Index: /tags/2.5.0/COPYING =================================================================== --- /tags/2.5.0/COPYING (revision 189) +++ /tags/2.5.0/COPYING (revision 189) @@ -0,0 +1,349 @@ + +SAMHAIN distributed host monitoring system +------------------------------------------ + +Copyright (C) 1999-2004 Rainer Wichmann + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + +Incorporated code +----------------- + + (i) Support for the TIGER cryptographic checksum algorithm + is provided by the reference implementation, which includes + the following statement: + + * Tiger: A Fast New Hash Function + * + * Ross Anderson and Eli Biham + * + * Tiger has no usage restrictions nor patents. It can be used freely, + * with the reference implementation, + * with other implementations or with + * a modification to the reference implementation (as long as it still + * implements Tiger). We only ask you to let us know about your + * implementation and to cite the origin of Tiger and of the reference + * implementation. + * + * The authors' home pages can be found both in + * http://www.cs.technion.ac.il/~biham/ and in + * http://www.cl.cam.ac.uk/users/rja14/. + * The authors' email addresses are biham@cs.technion.ac.il + * and rja14@cl.cam.ac.uk. + + + + (ii) Support for testing write access by untrusted users + to any element in the path of a file is provided by the + public domain trustfile library, which includes the following + statement: + + * Author information: + * Matt Bishop + * Department of Computer Science + * University of California at Davis + * Davis, CA 95616-8562 + * phone (916) 752-8060 + * email bishop@cs.ucdavis.edu + * + * This code is placed in the public domain. I do ask that + * you keep my name associated with it, that you not represent + * it as written by you, and that you preserve these comments. + * This software is provided "as is" and without any guarantees + * of any sort. + + (iii) Support for big integer arithmetic is provided by the bignum + package (v. 1.2) by Henrik.Johansson@Nexus.Comm.SE, + which includes the following statement: + + * Everyone is allowed to distribute this package to anyone + * else, as long as all changes are recorded and mentioned. + * If you are including this in a commercial product, be sure + * to distribute _all_ of the package with the product. + * + * (...writing more stuff here later, but I guess everyone + * knows the approximate contents of it - no warranty, no + * charge, and so on. I guess it is like the GNU concept. + * Read that for further details...) + + (iv) Support for compression is provided by the (mini) LZO library, + which includes the following statement: + + * Copyright (C) 1999 Markus Franz Xaver Johannes Oberhumer + * Copyright (C) 1998 Markus Franz Xaver Johannes Oberhumer + * Copyright (C) 1997 Markus Franz Xaver Johannes Oberhumer + * Copyright (C) 1996 Markus Franz Xaver Johannes Oberhumer + * + * The LZO library is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of + * the License, or (at your option) any later version. + * + * The LZO library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with the LZO library; see the file COPYING. + * If not, write to the Free Software Foundation, Inc., + * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * + * Markus F.X.J. Oberhumer + * + * http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html + + (v) Support for determining the type of a file system is provided by + code from the GNU find(1) utility which includes the following statement: + + /* fstype.c -- determine type of filesystems that files are on + Copyright (C) 1990, 91, 92, 93, 94 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + + /* Written by David MacKenzie . */ + + + (vi) Support for the MD5 hash algorithm is provided by code + from busybox which is distributed under the GPL. + + /* md5.c - Functions to compute MD5 message digest of files or memory blocks + * according to the definition of MD5 in RFC 1321 from April 1992. + * Copyright (C) 1995, 1996 Free Software Foundation, Inc. + * + * NOTE: The canonical source of this file is maintained with the GNU C + * Library. Bugs can be reported to bug-glibc@prep.ai.mit.edu. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2, or (at your option) any + * later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + /* Written by Ulrich Drepper , 1995. */ + + + (vi) Support for the SHA-1 hash algorithm is provided by code + from mhash which includes the following statement: + + /* sha.c - Implementation of the Secure Hash Algorithm + * + * Copyright (C) 1995, A.M. Kuchling + * + * Distribute and use freely; there are no restrictions on further + * dissemination and usage except those imposed by the laws of your + * country of residence. + * + * Adapted to pike and some cleanup by Niels Möller. + */ + + /* $Id: sha1.c,v 1.2 2001/01/24 08:20:29 nmav Exp $ */ + + /* SHA: NIST's Secure Hash Algorithm */ + + /* Based on SHA code originally posted to sci.crypt by Peter Gutmann + in message <30ajo5$oe8@ccu2.auckland.ac.nz>. + Modified to test for endianness on creation of SHA objects by AMK. + Also, the original specification of SHA was found to have a weakness + by NSA/NIST. This code implements the fixed version of SHA. + */ + + (vii) Support for AVL Trees is provided by code + from AVLTree which includes the following statement: + + /* zAVLTree.h: Header file for zAVLTrees. + * Copyright (C) 1998,2001 Michael H. Buselli + * This is version 0.1.3 (alpha). + * Generated from $Id: xAVLTree.h.sh,v 1.5 2001/06/07 06:58:28 cosine Exp $ + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with this library; if not, write to the Free + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * The author of this library can be reached at the following address: + * Michael H. Buselli + * 30051 N. Waukegan Rd. Apt. 103 + * Lake Bluff, IL 60044-5412 + * + * Or you can send email to . + * The official web page for this product is: + * http://www.cosine.org/project/AVLTree/ + */ + + (viii) The modules sh_userfiles.c and sh_mounts.c have been + contributed by Eircom Net Computer Incident Response Team and + are authored by Jerry Connolly and Cian Synnott, respectively. + + They are released under the terms of the GNU General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version: + + "Feel free to GPL those files - + they were fully released by our company to the project. + + Cian + + -- + Cian Synnott + Eircom Net Computer Incident Response Team" + + (ix) Enhanced functionality for the SUID check has been + contributed with a patch copyright by Rob Rati . + The patch is licensed under the GPL with the following statement: + + "Here is the patch with the aforementioned feature enhancements, and I + license all changes within this patch under the GNU Public License (GPL) + GNU General Public License as published by the Free Software Foundation; + either version 2 of the License, or (at your option) any later version." + + (x) Unit testing uses the 'cutest' framework by Asim Jalis, (files + CuTest.h, CuTest.c, make-tests.sh) which is licensed under the zlib license: + + * Copyright (c) 2003 Asim Jalis + * + * This software is provided 'as-is', without any express or implied + * warranty. In no event will the authors be held liable for any damages + * arising from the use of this software. + * + * Permission is granted to anyone to use this software for any purpose, + * including commercial applications, and to alter it and redistribute it + * freely, subject to the following restrictions: + * + * 1. The origin of this software must not be misrepresented; you must not + * claim that you wrote the original software. If you use this software in + * a product, an acknowledgment in the product documentation would be + * appreciated but is not required. + * + * 2. Altered source versions must be plainly marked as such, and must not + * be misrepresented as being the original software. + * + * 3. This notice may not be removed or altered from any source + * distribution. + + (xi) The dnmalloc library used by samhain is Copyright (C) 2005, Yves Younan, + Wouter Joosen and Frank Piessens, and licensed under the LGPL: + + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + + +Other +----- + + Depending on the compilation options used, samhain may use the + SRP authentication algorithm (in an independent implementation, + without any use of code from the SRP software). + The original SRP software contains the following license statement: + + The SRP License + --------------- + + SRP and all related technologies are free for both commercial and + non-commercial use. They are distributed under a standard + X11-style Open Source license which is shown below. + + The SRP distribution contains parts from various freeware + packages; these parts fall under both the SRP Open Source license + and any existing licenses. Care has been taken to ensure that + these licenses are compatible with Open Source distribution, + but it is the responsibility of the licensee to comply with these + licenses. The file "Copyrights" contains a list of the copyrights + incorporated by portions of the software. + + This software is covered under the following copyright: + + /* + * Copyright (c) 1997-1999 The Stanford SRP Authentication Project + * All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + * + * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * In addition, the following conditions apply: + * + * 1. Any software that incorporates the SRP authentication technology + * must display the following acknowlegment: + * "This product uses the 'Secure Remote Password' cryptographic + * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." + * + * 2. Any software that incorporates all or part of the SRP distribution + * itself must also display the following acknowledgment: + * "This product includes software developed by Tom Wu and Eugene + * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." + * + * 3. Redistributions in source or binary form must retain an intact copy + * of this copyright notice and list of conditions. + */ Index: /tags/2.5.0/Install.sh =================================================================== --- /tags/2.5.0/Install.sh (revision 189) +++ /tags/2.5.0/Install.sh (revision 189) @@ -0,0 +1,813 @@ +#! /bin/sh +# Please have a TMP or TMPDIR environment variable if you don't trust /tmp, +# or don't run this as root. +# +# -- partly taken from PureFTPd +# + +VERSION=1.6.4 + + +# exits with a custom error message +bail_error () { + echo + echo $1 + echo + exit 1 +} + +get_config() { + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --$z" + done +} + +get_error() { + ge_rval=0 + if cat $tmp 2>&1 | grep Error > /dev/null ; then + ge_rval=1 + fi + return ${ge_rval} +} + + + +#------------------------------------------------------------ +# +# Find a 'dialog' program +# +#------------------------------------------------------------ +PATH=/usr/local/bin:/usr/local/sbin:$PATH; export PATH + +WELCOME=`cat < /dev/null && dialog='Xdialog' + gauge='--gauge' + fi +fi +if [ -z "$dialog" ] ; then + dialog --msgbox "$WELCOME" 20 75 2> /dev/null && dialog='dialog' + +# Workaround for old versions of 'dialog' (Slackware) + + if "$dialog" 2>&1 | grep gauge > /dev/null ; then + gauge='--gauge' + elif "$dialog" 2>&1 | grep guage > /dev/null ; then + gauge='--guage' + else + gauge='' + fi +fi +if [ -z "$dialog" ] ; then + lxdialog --msgbox "$WELCOME" 20 75 2> /dev/null && dialog='lxdialog' +fi +if [ -z "$dialog" ] ; then + /usr/src/linux/scripts/lxdialog/lxdialog --msgbox "$WELCOME" 20 75 2> /dev/null && dialog='/usr/src/linux/scripts/lxdialog/lxdialog' +fi + +if [ -z "$dialog" ] ; then + bail_error "No \"dialog\" found, GUI installation impossible" +fi + +#------------------------------------------------------------ +# +# Find a writable temporary directory +# +#------------------------------------------------------------ +tempdir='' +for tmpdir in "$TMP" "$TMPDIR" /tmp /var/tmp; do + if [ -z "$tempdir" ] && [ -d "$tmpdir" ] && [ -w "$tmpdir" ]; then + tempdir="$tmpdir" + fi +done +if [ -z "$tempdir" ]; then + bail_error "Unable to find a suitable temporary directory" +fi + +# Create a temporary file +tmp=`mktemp $tempdir/build.gui.XXXXXX` +if [ $? -ne 0 ]; then + bail_error "Cannot create temp file, exiting..." +fi + +trap "rm -f $tmp; exit 1" EXIT SIGHUP SIGINT SIGQUIT SIGSEGV SIGTERM + +#------------------------------------------------------------ +# +# Build config line +# +#------------------------------------------------------------ +cfgline=''; + +$dialog \ +--title "Compile-time options" \ +--backtitle "Samhain $VERSION" \ +--radiolist "Samhain can run as standalone application on a single dektop machine, or as a client/server application for centralized monitoring of many hosts" \ +10 75 3 \ +"disable-network" "Single desktop machine" on \ +"enable-network=client" "Network (client)" off \ +"enable-network=server" "Network (server)" off \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + get_config +else + get_error || bail_error "Your \"dialog\" does not support --radiolist, GUI installation impossible" + cfgline="--disable-network" +fi + +cfgtest=`echo $cfgline | grep disable` + + +#------------------------------------------------------------ +# +# Server options +# +#------------------------------------------------------------ +if [ -z $cfgtest ]; then + +INET=yes +HTML="\n /usr/local/var/samhain/samhain.html" + +$dialog \ +--backtitle "Samhain $VERSION" \ +--msgbox "You have chosen to build SAMHAIN as a client/server application.\n\nThis requires some additional configuration.\nPlease read the manual if you are not sure\nwhich options are useful or neccessary for you." 10 75 + +if [ $? = -1 ]; then + exit 1 +fi + + +$dialog \ +--title 'Network options' \ +--separate-output \ +--backtitle "Samhain $VERSION" \ +--checklist 'Use SPACE to set/unset. If in doubt, read the manual.' \ +20 75 10 \ +'enable-udp' "Server listens also on 514/udp" off \ +'disable-encrypt' "Disable client/server encryption" off \ +'disable-srp' "Disable SRP client/server authentication" off \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + get_config +fi + +$dialog \ +--title 'Network options' \ +--backtitle "Samhain $VERSION" \ +--inputbox "Server port" 10 75 "49777" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi + +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --with-port=$z" + done +fi + + +$dialog \ +--title 'Network options' \ +--backtitle "Samhain $VERSION" \ +--inputbox "Server address" 10 75 "127.0.0.1" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --with-logserver=$z" + done +fi + +$dialog \ +--title "Network options" \ +--backtitle 'Samhain $VERSION' \ +--inputbox "Backup server address" 10 75 "none" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + if [ "x$z" != "xnone" ]; then + cfgline="$cfgline --with-altlogserver=$z" + fi + done +fi + +# if [ -z $cfgtest ]; then +fi + +os=`uname -s` +if [ x"$os" = xLinux ] +then + PROC=`uname -m` + if [ x"$PROC" = xi686 ] ; then + I386_LINUX=yes + fi + if [ x"$PROC" = xi586 ] ; then + I386_LINUX=yes + fi + if [ x"$PROC" = xi486 ] ; then + I386_LINUX=yes + fi + if [ x"$PROC" = xi386 ] ; then + I386_LINUX=yes + fi +fi + +$dialog \ +--title 'General options' \ +--separate-output \ +--backtitle "Samhain $VERSION" \ +--checklist 'Use SPACE to set/unset. If in doubt, read the MANUAL.' \ +20 75 10 \ +'enable-static' "Don't link with shared libraries" on \ +'enable-suidcheck' "Check for suid/sgid files" on \ +'enable-login-watch' "Watch for login/logout events" off \ +'enable-ptrace' "Enable anti-debugger code" off \ +'enable-db-reload' "Reload database on SIGHUP" off \ +'enable-xml-log' "Write log in XML format" off \ +'disable-mail' "Compile without built-in mailer" off \ +'disable-external-scripts' "Disable use of external scripts" off \ +'enable-debug' "Compile in debugging code" off \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + get_config +fi + +#------------------------------------------------------------ +# +# Kernel module +# +#------------------------------------------------------------ + +KCHECK="no" + +if [ "x$I386_LINUX" = "xyes" ]; then + +$dialog \ +--title "Kernel module rootkit detection" \ +--backtitle "Samhain $VERSION" \ +--inputbox "SAMHAIN can detect kernel module rootkits if compiled with support\nfor this. If you want to enable this option, please give the path\nto your System.map file, else choose CANCEL.\n\nNOTE: this option will require root privileges for at least one\ncommand during compilation (to read from /dev/kmem)." \ +16 75 "/boot/System.map" \ +2> $tmp + + +mtest=$? + +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --with-kcheck=$z" + done + KCHECK="yes" +fi + +fi + +#------------------------------------------------------------ +# +# Signature options +# +#------------------------------------------------------------ +$dialog \ +--title "Signed database and configuration" \ +--backtitle "Samhain $VERSION" \ +--yesno "Samhain can be configured to support PGP signed database\nand configuration files. This requires a working installation\nof GnuPG.\n\nDo you want to use this option ?" \ +10 75 \ +2> $tmp + +mtest=$? + +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + + +$dialog \ +--title "Signed database and configuration" \ +--backtitle "Samhain $VERSION" \ +--inputbox "Please enter the full path to gpg (i.e. the GnuPG binary)" \ +10 75 "/usr/bin/gpg" \ +2> $tmp + +mtest=$? + +if [ $mtest = -1 ] +then + exit 1 +fi +if [ $mtest = 0 ] +then + +mfile=`cat $tmp` +for z in $mfile ; do + cfgline="$cfgline --with-gpg=$z" +done + +$dialog \ +--title "Signed database and configuration" \ +--backtitle "Samhain $VERSION" \ +--inputbox "Please enter the fingerprint of the key to use (one string, no spaces)" \ +10 75 "6BD9050FD8FC941B43412DCC68B7AB8957548DCD" \ +2> $tmp + +mtest=$? + +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + z=`cat $tmp` + cfgline="$cfgline --with-fp=$z" +fi + + +fi +# want signed +fi + +#------------------------------------------------------------ +# +# Stealth options +# +#------------------------------------------------------------ +$dialog \ +--title "Stealth options" \ +--backtitle "Samhain $VERSION" \ +--yesno "Samhain has some stealth options to hide its presence.\nDo you want to take advantage of these ?" \ +10 75 \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + +$dialog \ +--title "Stealth options" \ +--backtitle "Samhain $VERSION" \ +--radiolist "Full stealth mode will hide ascii strings within the binary, and use a config file that is hidden by steganography within an image file. Micro stealth is just strings hiding, without the stego config file." \ +20 75 4 \ +'full' "Enable full stealth mode" off \ +'micro' "Enable micro stealth mode" on \ +'none' "None of both" off \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + mtest=$z + done +else + mtest="none" +fi + +if [ "x$mtest" != "xnone" ]; then + +if [ "x$mtest" = "xfull" ]; then + FULL_STEALTH="yes" +fi + +$dialog \ +--title 'Stealth options' \ +--backtitle "Samhain $VERSION" \ +--inputbox "Please select a number between 128 and 255. This number will be used to obfuscate strings within the binary by xoring them." 10 75 "137" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + mnum=$z + done +else + mnum="137" +fi + +if [ "x$FULL_STEALTH" = "xyes" ]; then + cfgline="$cfgline --enable-stealth=$mnum" +else + cfgline="$cfgline --enable-micro-stealth=$mnum" +fi + +# if [ "x$mtest" != "xnone" ]; then +fi + + +$dialog \ +--title 'Stealth options' \ +--backtitle "Samhain $VERSION" \ +--inputbox "Please choose a new name to replace \"samhain\" upon installation" \ +10 75 "samhain" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --enable-install-name=$z" + done +fi + +$dialog \ +--title "Stealth options" \ +--backtitle "Samhain $VERSION" \ +--inputbox "You can set a magic string such that command line arguments will be ignored unless the first argument is this magic string, and read from stdin otherwise. If you do not want this, select CANCEL, otherwise choose a string and select OK." \ +10 75 "foo" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --enable-nocl=$z" + done +fi + +if [ "x$I386_LINUX" = "xyes" ]; then +$dialog \ +--title "Stealth options" \ +--backtitle "Samhain $VERSION" \ +--yesno "SAMHAIN can compile and install a kernel module to hide the SAMHAIN daemon process. Do you want that ?"\ +2> $tmp + +mtest=$? + +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + cfgline="$cfgline --enable-khide" +fi + +# f [ "x$I386_LINUX" = "xyes" ]; then +fi + +# want stealth +fi + +#------------------------------------------------------------ +# +# Paths to configure +# +#------------------------------------------------------------ +$dialog \ +--title 'Paths' \ +--backtitle "Samhain $VERSION" \ +--radiolist "Do you wish to change the default paths ?\n\nThe default paths are:\n\n /usr/local/sbin all binaries\n /etc/samhainrc configuration file\n /var/lib/samhain/samhain_file data file\n /var/log/samhain_log log file\n /var/run/samhain.pid pid file $HTML" 20 76 5 \ +'usr' "Install binaries in /usr/sbin" off \ +'opt' "Use /opt/samhain, /etc/opt, /var/opt" off \ +'all' "Set paths individually" off \ +'cancel' "Don't change the paths" on \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then +# +# edit paths +# +mfile=`cat $tmp` +for z in $mfile ; do + if [ "x$z" = "xopt" ]; then + cfgline="$cfgline --prefix=OPT" + fi + if [ "x$z" = "xusr" ]; then + cfgline="$cfgline --prefix=USR" + fi + if [ "x$z" = "xall" ]; then +$dialog \ +--title 'Paths' \ +--backtitle "Samhain $VERSION" \ +--inputbox "Exec prefix" 10 75 "/usr/local" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --exec-prefix=$z" + done +fi + + +$dialog \ +--title 'Paths' \ +--backtitle "Samhain $VERSION" \ +--inputbox "Configuration" 10 75 "/etc/samhainrc" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --with-config-file=$z" + done +fi + +$dialog \ +--title 'Paths' \ +--backtitle "Samhain $VERSION" \ +--inputbox "Man pages" 10 75 "/usr/local/share/man" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --with-mandir=$z" + done +fi + +$dialog \ +--title 'Paths' \ +--backtitle "Samhain $VERSION" \ +--inputbox "Database" 10 75 "/var/lib/samhain/samhain_data" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --with-data-file=$z" + done +fi + +$dialog \ +--title 'Paths' \ +--backtitle "Samhain $VERSION" \ +--inputbox "Log file" 10 75 "/var/log/samhain_log" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --with-log-file=$z" + done +fi + +$dialog \ +--title 'Paths' \ +--backtitle "Samhain $VERSION" \ +--inputbox "Lock file" 10 75 "/var/run/samhain.pid" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --with-pid-file=$z" + done +fi + +if [ "x$INET" = "xyes" ]; then +$dialog \ +--title 'Paths' \ +--backtitle "Samhain $VERSION" \ +--inputbox "Server status" 10 75 "/var/lib/samhain/samhain.html" \ +2> $tmp + +mtest=$? +if [ $mtest = -1 ]; then + exit 1 +fi +if [ $mtest = 0 ]; then + mfile=`cat $tmp` + for z in $mfile ; do + cfgline="$cfgline --with-html-file=$z" + done +fi +# if [ "x$INET" = "xyes" ]; then +fi + + fi + +done +# edit paths +fi + + +if [ ! -f "configure" ] ; then + bail_error "Setup problem... try to install manually" +fi + +echo "./configure $cfgline" > Install.log 2>/dev/null + +if [ $? != 0 ]; then + $dialog --infobox "ERROR writing to \"Install.log\".\n\nAborting." 10 55 + exit 1 +fi + + + +if [ "x$KCHECK" = "xyes" ]; then + if [ `id -u` != 0 ]; then +$dialog --msgbox "Compiling with --with-kcheck option (kernel rootkit detection). This\nrequires root privileges for at least one command during compilation,\nbut you are not running this as root. Please expect compilation to fail.\n\nYou need to follow the instructions shown in the \nerror message after failure." 20 75 + fi +fi + + +if [ -n "$gauge" ] ; then +( + sfail=0 + echo 20 + rm -f config.cache 2> /dev/null + echo 30 + if [ -z "$cfgline2" ]; then + ./configure $cfgline >> Install.log 2>&1 + else + ./configure $cfgline --with-checksum="$cfgline2" >> Install.log 2>&1 + fi + cfail=$? + echo 50 + if [ $cfail = 0 ]; then + make clean >> Install.log 2>&1 + cfail=$? + else + sfail=1 + fi + echo 60 + if [ $cfail = 0 ]; then + make >> Install.log 2>&1 + cfail=$? + else + sfail=1 + fi + echo 80 + if [ $cfail = 0 ]; then + make install >> Install.log 2>&1 + cfail=$? + else + sfail=1 + fi + echo 100 + echo cfail=$cfail > $tmp + echo sfail=$sfail >> $tmp +) | $dialog \ +--title 'Compilation and installation' \ +--backtitle "Samhain $VERSION" \ +"$gauge" 'Please wait...' 10 75 10 +else + sfail=0 + rm -f config.cache 2> /dev/null + $dialog --infobox "Running configure ..." 4 44 + if [ -z "$cfgline2" ]; then + ./configure $cfgline >> Install.log 2>&1 + else + ./configure $cfgline --with-checksum="$cfgline2" >> Install.log 2>&1 + fi + cfail=$? + if [ $cfail = 0 ]; then + $dialog --infobox "Running make clean ..." 4 44 + make clean >> Install.log 2>&1 + cfail=$? + else + sfail=1 + fi + if [ $cfail = 0 ]; then + $dialog --infobox "Running make ..." 4 44 + make >> Install.log 2>&1 + cfail=$? + else + sfail=1 + fi + if [ $cfail = 0 ]; then + $dialog --infobox "Running make install ..." 4 44 + make install >> Install.log 2>&1 + cfail=$? + else + sfail=1 + fi + echo cfail=$cfail > $tmp + echo sfail=$sfail >> $tmp +fi + +. $tmp + + +echo "SAMHAIN is now installed on your system." > $tmp +echo "Please read the documentation to know how to run it." >> $tmp + + +if [ "x$sfail" = "x0" ] ; then + + if [ "x$cfail" = "x0" ] ; then + if [ "x${FULL_STEALTH}" = "xyes" ]; then + tail -21 Install.log >> $tmp + else + tail -11 Install.log >> $tmp + fi + $dialog --title "Build report (use arrow keys to scroll the text box)" \ +--backtitle "Samhain $VERSION installed. PLEASE READ THE MANUAL." \ +--textbox \ +$tmp \ +20 75 + else + $dialog --title "Problem report" \ +--backtitle "Samhain $VERSION: Build failed (see Install.log):" \ +--msgbox \ +"Compilation was successful, but you need to be root in\norder to install the files to the selected prefix.\nPlease run 'make install' as root." \ +10 75 + fi + +else + + MSG=`tail -10 Install.log` + $dialog --title "Problem report" \ +--backtitle "Samhain $VERSION: Build failed (see Install.log):" \ +--msgbox "$MSG" 20 75 + +fi + +rm -f $tmp + +exit 0 + + + + + + Index: /tags/2.5.0/LICENSE =================================================================== --- /tags/2.5.0/LICENSE (revision 189) +++ /tags/2.5.0/LICENSE (revision 189) @@ -0,0 +1,344 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 675 Mass Ave, Cambridge, MA 02139, USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + + Appendix: How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) 19yy + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) 19yy name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. Index: /tags/2.5.0/Makefile.in =================================================================== --- /tags/2.5.0/Makefile.in (revision 189) +++ /tags/2.5.0/Makefile.in (revision 189) @@ -0,0 +1,1727 @@ +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + +# --- boiler-plate stuff --- +# +SHELL = /bin/sh + +srcdir = @srcdir@ +srcsrc = @srcdir@/src +srcinc = @srcdir@/include +top_srcdir = @top_srcdir@ + +# Don't use VPATH - it's a portability mess +# +# VPATH = $(top_srcdir)/src + +prefix = @prefix@ +exec_prefix = @exec_prefix@ + +sbindir = @sbindir@ +sysconfdir = @sysconfdir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +datarootdir = @datarootdir@ + +configfile = @myconffile@ +mydatafile = @mydatafile@ +mylockfile = @mylockfile@ +mylogfile = @mylogfile@ + +mydatadir = @mydataroot@ +mylogdir = @mylogdir@ +mylockdir = @mylockdir@ + +selectconfig = @selectconfig@ + +top_builddir = . + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL@ -s -m 700 +INSTALL_SHELL = @INSTALL@ -m 700 +INSTALL_DATA = @INSTALL@ -m 600 +INSTALL_MAN = @INSTALL@ -m 644 +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_NAME = @install_name@ +INSTALL_DSYS = @INSTALL@ -m 755 + +PACKAGE = @PACKAGE@ +VERSION = @VERSION@ + +VFLAG = @mytclient@ +SETPWD = @setpwd_prg@ +STEGIN = @stegin_prg@ +SAMHAIN = @sh_main_prg@ +YULECTL = @yulectl_prg@ +XOR_CODE = @xor_code@ +SH_LKM = @sh_lkm@ +TIGER_SRC = @tiger_src@ + +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs + + +CC = @CC@ +BUILD_CC = @BUILD_CC@ +# DBGDEF = -pg -DSH_PROFILE=1 +DBGDEF = @mydebugdef@ +DEFS = $(DBGDEF) @DEFS@ -I. -I$(top_srcdir)/include +CPPFLAGS = @CPPFLAGS@ +LDFLAGS = @LDFLAGS@ +LIBS_TRY = @LIBS@ +LIBS_SOCK = @sh_libsocket@ +LIBS_KVM = @sh_libkvm@ +CFLAGS = @CFLAGS@ +CUTEST = +COMPILE = $(CC) $(DEFS) $(INCLUDES) $(CPPFLAGS) $(CFLAGS) $(CUTEST) +LINK = $(CC) $(DBGDEF) -O $(LDFLAGS) -o $@ + +DESTDIR = + +TAR = tar +GZIP = --best + +# For creating a packed client +# +CLIENTPASSWD = + +.SUFFIXES: # Delete the default suffixes + +# +# --- Files ------- +# + + +HEADERS = samhain.h sh_unix.h sh_utils.h sh_error.h sh_error_min.h sh_files.h \ + sh_getopt.h sh_readconf.h sh_tiger.h sh_hash.h sh_mail.h \ + sh_mem.h sh_entropy.h sh_forward.h sh_modules.h sh_utmp.h \ + sh_kern.h sh_suidchk.h sh_srp.h sh_fifo.h sh_html.h sh_tools.h \ + sh_gpg.h sh_cat.h sh_calls.h sh_extern.h sh_database.h sh_trace.h \ + sh_schedule.h bignum.h trustfile.h slib.h zAVLTree.h \ + lzoconf.h minilzo.h rijndael-alg-fst.h rijndael-api-fst.h \ + rijndael-boxes-fst.h sh_socket.h sh_ignore.h sh_prelude.h \ + sh_mounts.h sh_userfiles.h sh_static.h sh_prelink.h \ + sh_processcheck.h sh_portcheck.h sh_pthread.h sh_string.h \ + sh_log_check.h sh_log_evalrule.h + + +SOURCES = $(srcsrc)/samhain.c $(srcsrc)/sh_unix.c \ + $(srcsrc)/sh_utils.c $(srcsrc)/sh_error.c \ + $(srcsrc)/sh_files.c $(srcsrc)/sh_getopt.c \ + $(srcsrc)/sh_readconf.c $(srcsrc)/sh_tiger0.c \ + $(srcsrc)/sh_tiger1.c $(srcsrc)/sh_tiger2.c \ + $(srcsrc)/sh_tiger1_64.c $(srcsrc)/sh_tiger2_64.c \ + $(srcsrc)/sh_hash.c $(srcsrc)/sh_mail.c \ + $(srcsrc)/sh_mem.c $(srcsrc)/sh_entropy.c \ + $(srcsrc)/sh_forward.c $(srcsrc)/sh_modules.c \ + $(srcsrc)/sh_utmp.c $(srcsrc)/sh_kern.c \ + $(srcsrc)/sh_suidchk.c $(srcsrc)/sh_srp.c \ + $(srcsrc)/sh_fifo.c $(srcsrc)/sh_tools.c \ + $(srcsrc)/sh_html.c $(srcsrc)/sh_gpg.c \ + $(srcsrc)/sh_cat.c $(srcsrc)/sh_calls.c \ + $(srcsrc)/sh_extern.c $(srcsrc)/sh_database.c \ + $(srcsrc)/sh_err_log.c $(srcsrc)/sh_err_console.c \ + $(srcsrc)/sh_err_syslog.c $(srcsrc)/sh_schedule.c \ + $(srcsrc)/bignum.c $(srcsrc)/mkhdr.c \ + $(srcsrc)/samhain_setpwd.c $(srcsrc)/samhain_stealth.c \ + $(srcsrc)/encode.c $(srcsrc)/sstrip.c \ + $(srcsrc)/trustfile.c $(srcsrc)/exepack.c \ + $(srcsrc)/exepack_fill.c $(srcsrc)/exepack_mkdata.c \ + $(srcsrc)/minilzo.c $(srcsrc)/slib.c \ + $(srcsrc)/rijndael-alg-fst.c $(srcsrc)/rijndael-api-fst.c \ + $(srcsrc)/zAVLTree.c $(srcsrc)/bignum.c \ + $(srcsrc)/sh_socket.c $(srcsrc)/sh_ignore.c \ + $(srcsrc)/yulectl.c $(srcsrc)/sh_mounts.c \ + $(srcsrc)/sh_userfiles.c $(srcsrc)/sh_prelude.c \ + $(srcsrc)/sh_prelink.c $(srcsrc)/sh_static.c \ + $(srcsrc)/sh_portcheck.c $(srcsrc)/sh_port2proc.c\ + $(srcsrc)/sh_processcheck.c \ + $(srcsrc)/sh_pthread.c $(srcsrc)/sh_string.c \ + $(srcsrc)/sh_log_parse_syslog.c $(srcsrc)/sh_log_parse_pacct.c \ + $(srcsrc)/sh_log_parse_samba.c \ + $(srcsrc)/sh_log_parse_apache.c $(srcsrc)/sh_log_evalrule.c \ + $(srcsrc)/sh_log_check.c $(srcsrc)/dnmalloc.c \ + $(srcsrc)/t-test1.c + +OBJECTS = sh_files.o sh_tiger0.o sh_tiger2.o sh_tiger2_64.o \ + samhain.o sh_unix.o sh_utils.o sh_error.o \ + sh_getopt.o sh_readconf.o \ + sh_hash.o sh_mail.o sh_mem.o \ + sh_entropy.o sh_forward.o sh_modules.o sh_utmp.o sh_kern.o \ + sh_suidchk.o sh_srp.o sh_fifo.o sh_tools.o sh_html.o sh_gpg.o \ + sh_cat.o sh_calls.o sh_extern.o sh_database.o sh_err_log.o \ + sh_err_console.o sh_err_syslog.o sh_schedule.o bignum.o \ + trustfile.o rijndael-alg-fst.o rijndael-api-fst.o slib.o \ + zAVLTree.o sh_socket.o sh_ignore.o sh_prelude.o \ + sh_mounts.o sh_userfiles.o sh_prelink.o sh_static.o \ + sh_processcheck.o sh_portcheck.o sh_port2proc.o \ + sh_log_parse_syslog.o sh_log_parse_pacct.o sh_log_parse_apache.o \ + sh_log_parse_samba.o sh_log_evalrule.o sh_log_check.o \ + sh_pthread.o sh_string.o dnmalloc.o + +KERN = kern_head.h kern_head.c + +TESTSUITE = test.sh testcompile.sh testhash.sh testtiger.txt \ + testtimesrv.sh \ + testext.sh testrc_1ext.in test_ext.c.in testrun_1d.sh \ + testrun_1.sh testrun_1a.sh testrun_1b.sh testrun_1c.sh testrc_1 \ + testrun_2.sh testrun_2a.sh testrun_2b.sh testrc_2.in \ + testrun_2c.sh testrun_2d.sh + +DIST_COMMON = README COPYING LICENSE samhain.jpg \ +samhainrc.linux samhainrc.solaris samhainrc.freebsd samhainrc.aix5.2.0 \ +samhainrc.netbsd yulerc.template \ +Install.sh + +DIST_NEEDED = Makefile.in deploy.sh.in samhain-install.sh.in \ +samhain.spec.in rules.deb.in rules.deb-light.in samhain.spec hp_ux.psf.in \ +stealth_template.jpg \ +config.guess config.h.in stamp-h.in config.sub configure \ +configure.ac acconfig.h aclocal.m4 install-sh missing mkinstalldirs \ +c_random.sh c_bits.sh depend.sum depend.dep stamp-hdep + +DISTFILES = $(DIST_COMMON) $(DIST_NEEDED) \ + src include man scripts init docs sql_init test dsys + +PROGRAMS = $(SETPWD) $(STEGIN) $(SAMHAIN) $(YULECTL) + +#---------------------------------------------------------- +# +# the first target is the default one +# +#---------------------------------------------------------- + +all: $(top_srcdir)/depend.sum $(SETPWD) $(STEGIN) $(SAMHAIN) $(YULECTL) @sh_lkm@ sstrip + + +#---------------------------------------------------------- +# +# rules for automatic updating of configuration information +# after changing the configuration files +# +#---------------------------------------------------------- + +$(top_srcdir)/configure: $(top_srcdir)/configure.ac $(top_srcdir)/aclocal.m4 + cd $(srcdir) && autoconf + +# autoheader might not change config.h.in, so touch a stamp file. +$(top_srcdir)/config.h.in: $(top_srcdir)/stamp-h.in + touch $(top_srcdir)/config.h.in + +$(top_srcdir)/stamp-h.in: $(top_srcdir)/configure.ac $(top_srcdir)/aclocal.m4 + cd $(top_srcdir) && autoheader + echo timestamp > $(top_srcdir)/stamp-h.in + +config.h: stamp-h + @sleep 1; \ + touch config.h + +stamp-h: $(top_srcdir)/config.h.in config.status + ./config.status + +Makefile: $(top_srcdir)/Makefile.in config.status + ./config.status + +samhain-install.sh: $(top_srcdir)/samhain-install.sh.in config.status + ./config.status + +config.status: $(top_srcdir)/configure + ./config.status --recheck + +#---------------------------------------------------------- +# +# rules for automatic dependency tracking +# +#---------------------------------------------------------- + + +depend-gen: $(srcsrc)/depend-gen.c + @echo "$(BUILD_CC) -I. -o depend-gen $(srcsrc)/depend-gen.c"; \ + $(BUILD_CC) -I. -o depend-gen $(srcsrc)/depend-gen.c 2>/dev/null || \ + echo "failed to compile ... hope depend.dep is ok" + +# redo if sources change +# +$(top_srcdir)/depend.dep: depend-gen $(SOURCES) + @echo "update depend.dep ..."; \ + test -f $(srcdir)/depend.dep || echo > $(srcdir)/depend.dep; \ + if test -f depend-gen; then \ + failfiles=""; \ + for ff in $(SOURCES) $(srcsrc)/kern_head.c; do \ + ./depend-gen -i '$$(srcinc)/' -o $(top_srcdir)/depend.dep $$ff || \ + failfiles="$${failfiles} $$ff"; \ + done; \ + if test x"$${failfiles}" != x; then \ + echo "--------------------------------------------------------";\ + echo " depend-gen failed to update depend.dep. You can safely"; \ + echo " ignore this error, unless you have modified the source"; \ + echo " files and changed their dependencies."; \ + echo "--------------------------------------------------------";\ + else \ + echo $(srcsrc) > $(top_srcdir)/stamp-dep; \ + fi; \ + else \ + echo "depend-gen not found ... depend.dep not modified"; \ + fi + +# only updated if depencies change +# +$(top_srcdir)/depend.sum: $(top_srcdir)/depend.dep + @if test -f depend-gen; then \ + nsum=`./depend-gen -c $(top_srcdir)/depend.dep|awk '{print $$1}'`; \ + osum=`cat $(top_srcdir)/depend.sum 2>/dev/null`; \ + if test "x$$osum" != "x$$nsum"; then \ + echo "update $(top_srcdir)/depend.sum ..."; \ + echo $$nsum > $(top_srcdir)/depend.sum; \ + echo timestamp > $(top_srcdir)/stamp-hdep; \ + fi; \ + fi; + +$(top_srcdir)/stamp-hdep: + touch $(top_srcdir)/stamp-hdep && touch $(top_srcdir)/Makefile.in + +$(top_srcdir)/Makefile.in: $(top_srcdir)/stamp-hdep + @echo "update Makefile.in ..."; \ + echo "cp Makefile.in Makefile.in.bak"; \ + cp $(top_srcdir)/Makefile.in $(top_srcdir)/Makefile.in.bak; \ + if test -f depend-gen; then \ + failfiles=""; \ + for ff in $(SOURCES) $(srcsrc)/kern_head.c; do \ + ./depend-gen -i '$$(srcinc)/' -o $(top_srcdir)/Makefile.in $$ff || \ + failfiles="$${failfiles} $$ff"; \ + done; \ + if test x"$${failfiles}" != x; then \ + echo "--------------------------------------------------------";\ + echo " depend-gen failed to update Makefile.in. You can safely"; \ + echo " ignore this error, unless you have modified the source"; \ + echo " files and changed their dependencies."; \ + echo "--------------------------------------------------------";\ + else \ + echo $(srcsrc) > $(top_srcdir)/stamp-dep; \ + fi; \ + fi + +# do it manually +# +depend: depend-gen + @echo "update Makefile.in ..."; \ + for ff in $(SOURCES) $(srcsrc)/kern_head.c; do \ + ./depend-gen -i '$$(srcinc)/' -o $(top_srcdir)/Makefile.in $$ff; \ + echo $(srcsrc) > $(top_srcdir)/stamp-dep; \ + done + + +#---------------------------------------------------------- +# +# CLEAN rules +# +#---------------------------------------------------------- + + +# everything created by make +# + +CLEANFILES = encode config_xor.h depend-gen sh_ks.h sh_ks_xor.h kern_head \ + internal.h sh_MK.h trustfile sstrip samhain mkhdr encode cutest \ + yule samhain_setpwd samhain_stealth samhainrc yulectl samhain_hide.ko + +clean: + -rm -f core *.o + @-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + + +# everything created by (./configure && make) +# + +DISTCLEANFILES = Makefile samhain.spec sh_gpg_checksum.h sh_gpg_fp.h \ + init/samhain.startLinux init/samhain.startGentoo \ + init/samhain.startLSB init/samhain.startFreeBSD \ + init/samhain.startSolaris init/samhain.startHPUX \ + init/samhain.startIRIX init/samhain.startMACOSX \ + deploy.sh sh_MK.h samhain-install.sh sh_gpg_chksum.h sh_gpg_fp.h \ + rules.deb rules.deb-light \ + scripts/samhainadmin.pl scripts/check_samhain.pl \ + scripts/samhain.ebuild scripts/samhain.ebuild-light + +TESTCLEANFILES = samhain.build samhain.new yule.html \ + test_ext test_ext.c test_ext.res testhash.tmp \ + testrc1.signed testrc_1ext testrc_2 testrc_2.signed \ + test_dnmalloc + +distclean: clean + -rm -f config.status config.log configure.lineno config.h config.cache + @-test -z "$(TESTCLEANFILES)" || rm -f $(TESTCLEANFILES) + @-test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) + + +#---------------------------------------------------------- +# +# TEST rules +# +#---------------------------------------------------------- + +test14: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 14 `hostname -f` + +test13: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 13 `hostname -f` + +test12: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 12 `hostname -f` + +test11: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 11 `hostname -f` + +test10: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 10 `hostname -f` + +test7: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 7 + +test6: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 6 + +test5: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 5 + +test4: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 4 + +test3: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 3 + +test2: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 2 + +test1: test + @cd test && TOP_SRCDIR=$(top_srcdir) && \ + export TOP_SRCDIR && ./test.sh 1 + +test: + @if test -f test; then \ + :; \ + else \ + cp -pr $(top_srcdir)/test .; \ + cat $(top_srcdir)/test/test.sh | \ + sed 's%XXXSRCXXX%$(top_srcdir)%' > test/test.sh; \ + chmod +x test/test.sh; \ + fi + +test_dnmalloc: $(srcsrc)/t-test1.c dnmalloc.o + $(COMPILE) $(VFLAG) -o t-test1.o -c $(srcsrc)/t-test1.c; \ + $(LINK) t-test1.o dnmalloc.o $(LIBS_TRY) + + +#---------------------------------------------------------- +# +# INSTALL rules +# +#---------------------------------------------------------- + +install: install-lkm install-program install-man install-data + @echo; \ + echo " You can use 'samhain-install.sh uninstall' for uninstalling"; \ + echo " i.e. you might consider saving that script for future use";\ + echo; \ + echo " Use 'make install-boot' if you want @install_name@ to start on system boot"; \ + echo + +install-light: install-lkm install-program install-data + @echo; \ + echo " You can use 'samhain-install.sh uninstall' for uninstalling"; \ + echo " i.e. you might consider saving that script for future use";\ + echo; \ + echo " Use 'make install-boot' if you want @install_name@ to start on system boot"; \ + echo + +purge: uninstall-lkm uninstall-program uninstall-man + @echo "./samhain-install.sh --destdir=$(DESTDIR) --force --verbose uninstall-data"; \ + ./samhain-install.sh --destdir=$(DESTDIR) --force --verbose uninstall-data + +remove: uninstall + +uninstall: uninstall-lkm uninstall-program uninstall-man uninstall-data + @echo; \ + echo " Use 'make purge' if you also want to uninstall the configuration file"; \ + echo " Use 'make uninstall-boot' to uninstall the runlevel scripts"; \ + echo + +# +# --- boot --- +# +install-boot: samhain-install.sh + ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose install-boot + + +uninstall-boot: samhain-install.sh + ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-boot + +# +# --- program --- +# + +# -- NEW -- +install-lkm: @sh_lkm@ + @RVER=`uname -r`; \ + if test "x@sh_lkm@" != "x"; then \ + if test -d /lib/modules/$$RVER; then \ + MODDIR="/lib/modules/$$RVER"; \ + elif test -d /lib/modules/misc; then \ + MODDIR="/lib/modules/misc"; \ + elif test -d /lib/modules; then \ + MODDIR="/lib/modules/misc"; \ + fi; \ + $(mkinstalldirs) $(DESTDIR)$${MODDIR}; \ + list='@sh_lkm@'; for p in $$list; do \ + echo " cp $$p $(DESTDIR)$${MODDIR}/`echo $$p|sed 's%samhain%@install_name@%'`"; \ + cp $$p $(DESTDIR)$${MODDIR}/`echo $$p|sed 's%samhain%@install_name@%'` ; \ + chown root $(DESTDIR)$${MODDIR}/`echo $$p|sed 's%samhain%@install_name@%'`; \ + done; \ + if test "x$(DESTDIR)" = x; then \ + echo " depmod -a || /sbin/depmod -a"; \ + depmod -a || /sbin/depmod -a; \ + fi; \ + fi + +uninstall-lkm: + @echo "./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-lkm";\ + ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-lkm + + +install-program: $(PROGRAMS) sstrip + @$(mkinstalldirs) $(DESTDIR)$(sbindir) + @list='$(PROGRAMS)'; for p in $$list; do \ + if test -f $$p; then \ + echo " $(INSTALL_PROGRAM) $$p $(DESTDIR)$(sbindir)/`echo $$p|sed 's%samhain%@install_name@%'|sed 's%yule%@install_name@%'`"; \ + $(INSTALL_PROGRAM) $$p $(DESTDIR)$(sbindir)/`echo $$p|sed 's%samhain%@install_name@%'|sed 's%yule%@install_name@%'`; \ + chmod 0700 $(DESTDIR)$(sbindir)/`echo $$p|sed 's%samhain%@install_name@%'|sed 's%yule%@install_name@%'`; \ + echo " ./sstrip $(DESTDIR)$(sbindir)/`echo $$p|sed 's%samhain%@install_name@%'|sed 's%yule%@install_name@%'`"; \ + ./sstrip $(DESTDIR)$(sbindir)/`echo $$p|sed 's%samhain%@install_name@%'|sed 's%yule%@install_name@%'`; \ + else :; fi; \ + done + +uninstall-program: + @echo "./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-program";\ + ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-program + + +# +# -- data files +# + +install-user: + @if test "x@need_user_install@" = x1; then \ + echo "./samhain-install.sh --destdir=$(DESTDIR) --express --verbose install-user @myident@"; \ + ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose install-user @myident@; \ + fi + @if test x"$(VFLAG)" = "x-DSH_WITH_SERVER"; then \ + echo " chown root $(DESTDIR)$(mydatadir)"; \ + chown root $(DESTDIR)$(mydatadir); \ + echo " chmod 755 $(DESTDIR)$(mydatadir)"; \ + chmod 755 $(DESTDIR)$(mydatadir); \ + echo " chown @myident@ $(DESTDIR)$(configfile)"; \ + chown @myident@ $(DESTDIR)$(configfile); \ + if test x"$(mylogdir)" = "x/var/log"; then \ + if test x"@myident@" = xroot; then \ + :; \ + else \ + echo; \ + echo " ----------------------------------------------------------------"; \ + echo " Directory $(mylogdir) (log file) looks like a system directory."; \ + echo " You may run into problems (need write access for user @myident@)."; \ + echo " ----------------------------------------------------------------"; \ + echo; \ + fi; \ + else \ + echo " chown @myident@ $(DESTDIR)$(mylogdir)"; \ + chown @myident@ $(DESTDIR)$(mylogdir); \ + fi; \ + fi + +install-data: trustfile + @$(mkinstalldirs) $(DESTDIR)$(sysconfdir) + @$(mkinstalldirs) $(DESTDIR)$(mylockdir) + @$(mkinstalldirs) $(DESTDIR)$(mylogdir) + @$(mkinstalldirs) $(DESTDIR)$(mydatadir); \ + chmod 700 $(DESTDIR)$(mydatadir) + @if test -f samhainrc.$(selectconfig); then \ + :; \ + else \ + if test -f $(srcdir)/samhainrc.$(selectconfig); then \ + cp $(srcdir)/samhainrc.$(selectconfig) . ; \ + fi; \ + fi; \ + if test -f yulerc; then \ + :; \ + else \ + if test -f $(srcdir)/yulerc.template; then \ + cp $(srcdir)/yulerc.template yulerc; \ + fi; \ + fi; \ + if test -f stealth_template.jpg; then \ + :; \ + else \ + if test -f $(srcdir)/stealth_template.jpg; then \ + cp $(srcdir)/stealth_template.jpg . ; \ + fi; \ + fi + @echo "./samhain-install.sh --destdir=$(DESTDIR) --express --verbose install-data"; \ + ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose install-data || \ + echo " ERROR: Failed to install the configuration file to $(DESTDIR)$(configfile). You need to install the configuration file manually." + @if test x"$(VFLAG)" = "x-DSH_WITH_SERVER"; then \ + echo;\ + echo " -----------------------------------------------------";\ + echo " The server will run as user @myident@ if started with";\ + echo " root privileges, otherwise as the user of the parent ";\ + echo " process (use --enable-identity=USER to change).";\ + echo;\ + echo " You may want to use: make install-user";\ + echo;\ + echo " - to add the user @myident@ (if not existing already)";\ + echo " - to chown the data directory $(mydatadir)";\ + echo " - to chown the log file directory $(mylogdir)";\ + echo " - to chown the configuration file $(configfile)";\ + echo " -----------------------------------------------------";\ + else \ + if test "x@need_user_install@" = x1; then \ + echo;\ + echo " -----------------------------------------------------";\ + echo " You may want to use: make install-user";\ + echo;\ + echo " - to add the user @myident@ (if not existing already)";\ + echo " -----------------------------------------------------";\ + fi; \ + fi + +uninstall-data: + @echo "./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-data"; \ + ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-data + +# +# -- man files +# + +install-man: + $(mkinstalldirs) $(DESTDIR)$(mandir)/man8 + $(mkinstalldirs) $(DESTDIR)$(mandir)/man5 + @if test -f $(top_srcdir)/man/samhain.8 ; then \ + echo " $(INSTALL_MAN) $(top_srcdir)/man/samhain.8 $(DESTDIR)$(mandir)/man8/@install_name@.8"; \ + $(INSTALL_MAN) $(top_srcdir)/man/samhain.8 $(DESTDIR)$(mandir)/man8/@install_name@.8; \ + fi + @if test -f $(top_srcdir)/man/samhainrc.5 ; then \ + echo " $(INSTALL_MAN) $(top_srcdir)/man/samhainrc.5 $(DESTDIR)$(mandir)/man5/@install_name@rc.5"; \ + $(INSTALL_MAN) $(top_srcdir)/man/samhainrc.5 $(DESTDIR)$(mandir)/man5/@install_name@rc.5; \ + fi + +uninstall-man: + @echo "./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-man";\ + ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-man + + +#---------------------------------------------------------- +# +# BUILD rules +# +#---------------------------------------------------------- + +run: run-light + +run-light: all + @echo "Building $(PACKAGE)-$(VERSION).run"; \ + STAGE=$(PACKAGE)-$(VERSION); \ + mkdir $$STAGE; \ + if test x"$$?" != x0; then \ + echo "ERROR ... mkdir $$STAGE failed"; \ + exit 1; \ + fi; \ + $(MAKE) DESTDIR=$$STAGE install-light; \ + rm -f $$STAGE/@sbindir@/@install_name@_stealth; \ + echo "#! /bin/sh" > $$STAGE/setup.sh; \ + echo "./mkinstalldirs @sbindir@ || exit 1" >> $$STAGE/setup.sh; \ + echo "./mkinstalldirs @sysconfdir@ || exit 1" >> $$STAGE/setup.sh; \ + echo "./mkinstalldirs @mylockdir@ || exit 1" >> $$STAGE/setup.sh; \ + echo "./mkinstalldirs @mylogdir@ || exit 1" >> $$STAGE/setup.sh; \ + echo "./mkinstalldirs @mydataroot@ || exit 1" >> $$STAGE/setup.sh; \ + echo "chmod 700 @mydataroot@ || exit 1" >> $$STAGE/setup.sh; \ + if test -f $$STAGE/lib/modules; then \ + RVER=`uname -r`; \ + echo "chown root:root lib/modules/$$RVER/*" >> $$STAGE/setup.sh; \ + if test -d /lib/modules/$$RVER; then \ + echo "./mkinstalldirs /lib/modules/$$RVER" >> $$STAGE/setup.sh; \ + echo "cp -p lib/modules/$$RVER/* /lib/modules/$$RVER/" >> $$STAGE/setup.sh; \ + elif test -d /lib/modules/misc; then \ + echo "./mkinstalldirs /lib/modules/misc" >> $$STAGE/setup.sh; \ + echo "cp -p lib/modules/misc/* /lib/modules/misc/" >> $$STAGE/setup.sh; \ + elif test -d /lib/modules; then \ + echo "./mkinstalldirs /lib/modules/misc" >> $$STAGE/setup.sh; \ + echo "cp -p lib/modules/misc/* /lib/modules/misc/" >> $$STAGE/setup.sh; \ + fi; \ + echo "/sbin/depmod -a" >> $$STAGE/setup.sh; \ + fi; \ + temp=`echo $(sbindir) | sed s,^/,,`; \ + echo "chown root $$temp/*" >> $$STAGE/setup.sh; \ + echo "cp -p $$temp/* $(sbindir) || exit 1" >> $$STAGE/setup.sh; \ + temp=`echo $(sysconfdir) | sed s,^/,,`; \ + echo "chown root $$temp/*" >> $$STAGE/setup.sh; \ + configfile=`echo @myconffile@ | sed 's%^REQ_FROM_SERVER%%'`; \ + echo "test -f $$configfile || cp -p $$temp/* $$configfile" >> $$STAGE/setup.sh; \ + echo "./samhain-install.sh --express --verbose install-boot || echo 'Cannot install init script'" >> $$STAGE/setup.sh; \ + cp $(top_srcdir)/mkinstalldirs $$STAGE/; \ + cp $(top_srcdir)/install-sh $$STAGE/; \ + cp ./samhain-install.sh $$STAGE/; \ + cp -r init/ $$STAGE/; \ + chmod +x $$STAGE/setup.sh; \ + chmod +x $$STAGE/samhain-install.sh; \ + chmod +x $$STAGE/mkinstalldirs; \ + chmod +x $$STAGE/install-sh; \ + $(top_srcdir)/scripts/makeself/makeself.sh --header $(top_srcdir)/scripts/makeself/makeself-header.sh --nocomp --nomd5 --notemp $$STAGE $(PACKAGE)-$(VERSION).run "$(PACKAGE)_$(VERSION)_self_extracting_installer" ./setup.sh && \ + rm -r $(PACKAGE)-$(VERSION) + +emerge-prepare: dist + @echo "Building $(PACKAGE)-$(VERSION)"; \ + test -f /etc/make.globals && . /etc/make.globals; \ + test -f /etc/make.conf && . /etc/make.conf; \ + echo "$(INSTALL_MAN) $(PACKAGE)-$(VERSION).tar.gz $${DISTDIR}/@install_name@-$(VERSION).tar.gz"; \ + $(INSTALL_MAN) $(PACKAGE)-$(VERSION).tar.gz $${DISTDIR}/@install_name@-$(VERSION).tar.gz; \ + if test "x$${PORTDIR_OVERLAY}" = "x"; then \ + COPY_TO="$${PORTDIR}"; \ + else \ + COPY_TO="$${PORTDIR_OVERLAY}"; \ + fi; \ + $(mkinstalldirs) $${COPY_TO}/app-admin/@install_name@; \ + echo "$(INSTALL_MAN) scripts/samhain.ebuild $${COPY_TO}/app-admin/@install_name@/@install_name@-$(VERSION).ebuild";\ + $(INSTALL_MAN) scripts/samhain.ebuild $${COPY_TO}/app-admin/@install_name@/@install_name@-$(VERSION).ebuild; \ + test -f $${COPY_TO}/app-admin/@install_name@/files/digest-@install_name@-$(VERSION) && rm $${COPY_TO}/app-admin/@install_name@/files/digest-@install_name@-$(VERSION);\ + ebuild $${COPY_TO}/app-admin/@install_name@/@install_name@-$(VERSION).ebuild digest; + +emerge-prepare-light: dist + @echo "Building $(PACKAGE)-$(VERSION)"; \ + test -f /etc/make.globals && . /etc/make.globals; \ + test -f /etc/make.conf && . /etc/make.conf; \ + echo "$(INSTALL_MAN) $(PACKAGE)-$(VERSION).tar.gz $${DISTDIR}/@install_name@-$(VERSION).tar.gz"; \ + $(INSTALL_MAN) $(PACKAGE)-$(VERSION).tar.gz $${DISTDIR}/@install_name@-$(VERSION).tar.gz; \ + if test "x$${PORTDIR_OVERLAY}" = "x"; then \ + COPY_TO="$${PORTDIR}"; \ + else \ + COPY_TO="$${PORTDIR_OVERLAY}"; \ + fi; \ + $(mkinstalldirs) $${COPY_TO}/app-admin/@install_name@; \ + echo "$(INSTALL_MAN) scripts/samhain.ebuild-light $${COPY_TO}/app-admin/@install_name@/@install_name@-$(VERSION).ebuild";\ + $(INSTALL_MAN) scripts/samhain.ebuild-light $${COPY_TO}/app-admin/@install_name@/@install_name@-$(VERSION).ebuild; \ + test -f $${COPY_TO}/app-admin/@install_name@/files/digest-@install_name@-$(VERSION) && rm $${COPY_TO}/app-admin/@install_name@/files/digest-@install_name@-$(VERSION);\ + ebuild $${COPY_TO}/app-admin/@install_name@/@install_name@-$(VERSION).ebuild digest; + + +tbz2: emerge-prepare + @emerge --buildpkgonly @install_name@; \ + test -f /etc/make.globals && . /etc/make.globals; \ + test -f /etc/make.conf && . /etc/make.conf; \ + echo; \ + echo "@install_name@-$(VERSION).tbz2 should be in $${PKGDIR}/All"; \ + if test -f $${PKGDIR}/All/@install_name@-$(VERSION).tbz2; then \ + echo "Package $${PKGDIR}/All/@install_name@-$(VERSION).tbz2 built."; \ + mv $${PKGDIR}/All/@install_name@-$(VERSION).tbz2 $(PACKAGE)-$(VERSION).tbz2; \ + rm -f $${PKGDIR}/app-admin/@install_name@-$(VERSION).tbz2; \ + rm -rf $${PORTAGE_TMPDIR}/portage/@install_name@-$(VERSION); \ + else \ + echo "Error ... cannot find package."; \ + exit 1; \ + fi; \ + echo + +tbz2-light: emerge-prepare-light + @emerge --buildpkgonly @install_name@; \ + test -f /etc/make.globals && . /etc/make.globals; \ + test -f /etc/make.conf && . /etc/make.conf; \ + echo; \ + if test -f $${PKGDIR}/All/@install_name@-$(VERSION).tbz2; then \ + echo "Package $${PKGDIR}/All/@install_name@-$(VERSION).tbz2 built."; \ + mv $${PKGDIR}/All/@install_name@-$(VERSION).tbz2 $(PACKAGE)-$(VERSION).tbz2; \ + rm -f $${PKGDIR}/app-admin/@install_name@-$(VERSION).tbz2; \ + rm -rf $${PORTAGE_TMPDIR}/portage/@install_name@-$(VERSION); \ + else \ + echo "Error ... cannot find package."; \ + exit 1; \ + fi; \ + echo + +emerge: + emerge $(PACKAGE); + +deb-light: + @echo "creating subdirectory debian"; \ + mkdir -p debian; \ + cp rules.deb-light debian/rules; \ + chmod +x debian/rules; \ + echo $(sbindir) | sed s,^/,, > debian/dirs; \ + echo $(sysconfdir) | sed s,^/,, >> debian/dirs; \ + echo etc/init.d >> debian/dirs; \ + echo $(mydatadir) | sed s,^/,, >> debian/dirs; \ + echo $(mylogdir) | sed s,^/,, >> debian/dirs; \ + echo $(mylockdir) | sed s,^/,, >> debian/dirs; \ + if test "x@sh_lkm@" != x; then \ + RVER=`uname -r`; \ + if test -d /lib/modules/$$RVER; then \ + echo "lib/modules/$$RVER" >> debian/dirs; \ + elif test -d /lib/modules/misc; then \ + echo "lib/modules/misc" >> debian/dirs; \ + elif test -d /lib/modules; then \ + echo "lib/modules/misc" >> debian/dirs; \ + fi; \ + fi; \ + $(MAKE) deb-run + +deb: + @echo "creating subdirectory debian"; \ + mkdir -p debian; \ + cp rules.deb debian/rules; \ + chmod +x debian/rules; \ + echo $(sbindir) | sed s,^/,, > debian/dirs; \ + echo $(sysconfdir) | sed s,^/,, >> debian/dirs; \ + echo etc/init.d >> debian/dirs; \ + echo $(mydatadir) | sed s,^/,, >> debian/dirs; \ + echo $(mylogdir) | sed s,^/,, >> debian/dirs; \ + echo $(mylockdir) | sed s,^/,, >> debian/dirs; \ + echo $(mandir)/man5 | sed s,^/,, >> debian/dirs; \ + echo $(mandir)/man8 | sed s,^/,, >> debian/dirs; \ + echo usr/share/doc/$(PACKAGE) >> debian/dirs; \ + if test "x@sh_lkm@" != x; then \ + RVER=`uname -r`; \ + if test -d /lib/modules/$$RVER; then \ + echo "lib/modules/$$RVER" >> debian/dirs; \ + elif test -d /lib/modules/misc; then \ + echo "lib/modules/misc" >> debian/dirs; \ + elif test -d /lib/modules; then \ + echo "lib/modules/misc" >> debian/dirs; \ + fi; \ + fi; \ + echo $(top_srcdir)/README > debian/docs; \ + echo $(top_srcdir)/test/testtiger.txt >> debian/docs; \ + echo $(srcsrc)/simple-bignum.tar.bz2 >> debian/docs; \ + echo $(top_srcdir)/scripts/head.html >> debian/docs; \ + echo $(top_srcdir)/scripts/foot.html >> debian/docs; \ + echo $(top_srcdir)/samhain.jpg >> debian/docs; \ + echo $(top_srcdir)/docs/BUGS >> debian/docs; \ + echo $(top_srcdir)/docs/HOWTO-client+server.html >> debian/docs; \ + echo $(top_srcdir)/docs/HOWTO-samhain+GnuPG.html >> debian/docs; \ + echo $(top_srcdir)/docs/MANUAL-2_3.html.tar >> debian/docs; \ + echo $(top_srcdir)/docs/MANUAL-2_3.pdf >> debian/docs; \ + echo $(top_srcdir)/docs/README.gcc_bug >> debian/docs; \ + echo $(top_srcdir)/docs/README.LZO >> debian/docs; \ + echo $(top_srcdir)/docs/README.sstrip >> debian/docs; \ + echo $(top_srcdir)/docs/README.UPGRADE >> debian/docs; \ + echo $(top_srcdir)/docs/README.win2K >> debian/docs; \ + echo $(top_srcdir)/docs/TODO >> debian/docs; \ + $(MAKE) deb-run + +deb-run: + @maintainer=`gpg --list-secret-keys | grep 'uid ' | cut -d" " -f 5- | sed 's/^ *//' | sed q1`;\ + if test "x$$maintainer" = x; then \ + maintainer="Nobody Nowhere "; \ + fi; \ + echo "$(PACKAGE) ($(VERSION)-1) stable; urgency=low" > debian/changelog; \ + echo >> debian/changelog; \ + echo " * Initial release." >> debian/changelog; \ + echo >> debian/changelog; \ + echo " -- $$maintainer `date -R`" >> debian/changelog; \ + echo >> debian/changelog; \ + echo "Local variables:" >> debian/changelog; \ + echo "mode: debian-changelog" >> debian/changelog; \ + echo "End:" >> debian/changelog; \ + cp $(top_srcdir)/COPYING debian/copyright; \ + touch debian/README.debian; \ + echo "Document: @install_name@-manual" > debian/@install_name@.doc-base; \ + echo "Title: @install_name@ Manual" >> debian/@install_name@.doc-base; \ + echo "Author: Rainer Wichmann" >> debian/@install_name@.doc-base; \ + echo "Abstract: This manual describes what @install_name@ is" >> debian/@install_name@.doc-base; \ + echo " and how it can be used to check the file integrity of your" >> debian/@install_name@.doc-base; \ + echo " server." >> debian/@install_name@.doc-base; \ + echo "Section: admin" >> debian/@install_name@.doc-base; \ + echo >> debian/@install_name@.doc-base; \ + echo >> debian/@install_name@.doc-base; \ + echo "Format: Postscript" >> debian/@install_name@.doc-base; \ + echo "Files: /usr/share/doc/@install_name@/manual.ps.gz" >> debian/@install_name@.doc-base; \ + echo >> debian/@install_name@.doc-base; \ + echo "Format: HTML" >> debian/@install_name@.doc-base; \ + echo "Index: /usr/share/doc/@install_name@/manual.html/index.html" >> debian/@install_name@.doc-base; \ + echo "Files: /usr/share/doc/@install_name@/manual.html/*.html" >> debian/@install_name@.doc-base; \ + echo @myrpmconffile@ > debian/conffiles; \ + echo /etc/init.d/@install_name@ >> debian/conffiles; \ + if test -f /usr/lib/lsb/install_initd; then \ + cp init/samhain.startLSB debian/@install_name@.init; \ + else \ + cp init/samhain.startLinux debian/@install_name@.init; \ + fi; \ + echo "Source: samhain" > debian/control; \ + echo "Section: admin" >> debian/control; \ + echo "Priority: optional" >> debian/control; \ + echo "Maintainer: $$maintainer" >> debian/control; \ + echo "Standards-Version: 3.2.1" >> debian/control; \ + echo >> debian/control; \ + echo "Package: @install_name@" >> debian/control; \ + echo "Architecture: any" >> debian/control; \ + echo "Depends: \$${shlibs:Depends}" >> debian/control; \ + echo "Description: File integrity checker" >> debian/control; \ + echo " A file integrity checker" >> debian/control; \ + echo "running debuild -us -uc"; \ + debuild -us -uc; \ + DEBFILE=`find ../ -follow -maxdepth 1 -cnewer ./debian/control 2>/dev/null | grep '@install_name@_$(VERSION)' | grep '\.deb'`; \ + if test x"$$DEBFILE" = x; then \ + echo "Error ... cannot find package file"; \ + exit 1; \ + else \ + echo "Package $$DEBFILE built."; \ + cp $$DEBFILE ./$(PACKAGE)-$(VERSION).deb; \ + fi; \ + echo + +# +# Check samhain.spec +# +rpmspec-full: + @grep 'install-light' samhain.spec >/dev/null 2>&1; \ + if test x"$$?" = "x0"; then \ + echo "Your samhain.spec is from rpm-light. Please run"; \ + echo " .config.status to re-create the original samhain.spec"; \ + exit 1; \ + fi + +# when editing the spec file, make an additional blank after 'make' +# to avoid that it matches on a second processing +# +rpmspec-light: samhain.spec + @echo "Stripping docs from samhain.spec"; \ + cat samhain.spec | sed 's,make DESTDIR=$${RPM_BUILD_ROOT} install,make DESTDIR=$${RPM_BUILD_ROOT} install-light,' | sed s,shkeep=yes,shkeep=no, | sed s,%doc.*,, | sed s,%attr.*,, > samhain.spec-light; \ + mv samhain.spec-light samhain.spec + +rpm-light: rpmspec-light distrpm + rpmbuild -ta ./$(PACKAGE)-$(VERSION).tar.gz; + @RPMTOP=`cat ~/.rpmmacros 2>/dev/null | grep '%_topdir' | awk '{ print $$2}'`; \ + if test x"$$RPMTOP" = x; then RPMTOP=/usr/src; fi; \ + echo "Searching the RPM package below $$RPMTOP ..."; \ + RPMFILE=`find $$RPMTOP -follow -maxdepth 4 -cnewer ./samhain.spec 2>/dev/null | grep '@install_name@-$(VERSION)' | grep '\.rpm' | grep -v '\.src\.'`; \ + echo; \ + if test x"$$RPMFILE" = x; then \ + echo "Error ... cannot find package file"; \ + exit 1; \ + else \ + echo "Package $$RPMFILE built."; \ + echo "Copying it to ./$(PACKAGE)-$(VERSION).rpm"; \ + cp $$RPMFILE ./$(PACKAGE)-$(VERSION).rpm; \ + fi; \ + echo + +rpm: rpmspec-full distrpm + rpmbuild -ta ./$(PACKAGE)-$(VERSION).tar.gz; + @RPMTOP=`cat ~/.rpmmacros 2>/dev/null | grep '%_topdir' | awk '{ print $$2}'`; \ + if test x"$$RPMTOP" = x; then RPMTOP=/usr/src; fi; \ + echo "Searching the RPM package below $$RPMTOP ..."; \ + RPMFILE=`find $$RPMTOP -follow -maxdepth 4 -cnewer ./samhain.spec 2>/dev/null | grep '@install_name@-$(VERSION)' | grep '\.rpm' | grep -v '\.src\.'`; \ + echo; \ + if test x"$$RPMFILE" = x; then \ + echo "Error ... cannot find package file"; \ + exit 1; \ + else \ + echo "Package $$RPMFILE built."; \ + echo "Copying it to ./$(PACKAGE)-$(VERSION).rpm"; \ + cp $$RPMFILE ./$(PACKAGE)-$(VERSION).rpm; \ + fi; \ + echo + +srpm-dist: rpmspec-full samhain.spec + @cat samhain.spec | \ + sed s%\-\-with\-base=.*\,[0123456789]*%% | \ + sed s%\'\'%% > samhain.spec.m; \ + mv samhain.spec.m samhain.spec + $(MAKE) distrpm + rpmbuild -ts ./$(PACKAGE)-$(VERSION).tar.gz + + +srpm: rpmspec-full distrpm + rpmbuild -ts ./$(PACKAGE)-$(VERSION).tar.gz + +solaris-pkg-light: all + @STAGE=/tmp/samhain-pkg-staging; \ + mkdir $$STAGE; \ + if test x"$$?" != x0; then \ + echo "ERROR ... mkdir $$STAGE failed"; \ + exit 1; \ + fi; \ + $(MAKE) DESTDIR=$$STAGE install-light; + $(MAKE) solaris-pkg-finish + +solaris-pkg: all + @STAGE=/tmp/samhain-pkg-staging; \ + mkdir $$STAGE; \ + if test x"$$?" != x0; then \ + echo "ERROR ... mkdir $$STAGE failed"; \ + exit 1; \ + fi; \ + $(MAKE) DESTDIR=$$STAGE install; + $(MAKE) solaris-pkg-finish + +solaris-pkg-finish: + @STAGE=/tmp/samhain-pkg-staging; \ + $(mkinstalldirs) $$STAGE/etc/init.d; \ + $(INSTALL_SHELL) init/samhain.startSolaris $$STAGE/etc/init.d/@install_name@; \ + (echo 'i pkginfo'; pkgproto $$STAGE=/ ) >prototype; \ + user=`id | sed s,uid=[0123456789]*\(,, | sed s,\).*,,`; \ + group=`id | sed s,.*gid=[0123456789]*\(,, | sed s,\).*,,`; \ + cat prototype | grep -v 'none / ' | \ + sed s,$$user\ $$group,root\ sys,g > prototype.1; \ + rm -f prototype.2; \ + while read line; do \ + echo "$${line}" | egrep '^d none' >/dev/null 2>&1; \ + if [ $$? = 0 ]; then \ + dir=`echo "$${line}" | awk '{ print $$3 }'`; \ + if [ -d "$$dir" ]; then \ + echo "d none $${dir} ? ? ?" >> prototype.2; \ + else \ + echo "$${line}" >> prototype.2; \ + fi; \ + else \ + echo "$${line}" >> prototype.2; \ + fi; \ + done < prototype.1; \ + rm -f prototype && rm prototype.1 && mv prototype.2 prototype; \ + echo "d none /etc/rc0.d ? ? ?" >> prototype; \ + echo "d none /etc/rc1.d ? ? ?" >> prototype; \ + echo "d none /etc/rc3.d ? ? ?" >> prototype; \ + echo "l none /etc/rc3.d/S99@install_name@=/etc/init.d/@install_name@" >> prototype; \ + echo "l none /etc/rc0.d/K10@install_name@=/etc/init.d/@install_name@" >> prototype; \ + echo "l none /etc/rc1.d/K10@install_name@=/etc/init.d/@install_name@" >> prototype; \ + ARCH=`uname -p`; \ + PSTAMP=`date '+%c%y%m%d%H%M%S'`; \ + echo "PKG=@install_name@" > pkginfo; \ + echo "NAME=file integrity check" >> pkginfo; \ + echo "VERSION=$(VERSION)" >> pkginfo; \ + echo "CATEGORY=system" >> pkginfo; \ + echo "CLASSES=none" >> pkginfo; \ + echo "VENDOR=http://la-samhna.de/samhain" >> pkginfo; \ + echo "EMAIL=support@la-samhna.de" >> pkginfo; \ + echo "ARCH=$$ARCH" >> pkginfo; \ + echo "PSTAMP=$$PSTAMP" >> pkginfo; \ + pkgmk -o; \ + pkgtrans -s /var/spool/pkg /tmp/samhain-pkg-staging/@install_name@.pkg @install_name@; \ + if test -f /tmp/samhain-pkg-staging/@install_name@.pkg; then \ + echo; \ + cp /tmp/samhain-pkg-staging/@install_name@.pkg $(PACKAGE)-$(VERSION).pkg; \ + echo "Package $(PACKAGE)-$(VERSION).pkg is ready for installation"; \ + echo "to install, use: pkgadd -n -d $(PACKAGE)-$(VERSION).pkg all"; \ + echo; \ + rm -rf /var/spool/pkg/@install_name@ /tmp/samhain-pkg-staging; \ + else \ + echo; \ + echo "**************************************************************"; \ + echo "Error ... cannot find /tmp/samhain-pkg-staging/@install_name@.pkg."; \ + echo "Keeping /var/spool/pkg/@install_name@ /tmp/samhain-pkg-staging"; \ + if test -d /var/spool/pkg; then \ + echo "**************************************************************"; \ + else \ + echo "************** /var/spool/pkg is missing *********************"; \ + fi; \ + echo; \ + exit 1; \ + fi + +depot-prep: all + STAGE=/tmp/samhain-pkg-staging; \ + mkdir $$STAGE; \ + if test x"$$?" != x0; then \ + echo "ERROR ... mkdir $$STAGE failed"; \ + exit 1; \ + fi; \ + $(MAKE) DESTDIR=$$STAGE install; \ + $(MAKE) DESTDIR=$$STAGE install-boot; \ + cp hp_ux.psf $$STAGE; \ + mkdir $$STAGE/sc; \ + echo "#!/sbin/sh" > $$STAGE/sc/configure; \ + echo "PATH=\$$SW_PATH; export PATH" >> $$STAGE/sc/configure; \ + echo "chmod 555 /sbin/init.d/samhain; chown bin:bin /sbin/init.d/@install_name@; (cd /sbin; ln -f -s /sbin/init.d/@install_name@ rc2.d/S900@install_name@; ln -f -s /sbin/init.d/@install_name@ rc1.d/K100@install_name@; )" >> $$STAGE/sc/configure; \ + chmod +x $$STAGE/sc/configure; \ + echo "#!/sbin/sh" > $$STAGE/sc/unconfigure; \ + echo "PATH=\$$SW_PATH; export PATH" >> $$STAGE/sc/unconfigure; \ + echo "rm -f /sbin/rc2.d/S900@install_name@; rm -f /sbin/rc1.d/K100@install_name@" >> $$STAGE/sc/unconfigure; \ + chmod +x $$STAGE/sc/unconfigure; \ + echo "#!/sbin/sh" > $$STAGE/sc/preremove; \ + echo "PATH=\$$SW_PATH; export PATH" >> $$STAGE/sc/preremove; \ + echo "/sbin/init.d/@install_name@ stop" >> $$STAGE/sc/preremove; \ + echo "exit 0" >> $$STAGE/sc/preremove; \ + chmod +x $$STAGE/sc/preremove; + +depot: depot-prep + (cd /tmp/samhain-pkg-staging && /usr/sbin/swpackage -v -s ./hp_ux.psf -x media_type=tape @ $(PACKAGE)-$(VERSION).depot) + cp /tmp/samhain-pkg-staging/$(PACKAGE)-$(VERSION).depot . + rm -rf /tmp/samhain-pkg-staging + +depot-light: depot + +#--------------------------------------------------------------- + + +trustfile: $(srcsrc)/trustfile.c config.h + $(COMPILE) $(VFLAG) -DSH_IDENT=\"@myident@\" -DTRUST_MAIN -DSL_ALWAYS_TRUSTED=@mytrust@ -o trustfile $(srcsrc)/trustfile.c + +sh_MK.h: config.h + @echo "creating sh_MK.h"; \ + echo "#ifndef SH_MK_H" > sh_MK.h; \ + echo "#define SH_MK_H" >> sh_MK.h; \ + $(top_srcdir)/c_bits.sh @my_key_1@ MKB >> sh_MK.h; \ + $(top_srcdir)/c_bits.sh @my_key_2@ MKA >> sh_MK.h; \ + $(top_srcdir)/c_bits.sh @my_key_3@ MKC >> sh_MK.h; \ + $(top_srcdir)/c_bits.sh @my_key_4@ MKD >> sh_MK.h; \ + echo "#endif" >> sh_MK.h + + +sstrip: $(srcsrc)/sstrip.c Makefile + $(BUILD_CC) -I. -o sstrip $(srcsrc)/sstrip.c + +encode: $(srcsrc)/encode.c Makefile + $(BUILD_CC) -I. -o encode $(srcsrc)/encode.c + +config_xor.h: config.h encode + @echo 'encode $(XOR_CODE) config.h'; \ + sleep 1; \ + ./encode $(XOR_CODE) config.h; \ + mv x_config.h config_xor.h + +#.c.o: +# @echo "./encode $(XOR_CODE) $< --> x_`echo $< |sed 's%.*/%%'`"; \ +# ./encode $(XOR_CODE) $<; \ +# echo "$(COMPILE) $(VFLAG) -o `echo $@ |sed 's%.*/%%'` -c x_`echo $< |sed 's%.*/%%'`"; \ +# $(COMPILE) $(VFLAG) -o `echo $@ |sed 's%.*/%%'` -c x_`echo $< |sed 's%.*/%%'`; \ +# rm x_`echo $< |sed 's%.*/%%'` + +$(OBJECTS): encode internal.h + @echo "./encode $(XOR_CODE) $(srcsrc)/`echo $@ |sed 's%\.o$$%%'`.c --> x_`echo $@ |sed 's%\.o$$%%'`.c"; \ + ./encode $(XOR_CODE) $(srcsrc)/`echo $@ |sed 's%\.o$$%%'`.c; \ + echo "$(COMPILE) $(VFLAG) -o `echo $@ |sed 's%.*/%%'` -c x_`echo $@ |sed 's%\.o$$%%'`.c"; \ + $(COMPILE) $(VFLAG) -o `echo $@ |sed 's%.*/%%'` -c x_`echo $@ |sed 's%\.o$$%%'`.c; \ + rm x_`echo $@ |sed 's%\.o$$%%'`.c + +sh_tiger_i.o: $(srcsrc)/$(TIGER_SRC) Makefile config_xor.h + @echo "$(COMPILE) $(VFLAG) -o sh_tiger_i.o -c $(srcsrc)/$(TIGER_SRC)";\ + $(COMPILE) $(VFLAG) -o sh_tiger_i.o -c $(srcsrc)/$(TIGER_SRC); + +samhain_setpwd: encode config_xor.h $(srcsrc)/samhain_setpwd.c + @echo '$(COMPILE) -o samhain_setpwd $(srcsrc)/samhain_setpwd.c'; \ + ./encode $(XOR_CODE) $(srcsrc)/samhain_setpwd.c; \ + $(COMPILE) -o samhain_setpwd x_samhain_setpwd.c; \ + rm x_samhain_setpwd.c + +samhain_stealth: encode config_xor.h $(srcsrc)/samhain_stealth.c + @echo '$(COMPILE) -o samhain_stealth $(srcsrc)/samhain_stealth.c'; \ + ./encode $(XOR_CODE) $(srcsrc)/samhain_stealth.c; \ + $(COMPILE) -o samhain_stealth x_samhain_stealth.c; \ + rm x_samhain_stealth.c + +yulectl: encode config_xor.h $(srcsrc)/yulectl.c + @echo '$(COMPILE) -o yulectl $(srcsrc)/yulectl.c $(LIBS_SOCK)'; \ + ./encode $(XOR_CODE) $(srcsrc)/yulectl.c; \ + $(COMPILE) -o yulectl x_yulectl.c $(LIBS_SOCK); \ + rm x_yulectl.c + +$(SAMHAIN): internal.h $(OBJECTS) sh_tiger_i.o + @-rm -f $(SAMHAIN) + @echo "$(LINK) sh_tiger_i.o $(OBJECTS) $(LIBS_TRY)"; \ + $(LINK) sh_tiger_i.o $(OBJECTS) $(LIBS_TRY) + + +CUTEST_SOURCES = $(srcsrc)/cutest_sh_tools.c \ + $(srcsrc)/cutest_sh_utils.c \ + $(srcsrc)/cutest_sh_unix.c \ + $(srcsrc)/cutest_slib.c \ + $(srcsrc)/cutest_zAVLTree.c \ + $(srcsrc)/cutest_sh_hash.c \ + $(srcsrc)/cutest_sh_tiger0.c + +CUTEST_OBJECTS = cutest_sh_tools.o \ + cutest_sh_utils.o \ + cutest_sh_unix.o \ + cutest_slib.o \ + cutest_zAVLTree.o \ + cutest_sh_hash.o \ + cutest_sh_tiger0.o + +$(CUTEST_OBJECTS): $(CUTEST_SOURCES) config_xor.h internal.h + @echo "./encode $(XOR_CODE) $(srcsrc)/`echo $@ |sed 's%\.o$$%%'`.c --> x_`echo $@ |sed 's%\.o$$%%'`.c"; \ + ./encode $(XOR_CODE) $(srcsrc)/`echo $@ |sed 's%\.o$$%%'`.c; \ + echo "$(COMPILE) $(VFLAG) -o `echo $@ |sed 's%.