Merge tag 'upstream/1.3' into debian/master

Upstream version 1.3
author: Russ Allbery <eagle@eyrie.org> 2016-01-17 19:43:13 -0800
committer: Russ Allbery <eagle@eyrie.org> 2016-01-17 19:43:13 -0800
commit: cf5297c4ec8815ecc7f5139ef05b9867843db2f7 (patch)
tree: fef6ba149883530c7e7fba771be6ac2e59c4dfe9 /perl/lib/Wallet/ACL
parent: 7e03241ce323be7447b085a8e7b07b78c770b0dc (diff)
parent: 4b3f858ef567c0d12511e7fea2a56f08f2729635 (diff)
9 files changed, 545 insertions, 55 deletions
diff --git a/perl/lib/Wallet/ACL/Base.pm b/perl/lib/Wallet/ACL/Base.pm
index a2b07cc..235a9cb 100644
--- a/perl/lib/Wallet/ACL/Base.pm
+++ b/perl/lib/Wallet/ACL/Base.pm
@@ -1,6 +1,7 @@
-# Wallet::ACL::Base -- Parent class for wallet ACL verifiers.
+# Wallet::ACL::Base -- Parent class for wallet ACL verifiers
 #
 # Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2016 Russ Allbery <eagle@eyrie.org>
 # Copyright 2007, 2010, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
@@ -11,16 +12,12 @@
 ##############################################################################
 
 package Wallet::ACL::Base;
-require 5.006;
 
+use 5.008;
 use strict;
 use warnings;
-use vars qw($VERSION);
 
-# This version should be increased on any code change to this module.  Always
-# use two digits for the minor version with a leading zero if necessary so
-# that it will sort properly.
-$VERSION = '0.02';
+our $VERSION = '1.03';
 
 ##############################################################################
 # Interface
@@ -37,6 +34,11 @@ sub new {
     return $self;
 }
 
+# The default name check method allows any name.
+sub syntax_check {
+    return 1;
+}
+
 # The default check method denies all access.
 sub check {
     return 0;
@@ -92,10 +94,18 @@ inherit from it.  It is not used directly.
 Creates a new ACL verifier.  The generic function provided here just
 creates and blesses an object.
 
-=item check(PRINCIPAL, ACL)
+=item syntax_check(PRINCIPAL, ACL)
+
+This method should be overridden by any child classes that want to
+implement validating the name of an ACL before creation.  The default
+implementation allows any name for an ACL.
+
+=item check(PRINCIPAL, ACL, TYPE, NAME)
 
 This method should always be overridden by child classes.  The default
-implementation just declines all access.
+implementation just declines all access.  TYPE and NAME are the type and
+name of the object being accessed, which may be used by some ACL schemes
+or may be ignored.
 
 =item error([ERROR ...])
 
