sizeof(t->subtype_filter[0]) * 8;
-	st_index = subtype / st_bits;
-	st_bit = 1U << (subtype % st_bits);
-	t->subtype_filter[st_index] |= st_bit;
-	return true;
-}
-
-/*
- * Parse filters.
- */
-static void parse_watch_filter(char *str)
-{
-	struct watch_notification_filter *f = &filter;
-	struct watch_notification_type_filter *t0 = &f->filters[0];
-
-	f->nr_filters	= 1;
-	t0->type	= WATCH_TYPE_KEY_NOTIFY;
-
-	for (; *str; str++) {
-		if (parse_subtype(t0, *str))
-			continue;
-		fprintf(stderr, "Unknown filter character '%c'\n", *str);
-		exit(2);
-	}
-}
-
-/*
  * Watch a key or keyring for changes.
  */
 void act_keyctl_watch(int argc, char *argv[])
 {
 	struct watch_queue_buffer *buf;
 	key_serial_t key;
-	int wfd, opt;
-
-	while (opt = getopt(argc, argv, "f:"),
-	       opt != -1) {
-		switch (opt) {
-		case 'f':
-			parse_watch_filter(optarg);
-			break;
-		default:
-			fprintf(stderr, "Unknown option\n");
-			exit(2);
-		}
-	}
+	int wfd;
 
-	argv += optind;
-	argc -= optind;
-	if (argc != 1)
+	if (argc != 2)
 		format();
 
-	key = get_key_id(argv[0]);
+	key = get_key_id(argv[1]);
 	wfd = open_watch(&buf);
 
 	if (keyctl_watch_key(key, wfd, 0x01) == -1)
@@ -422,15 +356,12 @@ void act_keyctl_watch_session(int argc, char *argv[])
 	FILE *log, *gc;
 	int wfd, tfd, opt, w, e = 0, e2 = 0;
 
-	while (opt = getopt(argc, argv, "+df:n:"),
+	while (opt = getopt(argc, argv, "+dn:"),
 	       opt != -1) {
 		switch (opt) {
 		case 'd':
 			debug = 1;
 			break;
-		case 'f':
-			parse_watch_filter(optarg);
-			break;
 		case 'n':
 			session_name = optarg;
 			break;
diff --git a/man/keyctl.1 b/man/keyctl.1
index 2343762..f18f92d 100644
--- a/man/keyctl.1
+++ b/man/keyctl.1
@@ -115,13 +115,13 @@ keyctl \- key management facility control
 .br
 \fBkeyctl\fR pkey_decrypt <key> <pass> <datafile> <sigfile> [k=v]*
 .br
-\fBkeyctl\fR watch [\-f<filters>] <key>
+\fBkeyctl\fR watch <key>
 .br
 \fBkeyctl\fR watch_add <fd> <key>
 .br
 \fBkeyctl\fR watch_rm <fd> <key>
 .br
-\fBkeyctl\fR watch_session [\-f <filters>] [-n <name>] \\
+\fBkeyctl\fR watch_session [-n <name>] \\
                 <notifylog> <gclog> <fd> <prog> [<arg1> <arg2> ...]
 .SH DESCRIPTION
 This program is used to control the key management facility in various ways
@@ -954,9 +954,9 @@ keyctl pkey_verify $k 0 foo.hash foo.sig enc=pkcs1 hash=sha256
 See asymmetric-key(7) for more information.
 