*/%%'` -c x_`echo $@ |sed 's%\.o$$%%'`.c"; \ + $(COMPILE) $(VFLAG) -o `echo $@ |sed 's%.*/%%'` -c x_`echo $@ |sed 's%\.o$$%%'`.c; \ + rm x_`echo $@ |sed 's%\.o$$%%'`.c + + +cutest: $(SOURCES) $(CUTEST_SOURCES) + @$(MAKE) CUTEST='-DSH_CUTEST=1' intcutest + +intcutest: internal.h $(OBJECTS) $(CUTEST_OBJECTS) sh_tiger_i.o $(srcsrc)/make-tests.sh + cd $(srcsrc)/ && ./make-tests.sh >CuTestMain.c + @$(COMPILE) -o CuTestMain.o -c $(srcsrc)/CuTestMain.c; \ + $(COMPILE) -o CuTest.o -c $(srcsrc)/CuTest.c; \ + rm -f samhain.o; \ + ./encode $(XOR_CODE) $(srcsrc)/samhain.c; \ + $(COMPILE) $(VFLAG) -o samhain.o -c x_samhain.c; \ + rm x_samhain.c; \ + $(LINK) sh_tiger_i.o $(CUTEST_OBJECTS) CuTestMain.o CuTest.o $(OBJECTS) $(LIBS_TRY); \ + test -f ./intcutest && mv ./intcutest ./cutest; \ + ./cutest + +runcutest: + gdb ./cutest + +samhain_hide.o: $(srcsrc)/samhain_hide.c samhain_erase.o + gcc @lkm_inc@ -I. -Wall -O2 -c $(srcsrc)/samhain_hide.c + +samhain_erase.o: $(srcsrc)/samhain_erase.c + gcc @lkm_inc@ -I. -Wall -O2 -c $(srcsrc)/samhain_erase.c + +# -- NEW -- +samhain_hide.ko: $(srcsrc)/samhain_hide.c + @test -d m_comp || mkdir m_comp; \ + echo "KVERSION := \$$(shell uname -r)" > m_comp/Makefile;\ + echo "KSOURCE ?= /lib/modules/\$$(KVERSION)/build" >> m_comp/Makefile;\ + echo "obj-m := samhain_hide.o" >> m_comp/Makefile;\ + echo ".PHONY: modules install clean modules_add" >> m_comp/Makefile;\ + echo "install : modules_add" >> m_comp/Makefile;\ + echo "modules modules_install clean:" >> m_comp/Makefile;\ + echo "T\$$(MAKE) -C \$$(KSOURCE) \$$@ SUBDIRS=\$$(CURDIR) KBUILD_VERBOSE=2" | tr T '\t' >> m_comp/Makefile;\ + cp config.h m_comp/; \ + cp $(srcsrc)/samhain_hide.c m_comp/; \ + cd m_comp && $(MAKE) modules + @if test -f m_comp/samhain_hide.ko; then \ + cp -p m_comp/samhain_hide.ko samhain_hide.ko; \ + rm -rf m_comp/; \ + else \ + echo "Kernel module samhain_hide.ko not build"; \ + exit 1; \ + fi + +# -- NEW -- +lkm: @sh_lkm@ + + + +# For kernel syscall monitoring +kern_head: Makefile $(top_srcdir)/include/kern_head.h $(srcsrc)/kern_head.c + @echo "$(BUILD_CC) -I. -I./include -DSYSTEMMAP=\"@systemmap@\" -o kern_head $(srcsrc)/kern_head.c $(LIBS_KVM)"; \ + $(BUILD_CC) -I. -I./include -DSYSTEMMAP=\"@systemmap@\" -o kern_head $(srcsrc)/kern_head.c $(LIBS_KVM) + +sh_ks.h: kern_head + @sleep 1; \ + ./kern_head > sh_ks.h + +sh_ks_xor.h: encode sh_ks.h + @echo 'encode $(XOR_CODE) sh_ks.h'; \ + sleep 1; \ + ./encode $(XOR_CODE) sh_ks.h; \ + mv x_sh_ks.h sh_ks_xor.h + +# For bignum +internal.h: mkhdr + @sleep 1; \ + ./mkhdr + +bignum.o: internal.h + + +# If your compiler can't handle long identifiers (> 6 chars), move the `#' to +# the other line. + +mkhdr: $(srcsrc)/mkhdr.c config.h + @echo "$(BUILD_CC) -I. -o mkhdr $(srcsrc)/mkhdr.c"; \ + sleep 1; \ + $(BUILD_CC) -I. -o mkhdr $(srcsrc)/mkhdr.c + +# $(COMPILE) -DBIG_SHORT_NAMES -o mkhdr $(srcdir)/mkhdr.c + +#---------------------------------------------------------- +# +# EXE PACKER rules +# +#---------------------------------------------------------- + +minilzo.o: $(srcsrc)/minilzo.c $(srcinc)/lzoconf.h $(srcinc)/minilzo.h config.h + @echo "$(COMPILE) -DMINILZO_HAVE_CONFIG_H -o minilzo.o -c $(srcsrc)/minilzo.c"; \ + $(COMPILE) -DMINILZO_HAVE_CONFIG_H -o minilzo.o -c $(srcsrc)/minilzo.c + +exepack_mkdata: $(srcsrc)/exepack_mkdata.c $(srcinc)/lzoconf.h $(srcinc)/minilzo.h minilzo.o + @echo "$(COMPILE) -o exepack_mkdata.o -c $(srcsrc)/exepack_mkdata.c"; \ + $(COMPILE) -o exepack_mkdata.o -c $(srcsrc)/exepack_mkdata.c; \ + echo "$(LINK) exepack_mkdata.o minilzo.o"; \ + $(LINK) exepack_mkdata.o minilzo.o + +# +# prepare the data to be packed +# +exepack.data: $(SAMHAIN) exepack_mkdata sstrip + @echo "cp ./$(SAMHAIN) ./samhain.pk.data"; \ + cp ./$(SAMHAIN) ./samhain.pk.data; \ + echo "strip ./samhain.pk.data"; \ + strip ./samhain.pk.data > /dev/null 2>&1 || echo "... is already stripped"; \ + echo "./sstrip ./samhain.pk.data"; \ + ./sstrip ./samhain.pk.data > /dev/null 2>&1 || echo "sstrip returned false"; \ + echo "./exepack_mkdata ./samhain.pk.data ./exepack.data 0"; \ + ./exepack_mkdata ./samhain.pk.data ./exepack.data 0; \ + echo "rm -f ./samhain.pk.data"; \ + rm -f ./samhain.pk.data; + +exepack: $(srcsrc)/exepack.c minilzo.o exepack.data + @echo "$(COMPILE) -o exepack.o -c $(srcsrc)/exepack.c"; \ + $(COMPILE) -o exepack.o -c $(srcsrc)/exepack.c; \ + echo "$(LINK) exepack.o minilzo.o"; \ + $(LINK) exepack.o minilzo.o; + +# +# this program fills the data section with the binary +# +exepack_fill: $(srcsrc)/exepack_fill.c minilzo.o exepack + @echo "$(COMPILE) -o exepack_fill.o -c $(srcsrc)/exepack_fill.c"; \ + $(COMPILE) -o exepack_fill.o -c $(srcsrc)/exepack_fill.c; \ + echo "$(LINK) exepack_fill.o minilzo.o"; \ + $(LINK) exepack_fill.o minilzo.o + +samhain.pk: $(SAMHAIN) exepack exepack_fill sstrip + @echo "cp ./$(SAMHAIN) ./samhain.pk.data"; \ + cp ./$(SAMHAIN) ./samhain.pk.data; \ + echo "strip ./samhain.pk.data"; \ + strip ./samhain.pk.data > /dev/null 2>&1 || echo "... is already stripped"; \ + echo "./sstrip ./samhain.pk.data"; \ + ./sstrip ./samhain.pk.data > /dev/null 2>&1 || echo "sstrip returned false"; \ + test -f exepack.out && rm exepack.out; \ + echo "./exepack_fill exepack samhain.pk.data exepack.out"; \ + ./exepack_fill exepack samhain.pk.data exepack.out; \ + chmod +x exepack.out; \ + echo "strip exepack.out"; \ + strip exepack.out > /dev/null 2>&1 || echo "... is already stripped"; \ + ./sstrip exepack.out > /dev/null 2>&1 || echo "sstrip returned false"; \ + echo "mv exepack.out samhain.pk"; \ + rm -f samhain.pk; mv exepack.out samhain.pk + +samhain-packed: $(SAMHAIN) samhain_setpwd + @echo "samhain_setpwd samhain new $(CLIENTPASSWD)"; \ + samhain_setpwd samhain new $(CLIENTPASSWD); \ + echo "rm -f samhain; mv samhain.new samhain"; \ + rm -f samhain; mv samhain.new samhain; \ + $(MAKE) samhain.pk; \ + echo "rm -f samhain; mv samhain.pk samhain"; \ + rm -f samhain; mv samhain.pk samhain + +#---------------------------------------------------------- +# +# DEPLOY rules +# +#---------------------------------------------------------- + +uninstall-deploy: + rm -rf $(mydatadir)/profiles/source + rm -rf $(mydatadir)/profiles/archpkg + rm -rf $(mydatadir)/profiles/libexec + rm -rf $(mydatadir)/profiles/tmp + rm -rf $(mydatadir)/profiles/private + @if test -f $(sbindir)/deploy.sh; then \ + old_deploy=`grep 'VERSION2' $(sbindir)/deploy.sh >/dev/null 2>&1 || echo old`; \ + if test x"$$old_deploy" = xold; then \ + echo "rm -f $(sbindir)/deploy2.sh"; \ + rm -f $(sbindir)/deploy2.sh; \ + else \ + echo "rm -f $(sbindir)/deploy.sh"; \ + rm -f $(sbindir)/deploy.sh; \ + fi; \ + fi + +EXECFILES= comCHECKSRC comDOWNLOAD comBUILD comCLEAN comINSTALL \ + funcDIALOG funcEXE funcPRINT funcSETUP funcBUILD funcINSTALL \ + funcDB comUNINSTALL \ + preinstall postinstall initscript + +# $(mydatadir)/profiles/ +# | +# | +# |-- source -------------> (tarballs) +# | +# |-- configs ------------> (default configs) +# | +# |-- archpkg +# | | +# | |-- architecture -> (package, setup script) +# | +# |-- hosts +# | | +# | |-- hostname -----> (config) +# | +# |-- libexec ------------> (scripts) +# | +# |-- private ------------> (gpg key) +# | +# |-- tmp +# +install-deploy: deploy.sh samhain_stealth + @echo "Creating directory tree under $(mydatadir)/profiles/"; \ + $(mkinstalldirs) $(sbindir); \ + $(mkinstalldirs) $(mydatadir)/profiles/source; \ + $(mkinstalldirs) $(mydatadir)/profiles/configs; \ + $(mkinstalldirs) $(mydatadir)/profiles/archpkg/debian_i386; \ + $(mkinstalldirs) $(mydatadir)/profiles/archpkg/gentoo_i386; \ + $(mkinstalldirs) $(mydatadir)/profiles/archpkg/redhat_i386; \ + $(mkinstalldirs) $(mydatadir)/profiles/archpkg/linux_i386; \ + $(mkinstalldirs) $(mydatadir)/profiles/archpkg/freebsd_i386;\ + $(mkinstalldirs) $(mydatadir)/profiles/archpkg/solaris; \ + $(mkinstalldirs) $(mydatadir)/profiles/archpkg/aix; \ + $(mkinstalldirs) $(mydatadir)/profiles/hosts; \ + $(mkinstalldirs) $(mydatadir)/profiles/libexec; \ + $(mkinstalldirs) $(mydatadir)/profiles/private; \ + $(mkinstalldirs) $(mydatadir)/profiles/tmp; \ + if test -f $(srcdir)/../$(PACKAGE)-$(VERSION).tar.gz.asc; then \ + if test -f $(srcdir)/../$(PACKAGE)-$(VERSION).tar.gz; then \ + echo "Installing source tarball"; \ + $(INSTALL_DATA) $(srcdir)/../$(PACKAGE)-$(VERSION).tar.gz.asc \ + $(mydatadir)/profiles/source/$(PACKAGE)-$(VERSION).tar.gz.asc; \ + $(INSTALL_DATA) $(srcdir)/../$(PACKAGE)-$(VERSION).tar.gz \ + $(mydatadir)/profiles/source/$(PACKAGE)-$(VERSION).tar.gz; \ + fi; \ + fi; \ + echo "Installing default configs"; \ + test -f $(mydatadir)/profiles/configs/freebsd_i386.samhainrc || \ + $(INSTALL_DATA) $(srcdir)/samhainrc.freebsd \ + $(mydatadir)/profiles/configs/freebsd_i386.samhainrc; \ + test -f $(mydatadir)/profiles/configs/debian_i386.samhainrc || \ + $(INSTALL_DATA) $(srcdir)/samhainrc.linux \ + $(mydatadir)/profiles/configs/debian_i386.samhainrc; \ + test -f $(mydatadir)/profiles/configs/gentoo_i386.samhainrc || \ + $(INSTALL_DATA) $(srcdir)/samhainrc.linux \ + $(mydatadir)/profiles/configs/gentoo_i386.samhainrc; \ + test -f $(mydatadir)/profiles/configs/redhat_i386.samhainrc || \ + $(INSTALL_DATA) $(srcdir)/samhainrc.linux \ + $(mydatadir)/profiles/configs/redhat_i386.samhainrc; \ + test -f $(mydatadir)/profiles/configs/linux_i386.samhainrc || \ + $(INSTALL_DATA) $(srcdir)/samhainrc.linux \ + $(mydatadir)/profiles/configs/linux_i386.samhainrc; \ + test -f $(mydatadir)/profiles/configs/solaris.samhainrc || \ + $(INSTALL_DATA) $(srcdir)/samhainrc.solaris \ + $(mydatadir)/profiles/configs/solaris.samhainrc; \ + test -f $(mydatadir)/profiles/configs/aix.samhainrc || \ + $(INSTALL_DATA) $(srcdir)/samhainrc.aix5.2.0 \ + $(mydatadir)/profiles/configs/aix.samhainrc; \ + if test -f $(mydatadir)/profiles/configs/generic.configure; then \ + :; \ + else \ + SH_FQDN_SYSTEM=`uname -n`; \ + SH_FQDN_DOMAIN=`grep -i domain /etc/resolv.conf |grep -v "\#" |awk '{print $$2}' |head -1`; \ + if test -n "$${SH_FQDN_SYSTEM}" -a -n "$${SH_FQDN_DOMAIN}"; then \ + sh_thishost="$${SH_FQDN_SYSTEM}.$${SH_FQDN_DOMAIN}"; \ + else \ + sh_thishost="FQDN_MISSING"; \ + fi; \ + outfile=$(mydatadir)/profiles/configs/generic.configure; \ + echo "'--enable-network=client'" > $$outfile; \ + echo "'--with-logserver=$${sh_thishost}'" >> $$outfile; \ + echo "'--with-data-file=REQ_FROM_SERVER/var/lib/samhain/samhain_file'" >> $$outfile; \ + echo "'--with-config-file=REQ_FROM_SERVER/etc/samhainrc'" >> $$outfile; \ + echo "'--enable-base=@mykeybase@'" >> $$outfile; \ + fi; \ + $(INSTALL_SHELL) $(srcdir)/mkinstalldirs \ + $(mydatadir)/profiles/libexec; \ + $(INSTALL_SHELL) $(srcdir)/install-sh \ + $(mydatadir)/profiles/libexec; \ + for ff in $(EXECFILES); do \ + test -f $(srcdir)/dsys/$$ff && $(INSTALL_SHELL) $(srcdir)/dsys/$$ff \ + $(mydatadir)/profiles/libexec; \ + done; \ + $(INSTALL_SHELL) samhain_stealth $(mydatadir)/profiles/libexec; \ + test -f $(srcdir)/dsys/0F571F6C.asc && $(INSTALL_DATA) $(srcdir)/dsys/0F571F6C.asc \ + $(mydatadir)/profiles/private; \ + convert +compress $(srcdir)/stealth_template.jpg stealth_template.ps >/dev/null || \ + { echo "*"; echo "* 'convert' not found or not working, not installing"; echo "* $(mydatadir)/profiles/private/stealth_template.ps"; echo "* (only required for installing packages built with --enable-stealth)"; echo "*"; }; \ + if test -f stealth_template.ps; then \ + if test -f $(mydatadir)/profiles/private/stealth_template.ps; then \ + :; \ + else \ + $(INSTALL_DATA) stealth_template.ps $(mydatadir)/profiles/private; \ + fi; \ + fi; \ + if test -f $(sbindir)/deploy.sh; then \ + old_deploy=`grep 'VERSION2' $(sbindir)/deploy.sh >/dev/null 2>&1 || echo old`; \ + if test x"$$old_deploy" = xold; then \ + echo "*"; echo "* Version 1 of deploy.sh found"; echo "*"; \ + echo "* Installing $(sbindir)/deploy2.sh"; echo "*"; \ + $(INSTALL_SHELL) deploy.sh $(sbindir)/deploy2.sh; \ + else \ + echo "Installing $(sbindir)/deploy.sh"; \ + $(INSTALL_SHELL) deploy.sh $(sbindir)/deploy.sh; \ + fi; \ + else \ + echo "Installing $(sbindir)/deploy.sh"; \ + $(INSTALL_SHELL) deploy.sh $(sbindir)/deploy.sh; \ + fi + + +#---------------------------------------------------------- +# +# DISTRIBUTION rules +# +#---------------------------------------------------------- + +distdir = $(PACKAGE)-$(VERSION) +top_distdir = $(distdir) + +# This target untars the dist file and tries a VPATH configuration. Then +# it guarantees that the distribution is self-contained by making another +# tarfile. + +# +# 1) make distribution tarfile +# 2) unpack the tarfile into distdir +# 3) create build and install directories +# 4) do the build in the build dir, with sources from distdir +# 5) check (there are no subdirs, thus does nothing) +# 6) install +# 7) installcheck (equal to check, does nothing) +# +distcheck: dist + -rm -rf $(distdir) + GZIP=$(GZIP) $(TAR) zxf $(distdir).tar.gz + mkdir $(distdir)/=build + mkdir $(distdir)/=inst + dc_install_base=`cd $(distdir)/=inst && pwd`; \ + cd $(distdir)/=build \ + && ../configure --srcdir=.. --prefix=$$dc_install_base \ + && $(MAKE) \ + && $(MAKE) install + -rm -rf $(distdir) + -rm -f $(distdir).tar.gz.asc + @gpg -a --detach-sign $(distdir).tar.gz; \ + $(TAR) chof $(distdir).tar $(distdir).tar.gz $(distdir).tar.gz.asc; \ + rm -f $(distdir).tar.gz; \ + rm -f $(distdir).tar.gz.asc; \ + gzip --best $(distdir).tar + mv $(distdir).tar.gz $(PACKAGE)_signed-$(VERSION).tar.gz + @echo "========================"; \ + echo "$(PACKAGE)_signed-$(VERSION).tar.gz is ready for distribution"; \ + echo "========================" + +# +# create a tarfile for the distibution +# +distrpm: distdirrpm + -chmod -R a+r $(distdir) + -rm -rf $(distdir).tar.gz + -rm -rf $(distdir).tar + $(TAR) chof $(distdir).tar $(distdir) + gzip -c --best $(distdir).tar > $(distdir).tar.gz + -rm -rf $(distdir) + +dist: distdir + -chmod -R a+r $(distdir) + -rm -rf $(distdir).tar.gz + -rm -rf $(distdir).tar + $(TAR) chof $(distdir).tar $(distdir) + gzip -c --best $(distdir).tar > $(distdir).tar.gz + -rm -rf $(distdir) + +# +# create a tarfile for the distibution +# +dist-sign: distdir + -rm -f $(distdir)/scripts/samhain.ebuild + -rm -f $(distdir)/scripts/samhain.ebuild-light + -chmod -R a+r $(distdir) + -rm -rf $(distdir).tar.gz + -rm -rf $(distdir).tar + $(TAR) chof $(distdir).tar $(distdir) + gzip --best $(distdir).tar + -rm -rf $(distdir) + -rm -f $(distdir).tar.gz.asc + gpg -a --detach-sign $(distdir).tar.gz + $(TAR) chof $(distdir).tar $(distdir).tar.gz $(distdir).tar.gz.asc + -rm -f $(distdir).tar.gz + -rm -f $(distdir).tar.gz.asc + gzip --best $(distdir).tar + mv $(distdir).tar.gz $(PACKAGE)_signed-$(VERSION).tar.gz + + +# +# same as dist +# +dist-all: distdir + -chmod -R a+r $(distdir) + GZIP=$(GZIP) $(TAR) chozf $(distdir).tar.gz $(distdir) + -rm -rf $(distdir) + +# +# create distribution directory and copy files into it +# +INITFILES=samhain.startIRIX samhain.startFreeBSD samhain.startSolaris \ +samhain.startLSB samhain.startGentoo samhain.startLinux samhain.startHPUX \ +samhain.startIRIX samhain.startMACOSX + +SCRIPTFILES=redhat_i386.client.spec check_samhain.pl samhainadmin.pl + +distdir: distfilecheck + -rm -f $(top_srcdir)/init/*~ + -rm -f $(top_srcdir)/dsys/*~ + -rm -f $(top_srcdir)/docs/*~ + -rm -f $(top_srcdir)/include/*~ + -rm -f $(top_srcdir)/src/*~ + -rm -f $(top_srcdir)/test/*~ + -rm -f $(top_srcdir)/scripts/*~ + (cd $(top_srcdir)/init && rm -f $(INITFILES)) + (cd $(top_srcdir)/scripts && rm -f $(SCRIPTFILES)) + -rm -rf $(distdir) + mkdir $(distdir) + -chmod 777 $(distdir) + @for file in $(DISTFILES); do \ + d=$(top_srcdir); \ + if test -f $$d/$$file || test -d $$d/$$file; then \ + cp -pr $$d/$$file $(distdir)/$$file; \ + fi; \ + done; \ + cp scripts/samhain.spec $(distdir)/samhain.spec; \ + rm -f $(distdir)/scripts/*.spec + +# +# as distdir, but don't copy spec file from scripts +# +distdirrpm: distfilecheck + -rm -rf $(distdir) + mkdir $(distdir) + -chmod 777 $(distdir) + @if test -f ./samhain.spec; then \ + :; \ + else \ + echo "Error: ./samhain.spec not found, please run configure"; \ + exit 1; \ + fi + @cp -p samhain.spec $(distdir)/samhain.spec; \ + for file in $(DISTFILES); do \ + d=$(top_srcdir); \ + if test -f $$d/$$file || test -d $$d/$$file; then \ + if test x"$$file" = "xsamhain.spec"; then \ + :; \ + else \ + cp -pr $$d/$$file $(distdir)/$$file; \ + fi; \ + fi; \ + done; \ + rm -f $(distdir)/scripts/*.spec + + +distfilecheck: $(top_srcdir)/config.h.in $(top_srcdir)/depend.sum + @for file in $(DISTFILES); do \ + d=$(top_srcdir); \ + if test -f $$d/$$file || test -d $$d/$$file; then \ + : \ + else \ + echo "File not found: $$d/$$file"; \ + fi; \ + done + @for file in $(SOURCES); do \ + if test -f $$file; then \ + : \ + else \ + echo "File not found: $$file"; \ + fi; \ + done + + +# DO NOT DELETE THIS LINE + + +samhain.o: $(srcsrc)/samhain.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_files.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_getopt.h $(srcinc)/sh_readconf.h $(srcinc)/sh_hash.h $(srcinc)/sh_mail.h $(srcinc)/sh_tiger.h $(srcinc)/sh_gpg.h $(srcinc)/sh_mem.h $(srcinc)/sh_forward.h $(srcinc)/sh_tools.h $(srcinc)/sh_hash.h $(srcinc)/sh_extern.h $(srcinc)/sh_modules.h $(srcinc)/sh_ignore.h $(srcinc)/sh_prelink.h sh_MK.h $(srcinc)/sh_schedule.h +sh_unix.o: $(srcsrc)/sh_unix.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_hash.h $(srcinc)/sh_tools.h $(srcinc)/sh_tiger.h $(srcinc)/sh_prelink.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_prelude.h $(srcinc)/sh_ignore.h +sh_utils.o: $(srcsrc)/sh_utils.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_entropy.h $(srcinc)/sh_pthread.h +sh_error.o: $(srcsrc)/sh_error.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_database.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mail.h $(srcinc)/sh_forward.h $(srcinc)/sh_prelude.h $(srcinc)/sh_pthread.h $(srcinc)/sh_tools.h $(srcinc)/sh_extern.h +sh_files.o: $(srcsrc)/sh_files.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_tiger.h $(srcinc)/sh_hash.h $(srcinc)/sh_ignore.h $(srcinc)/zAVLTree.h +sh_getopt.o: $(srcsrc)/sh_getopt.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_getopt.h $(srcinc)/sh_files.h $(srcinc)/sh_utils.h $(srcinc)/sh_mail.h $(srcinc)/sh_forward.h $(srcinc)/sh_hash.h $(srcinc)/sh_extern.h +sh_readconf.o: $(srcsrc)/sh_readconf.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_database.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_files.h $(srcinc)/sh_mail.h $(srcinc)/sh_calls.h $(srcinc)/sh_tiger.h $(srcinc)/sh_forward.h $(srcinc)/sh_modules.h $(srcinc)/sh_gpg.h $(srcinc)/sh_hash.h $(srcinc)/sh_ignore.h $(srcinc)/sh_prelink.h $(srcinc)/sh_extern.h $(srcinc)/sh_database.h $(srcinc)/sh_prelude.h +sh_tiger0.o: $(srcsrc)/sh_tiger0.c Makefile config_xor.h $(srcinc)/sh_tiger.h $(srcinc)/sh_unix.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_pthread.h $(srcinc)/sh_string.h +sh_tiger1.o: $(srcsrc)/sh_tiger1.c Makefile config_xor.h +sh_tiger2.o: $(srcsrc)/sh_tiger2.c Makefile config_xor.h +sh_tiger1_64.o: $(srcsrc)/sh_tiger1_64.c Makefile config_xor.h +sh_tiger2_64.o: $(srcsrc)/sh_tiger2_64.c Makefile config_xor.h +sh_hash.o: $(srcsrc)/sh_hash.c Makefile config_xor.h $(srcinc)/sh_hash.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_gpg.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_ignore.h $(srcinc)/sh_pthread.h $(srcinc)/sh_forward.h $(srcinc)/sh_hash.h +sh_mail.o: $(srcsrc)/sh_mail.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mail.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_tools.h +sh_mem.o: $(srcsrc)/sh_mem.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_pthread.h +sh_entropy.o: $(srcsrc)/sh_entropy.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/CuTest.h +sh_forward.o: $(srcsrc)/sh_forward.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_forward.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_mail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h $(srcinc)/sh_readconf.h $(srcinc)/zAVLTree.h $(srcinc)/sh_extern.h +sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_kern.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_portcheck.h $(srcinc)/sh_logmon.h +sh_utmp.o: $(srcsrc)/sh_utmp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_utmp.h $(srcinc)/sh_pthread.h +sh_kern.o: $(srcsrc)/sh_kern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_kern.h sh_ks_xor.h $(srcinc)/sh_unix.h $(srcinc)/sh_hash.h +sh_suidchk.o: $(srcsrc)/sh_suidchk.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_hash.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_schedule.h $(srcinc)/sh_calls.h +sh_srp.o: $(srcsrc)/sh_srp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/sh_srp.h $(srcinc)/bignum.h +sh_fifo.o: $(srcsrc)/sh_fifo.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_unix.h +sh_tools.o: $(srcsrc)/sh_tools.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_error.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/rijndael-api-fst.h $(srcinc)/rijndael-api-fst.h +sh_html.o: $(srcsrc)/sh_html.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_forward.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_html.h $(srcinc)/zAVLTree.h +sh_gpg.o: $(srcsrc)/sh_gpg.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h +sh_cat.o: $(srcsrc)/sh_cat.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_cat.h +sh_calls.o: $(srcsrc)/sh_calls.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_calls.h +sh_extern.o: $(srcsrc)/sh_extern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_extern.h $(srcinc)/sh_calls.h $(srcinc)/sh_static.h +sh_database.o: $(srcsrc)/sh_database.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h +sh_err_log.o: $(srcsrc)/sh_err_log.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_tiger.h +sh_err_console.o: $(srcsrc)/sh_err_console.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h +sh_err_syslog.o: $(srcsrc)/sh_err_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h +sh_schedule.o: $(srcsrc)/sh_schedule.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_schedule.h +bignum.o: $(srcsrc)/bignum.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/bignum.h +mkhdr.o: $(srcsrc)/mkhdr.c Makefile config.h +samhain_setpwd.o: $(srcsrc)/samhain_setpwd.c Makefile config_xor.h +samhain_stealth.o: $(srcsrc)/samhain_stealth.c Makefile config_xor.h +encode.o: $(srcsrc)/encode.c Makefile +sstrip.o: $(srcsrc)/sstrip.c Makefile config.h +trustfile.o: $(srcsrc)/trustfile.c Makefile config_xor.h $(srcinc)/sh_calls.h $(srcinc)/slib.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h +exepack.o: $(srcsrc)/exepack.c Makefile config.h $(srcinc)/minilzo.h $(srcinc)/exepack.data +exepack_fill.o: $(srcsrc)/exepack_fill.c Makefile config.h config.h $(srcinc)/minilzo.h +exepack_mkdata.o: $(srcsrc)/exepack_mkdata.c Makefile config.h $(srcinc)/minilzo.h +minilzo.o: $(srcsrc)/minilzo.c Makefile $(srcinc)/minilzo.h +slib.o: $(srcsrc)/slib.c Makefile config_xor.h $(srcinc)/slib.h $(srcinc)/sh_calls.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/sh_string.h $(srcinc)/sh_mem.h +rijndael-alg-fst.o: $(srcsrc)/rijndael-alg-fst.c Makefile config_xor.h $(srcinc)/rijndael-alg-fst.h $(srcinc)/rijndael-boxes-fst.h +rijndael-api-fst.o: $(srcsrc)/rijndael-api-fst.c Makefile config_xor.h $(srcinc)/rijndael-alg-fst.h $(srcinc)/rijndael-api-fst.h +zAVLTree.o: $(srcsrc)/zAVLTree.c Makefile $(srcinc)/zAVLTree.h +sh_socket.o: $(srcsrc)/sh_socket.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_socket.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_calls.h $(srcinc)/sh_utils.h $(srcinc)/zAVLTree.h $(srcinc)/sh_html.h $(srcinc)/sh_tools.h +sh_ignore.o: $(srcsrc)/sh_ignore.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_error.h +yulectl.o: $(srcsrc)/yulectl.c Makefile config_xor.h +sh_mounts.o: $(srcsrc)/sh_mounts.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_mounts.h +sh_userfiles.o: $(srcsrc)/sh_userfiles.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_modules.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_utils.h $(srcinc)/sh_schedule.h $(srcinc)/sh_error.h $(srcinc)/sh_hash.h $(srcinc)/sh_files.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h +sh_prelude.o: $(srcsrc)/sh_prelude.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_error_min.h $(srcinc)/sh_prelude.h $(srcinc)/sh_static.h +kern_head.o: $(srcsrc)/kern_head.c Makefile config.h $(srcinc)/kern_head.h $(srcinc)/kern_head.h +sh_prelink.o: $(srcsrc)/sh_prelink.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_extern.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h +sh_static.o: $(srcsrc)/sh_static.c Makefile config_xor.h $(srcinc)/sh_pthread.h +sh_async.o: $(srcsrc)/sh_async.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_calls.h $(srcinc)/sh_error.h +sh_processcheck.o: $(srcsrc)/sh_processcheck.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_modules.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_extern.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/CuTest.h +sh_portcheck.o: $(srcsrc)/sh_portcheck.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_mem.h $(srcinc)/sh_calls.h $(srcinc)/sh_utils.h $(srcinc)/sh_modules.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/CuTest.h +sh_pthread.o: $(srcsrc)/sh_pthread.c Makefile config_xor.h $(srcinc)/sh_pthread.h $(srcinc)/sh_calls.h $(srcinc)/sh_modules.h +sh_string.o: $(srcsrc)/sh_string.c Makefile config_xor.h $(srcinc)/sh_string.h $(srcinc)/sh_mem.h $(srcinc)/CuTest.h +dnmalloc.o: $(srcsrc)/dnmalloc.c Makefile config.h +t-test1.o: $(srcsrc)/t-test1.c Makefile config.h $(srcinc)/malloc.h +sh_port2proc.o: $(srcsrc)/sh_port2proc.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error_min.h $(srcinc)/sh_utils.h $(srcinc)/sh_pthread.h +sh_log_parse_syslog.o: $(srcsrc)/sh_log_parse_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h +sh_log_parse_pacct.o: $(srcsrc)/sh_log_parse_pacct.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h +sh_log_parse_apache.o: $(srcsrc)/sh_log_parse_apache.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h +sh_log_evalrule.o: $(srcsrc)/sh_log_evalrule.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/zAVLTree.h +sh_log_check.o: $(srcsrc)/sh_log_check.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/sh_modules.h +sh_log_parse_samba.o: $(srcsrc)/sh_log_parse_samba.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_string.h Index: /tags/2.5.0/README =================================================================== --- /tags/2.5.0/README (revision 189) +++ /tags/2.5.0/README (revision 189) @@ -0,0 +1,497 @@ + +CONTENT OF THIS DOCUMENT +------------------------ + + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +++ +++ + +++ NOTE: The distribution package contains a much more detailed MANUAL +++ + +++ +++ + +++ ---- See the docs/ subdirectory ---- +++ + +++ +++ + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + - INSTALL basic install procedure + + - PGP SIGNATURES signing database and config file + + - CLIENT/SERVER how to install and use with client/server mode + for distributed host monitoring + + - STEALTH how to install and use with stealth mode enabled + + - USAGE some usage examples + + - CAVEATS what the name says + + - START AT BOOT TIME how to start the daemon during the boot sequence + + - CONFIGURE OPTIONS overview of supported options, and defaults + + - TESTING test suite (also useful to see EXAMPLES) + + + + +INSTALL: +------- + + Unpack the source with: + + gunzip -c samhain-current.tar.gz | tar xvf - + + This will drop two files in your current directory: + + samhain-{version}.tar.gz + samhain-{version}.tar.gz.asc + + To check authenticity and integrity of the source code, verify + the PGP signature on samhain-{version}.tar.gz + (public PGP key for Rainer Wichmann at http://wwwkeys.pgp.net/): + + gpg --verify samhain-{version}.tar.gz.asc samhain-{version}.tar.gz + + Then unpack samhain-{version}.tar.gz: + + gunzip -c samhain-{version}.tar.gz | tar xvf - + cd samhain-{version} + + If you have an incarnation of 'dialog' (xdialog, dialog, lxdialog) + installed, you can use the GUI install tool: + + ./Install.sh + + Otherwise use the commands: + + ./configure [options] + make + su root + make install + + At least the following executable will be built: + + +++ samhain +++ the monitoring agent, without any + client/server support (i.e. local use only) + + Additional executables will be built if you compile in client/server + and/or stealth mode (see below). + + The 'make install' target will strip the executable(s), i.e. + discard symbols. + + PATHS: + ----- + For configuring the install paths/locations, + see the MANUAL. + + + WARNING: + ------- + Some versions of gcc have a bug that generates incorrect + code if strength reducing is enabled. + If you modify the compiler flags, always use the -fno-strength-reduce + option with gcc, unless you are sure that your compiler does not + suffer from the problem (see README.gcc_bug). + Also, some gcc versions generate incorrect code unless the + -fno-omit-frame-pointer option is used. + The -fno-strength-reduce and the -fno-omit-frame-pointer options are + enabled by default by the 'configure' script. + +PGP SIGNATURES: +-------------- + By default, samhain will report on the checksums of the database + and configuration files on startup. + + You can always (clear)sign the database (once initialized) + with GnuPG, as well as the configuration file + (recommended: gpg -a --clearsign --not-dash-escaped FILE). + + However, to have samhain check these signatures, rather than ignoring + them, you need GnuPG and you must compile samhain with the option + + ./configure --with-gpg=PATH + + where PATH is the path to the gpg/pgp binary. + + Samhain will invoke gpg only after checking that + only trusted users (by default: root and the effective user) + have write access to any element in the path. + + The public key for verification must be in the keyring of the + effective user (usually root) + + For more security, it is possible to compile in the checksum + of the GnuPG executable, and/or the key fingerprint. See + the MANUAL for more details. + + The public key will be searched in the gpg home directory + (~/.gnupg/) of the effective user (usually root). + The key identification and fingerprint will be reported. + +CLIENT/SERVER: +------------- + + samhain supports logging to a central server via TCP/IP. + To enable this option, use the ./configure option + + ./configure --enable-network=client|server [more options] + + NOTE: client and server are __distict__ applications, and must be + built seperately. By default, installation names and paths are + different. Do not blame us if you abuse './configure' options to + cause name clashes, if you install both on the same host. + + The following executables are built: + + +++ samhain (client) +++ the monitoring agent, + with client code included + if --enable-network=client + + +++ yule (server) +++ the log server (no monitoring, just report + collecting !!!) + if --enable-network=server + + +++ samhain_setpwd +++ a utility program to set the password of + a monitoring agent (see man page samhain.8). + Use it without options to get help. + + + To set up a monitoring agent, do the following: + + -- select a (16-digit hexadecimal) password. To generate + a random password, you can use: + + ./yule -G + + -- use 'samhain_setpwd samhain ' + to generate an agent 'samhain.suffix' with the selected password + (you can rename the agent afterwards, of course) + + -- use 'yule -P password' to compute an entry to register the agent + + -- in the servers's configuration file, insert the computed entry + (replace HOSTNAME with the host, on which the agent will run) + in the section called [Clients] + + By default, client/server authentication + is done with the SRP (Secure Remote Password) protocol. + + It is also possible to store configuration and database files + on the server. See the manual for details. + +STEALTH: +------- + + samhain supports a 'stealth' mode of operation, meaning that + the program can be run without any obvious trace of its presence + on disk. The supplied facilities are more sophisticated than + just running the program under a different name, + and might thwart efforts using 'standard' Unix commands, + but they will not resist a search using dedicated utilities. + To enable this mode, use the ./configure option + + ./configure --enable-stealth=XOR_VAL [more options] + + XOR_VAL must be a decimal number in the range 0, 128..255 + (using 0 will have no effect). + + The runtime executable will contain no printable strings revealing + its nature or purpose (strings are xor'ed with XOR_VAL at compile + time, and decoded at runtime). + + The configuration file is expected to be + a postscript file with _uncompressed_ image data, wherein + the configuration data are hidden by steganography. + To create a suitable image file from an existing image, + you may use e.g. the ImageMagick program 'convert', such as: + + convert +compress ima.jpg ima.ps + + The following additional executable will be built: + + +++ samhain_stealth +++ steganography utility program to hide/extract + the configuration file data in/from a + postscript file with + _uncompressed_ image data. + Use it without options to get help. + + Database and log file entries are xor'ed with XOR_VAL to 'mask' + printable strings as binary data. No steganography is supported + for them, as this would require image files of unreasonable large + size. + However, if the database/log file is an existing image (say, a .jpg + file), the data will be appended to the end of the image data. + The image will display normally, and on examination of the file, + the add-on data will look like binary (image) data at first sight. + The built-in utility to verify and print log file entries + will handle this situation transparently. + + To re-name samhain to something unsuspicious, use the configure option + + ./configure --enable-install-name=NAME + + 'make install' will then re-name samhain upon installation. Also, + database, log file, and pid file will have 'samhain' replaced by + NAME. + + +USAGE EXAMPLES: +-------------- + + Review the default configuration file that comes with the + source distribution. Read the man page (samhain.8). + + initialize database: samhain -t init + + check files: samhain -t check + + run as daemon: samhain -t check -D + + report to log server: samhain -t check -D -e warn + + start the log server: yule -S + + +CAVEATS: +------- + Permissions: + ----------- + samhain needs root permissions to check some system files. + The log server does not require root permissions, unless + you use a privileged port (port number below 1024). + If you use --enable-udp to listen on the syslog socket, you need + to start the log server with root permissions (it will drop them + after binding to the port). + + Trust: + ----- + samhain checks the path to critical files (database, configuration) + for write access by untrusted users. By default, only root and + the effective user are trusted. More UIDs can be added as a + compile options (some systems habe 'bin' as owner of the root + directory). + + Integrity: + --------- + On startup, samhain will report on signatures or checksums of + database and configuration files. You better check these reports. + + Both startup and exit will be reported. If you are using samhain + as daemon and start it at boot time, you may want to check that + startup/exit corresponds with scheduled reboots. + + If the path to the samhain binary is defined in the configuration + file, samhain will checksum the binary at startup and compare + at program termination. This will minimize the time available + for an intruder to modify the binary. + + Mail address: + ------------ + For offsite mail, you may have to set a mail relay host + in the configuration file. + +START AT BOOT TIME: +------------------ + the easy way (supported on Linux, FreeBSD, HP-UX, AIX): + + su root + make install-boot + + + +CONFIGURE OPTIONS: +----------------- + + ------------------- + -- basic options -- + ------------------- + + --enable-network Compile with client/server support. + + --enable-udp Enable the server to listen on + port 514/udp (syslog). + + --enable-srp Use SRP protocol to authenticate to + log server. + + --with-gpg=PATH Use GnuPG to verify database/config. + The public key of the effective + user (in ~/.gnupg/pubring.gpg) + will be used. + + --enable-login-watch Watch for login/logout events. + + --enable-stealth=XOR_VAL Enable stealth mode, and set XOR_VAL. + XOR_VAL must be decimal in + 0..32 or 127..255 + and will be used to 'mask' literal + strings as binary data. + (0 has no effect). + + --enable-micro-stealth=XOR_VAL + As --with-stealth, but without + steganographic hidden configuration + file. + + --enable-nocl=PW Enable command line parsing ONLY if + PW is the first argument on the command + line. If PW is "" (empty string), + command line parsing is completely + disabled. + + --enable-base=BASE Set base for one-time pads. Must be + ONE string (no space) made of TWO + comma-separated integers in the range + -2147483648...2147483647. + (The default is compile time.) + Binaries compiled with different + values cannot verify the audit trail(s) + of each other. + THIS IS IMPORTANT IF YOU COMPILE + MULTIPLE TIMES, E.G. ON DIFFERENT + HOSTS. + + + ------------------- + -- paths -- + ------------------- + + ${install_name} is "samhain" by default + (see --with-install-name=NAME ) + + configuration: /etc/${install_name}rc + state data: /var/lib/${install_name} + log file: /var/log/${install_name}_log + lock/pid file: /var/run/${install_name}.pid + + mandir: /usr/local/man + bindir: /usr/local/sbin/ + + + --exec-prefix=EPREFIX Set sbindir prefix (default + is /usr/local, ie. binaries + go to /usr/local/sbin) + + --prefix=PREFIX install directory + (default is NONE) + + IF PREFIX = USR; then + + configuration: /etc/${install_name}rc + state data: /var/lib/${install_name} + log file: /var/log/${install_name}_log + lock/pid file: /var/run/${install_name}.pid + + mandir: /usr/share/man + bindir: /usr/sbin/ + + IF PREFIX = OPT; then + + configuration: /etc/opt/${install_name}rc + state data: /var/opt/${install_name}/${install_name} + log file: /var/opt/${install_name}/${install_name}_log + lock/pid file: /var/opt/${install_name}/${install_name}.pid + + mandir: /opt/${install_name}/man + bindir: /opt/${install_name}/bin/ + + IF PREFIX = (something else); then + + If EPREFIX is not set, it will be set to PREFIX. + configuration: PREFIX/etc/${install_name}rc + state data: PREFIX/var/lib/${install_name} + log file: PREFIX/var/log/${install_name}_log + lock/pid file: PREFIX/var/run/${install_name}.pid + + mandir: PREFIX/share/man + bindir: PREFIX/sbin/ + + + + --with-config-file=FILE Set path of configuration file + (default is PREFIX/etc/samhainrc) + + --with-data-file=FILE Set path of data file + (PREFIX/var/lib/samhain/samhain_file) + --with-html-file=FILE Set path of server status html file + (PREFIX/var/lib/samhain/samhain.html) + + --with-log-file=FILE Set path of log file + (PREFIX/var/log/samhain_log) + --with-pid-file=FILE Set path of lock file + (PREFIX/var/run/samhain.pid) + + ------------------- + -- other -- + ------------------- + + + --with-checksum=CHECKSUM Compile in TIGER checksum of the + gpg/pgp binary. + CHECKSUM must be the full + line output by samhain or GnuPG when + computing the checksum. + + --with-fp=FINGERPRINT Compile in public key fingerprint. + FINGERPRINT must be without spaces. + Only useful in combination with + '--with-gpg'. + If used, samhain will check the + fingerprint, but still report on the + used public key. + + --enable-identity=USER Set user when dropping root privileges + (default is the user "nobody"). + Only needed if there is no user + 'nobody' on your system + (check /etc/passwd) + + --with-port=PORT Set port number for TCP/IP + (default is 49777). + Only needed if this port is already + used by some other application. + + --with-logserver=HOST Set host address for log server + (default is NULL). + You can set this in the configuration + file as well. + + --with-timeserver=HOST Set host address for time server + (default is NULL - use own clock). + You can set this in the configuration + file as well. + + --with-sender=SENDER Set sender for e-mail + (default is daemon). + + --enable-xml-log Use XML format for log file. + + --enable-debug Enable extended debugging + + --enable-ptrace Use anti-debugging code. + + --with-trusted=UID Comma-separated list of UID's of + users that are always trusted + (default is 0 = root). + You will need this only if the + path to the config file has directories + owned neither by 'root' nor by the + (effective) user of the program. + + +TESTING: +------- + For testing compilation etc., you may use the test suite: + + ./test/test.sh n [hostname] + + The argument 'n' is the number of the test to run. Some tests require + that the (fully qualified) hostname be given as second argument. + + Without options, you will get a short help/usage message, listing + each test, its purpose, and the name of the configuration file used. + You may want to review the respective configuration file before + running a test. + + Also listed are the scripts used for each test. If you have problems + getting samhain to run, you may use these scripts as examples. + Index: /tags/2.5.0/acconfig.h =================================================================== --- /tags/2.5.0/acconfig.h (revision 189) +++ /tags/2.5.0/acconfig.h (revision 189) @@ -0,0 +1,436 @@ + +#ifndef CONFIG_H +#define CONFIG_H + + +@TOP@ + +/* ---- compile options ------------ */ + +/* Define if you want database support */ +#undef WITH_DATABASE + +/* Define if the database is unixODBC */ +#undef WITH_ODBC + +/* Define if the database is oracle */ +#undef WITH_ORACLE + +/* Define if the database is mysql */ +#undef WITH_MYSQL + +/* Define if the database is postgresql */ +#undef WITH_POSTGRES + +/* Define if the server may listen on 514/udp */ +#undef INET_SYSLOG + +/* Define if you want logfile in XML format */ +#undef SH_USE_XML + +/* Define if you want external programs. */ +#undef WITH_EXTERNAL + +/* Define if you want to reload the database */ +/* on SIGHUP. */ +#undef RELOAD_DATABASE + +/* Define if you want SysV message queue. */ +#undef WITH_MESSAGE_QUEUE + +/* Define the mode of the message queue. */ +#undef MESSAGE_QUEUE_MODE + +/* Define which users are always trusted. */ +/* default = 0 ( = root) */ +#undef SL_ALWAYS_TRUSTED + +/* Define if you want network time. */ +/* default = no */ +#undef HAVE_NTIME + +/* The time server host address. */ +/* default = "NULL" */ +#undef DEFAULT_TIMESERVER +#undef ALT_TIMESERVER + +/* Define if you want to use the mail code. */ +/* default = yes */ +#undef SH_WITH_MAIL + +/* Define if you want client/server encryption*/ +#undef SH_ENCRYPT + +/* Define if you want version 2 encryption */ +#undef SH_ENCRYPT_2 + +/* Define if you want to watch for login/-out.*/ +/* default = no */ +#undef SH_USE_UTMP + +/* Define if you want to check mount options on filesystems */ +/* default = no */ +#undef SH_USE_MOUNTS + +/* Define if you want to keep an eye on */ +/* sensitive files that your users own */ +#undef SH_USE_USERFILES + +/* Define if you want to watch for suid/sgid */ +/* files */ +#undef SH_USE_SUIDCHK + +/* Define if you want to check kernel syscall */ +/* table to detect LKM rootkits. */ +/* default = no */ +#undef SH_USE_KERN + +/* Define if you want to use the Kernel */ +/* module to hide samhain. */ +#undef SH_USE_LKM + +/* Define if you have a vanilla Kernel */ +/* (2.4 or 2.2) */ +#undef SH_VANILLA_KERNEL + +/* Define to the name of the MAGIC_HIDE */ +/* string if you use the Kernel module to */ +/* hide samhain. */ +#undef SH_MAGIC_HIDE + +/* Define if you want 'micro' stealth mode. */ +/* default = no */ +#undef SH_STEALTH_MICRO + +/* Define if you want to use stealth mode. */ +/* default = no */ +#undef SH_STEALTH + +/* Define if you want stealth w/o CL parsing. */ +/* default = no */ +#undef SH_STEALTH_NOCL + +/* The magic argv[1] to re-enable CL parsing. */ +/* default = "yes" */ +#undef NOCL_CODE + +/* XOR value to hide literal strings. */ +/* default = 0 */ +#undef XOR_CODE + +/* The port number for TCP/IP connection. */ +/* default = 49777 */ +#undef SH_DEFAULT_PORT + +/* The identity to assume when dropping root */ +/* default = "nobody" */ +#undef DEFAULT_IDENT + +/* Directory for tmp files */ +#undef SH_TMPDIR + +/* The data root directory. */ +/* default="/var/lib/samhain" */ +#undef DEFAULT_DATAROOT + +/* The quarantine directory. */ +/* default="/var/lib/samhain/.quarantine */ +#undef DEFAULT_QDIR + +/* The location of the log file. */ +/* default="/var/log/samhain_log" */ +#undef DEFAULT_ERRFILE + +/* The directory of the log file. */ +/* default="/var/log" */ +#undef DEFAULT_LOGDIR + +/* The location of the pid file. */ +/* default="/var/run/samhain.pid" */ +#undef DEFAULT_ERRLOCK + +/* The location of the pid file directory. */ +/* default="/var/run " */ +#undef DEFAULT_PIDDIR + +/* The location of the configuration file. */ +/* default="/etc/samhainrc" */ +#undef DEFAULT_CONFIGFILE + +/* The location of the checksum data. */ +/* default="/var/lib/samhain/samhain_file" */ +#undef DEFAULT_DATA_FILE + +/* The location of the html report. */ +/* default="/var/log/.samhain.html" */ +#undef DEFAULT_HTML_FILE + +/* The install directory. */ +/* default="/usr/local/sbin" */ +#undef SH_INSTALL_DIR + +/* The install path. */ +/* default="/usr/local/sbin/samhain" */ +#undef SH_INSTALL_PATH +#undef SH_INSTALL_YULE_PATH + +/* The install name. */ +/* default="samhain" */ +#undef SH_INSTALL_NAME + +/* The sender name to use. */ +/* default = "daemon" */ +#undef DEFAULT_SENDER + +/* The address to send mail to. */ +/* default = "NULL" */ +#undef DEFAULT_MAILADDRESS +#undef ALT_MAILADDRESS + +/* The log server. */ +/* default = "NULL" */ +#undef DEFAULT_LOGSERVER +#undef ALT_LOGSERVER + +/* The console. */ +/* default = "NULL" */ +#undef DEFAULT_CONSOLE +#undef ALT_CONSOLE + +/* The default base for one-time pads. */ +/* default = compile_time,compile_time */ +#undef DEFKEY + +/* Define if you want more debug options. */ +/* default = no */ +#undef MEM_DEBUG + +/* Define if you want more debug output. */ +/* default = no */ +#undef WITH_TPT + +/* Define if you want tracing. */ +/* default = no */ +#undef WITH_TRACE + +/* Define if you want slib debug. */ +/* default = no */ +#undef SL_DEBUG + +/* Define if you want slib to abort on errors.*/ +/* default = no */ +#undef SL_FAIL_ON_ERROR + +/* Define if you want to use SRP authenticaton*/ +#undef USE_SRP_PROTOCOL + +/* Define if you want to use GnuPG to */ +/* verify database and configuation file. */ +#undef WITH_GPG + +/* The full path to GnuPG */ +#undef DEFAULT_GPG_PATH + +/* Define if using the gpg/pgp checksum. */ +#undef HAVE_GPG_CHECKSUM + +/* The tiger checksum of the gpg/pgp binary. */ +#undef GPG_HASH + +/* Define if you want to compile in the */ +/* public key fingerprint. */ +#undef USE_FINGERPRINT + +/* The public key fingerprint. */ +#undef SH_GPG_FP + +/* Use ptrace - screw up signal handling. */ +#undef SCREW_IT_UP + +/* ---- misc ------------ */ + +/* Define the package name. */ +#undef PACKAGE + +/* Define the package version. */ +#undef VERSION + +/* Define to the position of the key (1...8). */ +#undef POS_TF + +/* Init key for exepack. */ +#undef EXEPACK_STATE_0 +#undef EXEPACK_STATE_1 +#undef EXEPACK_STATE_2 + +/* ---- system-specific options ------------ */ + +/* Define to the address of sys_call_table */ +#undef SH_SYSCALLTABLE + +/* Define to use SVR4 statvfs to get filesystem type. */ +#undef FSTYPE_STATVFS + +/* Define to use SVR3.2 statfs to get filesystem type. */ +#undef FSTYPE_USG_STATFS + +/* Define to use AIX3 statfs to get filesystem type. */ +#undef FSTYPE_AIX_STATFS + +/* Define to use 4.3BSD getmntent to get filesystem type. */ +#undef FSTYPE_MNTENT + +/* Define to use 4.4BSD and OSF1 statfs to get filesystem type. */ +#undef FSTYPE_STATFS + +/* Define to use Ultrix getmnt to get filesystem type. */ +#undef FSTYPE_GETMNT + +/* the basic type to which we can cast a uid + */ +#undef UID_CAST + +/* for ext2fs flags */ +#undef HAVE_EXT2_IOCTLS +#undef HAVE_STAT_FLAGS + +/* obvious */ +#undef HOST_IS_LINUX +#undef HOST_IS_I86LINUX + +/* obvious */ +#undef HOST_IS_CYGWIN + +/* obvious */ +#undef HOST_IS_DARWIN + +/* obvious */ +#undef HOST_IS_FREEBSD + +/* obvious */ +#undef HOST_IS_AIX + +/* obvious */ +#undef HOST_IS_SOLARIS + +/* obvious */ +#undef HOST_IS_I86SOLARIS + +/* obvious */ +#undef HOST_IS_HPUX + +/* Define to the name of the random devices. */ +#undef NAME_OF_DEV_RANDOM + +#undef NAME_OF_DEV_URANDOM + +/* Define if you have long long. */ +#undef HAVE_LONG_LONG + +/* Define if short is 32 bits. */ +#undef HAVE_SHORT_32 + +/* Define if int is 32 bits. */ +#undef HAVE_INT_32 + +/* Define if long is 32 bits. */ +#undef HAVE_LONG_32 + +/* Define if long is 64 bits. */ +#undef HAVE_LONG_64 + +/* Define if UINT64 is 32 bits. */ +#undef UINT64_IS_32 + +/* Define if you have uint64_t. */ +#undef HAVE_UINT64_T + +/* Define if you have utmpx.h. */ +#undef HAVE_UTMPX_H + +/* Define if your struct utmpx has ut_xtime. */ +#undef HAVE_UTXTIME + +/* Define if your struct utmp has ut_type. */ +#undef HAVE_UTTYPE + +/* Define if your struct utmp has ut_host. */ +#undef HAVE_UTHOST + +/* Define if your struct utmp has ut_addr. */ +#undef HAVE_UTADDR + +/* Define if your includes are broken. */ +#undef HAVE_BROKEN_INCLUDES + +/* Define if your getcwd uses 'popen'. */ +#undef HAVE_BROKEN_GETCWD + +/* Define if your vsnprintf is broken. */ +#undef HAVE_BROKEN_VSNPRINTF + +/* Define if you have va_copy. */ +#undef VA_COPY + +/* Define if va_list may be copied as array. */ +#undef VA_COPY_AS_ARRAY + +/* Define if you need unix entropy gatherer. */ +#undef HAVE_UNIX_RANDOM + +/* Define if you have EGD. */ +#undef HAVE_EGD_RANDOM + +/* Define if you have /dev/random. */ +#undef HAVE_URANDOM + +/* Soket name for EGD. */ +#undef EGD_SOCKET_NAME + +/* Define if your mlock() is broken. */ +#undef HAVE_BROKEN_MLOCK + +/* Define the proc f_type. */ +#undef SH_PROC_MAGIC + +/* Define if you have statfs. */ +#undef HAVE_STATFS + +/* Define if statfs works. */ +#undef STATFS_WORKS + +/* Define to long if not defined. */ +#undef ptrdiff_t + +@BOTTOM@ + +/* dont modify this, unless you know what you do + */ +#define SRP_GENERATOR_1024 "2" +#define SRP_MODULUS_1024_1 \ +_("f488fd584e49dbcd20b49de49107366b336c380d451d0f7c88b31c7c5b2d8ef6") +#define SRP_MODULUS_1024_2 \ +_("f3c923c043f0a55b188d8ebb558cb85d38d334fd7c175743a31d186cde33212c") +#define SRP_MODULUS_1024_3 \ +_("b52aff3ce1b1294018118d7c84a70a72d686c40319c807297aca950cd9969fab") +#define SRP_MODULUS_1024_4 \ +_("d00a509b0246d3083d66a45d419f9c7cbd894b221926baaba25ec355e92f78c7") + +#define SDG_0RETU _("return.\n") +#define SDG_TERRO _("ERROR: file=<%s>, line=<%d>, reason=<%s>\n") +#define SDG_AERRO _("ERROR: file=<%s>, line=<%d>, failed_assertion=<%s>\n") +#define SDG_AFAIL _("FAILED: file=<%s>, line=<%d>, assertion=<%s>\n") +#define SDG_ENTER _("enter=<%s>\n") +#define SDG_RETUR _("return=<%s>.\n") +#define SDG_ERROR _("error=<%ld>.\n") + +#ifdef SH_STEALTH +char * globber(const char * string); +#define _(string) globber(string) +#define N_(string) string +#else +#define _(string) string +#define N_(string) string +#endif + +#endif Index: /tags/2.5.0/aclocal.m4 =================================================================== --- /tags/2.5.0/aclocal.m4 (revision 189) +++ /tags/2.5.0/aclocal.m4 (revision 189) @@ -0,0 +1,2030 @@ +dnl aclocal.m4 generated automatically by aclocal 1.3 + +dnl Copyright (C) 1994, 1995, 1996, 1997, 1998 Free Software Foundation, Inc. +dnl This Makefile.in is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. + +dnl This program is distributed in the hope that it will be useful, +dnl but WITHOUT ANY WARRANTY, to the extent permitted by law; without +dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A +dnl PARTICULAR PURPOSE. + +# +# Check to make sure that the build environment is sane. +# +AC_DEFUN([AM_INIT_AUTOMAKE], +[ +AC_REQUIRE([AC_PROG_INSTALL]) +PACKAGE=[$1] +AC_SUBST(PACKAGE) +VERSION=[$2] +AC_SUBST(VERSION) +dnl test to see if srcdir already configured +if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then + AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) +fi +ifelse([$3],, +AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE") +AC_DEFINE_UNQUOTED(VERSION, "$VERSION")) +AC_REQUIRE([AC_PROG_MAKE_SET])]) + + +# Define a conditional. + +AC_DEFUN([AM_CONDITIONAL], +[AC_SUBST($1_TRUE) +AC_SUBST($1_FALSE) +if $2; then + $1_TRUE= + $1_FALSE='#' +else + $1_TRUE='#' + $1_FALSE= +fi]) + + +AC_DEFUN([sh_run_prog], +[if test "$cross_compiling" = "yes"; then + AC_MSG_ERROR([Can not probe non-portable values when cross compiling]) +fi +cat > conftest.$ac_ext </dev/null)` +then +dnl Don't remove the temporary files here, so they can be examined. +ifelse([$3], , :, [$3]) +else +echo "configure: failed program was:" >&AC_FD_CC +cat conftest.$ac_ext >&AC_FD_CC +ifelse([$4], , , [ rm -fr conftest* + $4 +]) +fi +rm -fr conftest* ]) + +dnl fs type number of the proc filing system +AC_DEFUN([sh_procfs_id], +[AC_MSG_CHECKING([f_type of /proc]) +AC_CACHE_VAL([sh_cv_proc_fstype], +[sh_run_prog( +changequote(<<, >>)dnl +<<#include +#ifdef HAVE_STDLIB_H +#include +#endif /* HAVE_STDLIB_H */ +#ifdef HAVE_UNISTD_H +#include +#endif /* HAVE_UNISTD_H */ +#ifdef HAVE_SYS_VFS_H +#include +#endif +#ifndef Q +#define __Q(x) #x +#define Q(x) __Q(x) +#endif +int main(void) +{ +struct statfs fsbuf; +long ft; +if (statfs("/", &fsbuf)!=0) + exit(1); +ft=fsbuf.f_type; +if (statfs("/proc/1", &fsbuf)!=0) + exit(1); +if (ft!=fsbuf.f_type) + printf("0x%08lx", fsbuf.f_type); +else + puts("statfs useless"); +exit(0); +} >> +changequote([, ]), sh_cv_proc_fstype,, sh_cv_proc_fstype="a fatal error occured")]) +AC_MSG_RESULT($sh_cv_proc_fstype) +if test "${sh_cv_proc_fstype}" = "a fatal error occured"; then + $1=$2 + $4 +else if test "${sh_cv_proc_fstype}" = "statfs useless"; then + $1=$2 + $4 +else + $1=$sh_cv_proc_fstype + $3 +fi; fi ]) + +# Check whether mlock is broken (hpux 10.20 raises a SIGBUS if mlock +# is not called from uid 0 (not tested whether uid 0 works) +dnl AC_CHECK_MLOCK +dnl +define([AC_CHECK_MLOCK], + [ AC_CHECK_FUNCS(mlock) + if test "$ac_cv_func_mlock" = "yes"; then + AC_MSG_CHECKING(whether mlock is broken) + AC_CACHE_VAL(ac_cv_have_broken_mlock, + AC_TRY_RUN([ + #include + #include + #include + #include + #include + #include + + int main() + { + char *pool; + int err; + long int pgsize = getpagesize(); + + pool = malloc( 4096 + pgsize ); + if( !pool ) + return 2; + pool += (pgsize - ((long int)pool % pgsize)); + + err = mlock( pool, 4096 ); + if( !err || errno == EPERM ) + return 0; /* okay */ + + return 1; /* hmmm */ + } + + ], + ac_cv_have_broken_mlock="no", + ac_cv_have_broken_mlock="yes", + ac_cv_have_broken_mlock="assume-no" + ) + ) + if test "$ac_cv_have_broken_mlock" = "yes"; then + AC_DEFINE(HAVE_BROKEN_MLOCK) + AC_MSG_RESULT(yes) + else + if test "$ac_cv_have_broken_mlock" = "no"; then + AC_MSG_RESULT(no) + else + AC_MSG_RESULT(assuming no) + fi + fi + fi + ]) + +dnl @synopsis AC_FUNC_VSNPRINTF +dnl +dnl Check whether there is a reasonably sane vsnprintf() function installed. +dnl "Reasonably sane" in this context means never clobbering memory beyond +dnl the buffer supplied, and having a sensible return value. It is +dnl explicitly allowed not to NUL-terminate the return value, however. +dnl +dnl @version $Id: ac_func_vsnprintf.m4,v 1.1 2001/07/26 02:00:21 guidod Exp $ +dnl @author Gaute Strokkenes +dnl +AC_DEFUN([SL_CHECK_VSNPRINTF], +[AC_CACHE_CHECK(for working vsnprintf, + ac_cv_func_vsnprintf, +[AC_TRY_RUN( +[#include +#include + +int +doit(char * s, ...) +{ + char buffer[32]; + va_list args; + int r; + + buffer[5] = 'X'; + + va_start(args, s); + r = vsnprintf(buffer, 5, s, args); + va_end(args); + + /* -1 is pre-C99, 7 is C99. R.W. 17.01.2003 disallow -1 */ + + if (r != 7) + exit(1); + + /* We deliberately do not care if the result is NUL-terminated or + not, since this is easy to work around like this. */ + + buffer[4] = 0; + + /* Simple sanity check. */ + + if (strcmp(buffer, "1234")) + exit(1); + + if (buffer[5] != 'X') + exit(1); + + exit(0); +} + +int +main(void) +{ + doit("1234567"); + exit(1); +}], ac_cv_func_vsnprintf=yes, ac_cv_func_vsnprintf=no, ac_cv_func_vsnprintf=no)]) +dnl Note that the default is to be pessimistic in the case +dnl of cross compilation. +dnl If you know that the target has a sensible vsnprintf(), +dnl you can get around this +dnl by setting ac_func_vsnprintf to yes, as described in the Autoconf manual. +if test $ac_cv_func_vsnprintf = yes; then + : +else + AC_DEFINE(HAVE_BROKEN_VSNPRINTF, 1, + [Define if you have a broken version of the `vsnprintf' function.]) +fi +])# AC_FUNC_VSNPRINTF + +dnl SH_CHECK_TYPEDEF(TYPE, HAVE_NAME) +dnl Check whether a typedef exists and create a #define $2 if it exists +dnl +AC_DEFUN([SH_CHECK_TYPEDEF], + [ AC_MSG_CHECKING(for $1 typedef) + sh_cv_typedef_foo=`echo sh_cv_typedef_$1 | sed -e 's% %_%g'` + AC_CACHE_VAL( $sh_cv_typedef_foo, + [AC_TRY_COMPILE([ +#include +#include +#ifdef HAVE_STDINT_H +#include +#endif +#ifdef HAVE_INTTYPES_H +#include +#endif], [ + #undef $1 + int a = sizeof($1); + ], sh_cv_typedef=yes, sh_cv_typedef=no )]) + AC_MSG_RESULT($sh_cv_typedef) + if test "$sh_cv_typedef" = yes; then + AC_DEFINE($2) + sh_$2=yes + else + sh_$2=no + fi + ]) + + + +dnl ********************** +dnl *** va_copy checks *** +dnl ********************** +AC_DEFUN([SL_CHECK_VA_COPY], +[AC_MSG_CHECKING(for va_copy()) +AC_CACHE_VAL(sh_cv_va_copy,[ + AC_TRY_RUN([ + #include + void f (int i, ...) { + va_list args1, args2; + va_start (args1, i); + va_copy (args2, args1); + if (va_arg (args2, int) != 42) + exit (1); + if (va_arg (args1, int) != 42) + exit (1); + va_end (args1); va_end (args2); + } + int main() { + f (0, 42); + return 0; + }], + sh_cv_va_copy=yes + , + sh_cv_va_copy=no + , + sh_cv_va_copy=no) +]) +AC_MSG_RESULT($sh_cv_va_copy) +AC_MSG_CHECKING(for __va_copy()) +AC_CACHE_VAL(sh_cv___va_copy,[ + AC_TRY_RUN([ + #include + void f (int i, ...) { + va_list args1, args2; + va_start (args1, i); + __va_copy (args2, args1); + if (va_arg (args2, int) != 42) + exit (1); + if (va_arg (args1, int) != 42) + exit (1); + va_end (args1); va_end (args2); + } + int main() { + f (0, 42); + return 0; + }], + sh_cv___va_copy=yes + , + sh_cv___va_copy=no + , + sh_cv___va_copy=no) +]) +AC_MSG_RESULT($sh_cv___va_copy) +AC_MSG_CHECKING(whether va_lists can be copied by value) +AC_CACHE_VAL(sh_cv_va_val_copy,[ + AC_TRY_RUN([ + #include + void f (int i, ...) { + va_list args1, args2; + va_start (args1, i); + args2 = args1; + if (va_arg (args2, int) != 42) + exit (1); + if (va_arg (args1, int) != 42) + exit (1); + va_end (args1); va_end (args2); + } + int main() { + f (0, 42); + return 0; + }], + sh_cv_va_val_copy=yes + , + sh_cv_va_val_copy=no + , + sh_cv_va_val_copy=no) +]) +if test "x$sh_cv_va_copy" = "xyes"; then + AC_DEFINE(VA_COPY, va_copy) +else if test "x$sh_cv___va_copy" = "xyes"; then + AC_DEFINE(VA_COPY, __va_copy) +fi +fi +if test "x$sh_cv_va_val_copy" = "xno"; then + AC_DEFINE(VA_COPY_AS_ARRAY) +fi +AC_MSG_RESULT($sh_cv_va_val_copy) +]) + + +dnl SH_INIT_PARSE_ARGS() +m4_define([SH_INIT_PARSE_ARGS], +[ +m4_divert_push([PARSE_ARGS])dnl + +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="sed y%*$as_cr_letters%P$as_cr_LETTERS%;s%[[^_$as_cr_alnum]]%_%g" + +as_tr_sh="eval sed 'y%*+%pp%;s%[[^_$as_cr_alnum]]%_%g'" +# IFS +# We need space, tab and new line, in precisely that order. +as_nl=' +' +IFS=" $as_nl" + +# CDPATH. +$as_unset CDPATH || test "${CDPATH+set}" != set || { CDPATH=$PATH_SEPARATOR; export CDPATH; } + + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +AC_SUBST(exec_prefix, NONE)dnl +no_create= +no_recursion= +AC_SUBST(prefix, NONE)dnl +program_prefix=NONE +program_suffix=NONE +AC_SUBST(program_transform_name, [s,x,x,])dnl +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE +DESTDIR= +SH_ENABLE_OPTS="db-reload xml-log message-queue login-watch process-check port-check mounts-check logfile-monitor userfiles debug ptrace static network udp nocl stealth micro-stealth install-name identity khide suidcheck base largefile mail external-scripts encrypt srp dnmalloc" +SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file" + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +dnl Use braces instead of parens because sh, perl, etc. also accept them. +sbindir='${exec_prefix}/sbin' +sysconfdir='${prefix}/etc' +localstatedir='${prefix}/var' +mandir='${prefix}/share/man' + +AC_SUBST([sbindir], ['${exec_prefix}/sbin'])dnl +AC_SUBST([sysconfdir], ['${prefix}/etc'])dnl +AC_SUBST([localstatedir], ['${prefix}/var'])dnl +AC_SUBST([mandir], ['${prefix}/share/man'])dnl + + +# Initialize some other variables. +subdirs= +MFLAGS= MAKEFLAGS= +SHELL=${CONFIG_SHELL-/bin/sh} +# Maximum number of lines to put in a shell here document. +ac_max_here_lines=12 + +ac_prev= +for ac_option +do + + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval "$ac_prev=\$ac_option" + ac_prev= + continue + fi + + case "$ac_option" in +changequote(, )dnl + *=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; +changequote([, ])dnl + *) ac_optarg= ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case "$ac_option" in + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias="$ac_optarg" ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file="$ac_optarg" ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -disable-* | --disable-*) + ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_feature" : "[.*[^-_$as_cr_alnum]]" >/dev/null && + AC_MSG_ERROR([invalid feature name: $ac_feature]) + ac_feature=`echo $ac_feature | sed 's/-/_/g'` + ac_enable_check_opt=no + for f in ${SH_ENABLE_OPTS} + do + f=`echo $f | sed 's/-/_/g'` + if test x${f} = x"${ac_feature}" + then + ac_enable_check_opt=yes + fi + done + if test x${ac_enable_check_opt} = xno + then + AC_MSG_ERROR([unrecognized option: $ac_option +Try `$[0] --help' for more information.]) + fi + eval "enable_$ac_feature=no" ;; + + -enable-* | --enable-*) + ac_feature=`expr "x$ac_option" : 'x-*enable-\([[^=]]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_feature" : "[.*[^-_$as_cr_alnum]]" >/dev/null && + AC_MSG_ERROR([invalid feature name: $ac_feature]) + ac_feature=`echo $ac_feature | sed 's/-/_/g'` + case $ac_option in + *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; + *) ac_optarg=yes ;; + esac + ac_enable_check_opt=no + for f in ${SH_ENABLE_OPTS} + do + f=`echo $f | sed 's/-/_/g'` + if test x${f} = x"${ac_feature}" + then + ac_enable_check_opt=yes + fi + done + if test x${ac_enable_check_opt} = xno + then + AC_MSG_ERROR([unrecognized option: $ac_option +Try `$[0] --help' for more information.]) + fi + eval "enable_$ac_feature='$ac_optarg'" ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix + ac_exec_prefix_set="yes" + ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix="$ac_optarg" + ac_exec_prefix_set="yes" + ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias="$ac_optarg" ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst \ + | --locals | --local | --loca | --loc | --lo) + ac_prev=localstatedir + ac_localstatedir_set="yes" + ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* \ + | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) + localstatedir="$ac_optarg" + ac_localstatedir_set="yes" + ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir + ac_mandir_set="yes" + ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir="$ac_optarg" + ac_mandir_set="yes" + ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix + ac_prefix_set="yes" + ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix="$ac_optarg" + ac_prefix_set="yes" + ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir + ac_sbindir_set="yes" + ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir="$ac_optarg" + ac_sbindir_set="yes" + ;; + + -bindir | --bindir | --bindi | --bind | --bin | --bi | --b) + echo "WARNING: bindir will be ignored, use sbindir" + ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* \ + | --bi=* | --b=*) + echo "WARNING: bindir will be ignored, use sbindir" + ;; + + -datadir | --datadir) + echo "WARNING: datadir will be ignored" + ;; + -datadir=* | --datadir=*) + echo "WARNING: datadir will be ignored" + ;; + + -includedir | --includedir) + echo "WARNING: includedir will be ignored" + ;; + -includedir=* | --includedir=*) + echo "WARNING: includedir will be ignored" + ;; + + -infodir | --infodir) + echo "WARNING: infodir will be ignored" + ;; + -infodir=* | --infodir=*) + echo "WARNING: infodir will be ignored" + ;; + + -libdir | --libdir) + echo "WARNING: libdir will be ignored" + ;; + -libdir=* | --libdir=*) + echo "WARNING: libdir will be ignored" + ;; + + -libexecdir | --libexecdir) + echo "WARNING: libexecdir will be ignored" + ;; + -libexecdir=* | --libexecdir=*) + echo "WARNING: libexecdir will be ignored" + ;; + + -sharedstatedir | --sharedstatedir) + echo "WARNING: sharedstatedir will be ignored" + ;; + -sharedstatedir=* | --sharedstatedir=*) + echo "WARNING: sharedstatedir will be ignored" + ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site="$ac_optarg" ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir="$ac_optarg" ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir + ac_sysconfdir_set="yes" + ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir="$ac_optarg" + ac_sysconfdir_set="yes" + ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias="$ac_optarg" ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers) + ac_init_version=: ;; + + + -with-* | --with-*) + ac_package=`expr "x$ac_option" : 'x-*with-\([[^=]]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_package" : "[.*[^-_$as_cr_alnum]]" >/dev/null && + AC_MSG_ERROR([invalid package name: $ac_package]) + ac_package=`echo $ac_package| sed 's/-/_/g'` + case $ac_option in + *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; + *) ac_optarg=yes ;; + esac + ac_with_check_opt=no + for f in ${SH_WITH_OPTS} + do + f=`echo $f | sed 's/-/_/g'` + if test x${f} = x"${ac_package}" + then + ac_with_check_opt=yes + fi + done + if test x${ac_with_check_opt} = xno + then + AC_MSG_ERROR([unrecognized option: $ac_option +Try `$[0] --help' for more information.]) + fi + eval "with_$ac_package='$ac_optarg'" ;; + + -without-* | --without-*) + ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_package" : "[.*[^-_$as_cr_alnum]]" >/dev/null && + AC_MSG_ERROR([invalid package name: $ac_package]) + ac_package=`echo $ac_package | sed 's/-/_/g'` + ac_with_check_opt=no + for f in ${SH_WITH_OPTS} + do + f=`echo $f | sed 's/-/_/g'` + if test x${f} = x"${ac_package}" + then + ac_with_check_opt=yes + fi + done + if test x${ac_with_check_opt} = xno + then + AC_MSG_ERROR([unrecognized option: $ac_option +Try `$[0] --help' for more information.]) + fi + eval "with_$ac_package=no" ;; + + + -*) AC_MSG_ERROR([unrecognized option: $ac_option +Try `$[0] --help' for more information.]) + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([[^=]]*\)='` + # Reject names that are not valid shell variable names. + expr "x$ac_envvar" : "[.*[^_$as_cr_alnum]]" >/dev/null && + AC_MSG_ERROR([invalid variable name: $ac_envvar]) + ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` + eval "$ac_envvar='$ac_optarg'" + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + AC_MSG_WARN([you should use --build, --host, --target]) + expr "x$ac_option" : "[.