diff --git a/perl/lib/Wallet/ACL/External.pm b/perl/lib/Wallet/ACL/External.pm
new file mode 100644
index 0000000..caed80e
--- /dev/null
+++ b/perl/lib/Wallet/ACL/External.pm
@@ -0,0 +1,192 @@
+# Wallet::ACL::External -- Wallet external ACL verifier
+#
+# Copyright 2016 Russ Allbery <eagle@eyrie.org>
+#
+# See LICENSE for licensing terms.
+
+##############################################################################
+# Modules and declarations
+##############################################################################
+
+package Wallet::ACL::External;
+
+use 5.008;
+use strict;
+use warnings;
+
+use POSIX qw(_exit);
+use Wallet::ACL::Base;
+use Wallet::Config;
+
+our @ISA     = qw(Wallet::ACL::Base);
+our $VERSION = '1.03';
+
+##############################################################################
+# Interface
+##############################################################################
+
+# Creates a new persistent verifier.  This just checks if the configuration
+# is in place.
+sub new {
+    my $type = shift;
+    unless ($Wallet::Config::EXTERNAL_COMMAND) {
+        die "external ACL support not configured\n";
+    }
+    my $self = {};
+    bless ($self, $type);
+    return $self;
+}
+
+# The most trivial ACL verifier.  Returns true if the provided principal
+# matches the ACL.
+sub check {
+    my ($self, $principal, $acl, $type, $name) = @_;
+    unless ($principal) {
+        $self->error ('no principal specified');
+        return;
+    }
+    my @args = ($principal, $type, $name, $acl);
+    my $pid = open (EXTERNAL, '-|');
+    if (not defined $pid) {
+        $self->error ("cannot fork: $!");
+        return;
+    } elsif ($pid == 0) {
+        unless (open (STDERR, '>&STDOUT')) {
+            warn "wallet: cannot dup stdout: $!\n";
+            _exit(1);
+        }
+        unless (exec ($Wallet::Config::EXTERNAL_COMMAND, @args)) {
+            warn "wallet: cannot run $Wallet::Config::EXTERNAL_COMMAND: $!\n";
+            _exit(1);
+        }
+    }
+    local $_;
+    my @output = <EXTERNAL>;
+    close EXTERNAL;
+    if ($? == 0) {
+        return 1;
+    } else {
+        if (@output) {
+            $self->error ($output[0]);
+            return;
+        } else {
+            return 0;
+        }
+    }
+}
+
+1;
+__END__
+
+##############################################################################
+# Documentation
+##############################################################################
+
+=for stopwords
+ACL Allbery verifier remctl
+
+=head1 NAME
+
+Wallet::ACL::External - Wallet ACL verifier using an external command
+
+=head1 SYNOPSIS
+
+    my $verifier = Wallet::ACL::External->new;
+    my $status = $verifier->check ($principal, $acl);
+    if (not defined $status) {
+        die "Something failed: ", $verifier->error, "\n";
+    } elsif ($status) {
+        print "Access granted\n";
+    } else {
+        print "Access denied\n";
+    }
+
+=head1 DESCRIPTION
+
+Wallet::ACL::External runs an external command to determine whether access is
+granted.  The command configured via $EXTERNAL_COMMAND in L<Wallet::Config>
+will be run.  The first argument to the command will be the principal
+requesting access.  The identifier of the ACL will be split on whitespace and
+passed in as the remaining arguments to this command.
+
+No other arguments are passed to the command, but the command will have access
+to all of the remctl environment variables seen by the wallet server (such as
+REMOTE_USER).  For a full list of environment variables, see
+L<remctld(8)/ENVIRONMENT>.
+
+The external command should exit with a non-zero status but no output to
+indicate a normal failure to satisfy the ACL.  Any output will be treated as
+an error.
+
+=head1 METHODS
+
+=over 4
+
+=item new()
+
+Creates a new ACL verifier.  For this verifier, this just confirms that
+the wallet configuration sets an external command.
+
+=item check(PRINCIPAL, ACL, TYPE, NAME)
+
+Returns true if the external command returns success when run with that
+PRINCIPAL, object TYPE and NAME, and ACL.  So, for example, the ACL C<external
+mdbset shell> will, when triggered by a request from rra@EXAMPLE.COM for the
+object C<file password>, result in the command:
+
+    $Wallet::Config::EXTERNAL_COMMAND rra@EXAMPLE.COM file password \
+        'mdbset shell'
+
+=item error()
+
+Returns the error if check() returned undef.
+
+=back
+
+=head1 DIAGNOSTICS
+
+The new() method may fail with one of the following exceptions:
+
+=over 4
+
+=item external ACL support not configured
+
+The required configuration parameters were not set.  See L<Wallet::Config>
+for the required configuration parameters and how to set them.
+
+=back
+
+Verifying an external ACL may fail with the following errors (returned by
+the error() method):
+
+=over 4
+
+=item cannot fork: %s
+
+The attempt to fork in order to execute the external ACL verifier
+command failed, probably due to a lack of system resources.
+
+=item no principal specified
+
+The PRINCIPAL parameter to check() was undefined or the empty string.
+
+=back
+
+In addition, if the external command fails and produces some output,
+that will be considered a failure and the first line of its output will
+be returned as the error message.  The external command should exit
+with a non-zero status but no error to indicate a normal failure.
+
+=head1 SEE ALSO
+
+remctld(8), Wallet::ACL(3), Wallet::ACL::Base(3), Wallet::Config(3),
+wallet-backend(8)
+
+This module is part of the wallet system.  The current version is
+available from L<http://www.eyrie.org/~eagle/software/wallet/>.
+
+=head1 AUTHOR
+
+Russ Allbery <eagle@eyrie.org>
+
+=cut
diff --git a/perl/lib/Wallet/ACL/Krb5.pm b/perl/lib/Wallet/ACL/Krb5.pm
index 80d32bd..e0e9a61 100644
--- a/perl/lib/Wallet/ACL/Krb5.pm
+++ b/perl/lib/Wallet/ACL/Krb5.pm
@@ -1,6 +1,7 @@
-# Wallet::ACL::Krb5 -- Wallet Kerberos v5 principal ACL verifier.
+# Wallet::ACL::Krb5 -- Wallet Kerberos v5 principal ACL verifier
 #
 # Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2016 Russ Allbery <eagle@eyrie.org>
 # Copyright 2007, 2010, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
@@ -11,20 +12,15 @@
 ##############################################################################
 
