/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. * */ header { package org.apache.directory.studio.openldap.config.acl.model; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.util.List; } // ---------------------------------------------------------------------------- // lexer class definition // ---------------------------------------------------------------------------- /** * The ANTLR generated OpenLDAP ACL parser. */ class AntlrAclLexer extends Lexer; // ---------------------------------------------------------------------------- // lexer options // ---------------------------------------------------------------------------- options { k = 10; charVocabulary = '\0'..'\377'; caseSensitive = false ; defaultErrorHandler = false ; } //---------------------------------------------------------------------------- // tokens //---------------------------------------------------------------------------- tokens { ID_access = "access"; ID_anonymous = "anonymous"; ID_attr = "attr"; ID_attrs = "attrs"; ID_auth = "auth"; ID_base = "base"; ID_base_object = "baseobject"; ID_break = "break"; ID_by = "by"; ID_c = "c"; ID_children = "children"; ID_compare = "compare"; ID_continue = "continue"; ID_disclose = "disclose"; ID_dn = "dn"; ID_dnattr = "dnattr"; ID_entry = "entry"; ID_exact = "exact"; ID_expand = "expand"; ID_filter = "filter"; ID_group = "group"; ID_level = "level"; ID_m = "m"; ID_manage = "manage"; ID_matchingRule = "matchingRule"; ID_none = "none"; ID_one = "one"; ID_one_level = "onelevel"; ID_r = "r"; ID_read = "read"; ID_regex = "regex"; ID_s = "s"; ID_search = "search"; ID_self = "self"; ID_stop = "stop"; ID_sub = "sub"; ID_subtree = "subtree"; ID_to = "to"; ID_users = "users"; ID_w = "w"; ID_x = "x"; ID_write = "write"; } protected DIGIT : '0' | LDIGIT; protected LDIGIT : '1'..'9'; INTEGER : DIGIT | ( LDIGIT ( DIGIT )+ ); DOUBLE_QUOTED_STRING : '"'! ( ~'"' )* '"'!; ATTR_IDENT : ('a'..'z' | '!' | '@' ) ('a'..'z' | DIGIT | '-' | ';' )*; OPEN_CURLY : '{'; CLOSE_CURLY : '}'; SP : ( ' ' | '\t' | '\n' { newline(); } | '\r' )+; SSF : "ssf" EQUAL strength:INTEGER { setText( strength.getText() ); }; TRANSPORT_SSF : "transport_ssf" EQUAL strength:INTEGER { setText( strength.getText() ); }; TLS_SSF : "tls_ssf" EQUAL strength:INTEGER { setText( strength.getText() ); }; SASL_SSF : "sasl_ssf" EQUAL strength:INTEGER { setText( strength.getText() ); }; DOT : '.'; SEP : ','; EQUAL : '='; STAR : '*'; PLUS : '+'; MINUS : '-'; SLASH : '/'; FILTER : '(' ( ( '&' ( SP )? (FILTER)+ ) | ( '|' (SP)? (FILTER)+ ) | ( '!' (SP)? FILTER ) | FILTER_VALUE ) ')'; protected FILTER_VALUE : (options{greedy=true;}: ~( ')' | '(' | '&' | '|' | '!' ) ( ~(')') )* ) ; // ---------------------------------------------------------------------------- // parser class definition // ---------------------------------------------------------------------------- /** * The ANTLR generated OpenLDAP ACL parser. */ class AntlrAclParser extends Parser; // ---------------------------------------------------------------------------- // parser options // ---------------------------------------------------------------------------- options { k = 2; defaultErrorHandler = false ; } // ---------------------------------------------------------------------------- // parser initialization // ---------------------------------------------------------------------------- { private static final Logger log = LoggerFactory.getLogger( AntlrAclParser.class ); private AclItem aclItem; public AclItem getAclItem() { return aclItem; } } parse { log.debug( "entered parse()" ); } : ( SP )? aclItem ( SP )? EOF ; aclItem { log.debug( "entered aclItem()" ); aclItem = new AclItem(); } : ( ID_access SP )? ID_to ( SP what )+ ( SP ID_by SP who )* ; what { log.debug( "entered what()" ); } : ( what_star | what_dn | what_attrs | what_filter ) ; what_star { log.debug( "entered what_star()" ); } : STAR { if ( aclItem.getWhatClause().getStarClause() == null ) { aclItem.getWhatClause().setStarClause( new AclWhatClauseStar() ); } else { throw new RecognitionException( "A star (*) what clause already exists in the ACL." ); } }; what_dn { log.debug( "entered what_dn()" ); AclWhatClauseDn whatClauseDn = new AclWhatClauseDn(); if ( aclItem.getWhatClause().getDnClause() == null ) { aclItem.getWhatClause().setDnClause( whatClauseDn ); } else { throw new RecognitionException( "A DN what clause already exists in the ACL." ); } } : ID_dn ( DOT what_dn_type )? ( SP )? EQUAL ( SP )? token:DOUBLE_QUOTED_STRING { whatClauseDn.setPattern( token.getText() ); } ; what_dn_type { log.debug( "entered what_dn_type()" ); AclWhatClause whatClause = aclItem.getWhatClause(); AclWhatClauseDn whatClauseDn = whatClause.getDnClause(); if ( whatClauseDn == null ) { // Throw an exception ? return; } } : ID_regex { whatClauseDn.setType( AclWhatClauseDnTypeEnum.REGEX ); } | ID_base { whatClauseDn.setType( AclWhatClauseDnTypeEnum.BASE ); } | ID_exact { whatClauseDn.setType( AclWhatClauseDnTypeEnum.EXACT ); } | ID_one { whatClauseDn.setType( AclWhatClauseDnTypeEnum.ONE ); } | ID_subtree { whatClauseDn.setType( AclWhatClauseDnTypeEnum.SUBTREE ); } | ID_children { whatClauseDn.setType( AclWhatClauseDnTypeEnum.CHILDREN ); } ; what_attrs { log.debug( "entered what_attrs()" ); if ( aclItem.getWhatClause().getAttributesClause() == null ) { aclItem.getWhatClause().setAttributesClause( new AclWhatClauseAttributes() ); } else { throw new RecognitionException( "A attributes what clause already exists in the ACL." ); } } : ( ID_attrs | ID_attr ) ( SP )? EQUAL ( SP )? what_attrs_attr_ident ( SEP what_attrs_attr_ident )* ( SP what_attrs_val )? ; what_attrs_val { log.debug( "entered what_attrs_val()" ); AclWhatClause whatClause = aclItem.getWhatClause(); AclWhatClauseAttributes whatClauseAttributes = whatClause.getAttributesClause(); if ( whatClauseAttributes == null ) { // Throw an exception ? return; } } : ID_val ( what_attrs_matchingRule )? ( what_attrs_style )? ( SP )? EQUAL ( SP )? token:DOUBLE_QUOTED_STRING { whatClauseAttributes.setVal( true ); whatClauseAttributes.setValue( token.getText() ); } ; what_attrs_matchingRule { log.debug( "entered what_attrs_matchingRule()" ); AclWhatClause whatClause = aclItem.getWhatClause(); AclWhatClauseAttributes whatClauseAttributes = whatClause.getAttributesClause(); if ( whatClauseAttributes == null ) { // Throw an exception ? return; } } : SLASH ID_matchingRule { whatClauseAttributes.setMatchingRule( true ); } ; what_attrs_style { log.debug( "entered what_attrs_style()" ); AclWhatClause whatClause = aclItem.getWhatClause(); AclWhatClauseAttributes