*[^-._$as_cr_alnum]]" >/dev/null && + AC_MSG_WARN([invalid host type: $ac_option]) + : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} + ;; + + + esac +done + +if test -n "$ac_prev"; then + AC_MSG_ERROR(missing argument to --`echo $ac_prev | sed 's/_/-/g'`) +fi + +# Be sure to have absolute paths. +for ac_var in prefix exec_prefix +do + eval ac_val=$`echo $ac_var` + case $ac_val in + [[\\/$]]* | ?:[[\\/]]* | NONE | '' | OPT | USR ) ;; + *) AC_MSG_ERROR([expected an absolute directory name for --$ac_var: $ac_val]);; + esac +done + +# Be sure to have absolute paths. +for ac_var in sbindir sysconfdir localstatedir mandir +do + eval ac_val=$`echo $ac_var` + case $ac_val in + [[\\/$]]* | ?:[[\\/]]* ) ;; + *) AC_MSG_ERROR([expected an absolute directory name for --$ac_var: $ac_val]);; + esac +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + AC_MSG_WARN([If you wanted to set the --build type, don't use --host. + If a cross compiler is detected then cross compile mode will be used.]) + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec AS_MESSAGE_FD>/dev/null + +m4_divert_pop([PARSE_ARGS])dnl +])# SH_INIT_PARSE_ARGS + +m4_define([SH_INIT_HELP], +[m4_divert_push([HELP_BEGIN])dnl + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures m4_ifset([AC_PACKAGE_STRING], + [AC_PACKAGE_STRING], + [this package]) to adapt to many kinds of systems. + +Usage: $[0] [[OPTION]]... [[VAR=VALUE]]... + +[To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +_ACEOF + + cat <<_ACEOF +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install binaries in \`/usr/local/sbin', +the config file in \`/etc', manpage in \`/usr/local/share/man', and state +data in \`/var/lib/INSTALL_NAME' (FSH layout). You can specify other +FSH compliant layouts with \`--prefix=OPT' or \`--prefix=USR', or you +can specify a directory with \`--prefix=DIR' to install in \`DIR/sbin', +\`DIR/etc', etc. + +For better control, use the options below. + +Fine tuning of the installation directories: + --sbindir=DIR system admin executables [EPREFIX/sbin] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --mandir=DIR man documentation [PREFIX/man] + +For even finer tuning, paths can be specified for individual files (see below) + +_ACEOF + + cat <<\_ACEOF] +m4_divert_pop([HELP_BEGIN])dnl +dnl The order of the diversions here is +dnl - HELP_BEGIN +dnl which may be prolongated by extra generic options such as with X or +dnl AC_ARG_PROGRAM. Displayed only in long --help. +dnl +dnl - HELP_CANON +dnl Support for cross compilation (--build, --host and --target). +dnl Display only in long --help. +dnl +dnl - HELP_ENABLE +dnl which starts with the trailer of the HELP_BEGIN, HELP_CANON section, +dnl then implements the header of the non generic options. +dnl +dnl - HELP_WITH +dnl +dnl - HELP_VAR +dnl +dnl - HELP_VAR_END +dnl +dnl - HELP_END +dnl initialized below, in which we dump the trailer (handling of the +dnl recursion for instance). +m4_divert_push([HELP_ENABLE])dnl +_ACEOF +fi + +if test -n "$ac_init_help"; then +m4_ifset([AC_PACKAGE_STRING], +[ case $ac_init_help in + short | recursive ) echo "Configuration of AC_PACKAGE_STRING:";; + esac]) + cat <<\_ACEOF +m4_divert_pop([HELP_ENABLE])dnl +m4_divert_push([HELP_END])dnl +m4_ifset([AC_PACKAGE_BUGREPORT], [ +Report bugs to .]) +_ACEOF +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + ac_popdir=`pwd` + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d $ac_dir || continue + _AC_SRCPATHS(["$ac_dir"]) + cd $ac_dir + # Check for guested configure; otherwise get Cygnus style configure. + if test -f $ac_srcdir/configure.gnu; then + echo + $SHELL $ac_srcdir/configure.gnu --help=recursive + elif test -f $ac_srcdir/configure; then + echo + $SHELL $ac_srcdir/configure --help=recursive + elif test -f $ac_srcdir/configure.ac || + test -f $ac_srcdir/configure.in; then + echo + $ac_configure --help + else + AC_MSG_WARN([no configuration information is in $ac_dir]) + fi + cd $ac_popdir + done +fi + +test -n "$ac_init_help" && exit 0 +m4_divert_pop([HELP_END])dnl +])# SH_INIT_HELP + + + + + + + + +# Check whether sa_sigaction works. +# Rainer Wichmann , 2003. +# +# This file can be copied and used freely without restrictions. It can +# be used in projects which are not available under the GNU Public License. + +# serial 1 + +AC_DEFUN([AM_SA_SIGACTION_WORKS], + [ + am_cv_val_SA_SIGACTION=no + AC_CHECK_HEADER(signal.h, + [ + AM_SI_USER + AM_SA_SIGINFO + if test $am_cv_val_SI_USER = yes && test $am_cv_val_SA_SIGINFO = yes + then + AC_TRY_RUN([ +#include +#include +#include +#include + +volatile int xnum = 0; +volatile int xcode = 0; +jmp_buf Buf; +int xsig = SIGSEGV; + +void sighandler (int xsignam, siginfo_t * xsiginfo, void * xsigadd) +{ + static sigset_t x; + + if (xsiginfo == NULL) + exit(__LINE__); + if (xsiginfo->si_signo != xsignam) + exit(__LINE__); + ++xnum; + xcode = xsiginfo->si_code; + sigemptyset (&x); + sigprocmask(SIG_SETMASK, &x, NULL); + longjmp ( Buf, 1); +} + +int main () +{ + struct sigaction newact; + + newact.sa_sigaction = sighandler; + sigemptyset (&newact.sa_mask); + newact.sa_flags = SA_SIGINFO; + if (0 != sigaction (xsig, &newact, NULL)) + exit (__LINE__); + if(setjmp ( Buf)) { + if (xnum > 1) + goto Third; + goto Second; + } + memcpy((void *) 0x0, "test", 5); + Second: + if (xcode == SI_USER) + exit (__LINE__); + raise(xsig); + Third: + if (xcode != SI_USER) + exit (__LINE__); + if (xnum != 2) + exit (__LINE__); + return (0); +}], am_cv_val_SA_SIGACTION=yes, am_cv_val_SA_SIGACTION=no, am_cv_val_SA_SIGACTION=no) + fi + ]) + AC_MSG_CHECKING([whether sa_sigaction is supported]) + if test $am_cv_val_SA_SIGACTION = yes + then + AC_MSG_RESULT(yes) + AC_DEFINE([SA_SIGACTION_WORKS], 1, [Define if sa_sigaction works]) + else + AC_MSG_RESULT(no) + fi + ]) + +# Check whether SI_USER is available in . +# Rainer Wichmann , 2003. +# +# This file can be copied and used freely without restrictions. It can +# be used in projects which are not available under the GNU Public License. + +# serial 1 + + +AC_DEFUN([AM_SI_USER], + [if test $ac_cv_header_signal_h = yes; then + AC_CACHE_CHECK([for SI_USER in signal.h], am_cv_val_SI_USER, + [AC_TRY_LINK([#include ], [return SI_USER], + am_cv_val_SI_USER=yes, am_cv_val_SI_USER=no)]) + if test $am_cv_val_SI_USER = yes; then + AC_DEFINE([HAVE_SI_USER], 1, [Define if you have SI_USER]) + fi + fi]) + +# Check whether SA_SIGINFO is available in . +# Rainer Wichmann , 2003. +# +# This file can be copied and used freely without restrictions. It can +# be used in projects which are not available under the GNU Public License. + +# serial 1 + + +AC_DEFUN([AM_SA_SIGINFO], + [if test $ac_cv_header_signal_h = yes; then + AC_CACHE_CHECK([for SA_SIGINFO in signal.h], am_cv_val_SA_SIGINFO, + [AC_TRY_LINK([#include ], [return SA_SIGINFO], + am_cv_val_SA_SIGINFO=yes, am_cv_val_SA_SIGINFO=no)]) + if test $am_cv_val_SA_SIGINFO = yes; then + AC_DEFINE([HAVE_SA_SIGINFO], 1, [Define if you have SA_SIGINFO]) + fi + fi]) + +dnl +dnl Useful macros for autoconf to check for ssp-patched gcc +dnl 1.0 - September 2003 - Tiago Sousa +dnl 1.1 - August 2006 - Ted Percival +dnl * Stricter language checking (C or C++) +dnl * Adds GCC_STACK_PROTECT_LIB to add -lssp to LDFLAGS as necessary +dnl * Caches all results +dnl * Uses macros to ensure correct ouput in quiet/silent mode +dnl 1.2 - April 2007 - Ted Percival +dnl * Added GCC_STACK_PROTECTOR macro for simpler (one-line) invocation +dnl * GCC_STACK_PROTECT_LIB now adds -lssp to LIBS rather than LDFLAGS +dnl +dnl About ssp: +dnl GCC extension for protecting applications from stack-smashing attacks +dnl http://www.research.ibm.com/trl/projects/security/ssp/ +dnl +dnl Usage: +dnl Most people will simply call GCC_STACK_PROTECTOR. +dnl If you only use one of C or C++, you can save time by only calling the +dnl macro appropriate for that language. In that case you should also call +dnl GCC_STACK_PROTECT_LIB first. +dnl +dnl GCC_STACK_PROTECTOR +dnl Tries to turn on stack protection for C and C++ by calling the following +dnl three macros with the right languages. +dnl +dnl GCC_STACK_PROTECT_CC +dnl checks -fstack-protector with the C compiler, if it exists then updates +dnl CFLAGS and defines ENABLE_SSP_CC +dnl +dnl GCC_STACK_PROTECT_CXX +dnl checks -fstack-protector with the C++ compiler, if it exists then updates +dnl CXXFLAGS and defines ENABLE_SSP_CXX +dnl +dnl GCC_STACK_PROTECT_LIB +dnl adds -lssp to LIBS if it is available +dnl ssp is usually provided as part of libc, but was previously a separate lib +dnl It does not hurt to add -lssp even if libc provides SSP - in that case +dnl libssp will simply be ignored. +dnl + +AC_DEFUN([GCC_STACK_PROTECT_LIB],[ + AC_CACHE_CHECK([whether libssp exists], ssp_cv_lib, + [ssp_old_libs="$LIBS" + LIBS="$LIBS -lssp" + AC_TRY_LINK(,, ssp_cv_lib=yes, ssp_cv_lib=no) + LIBS="$ssp_old_libs" + ]) + if test $ssp_cv_lib = yes; then + LIBS="$LIBS -lssp" + fi +]) + +AC_DEFUN([GCC_STACK_PROTECT_CC],[ + AC_LANG_ASSERT(C) + if test "X$CC" != "X"; then + AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector-all], + ssp_cv_cc, + [ssp_old_cflags="$CFLAGS" + CFLAGS="$CFLAGS -fstack-protector-all" + AC_TRY_COMPILE(,, ssp_cv_cc=yes, ssp_cv_cc=no) + CFLAGS="$ssp_old_cflags" + ]) + if test $ssp_cv_cc = no; then + AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector], + ssp_cv_cc, + [ssp_old_cflags="$CFLAGS" + CFLAGS="$CFLAGS -fstack-protector" + AC_TRY_COMPILE(,, ssp_cv_cc=yes, ssp_cv_cc=no) + CFLAGS="$ssp_old_cflags" + ]) + if test $ssp_cv_cc = yes; then + CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector" + AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.]) + fi + else + if test $ssp_cv_cc = yes; then + CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all" + AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.]) + fi + fi + fi +]) + +AC_DEFUN([GCC_STACK_PROTECT_CXX],[ + AC_LANG_ASSERT(C++) + if test "X$CXX" != "X"; then + AC_CACHE_CHECK([whether ${CXX} accepts -fstack-protector], + ssp_cv_cxx, + [ssp_old_cxxflags="$CXXFLAGS" + CXXFLAGS="$CXXFLAGS -fstack-protector" + AC_TRY_COMPILE(,, ssp_cv_cxx=yes, ssp_cv_cxx=no) + CXXFLAGS="$ssp_old_cxxflags" + ]) + if test $ssp_cv_cxx = yes; then + CXXFLAGS="$CXXFLAGS -fstack-protector" + AC_DEFINE([ENABLE_SSP_CXX], 1, [Define if SSP C++ support is enabled.]) + fi + fi +]) + +AC_DEFUN([GCC_STACK_PROTECTOR],[ + GCC_STACK_PROTECT_LIB + + AC_LANG_PUSH([C]) + GCC_STACK_PROTECT_CC + AC_LANG_POP([C]) + + AC_LANG_PUSH([C++]) + GCC_STACK_PROTECT_CXX + AC_LANG_POP([C++]) +]) + + +AC_DEFUN([GCC_PIE_CC],[ + AC_LANG_ASSERT(C) + if test "X$CC" != "X"; then + AC_CACHE_CHECK([whether ${CC} accepts -pie -fPIE], + pie_cv_cc, + [pie_old_cflags="$CFLAGS" + CFLAGS="$CFLAGS -pie -fPIE" + AC_TRY_COMPILE(,, pie_cv_cc=yes, pie_cv_cc=no) + CFLAGS="$pie_old_cflags" + ]) + if test $pie_cv_cc = yes; then + PIE_CFLAGS="-fPIE" + PIE_LDFLAGS="-pie" + fi + fi +]) + +AC_DEFUN([SAMHAIN_POSIX],[ + AC_MSG_CHECKING([whether _POSIX_SOURCE is necessary]) + AC_TRY_COMPILE([#include +void fileno(int);int fdopen(int, char *); ],, + [ + AC_MSG_RESULT(yes) + AC_DEFINE([_POSIX_SOURCE],1,[Define if POSIX functions are required]) + ], + [AC_MSG_RESULT(no)]) +])dnl + +dnl checks for a known 64 bit programming environment +dnl AC_RUN_IFELSE(PROGRAM, +dnl [ACTION-IF-TRUE], [ACTION-IF-FALSE], +dnl [ACTION-IF-CROSS-COMPILING = RUNTIME-ERROR]) +dnl +AC_DEFUN([SAMHAIN_PRG_ENV],[ + AC_MSG_CHECKING([for a known 64 bit programming environment]) + # Compile and run a program that determines the programming environment + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ +#include +int main(int argc,char **argv) +{ + if (argc > 1) { +#if defined(__arch64__) + printf("__arch64__\n"); +#elif defined(__ia64__) + printf("__ia64__\n"); +#elif defined(__x86_64__) + printf("__x86_64__\n"); +#elif defined(__LP64__) + printf("__LP64__\n"); +#elif defined(__64BIT__) + printf("__64BIT__\n"); +#elif defined(_LP64) + printf("_LP64\n"); +#elif defined(_M_IA64) + printf("_M_IA64\n"); +#elif defined(_MIPS_SZLONG) && (_MIPS_SZLONG == 64) + printf("_MIPS_64\n"); +#else +choke me +#endif + } + return 0; +} + ]]) + ],[ + # Program compiled and ran, so get version by adding argument. + samhain_prg_ENV=`./conftest$ac_exeext x` + samhain_64=yes + AC_MSG_RESULT([$samhain_prg_ENV]) + ],[ + AC_MSG_RESULT([none]) + ],[ + AC_MSG_RESULT([none]) + ]) +])dnl + +AC_DEFUN([SAMHAIN_X86_64],[ + AC_MSG_CHECKING([for x86_64]) + AC_TRY_RUN([ +int main() { +__asm__ volatile ( +"movq %rax, %rax" +); +return 0; +} + ], + [ + AC_MSG_RESULT(yes) + samhain_64=yes + tiger_src=sh_tiger1_64.c + AC_DEFINE([TIGER_OPT_ASM],1,[Define to use tiger x86_64 optimized assembly]) + ], + [ + AC_MSG_RESULT([no]) + ],[ + AC_MSG_RESULT([no]) + ]) +])dnl + + +AC_DEFUN([SAMHAIN_64],[ +samhain_64=no +tiger_src=sh_tiger1.c +# +# if sizeof(unsigned long) = 4, try compiler macros for 64bit +# +if test "x$ac_cv_sizeof_unsigned_long" = x4; then + if test "x$ac_cv_sizeof_unsigned_long_long" = x8; then + SAMHAIN_PRG_ENV + if test "x$samhain_64" = xyes; then + tiger_src=sh_tiger1_64.c + fi + # + # if GCC and __i386__, use precompiled assembler + # + if test "x$GCC" = xyes; then + AC_MSG_CHECKING([for non-apple non-cygwin i386]) + samhain_i386=no + $CC -E -dM - < /dev/null | egrep '__i386__' >/dev/null 2>&1 + if test $? = 0; then + # apples gcc does not understand the assembly we provide + $CC -E -dM - < /dev/null | egrep '(__sun__|__APPLE__|__CYGWIN__)' >/dev/null 2>&1 || samhain_i386=yes + fi + if test "x$samhain_i386" = xyes; then + tiger_src=sh_tiger1.s + AC_DEFINE([TIGER_32_BIT_S],1,[Define to use tiger 32 bit i386 assembler]) + fi + AC_MSG_RESULT([$samhain_i386]) + fi + # + # + # + else + samhain_64=no + tiger_src=sh_tiger1.c + fi +else + # + # sizeof(unsigned long) = 8 + # + tiger_src=sh_tiger1_64.c + samhain_64=yes + # + # check for x86_64 (enables assembly optimizations) + # + if test "x$GCC" = xyes; then + SAMHAIN_X86_64 + fi +fi +if test "x$samhain_64" = xyes; then + AC_DEFINE([TIGER_64_BIT],1,[Define to use tiger 64 bit implementation]) +fi +AC_MSG_CHECKING([for 64 bit environment]) +AC_MSG_RESULT([$samhain_64]) +AC_MSG_CHECKING([for tiger source to use]) +AC_MSG_RESULT([$tiger_src]) +AC_SUBST(tiger_src) +])dnl + +AC_DEFUN([sh_CHECK_POSIX_ACL], +[ + AC_CHECK_HEADERS(sys/acl.h) + if test $ac_cv_header_sys_acl_h = yes; then + + AC_CHECK_LIB([acl], [acl_get_file], sh_lacl=yes, sh_lacl=no) + if test x"$sh_lacl" = xyes; then + LIBACL=-lacl + else + LIBACL= + fi + + OLDLIBS="$LIBS" + LIBS="$LIBS $LIBACL" + AC_CHECK_FUNCS([acl_free acl_get_file acl_get_fd], + [sh_facl=yes],[sh_facl=no]) + LIBS="$OLDLIBS" + + if test x"$sh_facl" = xyes; then + AC_DEFINE(USE_ACL, 1, [Define if you want ACL support.]) + LIBS="$LIBS $LIBACL" + fi + fi +]) + +AC_DEFUN([sh_CHECK_XATTR], +[ + AC_CHECK_HEADERS(attr/xattr.h) + if test $ac_cv_header_attr_xattr_h = yes; then + + AC_CHECK_LIB([attr], [getxattr], sh_lattr=yes, sh_lattr=no) + if test x"$sh_lattr" = xyes; then + LIBATTR=-lattr + else + LIBATTR= + fi + + OLDLIBS="$LIBS" + LIBS="$LIBS $LIBATTR" + AC_CHECK_FUNCS([getxattr lgetxattr fgetxattr], + [sh_fattr=yes],[sh_fattr=no]) + LIBS="$OLDLIBS" + + if test x"$sh_fattr" = xyes; then + AC_DEFINE(USE_XATTR, 1, [Define if you want extended attributes support.]) + LIBS="$LIBS $LIBATTR" + fi + fi +]) + +dnl Autoconf macros for libprelude +dnl $id$ + +# Modified for LIBPRELUDE -- Yoann Vandoorselaere +# Modified for LIBGNUTLS -- nmav +# Configure paths for LIBGCRYPT +# Shamelessly stolen from the one of XDELTA by Owen Taylor +# Werner Koch 99-12-09 + +dnl AM_PATH_LIBPRELUDE([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) +dnl Test for libprelude, and define LIBPRELUDE_PREFIX, LIBPRELUDE_CFLAGS, LIBPRELUDE_PTHREAD_CFLAGS, +dnl LIBPRELUDE_LDFLAGS, and LIBPRELUDE_LIBS +dnl +AC_DEFUN([AM_PATH_LIBPRELUDE], +[dnl +dnl Get the cflags and libraries from the libprelude-config script +dnl +dnl AC_ARG_WITH(libprelude-prefix, +dnl [ --with-libprelude-prefix=PFX Prefix where libprelude is installed (optional)], +dnl libprelude_config_prefix="$withval", libprelude_config_prefix="") +dnl +dnl if test x$libprelude_config_prefix != x ; then +dnl if test x${LIBPRELUDE_CONFIG+set} != xset ; then +dnl LIBPRELUDE_CONFIG=$libprelude_config_prefix/bin/libprelude-config +dnl fi +dnl fi +dnl +dnl AC_PATH_PROG(LIBPRELUDE_CONFIG, libprelude-config, no) + min_libprelude_version=ifelse([$1], ,0.1.0,$1) + AC_MSG_CHECKING(for libprelude - version >= $min_libprelude_version) + no_libprelude="" + if test "$LIBPRELUDE_CONFIG" = "no" ; then + no_libprelude=yes + else + LIBPRELUDE_CFLAGS=`$LIBPRELUDE_CONFIG $libprelude_config_args --cflags` + LIBPRELUDE_PTHREAD_CFLAGS=`$LIBPRELUDE_CONFIG $libprelude_config_args --pthread-cflags` + LIBPRELUDE_LDFLAGS=`$LIBPRELUDE_CONFIG $libprelude_config_args --ldflags` + LIBPRELUDE_LIBS=`$LIBPRELUDE_CONFIG $libprelude_config_args --libs` + LIBPRELUDE_PREFIX=`$LIBPRELUDE_CONFIG $libprelude_config_args --prefix` + LIBPRELUDE_CONFIG_PREFIX=`$LIBPRELUDE_CONFIG $libprelude_config_args --config-prefix` + libprelude_config_version=`$LIBPRELUDE_CONFIG $libprelude_config_args --version` + + + ac_save_CFLAGS="$CFLAGS" + ac_save_LDFLAGS="$LDFLAGS" + ac_save_LIBS="$LIBS" + CFLAGS="$CFLAGS $LIBPRELUDE_CFLAGS" + LDFLAGS="$LDFLAGS $LIBPRELUDE_LDFLAGS" + LIBS="$LIBS $LIBPRELUDE_LIBS" +dnl +dnl Now check if the installed libprelude is sufficiently new. Also sanity +dnl checks the results of libprelude-config to some extent +dnl + rm -f conf.libpreludetest + AC_TRY_RUN([ +#include +#include +#include +#include + +int +main () +{ + system ("touch conf.libpreludetest"); + + if( strcmp( prelude_check_version(NULL), "$libprelude_config_version" ) ) + { + printf("\n*** 'libprelude-config --version' returned %s, but LIBPRELUDE (%s)\n", + "$libprelude_config_version", prelude_check_version(NULL) ); + printf("*** was found! If libprelude-config was correct, then it is best\n"); + printf("*** to remove the old version of LIBPRELUDE. You may also be able to fix the error\n"); + printf("*** by modifying your LD_LIBRARY_PATH enviroment variable, or by editing\n"); + printf("*** /etc/ld.so.conf. Make sure you have run ldconfig if that is\n"); + printf("*** required on your system.\n"); + printf("*** If libprelude-config was wrong, set the environment variable LIBPRELUDE_CONFIG\n"); + printf("*** to point to the correct copy of libprelude-config, and remove the file config.cache\n"); + printf("*** before re-running configure\n"); + } + else if ( strcmp(prelude_check_version(NULL), LIBPRELUDE_VERSION ) ) + { + printf("\n*** LIBPRELUDE header file (version %s) does not match\n", LIBPRELUDE_VERSION); + printf("*** library (version %s)\n", prelude_check_version(NULL) ); + } + else + { + if ( prelude_check_version( "$min_libprelude_version" ) ) + { + return 0; + } + else + { + printf("no\n*** An old version of LIBPRELUDE (%s) was found.\n", + prelude_check_version(NULL) ); + printf("*** You need a version of LIBPRELUDE newer than %s. The latest version of\n", + "$min_libprelude_version" ); + printf("*** LIBPRELUDE is always available from http://www.prelude-ids.org/download/releases.\n"); + printf("*** \n"); + printf("*** If you have already installed a sufficiently new version, this error\n"); + printf("*** probably means that the wrong copy of the libprelude-config shell script is\n"); + printf("*** being found. The easiest way to fix this is to remove the old version\n"); + printf("*** of LIBPRELUDE, but you can also set the LIBPRELUDE_CONFIG environment to point to the\n"); + printf("*** correct copy of libprelude-config. (In this case, you will have to\n"); + printf("*** modify your LD_LIBRARY_PATH enviroment variable, or edit /etc/ld.so.conf\n"); + printf("*** so that the correct libraries are found at run-time))\n"); + } + } + return 1; +} +],, no_libprelude=yes,[echo $ac_n "cross compiling; assumed OK... $ac_c"]) + CFLAGS="$ac_save_CFLAGS" + LIBS="$ac_save_LIBS" + LDFLAGS="$ac_save_LDFLAGS" + fi + + if test "x$no_libprelude" = x ; then + AC_MSG_RESULT(yes) + ifelse([$2], , :, [$2]) + else + if test -f conf.libpreludetest ; then + : + else + AC_MSG_RESULT(no) + fi + if test "$LIBPRELUDE_CONFIG" = "no" ; then + echo "*** The libprelude-config script installed by LIBPRELUDE could not be found" + echo "*** If LIBPRELUDE was installed in PREFIX, make sure PREFIX/bin is in" + echo "*** your path, or set the LIBPRELUDE_CONFIG environment variable to the" + echo "*** full path to libprelude-config." + else + if test -f conf.libpreludetest ; then + : + else + echo "*** Could not run libprelude test program, checking why..." + CFLAGS="$CFLAGS $LIBPRELUDE_CFLAGS" + LDFLAGS="$LDFLAGS $LIBPRELUDE_LDFLAGS" + LIBS="$LIBS $LIBPRELUDE_LIBS" + AC_TRY_LINK([ +#include +#include +#include +#include +], [ return !!prelude_check_version(NULL); ], + [ echo "*** The test program compiled, but did not run. This usually means" + echo "*** that the run-time linker is not finding LIBPRELUDE or finding the wrong" + echo "*** version of LIBPRELUDE. If it is not finding LIBPRELUDE, you'll need to set your" + echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point" + echo "*** to the installed location Also, make sure you have run ldconfig if that" + echo "*** is required on your system" + echo "***" + echo "*** If you have an old version installed, it is best to remove it, although" + echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" + echo "***" ], + [ echo "*** The test program failed to compile or link. See the file config.log for the" + echo "*** exact error that occured. This usually means LIBPRELUDE was incorrectly installed" + echo "*** or that you have moved LIBPRELUDE since it was installed. In the latter case, you" + echo "*** may want to edit the libprelude-config script: $LIBPRELUDE_CONFIG" ]) + CFLAGS="$ac_save_CFLAGS" + LDFLAGS="$ac_save_LDFLAGS" + LIBS="$ac_save_LIBS" + fi + fi + LIBPRELUDE_CFLAGS="" + LIBPRELUDE_LDFLAGS="" + LIBPRELUDE_LIBS="" + ifelse([$3], , :, [$3]) + fi + rm -f conf.libpreludetest + AC_SUBST(LIBPRELUDE_CFLAGS) + AC_SUBST(LIBPRELUDE_PTHREAD_CFLAGS) + AC_SUBST(LIBPRELUDE_LDFLAGS) + AC_SUBST(LIBPRELUDE_LIBS) + AC_SUBST(LIBPRELUDE_PREFIX) + AC_SUBST(LIBPRELUDE_CONFIG_PREFIX) +]) + + +##### http://autoconf-archive.cryp.to/acx_pthread.html +# +# SYNOPSIS +# +# ACX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]]) +# +# DESCRIPTION +# +# This macro figures out how to build C programs using POSIX threads. +# It sets the PTHREAD_LIBS output variable to the threads library and +# linker flags, and the PTHREAD_CFLAGS output variable to any special +# C compiler flags that are needed. (The user can also force certain +# compiler flags/libs to be tested by setting these environment +# variables.) +# +# Also sets PTHREAD_CC to any special C compiler that is needed for +# multi-threaded programs (defaults to the value of CC otherwise). +# (This is necessary on AIX to use the special cc_r compiler alias.) +# +# NOTE: You are assumed to not only compile your program with these +# flags, but also link it with them as well. e.g. you should link +# with $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS +# $LIBS +# +# If you are only building threads programs, you may wish to use +# these variables in your default LIBS, CFLAGS, and CC: +# +# LIBS="$PTHREAD_LIBS $LIBS" +# CFLAGS="$CFLAGS $PTHREAD_CFLAGS" +# CC="$PTHREAD_CC" +# +# In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute +# constant has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to +# that name (e.g. PTHREAD_CREATE_UNDETACHED on AIX). +# +# ACTION-IF-FOUND is a list of shell commands to run if a threads +# library is found, and ACTION-IF-NOT-FOUND is a list of commands to +# run it if it is not found. If ACTION-IF-FOUND is not specified, the +# default action will define HAVE_PTHREAD. +# +# Please let the authors know if this macro fails on any platform, or +# if you have any other suggestions or comments. This macro was based +# on work by SGJ on autoconf scripts for FFTW (http://www.fftw.org/) +# (with help from M. Frigo), as well as ac_pthread and hb_pthread +# macros posted by Alejandro Forero Cuervo to the autoconf macro +# repository. We are also grateful for the helpful feedback of +# numerous users. +# +# LAST MODIFICATION +# +# 2007-07-29 +# +# COPYLEFT +# +# Copyright (c) 2007 Steven G. Johnson +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see +# . +# +# As a special exception, the respective Autoconf Macro's copyright +# owner gives unlimited permission to copy, distribute and modify the +# configure scripts that are the output of Autoconf when processing +# the Macro. You need not follow the terms of the GNU General Public +# License when using or distributing such scripts, even though +# portions of the text of the Macro appear in them. The GNU General +# Public License (GPL) does govern all other use of the material that +# constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the +# Autoconf Macro released by the Autoconf Macro Archive. When you +# make and distribute a modified version of the Autoconf Macro, you +# may extend this special exception to the GPL to apply to your +# modified version as well. + +AC_DEFUN([ACX_PTHREAD], [ +AC_REQUIRE([AC_CANONICAL_HOST]) +AC_LANG_SAVE +AC_LANG_C +acx_pthread_ok=no + +# We used to check for pthread.h first, but this fails if pthread.h +# requires special compiler flags (e.g. on True64 or Sequent). +# It gets checked for in the link test anyway. + +# First of all, check if the user has set any of the PTHREAD_LIBS, +# etcetera environment variables, and if threads linking works using +# them: +if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then + save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + save_LIBS="$LIBS" + LIBS="$PTHREAD_LIBS $LIBS" + AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS]) + AC_TRY_LINK_FUNC(pthread_join, acx_pthread_ok=yes) + AC_MSG_RESULT($acx_pthread_ok) + if test x"$acx_pthread_ok" = xno; then + PTHREAD_LIBS="" + PTHREAD_CFLAGS="" + fi + LIBS="$save_LIBS" + CFLAGS="$save_CFLAGS" +fi + +# We must check for the threads library under a number of different +# names; the ordering is very important because some systems +# (e.g. DEC) have both -lpthread and -lpthreads, where one of the +# libraries is broken (non-POSIX). + +# Create a list of thread flags to try. Items starting with a "-" are +# C compiler flags, and other items are library names, except for "none" +# which indicates that we try without any flags at all, and "pthread-config" +# which is a program returning the flags for the Pth emulation library. + +acx_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" + +# The ordering *is* (sometimes) important. Some notes on the +# individual items follow: + +# pthreads: AIX (must check this before -lpthread) +# none: in case threads are in libc; should be tried before -Kthread and +# other compiler flags to prevent continual compiler warnings +# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) +# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) +# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) +# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads) +# -pthreads: Solaris/gcc +# -mthreads: Mingw32/gcc, Lynx/gcc +# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it +# doesn't hurt to check since this sometimes defines pthreads too; +# also defines -D_REENTRANT) +# ... -mt is also the pthreads flag for HP/aCC +# pthread: Linux, etcetera +# --thread-safe: KAI C++ +# pthread-config: use pthread-config program (for GNU Pth library) + +case "${host_cpu}-${host_os}" in + *solaris*) + + # On Solaris (at least, for some versions), libc contains stubbed + # (non-functional) versions of the pthreads routines, so link-based + # tests will erroneously succeed. (We need to link with -pthreads/-mt/ + # -lpthread.) (The stubs are missing pthread_cleanup_push, or rather + # a function called by this macro, so we could check for that, but + # who knows whether they'll stub that too in a future libc.) So, + # we'll just look for -pthreads and -lpthread first: + + acx_pthread_flags="-pthreads pthread -mt -pthread $acx_pthread_flags" + ;; +esac + +if test x"$acx_pthread_ok" = xno; then +for flag in $acx_pthread_flags; do + + case $flag in + none) + AC_MSG_CHECKING([whether pthreads work without any flags]) + ;; + + -pthread) + AC_MSG_CHECKING([whether pthreads work with $flag]) + PTHREAD_CFLAGS="$flag" + ;; + + -*) + AC_MSG_CHECKING([whether pthreads work with $flag]) + PTHREAD_CFLAGS="$flag" + ;; + + pthread-config) + AC_CHECK_PROG(acx_pthread_config, pthread-config, yes, no) + if test x"$acx_pthread_config" = xno; then continue; fi + PTHREAD_CFLAGS="`pthread-config --cflags`" + PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" + ;; + + *) + AC_MSG_CHECKING([for the pthreads library -l$flag]) + PTHREAD_LIBS="-l$flag" + ;; + esac + + save_LIBS="$LIBS" + save_CFLAGS="$CFLAGS" + save_LDFLAGS="$LDFLAGS" + LIBS="$PTHREAD_LIBS $LIBS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + LDFLAGS="$LDFLAGS $PTHREAD_CFLAGS" + + # Check for various functions. We must include pthread.h, + # since some functions may be macros. (On the Sequent, we + # need a special flag -Kthread to make this header compile.) + # We check for pthread_join because it is in -lpthread on IRIX + # while pthread_create is in libc. We check for pthread_attr_init + # due to DEC craziness with -lpthreads. We check for + # pthread_cleanup_push because it is one of the few pthread + # functions on Solaris that doesn't have a non-functional libc stub. + # We try pthread_create on general principles. + AC_TRY_LINK([#include ], + [pthread_t th; pthread_join(th, 0); + pthread_attr_init(0); pthread_cleanup_push(0, 0); + pthread_create(0,0,0,0); pthread_cleanup_pop(0); ], + [acx_pthread_ok=yes]) + + LIBS="$save_LIBS" + LDFLAGS="$save_LDFLAGS" + CFLAGS="$save_CFLAGS" + + AC_MSG_RESULT($acx_pthread_ok) + if test "x$acx_pthread_ok" = xyes; then + break; + fi + + PTHREAD_LIBS="" + PTHREAD_CFLAGS="" +done +fi + +# Various other checks: +if test "x$acx_pthread_ok" = xyes; then + save_LIBS="$LIBS" + LIBS="$PTHREAD_LIBS $LIBS" + save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + + # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. + AC_MSG_CHECKING([for joinable pthread attribute]) + attr_name=unknown + for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do + AC_TRY_LINK([#include ], [int attr=$attr; return attr;], + [attr_name=$attr; break]) + done + AC_MSG_RESULT($attr_name) + if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then + AC_DEFINE_UNQUOTED(PTHREAD_CREATE_JOINABLE, $attr_name, + [Define to necessary symbol if this constant + uses a non-standard name on your system.]) + fi + + # Solaris lossage: default is obsolete semantics for getpwnam_r, + # getpwuid_r, getgrgid_r, unless _POSIX_PTHREAD_SEMANTICS is defined + AC_MSG_CHECKING([if more special flags are required for pthreads]) + flag=no + case "${host_cpu}-${host_os}" in + *-aix* | *-freebsd* | *-darwin*) flag="-D_THREAD_SAFE";; + *-osf* | *-hpux*) flag="-D_REENTRANT";; + *solaris*) flag="-D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT";; + esac + AC_MSG_RESULT(${flag}) + if test "x$flag" != xno; then + PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS" + fi + + # Detect PTHREAD_MUTEX_RECURSIVE + AC_MSG_CHECKING([for recursive mutexes]) + mutex_recursive=no + AC_TRY_LINK([ +#define _XOPEN_SOURCE 500 +#include ], [ +pthread_mutexattr_t mta; +pthread_mutexattr_settype(&mta, PTHREAD_MUTEX_RECURSIVE); +return 0;],[mutex_recursive=yes]) + if test "x$mutex_recursive" = "xyes" + then + AC_DEFINE(HAVE_PTHREAD_MUTEX_RECURSIVE,1,[Define if you have recursive mutexes.]) + fi + AC_MSG_RESULT($mutex_recursive) + + LIBS="$save_LIBS" + CFLAGS="$save_CFLAGS" + + # More AIX lossage: must compile with xlc_r or cc_r + if test x"$GCC" != xyes; then + AC_CHECK_PROGS(PTHREAD_CC, xlc_r cc_r, ${CC}) + else + PTHREAD_CC=$CC + fi +else + PTHREAD_CC="$CC" +fi + +if test x"$acx_pthread_ok" = xyes; then + PTHREAD_CFLAGS="${PTHREAD_CFLAGS} -DUSE_MALLOC_LOCK=1" +fi + +AC_SUBST(PTHREAD_LIBS) +AC_SUBST(PTHREAD_CFLAGS) +AC_SUBST(PTHREAD_LDFLAGS) +AC_SUBST(PTHREAD_CC) + +# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: +if test x"$acx_pthread_ok" = xyes; then + ifelse([$1],,AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.]),[$1]) + : +else + acx_pthread_ok=no + $2 +fi +AC_LANG_RESTORE +])dnl ACX_PTHREAD + + + + +dnl Copyright © 2004 Loic Dachary +dnl +dnl This program is free software; you can redistribute it and/or modify +dnl it under the terms of the GNU General Public License as published by +dnl the Free Software Foundation; either version 2 of the License, or (at +dnl your option) any later version. +dnl +dnl Use ZLIB_HOME instead of option + +AC_DEFUN([CHECK_ZLIB],[ + +if test "x${ZLIB_HOME}" = "x"; then + ZLIB_HOME=/usr/local + if test ! -f "${ZLIB_HOME}/include/zlib.h" + then + ZLIB_HOME=/usr + fi +fi + +zlib_found=no + +ZLIB_OLD_LDFLAGS=$LDFLAGS +ZLIB_OLD_CPPFLAGS=$LDFLAGS +if test "x${ZLIB_HOME}" = "x/usr"; then + : +else + LDFLAGS="$LDFLAGS -L${ZLIB_HOME}/lib" + CPPFLAGS="$CPPFLAGS -I${ZLIB_HOME}/include" +fi +AC_LANG_SAVE +AC_LANG_C +AC_CHECK_LIB(z, inflateEnd, [zlib_cv_libz=yes], [zlib_cv_libz=no]) +AC_CHECK_HEADER(zlib.h, [zlib_cv_zlib_h=yes], [zlib_cv_zlib_h=no]) +AC_LANG_RESTORE +if test "$zlib_cv_libz" = "yes" -a "$zlib_cv_zlib_h" = "yes" +then + # + # If both library and header were found, use them + # + AC_CHECK_LIB(z, inflateEnd) + AC_MSG_CHECKING([zlib in ${ZLIB_HOME}]) + AC_MSG_RESULT(ok) + AC_CHECK_FUNCS([compressBound]) + zlib_found=yes +else + # + # If either header or library was not found, revert and bomb + # + AC_MSG_CHECKING(zlib in ${ZLIB_HOME}) + LDFLAGS="$ZLIB_OLD_LDFLAGS" + CPPFLAGS="$ZLIB_OLD_CPPFLAGS" + AC_MSG_RESULT(failed) + AC_MSG_WARN([zlib not found in ZLIB_HOME, /usr/local, or /usr]) +fi + +]) + +# SH_PROG_LD +# ---------- +# find the pathname to the GNU or non-GNU linker +AC_DEFUN([SH_PROG_LD], +[ +AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_CANONICAL_BUILD])dnl +ac_prog=ld +if test "$GCC" = yes; then + # Check if gcc -print-prog-name=ld gives a path. + AC_MSG_CHECKING([for ld used by $CC]) + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return which upsets mingw + ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $ac_prog in + # Accept absolute paths. + [[\\/]]* | ?:[[\\/]]*) + re_direlt='/[[^/]][[^/]]*/\.\./' + # Canonicalize the pathname of ld + ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'` + while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do + ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"` + done + test -z "$LD" && LD="$ac_prog" + ;; + "") + # If it fails, then pretend we aren't using GCC. + ac_prog=ld + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac +else + AC_MSG_CHECKING([for ld]) +fi +AC_CACHE_VAL(lt_cv_path_LD, +[if test -z "$LD"; then + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + lt_cv_path_LD="$ac_dir/$ac_prog" + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some variants of GNU ld only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + case `"$lt_cv_path_LD" -v 2>&1 &1 /dev/null + +if test -r "/dev/urandom"; then + if test -c "/dev/urandom"; then + dd if=/dev/urandom ibs=1 count=4 > my_random_file 2>/dev/null + nsum=`sum ./my_random_file | awk '{print $1 }' | sed 's%^0*%%g' 2>/dev/null` + if test x$nsum != x; then + rnd_tst=yes + fi + fi +fi + +if test x$rnd_tst = xno; then + if test -r "/dev/srandom"; then + if test -c "/dev/srandom"; then + dd if=/dev/srandom ibs=1 count=4 > my_random_file 2>/dev/null + nsum=`sum ./my_random_file | awk '{print $1 }' | sed 's%^0*%%g' 2>/dev/null` + if test x$nsum != x; then + rnd_tst=yes + fi + fi + fi +fi + +if test x$rnd_tst = xno; then +# + touch ./my_random_file +# + if test -r "/usr/ucb/vmstat"; then + /usr/ucb/vmstat >> my_random_file 2>/dev/null + fi + if test -r "/bin/vmstat"; then + /bin/vmstat >> my_random_file 2>/dev/null + fi + if test -r "/sbin/vmstat"; then + /sbin/vmstat >> my_random_file 2>/dev/null + fi + if test -r "/usr/bin/vmstat"; then + /usr/bin/vmstat >> my_random_file 2>/dev/null + fi + if test -r "/usr/sbin/vmstat"; then + /usr/sbin/vmstat >> my_random_file 2>/dev/null + fi + if test -r "/usr/local/bin/vmstat"; then + /usr/local/bin/vmstat >> my_random_file 2>/dev/null + fi +# + if test -r "/usr/ucb/netstat"; then + /usr/ucb/netstat -n >> my_random_file 2>/dev/null + fi + if test -r "/bin/netstat"; then + /bin/netstat -n >> my_random_file 2>/dev/null + fi + if test -r "/sbin/netstat"; then + /sbin/netstat -n >> my_random_file 2>/dev/null + fi + if test -r "/usr/bin/netstat"; then + /usr/bin/netstat -n >> my_random_file 2>/dev/null + fi + if test -r "/usr/sbin/netstat"; then + /usr/sbin/netstat -n >> my_random_file 2>/dev/null + fi + if test -r "/usr/local/bin/netstat"; then + /usr/local/bin/netstat -n >> my_random_file 2>/dev/null + fi +# +# + if test -r "/usr/ucb/ps"; then + /usr/ucb/ps -ef >> my_random_file 2>/dev/null + fi + if test -r "/bin/ps"; then + /bin/ps -ef >> my_random_file 2>/dev/null + fi + if test -r "/sbin/ps"; then + /sbin/ps -ef >> my_random_file 2>/dev/null + fi + if test -r "/usr/bin/ps"; then + /usr/bin/ps -ef >> my_random_file 2>/dev/null + fi + if test -r "/usr/sbin/ps"; then + /usr/sbin/ps -ef >> my_random_file 2>/dev/null + fi + if test -r "/usr/local/bin/ps"; then + /usr/local/bin/ps -ef >> my_random_file 2>/dev/null + fi +# +# + if test -r "/usr/ucb/arp"; then + /usr/ucb/arp -a >> my_random_file 2>/dev/null + fi + if test -r "/bin/arp"; then + /bin/arp -a >> my_random_file 2>/dev/null + fi + if test -r "/sbin/arp"; then + /sbin/arp -a >> my_random_file 2>/dev/null + fi + if test -r "/usr/bin/arp"; then + /usr/bin/arp -a >> my_random_file 2>/dev/null + fi + if test -r "/usr/sbin/arp"; then + /usr/sbin/arp -a >> my_random_file 2>/dev/null + fi + if test -r "/usr/local/bin/arp"; then + /usr/local/bin/arp -a >> my_random_file 2>/dev/null + fi +# +# + if test -r "/usr/ucb/w"; then + /usr/ucb/w >> my_random_file 2>/dev/null + fi + if test -r "/bin/w"; then + /bin/w >> my_random_file 2>/dev/null + fi + if test -r "/sbin/w"; then + /sbin/w >> my_random_file 2>/dev/null + fi + if test -r "/usr/bin/w"; then + /usr/bin/w >> my_random_file 2>/dev/null + fi + if test -r "/usr/sbin/w"; then + /usr/sbin/w >> my_random_file 2>/dev/null + fi + if test -r "/usr/local/bin/w"; then + /usr/local/bin/w >> my_random_file 2>/dev/null + fi +# +# Don't use (NFS problems ahead) +# +# if test -r "/usr/ucb/df"; then +# /usr/ucb/df >> my_random_file 2>/dev/null +# fi +# if test -r "/bin/df"; then +# /bin/df >> my_random_file 2>/dev/null +# fi +# if test -r "/sbin/df"; then +# /sbin/df >> my_random_file 2>/dev/null +# fi +# if test -r "/usr/bin/df"; then +# /usr/bin/df >> my_random_file 2>/dev/null +# fi +# if test -r "/usr/sbin/df"; then +# /usr/sbin/df >> my_random_file 2>/dev/null +# fi +# if test -r "/usr/local/bin/df"; then +# /usr/local/bin/df >> my_random_file 2>/dev/null +# fi +# +# + if test -r "/usr/ucb/free"; then + /usr/ucb/free >> my_random_file 2>/dev/null + fi + if test -r "/bin/free"; then + /bin/free >> my_random_file 2>/dev/null + fi + if test -r "/sbin/free"; then + /sbin/free >> my_random_file 2>/dev/null + fi + if test -r "/usr/bin/free"; then + /usr/bin/free >> my_random_file 2>/dev/null + fi + if test -r "/usr/sbin/free"; then + /usr/sbin/free >> my_random_file 2>/dev/null + fi + if test -r "/usr/local/bin/free"; then + /usr/local/bin/free >> my_random_file 2>/dev/null + fi +# +# + if test -r "/usr/ucb/uptime"; then + /usr/ucb/uptime >> my_random_file 2>/dev/null + fi + if test -r "/bin/uptime"; then + /bin/uptime >> my_random_file 2>/dev/null + fi + if test -r "/sbin/uptime"; then + /sbin/uptime >> my_random_file 2>/dev/null + fi + if test -r "/usr/bin/uptime"; then + /usr/bin/uptime >> my_random_file 2>/dev/null + fi + if test -r "/usr/sbin/uptime"; then + /usr/sbin/uptime >> my_random_file 2>/dev/null + fi + if test -r "/usr/local/bin/uptime"; then + /usr/local/bin/uptime >> my_random_file 2>/dev/null + fi +# +# + if test -r "/usr/ucb/procinfo"; then + /usr/ucb/procinfo -a >> my_random_file 2>/dev/null + fi + if test -r "/bin/procinfo"; then + /bin/procinfo -a >> my_random_file 2>/dev/null + fi + if test -r "/sbin/procinfo"; then + /sbin/procinfo -a >> my_random_file 2>/dev/null + fi + if test -r "/usr/bin/procinfo"; then + /usr/bin/procinfo -a >> my_random_file 2>/dev/null + fi + if test -r "/usr/sbin/procinfo"; then + /usr/sbin/procinfo -a >> my_random_file 2>/dev/null + fi + if test -r "/usr/local/bin/procinfo"; then + /usr/local/bin/procinfo -a >> my_random_file 2>/dev/null + fi +# + nsum=`sum ./my_random_file | awk '{print $1 }' | sed 's%^0*%%g' 2>/dev/null` +# +fi + +# +# 'sum' is portable, but only 16 bit +# + +/bin/rm -f ./my_random_file 2>/dev/null + +echo $nsum + + Index: /tags/2.5.0/config.guess =================================================================== --- /tags/2.5.0/config.guess (revision 189) +++ /tags/2.5.0/config.guess (revision 189) @@ -0,0 +1,1363 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002 Free Software Foundation, Inc. + +timestamp='2002-10-21' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Originally written by Per Bothner . +# Please send patches to . Submit a context +# diff and a properly formatted ChangeLog entry. +# +# This script attempts to guess a canonical system name similar to +# config.sub. If it succeeds, it prints the system name on stdout, and +# exits with 0. Otherwise, it exits with 1. +# +# The plan is that this can be called by configure scripts if you +# don't specify an explicit build system type. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] + +Output the configuration name of the system \`$me' is run on. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.guess ($timestamp) + +Originally written by Per Bothner. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit 0 ;; + --version | -v ) + echo "$version" ; exit 0 ;; + --help | --h* | -h ) + echo "$usage"; exit 0 ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + * ) + break ;; + esac +done + +if test $# != 0; then + echo "$me: too many arguments$help" >&2 + exit 1 +fi + +trap 'exit 1' 1 2 15 + +# CC_FOR_BUILD -- compiler used by this script. Note that the use of a +# compiler to aid in system detection is discouraged as it requires +# temporary files to be created and, as you can see below, it is a +# headache to deal with in a portable fashion. + +# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still +# use `HOST_CC' if defined, but it is deprecated. + +# This shell variable is my proudest work .. or something. --bje + +set_cc_for_build='tmpdir=${TMPDIR-/tmp}/config-guess-$$ ; +(old=`umask` && umask 077 && mkdir $tmpdir && umask $old && unset old) + || (echo "$me: cannot create $tmpdir" >&2 && exit 1) ; +dummy=$tmpdir/dummy ; +files="$dummy.c $dummy.o $dummy.rel $dummy" ; +trap '"'"'rm -f $files; rmdir $tmpdir; exit 1'"'"' 1 2 15 ; +case $CC_FOR_BUILD,$HOST_CC,$CC in + ,,) echo "int x;" > $dummy.c ; + for c in cc gcc c89 c99 ; do + if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then + CC_FOR_BUILD="$c"; break ; + fi ; + done ; + rm -f $files ; + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found ; + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; +esac ; +unset files' + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 1994-08-24) +if (test -f /.attbin/uname) >/dev/null 2>&1 ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +# Note: order is significant - the case branches are not exclusive. + +case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or + # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward + # compatibility and a consistent mechanism for selecting the + # object file format. + # + # Note: NetBSD doesn't particularly care about the vendor + # portion of the name. We always set it to "unknown". + sysctl="sysctl -n hw.machine_arch" + UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ + /usr/sbin/$sysctl 2>/dev/null || echo unknown)` + case "${UNAME_MACHINE_ARCH}" in + armeb) machine=armeb-unknown ;; + arm*) machine=arm-unknown ;; + sh3el) machine=shl-unknown ;; + sh3eb) machine=sh-unknown ;; + *) machine=${UNAME_MACHINE_ARCH}-unknown ;; + esac + # The Operating System including object format, if it has switched + # to ELF recently, or will in the future. + case "${UNAME_MACHINE_ARCH}" in + arm*|i386|m68k|ns32k|sh3*|sparc|vax) + eval $set_cc_for_build + if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep __ELF__ >/dev/null + then + # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). + # Return netbsd for either. FIX? + os=netbsd + else + os=netbsdelf + fi + ;; + *) + os=netbsd + ;; + esac + # The OS release + release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" + exit 0 ;; + amiga:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + arc:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + hp300:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mac68k:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + macppc:OpenBSD:*:*) + echo powerpc-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvme68k:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvme88k:OpenBSD:*:*) + echo m88k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvmeppc:OpenBSD:*:*) + echo powerpc-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + pmax:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + sgi:OpenBSD:*:*) + echo mipseb-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + sun3:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + wgrisc:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + *:OpenBSD:*:*) + echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + alpha:OSF1:*:*) + if test $UNAME_RELEASE = "V4.0"; then + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` + fi + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + eval $set_cc_for_build + cat <$dummy.s + .data +\$Lformat: + .byte 37,100,45,37,120,10,0 # "%d-%x\n" + + .text + .globl main + .align 4 + .ent main +main: + .frame \$30,16,\$26,0 + ldgp \$29,0(\$27) + .prologue 1 + .long 0x47e03d80 # implver \$0 + lda \$2,-1 + .long 0x47e20c21 # amask \$2,\$1 + lda \$16,\$Lformat + mov \$0,\$17 + not \$1,\$18 + jsr \$26,printf + ldgp \$29,0(\$26) + mov 0,\$16 + jsr \$26,exit + .end main +EOF + $CC_FOR_BUILD -o $dummy $dummy.s 2>/dev/null + if test "$?" = 0 ; then + case `$dummy` in + 0-0) + UNAME_MACHINE="alpha" + ;; + 1-0) + UNAME_MACHINE="alphaev5" + ;; + 1-1) + UNAME_MACHINE="alphaev56" + ;; + 1-101) + UNAME_MACHINE="alphapca56" + ;; + 2-303) + UNAME_MACHINE="alphaev6" + ;; + 2-307) + UNAME_MACHINE="alphaev67" + ;; + 2-1307) + UNAME_MACHINE="alphaev68" + ;; + 3-1307) + UNAME_MACHINE="alphaev7" + ;; + esac + fi + rm -f $dummy.s $dummy && rmdir $tmpdir + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + exit 0 ;; + Alpha\ *:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # Should we change UNAME_MACHINE based on the output of uname instead + # of the specific Alpha model? + echo alpha-pc-interix + exit 0 ;; + 21064:Windows_NT:50:3) + echo alpha-dec-winnt3.5 + exit 0 ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-unknown-sysv4 + exit 0;; + *:[Aa]miga[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-amigaos + exit 0 ;; + *:[Mm]orph[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-morphos + exit 0 ;; + *:OS/390:*:*) + echo i370-ibm-openedition + exit 0 ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit 0;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp + exit 0;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit 0 ;; + NILE*:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit 0 ;; + DRS?6000:UNIX_SV:4.2*:7*) + case `/usr/bin/uname -p` in + sparc) echo sparc-icl-nx7 && exit 0 ;; + esac ;; + sun4H:SunOS:5.*:*) + echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + i86pc:SunOS:5.*:*) + echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + exit 0 ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos${UNAME_RELEASE} + exit 0 ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + case "`/bin/arch`" in + sun3) + echo m68k-sun-sunos${UNAME_RELEASE} + ;; + sun4) + echo sparc-sun-sunos${UNAME_RELEASE} + ;; + esac + exit 0 ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos${UNAME_RELEASE} + exit 0 ;; + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor + # > m68000). The system name ranges from "MiNT" over "FreeMiNT" + # to the lowercase version "mint" (or "freemint"). Finally + # the system name "TOS" denotes a system which is actually not + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) + echo m68k-milan-mint${UNAME_RELEASE} + exit 0 ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) + echo m68k-hades-mint${UNAME_RELEASE} + exit 0 ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) + echo m68k-unknown-mint${UNAME_RELEASE} + exit 0 ;; + powerpc:machten:*:*) + echo powerpc-apple-machten${UNAME_RELEASE} + exit 0 ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit 0 ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) + echo clipper-intergraph-clix${UNAME_RELEASE} + exit 0 ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c +#ifdef __cplusplus +#include /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c \ + && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ + && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 + rm -f $dummy.c $dummy && rmdir $tmpdir + echo mips-mips-riscos${UNAME_RELEASE} + exit 0 ;; + Motorola:PowerMAX_OS:*:*) + echo powerpc-motorola-powermax + exit 0 ;; + Motorola:*:4.3:PL8-*) + echo powerpc-harris-powermax + exit 0 ;; + Night_Hawk:*:*:PowerMAX_OS) + echo powerpc-harris-powermax + exit 0 ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit 0 ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit 0 ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit 0 ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit 0 ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] + then + if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ + [ ${TARGET_BINARY_INTERFACE}x = x ] + then + echo m88k-dg-dgux${UNAME_RELEASE} + else + echo m88k-dg-dguxbcs${UNAME_RELEASE} + fi + else + echo i586-dg-dgux${UNAME_RELEASE} + fi + exit 0 ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit 0 ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit 0 ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit 0 ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit 0 ;; + *:IRIX*:*:*) + echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + exit 0 ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i*86:AIX:*:*) + echo i386-ibm-aix + exit 0 ;; + ia64:AIX:*:*) + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} + exit 0 ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 + rm -f $dummy.c $dummy && rmdir $tmpdir + echo rs6000-ibm-aix3.2.5 + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit 0 ;; + *:AIX:*:[45]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` + if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${IBM_ARCH}-ibm-aix${IBM_REV} + exit 0 ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit 0 ;; + ibmrt:4.4BSD:*|romp-ibm:BSD:*) + echo romp-ibm-bsd4.4 + exit 0 ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and + echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + exit 0 ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit 0 ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit 0 ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit 0 ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit 0 ;; + 9000/[34678]??:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + case "${UNAME_MACHINE}" in + 9000/31? ) HP_ARCH=m68000 ;; + 9000/[34]?? ) HP_ARCH=m68k ;; + 9000/[678][0-9][0-9]) + if [ -x /usr/bin/getconf ]; then + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "${sc_cpu_version}" in + 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 + 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "${sc_kernel_bits}" in + 32) HP_ARCH="hppa2.0n" ;; + 64) HP_ARCH="hppa2.0w" ;; + '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + esac ;; + esac + fi + if [ "${HP_ARCH}" = "" ]; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + + #define _HPUX_SOURCE + #include + #include + + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); + + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } +EOF + (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi + rm -f $dummy.c $dummy && rmdir $tmpdir + fi ;; + esac + echo ${HP_ARCH}-hp-hpux${HPUX_REV} + exit 0 ;; + ia64:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux${HPUX_REV} + exit 0 ;; + 3050*:HI-UX:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 + rm -f $dummy.c $dummy && rmdir $tmpdir + echo unknown-hitachi-hiuxwe2 + exit 0 ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + echo hppa1.1-hp-bsd + exit 0 ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit 0 ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) + echo hppa1.0-hp-mpeix + exit 0 ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + echo hppa1.1-hp-osf + exit 0 ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit 0 ;; + i*86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo ${UNAME_MACHINE}-unknown-osf1mk + else + echo ${UNAME_MACHINE}-unknown-osf1 + fi + exit 0 ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit 0 ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit 0 ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit 0 ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit 0 ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit 0 ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*[A-Z]90:*:*:*) + echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ + -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*T3D:*:*:*) + echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*T3E:*:*:*) + echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*SV1:*:*:*) + echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit 0 ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) + echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + exit 0 ;; + sparc*:BSD/OS:*:*) + echo sparc-unknown-bsdi${UNAME_RELEASE} + exit 0 ;; + *:BSD/OS:*:*) + echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + exit 0 ;; + *:FreeBSD:*:*) + # Determine whether the default compiler uses glibc. + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + #if __GLIBC__ >= 2 + LIBC=gnu + #else + LIBC= + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` + rm -f $dummy.c && rmdir $tmpdir + echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC} + exit 0 ;; + i*:CYGWIN*:*) + echo ${UNAME_MACHINE}-pc-cygwin + exit 0 ;; + i*:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit 0 ;; + i*:PW*:*) + echo ${UNAME_MACHINE}-pc-pw32 + exit 0 ;; + x86:Interix*:3*) + echo i386-pc-interix3 + exit 0 ;; + i*:Windows_NT*:* | Pentium*:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we + # UNAME_MACHINE based on the output of uname instead of i386? + echo i386-pc-interix + exit 0 ;; + i*:UWIN*:*) + echo ${UNAME_MACHINE}-pc-uwin + exit 0 ;; + p*:CYGWIN*:*) + echo powerpcle-unknown-cygwin + exit 0 ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + *:GNU:*:*) + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + exit 0 ;; + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit 0 ;; + arm*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + ia64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + m68*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + mips:Linux:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #undef CPU + #undef mips + #undef mipsel + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=mipsel + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=mips + #else + CPU= + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` + rm -f $dummy.c && rmdir $tmpdir + test x"${CPU}" != x && echo "${CPU}-pc-linux-gnu" && exit 0 + ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu + exit 0 ;; + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-gnu + exit 0 ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + exit 0 ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in + PA7*) echo hppa1.1-unknown-linux-gnu ;; + PA8*) echo hppa2.0-unknown-linux-gnu ;; + *) echo hppa-unknown-linux-gnu ;; + esac + exit 0 ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu + exit 0 ;; + s390:Linux:*:* | s390x:Linux:*:*) + echo ${UNAME_MACHINE}-ibm-linux + exit 0 ;; + sh*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + sparc:Linux:*:* | sparc64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + x86_64:Linux:*:*) + echo x86_64-unknown-linux-gnu + exit 0 ;; + i*86:Linux:*:*) + # The BFD linker knows what the default object file format is, so + # first see if it will tell us. cd to the root directory to prevent + # problems with other programs or directories called `ld' in the path. + # Set LC_ALL=C to ensure ld outputs messages in English. + ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ + | sed -ne '/supported targets:/!d + s/[ ][ ]*/ /g + s/.*supported targets: *// + s/ .*// + p'` + case "$ld_supported_targets" in + elf32-i386) + TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" + ;; + a.out-i386-linux) + echo "${UNAME_MACHINE}-pc-linux-gnuaout" + exit 0 ;; + coff-i386) + echo "${UNAME_MACHINE}-pc-linux-gnucoff" + exit 0 ;; + "") + # Either a pre-BFD a.out linker (linux-gnuoldld) or + # one that does not give us useful --help. + echo "${UNAME_MACHINE}-pc-linux-gnuoldld" + exit 0 ;; + esac + # Determine whether the default compiler is a.out or elf + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + #ifdef __ELF__ + # ifdef __GLIBC__ + # if __GLIBC__ >= 2 + LIBC=gnu + # else + LIBC=gnulibc1 + # endif + # else + LIBC=gnulibc1 + # endif + #else + #ifdef __INTEL_COMPILER + LIBC=gnu + #else + LIBC=gnuaout + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` + rm -f $dummy.c && rmdir $tmpdir + test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0 + test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 + ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. + echo i386-sequent-sysv4 + exit 0 ;; + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + exit 0 ;; + i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) + UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} + else + echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} + fi + exit 0 ;; + i*86:*:5:[78]*) + case `/bin/uname -X | grep "^Machine"` in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac + echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + exit 0 ;; + i*86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` + (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ + && UNAME_MACHINE=i686 + (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ + && UNAME_MACHINE=i686 + echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + else + echo ${UNAME_MACHINE}-pc-sysv32 + fi + exit 0 ;; + i*86:*DOS:*:*) + echo ${UNAME_MACHINE}-pc-msdosdjgpp + exit 0 ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i386. + echo i386-pc-msdosdjgpp + exit 0 ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit 0 ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit 0 ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + fi + exit 0 ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit 0 ;; + mc68k:UNIX:SYSTEM5:3.51m) + echo m68k-convergent-sysv + exit 0 ;; + M68*:*:R3V[567]*:*) + test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; + 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4.3${OS_REL} && exit 0 + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4 && exit 0 ;; + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) + echo m68k-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit 0 ;; + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) + echo i386-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + rs6000:LynxOS:2.*:*) + echo rs6000-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) + echo powerpc-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv${UNAME_RELEASE} + exit 0 ;; + RM*:ReliantUNIX-*:*:*) + echo mips-sni-sysv4 + exit 0 ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit 0 ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo ${UNAME_MACHINE}-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit 0 ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit 0 ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit 0 ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit 0 ;; + *:VOS:*:*) + # From Paul.Green@stratus.com. + echo hppa1.1-stratus-vos + exit 0 ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux${UNAME_RELEASE} + exit 0 ;; + news*:NEWS-OS:6*:*) + echo mips-sony-newsos6 + exit 0 ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv${UNAME_RELEASE} + else + echo mips-unknown-sysv${UNAME_RELEASE} + fi + exit 0 ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos + exit 0 ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. + echo powerpc-apple-beos + exit 0 ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. + echo i586-pc-beos + exit 0 ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} + exit 0 ;; + SX-5:SUPER-UX:*:*) + echo sx5-nec-superux${UNAME_RELEASE} + exit 0 ;; + SX-6:SUPER-UX:*:*) + echo sx6-nec-superux${UNAME_RELEASE} + exit 0 ;; + Power*:Rhapsody:*:*) + echo powerpc-apple-rhapsody${UNAME_RELEASE} + exit 0 ;; + *:Rhapsody:*:*) + echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} + exit 0 ;; + *:Darwin:*:*) + echo `uname -p`-apple-darwin${UNAME_RELEASE} + exit 0 ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + UNAME_PROCESSOR=`uname -p` + if test "$UNAME_PROCESSOR" = "x86"; then + UNAME_PROCESSOR=i386 + UNAME_MACHINE=pc + fi + echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} + exit 0 ;; + *:QNX:*:4*) + echo i386-pc-qnx + exit 0 ;; + NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk${UNAME_RELEASE} + exit 0 ;; + *:NonStop-UX:*:*) + echo mips-compaq-nonstopux + exit 0 ;; + BS2000:POSIX*:*:*) + echo bs2000-siemens-sysv + exit 0 ;; + DS/*:UNIX_System_V:*:*) + echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} + exit 0 ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 + # operating systems. + if test "$cputype" = "386"; then + UNAME_MACHINE=i386 + else + UNAME_MACHINE="$cputype" + fi + echo ${UNAME_MACHINE}-unknown-plan9 + exit 0 ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. + echo ${UNAME_MACHINE}-pc-os2-emx + exit 0 ;; + *:TOPS-10:*:*) + echo pdp10-unknown-tops10 + exit 0 ;; + *:TENEX:*:*) + echo pdp10-unknown-tenex + exit 0 ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) + echo pdp10-dec-tops20 + exit 0 ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) + echo pdp10-xkl-tops20 + exit 0 ;; + *:TOPS-20:*:*) + echo pdp10-unknown-tops20 + exit 0 ;; + *:ITS:*:*) + echo pdp10-unknown-its + exit 0 ;; + i*86:XTS-300:*:STOP) + echo ${UNAME_MACHINE}-unknown-stop + exit 0 ;; + i*86:atheos:*:*) + echo ${UNAME_MACHINE}-unknown-atheos + exit 0 ;; +esac + +#echo '(No uname command or uname output not recognized.)' 1>&2 +#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 + +eval $set_cc_for_build +cat >$dummy.c < +# include +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (__arm) && defined (__acorn) && defined (__unix) + printf ("arm-acorn-riscix"); exit (0); +#endif + +#if defined (hp300) && !defined (hpux) + printf ("m68k-hp-bsd\n"); exit (0); +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + if (version < 4) + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + else + printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); + +#endif + +#if defined (vax) +# if !defined (ultrix) +# include +# if defined (BSD) +# if BSD == 43 + printf ("vax-dec-bsd4.3\n"); exit (0); +# else +# if BSD == 199006 + printf ("vax-dec-bsd4.3reno\n"); exit (0); +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# endif +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# else + printf ("vax-dec-ultrix\n"); exit (0); +# endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 +rm -f $dummy.c $dummy && rmdir $tmpdir + +# Apollos put the system type in the environment. + +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } + +# Convex versions that predate uname can use getsysinfo(1) + +if [ -x /usr/convex/getsysinfo ] +then + case `getsysinfo -f cpu_type` in + c1*) + echo c1-convex-bsd + exit 0 ;; + c2*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + c34*) + echo c34-convex-bsd + exit 0 ;; + c38*) + echo c38-convex-bsd + exit 0 ;; + c4*) + echo c4-convex-bsd + exit 0 ;; + esac +fi + +cat >&2 < in order to provide the needed +information to handle your system. + +config.guess timestamp = $timestamp + +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null` + +hostinfo = `(hostinfo) 2>/dev/null` +/bin/universe = `(/bin/universe) 2>/dev/null` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` +/bin/arch = `(/bin/arch) 2>/dev/null` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` + +UNAME_MACHINE = ${UNAME_MACHINE} +UNAME_RELEASE = ${UNAME_RELEASE} +UNAME_SYSTEM = ${UNAME_SYSTEM} +UNAME_VERSION = ${UNAME_VERSION} +EOF + +exit 1 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: Index: /tags/2.5.0/config.sub =================================================================== --- /tags/2.5.0/config.sub (revision 189) +++ /tags/2.5.0/config.sub (revision 189) @@ -0,0 +1,1470 @@ +#! /bin/sh +# Configuration validation subroutine script. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002 Free Software Foundation, Inc. + +timestamp='2002-09-05' + +# This file is (in principle) common to ALL GNU software. +# The presence of a machine in this file suggests that SOME GNU software +# can handle that machine. It does not imply ALL GNU software can. +# +# This file is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, +# Boston, MA 02111-1307, USA. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Please send patches to . Submit a context +# diff and a properly formatted ChangeLog entry. +# +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] CPU-MFR-OPSYS + $0 [OPTION] ALIAS + +Canonicalize a configuration name. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.sub ($timestamp) + +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit 0 ;; + --version | -v ) + echo "$version" ; exit 0 ;; + --help | --h* | -h ) + echo "$usage"; exit 0 ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" + exit 1 ;; + + *local*) + # First pass through any local machine types. + echo $1 + exit 0;; + + * ) + break ;; + esac +done + +case $# in + 0) echo "$me: missing argument$help" >&2 + exit 1;; + 1) ;; + *) echo "$me: too many arguments$help" >&2 + exit 1;; +esac + +# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). +# Here we must recognize all the valid KERNEL-OS combinations. +maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +case $maybe_os in + nto-qnx* | linux-gnu* | freebsd*-gnu* | storm-chaos* | os2-emx* | windows32-* | rtmk-nova*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] + then os=`echo $1 | sed 's/.