chiark
/
gitweb
/
~ianmdlvl
/
secnet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
make-secnet-sites: Don't allow setting new VPN-level props when restricted.
[secnet.git]
/
make-secnet-sites
diff --git
a/make-secnet-sites
b/make-secnet-sites
index b66f95070c3f9f2a158f785f02d8cc44a725db1e..5f271e3bc80731c27fe112d6b2c7c62191ae2bbc 100755
(executable)
--- a/
make-secnet-sites
+++ b/
make-secnet-sites
@@
-380,13
+380,16
@@
def pline(i,allow_include=False):
current=nl
obstack.append(current)
return [i]
current=nl
obstack.append(current)
return [i]
- if current.allow_properties.has_key(keyword):
- set_property(current,w)
- return [i]
- else:
+ if not current.allow_properties.has_key(keyword):
complain("Property %s not allowed at %s level"%
(keyword,current.type))
return []
complain("Property %s not allowed at %s level"%
(keyword,current.type))
return []
+ elif current.depth == vpnlevel.depth < allow_defs:
+ complain("Not allowed to set VPN properties here")
+ return []
+ else:
+ set_property(current,w)
+ return [i]
complain("unknown keyword '%s'"%(keyword))
complain("unknown keyword '%s'"%(keyword))