From 85bbc387c3f7bcfd094b78e2fc2779e27aca348f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Tue, 20 Nov 2018 11:56:09 +0100
Subject: [PATCH 10/15] lib: refuse to activate profile if unsupported feature
 was selected

Resolves:
https://github.com/pbrezina/authselect/issues/107
---
 include/authselect.h        |  1 +
 src/lib/authselect.c        | 44 +++++++++++++++++++++++++++++++++++++
 src/lib/util/string.c       | 40 +++++++++++++++++++++++++++++++++
 src/lib/util/string.h       |  6 +++++
 src/lib/util/string_array.c | 30 +++++++++++++++++++++++++
 src/lib/util/string_array.h | 15 +++++++++++++
 src/tests/Makefile.am       |  1 +
 7 files changed, 137 insertions(+)

diff --git a/include/authselect.h b/include/authselect.h
index 462f54291e8283d5778005ac1747dd03258584be..110f22a864157f898541be573e800ed7d6c38e0a 100644
--- a/include/authselect.h
+++ b/include/authselect.h
@@ -70,6 +70,7 @@ enum authselect_profile_type {
  *   authselect and @force_overwrite must be set to true to force
  *   overwrite the existing files.
  * - ENOENT if the profile was not found.
+ * - EINVAL if unsupported feature was provided.
  * - Other errno code on generic error.
  */
 int
diff --git a/src/lib/authselect.c b/src/lib/authselect.c
index 3148f63b60534480b05b1ddb5587e4ed09aaa84a..1b4337e2e0eae4f298e59f90cc9c8659891e23f3 100644
--- a/src/lib/authselect.c
+++ b/src/lib/authselect.c
@@ -29,6 +29,45 @@
 #include "lib/files/files.h"
 #include "lib/profiles/profiles.h"
 
+static bool
+authselect_check_features(const struct authselect_profile *profile,
+                          const char **features)
+{
+    const char *similar;
+    bool result = true;
+    char **supported;
+    int i;
+
+    if (features == NULL) {
+        return true;
+    }
+
+    supported = authselect_profile_features(profile);
+    if (supported == NULL) {
+        ERROR("Unable to obtain supported features");
+        return false;
+    }
+
+    for (i = 0; features[i] != NULL; i++) {
+        if (string_array_has_value(supported, features[i])) {
+            continue;
+        }
+
+        result = false;
+        similar = string_array_find_similar(features[i], supported, 5);
+        if (similar != NULL) {
+            ERROR("Unknown profile feature [%s], did you mean [%s]?",
+                  features[i], similar);
+        } else {
+            ERROR("Unknown profile feature [%s]", features[i]);
+        }
+    }
+
+    string_array_free(supported);
+
+    return result;
+}
+
 _PUBLIC_ void
 authselect_set_debug_fn(authselect_debug_fn fn, void *pvt)
 {
@@ -53,6 +92,11 @@ authselect_activate(const char *profile_id,
         return ret;
     }
 
+    if (!authselect_check_features(profile, features)) {
+        ret = EINVAL;
+        goto done;
+    }
+
     if (force_overwrite) {
         INFO("Enforcing activation!");
         ret = authselect_profile_activate(profile, features);
diff --git a/src/lib/util/string.c b/src/lib/util/string.c
index 73ae778663bd8db024620a58987833ede60307d1..e6803bcd4e41adc05eaa623089009b17ccd4f49b 100644
--- a/src/lib/util/string.c
+++ b/src/lib/util/string.c
@@ -329,3 +329,43 @@ string_replace_shake(char *str, size_t original_length)
         str[pos] = '\0';
     }
 }
+
+static int
+min3(unsigned int a, unsigned int b, unsigned int c)
+{
+    if (a < b && a < c) {
+        return a;
+    } else if (b < a && b < c) {
+        return b;
+    }
+
+    return c;
+}
+
+int
+string_levenshtein(const char *a, const char *b)
+{
+    unsigned int len_a = strlen(a);
+    unsigned int len_b = strlen(b);
+    unsigned int x;
+    unsigned int y;
+    unsigned int last_diag;
+    unsigned int old_diag;
+    unsigned int column[len_a + 1];
+
+    for (y = 1; y <= len_a; y++) {
+        column[y] = y;
+    }
+
+    for (x = 1; x <= len_b; x++) {
+        column[0] = x;
+        for (y = 1, last_diag = x - 1; y <= len_a; y++) {
+            old_diag = column[y];
+            column[y] = min3(column[y] + 1, column[y - 1] + 1,
+                             last_diag + (a[y - 1] == b[x - 1] ? 0 : 1));
+            last_diag = old_diag;
+        }
+    }
+
+    return column[len_a];
+}
diff --git a/src/lib/util/string.h b/src/lib/util/string.h
index d7ca04491e5ceff20bd1d6e136ea151166156546..e550d853d3fa0699909b84cc9febdae9d5884b9f 100644
--- a/src/lib/util/string.h
+++ b/src/lib/util/string.h
@@ -179,4 +179,10 @@ string_remove_remainder(char *str, size_t from);
 void
 string_replace_shake(char *str, size_t original_length);
 