*-/-/'` + else os=; fi + ;; +esac + +### Let's recognize common machines as not being operating systems so +### that things like config.sub decstation-3100 work. We also +### recognize some manufacturers as not being operating systems, so we +### can provide default operating systems below. +case $os in + -sun*os*) + # Prevent following clause from handling this invalid input. + ;; + -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ + -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ + -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ + -apple | -axis) + os= + basic_machine=$1 + ;; + -sim | -cisco | -oki | -wec | -winbond) + os= + basic_machine=$1 + ;; + -scout) + ;; + -wrs) + os=-vxworks + basic_machine=$1 + ;; + -chorusos*) + os=-chorusos + basic_machine=$1 + ;; + -chorusrdb) + os=-chorusrdb + basic_machine=$1 + ;; + -hiux*) + os=-hiuxwe2 + ;; + -sco5) + os=-sco3.2v5 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco4) + os=-sco3.2v4 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2v[4-9]*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco*) + os=-sco3.2v2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -udk*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -isc) + os=-isc2.2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -clix*) + basic_machine=clipper-intergraph + ;; + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -lynx*) + os=-lynxos + ;; + -ptx*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` + ;; + -windowsnt*) + os=`echo $os | sed -e 's/windowsnt/winnt/'` + ;; + -psos*) + os=-psos + ;; + -mint | -mint[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; +esac + +# Decode aliases for certain CPU-COMPANY combinations. +case $basic_machine in + # Recognize the basic CPU types without company name. + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ + | clipper \ + | d10v | d30v | dlx | dsp16xx \ + | fr30 | frv \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | i370 | i860 | i960 | ia64 \ + | ip2k \ + | m32r | m68000 | m68k | m88k | mcore \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ + | mips64vr | mips64vrel \ + | mips64orion | mips64orionel \ + | mips64vr4100 | mips64vr4100el \ + | mips64vr4300 | mips64vr4300el \ + | mips64vr5000 | mips64vr5000el \ + | mipsisa32 | mipsisa32el \ + | mipsisa64 | mipsisa64el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ + | mipstx39 | mipstx39el \ + | mn10200 | mn10300 \ + | ns16k | ns32k \ + | openrisc | or32 \ + | pdp10 | pdp11 | pj | pjl \ + | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ + | pyramid \ + | sh | sh[1234] | sh3e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ + | sh64 | sh64le \ + | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \ + | strongarm \ + | tahoe | thumb | tic80 | tron \ + | v850 | v850e \ + | we32k \ + | x86 | xscale | xstormy16 | xtensa \ + | z8k) + basic_machine=$basic_machine-unknown + ;; + m6811 | m68hc11 | m6812 | m68hc12) + # Motorola 68HC11/12. + basic_machine=$basic_machine-unknown + os=-none + ;; + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + ;; + + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i*86 | x86_64) + basic_machine=$basic_machine-pc + ;; + # Object if more than one company name word. + *-*-*) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; + # Recognize the basic CPU types with company name. + 580-* \ + | a29k-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | avr-* \ + | bs2000-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* \ + | clipper-* | cydra-* \ + | d10v-* | d30v-* | dlx-* \ + | elxsi-* \ + | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ + | i*86-* | i860-* | i960-* | ia64-* \ + | ip2k-* \ + | m32r-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ + | m88110-* | m88k-* | mcore-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ + | mips64vr-* | mips64vrel-* \ + | mips64orion-* | mips64orionel-* \ + | mips64vr4100-* | mips64vr4100el-* \ + | mips64vr4300-* | mips64vr4300el-* \ + | mips64vr5000-* | mips64vr5000el-* \ + | mipsisa32-* | mipsisa32el-* \ + | mipsisa64-* | mipsisa64el-* \ + | mipsisa64sb1-* | mipsisa64sb1el-* \ + | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipstx39 | mipstx39el \ + | none-* | np1-* | ns16k-* | ns32k-* \ + | orion-* \ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ + | pyramid-* \ + | romp-* | rs6000-* \ + | sh-* | sh[1234]-* | sh3e-* | sh[34]eb-* | shbe-* \ + | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ + | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \ + | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ + | tahoe-* | thumb-* | tic30-* | tic4x-* | tic54x-* | tic80-* | tron-* \ + | v850-* | v850e-* | vax-* \ + | we32k-* \ + | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \ + | xtensa-* \ + | ymp-* \ + | z8k-*) + ;; + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 386bsd) + basic_machine=i386-unknown + os=-bsd + ;; + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + basic_machine=m68000-att + ;; + 3b*) + basic_machine=we32k-att + ;; + a29khif) + basic_machine=a29k-amd + os=-udi + ;; + adobe68k) + basic_machine=m68010-adobe + os=-scout + ;; + alliant | fx80) + basic_machine=fx80-alliant + ;; + altos | altos3068) + basic_machine=m68k-altos + ;; + am29k) + basic_machine=a29k-none + os=-bsd + ;; + amdahl) + basic_machine=580-amdahl + os=-sysv + ;; + amiga | amiga-*) + basic_machine=m68k-unknown + ;; + amigaos | amigados) + basic_machine=m68k-unknown + os=-amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + os=-sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=-sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + os=-bsd + ;; + aux) + basic_machine=m68k-apple + os=-aux + ;; + balance) + basic_machine=ns32k-sequent + os=-dynix + ;; + c90) + basic_machine=c90-cray + os=-unicos + ;; + convex-c1) + basic_machine=c1-convex + os=-bsd + ;; + convex-c2) + basic_machine=c2-convex + os=-bsd + ;; + convex-c32) + basic_machine=c32-convex + os=-bsd + ;; + convex-c34) + basic_machine=c34-convex + os=-bsd + ;; + convex-c38) + basic_machine=c38-convex + os=-bsd + ;; + cray | j90) + basic_machine=j90-cray + os=-unicos + ;; + crds | unos) + basic_machine=m68k-crds + ;; + cris | cris-* | etrax*) + basic_machine=cris-axis + ;; + da30 | da30-*) + basic_machine=m68k-da30 + ;; + decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) + basic_machine=mips-dec + ;; + decsystem10* | dec10*) + basic_machine=pdp10-dec + os=-tops10 + ;; + decsystem20* | dec20*) + basic_machine=pdp10-dec + os=-tops20 + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + basic_machine=m68k-motorola + ;; + delta88) + basic_machine=m88k-motorola + os=-sysv3 + ;; + dpx20 | dpx20-*) + basic_machine=rs6000-bull + os=-bosx + ;; + dpx2* | dpx2*-bull) + basic_machine=m68k-bull + os=-sysv3 + ;; + ebmon29k) + basic_machine=a29k-amd + os=-ebmon + ;; + elxsi) + basic_machine=elxsi-elxsi + os=-bsd + ;; + encore | umax | mmax) + basic_machine=ns32k-encore + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=-ose + ;; + fx2800) + basic_machine=i860-alliant + ;; + genix) + basic_machine=ns32k-ns + ;; + gmicro) + basic_machine=tron-gmicro + os=-sysv + ;; + go32) + basic_machine=i386-pc + os=-go32 + ;; + h3050r* | hiux*) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=-hms + ;; + h8300xray) + basic_machine=h8300-hitachi + os=-xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=-hms + ;; + harris) + basic_machine=m88k-harris + os=-sysv3 + ;; + hp300-*) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=-bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=-hpux + ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + basic_machine=m68000-hp + ;; + hp9k3[2-9][0-9]) + basic_machine=m68k-hp + ;; + hp9k6[0-9][0-9] | hp6[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) + basic_machine=hppa1.1-hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hppa-next) + os=-nextstep3 + ;; + hppaosf) + basic_machine=hppa1.1-hp + os=-osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=-proelf + ;; + i370-ibm* | ibm*) + basic_machine=i370-ibm + ;; +# I'm not sure what "Sysv32" means. Should this be sysv3.2? + i*86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 + ;; + i*86v4*) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv4 + ;; + i*86v) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv + ;; + i*86sol2) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-solaris2 + ;; + i386mach) + basic_machine=i386-mach + os=-mach + ;; + i386-vsta | vsta) + basic_machine=i386-unknown + os=-vsta + ;; + iris | iris4d) + basic_machine=mips-sgi + case $os in + -irix*) + ;; + *) + os=-irix4 + ;; + esac + ;; + isi68 | isi) + basic_machine=m68k-isi + os=-sysv + ;; + m88k-omron*) + basic_machine=m88k-omron + ;; + magnum | m3230) + basic_machine=mips-mips + os=-sysv + ;; + merlin) + basic_machine=ns32k-utek + os=-sysv + ;; + mingw32) + basic_machine=i386-pc + os=-mingw32 + ;; + miniframe) + basic_machine=m68000-convergent + ;; + *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; + mips3*-*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + ;; + mips3*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + ;; + mmix*) + basic_machine=mmix-knuth + os=-mmixware + ;; + monitor) + basic_machine=m68k-rom68k + os=-coff + ;; + morphos) + basic_machine=powerpc-unknown + os=-morphos + ;; + msdos) + basic_machine=i386-pc + os=-msdos + ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 + ;; + netbsd386) + basic_machine=i386-unknown + os=-netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=-linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=-newsos + ;; + news1000) + basic_machine=m68030-sony + os=-newsos + ;; + news-3600 | risc-news) + basic_machine=mips-sony + os=-newsos + ;; + necv70) + basic_machine=v70-nec + os=-sysv + ;; + next | m*-next ) + basic_machine=m68k-next + case $os in + -nextstep* ) + ;; + -ns2*) + os=-nextstep2 + ;; + *) + os=-nextstep3 + ;; + esac + ;; + nh3000) + basic_machine=m68k-harris + os=-cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=-cxux + ;; + nindy960) + basic_machine=i960-intel + os=-nindy + ;; + mon960) + basic_machine=i960-intel + os=-mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=-nonstopux + ;; + np1) + basic_machine=np1-gould + ;; + nsr-tandem) + basic_machine=nsr-tandem + ;; + op50n-* | op60c-*) + basic_machine=hppa1.1-oki + os=-proelf + ;; + or32 | or32-*) + basic_machine=or32-unknown + os=-coff + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=-ose + ;; + os68k) + basic_machine=m68k-none + os=-os68k + ;; + pa-hitachi) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + paragon) + basic_machine=i860-intel + os=-osf + ;; + pbd) + basic_machine=sparc-tti + ;; + pbb) + basic_machine=m68k-tti + ;; + pc532 | pc532-*) + basic_machine=ns32k-pc532 + ;; + pentium | p5 | k5 | k6 | nexgen | viac3) + basic_machine=i586-pc + ;; + pentiumpro | p6 | 6x86 | athlon | athlon_*) + basic_machine=i686-pc + ;; + pentiumii | pentium2) + basic_machine=i686-pc + ;; + pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) + basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumpro-* | p6-* | 6x86-* | athlon-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumii-* | pentium2-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pn) + basic_machine=pn-gould + ;; + power) basic_machine=power-ibm + ;; + ppc) basic_machine=powerpc-unknown + ;; + ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppcle | powerpclittle | ppc-le | powerpc-little) + basic_machine=powerpcle-unknown + ;; + ppcle-* | powerpclittle-*) + basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64) basic_machine=powerpc64-unknown + ;; + ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64le | powerpc64little | ppc64-le | powerpc64-little) + basic_machine=powerpc64le-unknown + ;; + ppc64le-* | powerpc64little-*) + basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ps2) + basic_machine=i386-ibm + ;; + pw32) + basic_machine=i586-unknown + os=-pw32 + ;; + rom68k) + basic_machine=m68k-rom68k + os=-coff + ;; + rm[46]00) + basic_machine=mips-siemens + ;; + rtpc | rtpc-*) + basic_machine=romp-ibm + ;; + s390 | s390-*) + basic_machine=s390-ibm + ;; + s390x | s390x-*) + basic_machine=s390x-ibm + ;; + sa29200) + basic_machine=a29k-amd + os=-udi + ;; + sb1) + basic_machine=mipsisa64sb1-unknown + ;; + sb1el) + basic_machine=mipsisa64sb1el-unknown + ;; + sequent) + basic_machine=i386-sequent + ;; + sh) + basic_machine=sh-hitachi + os=-hms + ;; + sparclite-wrs | simso-wrs) + basic_machine=sparclite-wrs + os=-vxworks + ;; + sps7) + basic_machine=m68k-bull + os=-sysv2 + ;; + spur) + basic_machine=spur-unknown + ;; + st2000) + basic_machine=m68k-tandem + ;; + stratus) + basic_machine=i860-stratus + os=-sysv4 + ;; + sun2) + basic_machine=m68000-sun + ;; + sun2os3) + basic_machine=m68000-sun + os=-sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=-sunos4 + ;; + sun3os3) + basic_machine=m68k-sun + os=-sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=-sunos4 + ;; + sun4os3) + basic_machine=sparc-sun + os=-sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=-sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=-solaris2 + ;; + sun3 | sun3-*) + basic_machine=m68k-sun + ;; + sun4) + basic_machine=sparc-sun + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + ;; + sv1) + basic_machine=sv1-cray + os=-unicos + ;; + symmetry) + basic_machine=i386-sequent + os=-dynix + ;; + t3d) + basic_machine=alpha-cray + os=-unicos + ;; + t3e) + basic_machine=alphaev5-cray + os=-unicos + ;; + t90) + basic_machine=t90-cray + os=-unicos + ;; + tic4x | c4x*) + basic_machine=tic4x-unknown + os=-coff + ;; + tic54x | c54x*) + basic_machine=tic54x-unknown + os=-coff + ;; + tx39) + basic_machine=mipstx39-unknown + ;; + tx39el) + basic_machine=mipstx39el-unknown + ;; + toad1) + basic_machine=pdp10-xkl + os=-tops20 + ;; + tower | tower-32) + basic_machine=m68k-ncr + ;; + udi29k) + basic_machine=a29k-amd + os=-udi + ;; + ultra3) + basic_machine=a29k-nyu + os=-sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + os=-none + ;; + vaxv) + basic_machine=vax-dec + os=-sysv + ;; + vms) + basic_machine=vax-dec + os=-vms + ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; + vxworks960) + basic_machine=i960-wrs + os=-vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=-vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=-vxworks + ;; + w65*) + basic_machine=w65-wdc + os=-none + ;; + w89k-*) + basic_machine=hppa1.1-winbond + os=-proelf + ;; + windows32) + basic_machine=i386-pc + os=-windows32-msvcrt + ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; + ymp) + basic_machine=ymp-cray + os=-unicos + ;; + z8k-*-coff) + basic_machine=z8k-unknown + os=-sim + ;; + none) + basic_machine=none-none + os=-none + ;; + +# Here we handle the default manufacturer of certain CPU types. It is in +# some cases the only manufacturer, in others, it is the most popular. + w89k) + basic_machine=hppa1.1-winbond + ;; + op50n) + basic_machine=hppa1.1-oki + ;; + op60c) + basic_machine=hppa1.1-oki + ;; + romp) + basic_machine=romp-ibm + ;; + rs6000) + basic_machine=rs6000-ibm + ;; + vax) + basic_machine=vax-dec + ;; + pdp10) + # there are many clones, so DEC is not a safe bet + basic_machine=pdp10-unknown + ;; + pdp11) + basic_machine=pdp11-dec + ;; + we32k) + basic_machine=we32k-att + ;; + sh3 | sh4 | sh3eb | sh4eb | sh[1234]le | sh3ele) + basic_machine=sh-unknown + ;; + sh64) + basic_machine=sh64-unknown + ;; + sparc | sparcv9 | sparcv9b) + basic_machine=sparc-sun + ;; + cydra) + basic_machine=cydra-cydrome + ;; + orion) + basic_machine=orion-highlevel + ;; + orion105) + basic_machine=clipper-highlevel + ;; + mac | mpw | mac-mpw) + basic_machine=m68k-apple + ;; + pmac | pmac-mpw) + basic_machine=powerpc-apple + ;; + *-unknown) + # Make sure to match an already-canonicalized machine name. + ;; + *) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $basic_machine in + *-digital*) + basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + ;; + *-commodore*) + basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x"$os" != x"" ] +then +case $os in + # First match some system type aliases + # that might get confused with valid system types. + # -solaris* is a basic system type, with this one exception. + -solaris1 | -solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + -solaris) + os=-solaris2 + ;; + -svr4*) + os=-sysv4 + ;; + -unixware*) + os=-sysv4.2uw + ;; + -gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # First accept the basic system types. + # The portable systems comes first. + # Each alternative MUST END IN A *, to match a version number. + # -sysv* is not here because it comes later, after sysvr4. + -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ + | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ + | -aos* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ + | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -chorusos* | -chorusrdb* \ + | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ + | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ + | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ + | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* | -powermax*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + -qnx*) + case $basic_machine in + x86-* | i*86-*) + ;; + *) + os=-nto$os + ;; + esac + ;; + -nto*) + os=-nto-qnx + ;; + -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* | -beos* \ + | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) + ;; + -mac*) + os=`echo $os | sed -e 's|mac|macos|'` + ;; + -linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + -sunos5*) + os=`echo $os | sed -e 's|sunos5|solaris2|'` + ;; + -sunos6*) + os=`echo $os | sed -e 's|sunos6|solaris3|'` + ;; + -opened*) + os=-openedition + ;; + -wince*) + os=-wince + ;; + -osfrose*) + os=-osfrose + ;; + -osf*) + os=-osf + ;; + -utek*) + os=-bsd + ;; + -dynix*) + os=-bsd + ;; + -acis*) + os=-aos + ;; + -atheos*) + os=-atheos + ;; + -386bsd) + os=-bsd + ;; + -ctix* | -uts*) + os=-sysv + ;; + -nova*) + os=-rtmk-nova + ;; + -ns2 ) + os=-nextstep2 + ;; + -nsk*) + os=-nsk + ;; + # Preserve the version number of sinix5. + -sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + -sinix*) + os=-sysv4 + ;; + -triton*) + os=-sysv3 + ;; + -oss*) + os=-sysv3 + ;; + -svr4) + os=-sysv4 + ;; + -svr3) + os=-sysv3 + ;; + -sysvr4) + os=-sysv4 + ;; + # This must come after -sysvr4. + -sysv*) + ;; + -ose*) + os=-ose + ;; + -es1800*) + os=-ose + ;; + -xenix) + os=-xenix + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint + ;; + -none) + ;; + *) + # Get rid of the `-' at the beginning of $os. + os=`echo $os | sed 's/[^-]*-//'` + echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $basic_machine in + *-acorn) + os=-riscix1.2 + ;; + arm*-rebel) + os=-linux + ;; + arm*-semi) + os=-aout + ;; + # This must come before the *-dec entry. + pdp10-*) + os=-tops20 + ;; + pdp11-*) + os=-none + ;; + *-dec | vax-*) + os=-ultrix4.2 + ;; + m68*-apollo) + os=-domain + ;; + i386-sun) + os=-sunos4.0.2 + ;; + m68000-sun) + os=-sunos3 + # This also exists in the configure program, but was not the + # default. + # os=-sunos4 + ;; + m68*-cisco) + os=-aout + ;; + mips*-cisco) + os=-elf + ;; + mips*-*) + os=-elf + ;; + or32-*) + os=-coff + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=-sysv3 + ;; + sparc-* | *-sun) + os=-sunos4.1.1 + ;; + *-be) + os=-beos + ;; + *-ibm) + os=-aix + ;; + *-wec) + os=-proelf + ;; + *-winbond) + os=-proelf + ;; + *-oki) + os=-proelf + ;; + *-hp) + os=-hpux + ;; + *-hitachi) + os=-hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=-sysv + ;; + *-cbm) + os=-amigaos + ;; + *-dg) + os=-dgux + ;; + *-dolphin) + os=-sysv3 + ;; + m68k-ccur) + os=-rtu + ;; + m88k-omron*) + os=-luna + ;; + *-next ) + os=-nextstep + ;; + *-sequent) + os=-ptx + ;; + *-crds) + os=-unos + ;; + *-ns) + os=-genix + ;; + i370-*) + os=-mvs + ;; + *-next) + os=-nextstep3 + ;; + *-gould) + os=-sysv + ;; + *-highlevel) + os=-bsd + ;; + *-encore) + os=-bsd + ;; + *-sgi) + os=-irix + ;; + *-siemens) + os=-sysv4 + ;; + *-masscomp) + os=-rtu + ;; + f30[01]-fujitsu | f700-fujitsu) + os=-uxpv + ;; + *-rom68k) + os=-coff + ;; + *-*bug) + os=-coff + ;; + *-apple) + os=-macos + ;; + *-atari*) + os=-mint + ;; + *) + os=-none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +vendor=unknown +case $basic_machine in + *-unknown) + case $os in + -riscix*) + vendor=acorn + ;; + -sunos*) + vendor=sun + ;; + -aix*) + vendor=ibm + ;; + -beos*) + vendor=be + ;; + -hpux*) + vendor=hp + ;; + -mpeix*) + vendor=hp + ;; + -hiux*) + vendor=hitachi + ;; + -unos*) + vendor=crds + ;; + -dgux*) + vendor=dg + ;; + -luna*) + vendor=omron + ;; + -genix*) + vendor=ns + ;; + -mvs* | -opened*) + vendor=ibm + ;; + -ptx*) + vendor=sequent + ;; + -vxsim* | -vxworks* | -windiss*) + vendor=wrs + ;; + -aux*) + vendor=apple + ;; + -hms*) + vendor=hitachi + ;; + -mpw* | -macos*) + vendor=apple + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + vendor=atari + ;; + -vos*) + vendor=stratus + ;; + esac + basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + ;; +esac + +echo $basic_machine$os +exit 0 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: Index: /tags/2.5.0/configure.ac =================================================================== --- /tags/2.5.0/configure.ac (revision 189) +++ /tags/2.5.0/configure.ac (revision 189) @@ -0,0 +1,2613 @@ + +dnl We want to override the standard _AC_INIT_PARSE_ARGS +dnl +AU_ALIAS([_AC_INIT_PARSE_ARGS], [SH_INIT_PARSE_ARGS]) +AU_ALIAS([_AC_INIT_help], [SH_INIT_HELP]) + +AC_INIT(src/samhain.c) + + +AC_ARG_VAR([LIBS], [libraries to link against, e.g. -lintl]) + +dnl +dnl start +dnl +AM_INIT_AUTOMAKE(samhain, 2.5.0) +AC_DEFINE([SAMHAIN], 1, [Application is samhain]) +AC_CANONICAL_HOST + +dnl +dnl checks for programs +dnl + +AC_PROG_CC +if test "$host" != "$build"; then + AC_CHECK_PROGS(BUILD_CC, gcc cc) +else + BUILD_CC=$CC +fi +AC_PROG_CPP +AC_PROG_INSTALL +AC_PROG_LN_S +AC_PROG_AWK +SH_PROG_LD +AC_PATH_PROG(cmd_hostname,hostname) +AC_SUBST(cmd_hostname) +AC_SUBST(BUILD_CC) + +if test "x$GCC" = "xyes"; then + GCC_STACK_PROTECT_LIB + GCC_STACK_PROTECT_CC + GCC_PIE_CC +fi + +AC_HEADER_STDC +dnl +dnl first one is a dummy because of an autoconf bug +dnl (no HAVE_... for first one) +dnl +AC_CHECK_HEADERS([sys/ipc.h sys/msg.h sys/uio.h fcntl.h]) + + +AC_MSG_CHECKING([for host-specific issues]) +mydebugflag=no +myneedg3=no +uid_cast="signed long" +selectconfig=linux +mynetbsd=no +sh_use_lcaps="undef" +dnmalloc_ok=yes + +case "$host_os" in + + *linux*) + sh_use_lcaps="yes" + AC_DEFINE(HOST_IS_LINUX) + AC_DEFINE(HAVE_EXT2_IOCTLS) + AC_MSG_RESULT(LINUX use ioctl to get e2fs flags) + case "$host_cpu" in + i*86*) + AC_DEFINE(HOST_IS_I86LINUX) + ;; + *) + ;; + esac + ;; + + *osf*) + AC_DEFINE([HOST_IS_OSF], 1, [Define if host OS is OSF]) + if test "x$GCC" != "xyes"; then + CFLAGS=`echo $CFLAGS | sed 's%\-g%%' ` + CFLAGS="$CFLAGS -O2 -assume noaligned_objects" + myneedg3=yes + AC_MSG_RESULT(OSF1 compiler needs assume noaligned_objects) + else + AC_MSG_RESULT(none) + fi + ;; + + *cygwin*) + AC_DEFINE(HOST_IS_CYGWIN) + AC_MSG_RESULT(CYGWIN do not check for trusted paths) + ;; + + *darwin*) + AC_DEFINE(HOST_IS_DARWIN) + AC_MSG_RESULT(DARWIN check resource forks) + ;; + + *freebsd*) + AC_DEFINE(HOST_IS_FREEBSD) + selectconfig=freebsd + AC_MSG_RESULT(none) + ;; + + *openbsd*) + AC_DEFINE([HOST_IS_OPENBSD], 1, [Define if host OS is OPENBSD]) + selectconfig=freebsd + dnmalloc_ok=no + AC_MSG_RESULT(OpenBSD dnmalloc does not work with pthreads) + ;; + + *netbsd*) + mynetbsd=yes + selectconfig=netbsd + AC_MSG_RESULT(NETBSD bug with libresolve) + ;; + + *solaris*) + selectconfig=solaris + AC_DEFINE(HOST_IS_SOLARIS) + case "$host_cpu" in + i*86) + AC_DEFINE(HOST_IS_I86SOLARIS) + AC_MSG_RESULT(SOLARIS I86 vsnprintf prototype) + ;; + *) + AC_MSG_RESULT(none) + ;; + esac + if test "x$GCC" != "xyes"; then + if test ! -z "`echo "$CFLAGS" | grep "\-g" 2> /dev/null`" ; then + CFLAGS=`echo $CFLAGS | sed 's%\-g%%' ` + fi + if test -z "`echo "$CFLAGS" | grep "\-xO2" 2> /dev/null`"; then + CFLAGS="$CFLAGS -xO2" + fi + if test -z "`echo "$CFLAGS" | grep "\-Xa" 2> /dev/null`"; then + CFLAGS="$CFLAGS -Xa" + fi + LIBS="-lc $LIBS" + fi + ;; + + + *sun*) + selectconfig=solaris + AC_DEFINE(HOST_IS_SOLARIS) + AC_MSG_RESULT(none) + ;; + + *aix*) + AC_DEFINE(HOST_IS_AIX) + selectconfig=aix5.2.0 + uid_cast="unsigned long" + if test "x$GCC" != "xyes"; then + if test ! -z "`echo "$CFLAGS" | grep "\-g" 2> /dev/null`" ; then + CFLAGS=`echo $CFLAGS | sed 's%\-g%%' ` + fi + if test -z "`echo "$CFLAGS" | grep "\-O3" 2> /dev/null`"; then + CFLAGS="$CFLAGS -O3" + fi + if test -z "`echo "$CFLAGS" | grep "\-qstrict" 2> /dev/null`"; then + CFLAGS="$CFLAGS -qstrict" + fi + AC_MSG_RESULT(AIX size_t in the accept call and optimize O3 qstrict) + else + AC_MSG_RESULT(AIX size_t in the accept call) + fi + ;; + + *hpux*) + AC_MSG_RESULT(HPUX need _XOPEN_SOURCE_EXTENDED for h_errno) + AC_DEFINE(HOST_IS_HPUX) + if test "x$GCC" != "xyes"; then + if test ! -z "`echo "$CFLAGS" | grep "\-g" 2> /dev/null`" ; then + CFLAGS=`echo $CFLAGS | sed 's%\-g%%' ` + fi + if test -z "`echo "$CFLAGS" | grep "\+O2" 2> /dev/null`"; then + CFLAGS="$CFLAGS +O2" + fi + fi + ;; + + *ultrix*) + AC_MSG_RESULT(ULTRIX getcwd uses popen) + AC_DEFINE(HAVE_BROKEN_GETCWD) + ;; + + *) + AC_MSG_RESULT(none) + ;; +esac + +AC_SUBST(selectconfig) +AC_DEFINE_UNQUOTED(UID_CAST, ${uid_cast}) + + +dnl ***************************************** +dnl +dnl checks for header files +dnl +dnl ***************************************** + +AC_HEADER_DIRENT +AC_HEADER_MAJOR +AC_HEADER_TIME +dnl used in minilzo.c +AC_HEADER_STAT +AC_DECL_SYS_SIGLIST + +AC_CHECK_HEADERS(stddef.h libgen.h sched.h malloc.h sys/uio.h \ + sys/mman.h sys/param.h \ + sys/vfs.h mntent.h \ + sys/select.h sys/socket.h netinet/in.h \ + regex.h glob.h \ + linux/ext2_fs.h linux/fs.h ext2fs/ext2_fs.h asm/segment.h \ + elf.h linux/elf.h \ + paths.h arpa/nameser.h arpa/nameser_compat.h \ + rpc/rpcent.h sys/statvfs.h, + [], + [], + [#include ] +) + + +AC_CHECK_HEADER(utmpx.h, sh_utmpx="yes", sh_utmpx="no") +if test "x$sh_utmpx" = "xyes"; then + if cat "/usr/include/utmpx.h" 2>&5 | + egrep "WTMPX_FILE" >/dev/null 2>&1; then + AC_DEFINE(HAVE_UTMPX_H) + AC_EGREP_HEADER(ut_host, utmpx.h, AC_DEFINE(HAVE_UTHOST) ) + AC_EGREP_HEADER(ut_addr, utmpx.h, AC_DEFINE(HAVE_UTADDR) ) + AC_EGREP_HEADER(ut_xtime,utmpx.h, AC_DEFINE(HAVE_UTXTIME) ) + AC_EGREP_HEADER(ut_type, utmpx.h, AC_DEFINE(HAVE_UTTYPE) ) + else + AC_EGREP_HEADER(ut_addr, utmp.h, AC_DEFINE(HAVE_UTADDR) ) + AC_EGREP_HEADER(ut_host, utmp.h, AC_DEFINE(HAVE_UTHOST) ) + AC_EGREP_HEADER(ut_type, utmp.h, AC_DEFINE(HAVE_UTTYPE) ) + fi +else + AC_EGREP_HEADER(ut_host, utmp.h, AC_DEFINE(HAVE_UTHOST) ) + AC_EGREP_HEADER(ut_type, utmp.h, AC_DEFINE(HAVE_UTTYPE) ) +fi + +dnl +dnl figure out where acct.h lives +dnl and whether fields are int/comp_t +dnl +dnl GNU Accounting Utilities +dnl Copyright (C) 1993, 1996, 1997, 2003, 2005 Free Software Foundation, Inc. +dnl The GNU Accounting Utilities are free software; you can redistribute +dnl them and/or modify them under the terms of the GNU General Public +dnl License as published by the Free Software Foundation; either version +dnl 2, or (at your option) any later version. +dnl +AC_CHECK_HEADER(sys/acct.h, + AC_DEFINE(HAVE_SYS_ACCT_H, , + [Define if you have the header file.]) + AC_HEADER_EGREP(ac_utime, sys/acct.h, + AC_DEFINE(HAVE_ACUTIME, , + [Define if has the AC_UTIME field.]) + AC_HEADER_EGREP(comp_t.*ac_utime, sys/acct.h, + AC_DEFINE(ACUTIME_COMPT, , + [Define if 's AC_UTIME field is a COMP_T.])) + ) + AC_HEADER_EGREP(ac_stime, sys/acct.h, + AC_DEFINE(HAVE_ACSTIME, , + [Define if has the AC_STIME field.]) + AC_HEADER_EGREP(comp_t.*ac_stime, sys/acct.h, + AC_DEFINE(ACSTIME_COMPT, , + [Define if 's AC_STIME field is a COMP_T.])) + ) + AC_HEADER_EGREP(ac_etime, sys/acct.h, + AC_DEFINE(HAVE_ACETIME, , + [Define if has the AC_ETIME field.]) + AC_HEADER_EGREP(comp_t.*ac_etime, sys/acct.h, + AC_DEFINE(ACETIME_COMPT, , + [Define if 's AC_ETIME field is a COMP_T.])) + ) + AC_HEADER_EGREP(ac_io, sys/acct.h, + AC_DEFINE(HAVE_ACIO, , + [Define if has the AC_IO field.]) + AC_HEADER_EGREP(comp_t.*ac_io, sys/acct.h, + AC_DEFINE(ACIO_COMPT, , + [Define if 's AC_IO field is a COMP_T.])) + ) + AC_HEADER_EGREP(ac_mem, sys/acct.h, + AC_DEFINE(HAVE_ACMEM, , + [Define if has the AC_MEM field.]) + AC_HEADER_EGREP(comp_t.*ac_mem, sys/acct.h, + AC_DEFINE(ACMEM_COMPT, , + [Define if 's AC_MEM field is a COMP_T.])) + ) + AC_HEADER_EGREP(ac_minflt, sys/acct.h, + AC_HEADER_EGREP(ac_majflt, sys/acct.h, + AC_HEADER_EGREP(ac_swaps, sys/acct.h, + AC_DEFINE(HAVE_PAGING, , + [Define if has the AC_MINFLT, AC_MAJFLT and AC_SWAPS fields.]) + AC_HEADER_EGREP(comp_t.*ac_minflt, sys/acct.h, + AC_DEFINE(ACMINFLT_COMPT, , + [Define if 's AC_MINFLT field is a COMP_T.])) + AC_HEADER_EGREP(comp_t.*ac_mayflt, sys/acct.h, + AC_DEFINE(ACMAJFLT_COMPT, , + [Define if 's AC_MAJFLT field is a COMP_T.])) + AC_HEADER_EGREP(comp_t.*ac_swaps, sys/acct.h, + AC_DEFINE(ACSWAPS_COMPT, , + [Define if 's AC_SWAPS field is a COMP_T.])) + ) + ) + ) + AC_HEADER_EGREP(comp_t, sys/acct.h, AC_DEFINE(HAVE_COMP_T, , + [Define if uses the COMP_T type.])) + ) + + +dnl need to check because AIX 4.2 does not have it +dnl +AC_CHECK_MEMBERS([struct statfs.f_flags],[],[],[ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_STAT_H +#include +#endif +#ifdef HAVE_SYS_VFS_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif +]) + +AC_SYS_LARGEFILE + +dnl +dnl check whether _POSIX_SOURCE is required +dnl +SAMHAIN_POSIX + + +dnl ***************************************** +dnl +dnl Checks for library functions. +dnl +dnl ***************************************** +AC_FUNC_STRFTIME +AC_CHECK_FUNCS(memcmp memcpy memmove memset getpwent endpwent \ + gettimeofday strlcat strlcpy strstr strchr strerror strsignal \ + seteuid setreuid setresuid lstat getwd getcwd ptrace \ + usleep setpriority getpeereid nanosleep \ + strptime basename sched_yield hasmntopt \ + inet_aton gethostbyname setutent setrlimit gethostname uname \ + initgroups getpagesize \ + ttyname fchmod writev mmap \ + getsid getpriority getpgid statvfs \ + strerror_r getgrgid_r getpwnam_r getpwuid_r \ + gmtime_r localtime_r rand_r readdir_r strtok_r +) +AC_CHECK_FUNC(statfs, AC_DEFINE(HAVE_STATFS) statfs="yes", statfs="no") +SL_CHECK_VA_COPY +AC_CHECK_FUNCS(vsnprintf, [SL_CHECK_VSNPRINTF]) +AC_CHECK_MLOCK + +AC_MSG_CHECKING(how to get filesystem type) +fstype=no +# The order of these tests is important. +AC_TRY_CPP([#include +#include ], AC_DEFINE(FSTYPE_STATVFS) fstype=SVR4) +if test $fstype = no; then +AC_TRY_CPP([#include +#include ], AC_DEFINE(FSTYPE_USG_STATFS) fstype=SVR3) +fi +if test $fstype = no; then +AC_TRY_CPP([#include +#include ], AC_DEFINE(FSTYPE_AIX_STATFS) fstype=AIX) +fi +if test $fstype = no; then +AC_TRY_CPP([#include ], AC_DEFINE(FSTYPE_MNTENT) fstype=4.3BSD) +fi +if test $fstype = no; then +AC_EGREP_HEADER(f_type;, sys/mount.h, AC_DEFINE(FSTYPE_STATFS) fstype=4.4BSD/OSF) +fi +if test $fstype = no; then +AC_TRY_CPP([#include +#include ], AC_DEFINE(FSTYPE_GETMNT) fstype=Ultrix) +fi +AC_MSG_RESULT($fstype) + +sh_libsocket= + +dnl Solaris needs -lsocket and -lnsl. Unisys system includes +dnl gethostbyname in libsocket but needs libnsl for socket. +AC_CHECK_LIB(nsl, gethostbyname) +AC_CHECK_LIB(socket, socket, ac_need_libsocket=1, ac_try_nsl=1) +if test x$ac_need_libsocket = x1; then + LIBS="$LIBS -lsocket" + sh_libsocket="-lsocket" +fi +if test x$ac_try_nsl = x1; then + AC_CHECK_LIB(nsl, gethostbyname, ac_need_libnsl=1) + if test x$ac_need_libnsl = x1 + then + LIBS="$LIBS -lnsl" + fi +fi +AC_SUBST(sh_libsocket) + +AC_CHECK_LIB(socket, res_search, [ + AC_CHECK_LIB(resolv, dn_skipname) + AC_CHECK_LIB(resolv, __dn_skipname) + if test x$ac_need_libsocket = x1; then + : + else + LIBS="$LIBS -lsocket" + fi + ], [ + AC_CHECK_LIB(resolv, res_search, [ + LIBS="$LIBS -lresolv" + ], [ + AC_CHECK_LIB(resolv, dn_skipname) + AC_CHECK_LIB(resolv, __dn_skipname) + ]) + ]) + +dnl arguments for accept + +dnl check for Unix98 socklen_t (found on +dnl xemacs-patches mailing list, written +dnl by Martin Buchholz) +dnl +dnl On Darwin(MacOSX) socklen_t needs to be +dnl an int (see accept man page), on all other +dnl unix systems we need a size_t. + +AC_MSG_CHECKING(for socklen_t) +AC_TRY_COMPILE([ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + socklen_t x; +], [],[ + AC_MSG_RESULT(yes) + AC_DEFINE_UNQUOTED([ACCEPT_TYPE_ARG3],[socklen_t], [type of arg3 of accept]) + AC_DEFINE([HAVE_SOCKLEN_T], 1, [Define if you have socklen_t]) +],[ + AC_TRY_COMPILE([ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + int accept (int, struct sockaddr *, size_t *); + ],[],[ + AC_MSG_RESULT(size_t) + AC_DEFINE_UNQUOTED([ACCEPT_TYPE_ARG3],[size_t], [type of arg3 of accept]) + ], [ + AC_MSG_RESULT(int) + AC_DEFINE_UNQUOTED([ACCEPT_TYPE_ARG3],[int], [type of arg3 of accept]) + ] + ) +]) + +dnl ***************************************** +dnl checks for extended attribute or ACL +dnl support +dnl ***************************************** + +sh_CHECK_XATTR +sh_CHECK_POSIX_ACL + +dnl ***************************************** +dnl checks for typedefs +dnl ***************************************** + +AC_C_LONG_DOUBLE +SH_CHECK_TYPEDEF(long long, HAVE_LONG_LONG) +SH_CHECK_TYPEDEF(uint64_t, HAVE_UINT64_T) +if test "$sh_HAVE_LONG_LONG" = "yes"; then + AC_CHECK_SIZEOF(unsigned long long, 4) + sh_sizeof_unsigned_long_long=`echo "$ac_cv_sizeof_unsigned_long_long" | sed 's%[^0-9]%%g'` + if test "$sh_sizeof_unsigned_long_long" = "8"; then + AC_DEFINE(HAVE_LONG_LONG_64, 1, [Define if you have 64bit long long]) + fi +fi + +AC_CHECK_TYPE(ptrdiff_t, long) +AC_TYPE_SIZE_T +AC_CHECK_SIZEOF(char *, 4) +AC_CHECK_SIZEOF(size_t, 4) + +AC_CHECK_SIZEOF(unsigned long, 4) +AC_CHECK_SIZEOF(unsigned int, 4) +AC_CHECK_SIZEOF(unsigned short, 2) + + +sh_sizeof_unsigned_long=`echo "$ac_cv_sizeof_unsigned_long" | sed 's%[^0-9]%%g'` +if test "$sh_sizeof_unsigned_long" = "4"; then + AC_DEFINE(HAVE_LONG_32) +fi +if test "$sh_sizeof_unsigned_long" = "8"; then + AC_DEFINE(HAVE_LONG_64) +fi +sh_sizeof_unsigned_int=`echo "$ac_cv_sizeof_unsigned_int" | sed 's%[^0-9]%%g'` +if test "$sh_sizeof_unsigned_int" = "4"; then + AC_DEFINE(HAVE_INT_32) +fi +sh_sizeof_unsigned_short=`echo "$ac_cv_sizeof_unsigned_short" | sed 's%[^0-9]%%g'` +if test "$sh_sizeof_unsigned_short" = "4"; then + AC_DEFINE(HAVE_SHORT_32) +fi + +dnl +dnl check for 64 bit programming environment +dnl +SAMHAIN_64 + + +dnl ***************************************** +dnl checks for structures +dnl ***************************************** + +AC_STRUCT_TM + +dnl +dnl from e2fsprogs +dnl +AC_MSG_CHECKING(whether struct stat has a st_flags field) +AC_CACHE_VAL(e2fsprogs_cv_struct_st_flags, + AC_TRY_COMPILE([#include ], + [struct stat stat; stat.st_flags = 0;], + [e2fsprogs_cv_struct_st_flags=yes], + [e2fsprogs_cv_struct_st_flags=no])) +AC_MSG_RESULT($e2fsprogs_cv_struct_st_flags) +if test "$e2fsprogs_cv_struct_st_flags" = yes; then + AC_MSG_CHECKING(whether st_flags field is useful) + AC_CACHE_VAL(e2fsprogs_cv_struct_st_flags_immut, + AC_TRY_COMPILE([#include ], + [struct stat stat; stat.st_flags |= UF_IMMUTABLE;], + [e2fsprogs_cv_struct_st_flags_immut=yes], + [e2fsprogs_cv_struct_st_flags_immut=no])) + AC_MSG_RESULT($e2fsprogs_cv_struct_st_flags_immut) + if test "$e2fsprogs_cv_struct_st_flags_immut" = yes; then + AC_DEFINE(HAVE_STAT_FLAGS) + fi +fi + +dnl +dnl from dbus +dnl +AC_MSG_CHECKING(for struct cmsgcred) +AC_TRY_COMPILE([ +#include +#include +],[ +struct cmsgcred cred; + +cred.cmcred_pid = 0; +],sh_have_struct_cmsgcred=yes,sh_have_struct_cmsgcred=no) +AC_MSG_RESULT($sh_have_struct_cmsgcred) + +if test x$sh_have_struct_cmsgcred = xyes; then + AC_DEFINE(HAVE_STRUCT_CMSGCRED,1,[Have cmsgcred structure]) +fi + +AC_MSG_CHECKING(for struct fcred) +AC_TRY_COMPILE([ +#include +#include +#include +],[ +struct fcred sockcred; +],sh_have_struct_fcred=yes,sh_have_struct_fcred=no) +AC_MSG_RESULT($sh_have_struct_fcred) + +if test x$sh_have_struct_fcred = xyes; then + AC_DEFINE(HAVE_STRUCT_FCRED,1,[Have fcred structure]) +fi + +AC_MSG_CHECKING(for struct sockcred) +AC_TRY_COMPILE([ +#include +#include +#include +],[ +struct sockcred sockcred; +],sh_have_struct_sockcred=yes,sh_have_struct_sockcred=no) +AC_MSG_RESULT($sh_have_struct_sockcred) + +if test x$sh_have_struct_sockcred = xyes; then + AC_DEFINE(HAVE_STRUCT_SOCKCRED,1,[Have sockcred structure]) +fi + +AC_MSG_CHECKING(for SO_PEERCRED) +AC_TRY_COMPILE([ +#include +#include +],[ +int test = SO_PEERCRED; +],sh_have_SO_PEERCRED=yes,sh_have_SO_PEERCRED=no) +AC_MSG_RESULT($sh_have_SO_PEERCRED) + +if test x$sh_have_SO_PEERCRED = xyes; then + AC_DEFINE(HAVE_SO_PEERCRED,1,[Have SO_PEERCRED define]) +fi + + +dnl ***************************************** +dnl checks for compiler characteristics +dnl ***************************************** +AC_C_INLINE +AC_C_CONST +AC_C_BIGENDIAN +AC_C_RESTRICT + +AM_SA_SIGACTION_WORKS + +dnl ***************************************** +dnl +dnl checks for system services +dnl +dnl ***************************************** + +dnl +dnl check for /proc filesystem +dnl +if test -d "/proc/$$" +then + AC_DEFINE([HAVE_PROCFS],[1],[Define if you have a proc fs]) +fi + +dnl +dnl check for GNU gmp +dnl +AC_CHECK_LIB(gmp, __gmpz_init, [sh_have_gmp=yes], [sh_have_gmp=no]) +if test "x${sh_have_gmp}" = xno +then + AC_CHECK_LIB(gmp, mpz_init, [sh_have_gmp=yes], [sh_have_gmp=no]) +fi +if test "x${sh_have_gmp}" = xyes +then + # LIBS="-lgmp $LIBS" + AC_DEFINE(HAVE_LIBGMP, 1, [Have GNU gmp library]) +fi +AC_CHECK_HEADERS(gmp.h) + +AC_MSG_CHECKING([for ps]) +PS= +for ff in /usr/ucb /bin /usr/bin; do + if test -x "$ff/ps"; then + PS="$ff/ps" + AC_MSG_RESULT([$PS]) + break + fi +done +if test x$PS = x +then + AC_MSG_RESULT([no]) + AC_MSG_ERROR([Cannot find ps in any of /usr/ucb /bin /usr/bin]) +fi +AC_DEFINE_UNQUOTED([PSPATH], _("$PS"), [Path to ps]) + +AC_MSG_CHECKING([how to use ps]) +$PS ax >/dev/null 2>&1 +if test $? -eq 0; then + case "$host_os" in + *openbsd*) + one=`$PS akx | wc -l` + ;; + *) + one=`$PS ax | wc -l` + ;; + esac +else + one=0 +fi +$PS -e >/dev/null 2>&1 +if test $? -eq 0; then + two=`$PS -e | wc -l` +else + two=0 +fi +if test $one -ge $two +then + case "$host_os" in + *openbsd*) + PSARG="akx" + ;; + *) + PSARG="ax" + ;; + esac +else + PSARG="-e" +fi +AC_DEFINE_UNQUOTED([PSARG], _("$PSARG"), [Argument for ps]) +AC_MSG_RESULT([$PS $PSARG]) + +dnl ***************************************** +dnl +dnl enable features +dnl +dnl ***************************************** + +AC_ARG_ENABLE(db-reload, + [ --enable-db-reload enable database reload on SIGHUP [[no]]], + [ + if test "x${enable_db_reload}" = xyes; then + AC_DEFINE(RELOAD_DATABASE) + fi + ] +) + +AC_ARG_ENABLE(xml-log, + [ --enable-xml-log enable XML logfile format [[no]]], + [ + if test "x${enable_xml_log}" = xyes; then + AC_DEFINE(SH_USE_XML) + fi + ] +) + + +AC_ARG_ENABLE(mail, + [ --disable-mail disable the internal SMTP mailer], + [ + if test "x${enable_mail}" = xno; then + : + else + AC_DEFINE(SH_WITH_MAIL) + fi + ], + [AC_DEFINE(SH_WITH_MAIL)] +) + +AC_ARG_ENABLE(external-scripts, + [ --disable-external-scripts disable interface to external scripts], + [ + if test "x${enableval}" = xno; then + : + else + AC_DEFINE(WITH_EXTERNAL) + fi + ], + [AC_DEFINE(WITH_EXTERNAL)] +) + +AC_ARG_ENABLE(message-queue, + [ --enable-message-queue[[=MODE]] enable SysV message queue [[MODE=0700]]], + [ + if test "x${ac_cv_header_sys_msg_h}" = "xyes"; then + if test "x${enable_message_queue}" = xyes; then + AC_DEFINE(WITH_MESSAGE_QUEUE) + AC_DEFINE_UNQUOTED(MESSAGE_QUEUE_MODE, 0700) + elif test "x${enable_message_queue}" != xno; then + echo "${enableval}" | grep ['[^0123456789]'] >/dev/null 2>&1 && + AC_MSG_ERROR([With --enable-message-queue=MODE, MODE must be numeric]) + echo "${enableval}" | \ + grep ['0[0123456789][0123456789][0123456789]'] >/dev/null 2>&1 || + AC_MSG_ERROR([With --enable-message-queue=MODE, MODE must be an octal (0nnn) number]) + AC_DEFINE(WITH_MESSAGE_QUEUE) + AC_DEFINE_UNQUOTED(MESSAGE_QUEUE_MODE, ${enable_message_queue}) + fi + else + echo + echo "**********************************************" + echo + AC_MSG_WARN([sys/msg.h missing, --enable-message-queue disabled]) + echo + echo "**********************************************" + echo + fi + ] +) + +AC_ARG_WITH(cflags, + [ --with-cflags additional flags to pass to compiler], + [ + if test "x$withval" != "xno" ; then + CFLAGS="$CFLAGS $withval" + fi + ] +) +AC_ARG_WITH(libs, + [ --with-libs additional libraries to link with], + [ + if test "x$withval" != "xno" ; then + LIBS="$LIBS $withval" + fi + ] +) + + +# +# this is from ssh +# +AC_MSG_CHECKING(whether to use libwrap) +LIBWRAP_LIB="" +LIBWRAP_INC="" +AC_ARG_WITH(libwrap, +[ --with-libwrap[=PATH] Compile in libwrap (TCP Wrappers) support], +[ AC_MSG_RESULT($withval) + case "$withval" in + no) + ;; + ""|yes) + LIBWRAP_LIB="-lwrap" + ;; + *) + if test -d "$withval"; then + LIBWRAP_LIB="-L$withval -lwrap" + changequote(<<, >>)dnl + sh_libwrap_inc=`echo ${withval} | sed 's%/[^/][^/]*$%%'` + LIBWRAP_INC="-I${sh_libwrap_inc}/include" + changequote([, ])dnl + else + LIBWRAP_LIB="-lwrap" + changequote(<<, >>)dnl + sh_libwrap_inc=`echo ${withval} | sed 's%/[^/][^/]*$%%'` + LIBWRAP_INC="-I${sh_libwrap_inc}" + changequote([, ])dnl + fi + ;; + esac + if test -n "$LIBWRAP_LIB"; then + # OLDLIBS="$LIBS" + LIBS="$LIBWRAP_LIB $LIBS" + # OLDCFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $LIBWRAP_INC" + AC_CHECK_HEADER(tcpd.h, + [], + [ AC_MSG_ERROR([Could not find tcpd.h for libwrap. You need to install tcp_wrappers.]) ]) + AC_TRY_LINK([ #include + int allow_severity; int deny_severity; ], + [ hosts_access((struct request_info *) 0); ], + [ AC_DEFINE(SH_USE_LIBWRAP,1,[Build with tcp wrapper support]) ], + [ AC_MSG_ERROR([Could not find the libwrap library.]) ]) + fi ], + AC_MSG_RESULT(no) +) + + +dnl +dnl NETWORK OPTIONS +dnl +AC_ARG_ENABLE(network, + [ --enable-network=[[client|server]] compile client or server [[no]]], + [ + if test "x$enable_network" = xclient; then + mytclient="-DSH_WITH_CLIENT" + yulectl_prg= + setpwd_prg="samhain_setpwd" + sh_main_prg="samhain" + if test "x${sh_have_gmp}" = xyes + then + LIBS="-lgmp $LIBS" + fi +dnl AC_CHECK_HEADER(sys/capability.h, +dnl [AC_CHECK_LIB(cap, cap_get_proc,,sh_use_lcaps="no")], +dnl [sh_use_lcaps="no"]) + elif test "x$enable_network" = xserver; then + mytclient="-DSH_WITH_SERVER" + yulectl_prg="yulectl" + setpwd_prg="samhain_setpwd" + sh_main_prg="yule" + if test "x${sh_have_gmp}" = xyes + then + LIBS="-lgmp $LIBS" + fi + sh_use_lcaps="undef" + elif test "x$enable_network" = xno; then + mytclient="-DSH_STANDALONE" + yulectl_prg= + setpwd_prg= + sh_main_prg="samhain" +dnl AC_CHECK_HEADER(sys/capability.h, +dnl [AC_CHECK_LIB(cap, cap_get_proc,,sh_use_lcaps="no")], +dnl [sh_use_lcaps="no"]) + else + AC_MSG_ERROR([With --enable-network=WHAT, WHAT must be client, server, or no]) + fi + ], + [ + mytclient="-DSH_STANDALONE" + setpwd_prg= + yulectl_prg= + sh_main_prg="samhain" +dnl AC_CHECK_HEADER(sys/capability.h, +dnl [AC_CHECK_LIB(cap, cap_get_proc,,sh_use_lcaps="no")], +dnl [sh_use_lcaps="no"]) + ], +) + +AC_SUBST(setpwd_prg) +AC_SUBST(yulectl_prg) +AC_SUBST(sh_main_prg) +AC_SUBST(mytclient) + +# needed for the rpm spec +clmytclient=`echo ${mytclient} | sed s%\-%%` +AC_SUBST(clmytclient) + +sh_no_gcc_static=no + +AC_ARG_ENABLE(static, + [ --enable-static enable static linking [[no]]], + [ + if test x$enable_static = xyes; then + if test x"$mynetbsd" = xyes + then + tmp_LIBS=`echo $LIBS | sed 's%\-lresolv%%' ` + LIBS="${tmp_LIBS}" + fi + AC_DEFINE(SH_COMPILE_STATIC, 1, [Define if compiling static]) + if test "x$GCC" = "xyes"; then + sh_no_gcc_static=no + LDFLAGS="$LDFLAGS -static" + else + sh_no_gcc_static=yes + case "$host_os" in + + *aix*) + LDFLAGS="$LDFLAGS -bnso -bI:/lib/syscalls.exp" + ;; + + *hpux*) + LDFLAGS="$LDFLAGS -Wl,-a,archive" + ;; + + *osf*) + LDFLAGS="$LDFLAGS -non_shared" + ;; + + *irix*) + LDFLAGS="$LDFLAGS -non_shared" + ;; + + *sco*) + LDFLAGS="$LDFLAGS -dn" + ;; + + *sun*) + LDFLAGS="$LDFLAGS -Bstatic" + ;; + + *solaris*) + LDFLAGS="$LDFLAGS -Bstatic" + ;; + + *) + echo "***********************************************" + echo "*" + echo "* Don't know how to enable static linking" + echo "* with your compiler. Please set the environment" + echo "* variable LDFLAGS to:" + echo "* ${LDFLAGS} + the static linking flag" + echo "* and run configure again" + echo "*" + echo "***********************************************" + ;; + + esac + fi + fi + ] +) + +if test x$enable_static = xyes; then + : +else + LDFLAGS="$LDFLAGS $PIE_LDFLAGS" + CFLAGS="$CFLAGS $PIE_CFLAGS" +fi + +if test x"${mytclient}" = x-DSH_STANDALONE -o x"${mytclient}" = x-DSH_WITH_CLIENT; +then +dnl For threaded modules + ACX_PTHREAD + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + LIBS="$PTHREAD_LIBS $LIBS" + LDFLAGS="$PTHREAD_CFLAGS $LDFLAGS" + CC="$PTHREAD_CC" +dnl For MODI_TXT + CHECK_ZLIB() +fi + +# +# this is from the snort configure.in +# +AC_DEFUN(FAIL_MESSAGE,[ + echo + echo + echo "**********************************************" + echo " ERROR: unable to find" $1 + echo " checked in the following places" + for i in `echo $2`; do + echo " $i" + done + echo "**********************************************" + echo + exit +]) + +AC_ARG_WITH(libprelude-prefix, + [ --with-libprelude-prefix=PFX Prefix where libprelude is installed (optional)], + libprelude_config_prefix="$withval", libprelude_config_prefix="") + +AC_MSG_CHECKING(whether to use prelude) +AC_ARG_WITH(prelude, + [ --with-prelude Prelude IDS support [[no]]], + [ + if test "x${withval}" = "xno"; then + AC_MSG_RESULT(no) + else + AC_MSG_RESULT(yes) + if test x$libprelude_config_prefix != x ; then + if test x${LIBPRELUDE_CONFIG+set} != xset ; then + LIBPRELUDE_CONFIG=$libprelude_config_prefix/bin/libprelude-config + fi + fi + + AC_PATH_PROG(LIBPRELUDE_CONFIG, libprelude-config, no) + if test x"$LIBPRELUDE_CONFIG" = "xno" ; then + HAVE_PRELUDE_CONFIG=no + else + HAVE_PRELUDE_CONFIG=yes + fi +dnl AC_CHECK_PROG(HAVE_PRELUDE_CONFIG, libprelude-config, yes, no) + if test "$HAVE_PRELUDE_CONFIG" = "yes"; then + sh_libprelude_version=`$LIBPRELUDE_CONFIG --version` + case "$sh_libprelude_version" in + 0.8*) + AC_MSG_ERROR([You have Libprelude 0.8, which is too old. Version 0.9.6 or higher is required.]) + ;; + *) + AM_PATH_LIBPRELUDE([0.9.6], + [ + AC_DEFINE(HAVE_LIBPRELUDE,1,[Have libprelude]) + CFLAGS="$CFLAGS $LIBPRELUDE_PTHREAD_CFLAGS" + LDFLAGS="$LDFLAGS $LIBPRELUDE_LDFLAGS" + LIBS="$LIBS $LIBPRELUDE_LIBS" + ], + [ + AC_MSG_ERROR([Could not find libprelude (if you are using --enable-static, the static library libprelude.a might be missing).]) + ]) + ;; + esac + else + AC_MSG_ERROR([Could not find libprelude-config.]) + fi + fi + ], + [ + AC_MSG_RESULT(no) + ] +) + +# +# partly based on the snort configure.in +# +AC_ARG_WITH(database, + [ --with-database=[[mysql|postgresql|oracle|odbc]] database support [[no]]], + [ + if test x"$enable_xml_log" != xyes; then + AC_MSG_ERROR([With --with-database, --enable-xml-log is required as well.]) + fi + if test "x${withval}" = "xmysql"; then + if test "x$zlib_found" = "x" + then + CHECK_ZLIB() + fi + AC_CHECK_PROG(HAVE_MYSQL_CONFIG, mysql_config, yes, no) + if test "$HAVE_MYSQL_CONFIG" = "yes"; then + sh_mysql_libs="`mysql_config --libs`" + sh_mysql_libs="`eval echo ${sh_mysql_libs}`" + LIBS="$LIBS ${sh_mysql_libs}" + sh_mysql_cflags="`mysql_config --cflags`" + sh_mysql_cflags="`eval echo ${sh_mysql_cflags}`" + CPPFLAGS="$CPPFLAGS ${sh_mysql_cflags}" + else + AC_MSG_CHECKING([for MySQL in /usr /usr/local /usr/local/mysql MYSQL_HOME]) + mysql_directory="/usr /usr/local /usr/local/mysql ${MYSQL_HOME}" + + for i in $mysql_directory; do + if test -r $i/include/mysql/mysql.h; then + MYSQL_DIR=$i + MYSQL_INC_DIR=$i/include + # we use AC_CHECK_HEADERS to check for mysql/mysql.h + fi + done + if test -z "$MYSQL_DIR"; then + for i in $mysql_directory; do + if test -r $i/include/mysql.h; then + MYSQL_DIR=$i + MYSQL_INC_DIR=$i/include + fi + done + fi + + if test -z "$MYSQL_DIR"; then + tmp="" + for i in $mysql_directory; do + tmp="$tmp $i/include $i/include/mysql" + done + FAIL_MESSAGE("mysql headers (mysql.h)", $tmp) + fi + + for i in lib lib/mysql; do + str="$MYSQL_DIR/$i/libmysqlclient.*" + for j in `echo $str`; do + if test -r $j; then + MYSQL_LIB_DIR="$MYSQL_DIR/$i" + break 2 + fi + done + done + + if test -z "$MYSQL_LIB_DIR"; then + for ff in $mysql_directory; do + for i in lib lib/mysql; do + str="$ff/$i/libmysqlclient.*" + for j in `echo $str`; do + if test -r $j; then + MYSQL_LIB_DIR="$ff/$i" + break 3 + fi + done + done + done + fi + + if test -z "$MYSQL_LIB_DIR"; then + tmp="" + for i in $mysql_directory; do + tmp="$i/lib $i/lib/mysql" + done + FAIL_MESSAGE("mysql library libmysqlclient", $tmp) + fi + + AC_MSG_RESULT(yes) + LIBS="$LIBS -L${MYSQL_LIB_DIR} -lmysqlclient" + # CFLAGS="$CFLAGS -I${MYSQL_INC_DIR}" + CPPFLAGS="$CPPFLAGS -I${MYSQL_INC_DIR}" + fi + AC_DEFINE(WITH_MYSQL) + AC_DEFINE(WITH_DATABASE) + if test "x$zlib_found" = "xyes" + then + LIBS="$LIBS -lz -lm" + else + echo + + echo " Mysql library was not found or not useable." + echo " Possible reasons include:" + echo " - an old, incompatible version compiled from source" + echo " - on Solaris, libmysql is compiled with the Solaris" + echo " compiler, thus the mysql_config script provides" + echo " compiler options unsuitable for gcc (move" + echo " mysql_config out of your PATH)" + echo " For other problems, check config.log for the error" + echo " message from the compiler." + echo + echo " If your mysql libraries are installed in an" + echo " unusual place, use --with-libs=-L/path/to/libdirectory" + echo " where libdirectory is the directory holding libmysql." + if test x"$enable_static" = xyes; then + echo " Note that for compiling a static binary, you need" + echo " the static libraries, rather than the shared ones." + fi + echo + AC_MSG_ERROR([Could not find libmysql, or it is not useable.]) + fi + AC_CHECK_HEADERS(mysql/mysql.h) + elif test "x${withval}" = "xpostgresql"; then + AC_DEFINE(WITH_POSTGRES) + AC_DEFINE(WITH_DATABASE) + # + PGCONF="no" + MY_PATH="${PATH}:/usr/local/bin:/usr/local/pgsql/bin" + OLD_IFS="$IFS" + IFS=":" + for ff in ${MY_PATH} + do + if test -f "$ff/pg_config" + then + PGCONF="$ff/pg_config" + fi + done + IFS="${OLD_IFS}" + # + # + if test "x${PGCONF}" = "xno" + then + AC_MSG_CHECKING(for PostgreSQL in /usr/local/pgsql /usr/pgsql /usr/local /usr PGSQL_HOME) + pgsql_directory="/usr/local/pgsql /usr/pgsql /usr/local /usr ${PGSQL_HOME}" + for i in $pgsql_directory; do + if test -r $i/include/pgsql/libpq-fe.h; then + PGSQL_INC_DIR=$i/include + PGSQL_DIR=$i + # use AC_CHECK_HEADERS to check for pgsql/libpq-fe.h + fi + done + if test -z "$PGSQL_DIR"; then + for i in $pgsql_directory; do + if test -r $i/include/libpq-fe.h; then + PGSQL_INC_DIR=$i/include + PGSQL_DIR=$i + fi + done + fi + + if test -z "$PGSQL_DIR"; then + tmp="" + for i in $pgsql_directory; do + tmp="$tmp $i/include $i/include/pgsql" + done + FAIL_MESSAGE("PostgreSQL header file (libpq-fe.h)", $tmp) + fi + + for i in lib lib/pgsql; do + str="$PGSQL_DIR/$i/libpq.*" + for j in `echo $str`; do + if test -r $j; then + PGSQL_LIB_DIR="$PGSQL_DIR/$i" + break 2 + fi + done + done + + if test -z "$PGSQL_LIB_DIR"; then + for ff in $pgsql_directory; do + for i in lib lib/pgsql; do + str="$ff/$i/libpq.*" + for j in `echo $str`; do + if test -r $j; then + PGSQL_LIB_DIR="$ff/$i" + break 3 + fi + done + done + done + fi + + if test -z "$PGSQL_LIB_DIR"; then + tmp="" + for i in $pgsql_directory; do + tmp="$i/lib $i/lib/pgsql" + done + FAIL_MESSAGE("postgresql library libpq", $tmp) + fi + + AC_MSG_RESULT(yes) + + LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lm" + if test x"$enable_static" = xyes; then + LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lcrypt -lm" + else + LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lm" + fi + # CFLAGS="$CFLAGS -I${PGSQL_INC_DIR}" + CPPFLAGS="$CPPFLAGS -I${PGSQL_INC_DIR}" + AC_CHECK_HEADERS(pgsql/libpq-fe.h) + else + pg_lib_dir=`${PGCONF} --libdir` + if test x"$enable_static" = xyes; then + LIBS="$LIBS -L${pg_lib_dir} -lpq -lcrypt -lm" + else + LIBS="$LIBS -L${pg_lib_dir} -lpq -lm" + fi + pg_inc_dir=`${PGCONF} --includedir` + # CFLAGS="$CFLAGS -I${pg_inc_dir}" + CPPFLAGS="$CPPFLAGS -I${pg_inc_dir}" + fi + elif test "x${withval}" = "xodbc"; then + AC_MSG_CHECKING(for odbc in /usr /usr/local ODBC_HOME) + odbc_directory="/usr /usr/local" + + for i in $odbc_directory; do + if test -r $i/include/sql.h; then + if test -r $i/include/sqlext.h; then + if test -r $i/include/sqltypes.h; then + ODBC_DIR=$i + ODBC_INC_DIR=$i/include + fi + fi + fi + done + + if test -z "$ODBC_DIR"; then + tmp="" + for i in $odbc_directory; do + tmp="$tmp $i/include" + done + FAIL_MESSAGE("odbc headers (sql.h sqlext.h sqltypes.h)", $tmp) + fi + + str="$ODBC_DIR/lib/libodbc.*" + for j in `echo $str`; do + if test -r $j; then + ODBC_LIB_DIR="$ODBC_DIR/lib" + ODBC_LIB="odbc" + fi + done + + if test -z "$ODBC_LIB_DIR"; then + FAIL_MESSAGE("odbc library (libodbc)", "$ODBC_DIR/lib") + fi + + AC_MSG_RESULT(yes) + CPPFLAGS="${CPPFLAGS} -I${ODBC_INC_DIR}" + LIBS="${LIBS} -L${ODBC_LIB_DIR} -l$ODBC_LIB" + AC_DEFINE(WITH_ODBC) + AC_DEFINE(WITH_DATABASE) + + elif test "x${withval}" = "xoracle"; then + AC_MSG_CHECKING(for oracle in /usr /usr/local ORACLE_HOME) + oracle_directory="/usr /usr/local ${ORACLE_HOME}" + for i in $oracle_directory; do + if test -r $i/rdbms/demo/oci.h; then + ORACLE_DIR=$i + fi + done + + if test -z "$ORACLE_DIR"; then + tmp="" + for i in $oracle_directory; do + tmp="$tmp $i/rdbms/demo" + done + FAIL_MESSAGE("OCI header file (oci.h)", $tmp) + else + for i in rdbms/demo rdbms/public network/public; do + ORACLE_CPP_FLAGS="$ORACLE_CPP_FLAGS -I$ORACLE_DIR/$i" + done + ORACLE_LIB_DIR="$ORACLE_DIR/lib" + AC_MSG_RESULT(yes) + + CPPFLAGS="${CPPFLAGS} ${ORACLE_CPP_FLAGS}" + + ORACLE_LIBS="-lclntsh" + if test -r $ORACLE_LIB_DIR/libwtc9.so; then + ORACLE_LIBS="${ORACLE_LIBS} -lwtc9" + elif test -r $ORACLE_LIB_DIR/libwtc8.so; then + ORACLE_LIBS="${ORACLE_LIBS} -lwtc8" + fi + LIBS="${LIBS} -L${ORACLE_LIB_DIR} ${ORACLE_LIBS}" + if test "x$GCC" != "xyes"; then + CFLAGS="${CFLAGS} -fno-strict-aliasing" + fi + fi + AC_DEFINE(WITH_ORACLE) + AC_DEFINE(WITH_DATABASE) + + else + AC_MSG_ERROR([Option --with-database=database used with unsupported database ${withval}]) + fi + ] +) + +AC_ARG_WITH(console, + [ --with-console=PATH set path to console device [[/dev/console]]], + [ + if test "x${withval}" != xno; then + mycons="$withval" + AC_DEFINE_UNQUOTED(DEFAULT_CONSOLE, _("${mycons}") ) + fi + ]) + +AC_ARG_WITH(altconsole, + [ --with-altconsole=PATH set path to second console device [[none]]], + [ + if test "x${withval}" != xno; then + myaltcons="$withval" + else + myaltcons="NULL" + fi + ], + [myaltcons="NULL"]) +AC_DEFINE_UNQUOTED(ALT_CONSOLE, _("${myaltcons}") ) + +AC_ARG_WITH(timeserver, + [ --with-timeserver=HOST set host address for time server [[none]]], + [ + if test "x${withval}" != xno; then + mytimeserv="$withval" + AC_DEFINE(HAVE_NTIME) + else + mytimeserv="NULL" + fi + ], + mytimeserv="NULL") +AC_DEFINE_UNQUOTED(DEFAULT_TIMESERVER, _("${mytimeserv}") ) + +AC_ARG_WITH(alttimeserver, + [ --with-alttimeserver=HOST set address for backup time server [[none]]], + [ + if test "x${withval}" != xno; then + myalttimeserv="$withval" + AC_DEFINE(HAVE_NTIME) + else + myalttimeserv="NULL" + fi + ], + myalttimeserv="NULL") +AC_DEFINE_UNQUOTED(ALT_TIMESERVER, _("${myalttimeserv}") ) + +AC_ARG_ENABLE(login-watch, + [ --enable-login-watch watch for login/logout [[no]]], + [ + if test "x${enable_login_watch}" = xyes; then + AC_DEFINE(SH_USE_UTMP) + fi + ] +) + +AC_ARG_ENABLE(mounts-check, + [ --enable-mounts-check check mount options on filesystems [[no]]], + [ + if test "x${enable_mounts_check}" = xyes; then + AC_DEFINE(SH_USE_MOUNTS) + fi + ] +) + +AC_ARG_ENABLE(logfile-monitor, + [ --enable-logfile-monitor monitor logfiles [[no]]], + [ + if test "x${enable_logfile_monitor}" = xyes; then + AC_CHECK_HEADER(pcre.h, + [ + AC_DEFINE(USE_LOGFILE_MONITOR, 1, [Define if you want the logfile monitor module.]) + LIBS="-lpcre $LIBS" + ], + AC_MSG_ERROR([The --enable-logfile-monitor option requires libpcre. For compiling the pcre development package is needed.]) + ) + fi + ] +) + + +AC_ARG_ENABLE(process-check, + [ --enable-process-check check processes [[no]]], + [ + if test "x${enable_process_check}" = xyes; then + AC_CHECK_LIB([rt], [sched_getparam], sh_lrt=yes, sh_lrt=no) + if test x"$sh_lrt" = xyes; then + LIBRT=-lrt + else + LIBRT= + fi + LIBS="$LIBS $LIBRT" + AC_DEFINE(SH_USE_PROCESSCHECK, [1], [Define if you want to check processes]) + fi + ] +) + +AC_ARG_ENABLE(port-check, + [ --enable-port-check check ports [[no]]], + [ + if test "x${enable_port_check}" = xyes; then + AC_DEFINE(SH_USE_PORTCHECK, [1], [Define if you want to check ports]) + fi + ] +) + +AC_ARG_ENABLE(userfiles, + [ --enable-userfiles check for users' config files [[no]]], + [ + if test "x${enableval}" = "xyes"; then + AC_DEFINE(SH_USE_USERFILES) + fi + ] +) + +AC_ARG_ENABLE(debug, + [ --enable-debug enable debug options [[no]]], + [ + if test "x${enable_debug}" = "xyes"; then + if test "x${mydebugflag}" != "xyes"; then + AC_DEFINE(MEM_DEBUG) + fi + AC_DEFINE(WITH_TPT) + AC_DEFINE(SL_DEBUG) + AC_DEFINE(DNMALLOC_CHECKS, 1, [Debug dnmalloc]) + AC_DEFINE(PARANOIA, 0, [Paranoia level for dnmalloc]) + AC_DEFINE(SL_FAIL_ON_ERROR) + if test "x${myneedg3}" = "xyes"; then + mydebugdef="-g3" + else + mydebugdef="-g" + fi + mydebugit="yes" + fi + ] +) +AC_SUBST(mydebugdef) + +if test "x${dnmalloc_ok}" = "xyes"; then + sh_dnmalloc_enabled=yes +else + sh_dnmalloc_enabled=no +fi + +AC_ARG_ENABLE(dnmalloc, + [ --disable-dnmalloc disable dnmalloc], + [ + if test "x${enable_dnmalloc}" = xno; then + sh_dnmalloc_enabled=no + else + sh_dnmalloc_enabled=yes + fi + ] +) + +dnl Handle the problem that static linking against libc.a on Linux +dnl produces the error "multiple definitions of malloc" +dnl +if test "x$sh_dnmalloc_enabled" = "xyes"; then + if test x$enable_static = xyes; then + if test "x$sh_no_gcc_static" = "xyes"; then + sh_dnmalloc_enabled=no + else + if test "x$with_gnu_ld" = "xyes"; then + LDFLAGS="$LDFLAGS -Wl,--allow-multiple-definition" + else + sh_dnmalloc_enabled=no + fi + fi + fi +fi + +if test "x${sh_dnmalloc_enabled}" = xno; then + AC_DEFINE(USE_SYSTEM_MALLOC,1,[Define if you want to use the system malloc]) +fi + +AC_ARG_ENABLE(ptrace, + [ --enable-ptrace use anti-debugger options [[no]]], + [ + if test "x${enable_ptrace}" = xyes; then + if test "x$mydebugit" != "xyes"; then + AC_DEFINE(SCREW_IT_UP) + fi + fi + ] +) + +dnl +if test "x$GCC" = "xyes"; then + if test ! -z "`echo "$CFLAGS" | grep "\-g\ " 2> /dev/null`" ; then + CFLAGS=`echo $CFLAGS | sed 's%\-g%%' ` + fi + +dnl if test ! -z "`echo "$CFLAGS" | grep "\-O2" 2> /dev/null`" ; then +dnl CFLAGS=`echo $CFLAGS | sed 's%\-O2%\-O3%' ` +dnl fi + + if test -z "`echo "$CFLAGS" | grep "\-Wall" 2> /dev/null`" ; then + CFLAGS="$CFLAGS -Wall -W " + fi + + if test -z "`echo "$CFLAGS" | grep "\-fstrength\-reduce" 2> /dev/null`" + then + if test -z "`echo "$CFLAGS" | grep "\-fno\-strength\-reduce" 2> /dev/null`" + then + CFLAGS="$CFLAGS -fno-strength-reduce" + fi + fi + + if test -z "`echo "$CFLAGS" | grep "\-fomit\-frame\-pointer" 2> /dev/null`" + then + if test -z "`echo "$CFLAGS" | grep "\-fno\-omit\-frame\-pointer" 2> /dev/null`" + then + CFLAGS="$CFLAGS -fno-omit-frame-pointer" + fi + fi + +fi + +AC_MSG_CHECKING([which random module to use]) +AC_ARG_WITH(rnd, + [ --with-rnd=[[egd|unix|dev|default]] random number generator [[default]]], +[use_static_rnd=$withval], [use_static_rnd=default] ) + +if test "$use_static_rnd" = no; then + use_static_rnd=default +fi + +case "$use_static_rnd" in + egd | dev | unix | default ) + AC_MSG_RESULT($use_static_rnd) + ;; + * ) + AC_MSG_RESULT([invalid argument]) + AC_MSG_ERROR([Option --with-rnd=module used with unsupported module ${use_static_rnd}]) + ;; +esac + +AC_ARG_WITH(egd-socket, + [ --with-egd-socket=NAME EGD socket name], + egd_socket_name="$withval", egd_socket_name="" ) +AC_DEFINE_UNQUOTED(EGD_SOCKET_NAME, _("$egd_socket_name") ) + +dnl +dnl See whether the user wants to disable checking for /dev/random + +try_dev_random=yes + +case "$use_static_rnd" in +dev | default ) + try_dev_random=yes + ;; +egd) + AC_DEFINE(HAVE_EGD_RANDOM) + try_dev_random=no + ;; +unix) + AC_DEFINE(HAVE_UNIX_RANDOM) + try_dev_random=no + ;; +esac + + +if test "x$try_dev_random" = "xyes"; then + AC_MSG_CHECKING(whether /dev/random exists) + if test -r "/dev/srandom" && test -c "/dev/srandom"; then + AC_DEFINE(HAVE_URANDOM) + AC_DEFINE_UNQUOTED(NAME_OF_DEV_RANDOM, _("/dev/srandom") ) + AC_MSG_RESULT(yes) + if test -r "/dev/urandom" && test -c "/dev/urandom"; then + AC_DEFINE_UNQUOTED(NAME_OF_DEV_URANDOM, _("/dev/urandom") ) + fi + else + if test -r "/dev/random" && test -c "/dev/random"; then + AC_DEFINE(HAVE_URANDOM) + AC_DEFINE_UNQUOTED(NAME_OF_DEV_RANDOM, _("/dev/random") ) + AC_MSG_RESULT(yes) + if test -r "/dev/urandom" && test -c "/dev/urandom"; then + AC_DEFINE_UNQUOTED(NAME_OF_DEV_URANDOM, _("/dev/urandom") ) + fi + else + AC_MSG_RESULT(no) + AC_DEFINE(HAVE_UNIX_RANDOM) + fi + fi +fi + + +AC_ARG_ENABLE(udp, + [ --enable-udp server can listen on port 514/udp [[no]]], + [ + if test "x${enable_udp}" = xyes; then + AC_DEFINE(INET_SYSLOG) + fi + ] +) + +myencrypt=yes +AC_ARG_ENABLE(encrypt, + [ --disable-encrypt disable client/server encryption], + [ + if test "x${enable_encrypt}" = xno; then + myencrypt=no + elif test "x${enable_encrypt}" = "x1"; then + myencrypt=1 + fi + ] +) +if test "x${myencrypt}" = "xyes"; then + AC_DEFINE(SH_ENCRYPT) + AC_DEFINE(SH_ENCRYPT_2) +elif test "x${myencrypt}" = "x1"; then + AC_DEFINE(SH_ENCRYPT) +fi + +sh_use_srp_proto=yes +AC_ARG_ENABLE(srp, + [ --disable-srp disable SRP for authentication], + [ + if test "x${enable_srp}" = xno; then + sh_use_srp_proto=no + fi + ] +) +if test "x${sh_use_srp_proto}" = xyes; then + AC_DEFINE(USE_SRP_PROTOCOL) +fi + +AC_ARG_WITH(port, + [ --with-port=PORT set port to use for TCP/IP connection [[49777]]], + [ + echo "${withval}" | grep ['[^0123456789]'] >/dev/null 2>&1 && + AC_MSG_ERROR([For --with-port=PORT, PORT must be numeric.]) + myport=${withval} + ], + [myport="49777"]) +AC_DEFINE_UNQUOTED(SH_DEFAULT_PORT, ${myport}) +AC_SUBST(myport) + +AC_ARG_WITH(logserver, + [ --with-logserver=HOST set host address for log server [[none]]], + [ + case "$withval" in + *.* | localhost) + mylogsrv="$withval" + ;; + *) + mylogsrv="$withval" + ;; + esac + ], + [mylogsrv="NULL"]) +AC_DEFINE_UNQUOTED(DEFAULT_LOGSERVER, _("${mylogsrv}") ) +AC_SUBST(mylogsrv) + +AC_ARG_WITH(altlogserver, + [ --with-altlogserver=HOST set address for backup log server [[none]]], + [ + case "$withval" in + *.* | localhost) + myaltlogsrv="$withval" + ;; + *) + myaltlogsrv="$withval" + ;; + esac + ], + [myaltlogsrv="NULL"]) +AC_DEFINE_UNQUOTED(ALT_LOGSERVER, _("${myaltlogsrv}")) + + + +dnl +dnl STEALTH OPTIONS +dnl +nocl_code= +xor_code=0 +AC_ARG_ENABLE(nocl, + [ --enable-nocl=PW no CL parsing unless first CL argument is PW], + [ + if test "x${enableval}" != "x"; then + AC_DEFINE(SH_STEALTH_NOCL) + fi + if test "x${enableval}" = "xstop" || test "x${enableval}" = "xstart"; then + AC_MSG_ERROR([For --enable-nocl=PW start/stop/reload/restart/status are reserved words.]) + fi + if test "x${enableval}" = "xreload" || test "x${enableval}" = "xrestart"; then + AC_MSG_ERROR([For --enable-nocl=PW start/stop/reload/restart/status are reserved words.]) + fi + if test "x${enableval}" = "xstatus"; then + AC_MSG_ERROR([For --enable-nocl=PW start/stop/reload/restart/status are reserved words.]) + fi + if test "x${enableval}" = "xno"; then + AC_MSG_ERROR([With --enable-nocl=PW, the use of --enable-nocl=no is ambiguous.]) + fi + nocl_code="${enable_nocl}" + ] +) +AC_DEFINE_UNQUOTED(NOCL_CODE, _("${nocl_code}") ) +AC_SUBST(nocl_code) +AC_ARG_ENABLE(stealth, + [ --enable-stealth=XOR_VAL enable stealth mode [[no]]], + [AC_DEFINE(SH_STEALTH) + if test "x${enableval}" != "xyes"; then + echo "${enableval}" | grep ['[^0123456789]'] >/dev/null 2>&1 && + AC_MSG_ERROR([For --enable-stealth=XOR_VAL, XOR_VAL must be numeric.]) + if test "${enableval}" -lt 127 || test "${enableval}" -gt 255; then + if test x"${enableval}" = x0 + then + : + else + AC_MSG_ERROR([For --enable-stealth=XOR_VAL, XOR_VAL must be in the range 127 to 255.]) + fi + fi + xor_code="${enable_stealth}" + else + xor_code=0 + fi + stegin_prg="samhain_stealth" + ], + [ + stegin_prg= + ] +) +AC_ARG_ENABLE(micro-stealth, + [ --enable-micro-stealth=XOR_VAL enable micro stealth mode [[no]]], + [ + AC_DEFINE(SH_STEALTH) + AC_DEFINE(SH_STEALTH_MICRO) + if test "x${enableval}" != "xyes"; then + echo "${enableval}" | grep ['[^0123456789]'] >/dev/null 2>&1 && + AC_MSG_ERROR([For --enable-micro-stealth=XOR_VAL, XOR_VAL must be numeric.]) + if test "${enableval}" -lt 127 || test "${enableval}" -gt 255; then + if test x"${enableval}" = x0 + then + : + else + AC_MSG_ERROR([For --enable-micro-stealth=XOR_VAL, XOR_VAL must be in the range 127 to 255.]) + fi + fi + xor_code="${enable_micro_stealth}" + else + xor_code=0 + fi + ] +) +install_name="samhain" +INSTALL_NAME="SAMHAIN" +AC_ARG_ENABLE(install-name, + [ --enable-install-name=NAME name under which to install [[samhain|yule]]], + [ + if test "x${enableval}" != "xyes"; then + install_name="${enableval}" + INSTALL_NAME=`echo "${enableval}" | tr [a-z] [A-Z]` + else + install_name="${sh_main_prg}" + INSTALL_NAME=`echo "${sh_main_prg}" | tr [a-z] [A-Z]` + fi + ], + [ + install_name="${sh_main_prg}" + INSTALL_NAME=`echo "${sh_main_prg}" | tr [a-z] [A-Z]` + ] +) + + +need_user_install=0 + +AC_ARG_ENABLE(identity, + [ --enable-identity=USER user if dropping root [[daemon]]], + [ + if test x"$enableval" = xno; then + myident="daemon" + else + myident="$enableval" + fi + echo "${myident}" | grep ['[^0123456789]'] >/dev/null 2>&1 || \ + AC_MSG_ERROR([With --enable-identity=USER, please supply a username, not a UID.]) + myident_uid=`(cat /etc/passwd; ypcat passwd) 2>/dev/null |\ + grep "^${myident}:" | awk -F: '{ print $3; }'` + if test x"${myident_uid}" = x; then + AC_MSG_WARN([Option --enable-identity used, user ${myident} will be added upon install.]) + need_user_install=1 + fi + ], + [ + for myident in ${install_name} daemon nobody; do + AC_MSG_CHECKING(for user ${myident}) + myident_uid=`(cat /etc/passwd; ypcat passwd) 2>/dev/null |\ + grep "^${myident}:" | awk -F: '{ print $3; }'` + if test x"${myident_uid}" != x; then + AC_MSG_RESULT(yes) + break; + else + AC_MSG_RESULT(no) + fi + done + if test x"${myident_uid}" = x; then + myident=${install_name} + AC_MSG_WARN([--enable-identity: user ${myident} will be added upon install]) + need_user_install=1 + fi + ]) +AC_DEFINE_UNQUOTED(DEFAULT_IDENT, _("${myident}") ) +AC_SUBST(myident) +AC_SUBST(need_user_install) + +sh_insmod_cmd=": # no kernel module" +sh_lkm="" +lkm_inc="" +khidemap="/boot/System.map" +sh_syscalltable="0x0" +AC_ARG_ENABLE(khide, + [ --enable-khide=SYSTEM_MAP use kernel module to hide (Linux only)[[/boot/System.map]]], + [ + if test "x${enable_khide}" != xno; then + if test "x${enableval}" != "xyes"; then + khidemap="${enableval}" + fi + sh_syscalltable=`egrep '(D|d|R|r) sys_call_table' ${khidemap} | awk '{print $1}'` + if test x"$sh_syscalltable" = x; then + AC_MSG_ERROR([Option --enable-khide cannot be used since the symbol sys_call_table was not found in ${khidemap}.]) + fi + sh_syscalltable="0x${sh_syscalltable}" + install_name_len=`echo ${install_name} | awk '{ print(length()); }'` + if test "${install_name_len}" -gt 15 ; then + AC_MSG_ERROR([If --enable-khide is used, install_name must not exceed a length of 15 chars.]) + fi + AC_DEFINE(SH_USE_LKM) + AC_DEFINE_UNQUOTED(SH_MAGIC_HIDE, "${install_name}") + + # -- NEW -- + kernel_version=`uname -r | sed s,2.6.*,LINUX26,` + kernel_numeric=`uname -r | sed 's%-%.%g' | sed 's%_%.%g' | awk -F. '{ print $1*65536+$2*256+$3 }'` + AC_DEFINE_UNQUOTED(SH_KERNEL_NUMERIC, ${kernel_numeric}, [Kernel number]) + + if test x"$kernel_version" = xLINUX26 + then + AC_MSG_CHECKING([for modlist_lock]) + sh_modlist_lock=`egrep ['[bd] modlist_lock$'] ${khidemap} | awk '{print $1}'` + if test x"$sh_modlist_lock" = x; then + AC_MSG_RESULT(no) + else + sh_modlist_lock="0x${sh_modlist_lock}" + AC_MSG_RESULT([${sh_modlist_lock}]) + AC_DEFINE_UNQUOTED(SH_MODLIST_LOCK, ${sh_modlist_lock}, [The address of the modules list spinlock]) + fi + + AC_MSG_CHECKING([for module_mutex]) + sh_modlist_mutex=`egrep ['[bd] module_mutex$'] ${khidemap} | awk '{print $1}'` + if test x"$sh_modlist_mutex" = x; then + AC_MSG_RESULT(no) + else + sh_modlist_mutex="0x${sh_modlist_mutex}" + AC_MSG_RESULT([${sh_modlist_mutex}]) + AC_DEFINE_UNQUOTED(SH_MODLIST_MUTEX, ${sh_modlist_mutex}, [The address of the modules list mutex]) + fi + + sh_list_modules=`egrep 'd modules$' ${khidemap} | awk '{print $1}'` + if test x"$sh_list_modules" = x; then + AC_MSG_ERROR([Option --enable-khide cannot be used, since the symbol modules was not found in ${khidemap}.]) + fi + sh_list_modules="0x${sh_list_modules}" + AC_DEFINE_UNQUOTED(SH_LIST_MODULES, ${sh_list_modules}, [The address of the modules list]) + + AC_DEFINE(LINUX26, 1, [Define if kernel is 2.6]) + sh_insmod_cmd="modprobe ${install_name}_hide" + sh_lkm="samhain_hide.ko" + else + sh_insmod_cmd="insmod ${install_name}_hide; insmod ${install_name}_erase; rmmod ${install_name}_erase" + sh_lkm="samhain_hide.o samhain_erase.o" + fi + # -- END NEW -- + + kvers=`uname -r` + if test -f /lib/modules/${kvers}/build/include/linux/kernel.h; then + lkm_inc="-I/lib/modules/${kvers}/build/include" + else + AC_MSG_WARN([--enable-khide: /lib/modules/${kvers}/build/include/linux not found]) + AC_MSG_WARN([--enable-khide: You may need to install the kernel-source]) + AC_MSG_WARN([--enable-khide: headers for the currently-running kernel.]) + fi + + AC_MSG_CHECKING([for 2.4 vanilla kernel]) + sh_is_vanilla_kernel=yes + if test -f /lib/modules/${kvers}/build/include/linux/sched.h; then + grep 'next_task,' /lib/modules/${kvers}/build/include/linux/sched.h >/dev/null 2>&1 || sh_is_vanilla_kernel=no + fi + if test x"${sh_is_vanilla_kernel}" = xno; then + AC_MSG_RESULT(no) + else + AC_MSG_RESULT(yes) + AC_DEFINE(SH_VANILLA_KERNEL) + fi + + fi + ] +) +AC_SUBST(lkm_inc) +AC_SUBST(sh_lkm) +AC_SUBST(sh_insmod_cmd) +AC_SUBST(install_name) +AC_SUBST(INSTALL_NAME) +AC_SUBST(stegin_prg) +AC_SUBST(xor_code) + +AC_DEFINE_UNQUOTED(XOR_CODE, ${xor_code}) +AC_DEFINE_UNQUOTED(SH_SYSCALLTABLE, ${sh_syscalltable}) + + +exepack_state0=`${srcdir}/c_random.sh 2>/dev/null` +exepack_state1=`${srcdir}/c_random.sh 2>/dev/null` +exepack_state2=`${srcdir}/c_random.sh 2>/dev/null` + +AC_DEFINE_UNQUOTED(EXEPACK_STATE_0, ${exepack_state0}) +AC_DEFINE_UNQUOTED(EXEPACK_STATE_1, ${exepack_state1}) +AC_DEFINE_UNQUOTED(EXEPACK_STATE_2, ${exepack_state2}) + + +AC_ARG_ENABLE(suidcheck, + [ --enable-suidcheck check for suid/sgid files [[no]]], + [ + if test "x${enableval}" = "xyes"; then + AC_DEFINE(SH_USE_SUIDCHK) + fi + ] +) + + +systemmap="/boot/System.map" +sh_libkvm="" +AC_ARG_WITH(kcheck, + [ --with-kcheck[[=SYSTEM_MAP]] check Linux/FreeBSD/OpenBSD kernel integrity [[/boot/System.map]]], + [ + if test "x${withval}" != "xno"; then + AC_DEFINE(SH_USE_KERN) + + kernel_numeric=`uname -r | sed 's%-%.%g' | sed 's%_%.