make-secnet-sites: Don't allow setting new VPN-level props when restricted.

Currently, one can say something like

	vpn thing
	renegotiate-time 1

	location evil
	## ...

and if the VPN admin failed to set a value for `renegotiate-time' then
everyone will spin their CPUs doing key exchange.

Fix this lacuna.  Now user input can only modify location and site
properties.  If the administrator didn't set a location-level
`restrict-nets', then a user can do this, but obviously that can't make
anything worse.

Signed-off-by: Mark Wooding <mdw@distorted.org.uk>

diff --git a/README.make-secnet-sites b/README.make-secnet-sites
index 9a528c1..cef4368 100644 (file)
--- a/README.make-secnet-sites
+++ b/README.make-secnet-sites
@@ -112,6 +112,9 @@ INPUT SYNTAX
                    VPN, and location properties which are already
                    defined.  (Assigning new properties is permitted.)
 
+                 * It is not permitted to define new VPN-level
+                   properties.
+
        Finally, the properties.
 
        If a property has already been defined on an item, then it is an

diff --git a/make-secnet-sites b/make-secnet-sites
index b66f950..5f271e3 100755 (executable)
--- a/make-secnet-sites
+++ b/make-secnet-sites
@@ -380,13 +380,16 @@ def pline(i,allow_include=False):
                        current=nl
                obstack.append(current)
                return [i]
-       if current.allow_properties.has_key(keyword):
-               set_property(current,w)
-               return [i]
-       else:
+       if not current.allow_properties.has_key(keyword):
                complain("Property %s not allowed at %s level"%
                        (keyword,current.type))
                return []
+       elif current.depth == vpnlevel.depth < allow_defs:
+               complain("Not allowed to set VPN properties here")
+               return []
+       else:
+               set_property(current,w)
+               return [i]
 
        complain("unknown keyword '%s'"%(keyword))