+/**
+ * Compute Levenshtein distance of two strings.
+ */
+int
+string_levenshtein(const char *a, const char *b);
+
 #endif /* _STRING_H_ */
diff --git a/src/lib/util/string_array.c b/src/lib/util/string_array.c
index 43e30d0008b5709f97da9c43f8f2c28ef2475df5..e56d66bdcce7c8a1cf99f9b91068614c4b8d3d81 100644
--- a/src/lib/util/string_array.c
+++ b/src/lib/util/string_array.c
@@ -25,6 +25,7 @@
 
 #include "common/common.h"
 #include "lib/util/string_array.h"
+#include "lib/util/string.h"
 
 char **
 string_array_create(size_t num_items)
@@ -195,3 +196,32 @@ string_array_sort(char **array)
     qsort(array, string_array_count(array), sizeof(char *),
           string_array_sort_callback);
 }
+
+const char *
+string_array_find_similar(const char *value, char **array, int max_distance)
+{
+    const char *word = NULL;
+    int current;
+    int best;
+    int i;
+
+    for (i = 0; array[i] != NULL; i++) {
+        current = string_levenshtein(value, array[i]);
+        if (word == NULL) {
+            best = current;
+            word = array[i];
+            continue;
+        }
+
+        if (current < best) {
+            best = current;
+            word = array[i];
+        }
+    }
+
+    if (best > max_distance) {
+        return NULL;
+    }
+
+    return word;
+}
diff --git a/src/lib/util/string_array.h b/src/lib/util/string_array.h
index 06aa46c008058163e5557d51e18258fa4e9a1523..ba9760b5d66a9619ca8edea5e3418c5cfbbec929 100644
--- a/src/lib/util/string_array.h
+++ b/src/lib/util/string_array.h
@@ -138,4 +138,19 @@ string_array_concat(char **to, char **items, bool unique);
 void
 string_array_sort(char **array);
 
+/**
+ * Find similar word inside a NULL-terminated array, based on Levenshtein
+ * distance algorithm.
+ *
+ * @param value        Value to search in @array.
+ * @param array        NULL-terminated string array.
+ * @param max_distance Maximum distance between two strings. If the real
+ *                     distance is greater then this value, those string
+ *                     are not considered as similar.
+ *
+ * @return Most similar word that was found or NULL if non was found.
+ */
+const char *
+string_array_find_similar(const char *value, char **array, int max_distance);
+
 #endif /* _STRING_ARRAY_H_ */
diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
index 1cfebeab6bf3b36e760372b05482fd9f322feab1..e1505e6b5787a669065e5ea3c7acf55ea110c4da 100644
--- a/src/tests/Makefile.am
+++ b/src/tests/Makefile.am
@@ -23,6 +23,7 @@ check_PROGRAMS = $(TESTS)
 test_util_string_array_SOURCES = \
     test_util_string_array.c \
     ../lib/util/string_array.c \
+    ../lib/util/string.c \
     $(NULL)
 test_util_string_array_CFLAGS = \
     $(AM_CFLAGS)
-- 
2.17.2