%g' | awk -F. '{ print $1*65536+$2*256+$3 }'` + AC_DEFINE_UNQUOTED(SH_KERNEL_NUMBER, ${kernel_numeric}, [Kernel number]) + + kernelversion=`uname -r` + AC_DEFINE_UNQUOTED(SH_KERNEL_VERSION, _("${kernelversion}"), [Define the kernel version]) + if test "x${withval}" != "xyes"; then + systemmap="${withval}" + fi + if test "x${cross_compiling}" = xyes; then + : + elif test "x$selectconfig" = "xfreebsd"; then + LIBS="$LIBS -lkvm" + sh_libkvm="-lkvm" + elif test -f "${systemmap}"; then + : + else + AC_MSG_ERROR([Option --with-kcheck=systemmap cannot be used, because system map ${systemmap} does not exist.]) + fi + fi + ] +) +AC_SUBST(systemmap) +AC_SUBST(sh_libkvm) + +AC_ARG_ENABLE(base, + [ --enable-base=B1,B2 base key (0...2147483647)], + [ + AC_MSG_CHECKING(base key setting) + my_key_A=`echo ${enableval} | awk 'BEGIN{FS=","}{print $1}'` + my_key_B=`echo ${enableval} | awk 'BEGIN{FS=","}{print $2}'` + AC_MSG_RESULT(${my_key_A} ${my_key_B}) + if test "x${my_key_A}" = x; then + AC_MSG_ERROR([Option --enable-base=B1,B2 used with invalid first base key (zero length).]) + fi + if test "x${my_key_B}" = x; then + AC_MSG_ERROR([Option --enable-base=B1,B2 used with invalid second base key (zero length).]) + fi + echo "${my_key_A}" | grep ['[^0123456789]'] >/dev/null 2>&1 && + AC_MSG_ERROR([For --enable-base=B1,B2, B1 and B2 must be numeric in the range 0 to 2147483647.]) + echo "${my_key_B}" | grep ['[^0123456789]'] >/dev/null 2>&1 && + AC_MSG_ERROR([For --enable-base=B1,B2, B1 and B2 must be numeric in the range 0 to 2147483647.]) + ], + [ + AC_MSG_CHECKING(base key setting .. collecting entropy) + my_key_1=`${srcdir}/c_random.sh 2>/dev/null` + my_key_2=`${srcdir}/c_random.sh 2>/dev/null` + my_key_3=`${srcdir}/c_random.sh 2>/dev/null` + my_key_4=`${srcdir}/c_random.sh 2>/dev/null` + my_key_A=`expr $my_key_1 \* 32767` + my_key_A=`echo ${my_key_A} | sed 's%^0*%%g' 2>/dev/null` + my_key_A=`expr $my_key_A \+ $my_key_2` + my_key_B=`expr $my_key_3 \* 32767` + my_key_B=`echo ${my_key_B} | sed 's%^0*%%g' 2>/dev/null` + my_key_B=`expr $my_key_B \+ $my_key_4` + AC_MSG_RESULT(${my_key_A} ${my_key_B}) + ] + ) +AC_SUBST(my_key_A) +AC_SUBST(my_key_B) + +dnl low bytes +my_key_1=`expr $my_key_A \% 65536` +dnl high bytes +my_key_2=`expr $my_key_A \/ 65536` +dnl low bytes +my_key_3=`expr $my_key_B \% 65536` +dnl high bytes +my_key_4=`expr $my_key_B \/ 65536` + +dnl echo ${my_key_1} ${my_key_2} ${my_key_3} ${my_key_4} + +dnl touch ./sh_MK.h +dnl echo "#ifndef SH_MK_H" >> ./sh_MK.h +dnl echo "#define SH_MK_H" >> ./sh_MK.h +dnl ${srcdir}/c_bits.sh ${my_key_1} MKB >> ./sh_MK.h +dnl ${srcdir}/c_bits.sh ${my_key_2} MKA >> ./sh_MK.h +dnl ${srcdir}/c_bits.sh ${my_key_3} MKC >> ./sh_MK.h +dnl ${srcdir}/c_bits.sh ${my_key_4} MKD >> ./sh_MK.h +dnl echo "#endif" >> ./sh_MK.h +AC_SUBST(my_key_1) +AC_SUBST(my_key_2) +AC_SUBST(my_key_3) +AC_SUBST(my_key_4) + +AC_MSG_CHECKING(key position) +pos_tf_1=`${srcdir}/c_random.sh 2>/dev/null` +pos_tf_2=`expr $pos_tf_1 \% 8` +pos_tf=`expr $pos_tf_2 + 1` +AC_MSG_RESULT(${pos_tf}) +AC_DEFINE_UNQUOTED(POS_TF, ${pos_tf} ) + +mykeybase=`echo ${my_key_A},${my_key_B}` +AC_DEFINE_UNQUOTED(DEFKEY, ${mykeybase} ) +AC_SUBST(mykeybase) + + +dnl +dnl GPG/PGP options +dnl + +AC_ARG_WITH(gpg, + [ --with-gpg=PATH use GnuPG to verify database/config [[no]]], + [ + if test "x${withval}" != "xno"; then + if test "x${cross_compiling}" = xyes; then + mygpg="${withval}" + else + if test -f "${withval}"; then + mygpg="${withval}" + mychk0=`${withval} --load-extension tiger --print-md TIGER192 ${withval} 2>/dev/null` + if test "x$?" != "x0"; then + mychktest=no + for sampre in ./samhain ./yule /usr/local/sbin/samhain /usr/local/bin/samhain /usr/bin/samhain /usr/sbin/samhain /usr/local/sbin/yule /usr/local/bin/yule /usr/bin/yule /usr/sbin/yule; do + if test x"${mychktest}" = xyes + then + : + else + if test -f ${sampre} + then + echo "use existing ${sampre} for gpg checksum" + mychk0=`${sampre} -H ${withval} 2>/dev/null` + if test "x$?" != "x0"; then + : + else + mychk="${mychk0}" + mychktest=yes + fi + fi + fi + done + if test x${mychktest} = xno; then + AC_MSG_WARN([--with-gpg: cannot determine TIGER192 checksum of ${withval}]) + echo "-------------------------------------------------------------" + echo " Your gpg binary does not support the TIGER192 checksum, " + echo " and I cannot find an existing samhain binary to use instead." + echo " You can:" + echo " (a) run make to compile a samhain binary, then repeat" + echo " ./configure and make" + echo " (b) ignore the failure. The checksum of the gpg binary" + echo " will not get compiled in, thus allowing an attacker" + echo " to replace gpg with a trojan and subverting the gpg" + echo " signature verification of configure and database files." + echo + echo " PLEASE IGNORE THIS MESSAGE IF YOU ALSO USE --with-checksum" + echo "-------------------------------------------------------------" + fi + else + mychk="${mychk0}" + fi + else + AC_MSG_WARN([--with-gpg: cannot find GnuPG PATH=${withval}]) + fi + fi + AC_DEFINE(WITH_GPG) + AC_DEFINE_UNQUOTED(DEFAULT_GPG_PATH, _("${mygpg}") ) + AC_SUBST(mygpg) + fi + ] +) + +dnl AC_ARG_WITH(pgp, +dnl [ --with-pgp=PATH Use PGP to verify database/config (no).], +dnl [myppg="$withval" +dnl AC_DEFINE(WITH_PGP) +dnl AC_DEFINE_UNQUOTED(DEFAULT_PGP_PATH, _("${myppg}") ) +dnl ]) + +AC_ARG_WITH(checksum, + [ --with-checksum=CHKSUM compile in gpg/pgp checksum [[yes]]], + [ + if test "x${withval}" != "xno"; then + if test "x${withval}" != "xyes"; then + if test "x${mychk}" != "x"; then + if test "x${mychk}" != "x${withval}"; then + AC_MSG_WARN([--with-checksum: possible gpg CHKSUM problem]) + AC_MSG_WARN([--with-checksum: CHKSUM=${withval}]) + AC_MSG_WARN([--with-checksum: autodetected=${mychk}]) + fi + fi + mychk="${withval}" + else + if test "x${mychk}" = "x"; then + AC_MSG_ERROR([Option --with-checksum=CHKSUM: checksum CHKSUM of the gpg binary not specified.]) + fi + fi + AC_DEFINE(HAVE_GPG_CHECKSUM) + AC_DEFINE_UNQUOTED(GPG_HASH, _("${mychk}") ) + echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char gpgchk[50];"; for (i=1; i <= m; i++) printf "gpgchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "gpgchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_gpg_chksum.h + fi + ], + [ + if test "x${mygpg}" != "x"; then + if test "x${mychk}" != "x"; then + AC_DEFINE(HAVE_GPG_CHECKSUM) + AC_DEFINE_UNQUOTED(GPG_HASH, _("${mychk}") ) + echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char gpgchk[50];"; for (i=1; i <= m; i++) printf "gpgchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "gpgchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_gpg_chksum.h + fi + fi + ] +) + +AC_ARG_WITH(fp, + [ --with-fp=FINGERPRINT compile in public key fingerprint [[no]]], + [ + if test "x${withval}" != "xno"; then + if test "x${withval}" != "xyes"; then + withval0=`echo ${withval} | sed 's% %%g'` + echo "${withval0}" | \ + grep ['[^0123456789abcdefABCDEF]'] >/dev/null 2>&1 && + AC_MSG_ERROR([In option --with-fp=FINGERPRINT, there is an invalid character(s) in FINGERPRINT=${withval0}.]) + sh_len=`echo ${withval0} | wc -c | sed 's% %%g'` + sh_len0=`expr ${sh_len} \- 1` + if test "x${sh_len0}" = "x40" || test "x${sh_len0}" = "x32" + then + myfp="${withval0}" + AC_DEFINE(USE_FINGERPRINT) + AC_DEFINE_UNQUOTED(SH_GPG_FP, _("${myfp}") ) + echo "${myfp}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef FINGERPRINT_H"; print "#define FINGERPRINT_H"; printf "char gpgfp[%d];\n", m+1; for (i=1; i <= m; i++) printf "gpgfp[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "gpgfp[%d] = %c%c0%c;\n", m, 39, 92, 39; print "#endif"; }' > sh_gpg_fp.h + else + AC_MSG_ERROR([In option --with-fp=FINGERPRINT, the length (${sh_len0}) of FINGERPRINT ${withval0} is incorrect.]) + fi + else + AC_MSG_ERROR([For option --with-fp=FINGERPRINT, FINGERPRINT=yes is invalid, please specify a valid key fingerprint.]) + fi + fi + ]) + + +dnl +dnl MAIL OPTIONS +dnl + +AC_ARG_WITH(recipient, + [ --with-recipient=ADDR set recipient(s) for e-mail [[none]]], + [ + withval0=`echo ${withval} | sed 's%,% %g'` + for sh_item in ${withval0} + do + case ${sh_item} in + *@localhost) + ;; + *@*.*) + sh_tmp=`echo ${sh_item} | awk '{ if ($1 ~ [/^[a-zA-Z0-9][a-zA-Z0-9\-_\.]*@[a-zA-Z0-9\-\.]+\.([a-zA-Z]+|[0-9]+)$/]) {print 1; } else { print 0}}'` + if test "x${sh_tmp}" != "x1" + then + AC_MSG_ERROR([Option --with-recipient=ADDR used with invalid mail address ${sh_item}.]) + fi + ;; + *) + AC_MSG_ERROR([Option --with-recipient=ADDR used with invalid mail address ${sh_item}.]) + ;; + esac + done + myrcp="$withval0" + ], + [myrcp="NULL"]) +AC_DEFINE_UNQUOTED(DEFAULT_MAILADDRESS, _("${myrcp}") ) + + +AC_ARG_WITH(sender, + [ --with-sender=SENDER set sender for e-mail [[daemon]]], + [ + mysender="${withval}" + ], + [ + mysender="daemon" + ]) +AC_DEFINE_UNQUOTED(DEFAULT_SENDER, _("${mysender}") ) + + +dnl +dnl PATHS +dnl + +AC_ARG_WITH(trusted, + [ --with-trusted=UID Set uid(s) of trusted users [[0]]], + [ + sh_tmp_test=no + sh_tmp=`echo ${withval} | sed 's%,% %g'` + for sh_tmp1 in ${sh_tmp} + do + echo "${sh_tmp1}" | grep ['[^0123456789]'] >/dev/null 2>&1 && + AC_MSG_ERROR([Option --with-trusted=UID used with non-numeric UID in ${withval}.]) + if test "x${sh_tmp1}" = "x0" + then + sh_tmp_test=yes + fi + done + if test "x${sh_tmp_test}" = "xno" + then + withval="0,${withval}" + fi + mytrust="${withval}" + ], + [mytrust="0"] ) +AC_DEFINE_UNQUOTED(SL_ALWAYS_TRUSTED, ${mytrust} ) +AC_SUBST(mytrust) + +AC_ARG_WITH(tmp-dir, + [ --with-tmp-dir=PFX set directory for temporary files [[HOME]]], + [ + if test "x${cross_compiling}" = xyes; then + my_tmp_dir="$withval" + AC_DEFINE_UNQUOTED(SH_TMPDIR, _("${my_tmp_dir}") ) + else + if test -d "${withval}"; then + my_tmp_dir="$withval" + AC_DEFINE_UNQUOTED(SH_TMPDIR, _("${my_tmp_dir}") ) + else + my_tmp_dir="$withval" + AC_DEFINE_UNQUOTED(SH_TMPDIR, _("${my_tmp_dir}") ) + AC_MSG_WARN([--with-tmp-dir: tmp directory ${withval} does not exist]) + fi + fi + ] +) + +dnl +dnl PATH DEFAULTS +dnl + +if test "x${ac_prefix_set}" = xyes +then + if test "x${exec_prefix}" = xNONE + then + exec_prefix="${prefix}" + fi + + if test "x${prefix}" = xOPT + then + tmp_sbindir="/opt/${install_name}/bin" + tmp_sysconfdir="/etc/opt" + tmp_mandir="/opt/${install_name}/man" + tmp_localstatedir="/var/opt/${install_name}" + elif test "x${prefix}" = xUSR + then + tmp_sbindir="/usr/sbin" + tmp_sysconfdir="/etc" + tmp_mandir="/usr/share/man" + tmp_localstatedir="/var" + else + tmp_sbindir=`eval echo ${sbindir}` + tmp_sysconfdir=`eval echo ${sysconfdir}` + tmp_mandir=`eval echo ${mandir}` + tmp_localstatedir=`eval echo ${localstatedir}` + fi +else + prefix="" + if test "x${ac_exec_prefix_set}" = xyes + then + tmp_sbindir=`eval echo ${sbindir}` + else + tmp_sbindir="/usr/local/sbin" + fi + tmp_sysconfdir="/etc" + # share/man -> man (FHS) 11.10.2002 + tmp_mandir="/usr/local/man" + tmp_localstatedir="/var" +fi + + +if test "x${ac_sbindir_set}" = xyes +then + : +else + sbindir=`eval echo ${tmp_sbindir}` +fi + + +if test "x${ac_sysconfdir_set}" = xyes +then + : +else + sysconfdir=`eval echo ${tmp_sysconfdir}` +fi + +if test "x${ac_mandir_set}" = xyes +then + : +else + mandir=`eval echo ${tmp_mandir}` +fi + +if test "x${ac_localstatedir_set}" = xyes +then + : +else + localstatedir=`eval echo ${tmp_localstatedir}` +fi + + + +AC_ARG_WITH(config-file, + [ --with-config-file=FILE configuration file [[/etc/{install_name}rc]]], + [ + myconffile="${withval}" + changequote(<<, >>)dnl + tmp=`echo ${withval} | sed 's%^REQ_FROM_SERVER%%'` + sysconfdir=`echo ${tmp} | sed 's%/[^/][^/]*$%%'` + myrpmconffile="${tmp}" + changequote([, ])dnl + ], + [ + myconffile="${sysconfdir}/${install_name}rc" + myrpmconffile="${myconffile}" + ] +) +AC_DEFINE_UNQUOTED(DEFAULT_CONFIGFILE, _("${myconffile}") ) +AC_SUBST(myconffile) +AC_SUBST(myrpmconffile) + +AC_ARG_WITH(log-file, + [ --with-log-file=FILE path of log file [[/var/log/{install_name}_log]]], + [ + mylogfile="$withval" + changequote(<<, >>)dnl + mylogdir=`echo ${withval} | sed 's%/[^/][^/]*$%%'` + changequote([, ])dnl + ], + [ + if test "x${mytclient}" = "x-DSH_WITH_SERVER"; then + mylogfile="${localstatedir}/log/${install_name}/${install_name}_log" + mylogdir="${localstatedir}/log/${install_name}" + else + mylogfile="${localstatedir}/log/${install_name}_log" + mylogdir="${localstatedir}/log" + fi + ] +) +AC_DEFINE_UNQUOTED(DEFAULT_ERRFILE, _("${mylogfile}") ) +AC_DEFINE_UNQUOTED(DEFAULT_LOGDIR, _("${mylogdir}") ) +AC_SUBST(mylogfile) +AC_SUBST(mylogdir) + +AC_ARG_WITH(pid-file, + [ --with-pid-file=FILE set path of pid file [[/var/run/{install_name}.pid]]], + [ + mylockfile="$withval" + changequote(<<, >>)dnl + mylockdir=`echo ${withval} | sed 's%/[^/][^/]*$%%'` + changequote([, ])dnl + ], + [ + mylockfile="${localstatedir}/run/${install_name}.pid" + mylockdir="${localstatedir}/run" + ] +) +AC_DEFINE_UNQUOTED(DEFAULT_ERRLOCK, _("${mylockfile}") ) +AC_DEFINE_UNQUOTED(DEFAULT_PIDDIR, _("${mylockdir}") ) +AC_SUBST(mylockfile) +AC_SUBST(mylockdir) + +AC_ARG_WITH(state-dir, + [ --with-state-dir=PFX set state data directory [[/var/lib/{install_name}]]], + [ + mydataroot="$withval" + ], + [ + mydataroot="${localstatedir}/lib/${install_name}" + ] + ) +AC_ARG_WITH(data-file, + [ --with-data-file=FILE set path of data file], + [ + mydatafile="$withval" + changequote(<<, >>)dnl + tmp=`echo ${withval} | sed 's%^REQ_FROM_SERVER%%'` + mydataroot=`echo ${tmp} | sed 's%/[^/][^/]*$%%'` + myrpmdatafile="${tmp}" + changequote([, ])dnl + if test x"${tmp}" = x + then + echo "No local path in data file ${withval}" + echo "This will not work for initializing the database." + if test x"${withval}" = xREQ_FROM_SERVER + then + echo "It should be REQ_FROM_SERVER/some/local/path" + fi + AC_MSG_ERROR([Option --with-data-file=FILE used with invalid path ${withval}.]) + fi + ], + [ + mydatafile="${mydataroot}/${install_name}_file" + myrpmdatafile="${mydatafile}" + ]) +AC_DEFINE_UNQUOTED(DEFAULT_DATA_FILE, _("${mydatafile}") ) +AC_SUBST(mydatafile) +AC_SUBST(myrpmdatafile) + +AC_DEFINE_UNQUOTED(DEFAULT_DATAROOT, _("${mydataroot}") ) +AC_SUBST(mydataroot) + +AC_DEFINE_UNQUOTED(DEFAULT_QDIR, _("${mydataroot}/.quarantine") ) +AC_SUBST(myqdir) + + +AC_ARG_WITH(html-file, + [ --with-html-file=FILE set path of html file,], + [ + myhtmlfile="$withval" + ], + [ + myhtmlfile="${mylogdir}/${install_name}.html" + ]) +AC_DEFINE_UNQUOTED(DEFAULT_HTML_FILE, _("${myhtmlfile}") ) +AC_SUBST(myhtmlfile) + + +mydefargs=$ac_configure_args +# if test -z "`echo "$mydefargs" | grep "\-\-enable\-static" 2> /dev/null`" +# then +# mydefargs="--enable-static $mydefargs" +# fi +if test -z "`echo "$mydefargs" | grep "\-\-enable\-base" 2> /dev/null`" +then + mydefargs="--enable-base=${mykeybase} $mydefargs" +fi +AC_SUBST(mydefargs) + + +AC_DEFINE_UNQUOTED(SH_INSTALL_DIR, _("${sbindir}")) +AC_DEFINE_UNQUOTED(SH_INSTALL_PATH, _("${sbindir}/${install_name}")) +AC_DEFINE_UNQUOTED(SH_INSTALL_NAME, _("${install_name}")) + +AC_CONFIG_HEADER(config.h) + +AC_OUTPUT( +[ +Makefile +samhain-install.sh +init/samhain.startLSB +init/samhain.startLinux +init/samhain.startGentoo +init/samhain.startFreeBSD +init/samhain.startSolaris +init/samhain.startHPUX +init/samhain.startIRIX +init/samhain.startMACOSX +samhain.spec +rules.deb +rules.deb-light +hp_ux.psf +scripts/samhain.spec +scripts/redhat_i386.client.spec +scripts/samhain.ebuild +scripts/samhain.ebuild-light +scripts/samhainadmin.pl +scripts/yuleadmin.pl +scripts/check_samhain.pl +deploy.sh +], +[ +echo timestamp > stamp-h +chmod +x samhain-install.sh +chmod +x scripts/samhainadmin.pl +chmod +x scripts/yuleadmin.pl +chmod +x scripts/check_samhain.pl +] +) + +chmod +x deploy.sh + +if test "x${cross_compiling}" = xyes +then + +echo "--------------------------------------------------------------" +echo +echo "You are using a cross-compiler. The following system dependent" +echo "values may have been set to default values that may be" +echo "incorrect for your target system: " +echo +echo "ac_cv_c_bigendian bigendian byte order ${ac_cv_c_bigendian}" +echo "ac_cv_c_long_double long double exists ${ac_cv_c_long_double}" +echo "ac_cv_sizeof_char_p size of pointer to char ${ac_cv_sizeof_char_p}" +echo "ac_cv_sizeof_char_p size of size_t ${ac_cv_sizeof_size_t}" +echo "ac_cv_sizeof_unsigned_int size of unsigned int ${ac_cv_sizeof_unsigned_int}" +echo "ac_cv_sizeof_unsigned_long size of unsigned long ${ac_cv_sizeof_unsigned_long}" +echo "ac_cv_sizeof_unsigned_short size of unsigned short ${ac_cv_sizeof_unsigned_short}" +echo +echo "If these values are incorrect, change them in the file " +echo "config.cache and run configure again." +echo +echo "--------------------------------------------------------------" + +fi + +if test x${silent} != xyes +then + + # A=`eval echo ${sbindir}` ; A=`eval echo ${A}` + # B=`eval echo ${myconffile}` ; B=`eval echo ${B}` + # C=`eval echo ${mandir}` ; C=`eval echo ${C}` + # D=`eval echo ${mylockfile}` ; D=`eval echo ${D}` + # E=`eval echo ${mylogfile}` ; E=`eval echo ${E}` + # F=`eval echo ${mydataroot}` ; F=`eval echo ${F}` + + echo + echo " samhain has been configured as follows:" + echo " System binaries: ${sbindir}" + echo " Configuration file: ${myconffile}" + echo " Manual pages: ${mandir}" + echo " Data: ${mydataroot}" + echo " PID file: ${mylockfile}" + echo " Log file: ${mylogfile}" + echo " Base key: ${mykeybase}" + echo + if test x"$mytclient" = x"-DSH_WITH_SERVER" + then + echo " Selected rc file: yulerc" + else + echo " Selected rc file: samhainrc.${selectconfig}" + fi + +fi + Index: /tags/2.5.0/depend.dep =================================================================== --- /tags/2.5.0/depend.dep (revision 189) +++ /tags/2.5.0/depend.dep (revision 189) @@ -0,0 +1,76 @@ + +# DO NOT DELETE THIS LINE +samhain.o: $(srcsrc)/samhain.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_files.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_getopt.h $(srcinc)/sh_readconf.h $(srcinc)/sh_hash.h $(srcinc)/sh_mail.h $(srcinc)/sh_tiger.h $(srcinc)/sh_gpg.h $(srcinc)/sh_mem.h $(srcinc)/sh_forward.h $(srcinc)/sh_tools.h $(srcinc)/sh_hash.h $(srcinc)/sh_extern.h $(srcinc)/sh_modules.h $(srcinc)/sh_ignore.h $(srcinc)/sh_prelink.h sh_MK.h $(srcinc)/sh_schedule.h +sh_unix.o: $(srcsrc)/sh_unix.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_hash.h $(srcinc)/sh_tools.h $(srcinc)/sh_tiger.h $(srcinc)/sh_prelink.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_prelude.h $(srcinc)/sh_ignore.h +sh_utils.o: $(srcsrc)/sh_utils.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_entropy.h $(srcinc)/sh_pthread.h +sh_error.o: $(srcsrc)/sh_error.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_database.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mail.h $(srcinc)/sh_forward.h $(srcinc)/sh_prelude.h $(srcinc)/sh_pthread.h $(srcinc)/sh_tools.h $(srcinc)/sh_extern.h +sh_files.o: $(srcsrc)/sh_files.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_tiger.h $(srcinc)/sh_hash.h $(srcinc)/sh_ignore.h $(srcinc)/zAVLTree.h +sh_getopt.o: $(srcsrc)/sh_getopt.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_getopt.h $(srcinc)/sh_files.h $(srcinc)/sh_utils.h $(srcinc)/sh_mail.h $(srcinc)/sh_forward.h $(srcinc)/sh_hash.h $(srcinc)/sh_extern.h +sh_readconf.o: $(srcsrc)/sh_readconf.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_database.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_files.h $(srcinc)/sh_mail.h $(srcinc)/sh_calls.h $(srcinc)/sh_tiger.h $(srcinc)/sh_forward.h $(srcinc)/sh_modules.h $(srcinc)/sh_gpg.h $(srcinc)/sh_hash.h $(srcinc)/sh_ignore.h $(srcinc)/sh_prelink.h $(srcinc)/sh_extern.h $(srcinc)/sh_database.h $(srcinc)/sh_prelude.h +sh_tiger0.o: $(srcsrc)/sh_tiger0.c Makefile config_xor.h $(srcinc)/sh_tiger.h $(srcinc)/sh_unix.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_pthread.h $(srcinc)/sh_string.h +sh_tiger1.o: $(srcsrc)/sh_tiger1.c Makefile config_xor.h +sh_tiger2.o: $(srcsrc)/sh_tiger2.c Makefile config_xor.h +sh_tiger1_64.o: $(srcsrc)/sh_tiger1_64.c Makefile config_xor.h +sh_tiger2_64.o: $(srcsrc)/sh_tiger2_64.c Makefile config_xor.h +sh_hash.o: $(srcsrc)/sh_hash.c Makefile config_xor.h $(srcinc)/sh_hash.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_gpg.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_ignore.h $(srcinc)/sh_pthread.h $(srcinc)/sh_forward.h $(srcinc)/sh_hash.h +sh_mail.o: $(srcsrc)/sh_mail.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mail.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_tools.h +sh_mem.o: $(srcsrc)/sh_mem.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_pthread.h +sh_entropy.o: $(srcsrc)/sh_entropy.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/CuTest.h +sh_forward.o: $(srcsrc)/sh_forward.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_forward.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_mail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h $(srcinc)/sh_readconf.h $(srcinc)/zAVLTree.h $(srcinc)/sh_extern.h +sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_kern.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_portcheck.h $(srcinc)/sh_logmon.h +sh_utmp.o: $(srcsrc)/sh_utmp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_utmp.h $(srcinc)/sh_pthread.h +sh_kern.o: $(srcsrc)/sh_kern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_kern.h sh_ks_xor.h $(srcinc)/sh_unix.h $(srcinc)/sh_hash.h +sh_suidchk.o: $(srcsrc)/sh_suidchk.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_hash.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_schedule.h $(srcinc)/sh_calls.h +sh_srp.o: $(srcsrc)/sh_srp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/sh_srp.h $(srcinc)/bignum.h +sh_fifo.o: $(srcsrc)/sh_fifo.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_unix.h +sh_tools.o: $(srcsrc)/sh_tools.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_error.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/rijndael-api-fst.h $(srcinc)/rijndael-api-fst.h +sh_html.o: $(srcsrc)/sh_html.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_forward.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_html.h $(srcinc)/zAVLTree.h +sh_gpg.o: $(srcsrc)/sh_gpg.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h +sh_cat.o: $(srcsrc)/sh_cat.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_cat.h +sh_calls.o: $(srcsrc)/sh_calls.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_calls.h +sh_extern.o: $(srcsrc)/sh_extern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_extern.h $(srcinc)/sh_calls.h $(srcinc)/sh_static.h +sh_database.o: $(srcsrc)/sh_database.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h +sh_err_log.o: $(srcsrc)/sh_err_log.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_tiger.h +sh_err_console.o: $(srcsrc)/sh_err_console.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h +sh_err_syslog.o: $(srcsrc)/sh_err_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h +sh_schedule.o: $(srcsrc)/sh_schedule.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_schedule.h +bignum.o: $(srcsrc)/bignum.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/bignum.h +mkhdr.o: $(srcsrc)/mkhdr.c Makefile config.h +samhain_setpwd.o: $(srcsrc)/samhain_setpwd.c Makefile config_xor.h +samhain_stealth.o: $(srcsrc)/samhain_stealth.c Makefile config_xor.h +encode.o: $(srcsrc)/encode.c Makefile +sstrip.o: $(srcsrc)/sstrip.c Makefile config.h +trustfile.o: $(srcsrc)/trustfile.c Makefile config_xor.h $(srcinc)/sh_calls.h $(srcinc)/slib.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h +exepack.o: $(srcsrc)/exepack.c Makefile config.h $(srcinc)/minilzo.h $(srcinc)/exepack.data +exepack_fill.o: $(srcsrc)/exepack_fill.c Makefile config.h config.h $(srcinc)/minilzo.h +exepack_mkdata.o: $(srcsrc)/exepack_mkdata.c Makefile config.h $(srcinc)/minilzo.h +minilzo.o: $(srcsrc)/minilzo.c Makefile $(srcinc)/minilzo.h +slib.o: $(srcsrc)/slib.c Makefile config_xor.h $(srcinc)/slib.h $(srcinc)/sh_calls.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/sh_string.h $(srcinc)/sh_mem.h +rijndael-alg-fst.o: $(srcsrc)/rijndael-alg-fst.c Makefile config_xor.h $(srcinc)/rijndael-alg-fst.h $(srcinc)/rijndael-boxes-fst.h +rijndael-api-fst.o: $(srcsrc)/rijndael-api-fst.c Makefile config_xor.h $(srcinc)/rijndael-alg-fst.h $(srcinc)/rijndael-api-fst.h +zAVLTree.o: $(srcsrc)/zAVLTree.c Makefile $(srcinc)/zAVLTree.h +sh_socket.o: $(srcsrc)/sh_socket.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_socket.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_calls.h $(srcinc)/sh_utils.h $(srcinc)/zAVLTree.h $(srcinc)/sh_html.h $(srcinc)/sh_tools.h +sh_ignore.o: $(srcsrc)/sh_ignore.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_error.h +yulectl.o: $(srcsrc)/yulectl.c Makefile config_xor.h +sh_mounts.o: $(srcsrc)/sh_mounts.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_mounts.h +sh_userfiles.o: $(srcsrc)/sh_userfiles.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_modules.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_utils.h $(srcinc)/sh_schedule.h $(srcinc)/sh_error.h $(srcinc)/sh_hash.h $(srcinc)/sh_files.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h +sh_prelude.o: $(srcsrc)/sh_prelude.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_error_min.h $(srcinc)/sh_prelude.h $(srcinc)/sh_static.h +sh_prelink.o: $(srcsrc)/sh_prelink.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_extern.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h +sh_static.o: $(srcsrc)/sh_static.c Makefile config_xor.h $(srcinc)/sh_pthread.h +sh_portcheck.o: $(srcsrc)/sh_portcheck.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_mem.h $(srcinc)/sh_calls.h $(srcinc)/sh_utils.h $(srcinc)/sh_modules.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/CuTest.h +sh_processcheck.o: $(srcsrc)/sh_processcheck.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_modules.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_extern.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/CuTest.h +sh_prelude_old.o: $(srcsrc)/sh_prelude_old.c Makefile config_xor.h $(srcinc)/slib.h $(srcinc)/sh_mem.h $(srcinc)/sh_cat.h $(srcinc)/sh_error_min.h $(srcinc)/sh_prelude.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h +sh_pthread.o: $(srcsrc)/sh_pthread.c Makefile config_xor.h $(srcinc)/sh_pthread.h $(srcinc)/sh_calls.h $(srcinc)/sh_modules.h +kern_head.o: $(srcsrc)/kern_head.c Makefile config.h $(srcinc)/kern_head.h $(srcinc)/kern_head.h +sh_string.o: $(srcsrc)/sh_string.c Makefile config_xor.h $(srcinc)/sh_string.h $(srcinc)/sh_mem.h $(srcinc)/CuTest.h +dnmalloc-1.0.beta5-rw.o: $(srcsrc)/dnmalloc-1.0.beta5-rw.c Makefile +t-test1.o: $(srcsrc)/t-test1.c Makefile config.h $(srcinc)/malloc.h +dnmalloc-portable.o: $(srcsrc)/dnmalloc-portable.c Makefile config.h +dnmalloc.o: $(srcsrc)/dnmalloc.c Makefile config.h +sh_port2proc.o: $(srcsrc)/sh_port2proc.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error_min.h $(srcinc)/sh_utils.h $(srcinc)/sh_pthread.h +sh_log_parse_syslog.o: $(srcsrc)/sh_log_parse_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h +sh_log_parse_pacct.o: $(srcsrc)/sh_log_parse_pacct.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h +sh_log_parse_apache.o: $(srcsrc)/sh_log_parse_apache.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h +sh_log_evalrule.o: $(srcsrc)/sh_log_evalrule.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/zAVLTree.h +sh_log_check.o: $(srcsrc)/sh_log_check.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/sh_modules.h +sh_log_parse_samba.o: $(srcsrc)/sh_log_parse_samba.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_string.h Index: /tags/2.5.0/depend.sum =================================================================== --- /tags/2.5.0/depend.sum (revision 189) +++ /tags/2.5.0/depend.sum (revision 189) @@ -0,0 +1,1 @@ +2389503463 Index: /tags/2.5.0/deploy.sh.in =================================================================== --- /tags/2.5.0/deploy.sh.in (revision 189) +++ /tags/2.5.0/deploy.sh.in (revision 189) @@ -0,0 +1,1078 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +#VERSION2.0 + +# ----------------------------------------------------------------------- +# Be Bourne compatible +# ----------------------------------------------------------------------- + +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi + +# ----------------------------------------------------------------------- +# Make sure we support functions (from the autoconf manual) +# ----------------------------------------------------------------------- + +SHELL="${SHELL-/bin/sh}" +if test x"$1" = "x--re-executed" +then + shift +elif "$SHELL" -c 'foo () { (exit 0); exit 0; }; foo' 2>/dev/null +then + : +else + for cmd in sh bash ash bsh ksh zsh sh5; do + X="$PATH:/bin:/usr/bin:/usr/afsws/bin:/usr/ucb"; + OLD_IFS=${IFS} + IFS=':'; export IFS + for dir in $X; do + shell="$dir/$cmd" + if (test -f "$shell" || test -f "$shell.exe") + then + if "$shell" -c 'foo () { (exit 0); exit 0; }; foo' 2>/dev/null + then + SHELL="$shell"; export SHELL + IFS=${OLD_IFS}; export IFS + exec "$shell" "$0" --re-executed ${1+"$@"} + fi + fi + done + IFS=${OLD_IFS}; export IFS + done + echo "-----------------------------------------------------------------" + echo "ERROR: Unable to locate a shell interpreter with function support" >&2 + echo "-----------------------------------------------------------------" + { (exit 1); exit 1; } +fi + +# ----------------------------------------------------------------------- +# Test for 'echo -n' +# ----------------------------------------------------------------------- + +case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in + *c*,* ) ECHO_N=-n ECHO_C= ;; + *) ECHO_N= ECHO_C='\c' ;; +esac + +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + + +######################################################################### +# +# Configuration section +# +######################################################################### + +# ----------------------------------------------------------------------- +# The following part will be cut and saved to ~/.deploy.conf +# ----------------------------------------------------------------------- + +#__BEGIN_CUT__ + +######################################################################### +# +# This file is sourced by a Bourne shell script. +# Thus you need to take care of proper shell syntax. +# +######################################################################### + +# if you need, you can expand your PATH environment variable here +# just uncomment and replace /opt/contrib/bin with whatever you need +# +# PATH="/opt/contrib/bin:${PATH}"; export PATH + +# the base directory of the deployment system +# CLI option: --basedir=... +# +defbasedir="@mydataroot@/profiles" + +# the name of the database of installed clients +# no CLI option +# +defdatabase="yulerc.install.db" + +# be quiet; 0 = false, 1 = true, 2 = very quiet +# CLI option: --quiet | --quiet=2 +# +silent=0; + +# assume yes as answer to all prompts and run non-interactively +# 0 = false, 1 = true +# CLI option: --yes +# +assumeyes=0; + +# which 'dialog' to use (e.g. "Xdialog") +# "no" for plain text; empty ("") lets the program search for dialog +# CLI option: --dialog=... +# +prefdialog="" + +# operating system; no default +# CLI option: --arch=... +# +arch="" + +# Format for binary packages (run | deb | rpm | tbz2 | solaris-pkg | depot) +# CLI option: --format=... +# +format="" + +# logfile; default is none +# CLI option: --logfile=... +# +logfile="" + +# The path to the yule (samhain server) executable. +# CLI option: --yule_exec=... +# +yule_exec="@sbindir@/yule" + +# The path to the yule (samhain server) configuration file. +# CLI option: --yule_conf=... +# +yule_conf="@sysconfdir@/yulerc" + +# The path to the data directory of yule (samhain server). +# This is the directory where client configuration/database files +# are stored. +# CLI option: --yule_data=... +# +yule_data="@mydataroot@" + +#__END_CUT__ + +# ----------------------------------------------------------------------- +# Write configuration file to user home directory/Read configuration file +# ----------------------------------------------------------------------- + +if test -f ~/.deploy.conf +then + . ~/.deploy.conf +else + # + # From the autoconf configure script - search ourselves + # + case $0 in + *[\\/]* ) as_myself=$0 ;; + *) old_IFS=$IFS; IFS=: + for as_dir in $PATH + do + IFS=$old_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done + ;; + esac + # We did not find ourselves, most probably we were run as `sh COMMAND' + # in which case we are not to be found in the path. + if test "x$as_myself" = x; then + as_myself=$0 + fi + if test ! -f "$as_myself"; then + { echo "ERROR: cannot find myself; rerun with an absolute path" >&2 + { (exit 1); exit 1; }; } + fi + cat "$as_myself" | sed -n -e '/^#__BEGIN_CUT__/,/^#__END_CUT__/ p ' >~/.deploy.conf && { + echo + echo "-----------------------------------------------------" + echo " Configuration file ~/.deploy.conf created" + echo " You may want to edit it to adapt it to your needs" + echo "-----------------------------------------------------" + echo + } +fi + +export silent +export assumeyes +export arch +export logfile +export format +export yule_exec +export yule_conf +export yule_data + +# dialog +# +DIALOG="${prefdialog}"; +export DIALOG + +# base directory +# +basedir="$defbasedir"; +export basedir + +# simulate only; 0 = false, 1 = true +# +simulate=0; +export simulate + +# version +# +version=2.0; +export version + +# host; no default +# +host= +export host + +# hostgroup; empty default +# +hostgroup= +export hostgroup + + +# action; no default +# +action= +export action + +# the 'log.lastrun' logfile +# +logOpen=0 +export logOpen + + +# source version; default = current +# +src_version="" +export src_version + +# checksrc; do you want to delete if PGP signature check fails ? +# +cs_delete=0 +export cs_delete + +# build; do you want to pack the executable ? +# +bd_packed='' +export bd_packed + +bd_user='root' +export bd_user + +# addpath +# +bd_addpath="" +export bd_addpath + +# Install; do you want to initialize the database ? +# +is_init=y +export is_init + +# Install; do you want to replace the rc.host file ? +# +is_rcfile=y +export is_rcfile + +# Install; do you want to start the client ? +# +is_startup=y +export is_startup + +# Install; optional local command ? +# +local_command=""; export local_command + +# Info on packages ? +# +showpkg=n +export showpkg + +######################################################################### +# +# Help Subroutines +# +######################################################################### + +# ----------------------------------------------------------------------- +# We cannot source these, because we don't know yet the base directory +# ----------------------------------------------------------------------- + +showUNINSTALL() { + echo "deploy.sh $version" + echo "USAGE: deploy.sh [options] uninstall" + echo + echo "Uninstall the samhain client from the specified host. Can only be" + echo "used if the client has been installed with deploy.sh version 2." + echo + echo "Options:" + echo + echo " --host= The host where you want to uninstall." + echo + { (exit 0); exit 0; } +} + +showINFO() { + echo "deploy.sh $version" + echo "USAGE: deploy.sh [options] info" + echo + echo "Show info for hosts in client database (default), or for available" + echo "binary installer packages." + echo + echo "Options:" + echo + echo " --packages Show info on packages." + echo + { (exit 0); exit 0; } +} + +showCLEAN() { + echo "deploy.sh $version" + echo "USAGE: deploy.sh [options] clean" + echo + echo "Remove all files that are no longer needed:" + echo " - Source tarballs in ${basedir}/source" + echo " - Unused installer packages in ${basedir}/archpkg" + echo + { (exit 0); exit 0; } +} + +showCHECKSRC() { + echo "deploy.sh $version" + echo "USAGE: deploy.sh [options] checksrc" + echo + echo "Check PGP signatures of source tarballs in the source/ subdirectory" + echo "of the deploy system." + echo "You must have gpg (GnuPG) in your PATH, and you should have imported" + echo "the samhain release PGP key (Key ID 0F571F6C, Rainer Wichmann)." + echo "To import the key, simply execute the command" + echo "\"gpg --keyserver blackhole.pca.dfn.de --recv-keys 0F571F6C\"" + echo + echo "Options:" + echo + echo " --delete Delete source tarballs if PGP signature" + echo " cannot be verified." + echo + { (exit 0); exit 0; } +} + +showDOWNLOAD() { + echo "deploy.sh $version" + echo "USAGE: deploy.sh [options] download" + echo + echo "Download a samhain source tarball from http://www.la-samhna.de," + echo "check its PGP signature, and install it into the source/ subdirectory" + echo "of the deploy system." + echo "You must have gpg (GnuPG) in your PATH, and you should have imported" + echo "the samhain release PGP key (Key ID 0F571F6C, Rainer Wichmann)." + echo "To import the key, simply execute the command" + echo "\"gpg --keyserver blackhole.pca.dfn.de --recv-keys 0F571F6C\"" + echo + echo "Options:" + echo + echo " --version= Version of samhain to download. The" + echo " default is \"current\" to download the current version." + echo + { (exit 0); exit 0; } +} + +showBUILD() { + echo "deploy.sh $version" + echo "USAGE: deploy.sh [options] build" + echo + echo "Copy a source tarball to a build machine, build a binary package, and fetch" + echo "the package. Will bail out if not running under ssh-agent. If you are sure" + echo "that you don't need ssh-agent, set the environment variable SSH_AGENT_PID" + echo "to some arbitrary string before launching the deploy.sh command." + echo + echo "Options:" + echo + echo " --host= The build host." + echo " --arch= The architecture/operating system to build for." + echo " This is used to get the \"./configure\" options from the file" + echo " \${basedir}/configs/\${arch}.configure." + echo " --version= The version of samhain you want to build." + echo " --format=" + echo " The format of the package. \"run\" is a portable tar" + echo " package, \"deb\" is for Debian, \"tbz2\" for Gentoo," + echo " \"rpm\" for any RPM-based Linux, \"solaris-pkg\"" + echo " for Sun Solaris, and \"depot\" for HP-UX" + echo " --packed= The client password, if you want to" + echo " create a packed executable. Defaults to empty (don't pack)" + echo " --user= Login as to the build host (root)." + echo " --add-path= Append 'path' to the PATH variable on the build host." + { (exit 0); exit 0; } +} + +showINSTALL() { + echo "deploy.sh $version" + echo "USAGE: deploy.sh [options] install" + echo + echo "Copy a pre-built binary installer package to a remote host, stop the client" + echo "running there (if any), install the (new) client, optionally initialize" + echo "the file signature database and fetch it from the remote host, update" + echo "the server configuration file and reload the server." + echo + echo "Options:" + echo + echo " --host= The host where you want to install." + echo " --group= Optional group the host belongs to." + echo " --arch= The architecture/operating system of this host." + echo " This is used to get the correct binary package." + echo " --version= The version of samhain you want to install." + echo " --format=" + echo " The format of the binary package." + echo " --yule_exec= The path to the 'yule' executable." + echo " --yule_conf= The path to the 'yule' configuration file." + echo " --yule_data= The path to the 'yule' data directory." + echo " --no-init Do not initialize the file signature database." + echo " --no-rcfile Do not replace the rc.host file on server." + echo " --no-start Do not start the client after installation." + echo " --local= Local command (executed twice: " + echo " after config installation and before client startup)." + { (exit 0); exit 0; } +} + +showUSAGE() { + echo "deploy.sh $version" + echo "USAGE: deploy.sh [options] command" + echo + echo "Commands: info | clean | download | checksrc | build | install | uninstall" + echo + echo "Options:" + echo " -h | --help Print general usage information." + echo " -h | --help Print usage information for \"command\"." + echo " --basedir= Set the basedir for the deployment system." + echo " The default is ${defbasedir}." + echo " -q | --quiet Produce output suitable for logging." + echo " You can also use -q=# to set the quiet level up to" + echo " a maximum of 2. Note that -q=2 implies --yes (see below)." + echo " -s | --simulate Perform a simulation of events that" + echo " would occur but do not actually change the system." + echo " -y | --yes Assume "yes" as answer to" + echo " all prompts and run non-interactively." + echo " -o | --logfile=" + echo " Specify an output file for messages that would go to stdout" + echo " otherwise. Has no effect on stderr (error messages)." + echo " -d | --dialog= Specify your preferred \"dialog\"" + echo " clone (e.g. Xdialog). Use \"no\" to force plain text." + if test x"$1" = x + then + { (exit 0); exit 0; } + else + { (exit $1); exit $1; } + fi +} + +######################################################################### +# +# Command line +# +######################################################################### + +for option +do + + # If the previous option needs an argument, assign it. + # + if test -n "$opt_prev"; then + eval "$opt_prev=\$option" + eval export "$opt_prev" + opt_prev= + continue + fi + + case "$option" in + -*=*) optarg=`echo "$option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) optarg= ;; + esac + + case "$option" in + + # Info + + --packages | -packages) + showpkg=y; export showpkg; + ;; + + # Install + + --yule_exec | -yule_exec | --yule-exec | -yule-exec) + opt_prev=yule_exec + ;; + + --yule_exec=* | -yule_exec=* | --yule-exec=* | -yule-exec=*) + yule_exec="$optarg"; export yule_exec + ;; + + --yule_conf | -yule_conf | --yule-conf | -yule-conf) + opt_prev=yule_conf + ;; + + --yule_conf=* | -yule_conf=* | --yule-conf=* | -yule-conf=*) + yule_conf="$optarg"; export yule_conf + ;; + + --yule_data | -yule_data | --yule-data | -yule-data) + opt_prev=yule_data + ;; + + --yule_data=* | -yule_data=* | --yule-data=* | -yule-data=*) + yule_data="$optarg"; export yule_data + ;; + + --no-init | -no-init) + is_init=n; export is_init + ;; + + --no-rcfile | -no-rcfile) + is_rcfile=n; export is_rcfile + ;; + + --no-start | -no-start) + is_startup=n; export is_startup + ;; + + --local | -local) + opt_prev=local_command + ;; + + --local=* | -local=*) + local_command="$optarg"; export local_command + ;; + + --group | -group) + opt_prev=hostgroup + ;; + + --group=* | -group=*) + hostgroup="$optarg"; export hostgroup + ;; + + # Build + + --format | -format) + opt_prev=format + ;; + + --format=* | -format=*) + format="$optarg"; export format + ;; + + --packed | --pack | -packed | -pack) + opt_prev=bd_packed + ;; + + --packed=* | -packed=*) + bd_packed="$optarg"; export bd_packed + ;; + + --user | -user) + opt_prev=bd_user + ;; + + --user=* | -user=*) + bd_user="$optarg"; export bd_user + ;; + + --add-path | -add-path | --addpath | -addpath) + opt_prev=bd_addpath + ;; + + --add-path=* | -add-path=* | --addpath=* | -addpath=*) + bd_addpath="$optarg"; export bd_addpath + ;; + + # Checksource + + --delete | -delete) + cs_delete=1; export cs_delete + ;; + + # Download + + --version | -version) + opt_prev=src_version + ;; + --version=* | -version=*) + src_version="$optarg"; export src_version + ;; + + # Generic + + --basedir | -basedir) + opt_prev=basedir + ;; + --basedir=* | -basedir=*) + basedir="$optarg"; export basedir + ;; + + --host | -host) + opt_prev=host + ;; + --host=* | -host=*) + host="$optarg"; export host + ;; + + --arch | -arch) + opt_prev=arch + ;; + --arch=* | -arch=*) + arch="$optarg"; export arch + ;; + + -o | --logfile | -logfile) + opt_prev=logfile + ;; + -o=* | --logfile=* | -logfile=*) + logfile="$optarg"; export logfile + ;; + + -h | --h | --help | -help | help) + if test $# -gt 1 + then + if test x"$2" = xdownload + then + showDOWNLOAD + elif test x"$2" = xinfo + then + showINFO + elif test x"$2" = xchecksrc + then + showCHECKSRC + elif test x"$2" = xclean + then + showCLEAN + elif test x"$2" = xbuild + then + showBUILD + elif test x"$2" = xinstall + then + showINSTALL + elif test x"$2" = xuninstall + then + showUNINSTALL + else + showUSAGE 1 + fi + fi + showUSAGE + ;; + + -q | --quiet | -quiet | --silent | -silent) + if test x"$silent" = x0 + then + silent=1; export silent + else + silent=2; export silent + fi + ;; + -q=* | --quiet=* | --silent=* | -silent=*) + silent="$optarg"; export silent + ;; + + -s | --simulate | -simulate | --dry-run | -dry-run | --recon | -recon | --just-print | -just-print | --no-act | -no-act) + simulate=1; export simulate + ;; + + -y | --yes | -yes) + assumeyes=1; export assumeyes + ;; + + -d | --dialog | -dialog) + opt_prev=DIALOG + ;; + -d=* | --dialog=* | -dialog=*) + DIALOG="$optarg"; export DIALOG + ;; + + -*) + showUSAGE 1 + ;; + + clean | download | checksrc | build | install | info | uninstall) + action="$option"; export action + break ;; + esac + +done + +######################################################################### +# +# Subroutines +# +######################################################################### + +# ----------------------------------------------------------------------- +# Printing/logging Subroutines +# ----------------------------------------------------------------------- +. ${basedir}/libexec/funcPRINT + +# ----------------------------------------------------------------------- +# Interaction Subroutines +# ----------------------------------------------------------------------- +. ${basedir}/libexec/funcDIALOG + +# ----------------------------------------------------------------------- +# Setup test Subroutines +# ----------------------------------------------------------------------- +. ${basedir}/libexec/funcSETUP + +# ----------------------------------------------------------------------- +# Subroutines for determining existence of / path to executables +# ----------------------------------------------------------------------- +. ${basedir}/libexec/funcEXE + +# ----------------------------------------------------------------------- +# Subroutines for building +# ----------------------------------------------------------------------- +. ${basedir}/libexec/funcBUILD + +# ----------------------------------------------------------------------- +# Subroutines for installing +# ----------------------------------------------------------------------- +. ${basedir}/libexec/funcINSTALL + +# ----------------------------------------------------------------------- +# Subroutines for client database +# ----------------------------------------------------------------------- +. ${basedir}/libexec/funcDB + +# ----------------------------------------------------------------------- +# Subroutine for the 'download' command +# ----------------------------------------------------------------------- +. ${basedir}/libexec/comDOWNLOAD + +# ----------------------------------------------------------------------- +# Subroutine for the 'checksrc' command +# ----------------------------------------------------------------------- +. ${basedir}/libexec/comCHECKSRC + +# ----------------------------------------------------------------------- +# Subroutine for the 'clean' command +# ----------------------------------------------------------------------- +. ${basedir}/libexec/comCLEAN + +# ----------------------------------------------------------------------- +# Subroutine for the 'build' command +# ----------------------------------------------------------------------- +. ${basedir}/libexec/comBUILD + +# ----------------------------------------------------------------------- +# Subroutine for the 'install' command +# ----------------------------------------------------------------------- +. ${basedir}/libexec/comINSTALL + +# ----------------------------------------------------------------------- +# Subroutine for the 'install' command +# ----------------------------------------------------------------------- +. ${basedir}/libexec/comUNINSTALL + + +######################################################################### +# +# Main +# +######################################################################### + +main_exit_status=0 + +tmpdir= + +# Find a dialog clone +# +findDIALOG + +# Check for basedir and tmpdir +# +testSETUP1 + +# Logfile setup +# +exec 5>${basedir}/tmp/logfile.lastrun +now=`date` +echo "$now: $0 " ${1+"$@"} >&5 +lastlog="${basedir}/tmp/logfile.lastrun"; export lastlog +logOpen=1 + +# Temporary directory/file setup +# +tmpD="$tmpdir/build.gui.$$" +mkdir "$tmpD" || printFATAL "Cannot create temporary directory $tmpD" +export tmpD +tmpF="$tmpD/tmpF.$$" +touch $tmpF || printFATAL "Cannot create temporary file $tmpF" +export tmpF +tmpERR="$tmpD/tmpERR.$$" +echo '0' > $tmpERR || printFATAL "Cannot create temporary file $tmpERR" +export tmpERR + +# Trap exit and cleanup +# +trap "exit_status=$?; rm -rf $tmpD; exit ${exit_status};" 0 +trap "(exit 1); exit 1;" 1 2 13 15 + +# Check for action to perform, and host, if required +# +testSETUP2 + +if test x"$action" = xdownload +then + if test x"$src_version" = x + then + src_version="current"; export src_version + fi + #--------------------------------------------------------------------- + # Vodoo code to tee both stdout and stderr, but keep them seperate. + #--------------------------------------------------------------------- + if test x"$DIALOG" = x + then + ((commandDOWNLOAD | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ + tee -a "$lastlog") 6>&1 1>&2 2>&6 + else + commandDOWNLOAD 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ + --title "deploy.sh $version DOWNLOAD logfile" \ + --backtitle "Logfile: $lastlog" \ + --tailbox "$lastlog" 19 75 + fi +elif test x"$action" = xinfo +then + if test x"${showpkg}" = xn + then + if test x"$DIALOG" = x + then + ((dbSHOWHOSTS "${host}" | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ + tee -a "$lastlog") 6>&1 1>&2 2>&6 + else + dbSHOWHOSTS "${host}" 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ + --title "deploy.sh $version INFO logfile" \ + --backtitle "Logfile: $lastlog" \ + --tailbox "$lastlog" 19 75 + fi + else + if test x"$DIALOG" = x + then + ((dbSHOWPKG show | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ + tee -a "$lastlog") 6>&1 1>&2 2>&6 + else + dbSHOWPKG show 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ + --title "deploy.sh $version INFO logfile" \ + --backtitle "Logfile: $lastlog" \ + --tailbox "$lastlog" 19 75 + fi + fi +elif test x"$action" = xchecksrc +then + if test x"$DIALOG" = x + then + ((commandCHECKSRC | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ + tee -a "$lastlog") 6>&1 1>&2 2>&6 + else + commandCHECKSRC 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ + --title "deploy.sh $version CHECKSRC logfile" \ + --backtitle "Logfile: $lastlog" \ + --tailbox "$lastlog" 19 75 + fi +elif test x"$action" = xclean +then + if test x"$DIALOG" = x + then + ((commandCLEAN | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ + tee -a "$lastlog") 6>&1 1>&2 2>&6 + else + commandCLEAN 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ + --title "deploy.sh $version CLEAN logfile" \ + --backtitle "Logfile: $lastlog" \ + --tailbox "$lastlog" 19 75 + fi +elif test x"$action" = xbuild +then + + #--------------------------------------------------------------------- + # Make sure we are running under ssh-agent. + #--------------------------------------------------------------------- + if test x"$SSH_AGENT_PID" = x + then + if test x"$assumeyes" = x1 + then + printFATAL "Not running under ssh-agent, and not running interactive: cannot continue." + else + promptYESNO "Not running under ssh-agent, continue anyway" "no" + test "x$YESNO" = xn && { (exit 0; ); exit 0; } + fi + fi + + #--------------------------------------------------------------------- + # Setup. + #--------------------------------------------------------------------- + selBVERSION + selBARCH + selBFORMAT + + if test x"$DIALOG" = x + then + ((commandBUILD | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ + tee -a "$lastlog") 6>&1 1>&2 2>&6 + else + commandBUILD 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ + --title "deploy.sh $version BUILD logfile" \ + --backtitle "Logfile: $lastlog" \ + --tailbox "$lastlog" 19 75 + fi + +elif test x"$action" = xinstall +then + + needEXE ssh scp ssh-agent + + #--------------------------------------------------------------------- + # Make sure we are running under ssh-agent. + #--------------------------------------------------------------------- + if test x"$SSH_AGENT_PID" = x + then + if test x"$assumeyes" = x1 + then + printFATAL "Not running under ssh-agent, and not running interactive: cannot continue." + else + promptYESNO "Not running under ssh-agent, continue anyway" "no" + test "x$YESNO" = xn && { (exit 0; ); exit 0; } + fi + fi + + #--------------------------------------------------------------------- + # Setup. + #--------------------------------------------------------------------- + is_root=`id -u 2>/dev/null` + if test "x$?" = x0 && test "x${is_root}" != x0 + then + promptYESNO "You are not root, continue anyway" "no" + test "x$YESNO" = xn && { (exit 0; ); exit 0; } + else + is_root=0 + fi + pathYULE + pathYDATA + selbinARCH + selbinVERSION + if test "x${is_init}" = xy + then + promptYESNO "Initialize database" "yes" + is_init=$YESNO + fi + if test "x${is_rcfile}" = xy + then + promptYESNO "Replace rc.host file on server" "yes" + is_rcfile=$YESNO + fi + if test "x${is_startup}" = xy + then + promptYESNO "Start client after installation" "yes" + is_startup=$YESNO + fi + if test -f "${yule_conf}" + then + : + else + promptINPUT "Please enter the path to the yule configuration file" + yule_conf="$INPUT"; export yule_conf + if test -f "${yule_conf}" + then + : + else + printFATAL "Cannot find ${yule_conf}" + fi + fi + + if test x"$DIALOG" = x + then + ((commandINSTALL | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ + tee -a "$lastlog") 6>&1 1>&2 2>&6 + else + commandINSTALL 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ + --title "deploy.sh $version INSTALL logfile" \ + --backtitle "Logfile: $lastlog" \ + --tailbox "$lastlog" 19 75 + fi + +elif test x"$action" = xuninstall +then + + needEXE ssh scp ssh-agent + + #--------------------------------------------------------------------- + # Make sure we are running under ssh-agent. + #--------------------------------------------------------------------- + if test x"$SSH_AGENT_PID" = x + then + if test x"$assumeyes" = x1 + then + printFATAL "Not running under ssh-agent, and not running interactive: cannot continue." + else + promptYESNO "Not running under ssh-agent, continue anyway" "no" + test "x$YESNO" = xn && { (exit 0; ); exit 0; } + fi + fi + + #--------------------------------------------------------------------- + # Setup. + #--------------------------------------------------------------------- + + dbINFO "$host" + + if test x"$?" = x0 + then + if test x"${DB_status}" = "xD2_installed" + then + : + else + if test x"${DB_status}" = "xD2_removed" + then + promptYESNO "Already uninstalled on host $host, continue" "no" + test "x$YESNO" = xn && { (exit 0; ); exit 0; } + else + printFATAL "No deploy version 2 installation on host $host: ${DB_status}" + fi + fi + else + printFATAL "Cannot uninstall on host $host" + fi + + if test x"$DIALOG" = x + then + ((commandUNINSTALL | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ + tee -a "$lastlog") 6>&1 1>&2 2>&6 + else + commandUNINSTALL 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ + --title "deploy.sh $version UNINSTALL logfile" \ + --backtitle "Logfile: $lastlog" \ + --tailbox "$lastlog" 19 75 + fi + +fi + +if test x"${main_exit_status}" = x0 +then + test -f "$tmpERR" && main_exit_status=`cat "$tmpERR" | tr -d '\n'` +fi + +(exit ${main_exit_status}); exit ${main_exit_status}; Index: /tags/2.5.0/docs/BUGS =================================================================== --- /tags/2.5.0/docs/BUGS (revision 189) +++ /tags/2.5.0/docs/BUGS (revision 189) @@ -0,0 +1,33 @@ + +MacOS X: +------- + +(1) Pointed out by David: static linking is not supported on MacOS X, + see http://developer.apple.com/qa/qa2001/qa1118.html + +Solaris: +------- + +(1) This was pointed out by rog [at] iis dot fhg dot de (Ingo Rogalsky): + "It isn't possible, to link samhain statically with Solaris. + This is a Solaris issue (see Sun Infodoc ID12624) and + not a samhain problem." + +Linux, maybe others: +------------------- + +(1) With gdm (the GNOME display manager), GNOME version 1.2, using the + file hiding kernel module (configure option --enable-khide) + at system boot may cause problems (keyboard locked up). + No problem observed with kdm (the KDE display manager). + + In case of problems, you may need to reboot into single-user mode and + edit the boot init script ... it should be noted that on the test + system, gdm sometimes locked up the keyboard on other occasions + (e.g. after a fsck). + +(2) With gcc 2.95.2 (and glibc 2.1.3), it is not possible to use + --with-database and --enable-debug at the same time (the code will + segfault). This is apparently a compiler bug, and it does not happen + with gcc 3.0. + Index: /tags/2.5.0/docs/Changelog =================================================================== --- /tags/2.5.0/docs/Changelog (revision 189) +++ /tags/2.5.0/docs/Changelog (revision 189) @@ -0,0 +1,1928 @@ +2.5.0: + * dnmalloc.c: fix inconsistent chunksize on 64bit systems + * fix improved error reporting for failed fstat in checksumming + * report process/user for open ports (Linux only currently) + * fix deadlock on exit in sh_hash_init() + * fix --enable-mounts-check for FreeBSD 7.0 (no MNT_NODEV anymore) + * log monitoring support + * fixed constness in trustfile interface + * remove libprelude 0.8 support (obsolete) + * sh_forward.c: increase TIME_OUT_DEF to 900 secs + * dnmalloc.c: initialize rc in dnmalloc_fork_child(), + reported by B. Podlipnik + +2.4.6a (09-10-2008): + * fix compile problem on Fedora 9 (reported by pierpaolo), + 'struct ucred' in sh_socket.c requires _GNU_SOURCE + +2.4.6 (27-08-2008): + * fix compile failure on win2k/cygwin (sh_unix_mlock prototype), + reported by jhamilton + * fix potential deadlock with dnmalloc upon fork() + * fix non-portable use of 'hostname -f' in regression test suite + (reported by Borut Podlipnik) + +2.4.5a (18-08-2008): + * fix compile problem in dnmalloc.c (remove prototypes for + memset/memcpy), problem reported by Juergen Daubert + +2.4.5 (07-08-2008): + * testscripts: 'chmod -R' -> 'chmod -f -R', since Solaris 10 + bails out on a chmod on a dangling link + * fix bug in check_samhain.pl nagios script (J.-S. Eon) + * use the UNO static checker + * compile as position independent executable (PIE) + * handle EINPROGRESS error (Windows/cygwin issue) + * make sure every function uses less than one page of stack + (proactive security against gap jumping, Gael Delalleau) + * use dnmalloc instead of system malloc + (proactive security against heap buffer overflows) + * fix dnmalloc bugs and portability problems + * check for compressBound, since older zlibs don't have it + +2.4.4 (30-04-2008): + * sh_database.c: fix maximum size of sql query string, maximum + size of strings in struct dbins_ + * sh_hash.c: fix maximum size of message string + * fix typo in the base64 decoder + * fix 'make cutest' for parallel compiling + * fix compile warnings with -Wstrict-prototypes + * sh_static.c: override getgrgid, getpwuid for libacl + * fix more warnings about variables clobbered by 'longjmp' + or 'vfork' (due to library internal handling of mutexes) + * fix configure warning about unused datarootdir + * configure.ac: warn, but accept nonexistent tmp dir + (Problem reported by Brian) + * sh_unix.c: undef P_ALL, P_PID, P_PGID before including + sys/wait.h (compile problem reported by Reputation) + * syslog function tested ok with Syslog Fuzzer v0.1 + by Jaime Blasco (c) 2008 + * slib.c: call fflush when writing trace to file + * sh_readconf.c: don't set OnlyStderr to false if gpg (problem + reported by Irene Reed) + * fix unconditional removal of pid file in atexit handler (bug + reported by Brian) + * fix invalid free() in sh_unix_checksum_size() + * sh_processcheck.c: workaround for stupid OpenBSD bug (returns + ENODEV instead of EAGAIN, because fgetc does + fcntl(0,F_SETFL,O_NONBLOCK) [ENODEV] internally), problem + reported by Roman R. + * fix buf that cause incomplete reporting of modified symlink if + symlink has changed and both old and new paths are >48 bytes + * fix bug that prevented mount check from running in one-shot mode + * enable mount check for openbsd + * fix processcheck default options and test script for openbsd + * option --list-file to list content of file (if saved) + * sh_tools.c: use strcasecmp in reverse lookup since DNS is case + insensitive (bug reported by Phil) + * fill content if MODI_TXT, zlib compress, base64 encode and add + as link_path in sh_unix.c; add to report in sh_hash.c + * testsuite: add test for gpg fingerprint option + * sh_extern.c: add 'CloseCommand' for syntactic sugar, + add in testsuite + +2.4.3a (12-02-2008): + * fix compile error caused by open() with O_CREAT and no third argument + (reported by J.-S. Eon) + +2.4.3 (31-01-2008): + * sh_kern.c: don't require asm/segment.h for kernel check module + * use global var with pid of initial thread instead of getpid(), + since LinuxThreads returns different value in each thread (problem + reported by Steffen Mueller) + * sh_kern.c: no inode check for pci rom (creates spurious messages) + * slib.c: eliminate prototype for vsnprintf (compile problem reported + by eddy_cs) + * Makefile.in: fix missing dependency on 'encode' for $(OBJECTS) + (reported by Matthias Ehrmann) + +2.4.2 (17-01-2008): + * fix broken option --with-checksum (reported by halosfan), + regression test added + * change HP-UX default optimization to +O2 since +O3 breaks + cutest unit testing framework + * put result vector of rng in skey struct + * fix more compiler warnings, and a potential (compiler-dependent) + NULL dereference in the unix entropy collector + * fix some compiler warnings + * use -D_FORTIFY_SOURCE=1 -fstack-protector-all instead + of -fstack-protector + * always add PTHREAD_CFLAGS to LDFLAGS + * sh_tiger0.c: checksum functions return length of file hashed, + needed to fix GrowingLogfile bug (researched by + siim at p6drad dash teel dot net) + * sh_static.c: fix more 'label at end of compound statement' + (SH_MUTEX_UNLOCK closing brace; reported anonymously) + * make sh_hash.c thread-safe + * remove plenty of tiny allocations + * improve sh_mem_dump + * modify port check to run as thread + * new option PortCheckSkip to skip ports + * fix unsetting of sh_thread_pause_flag (was too early) + +2.4.1a (28-11-2007): + * fix overwrite of ErrFlags (functionality bug) + +2.4.1 (26-11-2007): + * security fix: regression in the seeding routine for the PRNG + (detected by C. Mueller) + * regression test added for PRNG seeding routine + * fix problem with PCI ROM check (spurious messages about modified + timestamps, reported by S. Clormann) + +2.4.0a (08-11-2007): + * fix compile failure with --enable-static (reported by S. Clormann) + * fix potential deadlock if SIGHUP is received while suspended + +2.4.0 (01-11-2007): + * eliminate alarm() for I/O timeout (replaced by select) + * use getgrgid_r, getpwnam_r, getpwuid_r, gmtime_r, localtime_r, + rand_r, strtok_r if available + * protect readdir(), getpwent(), gethostname() with mutexes + (readdir_r considered harmful) + * make checksum/hash, entropy, rng functions reentrant + * use thread-specific conversion buffer for globber() + * fixed compile problems and problems with test suite + * modify login watch to run as thread + * modify process check to run as thread + +2.3.8 (03-10-2007): + * new option PortCheckIgnore = interface:portlist + +2.3.7 (13-09-2007): + * Makefile.in: fix 'make deb' target, wrong name of config file + written to debian/conffiles (reported by marc) + * configure.ac: fix incorrect order of with-prelude, enable-static + (libprelude test was always without -static) + +2.3.6 (06-09-2007): + * added yuleadmin.pl script contributed by Riccardo Murri + * fix compile error with -f-stack-protector on some systems (reported + by marc); we now check for libssp + * fix local DoS attack on BSD systems lacking getpeereid() (reported + by Rob Holland). + * fix yulectl password reading from $HOME/.yulectl_cred, erroneously + rejected passwords with exactly 14 chars (reported by Jerry Brown) + * introduce 'fflags' flag for suid files to detect new files already + found in regular file check (problem reported by J. Crutchfield); + also add regression test to ascertain that files in baseline + database are not quarantined erroneously + * sh_hash.c: replace check for prefix 'K' with check for not prefix'/' + to allow for arbitrary module-specific store/lookup in db + * replace 'visited', 'reported', 'allignore' with generic 'fflags' field + * sh_cat.c: reduce priority of MSG_TCP_RESET to avoid spamming if + port checking is used on same host as server (reported by kadafax) + * Install.sh: don't use --separate-output with non-checklist + widgets (problem discovered by D. Denton) + * sh_gpg.c, sh_userfiles.c: use sh_getpwnam et al. wrappers + +2.3.5 (20-06-2007): + * sh_portcheck.c: try to tear down connections more gracefully + (request by S. Petersen) + * fix incorrect handling of files with zero size in GrowingLogFiles + (problem reported by S. Petersen) + * fix incorrect encoding of null checksums in stealth mode + * sh_hash.c: fix repeated printing of acl/attributes in database dump + * sh_unix.c: fix option useaclcheck ignored if both useaclcheck and + useselinuxcheck are supported + +2.3.4 (01-05-2007): + * sh_processcheck.c: fix missing init of sh_prochk_res array before + check (leads to degrading functionality over time and 'fake pid' + warnings; reported by D. Ossenbrueggen and + soren dot petersen at musiker dot nu) + * sh_processcheck.c: fix memory leak + * sh_kern.c: for 2.6.21+ don't check proc_root_lookup (not possible + anymore? proc_root_inode.lookup != proc_root_lookup) + * sh_extern.c: flush streams before forking (problem if [Prelink] + used together with prelude logging, reported by M. deJong) + * fixed compilation of kern_head (regression cause by cross-compiling + fix; problem reported by S. Clormann) + * more typos fixed (reported by John Horne) + +2.3.3 (27-03-2007): + * fixed typos in configure.ac and manual (reported by John Horne) + * don't use mysql_options on x86_64, since libmysql is broken + * fixed cross-compiling (patch by Joe MacDonald) + * refactor sh_kern.c, sh_suidchk.c + * fix bug with leading slashes in linked path of symlinks within + the root directory + * sh_kern.c: check PCI ROM (Linux), refactor code + * move file descriptor closing more towards program startup + * kernel check: support OpenBSD 4.0 (wishlist) + * fix samhain_hide module (in-)compatibility with recent kernels + (reported by Jonny Halfmoon) + +2.3.2 (29-01-2007): + * fix regression in full stealth mode (incorrect comparison of + bytes read vs. maximum capacity), reported by B. Fleming + +2.3.1a (21-01-2007): + * fix incorrect use of sh_gpg_fill_startup if option --with-fp is used + (reported by zeroXten) + +2.3.1 (21-01-2007): + * fix bug that may cause accidental closure of yule TCP socket + (problem reported by B. Masuda) + * fix sh_kern.c for kernel 2.6.19 (reported by S. Clormann) + * don't use sstrip in 'make deb', since dh_shlibdeps uses objdump + (reported by B. Masuda) + * rm report.pl from rules.deb.in (reported by B. Masuda) + * samhainctl(): longer timeout (bad status reporting at startup, + reported by Phil and by Dan Track) + * sh_portcheck.c: make connect errors more descriptive + * sh_portcheck.c: fix ignored setting of PortCheckActive + * sh_processcheck.c: add statvfs, and wrap for EINTR + * sh_portcheck.c: add wrappers for EINTR + * report user and executable for hidden processes + * fix update failure if reportonlyonce = false (reported + by D. Strine) + * fix compile error in sh_portcheck.c (problem on cygwin + reported by J. D. Fiori) + * check filenames ending in space (also for utf8 spaces) + * check and escape csv formatted db listing + * cache results of sl_trustfile_euid() + * trustfile: use 4096 for MAXFILENAME, switch to strncpy + * CL option -v|--version for info on version and compiled-in options + +2.3.0a (01-11-2006): + * fix compile failure with portcheck + stealth (reported by lucas) + +2.3.0 (01-11-2006): + * fix concurrency for inserts in oracle db + * add acl_(new|old) to database schema + * check for selix attributes and/or posix acl + * new option UseSelinuxCheck (bool) + * new option UseAclCheck (bool) + * regression tests for above + * add module to check for open ports + * add module to check processes (hidden/fake/missing) + * use const char* for argument of module configuration callbacks + +2.2.6 (31-10-2006): + * fix missing support for MacOX X init script (reported + by Daniel Kowalewski) + * fix error about non-readable file with no checksum required + * fix server warning about 'no server name known' + * fix 'make deb' makefile target + * fix default export severity for server + +2.2.5 (05-10-2006): + * fix broken Install.sh, reported by Alexander Kraemer + * workaround for glob(3) sillyness on MacOS X (reported by David) + * fix for broken resorce fork check (reported by David) + * fix for broken compilation on cygwin (reported by Elias) + +2.2.4 (03-09-2006): + * add regression test for the GrowingLogFiles issue to test suite + * fixed sh_unix.c: bug in database init if GrowingLogFiles used + with signed database (reported by Timothy Stotts) + * bug in manual fixed (incorrect documentation of --enable-user, + noticed by M. Brown) + * rc.subr compatible init script for FreeBSD/NetBSD + * improve routine to find rpm after build + * add netbsd rc file from Brian Seklecki (taken from pkgsrc-wip) + * fix error in manual (location of lock file) + * fix bug with SuidExclude (files in directory were still checked) + +2.2.3 (31-07-2006): + * fix samhainadmin.pl: check for gpg-agent running if use-agent is set + (ticket #28 by anonymous) + * fix stealth mode (regression in parser), problem reported by + Joschi Kuphal + * fix minor typo in sh_database.c (compile problem reported by + Joschi Kuphal) + +2.2.2 (17-07-2006) + * minor fixes for regression test scripts + * minor updates to the manual (suggested by Brian A. Seklecki) + * fix sh_kern.c, kern_head.c: kernel rootkit detection for 2.6.17+ + (problem reported by Leonhard Maylein) + * fix samhain_hide.c for 2.6.17+: use module_param() if MODULE_PARM + is not defined + +2.2.1c (11-07-2006) + * fix sh_extern.c: sh_ext_add_default() cast to (void) was too early + (Solaris 8 build failure reported by Jesse) + * fix sh_unix.c: wrong prototype for sh_unix_mlock() + if HAVE_BROKEN_MLOCK (AIX 5.2 build failure reported by + Jonathan Kaufman) + +2.2.1b (20-06-2006): + * fix compile error on SuSE 10.1 (reported by Leonhard Maylein) + +2.2.1a (15-06-2006): + * fix compile error on i686/MacOS X (reported by Andreas Neth) + +2.2.1 (13-06-2006): + * fix gcc 4 warnings and build failure on x86_64 (debian bug #370808) + * fix compiling with Oracle (noticed by Colapinto Giovanni) + * fix configure.ac for most recent autoconf version + (debian bug #369503) + * fix a regression that would make impossible local updates w/clients + * fix a few missing '\n' in sh_getopt.c + * sh_kern.c: fall back on mmap() if read() fails on /dev/kmem + * fix Solaris package creation + * recognize Solaris doors and event ports + * fix the idmef_inode_t patch: provide required info to avoid stat() + * fix bug on database update: fill in dev and rdev fields + * fix get_file_infos() in sh_prelude.c: avoid premature return + * GCC_STACK_PROTECT_CC: AC_TRY_COMPILE -> AC_TRY_LINK + * deploy.sh: allow to set a group for hosts upon installation + * patch by Yoann: fix an issue when setting the idmef_inode_t object + * fix memory leaks in error paths in sh_prelude.c + * fix concurrent inserts with postgres in sh_database.c + * code cleanup + * fix manual version in spec file, first noticed by Imre Gergely + +2.2.0 (01-05-2006): + * patch by Jim Simmons for samhainadmin.pl.in + * fix testsuite portability problems + * fix md5 endianess problem detected on HP-UX 11i / PA-RISC 8700 + * fix potential NULL dereference in sh_utmp_endutent() + * patch by Neil Gorsuch for suidchk.c (do not scan lustre, afs, mmfs) + * fix sh_ext_popen (OpenBSD needs non-null argv[0] in execve) + * fix make_tests.sh portability (echo '"\n"' does not work on OpenBSD) + * fix bug in sh_utils_obscurename (check isascii) + * scan h_aliases for FQDN if h_name is not + * add copyright/license info to test scripts + * add copyright/license info to deployment system scripts + * support server-to-server relay + * new CL option --server-port + * minor improvements in manual + * patch by Yoann Vandoorselaere for sh_prelude.c + * allow --longopt arg as well as --longopt=arg + * verify checksum of growing log files (up to previous size) + * rewrite of the test suite + * added a bit of unit testing + * minor optimizations in various places + * optimized implementation of tiger checksum algorithm + * read in 64k blocks (faster than 4k) + * sh_unix.c, sh_hash.c: support file flags on *BSD, update Linux + file attribute code + * kern_head: fix compilation of kernel check module on OpenBSD + * updated samhainrc.linux, samhainrc.freebsd + * sh_unix.c: fix setrlimit (RLIMIT_NOFILE, ..) + * sh_files.c: fix missing use of flag_err_info + * sh_tiger0.c: remove repetitive use of mlock + * slib.c: remove fcntl's from sl_read_timeout (caller sets O_NONBLOCK), + add function sl_read_timeout_prep + +2.1.3 (13-03-2006): + * fix compile problem in slib.c (reported by Lawrence Bowie) + * fix bug with combination of one-shot update mode and file check + schedule (reportedby Dan Track) + * improved the windows howto according to suggestions by + Jorge Morgado + * fix samhain_hide kernel module for new linux kernel versions + * fix minor problem with dead client detection (problem reported + by Michal Kustosik) + +2.1.2 (10-01-2006): + * fix startup error with combination of gpg+prelude + +2.1.1a (22-12-2005): + * fixed a stupid bug in sh_files.c (break if file = dir) + +2.1.1 (21-12-2005): + * sh_calls.c: protect sh_calls_set_bind_addr against overriding + * comINSTALL, updateDB: use locking + * samhainadmin.pl: use locking + * fix typos in samhainrc.solaris (noticed by Robby Cauwerts) + * improve zAVLSearch (remove redundant strcmp) + * use AVL tree in sh_files.c instead of linked list (better scaling) + * fix bug with suidcheck (no update/check in one-shot mode with + schedule instead of check interval; noticed by R. Rati) + * fix for problem with '-t update -i' if daemon mode (problem report + by Peter van der Does) + * fix for bug in sh_util_ask_update (two returns were required ...) + +2.1.0 (31-10-2005): + * minor fix for cross-compiling with --with-kcheck + * sh_forward.c: handle bad fds in the select() fd sets + (reported by hmy) + * sh_extern.c: fix debugging code + * slib.c, sh_calls.c, sh_calls.h: improve handling of O_NOATIME + (reported by Gabor Kiss) + * makefile.in: fix for solaris package creation + * sh_mail.c, sh_readconf.c: mail filtering options + * sh_database.c: Oracle reconnect on connection failure + (bug report by Alexander A. Sobyanin) + * sh_unix.c: don't purge MYSQL_UNIX_PORT environment variable + (problem reported by Peter) + * sh_calls.c: fix for a HP-UX accept() problem caused by the gcc4 fix + * fixes for gcc 4.0.2 compiler warnings + * ability to use daemon mode together with update + (wishlist Yoan Vandoorselaere) + * fixes for debugging + +2.0.10a (22-08-2005): + * fix for overlapping directory check specification (reported by Bub) + +2.0.10 (21-08-2005): + * fix for segfault (free() on a constant string) with libprelude + (problem reported by Grae Noble) + * upgrade FreeBSD kernel check to 5.4, minor fixes + * useful script for users of Linux kernel check + (contributed by marc heisterkamp) + * documentation improvements (suggested by Brian Seklecki and Robby) + +2.0.9 (25-08-2005): + * samhain_erase.c: add #define for NULL + * sh_suidchk.c: fix incorrect use of escaped filename + * sh_prelude.