 package Wallet::ACL::Krb5;
-require 5.006;
 
+use 5.008;
 use strict;
 use warnings;
-use vars qw(@ISA $VERSION);
 
 use Wallet::ACL::Base;
 
-@ISA = qw(Wallet::ACL::Base);
-
-# This version should be increased on any code change to this module.  Always
-# use two digits for the minor version with a leading zero if necessary so
-# that it will sort properly.
-$VERSION = '0.02';
+our @ISA     = qw(Wallet::ACL::Base);
+our $VERSION = '1.03';
 
 ##############################################################################
 # Interface
diff --git a/perl/lib/Wallet/ACL/Krb5/Regex.pm b/perl/lib/Wallet/ACL/Krb5/Regex.pm
index 4934cfc..f3b9a06 100644
--- a/perl/lib/Wallet/ACL/Krb5/Regex.pm
+++ b/perl/lib/Wallet/ACL/Krb5/Regex.pm
@@ -1,6 +1,7 @@
 # Wallet::ACL::Krb5::Regex -- Wallet Kerberos v5 principal regex ACL verifier
 #
 # Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2016 Russ Allbery <eagle@eyrie.org>
 # Copyright 2007, 2010, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
@@ -11,20 +12,15 @@
 ##############################################################################
 
 package Wallet::ACL::Krb5::Regex;
-require 5.006;
 
+use 5.008;
 use strict;
 use warnings;
-use vars qw(@ISA $VERSION);
 
 use Wallet::ACL::Krb5;
 
-@ISA = qw(Wallet::ACL::Krb5);
-
-# This version should be increased on any code change to this module.  Always
-# use two digits for the minor version with a leading zero if necessary so
-# that it will sort properly.
-$VERSION = '0.01';
+our @ISA     = qw(Wallet::ACL::Krb5);
+our $VERSION = '1.03';
 
 ##############################################################################
 # Interface
diff --git a/perl/lib/Wallet/ACL/LDAP/Attribute.pm b/perl/lib/Wallet/ACL/LDAP/Attribute.pm
index c27729e..fcb8447 100644
--- a/perl/lib/Wallet/ACL/LDAP/Attribute.pm
+++ b/perl/lib/Wallet/ACL/LDAP/Attribute.pm
@@ -1,6 +1,7 @@
-# Wallet::ACL::LDAP::Attribute -- Wallet LDAP attribute ACL verifier.
+# Wallet::ACL::LDAP::Attribute -- Wallet LDAP attribute ACL verifier
 #
 # Written by Russ Allbery
+# Copyright 2016 Russ Allbery <eagle@eyrie.org>
 # Copyright 2012, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
@@ -11,23 +12,18 @@
 ##############################################################################
 
 package Wallet::ACL::LDAP::Attribute;
-require 5.006;
 
+use 5.008;
 use strict;
 use warnings;
-use vars qw(@ISA $VERSION);
 
-use Authen::SASL ();
+use Authen::SASL;
 use Net::LDAP qw(LDAP_COMPARE_TRUE);
 use Wallet::ACL::Base;
 use Wallet::Config;
 
-@ISA = qw(Wallet::ACL::Base);
-
-# This version should be increased on any code change to this module.  Always
-# use two digits for the minor version with a leading zero if necessary so
-# that it will sort properly.
-$VERSION = '0.01';
+our @ISA     = qw(Wallet::ACL::Base);
+our $VERSION = '1.03';
 