whatClauseAttributes = whatClause.getAttributesClause(); if ( whatClauseAttributes == null ) { // Throw an exception ? return; } } : DOT ( ID_exact { whatClauseAttributes.setStyle( AclAttributeStyleEnum.EXACT ); } | ID_base { whatClauseAttributes.setStyle( AclAttributeStyleEnum.BASE ); } | ID_base_object { whatClauseAttributes.setStyle( AclAttributeStyleEnum.BASE_OBJECT ); } | ID_regex { whatClauseAttributes.setStyle( AclAttributeStyleEnum.REGEX ); } | ID_one { whatClauseAttributes.setStyle( AclAttributeStyleEnum.ONE ); } | ID_one_level { whatClauseAttributes.setStyle( AclAttributeStyleEnum.ONE_LEVEL ); } | ID_sub { whatClauseAttributes.setStyle( AclAttributeStyleEnum.SUB ); } | ID_subtree { whatClauseAttributes.setStyle( AclAttributeStyleEnum.SUBTREE ); } | ID_children { whatClauseAttributes.setStyle( AclAttributeStyleEnum.CHILDREN ); } ) ; what_attrs_attr_ident { log.debug( "entered what_attrs_attr_ident()" ); AclWhatClause whatClause = aclItem.getWhatClause(); AclWhatClauseAttributes whatClauseAttributes = whatClause.getAttributesClause(); if ( whatClauseAttributes == null ) { // Throw an exception ? return; } } : token:ATTR_IDENT { whatClauseAttributes.addAttribute( token.getText() ); } ; what_filter { log.debug( "entered what_filter()" ); if ( aclItem.getWhatClause().getFilterClause() != null ) { throw new RecognitionException( "A filter what clause already exists in the ACL." ); } } : ID_filter ( SP )? EQUAL ( SP )? token:FILTER { AclWhatClauseFilter whatClauseFilter = new AclWhatClauseFilter(); whatClauseFilter.setFilter( token.getText() ); aclItem.getWhatClause().setFilterClause( whatClauseFilter ); }; who { log.debug( "entered who()" ); } : ( who_star | who_anonymous | who_users | who_self | who_dn | who_dnattr | who_group | who_ssf | who_transport_ssf | who_tls_ssf | who_sasl_ssf ) ( SP who_access_level )? ( SP who_control )? ; who_anonymous { log.debug( "entered who_anonymous()" ); } : ID_anonymous { aclItem.addWhoClause( new AclWhoClauseAnonymous() ); }; who_users { log.debug( "entered who_users()" ); } : ID_users { aclItem.addWhoClause( new AclWhoClauseUsers() ); }; who_self { log.debug( "entered who_self()" ); } : ID_self { aclItem.addWhoClause( new AclWhoClauseSelf() ); }; who_star { log.debug( "entered who_star()" ); } : STAR { aclItem.addWhoClause( new AclWhoClauseStar() ); }; who_dnattr { log.debug( "entered who_dnattr()" ); AclWhoClauseDnAttr whoClauseDnAttr = new AclWhoClauseDnAttr(); aclItem.addWhoClause( whoClauseDnAttr ); } : ID_dnattr ( SP )? EQUAL ( SP )? token:ATTR_IDENT { whoClauseDnAttr.setAttribute( token.getText() ); }; who_group { log.debug( "entered who_group()" ); AclWhoClauseGroup whoClauseGroup = new AclWhoClauseGroup(); aclItem.addWhoClause( whoClauseGroup ); } : ID_group ( SLASH objectclass:ATTR_IDENT ( SLASH attrname:ATTR_IDENT )? )? ( DOT who_group_type )? EQUAL pattern:DOUBLE_QUOTED_STRING { if ( objectclass != null ) { whoClauseGroup.setObjectclass( objectclass.getText() ); } if ( attrname != null ) { whoClauseGroup.setAttribute( attrname.getText() ); } if ( pattern != null ) { whoClauseGroup.setPattern( pattern.getText() ); } }; who_group_type { log.debug( "entered who_group_type()" ); List whoClauses = aclItem.getWhoClauses(); AclWhoClause whoClause = aclItem.getWhoClauses().get( whoClauses.size() - 1 ); if ( !