[ch], sh_readconf.c: configurable mapping from + samhain severity to prelude severity + * sh_unix.h: second arg of gettimeofday should be NULL + * sh_files.c: fix checking of directory special file (use specified + policy, not that of parent dir, problem found by Brian A. Seklecki) + * sh_entropy.c: longer timeout for entropy collector + * sh_socket.c, sh_forward.c: allow probing of clients for + necessity of configuration reload + * yulectl: minor fixes, option -v (verbose), new command PROBE + * fix 'File not found' messages for files flagged with IgnoreMissing + * sh_database.c: strip newline from oracle error messages + * sh_files.c: fix rsrc fork issue with MacOS X Tiger + (reported by A. Koren) + * never compute checksum if not checked (problem report by D.Hughes) + * sh_prelude.c: cleanup and bugfix by Yoann + * sh_hash.c: for prelude, make sure mode is supplied with user/group + and vice versa + * sh_prelude.c: provide proper FileAccess objects (bug + report by Mihai Ilinca) + +2.0.8 (03-07-2005): + * configure.ac: use $LIBPRELUDE_PTHREAD_CFLAGS rather than + $LIBPRELUDE_CFLAGS (bugfix by Yoann) + * samhain.spec.in: remove support for chkconfig (it's too buggy). + Strangely, if invoked as install_initd it behaves sanely ... + * src/sh_err_log.c: fix key input (this time for real) + * fix --with-altlogserver (bug from 2.0.7b) + * remove server socket in start/stop script + +2.0.7e (not released): + * Makefile.in: introduce a total of 6 sec delay for 'make' utilities + that use 1 sec resolution, and consider target out-of-date if + timestamp(target) = timestamp(dependency) ... + * src/sh_err_log.c: fix key input + * another fix for yulectl (use pwent->pw_dir) + * dsys/comINSTALL, dsys/comUNINSTALL, dsys/comBUILD: fix PATH + +2.0.7d (not released): + * one more fix for the spec file (stupid rpm finds tags in comments!!!) + +2.0.7c (not released): + * test/testrun_1b.sh, test/testrun_2b.sh: use $GPG_PATH + * dsys/comINSTALL, dsys/funcDB, dsys/funcINSTALL: some bugfixes + * samhain-install.sh.in: fix test -z $verbose + * sh_hash.c: speedup database reading + * Makefile.in: fix the problem that BSD make would make too much + * deploy: yulerc.clients -> yulerc.install.db, provide + $defdatabase for backward compatibility + * deploy: allow for comma in client_install_date + +2.0.7b (not released): + * hp_ux.psf.in: fix psf file + * dsys/comINSTALL: fix $yule_date -> $yule_data + * Makefile.in: fix 'make depot' + * sh_tools.c, sh_unix.c: fix detection of open file limit + * sh_readconf.c: reset read_mode after reading conf file + * yulectl.c: better error messages, use homedir from getpwuid(geteuid) + * init/samhain.startLSB.in: fix misleading message in lsb init script + * sh_forward.c: better display for nonce u in debug mode + * sh_tiger*.c: fix checksum for HP-UX 64bit + * samhain.c: don't fetch database twice + * configure.ac: accept nodename for --with-logserver=... + * samhain_setpwd.c: return proper exit status for samhain_setpwd + * respond to SIGTERM on initializing + * fix problems with samhainadmin.pl + * sh_utils.c: fix bug with AddOKChars (found by Karol) + +2.0.7a (not released): + * remove 'df' from entropy gatherer (NFS may hang) + * modify va_copy check (doesn't work with HP-UX PA64 compiler) + * fix compile warnings in sh_database.c + * samhain-install.sh.in: check for /usr/bin/false in /etc/shells + * fix install-boot on HP-UX + * aclocal.m4: fix configure CL parsing to recognize VAR=VALUE + +2.0.7 (11-06-2005): + * yet another fix for the spec file (use internal dependency generator) + * sh_error.c, sh_prelude.c: init libprelude after open fds are closed + * error message if queue is full + * fix two compiler warnings on HP-UX + * fix sh_mail.c for Interix (no resolver routines) + * fix sh_unix_initgroups2() if no initgroups() function (bug reported + by Geries Handal) + * remove references to 'struct timezone' (Interix; problem + reported by Geries Handal) + * init/stop for prelude on SIGHUP + * sh_cat.h: fix a stupid bug with messages classes + * manual: new section on nagios (with help from kiarna), + more on prelude + * sh_prelude.c: cleanup and improvements (Yoann Vandorselaere) + * default prelude profile name now is 'samhain' (lowercase) + * sh_readconf.c: new option PreludeProfile (by Yoann Vandorselaere) + * remove obsolete check for linux/module.h, linux/unistd.h + * remove dependency on virtual/glibc in gentoo ebuild + (problem reported by Willis Sarka) + +2.0.6 (01-03-2005): + * sh_prelude.c, configure.ac, aclocal.m4: support for + libprelude 0.9 (Yoann Vandoorselaere) + * sh_html.c: fix bug with entry.html template (reported by + Stephane Sanchez) + * Install.sh: fix mandir option (reported by Rodney Smith) + * Fixed Linux/64bit bug in definition of EUIDSLOT + * New targets 'make depot', 'make depot-light' (HP-UX, untested) + * Use sstrip for RPMs and DEBs (automatic stripping disabled) + * Fix aclocal.m4 for autoconf 2.59 (missing $ac_cr_alnum et al., + problem noticed by Yoann Vandoorselaere) + * Modify samhain.spec.in to disable automatic stripping upon install + * Fix deploy.sh + '--enable-gpg', and fix 'make rpm' and 'make deb' + for '--with-khide' (problems reported by Mark) + * Fix compile error in sh_tools.c on HP-UX 10.20 + (problem reported by Dennis Boylan) + * Runtime configuration of server listening port (wishlist) + * Runtime configuration of server listening interface (wishlist) + * Ignore SIGTTIN (consistency) + * Use SIGTTOU to force file check (wishlist) + +2.0.5b (01-04-2005): + * Fix build problem b/o timestamp on stamp file + +2.0.5a (16-03-2005): + * Fix problem with 'make rpm' (reported by Dirk Brümmer) + +2.0.5 (02-03-2005): + * Fix bug with partial reads from clients in server + (bug report by Brian) + * Support gpg checksum bootstrap with yule + * Support mount option check on HP-UX + * For MAIL FROM, use 'example.com' as domain part if + hostname is numeric (problem reported by Eric Raymond) + * The HOWTO-write-modules has been updated. + * Convenience functions to insert data in database have been + added. + * Use int0x03 only on i386 in sh_derr() (portability problem + reported by John Mandeville) + +2.0.4 (09-02-2005): + * Fixed broken 'make deb' (problem report by olfi) + * Fixed minor bug in test scripts (detection of gmake vs. make) + * Fixed Tru64/OSF compile warnings (reported by B. Terp) + * Normalize list parsing to allow comma, space, and tab as separators + * Some more descriptive error messages in kern_head.c + * Absolute path to utilities in init/samhain.startLinux.in + * Fixed is_root variable in deploy.sh + * Fixed 'deploy.sh info' + * Fixed 'deploy.sh install' client startup + * Fixed 'make tbz': don't remove ebuild scripts in 'make dist' + (issue reported by W. Sarky) + +2.0.3 (14-12-2004): + * Fix CPPFLAGS with mysql/postgresql (repoted by P. Smith) + * Fix missing sys/time.h include in slib.c (reported by Jonas) + * Workaround for file closing problem with Prelude+GPG + * Fixed memory leak with Prelude. + * Fixed bug in samhain_stealth (PGP signature not correctly + retrieved from hidden configuration; report and patch by V. Tuska) + * Added Perl script to concatenate file signature database files + * Fix compile error with combination of --enable-nocl and + --enable-stealth (reported by Zdenek Polach) + * Fix bug in dsys/initscript with --enable-nocl + * Fix declaration of sh_kern_timer() + * Fix missing Mounts+Userfiles options in appendix of manual + * Updated the README (bug report by H. Franzke) + * Fix some compiler warnings + +2.0.2a (09-11-2004): + * Fixed OoM condition when client rc file not found (reported by Eilko) + +2.0.2 (08-11-2004): + * Fixed buffer overflow in sh_hash_compdata() (only in 'update' code) + * Fixed uninitialized variable in sh_mail_msg() (problem reported + by Michael Milvich) + * Fixed potential NULL pointer dereference in sh_hash_compdata() + +2.0.1 (01-11-2004): + * Fixed compilation bug reported by jue (--with-kcheck broken). + * Fixed start option (bug reported by sanek). Behaviour wrt. + environment variables depended on the way the daemon was started. + +2.0.0 (31-10-2004): + * The deployment system has been rewritten from scratch in + a cleaner and more modular and extensible way. Deployment + of native packages is supported now. + * The build system has been revised. Building outside the source + directory is supported now. + * Support for checksumming of prelinked executables / libraries + has been added. + * The configure script now checks for the SSP/ProPolice patch in GCC, + and enables it if present. + * The install-boot option in samhain-install.sh has been fixed + (use absolute paths for sbin utilities). + * A nagios plugin (scripts/check_samhain.pl) has been added. + * The LSB (Linux Standard Base) init script has been fixed (the output + was incorrect). + * Fetching of built binary packages has been + fixed ($(PACKAGE)->@install_name@). + * For files in proc, the timeout has been reduced, and no error + messages are issued upon timeout. + * A function has been added to print out full details for missing + files if encountered while in sh_files(). + * The reporting for SuidCheck has been fixed (incorrect policy + noticed by JiM). + * On Linux, SuidCheck does not report on files marked as candidates + for mandatory locking (group-id bit set, group-execute bit cleared). + * Fix for oracle init script (by Matt Warner) + +1.8.12b (11-10-2004): + * fix bug in MSG_MSTAMP (%ld -> %lu) + * fix bugs in sh_suidchk.c (%ld -> %lu), check fopen for NULL, + mkdir mode for quarantine directory + * fix the fix for modlist_lock search in System.map + +1.8.12a (01-10-2004): + * fix bug in samhain-install.sh.in (only occurs on Solaris), reported + by J. Roland + +1.8.12 (27-09-2004): + * fix compile bug with --enable-static + --with-database=postgresql + * fix search for modlist_lock in System.map + * password auth for yule command socket (request by D. Kocic) + * more info about pending/sent commands to clients + +1.8.11 (30-08-2004): + * fix static linking on Linux by use of replacement routines from + uClib - however, this means, there is no NIS support anymore + * new option AddOKChars=... to modify the set of characters for + filenames considered 'obscure' + * new option HardlinkOffset=... to specify an offset from the canonical + hardlink count for a directory + * fix some warning with HP 11.23 native compiler + * fix minor OpenBSD portability problems (EIDRM, compiler warning) + * samhainrc.5, samhain.8: updated the man pages + * sh_unix.c, sh_files.c: ignore 'no user/group' and 'obscure name' + for AllIgnore + * sh_kern.c: fix 'update' to display modifications + * sh_kern.c: fix bug with IDT check (spurious alerts b/o uninitialized + fields) + * stealth kernel modules: fix for linux 2.6, fix + redefine of KERNEL_VERSION + * warn about stealth kernel module problem with 2.6 in manual + * sh_unix.c: remove some cruft + * fix a typo in the manual (noticed by J. Rubin) + * configure.ac: re-order output from libprelude-config (required + for static linking - problem reported by E. Neber) + * kern_head.h, kern_head.c: fixes for Linux 2.6 kernel + +1.8.10b (13-07-2004): + * fix incorrect usage of 'retry_msleep()' in sh_kern.c (reported + by Pat Smith) + +1.8.10a (13-07-2004): + * depend-gen.c: fix for FreeBSD 'make' which does not understand + the dependencies ... (problem reported by David Thiel) + +1.8.10 (13-07-2004): + * sh_unix.c/sh_unix.h: fix defaults for 'GrowingLogFiles' policy + (bug report by VZoubkov) + * fix some warnings (unreachable statement) with HP-UX native compiler + * kern_check.c: silence warning about 'sendfile' for 4.10 + (noticed by Ryan Beasley) + * modify depend-gen.c to ignore sh_gpg_chksum.h + * add a non-plaintext version of GPG_HASH (sh_gpg_chksum.h) + * .. and for fingerprint + * sh_suidchk.c: fix some compiler warnings on solaris + * allow commas to separate multiple entries in a RedefXXX= directive + * replace sleep/usleep with nanosleep wrapper function + * replace alarm() for read timeout with select() in sl_read_timeout + (should fix bug reported by Scott Kelley) + * increase lstat/open timeout to 6 sec + +1.8.9 (16-06-2004): + * made 'no action specified' error message more informative + (suggested by Stephen Gill) + * fix memory leak in mysql sh_database_query() (bug report by Dejan) + * remove some cruft from the code + * sh_files.c: check MacOS X resource forks (idea from Osiris) + * sh_files.c: no hardlink check for MacOS X + * sh_util_ask_update: fix bug with no terminal in non-interactive mode + (report and debug data by Kris Dom) + * manual refactored + * fix redundant messages when updating with suidcheck + * allow interactive update for suid files + * don't remove the TZ environment variable to guard against + misconfigured hosts + * also use gethostname if uname returns possibly truncated name + * fix improper file descriptor handling in sh_mail.c (bug report + by Alex Weiss) + * cleanup MBLK cruft + * use SH_ALLOC/SH_FREE in sh_prelude.c + * update sstrip to Version 2.0 + +1.8.8 (25-05-2004): + * fix compilation problem on AIX 5.2 (nameser_compat.h; report by + Tim Evans and Ian McCulloch) + * don't check for trusted paths on Cygwin + * add Windows HOWTO written by Kris Dom + * kern_check.h: extend FreeBSD syscall table for 5.x + +1.8.7a (03-05-2004): + * sh_mail.c: fix subject length + * sh_mail.c: fix the sh.mailNum.alarm_last fix (report by Kris Dom) + * sh_utils.c: sh_util_ask_update(): fix ISO C conformance bug + (compile problem reported by Kris Dom) + +1.8.7 (01-05-2004): + * sh_mail.c: fix incorrect count of sh.mailNum.alarm_last, causing + empty mails (introduced with segfault fix in 1.8.6, report + by Kris Dom) + * sh_utils.c: sh_util_ask_update(): check whether stdin is a terminal, + try to reopen on controlling terminal if not + * sh_utmp.c: fix order of options (problem report by Uri) + * sh_files.c: sh_files_chk(): set tmp = NULL at end of loop + (may cause segfault on null dereference for missing files) + * sh_unix.c: patch by Marc Schütz (order of sh_unix_getinfo_type, + sh_unix_getinfo_attr) + * don't use dh_installmanpages in 'make deb' (samhain/yule conflict + reported by xavier) + * on HP-UX, define _XOPEN_SOURCE_EXTENDED in sh_mail.c and sh_tools.c + (suggested by Kris) + * include nameser_compat.h in sh_mail.c (for MacOS X, + suggestion by jna) + * sh_utmp.c: fix time for logout events (reported by Erich + van der Velde) + +1.8.6 (15-04-2004): + * add CL option to set threshold for prelude and RDBMS + * sh_mail.c: fix bug with MailSubject option (segfault on NULL pointer + dereference; reported by Micha Silver) + * fix compiling with --disable-encrypt (reported by Pat Smith) + * fix minor problem in scheduler (don't return before all schedules + are tested, to set last_exec correctly) + +1.8.5 (05-04-2004): + * fix bugs in sh_utmp.c (unlinking of list head); may fix an OpenBSD + problem (endless loop; report and debugging aid by Joe MacDonald) + * fix hardlink check (null dereference in error message, segfaults + on solaris - noticed by Bob Bloom) + * sh_suidcheck: don't truncate quarantined file if nlink > 1 + * fix Install.sh (no --seperate-output with --radiolist); patch by + Greg Kimberly + +1.8.4 (17-03-2004): + * add Prelude patch by Patrice Bourgin + * add license statement to sh_mounts.c, sh_userfiles.c after + receiving a clarifying e-mail from Cian Synnott + * support UsePersistent = no for Oracle (problem spotted and fix + tested by Michael Somers) + * fix bug in samhainadmin.pl + * sh_gpg.c: describe type of gpg error (if any) + * fix persistent connections with postgresql (reported by + Erwin Van de Velde) + * prelude: local 'meaning' shadows global in sh_prelude_alert + (spotted by David Maciejak) + * uname: workaround for cases where nodename would be a possibly + truncated FQDN (problem reported by Cian Synnott) + * re-write parts of sh_kern.c, store kernel info in baseline database + -> no need to recompile after kernel upgrade + * modify timeouts in sh_unix_getinfo, add timeout warning + * change handling of dangling symlinks (store in db) + * fix typo with MSG_FI_OBSC2 (double slash) + * remove redundant operation in sh_utils_safe_name + * fix occasional random start bytes of long messages in + sh_error_string (sl_strlcat -> sl_strlcpy) + * provide details for missing files (as for added files) + * remove duplicate message for no such group/user + * add fixes for samhain.oracle.init (supplied by Michael Somers) + * fix date insertion for Oracle (fix by Michael Somers) + * manual: fix incorrect statement about RPM (noticed by + Lars Kellogg-Stedman) + +1.8.3 (02-02-2004): + * add a HOWTO-client+server-troubleshooting document + * fix another bug with SIGUSR2 (suspend mode) + * new option SetBindAddress (--bind-address=...) to force + interface for outgoing connections on multi-interface box + * don't link against libgmp if not required (i.e. standalone) + * test for ext2fs/ext2_fs.h or linux/ext2_fs.h + * new make targets 'emerge' and 'tbz2' for gentoo + * update rules.deb.in based on the Debian package + by Javier Fernandez-Sanguino + * updated config.guess, config.sub to version 2002-09-05 + * external command: report failure only once + * console: reset failure status after success + * README.UPGRADE: explain 1.7.x <-> 1.8.x client/server compatibility + * use persistent connection to database by default + * option UsePersistent=no to switch off persistent connection + +1.8.2 (19-01-2004): + * sh_userfiles.c: new option UserfilesCheckUids (requested) + * sh_error.c: server: don't log to logfile before dropping root + * new script scripts/samhainadmin.pl (administrative tasks for + signed config/database files) + * add changes code to log_msg for reports on modified files + * change default log threshold to 'mark', as 'none' tends + to confuse new users + * faster response time for SIGUSR2 + * revised (mostly backward-compatible) message classes + * fix missing check of mailTime in server select loop + * add support for libprelude (version 0.8.10) + * fix format for MSG_E_GRNULL (reported by Stefan Hudson) + * fix Bourne shell incompatibility (export) in samhain-install.sh + (first reported by David Thiel) + * fix typo in spec file (first reported by Christian Vanguers) + * remove some cruft (signal handler, memory handling) + * return from sigterm handler, rather than exit directly + (re-entrancy problem causes more problems than it's worth) + +1.8.1 (03-12-2003): + * fix gmp detection (problem pointed out by Nix) + * fix/improve the error message if test compiling with mysql fails + * new CL option --interactive for interactive db update + * fix some compiler warnings from IRIX MIPS compiler + * kern_head.h, kern_head.c: option to disable IDT check + * kern_head.h, kern_head.c: update kernel syscall table (2.4.20,2.6) + * sh_utmp.c: count number of logins (request by Erwin Van De Velde) + * change username -> userid, remove (long) userid (bug noticed + by Erwin Van De Velde) + * emit ADDED message for new SUID/SGID files + * add trailing slash to excluded directory if there is none + +1.8.0a (04-11-2003): + * sh_error.c: remove two debug printf's + +1.8.0 (31-10-2003): + * manual: make ps file fit on both a4 and letter paper + * sh_socket.c, sh_socket.h, sh_forward.c: socket interface + to send (quit/reload) commands to clients + * sh_forward.c, configure.ac: enable build with libwrap + (Wietse Venema's TCP Wrappers library) + * sh_ignore.c, sh_ignore.h, sh_files.c, sh_hash.c, sh_readconf.c: + new option to suppress messages for new and/or deleted files + * samhainrc.aix5.2.0: contributed by Christoph Kiefer + * samhain.c: fix compile warning on solaris (noticed by Ian Hunt) + * sh_database.c: undef debug code for oracle + * samhain.oracle.init: contributed by Joern Michael Krueger + * configure.ac, sh_utils.ac, Makefile.in, sh_modules.c, + sh_cat.c, sh_cat.h, sh_mounts.c/h, sh_userfiles.c/h: + check-mounts and userfiles modules contributed by eircom.net + * sh_utils.c: fix off-by-one bug in sh_util_compress() + * sh_forward.c, sh_tools.c, configure.ac: + version 2 client/server protocol + * sh_mail.c: add %S to include severity in subject (user request) + * sh_suidchk.c, 1093: fix warning about unused var 'flags' on FreeBSD + * samhain.h, sh_unix.h, sh_unix.c: extern inline -> static inline + for --enable-ptrace + * samhain.c: lower priority for 'uninitialized module' message + * sh_entropy.c: lower priority for message if /dev/random blocks and + /dev/urandom is available + * improved error messages in sh_readconf.c + * print system error message for getpwuid, getgrgid + * fix missing module init after SIGHUP (noticed by Cian Synnott) + +1.7.12 (13-10-2003): + * sh_mail.c: fix buffer overflow in mail handler (introduced in 1.7.10) + thanks to bug reports by Jason Martin and Matthew P. Cox + +1.7.11 (01-09-2003): + * samhain.c, samhain.h, sh_unix.c, sh_forward.c, sh_html.h: + - change SIG_USR1 to switch between dbg on/off + - change SIG_USR2 to switch between suspend on/off + - fix CLT_ILLEGAL to actually work + - introduce new state CLT_SUSPEND + - force reauthentication after suspend + * slib.c: change MAXFD from FOPEN_MAX (16) -> 1024 + * sh_suidchk.c: better AIX fs detection (Christoph) + * sh_entropy.c: increase buffer size for unix entropy gatherer + (problem reported by D. Danielson) + * default config files: add lots of comments, list more options + * sh_error.c: set default severities to 'crit' + * sh_readconf.c, sh_cat.c, sh_cat.h: stricter check on config + file syntax, issue warnings (triggered by C. Kiefer) + * Makefile.in: handle depend-gen errors more gracefully + * sh_err_console.c: fix bug in enable_msgq (reported by F. Behrens) + * configure.ac: workaround for mysql_config weird output + (reported by G. Faron) + * sh_unix.c, sh_tiger0.c: check IO limit during read of large files + * depend-gen.c: close streams before attempting to rename (Cygwin) + * Makefile.in: fail gracefully if depend-gen fails + * sh_database.c: sh_database_query(postgresql): fixed missing SL_ENTER + +1.7.10 (27-07-2003): + * FreeBSD init script: define $pidfile (reported by D. Thiel) + * sh_unix.c, sh_unix.h: fix compile error on AIX 4.2 + * sh_schedule.c: fix bad array size + * samhain.c: fix pid_t <> int casts + * sh_kern.c: fix repetitive messages + * configure.ac: try to bootstrap if TIGER192 not supported by gpg, + provide a detailed error message + * configure.ac: try harder to locate mysql + * docs/Changelog: retroactively add release dates, if known + * sh_mail.c: fix potential message truncation in mailer + * sh_unix.c, samhain.c, samhain.h: make --enable-ptrace more portable + * sh_readconf.c: fix segfault (dereference of uninitialized pointer) + if --with-gpg and --enable-stealth are used together (reported + by Anthony Caetano) + * sh_unix.c, samhain.c, sh_calls.c: fix problems with descriptive + error messages (larger GLOB_LEN, stat fills aud_err_message) + +1.7.9 (30-06-2003): + * sh_err_log.c: fix segfault on SIGABRT (dereference of freed memory), + problems with SIGABRT noticed by Brian and Alf B Lervåg + * deploy.sh.in: fix some bugs (found by Alf B Lervåg) + * scripts/chroot.sh: fix typo (found by Alf B Lervåg) + * configure.ac (khide): search also for 'd sys_call_table' (noted by + cuek_saja) + * strip whitespace before checking gpg checksum (noted by D. Thiel) + * manual (faq section): explain how to stop console output + * Makefile.in: fix re-naming of yule with --enable-install-name + * HOWTO-client+server.html: fix typo (noted by xavier renaut) + * configure.ac: escape '-' in awk regex (required by GNU awk 3.1.1) + +1.7.8 (28-05-2003): + * sh_unix.c: new mlock implementation with reference count + and page alignment (fix for solaris problem) + * kern_head.c: search also for 'xxxxxxxx d sys_call_table' + * sh_html.c: write status comment (for Beltane 2) + * add CL option --delimited for comma-delimited signature database dump + * sh_mail.c: check exit status of push_list to fix counting bug + (bug reported by Alan Moore) + * configure.ac: add error message to --with-libs + * fix spelling of $DAEMON in init script (noted by C. Grigoriu) + * fix missing initgroups() + +1.7.7 (06-05-2003): + * sh_forward.c: fix bug if compiled with --enable-udp, but disabled + in config file (found by Andy OBrien) + * sh_database.c: sh_database_entry(): size -> c_size (two places) + to fix writing of '\0' to arbitrary places :( + (problem pointed out by Stefan Giesen) + * profiles/*/configopts: fix --with-base -> --enable-base + +1.7.6 (24-04-2003): + * sh_forward.c, entry.html, head.html: fix/additions by Stefan Giesen + * fix samhain_hide for the O(1) scheduler used by RedHat: + configure.ac, acconfig.h: check for next_task in struct task_struct + samhain_hide.c: use find_task_by_pid if no next_task in task_struct + * samhain_erase.c: add MODULE_LICENSE("GPL") to fix warning + +1.7.5 (15-04-2003): + * sh_cat.c, sh_forward.c, sh_hash.c: fix double 'msg' tag + * manual: point out the bmaxdata problem on AIX in faq section + * trustfile.c: don't check symlinks (permissions of directory count) + * sh_schedule.c: fix problem with daylight saving switchover + * sh_samhain.c: close all open fd's >2 before reading the conf file + * sh_unix.c: fix dereferenced NULL pointer when exiting on non-existing + user + * sh_forward.c: fix dereferenced NULL pointer when exiting on udp error + * sh_forward.c: place timestamp code before select() timeout handler + * fix incorrect class of timestamp messages (conflict with manual) + * sh_readconf.c, sh_forward.c: new config option SetStripDomain + * configure.ac: add warning if /lib/modules/`uname -r`/build/include + not found + * samhain_hide.c: adapt for RedHat 2.4 kernel (fetch sys_call_table + address from System.map) + * sh_err_syslog.c: fix for Solaris + * samhain.spec.in: strip REQ_FROM_SERVER from config file install path + +1.7.4 (21-03-2003): + * configure.ac: fix bug in defargs (--with-base > --enable-base) + * aclocal.ac: detect unsupported options + * kern_check: add syscalls, skip unused syscalls + * fix Manual (--enable.../--with... inconsistency) + * add two HOWTOs (signed files, server/client) + * moved manual into new subdirectory docs/ + * add admin scripts by S.Bailey/M.Redinger + * option to have a version string in db file + +1.7.3 (23-02-2003): + * samhain-install.sh: use yule user key for signing on install + * fix a bug in sh_err_console.c (attempted write to const char) + * sh_gpg.c: if server, always use ~unprivileged_user/.gnupg + * Makefile.in: make target 'trustfile' depend on config.h + * configure.ac: don't use install_name before it is defined ... + * sh_tiger0.c: fix bug in checksum computation introduced in 1.7.2 + * samhain.c: make sure daemon cannot be forced into 'update' mode + * sh_hash.c: remove AIX workaround (AIX has been fixed meanwhile) + +1.7.2 (04-02-2003): + * sh_kern.c: use sys_call_table address from System.map + * fix for reserved SQL keyword 'group' + * add AC_SYS_LARGEFILE to configure.ac + * allow separate client-specific log files for server + * sstrip.c: compile sstrip code only for i386 + * sh_unix.c: closeall: don't close trace file + * slib.c: don't trace sl_is_suid (leads to recursion in trace handler) + * samhain-install.sh.in: fix detection of LSB compliant systems + * sh_tools.c: get_client_*_file: lstat -> stat to allow symlinks + * sh_forward.c: sh_forward_do_write: set O_NONBLOCK for fd + (may block otherwise, for no good reason apparently ...) + * samhain.spec.in: replace %configure with ./configure + * sh_unix.c: re-write signal handling (use __malloc_hook et al. to + check whether we are in the middle of a free/malloc/realloc/memalign) + * sh_unix.c: use new safe_logger() function to log from signal handler + * sh_err_log.c: fix xml + * + * fix Makefile.in to exit non-zero on compile failure + * database init: create index on log_host, entry_status + * sh_suidchk.c: fix path building + * sh_tiger0.c: read larger blocks + * sh_hash.c: cast inode to UINT32 + * sh_tools.c: check that config/database files size fits in uint + * sh_error.c: export flag_err_debug to avoid unnecessary calls + * sh_unix.c: save the open() call in sh_unix_getinfo_attr() + * profiles/redhat_i386/bootscript: add # description field + * deploy.sh.in: set owner + permissions for files in yule_filedir + * profiles/debianlinux_i386: fix bootscript + * Makefile.in: fix deploy file lists and targets (include init+scripts) + * MLOCK GOOD/BAD -> SL_FALSE/SL_TRUE + * sh_mail.c: GOOD/BAD -> SL_FALSE/SL_TRUE (AIX sys/param.h) + * sh_err_syslog.c: split long messages rather than truncating + * sh_error.c: allocate msg to fix truncation limit + * sh_unix.c: closeall fd's >= 3 in non-daemon mode (inherited + filedescriptors may exceed FOPEN_MAX, causing problems in + sl_open_file) + * sh_err_console.c: avoid stdio + * trustfile: dirz: make swp[] static + * slib.c: speed up sl_strlcat + * clean up some bad heap allocation (PATH_MAX+(1|2) -> PATH_MAX) + * remove some unused code + * slib.c: support long long int in the snprintf replacement + * configure.ac: new configure macro to check whether sa_sigaction works + * Makefile.in: make sstrip, encode dependent on config.h + +1.7.1a (08-01-2003): + * fix a syntax error in samhain-install.sh.in + +1.7.1 (07-01-2003): + * search runlevel scripts in ./init or ./ + * handle all distro-specific Linux runlevel script issues + within a single script + * support install-boot on Yellow Dog Linux and Slackware + * samhain-install.sh: fix a bug for unknown Linux + ('"' not closed, DVER not set) + * samhain-install.sh: check for /etc/yellowdog-release + * sh_database.c: fix missing entry for 'userid' in attr_tab[] + * fix debian.rules.in (disable sstrip) + * update make targets: 'srpm', 'srpm-dist', 'rpm' + * check for zlib if mysql is used + * workaround for NetBSD bug with libresolve + * fixed problems with spec files + +1.7.0 (22-12-2002): + * improved spec files (Andre Oliveira da Costa ) + * sh_unix.c: fix a dereferenced static pointer in tf_trust_check + * runlevel scripts: remove pid file after stop + * make the data directory read-only for the daemon + * treat 'localhost' specially in MX resolver + * sh_err_log.c: set sh.flag.log_start == TRUE after writing + * deploy.sh.in: fix quoting (fix by Simon Bailey) + * slib.c: make sl_get_euid et al. behave well if uids not stored + * trustfile.c: use euid = uid(SH_IDENT) if server + * sh_mail.c: include an MX resolver + * Makefile.in: install-user routine for user installation + * have yule drop root + * sh_tools.c: open_temp use logdir if server + * unified options for runlevel script + * HP-UX, IRIX runlevel scripts + * AIX inittab entry + +1.6.6 (13-12-2002): + * configure.ac: solaris cc -O2 -> -xO2 + * sstrip.c: avoid alpha architecture + * profiles/solaris/configopts: no --enable-static + * sh_forward.c: sh_forward_req_file: copy argument to local array + +1.6.5 (04-12-2002): + * sh_utmp.c: set userlist = NULL in sh_utmp_end () + * sh_unix.c: do not assume that environ is sane + * exit handler: write + * sh_log_file(NULL): test sh.flag.log_start != S_TRUE + * FreeBSD rc script does not blindly accept content of pid file + * configure.ac: allow 'localhost' for log server + * sh_calls.c: retry_connect: ntohs (port) + * testrun_2[abc].sh: --with-logserver=localhost for client + +1.6.4 (12-11-2002): + * sh_tools.c: fix error when escaping '=<' + * fix the 'make srpm' target + * deploy.sh.in: avoid that client is named 'yule' + * define memset to sl_memset + * fix type cast of uid_t, gid_t + +1.6.3 (31-10-2002): + * fix options for Sun/Solaris native compiler + * sh_unix.c: MSG_FI_LIST (line 2333): cast theFile->size to fix error + * test sstrip on freebsd + * default config file for freebsd + * make target to build .deb packages + * sh_readconf.c: fix bug in error message + * samhain.c, sh_suidchk.c: fix initialization of suidchk + * samhain-install.sh.in: don't remove config file by default + * samhain-install.sh.in: support complete de-installation + * samhain-install.sh.in: add support for Gentoo, FreeBSD, and Solaris + * samhain-install.sh.in: check more paths + * sh_unix.c: fix sys_siglist declaration [NetBSD portability issue] + * sh_calls.c: save error message in retry_lstat() + +1.6.2 (04-10-2002): + * make target to build rpms + * update samhain.spec.in, samhain.startRedHat + * support DESTDIR, as in 'make DESTDIR=/what/ever install' + * explicitely set -fno-omit-frame-pointer b/o gcc bug + * mv configure.in to configure.ac to benefit from autoconf wrapper + * sh_modules.c, sh_modules.h: add mod_reconf() to run at SIGHUP + * slib.c: fix debug messages (no msgs for dlogActive <= 1) + * sh_schedule.c, samhain.c, sh_suidchk.c: + scheduler may accept multiple schedules + +1.6.1 (04-09-2002): + * sh_schedule.c: bugfix (executes only after first day) + * rm obsolete WITH_TRACE stuff + * new dlog() function for debug logging + * some more descriptive error messages + +1.6.0 (27-08-2002): + * omit the -fomit-frame-pointer option (bugs in some gcc versions ?) + * sh_error.c: fix escape mode when logging to database + * sh_forward.c: fix error (twice escape) in recv_syslog_socket + * sh_tools.c: change escape mode for server-received data + * sh_mem.c: change ulong -> size_t in sh_mem_malloc() + * configure.in: fix localstatedir if --prefix=USR + * sh_hash.c: snprintf() -> sl_snprintf() + +1.5.5 (07-08-2002): + * sh_err_log.c: fix incorrect xml syntax for client messages + logged by server + * sh_err_log.c: fix incorrect '' entries on client EXIT + * sh_files.c: introduce file_class_next + this fixes the problem that a policy for the directory + inode erroneously becomes a policy for the directory itself. + +1.5.4 (17-07-2002): + * sh_hash.c: fix buffer overflow with (micro-)stealth + * sh_database.c: set path[] 1024 -> 12288 + * sh_database.c: set query[] 2048 -> 16383 + * sh_database.c: set values[] 1024 -> 16383 + * sh_forward.c: larger limit for message size (16 kB) + * trustfile.c: set MAXFILENAME 2048 -> 4096 + * fixed a bug in the handling of filenames with embedded newlines + * sh_files.c: fix missing sh_util_safe_name() in debug output + * --with-sender can specify a full address + * fix xml log in a backwards compatible way + +1.5.3 (03-07-2002): + * fix combination of stealth and sql logging + * fix some more places where invalid UIDs/GIDs trigger errors + +1.5.2 (01-07-2002): + * include solaris config file from (sean [at] boran d.o.t com) + * test for files/dirz defined twice in the configuration file + * option to disable reverse lookup on outbound connections + * option to use socket peer as client name (with name resolving) + * sh_html.c: fix an HTML bug (twice ) + * sh_suidchk.c: fix warning on AIX b/o dirname() + * allow logging server -> syslog if yule is NOT configured to + receive syslog messages + * define PRIi64 to "lld" if undefined + * invalid UIDs: use gid/uid as name, error level SeverityNames + * minor fixes for connect_port + * sh_hash.c: flush output of db listing before _exit() + * configure.in: fix incorrect default ${install_name} for server + * configure.in: try harder to find mysql.h / libpq-fe.h + * sh_files.c: sh_files_checkdir: + closedir() early to not exhaust OPEN_MAX + +1.5.1a (30-05-2002): + * fix missing LSB init script + +1.5.1 (27-05-2002): + * fix '-t update' option + +1.5.0a (23-05-2002): + * fix configure.in + +1.5.0 (22-05-2002): + * include solaris nosuid patch from (nathoo [at] co d.o.t ru) + * similar fix for bsd nosuid + * speed up -t update + * convert manual to DocBook, distribute html and ps + * fix some more problems with configure.in, Makefile.in + * fix testsuite, add tests for udp, mysql + * MSG_TCP_MSG: host -> remote_host + * convert to autoconf 2.53 + * make c_bits.sh exit with status 0 + * sh_database.c #include "mysql.h" --> , ditto libpq-fe.h + to avoid dependency tracking problems + * samhain.c remove *YULE* #ifdefs + * acconfig.h remove *YULE* #undefs + * samhain.c: procdirSamhain: lstat --> stat (allow symlink) + * configure.in: add checks for correct user input + * Makefile.in: add automatic dependency tracking + * depend-gen: tool to figure out dependencies + * chkconfig comments in redhat start scripts + +1.4.8: + * sh_database.c: fix missing attr_old, attr_new, (from)host columns + * configure.in, Makefile.in: fix an error in the configfile + definition with REQ_FROM_SERVER + * sh_err_console, sh_err_log: avoid recurrent failure messages + * timeout on read from files (/proc) + * fix errrors with setjmp/longjmp/alarm + * fix memory leak in server (~20 byte/file download in sh_tools, 930) + * check gpg signature for files downloaded from server, add a + regression test + * fix chown in solaris bootscript + * provide second scheduler for file check + * provide scheduler for file check + * provide scheduler for SUID check + +1.4.7 (08-04-2002): + * make daemon control LSB-compliant (arguments, exit status) + * set log_ref = 0 for server messages + * boolean option SetDBServerTstamp to disable entering server + timestamps for received client messages into database + * sh_suidcheck: check for "nosuid" mount option if getmntent is used + * fix logrotate script in manual (reported by Scott Worthington) + * don't strip numerical IP addresses + * check item->status_now != CLT_TOOLONG in client_time_check() + * set log_host to client in db client message + +1.4.6a (20-03-2002): + * define prefix in deploy.sh + +1.4.6 (19-03-2002): + * modify samhain_hide.c to hide processes on new Linux kernels + * better error diagnostics in kern_head.c + * fix compile error in all_items () + * check length of install-name in enable-khide (max is 15) + * define exec_prefix in deploy.sh.in + * make configure a bit more cross-compiler friendly + +1.4.5 (07-03-2002): + * Make sure missing file is reported even if ptr->reported == S_TRUE + because the file has been added. + * propagate 'reported' flag from sh_files_checkdir() into file list + * close checkfd in sh_gpg_check_file_sign() + * sh_derr(): kill(parent, SIGCONT) after ptrace(PT_DETACH,...) + * use sh.srvcons.name in dbg() to get debugging info from daemon + * option to log file timestamps with localtime instead of GMT + * comment out MSG_FI_ADD in sh_dirs_chk () - obsoleted by mandatory + sh_files_filecheck(directory) that triggers MSG_FI_ADD in sh_hash.c + * set ptr->reported = S_FALSE; for reappeared files in sh_files_chk() + to make sure re-disappearing will get reported + * new function sh_hash_set_missing() to remove file record + without (duplicate) 'missing' message + * make sure all items are reported for added files + * fix stealth mode with sh_kern (encode sh_ks.h -> sh_ks_xor.h) + * clarify in the documentation which gpg options to use for signing + +1.4.4 (11-02-2002): + * check that parent process has exited before writing PID file + * promote MGG_W_CHDIR to SH_ERR_ERR + * add error message to sh_unix_testlock + * fix missing _() macro in sh_aud_set_functions + +1.4.3 (05-02-2002): + * don't check attributes for symlinks (may cause device access) + * add USE mysql; USE samhain; to samhain.mysql.init + * point out the MessageHeader/mysql problem in manual + * add -lz to LIBS for mysql + * strip after install, avoid double strip + +1.4.2 (27-01-2002): + * support for EGD + * fix some more problems with install-deploy / deploy.sh + * fix a bug in profiles/suselinux_i386/bootscript (INSTALL_NAME_) + * fixed the 'external logging' test (init rather than none in rc file) + +1.4.1: + * SuSE: include run level 4+5 + * install location of hiding kernel modules changed - some insmod + variants do not test for /lib/modules/$(uname -r)/module_name.o + * new make targets 'install-deploy', 'uninstall-deploy' + * fixed make targets 'deploydir', 'deploydirfast' + * bail on unsupported CL option in deploy.sh + * fix various bugs in deploy.sh + +1.4.0 (16-01-2002): + * fixed missing 'dirname' on Mac OS X + * fixed && tested for/with postgres + * 'user=' -> 'userid=' (reserved word in sql) + * fix the endianess + size of file database; this changes db format + for any non-Linux OS + * --enable-old-format for old (V1.3) database format + * getopt, samhain.c, samhain.h: option -f to loop if not daemon + * sh_hash: list numeric + char data to allow file db update on + server side + * sh_database: modify handling of integer (long) data + * sh_database: datetime in database + * sh_database: hash field in database + * sh_database: rewrite database insert string construction + [use INSERT INTO log (fields) VALUES (values);] + * makefile suse 7.x runlevel entries + +1.3.7 (06-01-2002): + * fix incorrect escape in sh_tools_safe_name + * fix sh_error_handle (4. argument) in sh_extern.c + +1.3.6c: + * fix segfault in sh_database (mysql logging) on solaris + +1.3.6b (03-01-2002): + * fix syntax error ('==') in Makefile.in + * fix configure.in (path for /lib/modules/$(uname -r)/build/include) + * fix sh_kern.c (redeclaration of 'j') + +1.3.6 (03-01-2002): + * sh_kern.c: check integrity of int 80h vector + (SucKIT rootkit - Phrack 58) + * make sure childs in sh_kern are wait()'ed for + * provide start/stop/restart/reload/status interface + * fix a potential segfault (dereferenced NULL pointer) in the server + * use sh_util_flagval for sh_unix_setdaemon + * documentation for logging to SQL database + * configure.in: check for -I/lib/modules/$(uname -r)/build/include + * fix trustfile.c to ignore invalid users + * separate 'make install-samhain' and 'make install-yule' + * separate default log/pid/config files for server/client + - less problems running server and client on same host + * rewrite deploy.sh(.in): + - don't use (make|install) if deploying + - use command line options + - better integrate into server environment + - write install db + * always write a pidfile if daemon + * don't use server's config file as fallback for downloading client + * don't overwrite config file when doing 'make install' + +1.3.5 (28-12-2001): + * fix --enable-message-queue for newer glibc versions + * log to SQL database: implemented, but undocumented yet, + needs to be tested further + * xml: escape received syslog messages + * xml: rename 'time' to 'tstamp' + * make targets: make [un]install-[boot-]yule + (for server-only installation) + * fix samhain_hide.c for 2.4 kernel + * fix sh_kern for updated samhain_hide.c + * new option -j to just list the logfile + * sh_getopt.c: recognize -Dt check for -D -t check + * sh_tiger0.c: fix compiler warning (memmove) on Solaris + +1.3.4 (12-12-2001): + * sh_suidchk.c: option to limit files per second + * sh_unix.c: option to limit (kilo)bytes per second + * sh_hash.c: fix potential problem with '\n' in filename + (not backward compatible if there are filenames with '=') + +1.3.3 (03-12-2001): + * sh_readconf.c, samhain.h, samhain.c, sh_suidchk.c: + option SetNiceLevel to set scheduling priority + * sh_hash.c: bugfix for database listing on Solaris + * taus_seed: bugfix for emergency backup rng seed + * sh_util_safe_name: fix for XML + * sh_utmp_set_login_activate: use sh_util_flagval + * sh_utils.c: sh_util_obscurename: rm 'space' from list + * more backtrace macros + * sh_util_flagval: fix bug to recognize 1/0 + * fix test scripts testtimesrv.sh, testext.sh (test.sh 6/5) + * rm stray debug fprintf in sh_srp.c + +1.3.2 (27-11-2001): + * sh_hash.c: fix an error introduced in 1.3.1 + * set RLIMIT_CORE to RLIM_INFINITY if --enable-debug + +1.3.1 (25-11-2001): + * slib.c: get backtrace with --enable-debug + * sh_unix.c: allow core dumps when --enable-debug + * configure.in: fix default message queue permissions + * sh_suidchk.c: automatically include suid/sgid files in database + * sh_suidchk.c: check all suid/sgid files + * sh_hash.c: don't insert duplicates when reading the database + * sh_utmp, sh_kern, samhain: fix 1sec offset in timer + * sh_unix.c: don't require /dev/random to be non-world-writeable + * server: fix segfault in zAVLTree.c if avltree == NULL (no clients) + * client: fix segfault on Solaris if path_conf == NULL + * testrun_1b.sh: \(^/.*\) -> \(/.*\) for Solaris sed + +1.3.0 (31-10-2001): + * support compiling with GNU gmp library + * set 3 sec timer on client_time_check to avoid excessive (and + unnecessary) calls under heavy load + * replace sl_strlen with a macro + * store client_t structure in AVL tree + * database format incompatible with previous format, up the magic# + * sh_html.c: cache entry template for speedup + * slib.c: reset islong(double) in sl_printf_count + * sh_hash.c: report on rdev change + * sh_hash.c: print size in 64 bit + * sh_hash.c: save in absolute size types + * sh_unix.c: get values as appropriate type (time_t, dev_t, ...) + +1.2.10: + * update MANUAL + * sh_unix.c: tiger_hash -> tiger_generic_hash + * sh_readcon.c: DigestAlgo option + * sh_tiger0.c: add MD5 and SHA1 + * sh_unix.c: fix minor problem with win2k/cygwin + +1.2.9 (17-10-2001): + * fix problem with entry template/empty hostname + * fix MASK_USER_ (MTM -> ATM) + * typo fixed in configure.in (${install_name} -> {install_name}) + * bugfix group_old -> size_old in XML code + * skip armor header in signed files + +1.2.8 (29-09-2001): + * Mac OS X: in sh_getopt.c, rename table[] to op_table[] to avoid + obscure compiler warning + * Mac OS X: fix test scripts + * Mac OS X: import newest config.guess, config.sub from ftp.gnu.org + * implement deadtime in syslog recv code to protect against flooding + * sh_err_log: sl_close(fd) if lock|forward fails + * compliance with Filesystem Hierarchy Standard -- Version 2.2 final + * add policies User0, User1 + * fix compile problem (FreeBSD) in sh_suidchk.c + * macro to check for debugger breakpoints (linux/i386) + * check for solaris (does not work) in sh_derr (--enable-ptrace) + * option to listen on 514/udp for syslog, drop root + irrevocably if compiled thus + * use (check_mask & MODI_ATM) to decide whether to reset utime + * reset the policy masks on sighup + * option to write XML log messages + * cleanup of message catalog + * modified error messages for BADCONN + * error messages for Rijndael + * block recursive error messages within sh_error_handler() + - would hang the machine ... - + +1.2.7: + * sh_files, sh_utils: check top level directory + * sh_kern, sh_cat, kern_head: check syscall code, fork subprocess + for reading from /dev/kmem + * include /boot in default samhainrc + * change source distribution signing/packaging system + * Makefile, README, MANUAL: adhere to file system standard, + document new locations + * fix a bug in samhain_hide.c + +1.2.6: + * reset list of trusted users before config file re-read + * TrustedUser=... can be a list + * fix severity for files missing from IgnoreAll + +1.2.5: + * include example_pager.pl, example_sms.pl scripts + * explain paging/sms setup in docs + * allow manual exclusion of a directory in suidcheck + * automatically track all file changes + * remove missing files from in-memory database + * add $(KERN) to DEPLOYFILES + +1.2.4: + * log IP address for login/logout events, if supported by the OS + * release block in globerr (callback) + +------------- + +1.2.3: + * fix problem with reading stealth configuration + * fix a few formats in sh_cat.c + * always use strncmp for file system type check in sh_suidchk.c + (trailing 'fs' may be system specific for some types) + * no bare LF in messages (RFC 2822) + * no lines longer than 998 chars (RFC 2822) + * fix error in testrc_1 + +1.2.2: + * make tmp file directory a compile time option + * fix minor bugs in tmp file allocator (potential memory leak, + double slash if root directory) + * obsolete testpipe script removed + +1.2.1: + * fix memory alignment in rijndael-api-fst.c: blockEncrypt() + * fix byte order in HMAC code (compatibility fix for Linux/HP-UX) + * removed a debug fprintf() + +1.2.0: + * fix a bug in the HMAC implementation (thanks to Cesar Tascon + for help in tracking down this one) + * module to check the file system for SUID/SGID files + +1.1.16 (never released): + * fix the recursion depth -1 option as described in the manual + * optional database reload on SIGHUP + * fix a race condition when checking that /dev/random is a charakter + device + * redirect stderr to /dev/null for c_random + (AIX may segfault in netstat...) + * check whether /dev/random is a charakter device in c_random.sh + (we know at least one sysadmin who has set up a fake /dev/random ...) + * don't give NULL as 2. and 3. arg to execve if not Linux - some + Unices (notably Solaris) don't like it + * init ptr = NULL in my_malloc (compiler warning) + * make the bitmask for tests configureable (suggestion by A. Dunkel) + * make the bitmask for tests a static variable + * make (database/logfile/lockfile) path configurable + (to run multiple instances of samhain from an NFS share - on the + wishlist of J. Patton) + +1.1.15 (never released): + * fix minor error in testcompile.sh (rm test_log only at start) + * return from subroutines on sig_terminate == 1 + (faster exit on SIGTERM) + * fix re-configuration of addresses + * use sh_util_flagval() in sh_mail_setFlag and sh_kern_set_activate + * SysV message queue as compile option + * config file option to set console device + * removed the pre 1.1.9 code bloat + * don't print the LOGKEY to the console + +1.1.14: + * fix an error in the setup consistency check + * make target to uninstall runtime files + * trustfile.c: check return code of readlink(), fix off-by-one error + * sh_files.c: fix placement of terminator after readlink() call + * sh_files.c: fix a missing set_suid()/unset_suid() + - suid should work, but is not recommended - + * more debug statements in c/s code + * avoid re-entry in sh_unix_sigexit + * put a block around free() and malloc() in wrapper functions + * ditto for glob()/globfree(), regcomp()/regfree(), fdopen()/fclose() + - i.e. avoid corrupting the heap from a signal handler - + +1.1.13: + * optimized the size of the configure script somewhat + * modify the compile and hash test scripts + * read '\0's in sh_unix_getline + * exponential schedule for connection attempts + * make stealth working properly with signed files + - config file should be signed now before embedding in picture - + * fix a race in using signed files + * updated err messages for PWNULL, GRNULL + * add missing shell script for test 11 + * add mandatory source file/line info with -p debug + * add mandatory source line info with BADCONN + * fix a latex error in the manual + +1.1.12: + * debug output to console if compiled with --enable-debug and + running as daemon + * make reportonlyonce=true the default + * make sure state changes of a file are always reported, even + with reportonlyonce=true + * Linux kernel modules (samhain_hide, samhain_erase) + * fixed incorrect return value of sh_util_flagval + * fixed an error in sh_files.c: happens with -t init and first + file that is checked does not exist + * revised install/uninstall targets in the Makefile + * module to check for clobbered kernel syscalls (tested on Linux 2.2) + * more diagnostic error messages in sh_gpg.c + * more diagnostic error messages in sh_mail.c + * error in mail.c fixed + (address -> address_list[i] for multiple recipients) + * docs updated, better(?) explanation of signed files + * skip over path in gpg checksum output + * check client name against IP address and FQDN + * fix for --disable-* in config file + * fixed a server crash (MSG_TCP_OKMSG without arg) + if the server is run with debug level output threshold + * catch EAGAIN in sh_gpg.c pipe reader + * fix the 'external logging' test to make it work on BSD + * error message if no local path to init DB + * check for i86/Solaris in configure (vsnprintf prototype) + * make SRP the default + +1.1.11: + * make log file verification more convenient + * fix problem with message classes in stealth mode + * linux: do not try to read file attributes for devices + * handle the root directory correctly (avoid "//" in listing) + * fix problems with blockin on FIFOs/char dev + pointed out by I. Rogalsky (rog@iis.fhg.de) + - open in nonblocking mode for read, then set to blocking + - open file only if regular + * fix alignment in memory profiler + +1.1.10: + * minor code cleanup + * fix an error in trustfile.c (handling of empty/incomplete + group entries in /etc/group, bug report by A. Capriotti ) + +1.1.9: + * compatibility option for old behaviour (plain hash instead + of HMAC, ECB instead of CBC mode) + * use CBC rather than ECB mode for encryption + * use HMAC-TIGER for message authentication codes + * handle NULL data in sh_tiger_hash + * option to set syslog facility (default is LOG_AUTHPRIV) + * longer timeout (300 sec) on /dev/random if no /dev/urandom + * fix minor output error with stealth option + * option not to log names of config/database files on startup + +1.1.8: + * fix error in syslog routine + * fix missing 'test' in configure.in + * fix error in replace_tab() in sh_html.c + * fix minor memory leak in sh_util_regcmp() + +1.1.7: + * timeout on read_mbytes (from /dev/random; fallback to /dev/urandom) + * fix for FreeBSD: ut_user -> ut_name in sh_utmp.c + * fix for Alpha: consider $ac_cv_sizeof_unsigned_int_ in configure.in + * fix for Alpha: format string in sh_tiger0.sh + * on Linux, now compiles cleanly with + -Wall -W -Wstrict-prototypes -Wcast-align + * fix problem with recursion depth + (pointed out by Vic ) + * #include "sh_tools.h" in sh_unix.c and fix the + --with-timeserver option (reported by Vic ) + * place read_port(), MSG_TCP_NETRP outside ifdefs + * close fd/zero skey before execve + * verify client name against socket peer + * ... with configureable error priority + * use strcmp() rather than strncmp() in search_register() + * fix race between lstat() and open() for checksum + (reported by dynamo , + JJohnson ) + * enable globbing for filenames + * fix Solaris problem: siginfo_t may be NULL + * fix missing SL_EBADGID in tf_trust_check + * test case for external scripts, fix flushing pipe + * fix a typo in sh_ext_type + * do an fdexec w/checksum on Linux if calling external program + * even safer tmp file creation + * allow db update + * fix compile options for --enable-debug + * fixed a spelling error in the output + * test program for full CS support (config/database download) + * tell which file is searched for cs download + +1.1.6: + * fix bug in sh_readconf_line (segfault on erroneous config lines) + +1.1.5: + * sh_unix.c: sh_unix_getinfo_attr: f -> flags + * use gettimeofday as last resort +1.1.4: + * fix AIX compiler warning in sh_forward (cast arg1 of sh_tiger_hash + to (char *) + * configure: add static link flags for some more os (from tar) + * don't strip twice (some stupid systems abort) + * fix for reading from /dev/random on non-Linux systems (untested) + * sh_mail.c: end all message lines with \r\n + * stealth: ignore \r, \" + * take out tracing from --enable-debug (presently useless anyway) + * fix some remaining cleartext with debug && stealth combined + * fixed a small memory leak in sh_err_log.c + +1.1.3: + * fixed circular logic in taus_seed() (fallback method only) + * fix for missing _SC_OPEN_MAX (runaway close()) + +1.1.2: + * implement message classes + * let server recognize client message severity and class + * secondary log server + * keep database in memory (allows to close file + if retrieved from server) + * encrypt client/server communication + +1.1.1: + * Compilation problems with native Solaris compiler fixed + * fill in euid/ruid variable + * manual.pdf --> MANUAL.pdf + * debug sh_util_formatted() + * http refresh 120sec for server stat page + * trace/debug options + * fixed problem with utmp.c options + * fixed problem with sh_mail_setaddress + * option for custom message header + * fixed problem in compdata + * fixed problem in mail verification + * remove eventual trailing '/' in file names + * fixed problem with report string for modified files + * option to report in full detail + +1.1.0: + * Move error messages to catalog + * Make error message format more uniform + * Wrap sytem calls that could be interrupted by signals + * Warn on append to database + * Option for full details on mod. files + * Option to report only once on mod. files + * Generally speaking, major modifications with potential new bugs + +0.9.5: + * sh_hash.c: fixed erroneous checksum for config file + * sh_html.c: fixed erroneous timestamp (last) + * sh_tools.c: fixed connect_port (set port for cached address) + * sh_srp.c: fix for '00' (='\0') in pw + (last two fixes by Andreas Piesk) + +0.9.4: + * samhain.c: fcntl(1, ..) -> fcntl(2, ..) + * sh_hash.c: copy 12 instead of 10 byte for c_attributes + * 'empty directory' WARN -> INFO + +0.9.3: + * FreeBSD fixes: + - c_random.sh: make sure /dev/random provides something + rather than nothing + - check for and include it + - include early + - sh_utmp.c: fixed an occurence of ut_user + - sh_utmp.c: #ifdef HAVE_UTTYPE static char terminated_line #endif + - sh_forward.c: EBADMSG -> ENOMSG + * sh_unix.c: check return value of gethostbyname + * sh_entropy.c: fallback on /dev/urandom if /dev/random blocks for + more than 30 sec + * ... and fix the timestamp format ... + +0.9.2: + * ISO 8601 timestamps + * Bugfix in sh_utmp (timestring overwrite) + * don't use siginfo_t on Linux (garbage as of 2.2.14) + * check for Linux capabilities bug when dropping root + * include README for gcc compiler bug (pointed out by A. Piesk) + * explicitely set -fno-strength-reduce with gcc + * fixed ignoring missing files with the IgnoreAll policy + +0.9.1: + * more ext2flags (breaks backward database compatibility on Linux) + * IgnoreAll policy modified - missing/added files reported with + SeverityIgnoreAll (to handle files that may or may not be present) + * Check all files, not only regular ones + (bug in sh_files, originally introduced because checksum of + regular files only is computed) + +0.9: + * use O_NOATIME if supported + * --with-nocl takes argument (PW to re-enable CL parsing) + * no daemon mode if initializing database + * fixed segfault in yule with 'unknown file type' request + * enlarged MAX_GLOBS 24 -> 32 and made the array linear + * server uses last registry entry for any given client now + * deploy.sh script to deploy clients to remote hosts + * enhanced signal handling: SIGUSR1/SIGUSR2/SIGABRT/SIGQUIT/SIGHUP + * allow y/Y/n/N for login monitoring (in addition to 0/1) + * external logging scripts/programs + * trustfile.c: define STICKY on Linux + * reset signal mask when initializing + * EINTR_RETRY wrapper + * slib: sl_read, sl_write EINTR update + * use sstrip when installing + * more compact database format (breaks backward database compatibility) + * larger download packets + * TcpFlags unsigned char + * cast to (char *) head in write_port + * m(un)lock cast to (char *) + * (1 << 31) --> (1UL << 31) + * support e2fs attributes on Linux + * fixes for AIX and Solaris native compilers + * fixed Makefile for non-GNU make (pattern rule --> suffix rule) + +0.8.1: + * fixed 'is_numeric()' return value + +0.8: + * added option for static compilation + * added option for stealth with non-hidden config file + * added option for disabling command line parsing + * all options can be set in the configuration file now + * stealth: xor strings in database file + * fixed bug in mailer code ([] in HELO) + * print timestamp when asking for key + * 'micro' stealth mode (no hidden configuration file) + * simplified slib + * int->long for uids/gids in trustfile + * moved mailkey from data to code + * shell script for entropy (stronger default key) + * general code cleanup + * better error checking in client/server code + * detect out-of-sync messages + * check state across protocol passes in server + * make sure authentication is mutual + * file download to client + * reserve six file descriptors in server + * mlock queue buffer if LOG_KEY + * improved robustness in bignum (don't fail on free()) + * per-directory recursion depths + * RFC821 compliance: empty line at end of header, To field, Date field + * RFC821 compliance: make e-mail transfer relieable + * fix detection of hardlink changes + * checksum verification for calling gpg/pgp + * CL option '-S' not required for server-only binary + * eliminate CL options that may leak privileged information + if the program is SUID + * skip leading white space in configuration file + * allow nested conditionals in configuration file + * allow whitespace before and after '=' in configuration file + * don't leak file descriptors to child processes + * make message transfer relieable + * always report error on abnormal termination of connection + +0.7: + * support for alpha machines + * stop TCP logging after exit message + * limit connections in server (DoS attacks) + * move string handling to slib + * move file handling to slib + * timestring without space + * changed report format + * SUID bugfix - use euid when checking logfile ownership + * SUID bugfix - get root for lstat() + * SUID bugfix - get root for opendir() + * store number of hardlinks + * send no message if polling empty queue + * include tiger 64-bit implementation (portability) + * codes for error conditions + * mail check: handle multiple, overlapping audit trails + * security fix: no append to database if SUID + * fix sh_entropy.c (BUFSIZ -> BUF_ENT) + * read command line before config file + * PGP signing of config/database files + * checksum of config file reported + * checking for attributes only + +0.6: + * more syslogish priority specification + * fixed segfault in sh_mem_check, apparently this was also + the reason for the segfault in atexit() + * allow for compilation with SRP authentication + * fixed tiger checksum computation + * fixed broken logfile verification for second and further audit trails + * test program added + * documentation improved + * sh_forward_make_client: bug fixed in[8]->in[i] + * sh_error.h: fixed missing #include + * configure.in: fixed missing strerror() test + * sh_utmp.c: check logins/logouts + * check for missing files + * only reset access time if necessary + * O_EXCL in open() + * limit environment to TZ in execve (sh_entropy.c, not used on Linux) + * use trustfile() to determine whether logfile dir is trustworthy + * strip head instead of tail for numerical address + * store messages in fifo during log server outage + * re-init session key after server outage + +0.5 (21-12-1999): + * added option for mail relay server + * own popen() implementation in sh_entropy() (portability) + * fixed error in sh_util_basename() (returned NULL for base == "/") + * fixed segfault in strlcpy/strlcat (check for src == NULL) + * FILENAME_MAX -> PATH_MAX (HP-UX 10.20) + * use TIGER for 32-byte compilers (portability) + * fixed hash function (do not include stdlib.h) + * flush buffer before write in mailer code (IBM AIX 4.1) + * make mailer code non-forking + * cast argument of is...() to int (portability) + * return() after _exit() for braindead compilers (portability) + * optionally use inet_addr (portability) + * check for broken mlock() (HP-UX 10.20) + * minor code cleanups + * fixed incorrect size of munlock()'ed memory in sh_error_string() + * fixed a buffer overflow in the error printing routine + * fixed a buffer overflow in sh_util_safe_name () + * implement SRP session key exchange + * implement client/server facility + * implement @host/@end construct in configuration file + * preferably use uname(), and do gethostbyname() for FQDN + * make vernam cipher base numeric + * make OnlyStderr private in sh_error + * test -e "/dev/random" --> test -r "/dev/random" (portability) + * check for libsocket (portability) + * add #defines for IPPORT_SMTP, IPPORT_TIMESERVER (portability) + * eliminate superfluous /proc test + * some unreachable code removed + * cast to (byte*) replaced by cast to (word64*) in sh_tiger_hash() + * check for setresuid() if no seteuid() (HP-UX 10.20) + +0.4 (09-11-1999): + * make sure output from /dev/random has no NULL's + * one-time pad encryption for emailed keys + (better than nothing ...) + +0.3 (04-11-1999): + * logfile readable for group + * verify signatures for any file + * signature block in tarball + * use select() in time server routine + * better protection for session keys (mlock) + +0.2: + * fixed incorrect man page + * fixed incorrect example rc file + * recursive error logging should work now + +0.1: + * initial release -- on Samhain 1999, of course + +development start: + * probably 29-06-1999 + Index: /tags/2.5.0/docs/FAQ.html =================================================================== --- /tags/2.5.0/docs/FAQ.html (revision 189) +++ /tags/2.5.0/docs/FAQ.html (revision 189) @@ -0,0 +1,858 @@ + + +Frequently Asked Questions for Samhain + + + + +
+