 ##############################################################################
 # Interface
diff --git a/perl/lib/Wallet/ACL/LDAP/Attribute/Root.pm b/perl/lib/Wallet/ACL/LDAP/Attribute/Root.pm
new file mode 100644
index 0000000..8451394
--- /dev/null
+++ b/perl/lib/Wallet/ACL/LDAP/Attribute/Root.pm
@@ -0,0 +1,123 @@
+# Wallet::ACL::LDAP::Attribute::Root -- Wallet root instance LDAP ACL verifier
+#
+# Written by Jon Robertson <jonrober@stanford.edu>
+# Based on Wallet::ACL::NetDB::Root by Russ Allbery <eagle@eyrie.org>
+# Copyright 2016 Russ Allbery <eagle@eyrie.org>
+# Copyright 2015
+#     The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+##############################################################################
+# Modules and declarations
+##############################################################################
+
+package Wallet::ACL::LDAP::Attribute::Root;
+
+use 5.008;
+use strict;
+use warnings;
+
+use Wallet::ACL::LDAP::Attribute;
+
+our @ISA     = qw(Wallet::ACL::LDAP::Attribute);
+our $VERSION = '1.03';
+
+##############################################################################
+# Interface
+##############################################################################
+
+# Override the check method of Wallet::ACL::LDAP::Attribute to require that
+# the principal be a root instance and to strip /root out of the principal
+# name before checking roles.
+sub check {
+    my ($self, $principal, $acl) = @_;
+    undef $self->{error};
+    unless ($principal) {
+        $self->error ('no principal specified');
+        return;
+    }
+    unless ($principal =~ s%^([^/\@]+)/root(\@|\z)%$1$2%) {
+        return 0;
+    }
+    return $self->SUPER::check ($principal, $acl);
+}
+
+##############################################################################
+# Documentation
+##############################################################################
+
+=for stopwords
+ACL Allbery LDAP verifier
+
+=head1 NAME
+
+Wallet::ACL::LDAP::Attribute::Root - Wallet ACL verifier for LDAP attributes (root instances)
+
+=head1 SYNOPSIS
+
+    my $verifier = Wallet::ACL::LDAP::Attribute::Root->new;
+    my $status = $verifier->check ($principal, "$attr=$value");
+    if (not defined $status) {
+        die "Something failed: ", $verifier->error, "\n";
+    } elsif ($status) {
+        print "Access granted\n";
+    } else {
+        print "Access denied\n";
+    }
+
+=head1 DESCRIPTION
+
+Wallet::ACL::LDAP::Attribute::Root works identically to
+Wallet::ACL::LDAP::Attribute except that it requires the principal to
+be a root instance (in other words, to be in the form
+<principal>/root@<realm>) and strips the C</root> portion from the
+principal before checking against the LDAP attribute and value.  As
+with the base LDAP Attribute ACL verifier, the value of such a
+C<ldap-attr-root> ACL is an attribute followed by an equal sign and a
+value, and the ACL grants access to a given principal if and only if
+the LDAP entry for that principal (with C</root> stripped) has that
+attribute set to that value.
+
+To use this object, the same configuration parameters must be set as for
+Wallet::ACL::LDAP::Attribute.  See Wallet::Config(3) for details on
+those configuration parameters and information about how to set wallet
+configuration.
+
+=head1 METHODS
+
+=over 4
+
+=item check(PRINCIPAL, ACL)
+
+Returns true if PRINCIPAL is granted access according to ACL, false if
+not, and undef on an error (see L<"DIAGNOSTICS"> below).  ACL must be an
+attribute name and a value, separated by an equal sign (with no
+whitespace).  PRINCIPAL will be granted access if it has an instance of
+C<root> and if (with C</root> stripped off)  its LDAP entry contains
+that attribute with that value
+
+=back
+
+=head1 DIAGNOSTICS
+
+Same as for Wallet::ACL::LDAP::Attribute.
+
+=head1 CAVEATS
+
+The instance to strip is not currently configurable.
+
+=head1 SEE ALSO
+
+Net::Remctl(3), Wallet::ACL(3), Wallet::ACL::Base(3),
+Wallet::ACL::LDAP::Attribute(3), Wallet::Config(3), wallet-backend(8)
+
+This module is part of the wallet system.  The current version is
+available from L<http://www.eyrie.org/~eagle/software/wallet/>.
+
+=head1 AUTHORS
+
+Jon Robertson <jonrober@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
+
+=cut
diff --git a/perl/lib/Wallet/ACL/Nested.pm b/perl/lib/Wallet/ACL/Nested.pm
new file mode 100644
index 0000000..da42286
--- /dev/null
+++ b/perl/lib/Wallet/ACL/Nested.pm
@@ -0,0 +1,186 @@
+# Wallet::ACL::Nested - ACL class for nesting ACLs
+#
+# Written by Jon Robertson <jonrober@stanford.edu>
+# Copyright 2016 Russ Allbery <eagle@eyrie.org>
+# Copyright 2015
+#     The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+##############################################################################
+# Modules and declarations
+##############################################################################
+
+package Wallet::ACL::Nested;
+
+use 5.008;
+use strict;
+use warnings;
+
+use Wallet::ACL::Base;
+
+our @ISA     = qw(Wallet::ACL::Base);
+our $VERSION = '1.03';
+
+##############################################################################
+# Interface
