chiark / gitweb /
~ianmdlvl / secnet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
make-secnet-sites: Don't allow setting new VPN-level props when restricted.
[secnet.git] / make-secnet-sites
diff --git a/make-secnet-sites b/make-secnet-sites
index b66f95070c3f9f2a158f785f02d8cc44a725db1e..5f271e3bc80731c27fe112d6b2c7c62191ae2bbc 100755 (executable)
--- a/make-secnet-sites
+++ b/make-secnet-sites
@@ -380,13 +380,16 @@ def pline(i,allow_include=False):
                        current=nl
                obstack.append(current)
                return [i]
                        current=nl
                obstack.append(current)
                return [i]
-       if current.allow_properties.has_key(keyword):
-               set_property(current,w)
-               return [i]
-       else:
+       if not current.allow_properties.has_key(keyword):
                complain("Property %s not allowed at %s level"%
                        (keyword,current.type))
                return []
                complain("Property %s not allowed at %s level"%
                        (keyword,current.type))
                return []
+       elif current.depth == vpnlevel.depth < allow_defs:
+               complain("Not allowed to set VPN properties here")
+               return []
+       else:
+               set_property(current,w)
+               return [i]
 
        complain("unknown keyword '%s'"%(keyword))
 
 
        complain("unknown keyword '%s'"%(keyword))
 
secnet (vpn system) - master public repo