samhain file integrity + scanner | online + documentation

+

Frequently Asked Questions for Samhain

+

Rainer Wichmann

+
+
+
    +
  • If you encounter problems after installing samhain, disable daemon + mode and run it in the foreground with + samhain --foreground [more options] for debugging.
    • +
  • If you have problems getting client/server mode to work, please check + the HOWTO client+server troubleshooting document.
    • +
+
+

FAQ Revised: Saturday 14 April 2007 17:05:58

+

Table of Contents

+
+
1. Most frequently
+
+
2. Build and install
+
+
3. File checking
+
+
4. Client/Server
+
+
5. Email
+
+
6. Misc
+
+
7. Database
+
+
+

1. Most frequently

+
+
1.1. Owner not trustworthy / Group writeable and member not trustworthy
+
An untrusted user (might be an untrusted group member + for group writeable files/directories) owns or can write to an + element in the path listed in the error message. This concerns + the configuration file, the log file, and the database file. + The offending element in the path is identified as obj=/xxx in the + error message. + To fix the problem, see next entry.

+
1.2. samhain exits with the message "Untrusted path" for config/log/pid/database files
+
Paths to critical + files (e.g. the configuration file) must be writeable by trusted users + only. + If a path element is group writeable, all group members must be trusted. + By default, only root and the (effective) user of + the program are trusted. To add trusted users, use the compile time + option +
+$ ./configure --with-trusted=0,...
+
+ or the configure file option: +
+[Misc]
+TrustedUser=username
+
+If the path to the configuration file itself is writeable + by other users than root and the + effective user + these must be defined as trusted already + at compile time.

+
1.3. It does not log anything / Can't stop logging to console
+
(1) There is a section in the manual dealing with +logging and filtering.
+ +(2) To log to the console: +
+$ samhain -p info ...
+
+or in the configuration file: +
+[Log]
+PrintSeverity=info
+
+ +To stop logging to the console: +
+$ samhain -p none ...
+
+or in the configuration file: +
+[Log]
+PrintSeverity=none
+
+Defining /dev/null as console device works as well, but +is a bad idea, because samhain will open the device and write (i.e. it is +a very inefficient method).

+
1.4. Client cannot self-resolve, but nslookup works fine
+
    +
  • Nslookup is a program to query Internet domain name servers. +
    • +
  • Applications (like samhain) are not supposed to query DNS servers + directly. Rather, they are supposed to query the resolver library that: +
      +
    • is provided by the operating system,
      • +
    • configured by the system administrator,
      • +
    • may use several different method to determine host names, as + configured in /etc/nsswitch.conf, and
      • +
    • usually is configured to give precedence to + the /etc/hosts file.
      • +
    +
    • +
  • Therefore, whether nslookup gives correct answers may be completely + irrelevant. For self-resolving the own hostname, the resolver + library probably will use /etc/hosts, rather than + querying a DNS server. +
    • +
+

+Below you can find some examples of good and bad /etc/hosts files: +

+
+        # CORRECT
+	#
+        127.0.0.1  localhost
+        xxx.xxx.xxx.xxx myhost.mydomain.tld  myhost
+
+ +
+        # CORRECT
+	#
+        127.0.0.1  localhost.localdomain localhost
+        xxx.xxx.xxx.xxx myhost.mydomain.tld  myhost
+
+ +
+        # BAD
+	#
+        127.0.0.1  myhost.mydomain.tld  localhost
+        xxx.xxx.xxx.xxx myhost.mydomain.tld  myhost
+
+ +
+        # BAD
+	#
+        127.0.0.1  localhost myhost
+        xxx.xxx.xxx.xxx myhost.mydomain.tld  myhost
+


+
+

2. Build and install

+
+
2.1. [Fedora Core] Cannot compile with --enable-khide
+
The Fedora Core kernel is patched to unconditionally deny reading +from /dev/kmem. Compiling the stealth kernel modules is not possible +under these circumstances.

+
2.2. [Fedora Core] Cannot compile with --with-kcheck
+
The Fedora Core kernel is patched to unconditionally deny reading +from /dev/kmem. Checking the kernel for the presence of rootkits is +not possible under these circumstances.

+
2.3. "make" loops infinitely !
+
This may happen (e.g. when building via NFS for multiple architectures) + if the relative timestamps in the source directory are + wrong (time not in sync on different machines) or some intermediate + target is unusable (up-to-date, but built for a different OS). Use + "touch * && make distclean" in the source directory + to recover.

+
2.4. Why does static compiling (--enable-static) on Solaris fail ?
+
Ingo Rogalsky has provided the following information: It isn't possible + to link Samhain statically with Solaris. This + is a Solaris issue (see Sun Infodoc ID12624) and not a samhain problem.

+
2.5. Compilation fails with '/usr/bin/ld: cannot find -lnss_files'
+
For Linux, this is a known problem with --enable-static if you compile + in MySQL support. The problem is that the + mysql_config that comes as part of the MySQL + distribution script incorrectly lists dependencies on + the libnss_files and libnss_dns libraries which are only available as + shared libraries, so the linker cannot find the static libraries. + + You can check this by inspecting the output of + mysql_config --libs. The version of + mysql_config that comes with the RedHat mysql + RPM (RedHat 9) does not have this bug; the one distributed by the MySQL + people has. You can fix the problem by editing + mysql_config: search for the + client_libs variable, and remove all instances + of -lnss_files and -lnss_dns.

+
2.6. The executable is corrupted after installation
+
The executable will get stripped during the installation. On + suitable systems (i386 Linux/FreeBSD currently), additionally + the "sstrip" + utility (copyright 1999 by Brian Raiter, under the GNU GPL) + will be used to strip the executable even more, to prevent + debugging with the GNU "gdb" debugger. + The "strip" utility cannot handle the resulting + executable, therefore trying to strip manually after installation + will corrupt the executable.

+
2.7. --enable-xml-log has no effect
+
If you have compiled for stealth, you won't see much, because if + obfuscated, then both a 'normal' and an XML logfile look, + well ... obfuscated. Use samhain -jL /path/to/logfile + to view the logfile.

+
2.8. ./install-sh: strip: not found (Solaris)
+
Install the SUNWbtool package.

+
2.9. What is sh_tiger1.s?
+
This is a precompiled assembly file for the i386 architecture +generated from sh_tiger1.c using gcc 3.4.0 with the following options, +that were found to generate the fastest code: +
+ -O1 -fno-delayed-branch -fexpensive-optimizations -fstrength-reduce 
+     -fpeephole2 -fschedule-insns2 -fregmove -frename-registers -fweb 
+     -momit-leaf-frame-pointer -funroll-loops
+
+These options were determined using +acovea 5.1.1 +by Scott Robert Ladd. The file is provided as precompiled assembly +because different versions of gcc can have very different performance, +require different options to compile optimal code, and +it would be impossible to maintain a library of optimal compile options +for every version of gcc.

+
2.10. Why does static compiling (--enable-static) on MaxOS X fail ?
+
Static linking is not supported on MacOS X, see +Technical Q&A QA1118. +This is a MacOS X issue and not a bug in samhain.

+
2.11. Why does compiling with MySQL fail on Solaris ?
+
The reason is often the shell script 'mysql_config' that comes as part +of MySQL. This script is intended to print appropriate compiler flags for +compiling applications that use MySQL. Unfortunately, since Sun compiles +MySQL with the Solaris compiler, this script outputs options for the Solaris +compiler (i.e. unsuitable for gcc). To solve this problem, you need to move +this script (i.e. 'mysql_config') out of your PATH before running +./configure (unless of course you are using the Solaris compiler +rather than gcc).

+
+

3. File checking

+
+
3.1. How can I exclude a (sub-)directory ?
+
+[IgnoreAll]
+dir=-1/ignore/this/subdirectory
+


+
3.2. In messages about policy violations, what does the code after POLICY [XYZ] +mean ?
+
This code indicates which items are modified (e.g. C = checksum). You can +find a description in section 5.4.9 in the user manual. It is there because +then you can see in the message list of the Beltane web console what has been +modified, without the need to look at the message in detail.

+
3.3. Does samhain support prelink ?
+
Yes. There is a special checking policy [Prelink]. Directories with +prelinked executables / shared libraries (see /etc/prelink.conf) should be +placed under this policy, rather than under the [ReadOnly] policy.

+
3.4. I get error messages about 'subdirectory count != hardlinks'
+
Some filesystems do not always follow the rule that the number +of directory +hardlinks equals the number of subdirectories. E.g. the root directory of +reiserfs partitions generally seems to have two additional hardlinks. +To account for such exceptions, you can either switch off the +hardlink check globally, or specify exceptions: +
+[Misc]
+# Switch off hardlink check
+#
+UseHardlinkCheck=no
+
+
+[Misc]
+# Specify exceptions for the hardlink check
+#
+HardlinkOffset=N:/path
+
+Here, N is the numerical offset (actual - expected hardlinks) for +'/path'. For multiple exceptions, use +this options multiple times (note that '/path N:/path2' would itself be a valid +path, so using the option only once with multiple exceptions on the same line +would be ambiguous).

+
+

4. Client/Server

+
+
4.1. I don't want to poke a hole into my firewall to let the client connect to the server !
+
Pat Smith has posted the following solution. On the client, create +an iptable rule as follows (note: you probably don't need this if you +configure / compile in 127.0.0.1 as the server address): +
+iptables -t nat -A OUTPUT -p tcp -m tcp --dport 49777 -d server-ip -j REDIRECT
+
+ +On the server, create an ssh tunnel for each client outside the firewall: + +
+ssh -f -C -R 49777:localhost:49777 -N client-ip
+
+ +It is necessary that each client has a distinct name, and that the server +knows the name of the client. With the setup above, each client will appear +as "localhost" to the server, thus the server +needs to trust the client name +as reported by the client itself, and suppress all errors on resolving +this name to the apparent address. In the server configuration: + +
+[Misc]
+SetClientFromAccept = false
+SeverityLookup = debug
+
+ +Obviously, self-resolving must work on the client machine, otherwise +you are in trouble (see next issue).

+
4.2. The client sends 127.0.0.1 (or some other numerical address) as its name to the log server
+
See 'Client cannot self-resolve' in the 'Most frequently' section

+
4.3. The server wants to send rc.ip-adress rather than rc.fqdn to the client
+
The client self-resolves to its ip address. +See 'Client cannot self-resolve' in the 'Most frequently' section

+
4.4. Cannot resolve client name host=XXX
+
+The server must be able to determine the client name.
+This is because only authenticated connections from registered 
+clients are allowed, and
+the server must be able to check the client hostname against the list of
+allowed hosts, and look up the password verifier for that
+host.
+
+There are two different ways to accomplish this. Unfortunately, judging +from customer feedback as well from common sense, both do not work very well +with a messed up local DNS (including /etc/hosts files) and/or +überparanoid or misconfigured firewalls (in case of connections +across one). +
    +
  • +

    + First method: Determine client name on client, and + try to cross-check on server +

    +

    + This does not work for a number of people because (1) the + /etc/hosts file on the client machine has errors + (yes, there are plenty machines with a completely + messed up /etc/hosts file), (2) the + server cannot resolve the client address because the local DNS is + f***ed up, or (3) the client machine has multiple network interfaces, and + the interface used is not the one the client name resolves to. +

    +

    + If the client uses the wrong interface on a multi-interface machine, + there is a config file option + SetBindAddress=IP address + that allows to choose the interface the client will use for + outgoing connections. +

    +

    + If you want to download the config file from the server, you + should instead use the corresponding command line + --bind-address=IP address + to select the interface. +

    + +

    + If you encounter problems, you may (1) fix your + /etc/hosts file(s), (2) fix your local DNS, or + (3) switch to the second method. +

    +

    + Errors in name resolving/cross-checking can be avoided by setting a + very low severity (lower than the logging threshold), e.g. +

    +

    + SeverityLookup=debug +

    +

    + in the Misc section of the server configuration, + if you prefer running unsafe at any speed + instead of fixing the problem (you have been warned). Doing so will + allow an attacker to pose as the client. +

    +
    • +
  • +

    Second method: Use address of connecting entity as + known to the communication layer

    +

    + This has been dropped as default + long ago because it may not always be the + address of the client machine. + To enable this method, use +

    +

    + SetClientFromAccept=true +

    +

    + in the Misc section of the server configuration + file. If the address cannot be resolved, or reverse lookup of the + resolved name fails, no error message will be issued, + but the numerical address will be used. +

    +
    • +


+
4.5. Cannot resolve socket peer IP for client host=XXX peer=YYY
+
See above

+
4.6. Reverse lookup of socket peer failed host=XXX peer=YYY obj=ZZZ
+
See above

+
4.7. No socket peer alias matches client name host=XXX peer=YYY
+
See above

+
4.8. Session key negotiation failed
+
See the document HOWTO client+server troubleshooting

+
4.9. Invalid connection attempt: Not in client list
+
See the document HOWTO client+server troubleshooting

+
4.10. Invalid connection attempt: Session key mismatch
+
See the document HOWTO client+server troubleshooting

+
4.11. How do I update the file signature database ?
+
If you keep the file signature database on the server, + the database is supposed to be updated on the server, using the + beltane + web-based console (currently in beta) and the + log messages from the client. +

+ Alternatively, you can scp the database + to the client, run samhain -t update -l none --foreground + (you + need to avoid logging because otherwise you will get in conflict with + the running samhain daemon), and then scp the + database back to the server. Actually, with a properly set up + "ssh", using RSA/DSA authentication + and ssh-agent you could write a script to automate this.

+
4.12. Time limit exceeded
+
The respective client for that this message is generated has not + sent anything for some interval of time (default 84600 sec = 1 day). + The interval can be set as follows: +
+        [Misc]
+	# unit is seconds
+        SetClientTimeLimit=NNN
+
+ + This feature has the purpose to detect if a client is dead. You + might want to ensure that timestamps are sent to the server: +
+        [Log]
+	ExportSeverity=mark
+
+ If you don't want to use this feature, set the time limit to some + very large value.

+
4.13. Invalid connection attempt: Signature mismatch
+
Clients sign their messages using a session key negotiated + with the server. The message indicates that the server could + not verify the signature. This may be caused by a running two + instances of samhain on the same client machine, both of them + accessing the server (and negotiating different session keys + ...). The system will recover automatically from the problem + by forcing the failed client to negotiate a fresh session key.

+
4.14. [Server] PANIC .. Address already in use   subroutine=bind
+
The server cannot bind to its port because the port is already used. + Maybe you have accidentially already an instance of the + server running.

+
+

5. Email

+
+
5.1. Reverse lookup failed
+
Fix your DNS (reverse lookup: numerical IP address to FQDN, to verify + FQDN to numerical IP address). +
+Whether "nslookup" works is not very informative, because 
+"nslookup" does not use the resolver library of the operating
+system. Therefore,
+it is not exactly the
+best tool for debugging name resolving problems (see the book
+"DNS and bind").
+


+
5.2. From daemon@example.com
+
samhain fails to resolve the + self-address of the host. +See 'Client cannot self-resolve' in the 'Most frequently' section.

+
5.3. How do I define more than one email addresses ?
+
Use SetMailAddress=... multiple times (upt to eight addresses +are possible, with at most 63 characters per address): +
+[Misc]
+SetMailAddress=aaa@foo.com
+SetMailAddress=bbb@foo.com
+


+
+

6. Misc

+
+
6.1. Error message: "Invalid line XYZ in configuration file"
+
This message indicates that line XYZ in the configuration file contains +an unrecognized directive. The primary reasons are:
+ +(a) The directive should be placed into a particular section of the +configuration file, but the section header is not present (or you forgot +to uncomment it).
+ +(b) Samhain is compiled without support for this directive.
+ +(c) You have a typo in the directive.


+
6.2. Why do I get a local logfile if I log to the server ?
+
Because you can use all log facilities in parallel. You should + switch off in the config file what you don't want/need: +
+        [Log]
+        # local log file
+        LogSeverity=none
+


+
6.3. Why is there no NIS support with a static samhain executable on Linux ?
+
Some functions (including NIS) require + libraries that are only available as shared libraries + with modern GLIBC versions. While you can always compile a static + executable, normally it would still open the shared library at runtime. + As of version 1.8.11, samhain avoids this by providing replacement + functions from uClibc. However, these do not include NIS support.

+
6.4. Why do I get hundreds of messages about modified CTIME ?
+
This happens because some + backup applications reset the atime/mtime timestamps, which causes + the ctime timestamp to be modified (rootkits avoid this by + temporarily resetting the system clock to the original ctime ...). +

+ To fix this problem, read the manual of your backup application, or + redefine the ReadOnly policy to not check + the ctime timestamp: +

+        [Misc]
+        RedefReadOnly=-CTM
+
+
+        Order matters - you must first redefine 
+        ReadOnly before you use it
+


+
6.5. PANIC — File not accessible
+
Most likely permission denied because of unsufficient privileges.

+
6.6. How can I avoid error messages for invalid UIDs (no such user) ?
+
Set SeverityNames to a low value +
+[EventSeverity]
+SeverityNames=debug
+


+
6.7. [Redhat] The /etc/init.d/(samhain|yule) init script hangs
+
Redhat uses "initlog" (see + man initlog) in initscripts. If it hangs, most probably + samhain/yule runs in the foreground rather than as daemon. Set + daemon mode in the configuration file: +
+[Misc]
+Daemon=yes
+


+
6.8. The /etc/init.d/(samhain|yule) init script exits with: execvp: No such file or directory
+
Either the program is not installed, or it is not in the PATH (the one + used by the init script, which may be different from your PATH).

+
6.9. Why am I not receiving the "BEGIN LOGKEY" message by email ?
+
This message (which contains the key to verify the log file) is generated + when logging to the log file starts. It has the severity "ALRT", + thus you should make sure that you have set the logging threshold for + email correctly to receive it.

+
6.10. Why does console logging fail if I compile with + --enable-(micro-)stealth ?
+
The default logging options are more "stealthy". Set the + threshold explicitely rather than relying on the default.

+
6.11. I need a list for my schedule !
+
You can have the same effect with a list of schedules. See the section +"Timing file checks" in the manual.

+
6.12. The hiding kernel module has no effect !
+
Most probably you compiled using the wrong "System.map" file.

+
6.13. What does the message "Large lstat/open overhead" mean ?
+
Your system needs several seconds to proceed from an lstat() system call + to an open() system call. This is a tremenduous overhead, and + indicates that either your system has a really severe performance problem, + or someone tries to slow down samhain.

+
6.14. What does the message "Device not available path=/dev/random" mean ? I have /dev/random !
+
/dev/random blocks unless there is some entropy it can deliver. Samhain + will time out and fall back on /dev/urandom after some seconds to avoid + hanging for a potentially long time. It will try /dev/random again next + time it needs entropy.

+
6.15. Logging to an external program fails; the program receives no data + on stdin !
+
Probably your program is not designed to wait for input, but exits + if reading fails (because there is no data yet). You may want to + let your program wait for the terminating "[EOF]" line.

+
6.16. SIGILL on AIX
+
For each scanned file, samhain needs to + store some information in memory (e.g. to recognize changes that have + already been reported, and avoid duplicate reports). On AIX, if you are + checking a really huge number of files, + memory usage may exceed the default limit of 256 MB, and the process may + terminate with SIGILL. +

+ The problem can be solved by linking with the flag + -bmaxdata:0x80000000. This allows the application to + access up to 8 segments (where each segment is 256MB). +

+ If you are using gcc, you need to use instead + the flag -Wl,bmaxdata:0x80000000, which tells + gcc to pass on the + bmaxdata + flag to the AIX linker. You can use the LDFLAGS environment variable to + pass linker flags to the configure script: +

+     export LDFLAGS="-Wl,bmaxdata:0x80000000"
+


+
+

7. Database

+
+
7.1. Why are client messages corrupted / incompletely stored in the DB ?
+
Because the messages are not in XML format, and therefore incorrectly + parsed. The most frequent reasons are: +
+        1.) Your server is compiled with --enable-xml-log, but your client(s)
+        is/are not.
+
+        2.) In your client or server configuration file, you are using
+        the option for a custom message header, but without paying attention
+        to preserving the XML format.
+


+
7.2. I want / don't want the server timestamps (for client messages) in the SQL database
+
+[Database]
+SetDBServerTstamp = true/false
+
+ + This will enable/disable logging of the server timestamp for client + messages. The server timestamp will be written to a seperate record, + with log_ref set to the value of + log_index of the corresponding client message.

+
7.3. I don't want the client TIMESTAMP messages in the SQL database
+
+     Sending timestamps from the client allows the server to detect if
+     a client is not running anymore (use SetClientTimeLimit=NNN in the
+     [Misc] section of the server config file to set the number of seconds
+     after which the server will issue an error message if no timestamp has
+     been received).
+
+ + However, you might not want to log these timestamps to the database + (or other log facilities). To filter them, you can use two methods + (examples are for the SQL database). + The first + one has the disadvantage that only messages of + severity err or higher will be logged: +
+     [Misc]
+     UseClientSeverity=yes
+
+     [Log]
+     DatabaseSeverity=err
+
+ + The second method is more specific — log everything not + belonging to the STAMP class of messages: +
+     [Misc]
+     UseClientClass=yes
+
+     [Log]
+     DatabaseClass=PANIC RUN FIL TCP ERR ENET EINPUT
+


+
7.4. What does the log_ref field mean ?
+
NULL are client messages. Nonzero integer is a server timestamp + for a client message (where log_ref indicates the log_index entry + number of the corresponding client message). Zero indicates a message + by the server itself (e.g. the server's start message).

+
7.5. How can I check what is in the database ?
+
Use a command line client to login to the database and query it: +
+     sh$ mysql -u <user_name> -p <database_name>
+     Enter password: ****
+     mysql> SELECT log_index,log_ref,log_host,log_sev,log_msg,path FROM <table_name> WHERE entry_status = 'NEW' ORDER BY log_index;
+     ....
+     mysql> \q 
+


+
+
+ +

Copyright (c) 2004 Rainer Wichmann

+ +

This list of questions and answers was generated by +makefaq. + +

+ + Index: /tags/2.5.0/docs/HOWTO-client+server-troubleshooting.html =================================================================== --- /tags/2.5.0/docs/HOWTO-client+server-troubleshooting.html (revision 189) +++ /tags/2.5.0/docs/HOWTO-client+server-troubleshooting.html (revision 189) @@ -0,0 +1,412 @@ + + + +HOWTO client+server troubleshooting + + + +
+

samhain file integrity + scanner | online + documentation

+
+

Samhain client/server: What can go wrong, and how can you fix it ?

+
+
+
+
+
    +
  • Almost all problems can only be diagnosed correctly by checking the + server logs
    • +
  • If the server does not write logs, fix this first. For debugging, + stop the server, then run it in the foreground with + yule -p info --foreground
    • +
+
+

+This document aims to explain how to diagnose and fix common problems that +may result from misunderstanding or misconfiguration when setting up +a client/server samhain system. This document is divided in several sections +more or less corresponding to the different stages when a client +connects to a server. Each section starts with a brief explanation that +should provide a basic understanding of what is going on. +

+

+This document does not discuss how to setup a client/server (for +this, look into the manual and/or the HOWTO-client+server). +

+ +

Table of Contents

+

+Connecting to the server
+Authentication
+Downloading config/database files
+Other connection problems
+

+ +

Connecting to the server

+ +

+Client/server connections are always initiated from the client. The port +is compiled in (there is a configure option to change the default). +The default port is 49777. +

+ +

Problem #1

+

+The client reports: Connection refused. The server reports nothing. +

+

+The server is down, listens on the wrong port, or network failure. +

+ +

Problem #2

+

+The client reports: Connection error: Connection reset by peer, and +later also Session key negotiation failed. The server reports: +msg="Refused connection from ..." subroutine="libwrap". +

+

+The server is compiled with libwrap (TCP Wrapper) support, and the +client is either in /etc/hosts.deny, or you have set yule: ALL +in /etc/hosts.deny, and forgot to put the client in +/etc/hosts.allow. +

+

+To fix: make proper entries in /etc/hosts.allow and/or +/etc/hosts.deny. There is no need to restart/reload the server. +

+ + +

Authentication

+

+The client has a password that is used to authenticate to the server. +This password is located within the binary, and is set with the +samhain_setpwd helper application, as explained e.g. in the +manual or in the Client+Server HOWTO. +

+The server has a list of clients that are allowed to connect, and the +verifiers corresponding to the passwords of these clients. +

+

+Upon successful authentication, client and server will negotiate +a session key that is used for signing further messages +from the client. +

+ +

Problem #1

+ +

+If the password is wrong, the client will report +Session key negotiation failed. The server will +report: Invalid connection attempt: Session key mismatch +

+

+To fix: make sure that the password has in fact been set, that you are +using the correct executable for the client (the one where the password is +set), and that the entry in the server config file is the one generated +for this password (also look out for double entries for this client). +

+ +

Problem #2

+ +

+If the client name (as resolved on the server) is wrong, the client +will report +Session key negotiation failed. The server will +report: Invalid connection attempt: Not in client list, +and it will tell you in the same error message +what name it has inferred for the connecting +client (example): client="client.mydomain.com". +

+

+The fix depends on the nature of the problem. In principle, it should be +sufficient to change the name of the client in the config file entry, which +isn't really a solution if e.g. the server thinks the client is 'localhost'. +

+

+There are two different ways to determine the client name. +Unfortunately, judging +from customer feedback as well from common sense, both do not work very well +with a messed up local DNS (including /etc/hosts files) and/or +überparanoid or misconfigured firewalls (in case of connections +across one). +

+
    +
  • +

    + First method: Determine client name on client, and + try to cross-check on server +

    +

    + This does not work for a number of people because (1) the + /etc/hosts file on the client machine has errors + (yes, there are plenty machines with a completely + messed up /etc/hosts file), (2) the + server cannot resolve the client address because the local DNS is + f***ed up, or (3) the client machine has multiple network interfaces, and + the interface used is not the one the client name resolves to. +

    + +

    + If the client uses the wrong interface on a multi-interface machine, + there is a config file option + SetBindAddress=IP address + that allows to choose the interface the client will use for + outgoing connections. +

    +

    + If you want to download the config file from the server, you + should instead use the corresponding command line option + --bind-address=IP address + to select the interface. +

    + +

    + If you encounter problems, you may (1) fix your + /etc/hosts file(s), (2) fix your local DNS, or + (3) switch to the second method. +

    +

    + Errors in name resolving/cross-checking can be avoided by setting a + very low severity (lower than the logging threshold), e.g. +

    +

    + SeverityLookup=debug +

    +

    + in the Misc section of the server configuration, + if you prefer running unsafe at any speed + instead of fixing the problem (you have been warned). Doing so will + allow an attacker to pose as the client. +

    +
    • +
  • +

    Second method: Use address of connecting entity as + known to the communication layer

    +

    + This has been dropped as default + long ago because it may not always be the + address of the client machine. + To enable this method, use +

    +

    + SetClientFromAccept=true +

    +

    + in the Misc section of the server configuration + file. If the address cannot be resolved, or reverse lookup of the + resolved name fails, no error message will be issued, + but the numerical address will be used. +

    +
    • +
+ + +

Downloading config/database files

+ +

+The client does not tell the server the path to the requested +file - it just requests a config or a database file. It's entirely the +responsibility of the server to locate the correct file and send it. +

+

+The server has a data directory, which by default would be +/var/lib/yule. Here the config/database files should be placed. +

+

+Configuration files: rc.client.mydomain.tld or +simply rc +(this can be used as a catchall file). +

+

+Database files: file.client.mydomain.tld or +simply file +(this can be used as a catchall file). +

+ +

Problem #1

+ +

+If the server cannot access the configuration (or database) file, either +because it does not exist or the server has no read permission, the +client will report File download failed. The server will +report: File not accessible, and it will tell you in the +same report the path where it would have expected the file (example): +path="/var/lib/yule/rc.client.mydomain.com" +

+

+To fix: put the file in the correct location, make sure the permissions +are ok. +

+ + +

Other connection problems

+ +

+The server has a table with client names and their session keys. If +another client process accesses the server from the same host, +it will negotiate a fresh session key for that host. As a consequence, +the session key of the first client process will become invalid. +

+

+Also, the server keeps track of the status of a client. If a client +process does not announce its termination to the server, the server +will not expect a startup message, and issue a warning for any +such message. +

+ +

Problem #1

+ +

+The client reports: Invalid connection state. The server reports: +Invalid connection attempt: Signature mismatch. This is a sign that +a client has tried to connect using an invalid session key. Most probably, +another instance of the client is/was started on the respective host. +

+

+To fix: if you need to have concurrent access to the server, +suspend the first process with SIGUSR2 before starting the second. Use +SIGUSR2 again to wake up the first process. Give the process a second or two +to return into the main event loop and go into suspend mode. Do not just use +SIGSTOP/SIGCONT: it is important that the client tells the server that +it will go into suspend. +

+ +

Problem #2

+ +

+The server reports: +Restart without prior exit for a client. +This is a sign that +a client has re-started without informing the server about a previous +termination. +

+

+This would happen if the client was killed with SIGKILL, or if it terminated +within the routine to send a message to the server (the routine is +not re-entrant). You may want to investigate messages logged via another +logging facility (e.g. the client's local logfile). Of course it may +also be a segfault, which would be reported via syslog. +

+ +
+ + Index: /tags/2.5.0/docs/HOWTO-client+server.html =================================================================== --- /tags/2.5.0/docs/HOWTO-client+server.html (revision 189) +++ /tags/2.5.0/docs/HOWTO-client+server.html (revision 189) @@ -0,0 +1,441 @@ + + + +HOWTO client+server + + + +
+

samhain file integrity + scanner | online + documentation

+
+

Setting up a client/server samhain system

+
+
+
+

+This document aims to explain how to set up a client/server +samhain system, where the client (samhain) runs on one machine to be +monitored, and sends reports via TCP/IP to a remote server (yule). +

+

+Please note: the server (yule) does not perform any filesystem and/or +kernel checks. If you want to perform such checks on the log server host, +you need to run a samhain client on this host as well. +

+

+Client and server are +distict applications, and must be +built seperately. By default, installation names and paths (e.g. +the configuration file) are +different. Do not blame us if you abuse './configure' options to +cause name clashes, if you install both on the same host. +

+ +

Introduction

+

+Samhain can be compiled for remote logging to a central server via a +secure (AES-encrypted, signed, and authenticated) TCP/IP connection. +

+In addition, both the client configuration file and the file signature +database can be stored on the server. The client will then pull them from +the server upon startup. +

+This requires three basic steps: +

+
    +
  1. +compile and install server and client, +
    2. +
  2. +establish trust between client and server, and +
    3. +
  3. +enable remote logging in the client's configuration file. +
    4. +
+ + +

Compiling

+ +

The server - yule

+ +

+Note: the server can be started with root privileges (e.g. to use +a privileged port < 1024), but it will always +drop root privileges irrevocably +before accepting any connections, and run as a non-root user. This user +can be specified explicitely with the configure +option --enable-identity=USER. The default is +the first existing user +out of the list yule, daemon, nobody. +

+ +
+
+bash$ ./configure --enable-network=server
+bash$ make
+bash$ make install
+
+
+ +

The client - samhain

+ + +
    +
  • +

    + If you just want remote logging: +

    +    ./configure --enable-network=client + --with-logserver=server.example.com +

    +
    • +
  • +

    + If you want configuration and database files on the server: +

    +    ./configure --enable-network=client + --with-logserver=server.example.com \
    +         --with-config-file=REQ_FROM_SERVER/etc/samhainrc \
    +         --with-data-file=REQ_FROM_SERVER/var/lib/samhain/samhain_file     +

    +
    • +
+

+The path after the keyword REQ_FROM_SERVER has the following meaning: +

    +
  • for the configuration file: +
      +
    • if initializing, and the connection to the server + fails, samhain will fall back on the local file (if given); +
      • +
    • if in check mode, it is ignored. Samhain will + abort if the connection to the server fails. +
      • +
    + Thus, the local path allows you to initialize the database from a local + configuration file before the client is known to the server. +
    • +
  • for the database file: +
      +
    • if initializing, the database is written to the local file; +
      • +
    • if in check mode, the local path is ignored. Samhain will + abort if the connection to the server fails. +
      • +
    + Thus, init (or update) always requires a local file that + must be uploaded to the server thereafter. Note that if you + use the Beltane web-based frontend, database updates can be performed + on the server without ever running an update on the client. +
    • +
+ +

Establishing trust between client and server

+ +

+By default, samhain uses the SRP (Secure Remote Password) protocol, +with a password that is embedded in the client binary, and a +corresponding verifier that is in the server configuration file. +

+ +

Embedding the password in the client, and register it with the server

+ +

+To embed the password in the binary, there is a dummy password compiled +in as placeholder, and a utility samhain_setpwd is provided that +

+ +
    +
  1. + takes a password as input, +
    2. +
  2. + searches the original binary for the + correct place (i.e. the placeholder), and +
    3. +
  3. + writes a copy of the original binary, with the placeholder replaced + by the password. The original is left untouched. The copy cannot + be changed to another password anymore. +
    4. +
+ + +

+For convenience, the server has functions to +

+ +
    +
  • +

    +generate a random password in the correct format: +

    +   sh$ yule -G +

    +
    • +
  • +

    +and generate a corresponding entry for the +server configuration file: +

    +    sh$ yule -P PASSWORD. +

    +

    • +
  • +The generated entry has a string 'HOSTNAME' that you should +replace with the fully qualified name of the client. This entry must +then be placed in the [Clients] section of the yule configuration +file (e.g. /etc/yulerc). +
    • +
  • +Finally, you need to tell yule to reload the configuration (send SIGHUP, +or use /etc/init.d/yule reload). +
    • +
+ + +

Example

+ +
+
+rainer$ ./samhain_setpwd
+
+Usage: samhain_setpwd <filename> <suffix> <new_password>
+
+   This program is a utility that will:
+    - search in the binary executable <filename> for samhain's
+      compiled-in default password,
+    - change it to <new_password>,
+    - and output the modified binary to <filename>.<suffix>
+
+   To allow for non-printable chars, <new_password> must be
+   a 16-digit hexadecimal number (only 0-9,A-F allowed in input),
+   thus corresponding   to an 8-byte password.
+
+   Example: 'samhain_setpwd samhain new 4142434445464748'
+   takes the file 'samhain', sets the password to 'ABCDEFGH'
+   ('A' = 41 hex, 'B' = 42 hex, ...) and outputs the result
+   to 'samhain.new'.
+
+rainer$ yule -G
+5B5CDF18CE8D66A3
+
+rainer$ ./samhain_setpwd samhain new 5B5CDF18CE8D66A3
+INFO   old password found
+INFO   replaced:  f7c312aaaa12c3f7  by:  5b5cdf18ce8d66a3
+INFO   finished
+
+rainer$ scp ./samhain.new root@client.example.com:/usr/local/sbin/samhain
+samhain              100% |********************************|   592 KB    00:00
+
+rainer$ yule -P 5B5CDF18CE8D66A3
+Client=HOSTNAME@8A542F99C3514499@744C3A3EE8323470D9DAD42E2485BD0B138F6B4116E964\
+A9991A0B0D221E1AADE5800968804B99B494C39E7B9DD5710D18F1E6703D1DB6D6393295E05DF6A\
+6AA8D10BB4A21D7D9DC4901D444500D4EA358C1B44A3E3D44ACEC645F938F790A11AB0D03586143\
+977E2BCE3A2D689445AC89134B409E68F34B0DE8BD8242ADD7C0
+
+rainer$ yule -P 5B5CDF18CE8D66A3 | sed s%HOSTNAME%client.example.com% >> /etc/yulerc
+
+rainer$ tail -2 /etc/yulerc
+[Clients]
+Client=client.example.com@8A542F99C3514499@744C3A3EE8323470D9DAD42E2485BD0B138F
+6B4116E964A9991A0B0D221E1AADE5800968804B99B494C39E7B9DD5710D18F1E6703D1DB6D6393
+295E05DF6A6AA8D10BB4A21D7D9DC4901D444500D4EA358C1B44A3E3D44ACEC645F938F790A11AB
+0D03586143977E2BCE3A2D689445AC89134B409E68F34B0DE8BD8242ADD7C0
+
+rainer$ /etc/init.d/yule reload
+
+
+ +

+Note 1: the verifier Client=client.example.com@..... must be +in the [Clients] section of the server configuration file. It is +convenient if this is the last section in the config file, because then +you can just concatenate the output of yule -P PASSWORD to the +configuration file. This allows for better automatisation with a simple +script. +

+

+Note 2: samhain comes with a deploy system that handles +the deployment of clients, including password embedding and server +configuration, in a semi-automatic way. +This deploy system is tested and used in a production system +of more than 50 machines, and described in detail in Chapt. 10 of the MANUAL. +

+ +

Enabling remote logging

+

+Samhain has multiple independent logging facilities (such as a local logfile, +syslog, e-mail, TCP/IP, etc.) that can be used +in parallel. You therefore have to specify in the client's configuration +file, which logging facility you want to use. +

+

+Selecting logging facilities is done by setting appropriate thresholds +in the [Log] section of the configuration file: each +message with a priority exceeding +the threshold will be logged via the respective facility. Setting +the threshold to none will disable a facility. For details, +refer to Chapt. 4 in the MANUAL. +

+

Example

+

+To enable remote logging to the server for all messages of +priority error or higher, use the following directive in the +client configuration file: +

+
+
+[Log]
+ExportSeverity=err
+
+
+ + +

Databases and config files on the server

+ +

+The client does not tell the server the path to the requested +file - it just requests a config or a database file. It's entirely the +responsibility of the server to locate the correct file and send it. +

+

+The server has a data directory, which by default would be +/var/lib/yule, but depends on your compile options. +

+

+Config files and baseline databases for clients must be located +in this directory, and they must be named as follows: +

+

+Configuration files: rc.client.mydomain.tld or +simply rc +(this can be used as a catchall file). +

+

+Database files: file.client.mydomain.tld or +simply file +(this can be used as a catchall file). +

+
+ + Index: /tags/2.5.0/docs/HOWTO-samhain+GnuPG.html =================================================================== --- /tags/2.5.0/docs/HOWTO-samhain+GnuPG.html (revision 189) +++ /tags/2.5.0/docs/HOWTO-samhain+GnuPG.html (revision 189) @@ -0,0 +1,415 @@ + + + +HOWTO samhain+GnuPG + + + +
+

samhain file integrity + scanner | online + documentation

+
+

Using samhain with GnuPG

+
+
+
+

+This document aims to explain how to use samhain with signed configuration +and database files which are checked by invoking GnuPG. +

+

Introduction

+

+Samhain can be compiled to recognize PGP signatures on configuration and +database files and to invoke GnuPG in order to check such signatures. +(Note: while the application usually is referred to as GnuPG, +the executable itself is called gpg). +

+

+If samhain is compiled with this option, then +

+ +
    +
  1. +both the configuration file +and the file signature database must be signed, and +
    2. +
  2. +for both files the signatures must verify correctly, +
    3. +
  3. +otherwise samhain will abort. +
    4. +
+ + +

Prerequisites

+
    +
  • +

    +Obviously you need gpg (GnuPG), and you must +have created a key pair with: +

    +   gpg --gen-key +

    +(it does not really matter which type of key, the defaults are ok). +

    +GnuPG uses a public-key algorithm: the key pair consists of +

    +
      +
    • +a secret key that is +used for signing and stored in ~user/.gnupg/secring.gpg, and +
    • +a public key used for verifying the signature, and stored in +~user/.gnupg/pubring.gpg. +
      • +
    +

    +The secret key obviously should be +kept secret, while the public key can be published. +

    +
    • +
  • +

    +You need to compile samhain with support for GnuPG: +

    +   ./configure --with-gpg=/path/to/gpg [more options] +

    +

    • +
+ +

+Note 1: If compiled with support for GnuPG, +the TIGER192 checksum of the gpg +executable will be compiled into samhain, and the gpg executable will +be checksummed (to verify its integrity) before invoking it. If you +don't like this, you should add the configure option: +

+   --with-checksum=no +

+
+

+Compiling in the GnuPG checksum will tie the samhain executable to +the gpg executable. If you upgrade GnuPG, you will need to re-compile +samhain. If you don't like this, use '--with-checksum=no'. +

+
+

+Note 2: The mere fact that the signature +is correct does not prove that it has been signed by you with +your key - it just proves that it has been signed by somebody. +Samhain can optionally check the fingerprint of the key that has been +used to sign the files, to verify that your key has been used +to sign the file(s). To enable this, use the configure option +

+   --with-fingerprint=FINGERPRINT +

+where FINGERPRINT is the hexadecimal fingerprint of the key as listed +with +

+   gpg --fingerprint +

+ +

Example

+ +
+
+rainer$ gpg --fingerprint rainer
+pub  1024D/0F571F6C 1999-10-31 Rainer Wichmann
+     Key fingerprint = EF6C EF54 701A 0AFD B86A  F4C3 1AAD 26C8 0F57 1F6C
+uid                            Rainer Wichmann
+sub  1024g/9DACAC30 1999-10-31
+
+rainer$ which gpg
+/usr/bin/gpg
+
+rainer$ ./configure --with-gpg=/usr/bin/gpg --with-fingerprint=EF6CEF54701A0AFDB86AF4C31AAD26C80F571F6C
+
+
+ +

Signing the files

+

+The configuration file and the +file signature database +(created by running samhain -t init) must be signed manually +using the command: +

+   gpg -a --clearsign --not-dash-escaped /etc/samhainrc
+   mv /etc/samhainrc.asc /etc/samhainrc +

+Gpg will create a signed copy of the file, +named file.asc. +You need to rename (cp/mv) this signed copy +to the original filename. +After signing the configuration file, you can initialize the database +and sign it likewise. +

+

+Note 1: The installation script will ask you to +sign the configuration file upon installation. +

+Note 2: The gpg option --not-dash-escaped +does not harm if used with the +configuration file, but is only required for the +file signature database. +

+ +

TIP

+

+ In the subdirectory scripts/ of the source directory you will find + a Perl script samhainadmin.pl to facilitate some + tasks related to the administration of signed configuration and + database files (e.g. examine/create/remove signatures). + Use with --help to get usage + information. +

+ +

CAVEAT

+

+ When signing, the option --not-dash-escaped is + recommended, because otherwise the database might get corrupted. + However, this implies that after a database update, + you must remove the old signature first, before + re-signing the database. Without 'dash escaping', + gpg will not properly handle the old signature. + See the tip just above. +

+ +

Example

+ +
+
+root# gpg -a --clearsign --not-dash-escaped /etc/samhainrc
+
+You need a passphrase to unlock the secret key for
+user: "Rainer Wichmann"
+1024-bit DSA key, ID 0F571F6C, created 1999-10-31
+
+root# mv  /etc/samhainrc.asc /etc/samhainrc
+root# samhain -t init
+root# gpg -a --clearsign --not-dash-escaped /var/lib/samhain/samhain_file
+
+You need a passphrase to unlock the secret key for
+user: "Rainer Wichmann"
+1024-bit DSA key, ID 0F571F6C, created 1999-10-31
+
+root# mv /var/lib/samhain/samhain_file.asc /var/lib/samhain/samhain_file
+root# samhain -D -t check
+
+
+ +

Make samhain verify the signature

+

+This is the part where some people run into problems. The point is, +when gpg is invoked by samhain, it must find the public key +needed for verification. Gpg expects public keys in a file +located at ~user/.gnupg/pubring.gpg where ~user +is the home directory of the user as that gpg is running. +

+It is therefore crucial to include the public key corresponding +to te secret key used for signing into the correct pubring.gpg +file (this file can hold many public keys, e.g. of people sending you +emails signed by them). +

+So which is the correct file? Here we have to consider two seperate +cases: +

+
    +
  1. The client (or standalone) samhain daemon runs with UID 0 (i.e. root), +thus the public key must be in ~root/.gnupg/pubring.gpg +
    2. +
  2. +The server (yule) always drops root privileges (if started with), and +runs as a non-root user. The username to use is compiled in, +either with the configure option --enable-identity=USER, +or by default as determined by configure (the first existing user +out of the list yule, daemon, nobody). Thus, the public key +must be in ~root/.gnupg/pubring.gpg (for startup) and +in ~non_root_user/.gnupg/pubring.gpg (for reload with SIGHUP). +
    3. +
+

+To import a public key into the public +keyring (pubring.gpg) of another user, you can do: +

+   gpg --export KEY-ID > filename
+   su another_user
+   gpg --import filename +

+

+Note: samhain will invoke gpg with the options: +

+   --status-fd 1 --verify --homedir /homedir/.gnupg --no-tty - +

+and pipe the configuration/database file into gpg, similar to: +

+cat filename | /usr/bin/gpg --status-fd 1 --verify --homedir /root/.gnupg --no-tty - +

+(of course samhain does not invoke cat, or the shell; the example above +just shows how to do the same from the shell command prompt). +

+ +

Example for signature check

+

+If you want to check the signature the same way samhain does, it should look +like (note the GOODSIG and VALIDSIG keywords in the output): +

+
+
+root# cat /etc/samhainrc | gpg --status-fd 1 --verify --homedir /root/.gnupg --no-tty -
+gpg: Signature made Sat Mar 15 16:08:21 2003 CET using DSA key ID 0F571F6C
+[GNUPG:] SIG_ID 9hQvRhgjWLqyFzVOHi2b0uDmBFo 2003-03-15 1047740901
+[GNUPG:] GOODSIG 1AAD26C80F571F6C Rainer Wichmann
+gpg: Good signature from "Rainer Wichmann"
+gpg:                 aka "Rainer Wichmann"
+[GNUPG:] VALIDSIG EF6CEF54701A0AFDB86AF4C31AAD26C80F571F6C 2003-03-15 1047740901
+[GNUPG:] TRUST_ULTIMATE
+
+
+ +