+##############################################################################
+
+# Creates a new persistant verifier, taking a database handle to use for
+# syntax check validation.
+sub new {
+    my $type = shift;
+    my ($name, $schema) = @_;
+    my $self = {
+        schema   => $schema,
+        expanded => {},
+    };
+    bless ($self, $type);
+    return $self;
+}
+
+# Name checking requires checking that there's an existing ACL already by
+# this name.  Try to create the ACL object and use that to determine.
+sub syntax_check {
+    my ($self, $group) = @_;
+
+    my $acl;
+    eval { $acl = Wallet::ACL->new ($group, $self->{schema}) };
+    return 0 if $@;
+    return 0 unless $acl;
+    return 1;
+}
+
+# For checking a nested ACL, we need to expand each entry and then check
+# that entry.  We also want to keep track of things already checked in order
+# to avoid any loops.
+sub check {
+    my ($self, $principal, $group, $type, $name) = @_;
+    unless ($principal) {
+        $self->error ('no principal specified');
+        return;
+    }
+    unless ($group) {
+        $self->error ('malformed nested ACL');
+        return;
+    }
+
+    # Make an ACL object just so that we can use it to drop back into the
+    # normal ACL validation after we have expanded the nesting.
+    my $acl;
+    eval { $acl = Wallet::ACL->new ($group, $self->{schema}) };
+
+    # Get the list of all nested acl entries within this entry, and use it
+    # to go through each entry and decide if the given acl has access.
+    my @members = $self->get_membership ($group);
+    for my $entry (@members) {
+        my ($scheme, $identifier) = @{ $entry };
+        my $result = $acl->check_line ($principal, $scheme, $identifier,
+                                       $type, $name);
+        return 1 if $result;
+    }
+    return 0;
+}
+
+# Get the membership of a group recursively.  The final result will be a list
+# of arrayrefs like that from Wallet::ACL->list, but expanded for full
+# membership.
+sub get_membership {
+    my ($self, $group) = @_;
+
+    # Get the list of members for this nested acl.  Consider any missing acls
+    # as empty.
+    my $schema = $self->{schema};
+    my @members;
+    eval {
+        my $acl  = Wallet::ACL->new ($group, $schema);
+        @members = $acl->list;
+    };
+
+    # Now go through and expand any other nested groups into their own
+    # memberships.
+    my @expanded;
+    for my $entry (@members) {
+        my ($type, $name) = @{ $entry };
+        if ($type eq 'nested') {
+
+            # Keep track of things we've already expanded and don't look them
+            # up again.
+            next if exists $self->{expanded}{$name};
+            $self->{expanded}{$name} = 1;
+            push (@expanded, $self->get_membership ($name));
+
+        } else {
+            push (@expanded, $entry);
+        }
+    }
+
+    return @expanded;
+}
+
+1;
+__END__
+
+##############################################################################
+# Documentation
+##############################################################################
+
+=for stopwords
+ACL Allbery verifier verifiers
+
+=head1 NAME
+
+Wallet::ACL::Nested - Wallet ACL verifier to check another ACL
+
+=head1 SYNOPSIS
+
+    my $verifier = Wallet::ACL::Nested->new;
+    my $status = $verifier->check ($principal, $acl);
+    if (not defined $status) {
+        die "Something failed: ", $verifier->error, "\n";
+    } elsif ($status) {
+        print "Access granted\n";
+    } else {
+        print "Access denied\n";
+    }
+
+=head1 DESCRIPTION
+
+Wallet::ACL::Nested checks whether the principal is permitted by another
+named ACL and, if so, returns success.  It is used to nest one ACL inside
+another.
+
+=head1 METHODS
+
+=over 4
+
+=item new()
+
+Creates a new ACL verifier.
+
+=item check(PRINCIPAL, ACL)
+
+Returns true if PRINCIPAL is granted access according to the nested ACL,
+specified by name.  Returns false if it is not, and undef on error.
+
+=item error([ERROR ...])
+
+Returns the error of the last failing operation or undef if no operations
+have failed.  Callers should call this function to get the error message
+after an undef return from any other instance method.  The returned errors
+will generally come from the nested child ACL.
+
+=back
+
+=head1 SEE ALSO
+
+Wallet::ACL(3), wallet-backend(8)
+
+This module is part of the wallet system.  The current version is
+available from L<http://www.eyrie.org/~eagle/software/wallet/>.
+
+=head1 AUTHOR
+
+Jon Robertson <jonrober@stanford.edu>
+
+=cut
diff --git a/perl/lib/Wallet/ACL/NetDB.pm b/perl/lib/Wallet/ACL/NetDB.pm
index ad2164b..a4c7fb0 100644
--- a/perl/lib/Wallet/ACL/NetDB.pm
+++ b/perl/lib/Wallet/ACL/NetDB.pm
@@ -1,6 +1,7 @@
-# Wallet::ACL::NetDB -- Wallet NetDB role ACL verifier.
+# Wallet::ACL::NetDB -- Wallet NetDB role ACL verifier
 #
 # Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2016 Russ Allbery <eagle@eyrie.org>
 # Copyright 2007, 2010, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
@@ -11,21 +12,16 @@
 ##############################################################################
 