 .SS Change notifications
-\fBkeyctl\fR watch [\-f<filters>] <key>
+\fBkeyctl\fR watch <key>
 .br
-\fBkeyctl\fR watch_session [\-f <filters>] [-n <name>] \\
+\fBkeyctl\fR watch_session [-n <name>] \\
                 <notifylog> <gclog> <fd> <prog> [<arg1> <arg2> ...]
 \fBkeyctl\fR watch_add <fd> <key>
 .br
@@ -966,24 +966,7 @@ See asymmetric-key(7) for more information.
 The
 .B watch
 command watches a single key, printing notifications to stdout until the key
-is destroyed.  Filters can be employed to cut down the events that will be
-delivered.  The
-.I filter
-string is a series of letters, each one of which enables a particular event
-subtype:
-.PP
-.RS
-.nf
-.BR i " - The key has been instantiated"
-.BR p " - The key has been updated"
-.BR l " - A link has been added to a keyring"
-.BR n " - A link has been removed from a keyring"
-.BR c " - A keyring has been cleared"
-.BR r " - A key has been revoked"
-.BR v " - A key has been invalidated"
-.BR s " - A key has had its attributes changed"
-.fi
-.RE
+is destroyed.
 .PP
 The output of the command looks like:
 .PP
diff --git a/tests/keyctl/watch/bad-args/runtest.sh b/tests/keyctl/watch/bad-args/runtest.sh
deleted file mode 100644
index 8bbd8c0..0000000
--- a/tests/keyctl/watch/bad-args/runtest.sh
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/bash
-
-. ../../../prepare.inc.sh
-. ../../../toolbox.inc.sh
-
-
-# ---- do the actual testing ----
-
-result=PASS
-echo "++++ BEGINNING TEST" >$OUTPUTFILE
-
-# Attempt to watch an invalid key
-marker "CHECK WATCH INVALID KEY"
-watch_key --fail 0
-expect_error EINVAL
-
-# Add a user key to the session keyring for us to play with
-marker "ADD USER KEY"
-create_key --new=keyid user wibble stuff @s
-
-# Remove the key we just added
-marker "UNLINK KEY"
-unlink_key --wait $keyid @s
-
-# It should fail when we attempt to watch it
-marker "UPDATE UNLINKED KEY"
-watch_key --fail $keyid
-expect_error ENOKEY
-
-# Try a number of dodgy filters
-marker "CHECK DODGY FILTERS"
-watch_key --fail2 -fZ @s
-watch_key --fail2 -fZ -fQ @s
-watch_key --fail2 -f: @s
-
-echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE
-
-# --- then report the results in the database ---
-toolbox_report_result $TEST $result
diff --git a/tests/keyctl/watch/noargs/runtest.sh b/tests/keyctl/watch/noargs/runtest.sh
deleted file mode 100644
index e2bc7d7..0000000
--- a/tests/keyctl/watch/noargs/runtest.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/bash
-
-. ../../../prepare.inc.sh
-. ../../../toolbox.inc.sh
-
-
-# ---- do the actual testing ----
-
-result=PASS
-echo "++++ BEGINNING TEST" >$OUTPUTFILE
-
-# check that no arguments fails correctly
-marker "WATCH NO ARGS"
-expect_args_error keyctl watch
-
-# check that two arguments fail correctly
-marker "WATCH TWO ARGS"
-expect_args_error keyctl watch @s @s
-
-# Try a dodgy filter
-marker "CHECK BAD FILTER"
-expect_args_error keyctl watch_key -f 0
-
-echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE
-
-# --- then report the results in the database ---
-toolbox_report_result $TEST $result
diff --git a/tests/toolbox.inc.sh b/tests/toolbox.inc.sh
index 609a6c7..81d639c 100644
--- a/tests/toolbox.inc.sh
+++ b/tests/toolbox.inc.sh
@@ -1834,100 +1834,6 @@ function set_gc_delay()
 
 ###############################################################################
 #
-# watch a key
-#
-###############################################################################
-function watch_key ()
-{
-    my_exitval=0
-    if [ "x$1" = "x--fail" ]
-    then
-	my_exitval=1
-	shift
-    elif [ "x$1" = "x--fail2" ]
-    then
-	my_exitval=2
-	shift
-    fi
-
-    echo keyctl watch "$@" >>$OUTPUTFILE
-    nice --adjustment=-3 keyctl watch "$@" >>$PWD/notify.log 2>>$OUTPUTFILE
-    if [ $? != $my_exitval ]
-    then
-	failed
-    fi
-}
-
-###############################################################################
-#
-# Check for a notification
-#
-#	expect_notification [--filter=[i|p|l|n|c|r|v|s]] <keyid> <op> [<alt>]
-#
-###############################################################################
-function expect_notification ()
-{
-    local want
-
-    local filter=""
-    case "x$1" in
-	x--filter*)
-	    case $1 in
-		--filter=)  filter=;;
-		--filter=i) filter=inst;;
-		--filter=p) filter=upd;;
-		--filter=l) filter=link;;
-		--filter=n) filter=unlk;;
-		--filter=c) filter=clr;;
-		--filter=r) filter=rev;;
-		--filter=v) filter=inv;;
-		--filter=s) filter=attr;;
-		*)
-		    echo "Unknown param $1 to expect_notification()" >&2
-		    exit 2
-		    ;;
-	    esac
-	    shift
-	    ;;
-    esac
-    
-    if [ $# = 2 ]
-    then
-	want="$1 $2"
-	op=$2
-    elif [ $# = 3 ]
-    then
-	want="$1 $2 $3"
-	op=$2
-    else
-	echo "Wrong parameters to expect_notification" >&2
-	exit 2
-    fi
-
-    if tail -3 $PWD/notify.log | grep "^${want}\$" >/dev/null
-    then
-	echo "Found notification '$*'" >>$OUTPUTFILE
-	if [ "$filter" != "" -a $op != "$filter" ]
-	then
-	    echo "Notification '$want' should be filtered" >&2
-	    failed
-	fi
-    else
-	echo "Notification '$*' not present" >>$OUTPUTFILE
-	if [ "$filter" = "" ]
-	then
-	    echo "Missing notification '$want'" >&2
-	    failed
-	elif [ $op = "$filter" ]
-	then
-	    echo "Notification unexpectedly filtered '$want' $filter" >&2
-	    failed
-	fi
-    fi
-}
-
-###############################################################################
-#
 # Note the creation of a new key
 #
 #	expect_new_key <variable_name> <keyring> [<expected_id>]