( whoClause instanceof AclWhoClauseGroup ) ) { // Throw an exception ? return; } AclWhoClauseGroup whoClauseGroup = ( AclWhoClauseGroup ) whoClause; } : ID_exact { whoClauseGroup.setType( AclWhoClauseGroupTypeEnum.EXACT ); } | ID_expand { whoClauseGroup.setType( AclWhoClauseGroupTypeEnum.EXPAND ); } ; who_dn { log.debug( "entered who_dn()" ); AclWhoClauseDn whoClauseDn = new AclWhoClauseDn(); aclItem.addWhoClause( whoClauseDn ); } : ID_dn ( DOT who_dn_type ( SEP who_dn_modifier )? )? ( SP )? EQUAL ( SP )? token:DOUBLE_QUOTED_STRING { whoClauseDn.setPattern( token.getText() ); }; who_dn_type { log.debug( "entered who_dn_type()" ); List whoClauses = aclItem.getWhoClauses(); AclWhoClause whoClause = aclItem.getWhoClauses().get( whoClauses.size() - 1 ); if ( !( whoClause instanceof AclWhoClauseDn ) ) { // Throw an exception ? return; } AclWhoClauseDn whoClauseDn = ( AclWhoClauseDn ) whoClause; } : ID_regex { whoClauseDn.setType( AclWhoClauseDnTypeEnum.REGEX ); } | ID_base { whoClauseDn.setType( AclWhoClauseDnTypeEnum.BASE ); } | ID_exact { whoClauseDn.setType( AclWhoClauseDnTypeEnum.EXACT ); } | ID_one { whoClauseDn.setType( AclWhoClauseDnTypeEnum.ONE ); } | ID_subtree { whoClauseDn.setType( AclWhoClauseDnTypeEnum.SUBTREE ); } | ID_children { whoClauseDn.setType( AclWhoClauseDnTypeEnum.CHILDREN ); } | ID_level OPEN_CURLY token:INTEGER CLOSE_CURLY { AclWhoClauseDnTypeEnum levelType = AclWhoClauseDnTypeEnum.LEVEL; levelType.setLevel( Integer.valueOf( token.getText() ) ); whoClauseDn.setType( levelType ); } ; who_dn_modifier { log.debug( "entered who_dn_modifier()" ); List whoClauses = aclItem.getWhoClauses(); AclWhoClause whoClause = aclItem.getWhoClauses().get( whoClauses.size() - 1 ); if ( !( whoClause instanceof AclWhoClauseDn ) ) { // Throw an exception ? return; } AclWhoClauseDn whoClauseDn = ( AclWhoClauseDn ) whoClause; } : ID_expand { whoClauseDn.setModifier( AclWhoClauseDnModifierEnum.EXPAND ); } ; who_access_level { log.debug( "entered who_access_level()" ); List whoClauses = aclItem.getWhoClauses(); if ( whoClauses.size() == 0 ) { // Throw an exception ? return; } AclWhoClause whoClause = aclItem.getWhoClauses().get( whoClauses.size() - 1 ); AclAccessLevel accessLevel = new AclAccessLevel(); whoClause.setAccessLevel( accessLevel ); } : ID_self SP ( who_access_level_level | who_access_level_priv )? { accessLevel.setSelf( true ); } | ( who_access_level_level | who_access_level_priv )? { accessLevel.setSelf( false ); } ; who_access_level_level { log.debug( "entered who_access_level_level()" ); List whoClauses = aclItem.getWhoClauses(); if ( whoClauses.size() == 0 ) { // Throw an exception ? return; } AclWhoClause whoClause = aclItem.getWhoClauses().get( whoClauses.size() - 1 ); AclAccessLevel accessLevel = whoClause.getAccessLevel(); if ( accessLevel == null ) { // Throw an exception ? return; } } : ID_manage { accessLevel.setLevel( AclAccessLevelLevelEnum.MANAGE ); } | ID_write { accessLevel.setLevel( AclAccessLevelLevelEnum.WRITE ); } | ID_read { accessLevel.setLevel( AclAccessLevelLevelEnum.READ ); } | ID_search { accessLevel.setLevel( AclAccessLevelLevelEnum.SEARCH ); } | ID_compare { accessLevel.setLevel( AclAccessLevelLevelEnum.COMPARE ); } | ID_auth { accessLevel.setLevel( AclAccessLevelLevelEnum.AUTH ); } | ID_disclose { accessLevel.setLevel( AclAccessLevelLevelEnum.DISCLOSE ); } | ID_none { accessLevel.setLevel( AclAccessLevelLevelEnum.NONE ); } ; who_access_level_priv { log.debug( "entered who_access_level_priv()" ); } : who_access_level_priv_modifier ( who_access_level_priv_priv )+ ; who_access_level_priv_modifier { log.debug( "entered who_access_level_priv_modifier()" ); List whoClauses = aclItem.getWhoClauses(); if ( whoClauses.size() == 0 ) { // Throw an exception ? return; } AclWhoClause whoClause = aclItem.getWhoClauses().get( whoClauses.size() - 1 ); AclAccessLevel accessLevel = whoClause.getAccessLevel(); if ( accessLevel == null ) { // Throw an exception ? return; } } : EQUAL { accessLevel.setPrivilegeModifier( AclAccessLevelPrivModifierEnum.EQUAL ); } | PLUS { accessLevel.setPrivilegeModifier( AclAccessLevelPrivModifierEnum.PLUS ); } | MINUS { accessLevel.setPrivilegeModifier( AclAccessLevelPrivModifierEnum.MINUS ); } ; who_access_level_priv_priv { log.debug( "entered who_access_level_priv_priv()" ); List whoClauses = aclItem.getWhoClauses(); if ( whoClauses.size() == 0 ) { // Throw an exception ? return; } AclWhoClause whoClause = aclItem.getWhoClauses().get( whoClauses.size() - 1 ); AclAccessLevel accessLevel = whoClause.getAccessLevel(); if ( accessLevel == null ) { // Throw an exception ? return; } } : ID_m { accessLevel.addPrivilege( AclAccessLevelPrivilegeEnum.MANAGE ); } | ID_w { accessLevel.addPrivilege( AclAccessLevelPrivilegeEnum.WRITE ); } | ID_r { accessLevel.addPrivilege( AclAccessLevelPrivilegeEnum.READ ); } | ID_s { accessLevel.addPrivilege( AclAccessLevelPrivilegeEnum.SEARCH ); } | ID_c { accessLevel.addPrivilege( AclAccessLevelPrivilegeEnum.COMPARE ); } | ID_x { accessLevel.addPrivilege( AclAccessLevelPrivilegeEnum.AUTHENTICATION ); } ; who_control { log.debug( "entered who_control()" ); List whoClauses = aclItem.getWhoClauses(); if ( whoClauses.size() == 0 ) { // Throw an exception ? return; } AclWhoClause whoClause = aclItem.getWhoClauses().get( whoClauses.size() - 1 ); } : ID_stop { whoClause.setControl( AclControlEnum.STOP ); } | ID_continue { whoClause.setControl( AclControlEnum.CONTINUE ); } | ID_break { whoClause.setControl( AclControlEnum.BREAK ); } ; who_ssf { log.debug( "entered who_ssf()" ); AclWhoClauseSsf whoClauseSsf = new AclWhoClauseSsf(); aclItem.addWhoClause( whoClauseSsf ); } : strength:SSF { whoClauseSsf.setStrength( Integer.valueOf( strength.getText() ) ); } ; who_transport_ssf { log.debug( "entered who_transport_ssf()" ); AclWhoClauseTransportSsf whoClauseTransportSsf = new AclWhoClauseTransportSsf(); aclItem.addWhoClause( whoClauseTransportSsf ); } : strength:TRANSPORT_SSF { whoClauseTransportSsf.setStrength( Integer.valueOf( strength.getText() ) ); } ; who_tls_ssf { log.debug( "entered who_tls_ssf()" ); AclWhoClauseTlsSsf whoClauseTlsSsf = new AclWhoClauseTlsSsf(); aclItem.addWhoClause( whoClauseTlsSsf ); } : strength:TLS_SSF { whoClauseTlsSsf.setStrength( Integer.valueOf( strength.getText() ) ); } ; who_sasl_ssf { log.debug( "entered who_sasl_ssf()" ); AclWhoClauseSaslSsf whoClauseSaslSsf = new AclWhoClauseSaslSsf(); aclItem.addWhoClause( whoClauseSaslSsf ); } : strength:SASL_SSF { whoClauseSaslSsf.setStrength( Integer.valueOf( strength.getText() ) ); } ;