 package Wallet::ACL::NetDB;
-require 5.006;
 
+use 5.008;
 use strict;
 use warnings;
-use vars qw(@ISA $VERSION);
 
 use Wallet::ACL::Base;
 use Wallet::Config;
 
-@ISA = qw(Wallet::ACL::Base);
-
-# This version should be increased on any code change to this module.  Always
-# use two digits for the minor version with a leading zero if necessary so
-# that it will sort properly.
-$VERSION = '0.05';
+our @ISA     = qw(Wallet::ACL::Base);
+our $VERSION = '1.03';
 
 ##############################################################################
 # Interface
diff --git a/perl/lib/Wallet/ACL/NetDB/Root.pm b/perl/lib/Wallet/ACL/NetDB/Root.pm
index 34163e7..bfd13b4 100644
--- a/perl/lib/Wallet/ACL/NetDB/Root.pm
+++ b/perl/lib/Wallet/ACL/NetDB/Root.pm
@@ -1,6 +1,7 @@
-# Wallet::ACL::NetDB::Root -- Wallet NetDB role ACL verifier (root instances).
+# Wallet::ACL::NetDB::Root -- Wallet NetDB role ACL verifier (root instances)
 #
 # Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2016 Russ Allbery <eagle@eyrie.org>
 # Copyright 2007, 2010, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
@@ -11,21 +12,15 @@
 ##############################################################################
 
 package Wallet::ACL::NetDB::Root;
-require 5.006;
 
+use 5.008;
 use strict;
 use warnings;
-use vars qw(@ISA $VERSION);
 
 use Wallet::ACL::NetDB;
-use Wallet::Config;
 
-@ISA = qw(Wallet::ACL::NetDB);
-
-# This version should be increased on any code change to this module.  Always
-# use two digits for the minor version with a leading zero if necessary so
-# that it will sort properly.
-$VERSION = '0.02';
+our @ISA     = qw(Wallet::ACL::NetDB);
+our $VERSION = '1.03';
 
 ##############################################################################
 # Interface
author	Russ Allbery <eagle@eyrie.org>	2016-01-17 19:43:13 -0800
committer	Russ Allbery <eagle@eyrie.org>	2016-01-17 19:43:13 -0800
commit	cf5297c4ec8815ecc7f5139ef05b9867843db2f7 (patch)
tree	fef6ba149883530c7e7fba771be6ac2e59c4dfe9 /perl/lib/Wallet/ACL
parent	7e03241ce323be7447b085a8e7b07b78c770b0dc (diff)
parent	4b3f858ef567c0d12511e7fea2a56f08f2729635 (diff)