Troubleshooting

+

+First and foremost, run samhain (or yule) from the command line, in non-daemon +mode, and with the command-line option -p debug for debug-level +output. This will print +descriptive information on setup errors and/or relevant output from +the GnuPG subprocess. +

+

+Output from the GnuPG subprocess is marked by [GNUPG:], and +may show the following errors: +

+ +
    +
  • ERRSIG and/or NO_PUBKEY indicates that gpg did not find + the public key to verify the signature. You should import that key + into the keyrings of root and (for yule additionaly) the yule user. +
    • +
  • BADSIG indicates that the public key was found by gpg, but + the signature is invalid. Either the file has been modified after + signing, or a previous signature has not been removed. +
    • +
  • NODATA indicates that there is no signed data, i.e. the + configuration or database file is not signed at all. +
    • +
+
+ + Index: /tags/2.5.0/docs/HOWTO-samhain-on-windows.html =================================================================== --- /tags/2.5.0/docs/HOWTO-samhain-on-windows.html (revision 189) +++ /tags/2.5.0/docs/HOWTO-samhain-on-windows.html (revision 189) @@ -0,0 +1,445 @@ + + + +HOWTO Samhain on Windows + + +
+

samhain file integrity + scanner | online + documentation

+
+

Using Samhain on Windows

+
+
+
+

+This document aims to explain how to compile and run +samhain on Windows with the +Cygwin POSIX emulation layer, and how to install it as a service. +These instructions have been written by Kris Dom, +who has tested this on WinXP Professional, with additions by Geries Handal +and Jorge Morgado. +

+
+

Interix / Services For UNIX

+

+Samhain can also be used with Interix/SFU 3.5. Note that in Interix, +the Windows +filesystem is referred as /dev/fs/C, while in Cygwin it +is /cygdrive/c (both refers to the C: drive; other drives +are analogous). +

+Older versions of samhain would need to be built with +./configure --disable-mail (i.e. without support for email +logging) because Interix does not provide some of the required functionality +to build the email module. This issue should be fixed as of samhain +version 2.0.7 (not tested).
+[Based on information kindly provided by Geries Handal]. +

+
+ +

Cygwin installation procedure to compile samhain

+ +

Cygwin download

+ +
    +
  • +Make a temporary directory to store cygwin installer (e.g. c:\temp\cygwin) +
    • +
  • +Surf to http://www.cygwin.com +to download cygwin +
    • +
  • +Use the "install or update now (using setup.exe)" to +download the installer in c:\temp\cygwin +
    • +
  • +Execute "setup.exe" in c:\temp\cygwin +
    • +
  • +Choose the "download from the Internet" option +
    • +
  • +Choose "c:\temp\cygwin" as 'Local Package Directory' +
    • +
  • +Choose an FTP site +
    • +
  • +Click on 'Default' just after 'All' to change the installation type +from 'Default' to 'Install'. This will most likely install way too much +stuff but I am not familiar with Cygwin, so this way I know that all libs and +compilers are installed. +
    • +
  • +Let it download the stuff (there is a lot to download so be patient). +
    • +
+
+

+You don't need to download and install All packages. It is enough to keep +the Default and then add the following additional packages: +

+

+ Category Devel -> gcc: C compiler upgrade helper
+ Category Devel -> make: The GNU version of the 'make' utility
+ Category Libs -> minires: A simple synchronous non caching stub resolver
+

+

+When selecting these packages, Cygwin installer will automatically add +other packages based on their dependencies. +The package minires is only necessary for a minimal Cygwin installation +(below). [Kindly pointed out by Jorge Morgado]. +

+
+ +

Cygwin installation

+ +
    +
  • +When the download is complete you have the Cygwin software in the +temporary directory, however, it still needs to be installed. +
    • +
  • +To install, execute the "setup.exe" in "c:\temp\cygwin" +
    • +
  • +Choose the "Install from local directory" option. +
    • +
  • +Choose "C:\Cygwin" as root directory (this will be the Unix '/') +
    • +
  • +Choose the Local Package Directory: "c:\temp\cygwin" +
    • +
  • +Click on 'Default' just after 'All' to change the installation type +from 'Default' to 'Install'. +
    • +
  • +Let it install Cygwin (this will take some time so be patient). +
    • +
+ +

Samhain install procedure (used 'samhain 1.8.7a' in this procedure)

+

+(in the following procedure I use my personal preferences) +

+ +
    +
  • +Start up Cygwin using the "Cygwin" icon on the desktop (a classic +Unix environment will be started). +
    • +
  • +Download the 'samhain' gzip/tar (I always put in my home directory) +
    • +
  • +Make directories to install samhain (taking into account the configure +options):
    +   $ mkdir /usr/local/sbin
    +   $ mkdir /usr/local/var
    +   $ mkdir /usr/local/log
    +   $ mkdir /usr/local/tmp
    +
    • +
  • Go to the home directory:
    +   $ cd $HOME +
    • +
  • Un-gzip and untar the samhain package:
    +   $ gunzip samhain-1.8.7a.tar.gz
    +   $ tar xvf samhain-1.8.7a.tar
    +
    • +
  • Go to the samhain directory:
    +   $ cd samhain-1.8.7a
    +
    • +
  • Configure:
    +   $ ./configure --enable-xml-log=yes --with-tmp-dir=/usr/local/tmp --with-config-file=/usr/local/etc/samhainrc --with-log-file=/usr/local/log/samhain.log --with-pid-file=/usr/local/var/samhain.pid --with-state-dir=/usr/local/var
    +
    • +
  • Make the binary:
    +   $ make
    +
    • +
  • Install samhain:
    +   $ make install
    +
    • +
  • Now configure the "/usr/local/etc/samhainrc" file.
    +Remember: "C:\" -> "/cygdrive/c/" +
    • +
  • Initialize the samhain local baseline database:
    +   $ /usr/local/sbin/samhain -t init
    +
    • +
  • Start it up:
    +   $ /usr/local/sbin/samhain -t check
    +
    • +
+ + +

Cygwin minimal installation procedure to run samhain

+ +
    +
  • +Files needed to create a service (from NT/W2K Resource Kit): +
      +
    • + instsrv.exe +
      • +
    • + srvany.exe +
      • +
    +
    • +
  • +First copy these files to the "%winnt%\system32" directory. +
    • +
  • +Files needed to run the 'samhain.exe'. Copy the following .dll from the +Cygwin setup (c:\Cygwin\bin) to the "%winnt%\system32" directory: +
      +
    • + cygwin1.dll +
      • +
    • + cygminires.dll +
      • +
    +
    • +
  • +Files needed from c:\Cygwin\bin to create the /etc/passwd and /etc/group files: +
      +
    • + mkpasswd.exe +
      • +
    • + mkgroup.exe +
      • +
    +

    +To generate these files on a minimal Cygwin installation execute - on a +Windows Command Prompt: +

    +   mkdir c:\etc
    +   path\to\mkpasswd.exe -l > c:\etc\passwd
    +   path\to\mkgroup.exe -l > c:\etc\group +

    +IMPORTANT NOTE: You should re-create these two files, each time the +Windows users and groups accounts database changes. Failing to do this +might generate critical log messages (depending on your configuration +file). +

    +
    • +
  • +Create a directory structure for samhain (following the compilation options +you used)
    +   - in a DOS box (or via Windows Explorer)
    +   mkdir c:\usr
    +   mkdir c:\usr\local
    +   mkdir c:\usr\local\sbin
    +   mkdir c:\usr\local\var
    +   mkdir c:\usr\local\tmp
    +   mkdir c:\usr\local\log
    +   mkdir c:\usr\local\etc
    +
    • +
  • +Use the "instsrv.exe" binary to create a new service:
    +   instsrv.exe samhain c:\windows\system32\srvany.exe
    +   (this will create a service called "Samhain" that will +start the "srvany.exe" process). +
    • +
  • Now edit the registry to change the startup parameters for the newly +created service: +
      +
    • regedit
      • +
    • HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Services->Samhain
      • +
    • Add a String value (type: REG_SZ called: "Description") under the 'Samhain' key
      • +
    • Open the newly created "Description" value and fill in a description for the 'Samhain' service
      • +
    • Add a key to specify what file the "srvany.exe" process must start:
      +    Edit->New->Key called "Parameters" +
      • +
    • Under the newly created "Parameters" key, add a new String + value called "Application".
      +    The value for "Application" + should be "c:\usr\local\sbin\samhain.exe".
      • +
    +
    • +
  • +Make sure that in the "samhainrc" file, you have used +"/cygdrive/c" to refer to "c:" +
    • +
  • +Initialize the samhain baseline database first:
    +   c:\usr\local\sbin\samhain -t init
    +
    • +
  • +Reboot (it is Windows so ...) +
    • +
+

+Also see http://support.microsoft.com/kb/q137890/ for information regarding the creation of a +user-defined service. +

+

+Note: the first time I tried to install samhain as an NT service, I first +installed a default Cygwin on the system. This however made things much more +complex. I think when there is no Cygwin installed, it is more easy to install +Samhain as a service. +

+ + +

Troubleshooting samhain

+ +

+[Tip from Jorge Morgado] If you, like me, have a Windows server not part of any domain and (for +security reasons) you even turn off DNS resolution, you might probably get +the following error when initializing the baseline database: +

+
+  ---------   sh_unix.c  ---   1487 ---------
+  According to uname, your nodename is yourcomputername, but your resolver
+  library cannot resolve this nodename to a FQDN.
+  Rather, it resolves this to yourcomputername.
+  For more information, see the entry about self-resolving under
+  'Most frequently' in the FAQ that you will find in the docs/ subdirectory
+  ----------------------------------------------
+
+

+To fix this problem open the Registry Editor and create the following +entries under the key +HKLM\System\CurrentControlSet\Services\Tcpip\Parameters +

+

+ +Name: Domain
+Type: REG_SZ
+Data: your.domain.name + +

+ +Name: NV Domain
+Type: REG_SZ
+Data: your.domain.name + +

+The NV Domain registry value contains the computer's primary DNS suffix +while the Domain registry value contains the computer's primary DNS +domain. This will make the warning message go away. +

+
+ + Index: /tags/2.5.0/docs/HOWTO-write-modules.html =================================================================== --- /tags/2.5.0/docs/HOWTO-write-modules.html (revision 189) +++ /tags/2.5.0/docs/HOWTO-write-modules.html (revision 189) @@ -0,0 +1,771 @@ + + +HOWTO Write Samhain Modules + + + +
+

samhain file integrity + scanner | online + documentation

+
+

Writing modules for samhain

+
+
+
+

+This document should help anyone who is sitting down to write a module +for the samhain host intrusion detection system. We give an overview +of samhain's structure from the point of view of the module author, +and describe some of the samhain utility and interface functions +available. Lastly, we explain how to integrate your module into the +samhain autoconf build tools. +

+

Introduction

+

+Samhain is a rather useful file integrity and host intrusion detection +system. It is written entirely in C, and much care has been given to +making it robust and secure. Additionally, it has been written with +extensibility in mind, and so interfaces for adding user-contributed +modules have been provided. A module author can easily extend the +configuration file syntax and have his checking code run on a regular +basis as one of samhain's internal checks. +

+ +

Prerequisites

+

+You'll need to know how to read and write C. You'll need the latest +source for samhain. You'll need to have read all of samhain's other +documentation. Finally, if you want to make your module build as part +of the samhain tree (you do), you'll need GNU's autoconf package. +

+

An overview of samhain's execution

+

+Here's what happens when samhain starts: +

    +
  • + Check if samhain has been called with one of the "init.d" type + commands - start, stop, reload, status. If so, these are handled + as you might expect. Nice feature. +
    • +
  • + Initialise all global structures and parse command-line options. +
    • +
  • + Read the configuration file. This is handled in sh_readconf_read(). + This includes attempting to download the file if samhain has been + compiled to do so. +
    • +
  • + Drop privileges if server. +
    • +
  • + Test the checksum on the database if client or standalone. +
    • +
  • + Now test if samhain has been compiled as a client or a server. +
      +
    • + If server, enter server main loop sh_receive() in + sh_forward.c. This is simple enough; apart from checks for + signals received, the server just accepts incoming + connections, verifies that they are from an authorised + client, and logs the message received. +
      • +
    • + If client or standalone, we run the rest of main() in + samhain.c, which follows: +
      • +
    +
    • +
  • + Initialise modules - that is, call the mod_init() function on each + module. Note that if the module intialisation routine returns a + nonzero value, you should also have it free anything that's been + allocated by the configuration file reading functions, since this + method is always called after an sh_readconf_read(), i.e. when the + configuration file is re-read after a SIGHUP. +
    • +
  • + Test the setup that's been read from the configuration - for example, + check if any files or directories have been defined twice. +
    • +
  • + Enter the main loop (which runs just once if samhain is not + configured as a daemon). Test if any signals have been received, + and handle them appropriately: +
      +
    • + On reconfiguration (SIGHUP), clear internal file lists etc. + and call the mod_reconf() function on each module. This should + clean up anything internal to the module before the + configuration file is re-read. Then read the configuration + file again and set things up as before, including a new call + to mod_init(). +
      • +
    • + On SIGIOT (SIGABRT), shut down the log-file for a moment + to allow for rotation. +
      • +
    • + On SIGQUIT, terminate. Note that any call to exit() will + invoke the exit_handler() defined in samhain.c; the first + thing this does is to call mod_cleanup() on all modules. + Then it cleans up everything else in samhain and exits. +
      • +
    • + On SIGUSR1 turn toggle debugging on/off. +
      • +
    • + On SIGUSR2 suspend the daemon an notify the server to + allow a second instance of samhain downloading its + configuration file without triggering an alert (restart + without exit) on the server. +
      • +
    +
    • +
  • + If it's time to check files, check directories and then files, and + then flush the mail queue. +
    • +
  • + Execute modules. For each module, if mod_timer(tcurrent) returns a + nonzero value, then execute mod_check(). +
    • +
  • + Do various maintenance operations such as logging a timestamp/sending + some mail if it's time, seeding/re-seeding the PRNG, etc. +
    • +
+You'll note that in the text above I refer to a couple of module +functions - mod_init(), mod_check(), etc. These are function pointers +that act as hooks for attaching modules to samhain. Next we'll +describe how they are used. +

+ +

Samhain's module interface

+

+Here we'll describe the interface samhain provides to module authors. +

+ +

The module list

+

+In sh_modules.h, the following structure is defined: +

+
+
+typedef struct mod_type
+{
+  /* The name of the module                                    */
+  char * name;      
+
+  /* Set by samhain to 1 on successful initialization, else 0  */
+  int    initval; 
+
+  /* The initialization function. Return 0 on success.         */
+  int (* mod_init)    (void);  
+                             
+  /* The timer function. Return 0 if NOT time to check.        */
+  int (* mod_timer)   (unsigned long tcurrent); 
+
+  /* The check function. Return 0 on success.                  */
+  int (* mod_check)   (void); 
+
+  /* The cleanup function. Return 0 on success.                */
+  int (* mod_cleanup) (void);
+
+  /* The preparation for reconfiguration. Return 0 on success. */
+  int (* mod_reconf) (void);
+
+  /* Section header in config file                             */
+  char * conf_section; 
+
+  /* A table of key/handler_function for config file entries   */
+  sh_rconf * conf_table; 
+
+} sh_mtype;
+
+ +

+This is the structure used to hook modules into samhain. There is a +list of these structures (modList), defined in sh_modules.c, +containing pointers to the functions to be used for each module +compiled into samhain. For example, +

+ +
+
+sh_mtype modList[] = {
+#ifdef SH_USE_UTMP
+  {
+    N_("UTMP"),
+    0,
+    sh_utmp_init,
+    sh_utmp_timer,
+    sh_utmp_check,
+    sh_utmp_end,
+    sh_utmp_null,
+
+    N_("[Utmp]"),
+    sh_utmp_table,
+  },
+#endif
+
+

+is the beginning of that table. The author of the sh_utmp module has +initialised the structure with the name of the module (note that N_() +is just a macro used to delimit strings here), a 0 to signify that the +module has not yet been initialised, and then pointers to _init(), +_timer(), _check(), _cleanup() and _reconf() functions for the +module. Finally, the last two structure elements are for configuration +file parsing: the first is the section heading in the configuration +file for this module, and the second is a table of type +

+ +
+
+typedef struct rconf
+{
+  char * the_opt;
+  int (*func)(char * opt);
+} sh_rconf;
+
+ +

+(also defined in sh_modules.h). This structure is for storing options +for this module to be found in the configuration file, as well as the +functions that will be used to parse them when found. In the sh_utmp +example above, we can see that this table has been set to +sh_utmp_table - this is a reference to a list of the Utmp module's +configuration options declared in sh_utmp.h. It should be clear now +that one of the changes you will need to make to samhain's source +files is to include your header file in sh_modules.c and add a modList +entry like the above. +

+ +

+For a description of when during samhain's execution these various +module hooks are called, see the overview above. It would likely be +helpful to you now to read through the source for one of the modules +provided with samhain and see the above actually implemented. You +should also be able to use one of these modules as a template for your +own. +

+ +

The message catalogue

+ +

+Most module authors will want to log messages in their own specified +format; samhain stores all of its message formats in a "messages +catalogue" found in sh_cat.h and sh_cat.c. For example, for the +sh_suidchk module we find the following entries in sh_cat.h, as part +of an enum: +

+ +
+
+#ifdef SH_USE_SUIDCHK
+ MSG_SUID_POLICY,
+ MSG_SUID_FOUND,
+ MSG_SUID_STAT,
+ MSG_SUID_SUMMARY,
+#endif
+
+ +

+Correspondingly in sh_cat.c we find +

+ +
+
+#ifdef SH_USE_SUIDCHK
+  { MSG_SUID_POLICY, SH_ERR_SEVERE,  RUN,   N_("msg=\"POLICY SUIDCHK  %s\" path=\"%s\"") },
+  { MSG_SUID_FOUND,  SH_ERR_INFO,    RUN,   N_("msg=\"Found suid/sgid file\" path=\"%s\"") },
+  { MSG_SUID_STAT,   SH_ERR_ERR,     ERR,   N_("msg=\"stat: %s\" path=\"%s\"") },
+  { MSG_SUID_SUMMARY,SH_ERR_INFO,    RUN,   N_("msg=\"Checked for SUID programs: %ld files, %ld seconds\"") },
+#endif
+
+

+as part of the table msg_cat[] of type cat_entry: +

+
+
+typedef struct foo_cat_entry {
+  unsigned long id;
+  unsigned long priority;
+  unsigned long class;
+  char *        format;
+} cat_entry;
+
+

+The first member of this structure is the message type's ID, as +defined in the enum in sh_cat.h. The second is the default priority of +such messages, defined as in the samhain documentation. The third is +the class of the message, again defined as in the samhain +documentation. Finally we have the message format itself, which is a +printf() style format string. +

+

+This catalogue is used by the logging functions in samhain; you will +need to add your own message types and formats to sh_cat.h and +sh_cat.c. Note that because samhain can be compiled for XML style +logging, you will actually need to make two entries in sh_cat.c for +each message; see the file itself for details. +

+

+Note that there is a generic message format with the ID 'MSG_E_SUBGEN' +and the default priority 'SH_ERR_ERR'. If you are using this message +format, then you can log (a) a string, and (b) the name of the subroutine. +

+

+This completes our description of samhain's module interface. +

+ +

Samhain's utility functions

+

+Here we'll describe the main utility functions available to samhain module +authors. +

+ +

String wrapping macros

+ +

+Constant strings should be wrapped in the _(string) macro. Initialisation +strings that cannot be replaced with a function should be wrapped +in a N_(string) macro, and the variable thus initialized should be +wrapped in a _(var) macro whereever used. This is important for the +'stealth' functionality of samhain. +

+ +

Logging messages

+ +
+#include "sh_error.h"
+
+void sh_error_handle(int severity, char * file, long line, long status,
+                     unsigned long msg_id, ...)
+
+

+This is samhain's logging/reporting function, so the name is a little +misleading - errors are not the only thing we should handle with +this. The first four arguments are simple enough: severity is the +logging severity, defined in the enum ShErrLevel from sh_error.h; file +and line are the current file and line - usually you'll be using FIL__ +and __LINE__ for these; status is not very important - for module +authors it'll do to always pass 0 to this. The final named argument is +msg_id, which should be one of the message IDs defined in sh_cat.h; +these correspond to message format strings in printf() format, which +will be interpolated with the following arguments to form the log +message. +

+

+The '__LINE__' macro is provided by the C preprocessor. The FIL__ macro +should be #defined to '_("sourcefile_name")' (see 'String wrapping macros' +above). +

+Example of use: +

+
+#undef
+#define FIL__ _("sh_mounts.c")
+
+sh_error_handle(ShMountsSevMnt, FIL__, __LINE__, 0, MSG_MNT_MNTMISS,
+                 cfgmnt->path);
+
+

+See cat.c for the definition of MSG_MNT_MNTMISS: +

+
+
+{ MSG_MNT_MNTMISS, SH_ERR_WARN,    RUN,   N_("msg=\"Mount missing\" path=\"%s\"")},
+
+

+So we print this out at severity ShMountsSevMnt, which in this case is +a configured value read from the samhain configuration file (see +sh_mounts.c). If we wanted to print it at the default severity +(SH_ERR_WARN), we could pass -1 as the severity. +

+ +

Checking files for modification

+ +
+#include "sh_files.h"
+
+int  sh_files_pushdir_?? (char * dirName);
+int  sh_files_pushfile_?? (char * fileName);
+
+

+These functions push directories and files onto the stack of those to check +for the specified policy (see the samhain documentation for further +information): + + + + + + + + + +
sh_files_pushdir_user0 pushes the directory at USER0
... _user1USER1
... _attrATTR
... _roREADONLY
... _logLOGFILE
... _glogGROWING LOGFILE
... _noigIGNORE NONE
... _alligIGNORE ALL
+So if you're writing a module that adds particular files to check, like the +sh_userfiles module for example, these are the functions to use. +

+ +

Managing memory

+ +
+#include "sh_mem.h"
+
+#define SH_FREE(a)  ...
+#define SH_ALLOC(a) ...
+
+

+These are the macros to use when you're allocating/freeing memory in +samhain. They do all the error checking/reporting you need, so when +you get memory from SH_ALLOC you can just get to using it right away. +

+ +

Parsing strings

+ +
+#include "sh_utils.h"
+
+char * sh_util_strdup    (const char * str);
+char * sh_util_strsep    (char **str, const char *delim);
+char * sh_util_strconcat (const char * arg1, ...);
+
+int sh_util_flagval(char * c, int * fval);
+int sh_util_isnum (char *str);
+
+#include "slib.h"
+
+int sl_strlcpy (char * dst, const char * src, size_t siz);
+int sl_strlcat (char * dst, const char * src, size_t siz);
+int sl_snprintf(char *str, size_t n, const char *format, ... );
+
+

+These functions are the samhain internal functions for string +handling. The first three act like their C library counterparts, +except using samhain's memory management functions and error +checking. sh_util_flagval converts the passed string into a truth +value - the value is stored in fval as 1 or 0 - and returns 0 +on success, -1 on failure. sh_util_isnum just checks if the passed +string is all numeric. +

+

+The functions sl_strlcpy and sl_strlcat work similar to the C library +strncpy/strncat functions, except that the destination string is always +null terminated, and the third argument must be the full length of the +destination buffer, not the remaining space. On success, the +return value is 0. +

+

+The function sl_snprintf provides either the system snprintf, or a replacement, +if the system has no or a buggy snprintf. +

+ +

Tracing execution

+ +
+#include "slib.h"
+
+#define SL_ENTER(s) ...
+#define SL_RETURN(retval, s) ...
+
+

+These macros are for tracing execution through samhain functions. You +should use SL_ENTER with the name of the function for each function +entered, and SL_RETURN with the return value and the name of the +function for each exit if you want to maintain compatibility with the +rest of samhain. +

+ +

Executing external programs (popen)

+ +
+#include "sh_extern.h"
+
+
+sh_tas_t task;
+/* Prepare task */
+sh_ext_tas_init(&task);
+sh_ext_tas_command(&task, char * command);
+sh_ext_tas_add_argv(&task, char * val);
+sh_ext_tas_add_envv (&task, char * environment_variable, char * value);
+
+int sh_ext_popen(&task);
+int sh_ext_pclose(&task);
+
+

+To prepare a task to run, use 'sh_ext_tas_init' to initialise the task +structure. With 'sh_ext_tas_command' the command (absolute path) is set, +with 'sh_ext_tas_add_argv' command line options are added. Environment +variables can be set with 'sh_ext_tas_add_envv'. +

+

+To open for read, set "task.rw = 'r';", to open for write +use "task.rw = 'w';". +

+

+To run the task with privileges dropped to another UID, set +"task.privileged = 0;" and task.run_user_uid, task.run_user_gid +to the desired UID/GID. +

+

+To verify the checksum of the called executable, set +task.checksum[KEY_LEN+1] to the TIGER192 checksum of the executable. +

+

+After successful execution of sh_ext_popen (return status 0), +task.pipe is the stream opened for read or write, and task.pipeFD +its associated file descriptor. +

+ +

Inserting arbitrary data into the baseline database

+
+
+#include "sh_hash.c"
+
+void sh_hash_push2db (char * key, unsigned long val1, 
+		      unsigned long val2, unsigned long val3,
+		      unsigned char * str, int size);
+
+char * sh_hash_db2pop (char * key, unsigned long * val1, 
+		       unsigned long * val2, unsigned long * val3,
+		       int * size);
+
+

+The baseline database has a fixed record format. To enter data, these need +to be prepared in the required format. To retrieve the data, the +'filepath' is used as key (if your data is not a file, you would provide +a dummy pathname as key). For convenience, the two functions noted below +are provided. +

+

+When checking files, samhain will walk the database to find files that +are in the database, but have been deleted from the disk. If you enter +data, you need to mark it as such by using a key that +starts with something else but '/', otherwise samhain will complain +if it has not been checked during the file check. +

+
+
+#include "sh_hash.c"
+
+void sh_hash_push2db (char * key, unsigned long val1, 
+		      unsigned long val2, unsigned long val3,
+		      unsigned char * str, int size);
+
+char * sh_hash_db2pop (char * key, unsigned long * val1, 
+		       unsigned long * val2, unsigned long * val3,
+		       int * size);
+
+

+To insert data, use 'sh_hash_push2db'. You can insert up to three long +integers (val1, val2, val3) and/or a binary string of length size +(max. (PATH_MAX-1)/2). As noted +above, you need to supply a key (stored as the 'filepath', which should +start with a character different from '/'). To retrieve data, you can use +'sh_hash_db2pop'. The return value is either NULL (if no string was +stored under this key), or the stored string (length returned in 'size'). +

+

+A string to store may consist of any characters, including NULLs, and +need not be NULL terminated. The returned string is +always NULL terminated (the terminating NULL is not included in 'size'), +and should be freed with SH_FREE() if not required anymore. +

+

+If the key is not found in the database, size is set to -1. +

+ +

Incorporating modules into the samhain build

+

+This is a somewhat secondary but important part of writing a module +for samhain: +how to incorporate it into the samhain configuration and build process. +This just involves hacking the autoconf and makefile setup to include your +module. We'll present this file-by-file. +

+

Makefile.in

+

+You need to add a few bits to this file. First, add your header, +source and object filenames to the HEADERS, SOURCES and OBJECTS +variables. Then add your header to the dependencies for sh_modules.o +and ./sh_modules.o. Finally add dependency lines for your module +object file sh_whatever.o and ./sh_whatever.o, modelling them on the +other module object dependency lines. +

+

acconfig.h

+

+The config.h.in will be generated from this file by 'autoheader'. +You just need to add a line like +

+#undef SH_USE_MOUNTS
+
+that will be defined by the ./configure code if the user specifies +the module as enabled. +

+

aclocal.m4

+

+This file is used by 'autoconf' to help generate ./configure. You need to add +your module's ./configure option to the SH_ENABLE_OPTS variable; for example, +to add the option --enable-mounts-check, we added the string 'mounts-check' to +this variable. +

+

configure.ac

+This is the other file used by 'autoconf' to generate ./configure. You need to +add an AC_ARG_ENABLE call to this file, along the lines of those for other +modules. For example, we added +
+AC_ARG_ENABLE(mounts-check,
+        [  --enable-mounts-check        check mount options on filesystems [[no]
+]],
+        [
+        if test "x${enable_mounts_check}" = xyes; then
+                AC_DEFINE(SH_USE_MOUNTS)
+        fi
+        ]
+)
+
+for the sh_mounts module. This causes the #undef from acconfig.h above +to be defined when ./configure is run with the --enable-mounts-check argument. +

+This is all that you need. Once you've done the above, you'll need to +run 'autoheader' and 'autoconfig' to generate config.h.in and the +./configure script. Then your module will build as part of the samhain +source. +

+ +

Conclusion

+

+Armed with the above information, any proficient C programmer should +be able to adapt and extend samhain to do whatever it is they need. We +hope that this document has been reasonably clear, easy to follow and +useful; please feel free to update it for clarity, accuracy and +completeness and resubmit it to the samhain project. +

+

+This document was written by the eircom.net Computer Incident Response Team. +Updated with CSS by Rainer Wichmann. +

+
+ + Index: /tags/2.5.0/docs/MANUAL-2_3.pdf =================================================================== --- /tags/2.5.0/docs/MANUAL-2_3.pdf (revision 189) +++ /tags/2.5.0/docs/MANUAL-2_3.pdf (revision 189) @@ -0,0 +1,47346 @@ +%PDF-1.4 +%ÐÔÅØ +1 0 obj +<< /S /GoTo /D (1.0) >> +endobj +4 0 obj +(The Samhain Host Integrity Monitoring System) +endobj +5 0 obj +<< /S /GoTo /D (2.0) >> +endobj +8 0 obj +(Table of Contents) +endobj +9 0 obj +<< /S /GoTo /D (3.0) >> +endobj +12 0 obj +(Chapter 1. Introduction) +endobj +13 0 obj +<< /S /GoTo /D (4.0) >> +endobj +16 0 obj +(Chapter 2. Compiling and installing) +endobj +17 0 obj +<< /S /GoTo /D (4.1.1) >> +endobj +20 0 obj +(2.1. Overview) +endobj +21 0 obj +<< /S /GoTo /D (4.2.1) >> +endobj +24 0 obj +(2.2. Requirements) +endobj +25 0 obj +<< /S /GoTo /D (4.3.1) >> +endobj +28 0 obj +(2.3. Download and extract) +endobj +29 0 obj +<< /S /GoTo /D (4.4.1) >> +endobj +32 0 obj +(2.4. Configuring the source) +endobj +33 0 obj +<< /S /GoTo /D (4.4.1.2) >> +endobj +36 0 obj +(2.4.1. Some more configuration options) +endobj +37 0 obj +<< /S /GoTo /D (4.5.1) >> +endobj +40 0 obj +(2.5. Build) +endobj +41 0 obj +<< /S /GoTo /D (4.6.1) >> +endobj +44 0 obj +(2.6. Install) +endobj +45 0 obj +<< /S /GoTo /D (4.6.2.2) >> +endobj +48 0 obj +(2.6.1. Important make targets) +endobj +49 0 obj +<< /S /GoTo /D (4.7.1) >> +endobj +52 0 obj +(2.7. Customize) +endobj +53 0 obj +<< /S /GoTo /D (4.8.1) >> +endobj +56 0 obj +(2.8. Initialize the baseline database) +endobj +57 0 obj +<< /S /GoTo /D (4.9.1) >> +endobj +60 0 obj +(2.9. Run samhain) +endobj +61 0 obj +<< /S /GoTo /D (4.10.1) >> +endobj +64 0 obj +(2.10. Files and directory layout) +endobj +65 0 obj +<< /S /GoTo /D (4.10.3.2) >> +endobj +68 0 obj +(2.10.1. Trusted users and trusted paths) +endobj +69 0 obj +<< /S /GoTo /D (4.10.4.2) >> +endobj +72 0 obj +(2.10.2. Directory layout) +endobj +73 0 obj +<< /S /GoTo /D (4.10.5.2) >> +endobj +76 0 obj +(2.10.3. Runtime files) +endobj +77 0 obj +<< /S /GoTo /D (4.10.5.1.3) >> +endobj +80 0 obj +(2.10.3.1. Standalone or client) +endobj +81 0 obj +<< /S /GoTo /D (4.10.5.2.3) >> +endobj +84 0 obj +(2.10.3.2. Server) +endobj +85 0 obj +<< /S /GoTo /D (4.10.6.2) >> +endobj +88 0 obj +(2.10.4. Installed files) +endobj +89 0 obj +<< /S /GoTo /D (4.10.6.3.3) >> +endobj +92 0 obj +(2.10.4.1. Standalone or client) +endobj +93 0 obj +<< /S /GoTo /D (4.10.6.4.3) >> +endobj +96 0 obj +(2.10.4.2. Server) +endobj +97 0 obj +<< /S /GoTo /D (4.11.1) >> +endobj +100 0 obj +(2.11. The testsuite) +endobj +101 0 obj +<< /S /GoTo /D (5.0) >> +endobj +104 0 obj +(Chapter 3. General usage notes) +endobj +105 0 obj +<< /S /GoTo /D (5.12.1) >> +endobj +108 0 obj +(3.1. How to invoke) +endobj +109 0 obj +<< /S /GoTo /D (5.13.1) >> +endobj +112 0 obj +(3.2. Using daemontool \(or similar utilities\)) +endobj +113 0 obj +<< /S /GoTo /D (5.14.1) >> +endobj +116 0 obj +(3.3. Controlling the daemon) +endobj +117 0 obj +<< /S /GoTo /D (5.15.1) >> +endobj +120 0 obj +(3.4. Signals) +endobj +121 0 obj +<< /S /GoTo /D (5.16.1) >> +endobj +124 0 obj +(3.5. PID file) +endobj +125 0 obj +<< /S /GoTo /D (5.17.1) >> +endobj +128 0 obj +(3.6. Log file rotation) +endobj +129 0 obj +<< /S /GoTo /D (5.18.1) >> +endobj +132 0 obj +(3.7. Updating the file signature database) +endobj +133 0 obj +<< /S /GoTo /D (5.19.1) >> +endobj +136 0 obj +(3.8. Improving the signaltonoise ratio) +endobj +137 0 obj +<< /S /GoTo /D (5.20.1) >> +endobj +140 0 obj +(3.9. Runtime options: commandline configuration file) +endobj +141 0 obj +<< /S /GoTo /D (5.21.1) >> +endobj +144 0 obj +(3.10. Remarks on the dnmalloc allocator) +endobj +145 0 obj +<< /S /GoTo /D (5.22.1) >> +endobj +148 0 obj +(3.11. Support / Bugs / Problems) +endobj +149 0 obj +<< /S /GoTo /D (6.0) >> +endobj +152 0 obj +(Chapter 4. Configuration of logging facilities) +endobj +153 0 obj +<< /S /GoTo /D (6.23.1) >> +endobj +156 0 obj +(4.1. General) +endobj +157 0 obj +<< /S /GoTo /D (6.23.7.2) >> +endobj +160 0 obj +(4.1.1. Severity levels) +endobj +161 0 obj +<< /S /GoTo /D (6.23.8.2) >> +endobj +164 0 obj +(4.1.2. Classes) +endobj +165 0 obj +<< /S /GoTo /D (6.24.1) >> +endobj +168 0 obj +(4.2. Available logging facilities) +endobj +169 0 obj +<< /S /GoTo /D (6.25.1) >> +endobj +172 0 obj +(4.3. Activating logging facilities and filtering messages) +endobj +173 0 obj +<< /S /GoTo /D (6.26.1) >> +endobj +176 0 obj +(4.4. Email) +endobj +177 0 obj +<< /S /GoTo /D (6.26.9.2) >> +endobj +180 0 obj +(4.4.1. Email reports and their integrity) +endobj +181 0 obj +<< /S /GoTo /D (6.27.1) >> +endobj +184 0 obj +(4.5. Log file) +endobj +185 0 obj +<< /S /GoTo /D (6.27.10.2) >> +endobj +188 0 obj +(4.5.1. The log file and its integrity) +endobj +189 0 obj +<< /S /GoTo /D (6.28.1) >> +endobj +192 0 obj +(4.6. Log server) +endobj +193 0 obj +<< /S /GoTo /D (6.28.11.2) >> +endobj +196 0 obj +(4.6.1. Details) +endobj +197 0 obj +<< /S /GoTo /D (6.29.1) >> +endobj +200 0 obj +(4.7. External facilities) +endobj +201 0 obj +<< /S /GoTo /D (6.30.1) >> +endobj +204 0 obj +(4.8. Console) +endobj +205 0 obj +<< /S /GoTo /D (6.31.1) >> +endobj +208 0 obj +(4.9. Prelude) +endobj +209 0 obj +<< /S /GoTo /D (6.31.12.2) >> +endobj +212 0 obj +(4.9.1. Preludespecific commandline options) +endobj +213 0 obj +<< /S /GoTo /D (6.31.13.2) >> +endobj +216 0 obj +(4.9.2. Registering to a Prelude 0.9 manager) +endobj +217 0 obj +<< /S /GoTo /D (6.31.14.2) >> +endobj +220 0 obj +(4.9.3. Registering to a Prelude 0.8 manager) +endobj +221 0 obj +<< /S /GoTo /D (6.32.1) >> +endobj +224 0 obj +(4.10. Using samhain with nagios) +endobj +225 0 obj +<< /S /GoTo /D (6.33.1) >> +endobj +228 0 obj +(4.11. Syslog) +endobj +229 0 obj +<< /S /GoTo /D (6.34.1) >> +endobj +232 0 obj +(4.12. SQL Database) +endobj +233 0 obj +<< /S /GoTo /D (6.34.15.2) >> +endobj +236 0 obj +(4.12.1. Upgrade to samhain 2.3) +endobj +237 0 obj +<< /S /GoTo /D (6.34.16.2) >> +endobj +240 0 obj +(4.12.2. Upgrade to samhain 2.4.4) +endobj +241 0 obj +<< /S /GoTo /D (6.34.17.2) >> +endobj +244 0 obj +(4.12.3. MySQL configuration details) +endobj +245 0 obj +<< /S /GoTo /D (7.0) >> +endobj +248 0 obj +(Chapter 5. Configuring samhain, the host integrity monitor) +endobj +249 0 obj +<< /S /GoTo /D (7.35.1) >> +endobj +252 0 obj +(5.1. Usage overview) +endobj +253 0 obj +<< /S /GoTo /D (7.36.1) >> +endobj +256 0 obj +(5.2. Available checksum functions) +endobj +257 0 obj +<< /S /GoTo /D (7.37.1) >> +endobj +260 0 obj +(5.3. File signatures) +endobj +261 0 obj +<< /S /GoTo /D (7.38.1) >> +endobj +264 0 obj +(5.4. Defining file check policies: what, and how, to monitor) +endobj +265 0 obj +<< /S /GoTo /D (7.38.18.2) >> +endobj +268 0 obj +(5.4.1. Monitoring policies) +endobj +269 0 obj +<< /S /GoTo /D (7.38.19.2) >> +endobj +272 0 obj +(5.4.2. File/directory specification) +endobj +273 0 obj +<< /S /GoTo /D (7.38.19.5.3) >> +endobj +276 0 obj +(5.4.2.1. Rules) +endobj +277 0 obj +<< /S /GoTo /D (7.38.20.2) >> +endobj +280 0 obj +(5.4.3. Suppress messages about new/deleted files) +endobj +281 0 obj +<< /S /GoTo /D (7.38.21.2) >> +endobj +284 0 obj +(5.4.4. Dynamic database update \(modified/disappeared/new files\)) +endobj +285 0 obj +<< /S /GoTo /D (7.38.22.2) >> +endobj +288 0 obj +(5.4.5. Recursion depth\(s\)) +endobj +289 0 obj +<< /S /GoTo /D (7.38.23.2) >> +endobj +292 0 obj +(5.4.6. Hardlink check) +endobj +293 0 obj +<< /S /GoTo /D (7.38.23.6.3) >> +endobj +296 0 obj +(5.4.6.1. Specify exceptions for the hardlink check) +endobj +297 0 obj +<< /S /GoTo /D (7.38.24.2) >> +endobj +300 0 obj +(5.4.7. Check for weird filenames) +endobj +301 0 obj +<< /S /GoTo /D (7.38.25.2) >> +endobj +304 0 obj +(5.4.8. Support for prelink) +endobj +305 0 obj +<< /S /GoTo /D (7.38.26.2) >> +endobj +308 0 obj +(5.4.9. SELinux attributes and Posix ACLs) +endobj +309 0 obj +<< /S /GoTo /D (7.38.27.2) >> +endobj +312 0 obj +(5.4.10. Codes in messages about reported files) +endobj +313 0 obj +<< /S /GoTo /D (7.39.1) >> +endobj +316 0 obj +(5.5. Excluding files and/or subdirectories \(All except \)) +endobj +317 0 obj +<< /S /GoTo /D (7.40.1) >> +endobj +320 0 obj +(5.6. Timing file checks) +endobj +321 0 obj +<< /S /GoTo /D (7.40.28.2) >> +endobj +324 0 obj +(5.6.1. Using a second schedule) +endobj +325 0 obj +<< /S /GoTo /D (7.41.1) >> +endobj +328 0 obj +(5.7. Initializing, updating, or checking) +endobj +329 0 obj +<< /S /GoTo /D (7.42.1) >> +endobj +332 0 obj +(5.8. The file signature database) +endobj +333 0 obj +<< /S /GoTo /D (7.43.1) >> +endobj +336 0 obj +(5.9. Checking the file system for SUID/SGID binaries) +endobj +337 0 obj +<< /S /GoTo /D (7.43.29.2) >> +endobj +340 0 obj +(5.9.1. Quarantine SUID/SGID files) +endobj +341 0 obj +<< /S /GoTo /D (7.43.30.2) >> +endobj +344 0 obj +(5.9.2. Configuration) +endobj +345 0 obj +<< /S /GoTo /D (7.44.1) >> +endobj +348 0 obj +(5.10. Detecting Kernel rootkits) +endobj +349 0 obj +<< /S /GoTo /D (7.44.31.2) >> +endobj +352 0 obj +(5.10.1. Configuration) +endobj +353 0 obj +<< /S /GoTo /D (7.44.32.2) >> +endobj +356 0 obj +(5.10.2. What is a kernel rootkit ?) +endobj +357 0 obj +<< /S /GoTo /D (7.44.33.2) >> +endobj +360 0 obj +(5.10.3. Implemented integrity checks) +endobj +361 0 obj +<< /S /GoTo /D (7.44.34.2) >> +endobj +364 0 obj +(5.10.4. Error messages) +endobj +365 0 obj +<< /S /GoTo /D (7.45.1) >> +endobj +368 0 obj +(5.11. Monitoring login/logout events) +endobj +369 0 obj +<< /S /GoTo /D (7.46.1) >> +endobj +372 0 obj +(5.12. Checking mounted filesystem policies) +endobj +373 0 obj +<< /S /GoTo /D (7.47.1) >> +endobj +376 0 obj +(5.13. Checking sensitive files owned by users) +endobj +377 0 obj +<< /S /GoTo /D (7.48.1) >> +endobj +380 0 obj +(5.14. Checking for hidden/fake/missing processes) +endobj +381 0 obj +<< /S /GoTo /D (7.48.35.2) >> +endobj +384 0 obj +(5.14.1. Example configuration) +endobj +385 0 obj +<< /S /GoTo /D (7.49.1) >> +endobj +388 0 obj +(5.15. Checking for open ports) +endobj +389 0 obj +<< /S /GoTo /D (7.49.36.2) >> +endobj +392 0 obj +(5.15.1. Options) +endobj +393 0 obj +<< /S /GoTo /D (7.49.37.2) >> +endobj +396 0 obj +(5.15.2. Example configuration) +endobj +397 0 obj +<< /S /GoTo /D (7.50.1) >> +endobj +400 0 obj +(5.16. Logfile monitoring/analysis) +endobj +401 0 obj +<< /S /GoTo /D (7.50.38.2) >> +endobj +404 0 obj +(5.16.1. Options) +endobj +405 0 obj +<< /S /GoTo /D (7.50.39.2) >> +endobj +408 0 obj +(5.16.2. Example configuration) +endobj +409 0 obj +<< /S /GoTo /D (7.51.1) >> +endobj +412 0 obj +(5.17. Modules) +endobj +413 0 obj +<< /S /GoTo /D (7.52.1) >> +endobj +416 0 obj +(5.18. Performance tuning) +endobj +417 0 obj +<< /S /GoTo /D (7.53.1) >> +endobj +420 0 obj +(5.19. Storing the full content of a file \(aka: WHAT has changed?\)) +endobj +421 0 obj +<< /S /GoTo /D (7.53.40.2) >> +endobj +424 0 obj +(5.19.1. Example configuration) +endobj +425 0 obj +<< /S /GoTo /D (7.53.41.2) >> +endobj +428 0 obj +(5.19.2. Implementation details) +endobj +429 0 obj +<< /S /GoTo /D (8.0) >> +endobj +432 0 obj +(Chapter 6. Configuring yule, the log server) +endobj +433 0 obj +<< /S /GoTo /D (8.54.1) >> +endobj +436 0 obj +(6.1. General) +endobj +437 0 obj +<< /S /GoTo /D (8.55.1) >> +endobj +440 0 obj +(6.2. Important installation notes) +endobj +441 0 obj +<< /S /GoTo /D (8.56.1) >> +endobj +444 0 obj +(6.3. Registering a client) +endobj +445 0 obj +<< /S /GoTo /D (8.57.1) >> +endobj +448 0 obj +(6.4. Enabling logging to the server) +endobj +449 0 obj +<< /S /GoTo /D (8.58.1) >> +endobj +452 0 obj +(6.5. Enabling baseline database / configuration file download from the server) +endobj +453 0 obj +<< /S /GoTo /D (8.58.42.2) >> +endobj +456 0 obj +(6.5.1. Configuration file) +endobj +457 0 obj +<< /S /GoTo /D (8.58.43.2) >> +endobj +460 0 obj +(6.5.2. Database file) +endobj +461 0 obj +<< /S /GoTo /D (8.59.1) >> +endobj +464 0 obj +(6.6. Rules for logging of client messages) +endobj +465 0 obj +<< /S /GoTo /D (8.60.1) >> +endobj +468 0 obj +(6.7. Detecting 'dead' clients) +endobj +469 0 obj +<< /S /GoTo /D (8.61.1) >> +endobj +472 0 obj +(6.8. The HTML server status page) +endobj +473 0 obj +<< /S /GoTo /D (8.62.1) >> +endobj +476 0 obj +(6.9. Chroot) +endobj +477 0 obj +<< /S /GoTo /D (8.63.1) >> +endobj +480 0 obj +(6.10. Restrict access with libwrap \(tcp wrappers\)) +endobj +481 0 obj +<< /S /GoTo /D (8.64.1) >> +endobj +484 0 obj +(6.11. Sending commands to clients) +endobj +485 0 obj +<< /S /GoTo /D (8.64.44.2) >> +endobj +488 0 obj +(6.11.1. Communicating with the server) +endobj +489 0 obj +<< /S /GoTo /D (8.64.45.2) >> +endobj +492 0 obj +(6.11.2. Authenticating to the server) +endobj +493 0 obj +<< /S /GoTo /D (8.65.1) >> +endobj +496 0 obj +(6.12. Syslog logging) +endobj +497 0 obj +<< /S /GoTo /D (8.66.1) >> +endobj +500 0 obj +(6.13. Servertoserver relay) +endobj +501 0 obj +<< /S /GoTo /D (8.67.1) >> +endobj +504 0 obj +(6.14. Performance tuning) +endobj +505 0 obj +<< /S /GoTo /D (9.0) >> +endobj +508 0 obj +(Chapter 7. Hooks for External Programs) +endobj +509 0 obj +<< /S /GoTo /D (9.68.1) >> +endobj +512 0 obj +(7.1. Pipes) +endobj +513 0 obj +<< /S /GoTo /D (9.69.1) >> +endobj +516 0 obj +(7.2. System V message queue) +endobj +517 0 obj +<< /S /GoTo /D (9.70.1) >> +endobj +520 0 obj +(7.3. Calling external programs) +endobj +521 0 obj +<< /S /GoTo /D (9.70.46.2) >> +endobj +524 0 obj +(7.3.1. Example setup for paging) +endobj +525 0 obj +<< /S /GoTo /D (10.0) >> +endobj +528 0 obj +(Chapter 8. Additional Features Signed Configuration/Database Files) +endobj +529 0 obj +<< /S /GoTo /D (10.71.1) >> +endobj +532 0 obj +(8.1. The samhainadmin script) +endobj +533 0 obj +<< /S /GoTo /D (11.0) >> +endobj +536 0 obj +(Chapter 9. Additional Features Stealth) +endobj +537 0 obj +<< /S /GoTo /D (11.72.1) >> +endobj +540 0 obj +(9.1. Hiding the executable) +endobj +541 0 obj +<< /S /GoTo /D (11.72.47.2) >> +endobj +544 0 obj +(9.1.1. Using kernel modules to hide samhain \(Linux/ix86 only\)) +endobj +545 0 obj +<< /S /GoTo /D (11.73.1) >> +endobj +548 0 obj +(9.2. Packing the executable) +endobj +549 0 obj +<< /S /GoTo /D (12.0) >> +endobj +552 0 obj +(Chapter 10. Deployment to remote hosts) +endobj +553 0 obj +<< /S /GoTo /D (12.74.1) >> +endobj +556 0 obj +(10.1. Method A: The deployment system) +endobj +557 0 obj +<< /S /GoTo /D (12.74.48.2) >> +endobj +560 0 obj +(10.1.1. Requirements) +endobj +561 0 obj +<< /S /GoTo /D (12.74.49.2) >> +endobj +564 0 obj +(10.1.2. Layout of the deployment system) +endobj +565 0 obj +<< /S /GoTo /D (12.74.49.7.3) >> +endobj +568 0 obj +(10.1.2.1. The configs subdirectory) +endobj +569 0 obj +<< /S /GoTo /D (12.74.49.8.3) >> +endobj +572 0 obj +(10.1.2.2. The archpkg subdirectory) +endobj +573 0 obj +<< /S /GoTo /D (12.74.50.2) >> +endobj +576 0 obj +(10.1.3. Customizing the system) +endobj +577 0 obj +<< /S /GoTo /D (12.74.50.9.3) >> +endobj +580 0 obj +(10.1.3.1. Setting default options) +endobj +581 0 obj +<< /S /GoTo /D (12.74.50.10.3) >> +endobj +584 0 obj +(10.1.3.2. Adding support for an architecture) +endobj +585 0 obj +<< /S /GoTo /D (12.74.50.11.3) >> +endobj +588 0 obj +(10.1.3.3. Perarchitecture pre/postinstallation scripts) +endobj +589 0 obj +<< /S /GoTo /D (12.74.50.12.3) >> +endobj +592 0 obj +(10.1.3.4. Perhost runtime configuration) +endobj +593 0 obj +<< /S /GoTo /D (12.74.51.2) >> +endobj +596 0 obj +(10.1.4. Using the deploy.sh script) +endobj +597 0 obj +<< /S /GoTo /D (12.74.51.13.3) >> +endobj +600 0 obj +(10.1.4.1. General options) +endobj +601 0 obj +<< /S /GoTo /D (12.74.52.2) >> +endobj +604 0 obj +(10.1.5. deploy.sh info) +endobj +605 0 obj +<< /S /GoTo /D (12.74.52.14.3) >> +endobj +608 0 obj +(10.1.5.1. Specific options) +endobj +609 0 obj +<< /S /GoTo /D (12.74.53.2) >> +endobj +612 0 obj +(10.1.6. deploy.sh clean) +endobj +613 0 obj +<< /S /GoTo /D (12.74.53.15.3) >> +endobj +616 0 obj +(10.1.6.1. Specific options) +endobj +617 0 obj +<< /S /GoTo /D (12.74.54.2) >> +endobj +620 0 obj +(10.1.7. deploy.sh download) +endobj +621 0 obj +<< /S /GoTo /D (12.74.54.16.3) >> +endobj +624 0 obj +(10.1.7.1. Specific options) +endobj +625 0 obj +<< /S /GoTo /D (12.74.55.2) >> +endobj +628 0 obj +(10.1.8. deploy.sh checksrc) +endobj +629 0 obj +<< /S /GoTo /D (12.74.55.17.3) >> +endobj +632 0 obj +(10.1.8.1. Specific options) +endobj +633 0 obj +<< /S /GoTo /D (12.74.56.2) >> +endobj +636 0 obj +(10.1.9. deploy.sh build) +endobj +637 0 obj +<< /S /GoTo /D (12.74.56.18.3) >> +endobj +640 0 obj +(10.1.9.1. Specific options) +endobj +641 0 obj +<< /S /GoTo /D (12.74.57.2) >> +endobj +644 0 obj +(10.1.10. deploy.sh install) +endobj +645 0 obj +<< /S /GoTo /D (12.74.57.19.3) >> +endobj +648 0 obj +(10.1.10.1. Specific options) +endobj +649 0 obj +<< /S /GoTo /D (12.74.58.2) >> +endobj +652 0 obj +(10.1.11. deploy.sh uninstall) +endobj +653 0 obj +<< /S /GoTo /D (12.74.58.20.3) >> +endobj +656 0 obj +(10.1.11.1. Specific options) +endobj +657 0 obj +<< /S /GoTo /D (12.74.59.2) >> +endobj +660 0 obj +(10.1.12. Usage notes) +endobj +661 0 obj +<< /S /GoTo /D (12.75.1) >> +endobj +664 0 obj +(10.2. Method B: The native package manager) +endobj +665 0 obj +<< /S /GoTo /D (12.75.60.2) >> +endobj +668 0 obj +(10.2.1. Building an RPM) +endobj +669 0 obj +<< /S /GoTo /D (12.75.60.21.3) >> +endobj +672 0 obj +(10.2.1.1. Custom RPM) +endobj +673 0 obj +<< /S /GoTo /D (12.75.60.22.3) >> +endobj +676 0 obj +(10.2.1.2. Singlehost) +endobj +677 0 obj +<< /S /GoTo /D (12.75.61.2) >> +endobj +680 0 obj +(10.2.2. Building an HPUX package) +endobj +681 0 obj +<< /S /GoTo /D (12.75.62.2) >> +endobj +684 0 obj +(10.2.3. Building a Solaris package) +endobj +685 0 obj +<< /S /GoTo /D (12.75.63.2) >> +endobj +688 0 obj +(10.2.4. Building a Gentoo Linux package) +endobj +689 0 obj +<< /S /GoTo /D (12.75.64.2) >> +endobj +692 0 obj +(10.2.5. Building a Debian package) +endobj +693 0 obj +<< /S /GoTo /D (13.0) >> +endobj +696 0 obj +(Chapter 11. Security Design) +endobj +697 0 obj +<< /S /GoTo /D (13.76.1) >> +endobj +700 0 obj +(11.1. Usage) +endobj +701 0 obj +<< /S /GoTo /D (13.77.1) >> +endobj +704 0 obj +(11.2. Integrity of the executable) +endobj +705 0 obj +<< /S /GoTo /D (13.78.1) >> +endobj +708 0 obj +(11.3. Client executable integrity) +endobj +709 0 obj +<< /S /GoTo /D (13.79.1) >> +endobj +712 0 obj +(11.4. The server) +endobj +713 0 obj +<< /S /GoTo /D (13.80.1) >> +endobj +716 0 obj +(11.5. General) +endobj +717 0 obj +<< /S /GoTo /D (14.0) >> +endobj +720 0 obj +(Appendix A. List of options for the ./configure script) +endobj +721 0 obj +<< /S /GoTo /D (14.81.1) >> +endobj +724 0 obj +(A.1. General) +endobj +725 0 obj +<< /S /GoTo /D (14.82.1) >> +endobj +728 0 obj +(A.2. Optional modules to perform additional checks) +endobj +729 0 obj +<< /S /GoTo /D (14.83.1) >> +endobj +732 0 obj +(A.3. OpenPGP Signatures on Configuration/Database Files) +endobj +733 0 obj +<< /S /GoTo /D (14.84.1) >> +endobj +736 0 obj +(A.4. Client/Server Connectivity) +endobj +737 0 obj +<< /S /GoTo /D (14.85.1) >> +endobj +740 0 obj +(A.5. Paths) +endobj +741 0 obj +<< /S /GoTo /D (15.0) >> +endobj +744 0 obj +(Appendix B. List of command line options) +endobj +745 0 obj +<< /S /GoTo /D (15.86.1) >> +endobj +748 0 obj +(B.1. General) +endobj +749 0 obj +<< /S /GoTo /D (15.87.1) >> +endobj +752 0 obj +(B.2. samhain) +endobj +753 0 obj +<< /S /GoTo /D (15.88.1) >> +endobj +756 0 obj +(B.3. yule) +endobj +757 0 obj +<< /S /GoTo /D (16.0) >> +endobj +760 0 obj +(Appendix C. List of configuration file options) +endobj +761 0 obj +<< /S /GoTo /D (16.89.1) >> +endobj +764 0 obj +(C.1. General) +endobj +765 0 obj +<< /S /GoTo /D (16.89.65.2) >> +endobj +768 0 obj +(C.1.1. Conditionals) +endobj +769 0 obj +<< /S /GoTo /D (16.90.1) >> +endobj +772 0 obj +(C.2. Files to check) +endobj +773 0 obj +<< /S /GoTo /D (16.91.1) >> +endobj +776 0 obj +(C.3. Severity of events) +endobj +777 0 obj +<< /S /GoTo /D (16.92.1) >> +endobj +780 0 obj +(C.4. Logging thresholds) +endobj +781 0 obj +<< /S /GoTo /D (16.93.1) >> +endobj +784 0 obj +(C.5. Watching login/logout events) +endobj +785 0 obj +<< /S /GoTo /D (16.94.1) >> +endobj +788 0 obj +(C.6. Checking for kernel module rootkits) +endobj +789 0 obj +<< /S /GoTo /D (16.95.1) >> +endobj +792 0 obj +(C.7. Checking for SUID/SGID files) +endobj +793 0 obj +<< /S /GoTo /D (16.96.1) >> +endobj +796 0 obj +(C.8. Checking for mount options) +endobj +797 0 obj +<< /S /GoTo /D (16.97.1) >> +endobj +800 0 obj +(C.9. Checking for user files) +endobj +801 0 obj +<< /S /GoTo /D (16.98.1) >> +endobj +804 0 obj +(C.10. Checking for hidden/fake/required processes) +endobj +805 0 obj +<< /S /GoTo /D (16.99.1) >> +endobj +808 0 obj +(C.11. Checking for open ports) +endobj +809 0 obj +<< /S /GoTo /D (16.100.1) >> +endobj +812 0 obj +(C.12. Logfile monitoring/analysis) +endobj +813 0 obj +<< /S /GoTo /D (16.101.1) >> +endobj +816 0 obj +(C.13. Database) +endobj +817 0 obj +<< /S /GoTo /D (16.102.1) >> +endobj +820 0 obj +(C.14. Miscellaneous) +endobj +821 0 obj +<< /S /GoTo /D (16.103.1) >> +endobj +824 0 obj +(C.15. External) +endobj +825 0 obj +<< /S /GoTo /D (16.104.1) >> +endobj +828 0 obj +(C.16. Clients) +endobj +829 0 obj +<< /S /GoTo /D (17.0) >> +endobj +832 0 obj +(Appendix D. List of database fields) +endobj +833 0 obj +<< /S /GoTo /D (17.105.1) >> +endobj +836 0 obj +(D.1. General) +endobj +837 0 obj +<< /S /GoTo /D (17.106.1) >> +endobj +840 0 obj +(D.2. Modules) +endobj +841 0 obj +<< /S /GoTo /D (17.107.1) >> +endobj +844 0 obj +(D.3. Syslog) +endobj +845 0 obj +<< /S /GoTo /D [846 0 R /Fit ] >> +endobj +848 0 obj << +/Length 134 +/Filter /FlateDecode +>> +stream +xÚ3PHW0Ppç2€ÒN!\únFŠ +F&zæ– +!i +†Æfz&– +æzFFF +!) +Ñ!©šºFæÁ‰¹‰™yŽG~q „å™W’š^”YR©â¥`b¡giš kl4À +b€o~^fI~Qf^:ԜÊâ’Ô\jžK`ŽkÑ)K +endstream +endobj +846 0 obj << +/Type /Page +/Contents 848 0 R +/Resources 847 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 853 0 R +>> endobj +849 0 obj << +/D [846 0 R /XYZ 71.731 729.265 null] +>> endobj +850 0 obj << +/D [846 0 R /XYZ 71.731 718.306 null] +>> endobj +851 0 obj << +/D [846 0 R /XYZ 71.731 718.306 null] +>> endobj +2 0 obj << +/D [846 0 R /XYZ 408.092 667.995 null] +>> endobj +847 0 obj << +/Font << /F25 852 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +856 0 obj << +/Length 626 +/Filter /FlateDecode +>> +stream +xÚ­TQoÛ ~ï¯ð#–j86vßÚné:­Sµž›ŠuÄÆ1Z +&Móï‡ +€I4i›¶s€ï»ûî>EËE7gȯWÕÙdF²š„eNòšj#Š!MqDQÓé4ªšèš: +'„`ÎúŽ é6ïÔ`œu+ +_javn{§€0J +¹ô^»Áð>þ^œŸÌ,ôk,%˜À2#.̵ZǁËnDÎx$vAˆ$öSží'›×ÎþOu×3)÷Q(,)Â> +±Q°'sÏu/†A(éŒÅàÖ¥f–Fã6F¹µö)ÅyÎÝQ#£Å"&l +wgL6å³éU#ڝ‡éz£êMÏ¥§µ‘MHÞt +ÃØŒüϪ}œs|Ò>€Ì`Q–× +Ÿ›îïYœe@Ç)ÜCŸñA™Ù³ý j.þ‹2aŒ`Žö°žíçc +ž~­†xôŽ’)ÊáŽÌ}±s +U`2ÆðeX1è>Ç‡pëÍb%†.~±;)ËL6s՚íØ +ŠÃÝŠl1n +éœ%}o嚏§˜dÖS°Ðƒ9¯G¯áüøï™VÒ$×j„öɺ‹*ŠðñäÙ'Û÷cï+Vÿø­3|©ß‰ø¿ÚBÛÎoŒˆ˜¯ƒZ÷àÆh'šü­X©Pšÿ©+ +`[­úìZhû“„qƒÃÁ‰ý/lncÿáNƒd +S” +kðeš3f}1™l·ÛñéÂvh¡•&.ÀÒÞú‘Ž‚oõaluñ·T΃Þjèͬ> endobj +857 0 obj << +/D [855 0 R /XYZ 71.731 729.265 null] +>> endobj +854 0 obj << +/Font << /F25 852 0 R /F31 858 0 R /F33 859 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +954 0 obj << +/Length 2049 +/Filter /FlateDecode +>> +stream +xÚíÝÏsÛ6Àñ{þ +ž:Ò̊&øKdoIgÓéL³‰zjöK°Œ ExIÐIú×W4AZ¶Ã„ÍÖNO"ý±)8#Ÿ<àÞÖ +Œç÷údõèè8LŒ0ðÓ$KŒÕ©·þ2Þ2ˆü0JœÕÆû}¶šgÁLžÌE0+Ô|.³™9í^2¥U¥­çÿ]ý<\öè8ÊŒÜÏÓ0m//ý,ÞB,ý ‹ºK +ÿ÷I0{QÚj.ö×Û4k«Myí:ý«÷û"Œfþˆ|O°ár&>ŽÁ>³Jü(»Ì*t™ÕOfw® +]n»SYnº]ÖV—0ö^±àßy|ÍâÑq$&3ÂÈÏ +‹ž£>âîg3~œ˜‹dŠª +­æa2{7 +a/¹ üíùËåü@èç‰è³•~†à•ú_£+µ»U¿uXw'|ÜðÏ +ý£O‡þCiPäBÿ§ær~¢,ŒÜÜšRíÆ{[ɵ +{ǜÛÜG˜O +ᎇøòM„ÛŠêàí™êjÓTk5únQÌMþzȚL +™M\Èú€ÑÅfì‚KÊÆx@ U:q +vœÜïfì’ûßàƒà{˜–3§e_=ÕÔÖìô£ERaÈG +À瓑lb]\6Lãh«eÑf#××qœÈZºtgieû“Ñé +úÈ +!Y>q|8ï÷lJ·”Vî΀.)±€›/ +Cž"p ñ.T}c»É®ÔښêCwZÈŠÝx2¡1-ÀœF|"˜8D,úŽš«~šÞªÚ֍¶ãÅĂÍmànú7::Ž2/÷ó4LœÕ©·#?û?ñ£8êbüŸ“ÐsUªJÝISË­‹÷K³øGߚ®¢ðµ’€d, IÀaö9@?Ìÿﮟšê7Ý«.çq0»˜‡ÁÌŒ‹¶µèØØ@aÜat³L;òCËÿVÍR7RíLiqãûo‚$0•[ô©wºî€±ºÐV«zÿbô¿I‰òàیD/DWMÖmeŠâv‹õ.|`[¢ÌéQfì¢Ì×z[ÊbŒ¢4 ¢€{Îk҉³í‰Ëk^ŸxÚÏ­a¡˜;àŸÓ˜åÄé™Ô¥1¿˜íµ4æòž2VZMü­áø0«°ì×ðoö‘÷­‚üÃàŒn +ªlSMlœ +Šœ»7É&Ž +f.y±;¯Ì\$³‹ÛÉeR,¬Y”F×ýža;j8ö/ä17€é‘K>q%w‘Ë«ŠŽzç¢sÞÎeÖ?vgk³ÛÉr³(téü‡ +Êv˜eÛTÝÜç„âÎP€Ü2€¯÷õ?$®CÃòWj'«·®eyÿ]~µœM¹“EaÖ®£y{(­©F«]Bn +‡|6éÛkŒnÎÏMe»“£îåI³­¯ýàeeN +µÝ"%Œ#îÀ—Gqa𥭓㫍“oϘÓîµ0ÛíP.q*×®¿Âè”Sž ðÿwá¶Ä‡–žÏU©*YŒŸKĆÅÜgBs³ô= +º?ž/ãÙÅhþ!éÎrâÈZ2Ò%‰f¯Üo‰‰³6·šœÖªºh;šÑM/™ +<Ä,#š8YÒ÷°}öÞªª”Å_ZkR2<Œ:»Úbž6Ÿhiî${ɧŽ2÷_ÿç—îà©ŽòD֟š—IùÔ`j~t +e^îçi˜z«SoF~.öqyâGqÔÅåÉÕÂÛvÿmSÝ,ùWwfÏ\Gõ3SÛîH—Vm+m?žž™ŠÔ֌﬙S +|oOà8 +{‹ƒ'ðá8ìÀbšŸ”[÷Œ5í&Õn§ê +­ÚŸÖïFß=bULŽÑoNU'~?SýxŸŒ÷aø>ú–º' +‹Î×gjý¶nvn£çŠ\[mÊÑUQqÀ +àáE^É€%N‰¹ÈëX÷ÁV­·¥ŽM¥Xu_9p†Lcž?Uma9¶g×ÆM»ÃsSèµVõnƒ©3i]¡,7}aWö&³ŸÑL*4ÌX5pëë<8“ +=M×E³¹ñm^ßÔGûoán”Š9ÙèJ­÷_˺÷7A<.\;TÕ³œ_«sW;Ÿ¿Ÿžõ²ÿ +1úï +:¥Üá"™ð§î ±šGÉLïÆþñqûXp€o-`NÇþE +ÿ¢4÷“Ä[ęÅICk­¯ýé³Õ£?¬OÊÐ +endstream +endobj +953 0 obj << +/Type /Page +/Contents 954 0 R +/Resources 952 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 853 0 R +/Annots [ 860 0 R 861 0 R 862 0 R 863 0 R 864 0 R 865 0 R 866 0 R 867 0 R 868 0 R 869 0 R 870 0 R 871 0 R 872 0 R 873 0 R 874 0 R 875 0 R 876 0 R 877 0 R 878 0 R 879 0 R 880 0 R 881 0 R 882 0 R 883 0 R 884 0 R 885 0 R 886 0 R 887 0 R 888 0 R 889 0 R 890 0 R 891 0 R 892 0 R 893 0 R 894 0 R 895 0 R 896 0 R 897 0 R 898 0 R 899 0 R 900 0 R 901 0 R 902 0 R 903 0 R 904 0 R 905 0 R 906 0 R 907 0 R 908 0 R 909 0 R 910 0 R 911 0 R 912 0 R 913 0 R 914 0 R 915 0 R 916 0 R 917 0 R 918 0 R 919 0 R 920 0 R 921 0 R 922 0 R 923 0 R 924 0 R 925 0 R 926 0 R 927 0 R 928 0 R 929 0 R 930 0 R 931 0 R 932 0 R 933 0 R 934 0 R 935 0 R 936 0 R 937 0 R 938 0 R 939 0 R 940 0 R 941 0 R 942 0 R 943 0 R 944 0 R 945 0 R 946 0 R 947 0 R 948 0 R 949 0 R ] +>> endobj +860 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [118.555 685.037 184.577 694.014] +/Subtype /Link +/A << /S /GoTo /D (0:INTRO) >> +>> endobj +861 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [515.342 685.037 522.316 694.014] +/Subtype /Link +/A << /S /GoTo /D (0:INTRO) >> +>> endobj +862 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [118.555 667.792 235.705 678.671] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION) >> +>> endobj +863 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [515.342 667.792 522.316 678.671] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION) >> +>> endobj +864 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 654.372 200.777 663.219] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-OVERVIEW) >> +>> endobj +865 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [515.342 654.372 522.316 663.219] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-OVERVIEW) >> +>> endobj +866 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 639.364 217.235 650.268] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-REQUIREMENTS) >> +>> endobj +867 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [515.342 639.364 522.316 650.268] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-REQUIREMENTS) >> +>> endobj +868 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 628.469 249.474 637.316] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-DOWNLOAD) >> +>> endobj +869 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [515.342 628.469 522.316 637.316] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-DOWNLOAD) >> +>> endobj +870 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 613.461 253.21 624.365] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-CONFIGURE) >> +>> endobj +871 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [515.342 613.461 522.316 624.365] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-CONFIGURE) >> +>> endobj +872 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 602.567 184.04 611.413] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-BUILD) >> +>> endobj +873 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [515.342 602.567 522.316 611.413] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-BUILD) >> +>> endobj +874 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 589.615 186.799 598.462] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-INSTALL) >> +>> endobj +875 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [515.342 589.615 522.316 598.462] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-INSTALL) >> +>> endobj +876 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 576.664 204.512 585.51] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-CUSTOMIZE) >> +>> endobj +877 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [515.342 576.664 522.316 585.51] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-CUSTOMIZE) >> +>> endobj +878 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 563.593 283.903 572.559] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-INITIALIZE) >> +>> endobj +879 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [515.342 563.593 522.316 572.559] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-INITIALIZE) >> +>> endobj +880 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 550.641 214.196 559.608] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-RUNNING) >> +>> endobj +881 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [515.342 550.641 522.316 559.608] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-RUNNING) >> +>> endobj +882 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 535.752 268.98 546.656] +/Subtype /Link +/A << /S /GoTo /D (0:LAYOUT) >> +>> endobj +883 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 535.752 522.316 546.656] +/Subtype /Link +/A << /S /GoTo /D (0:LAYOUT) >> +>> endobj +884 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 524.858 217.513 533.705] +/Subtype /Link +/A << /S /GoTo /D (0:TESTSUITE) >> +>> endobj +885 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 524.858 522.316 533.705] +/Subtype /Link +/A << /S /GoTo /D (0:TESTSUITE) >> +>> endobj +886 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [118.555 507.593 215.74 518.472] +/Subtype /Link +/A << /S /GoTo /D (0:USAGE) >> +>> endobj +887 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 507.593 522.316 518.472] +/Subtype /Link +/A << /S /GoTo /D (0:USAGE) >> +>> endobj +888 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 494.173 220.164 503.02] +/Subtype /Link +/A << /S /GoTo /D (0:HOW-TO-INVOKE) >> +>> endobj +889 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 494.173 522.316 503.02] +/Subtype /Link +/A << /S /GoTo /D (0:HOW-TO-INVOKE) >> +>> endobj +890 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 479.164 315.206 490.068] +/Subtype /Link +/A << /S /GoTo /D (0:DAEMONTOOL) >> +>> endobj +891 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 479.164 522.316 490.068] +/Subtype /Link +/A << /S /GoTo /D (0:DAEMONTOOL) >> +>> endobj +892 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 466.213 256.537 477.117] +/Subtype /Link +/A << /S /GoTo /D (0:CONTROLLING-THE-DAEMON) >> +>> endobj +893 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 466.213 522.316 477.117] +/Subtype /Link +/A << /S /GoTo /D (0:CONTROLLING-THE-DAEMON) >> +>> endobj +894 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 453.261 191.232 464.165] +/Subtype /Link +/A << /S /GoTo /D (0:SIGNALS) >> +>> endobj +895 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 453.261 522.316 464.165] +/Subtype /Link +/A << /S /GoTo /D (0:SIGNALS) >> +>> endobj +896 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 442.367 193.165 451.214] +/Subtype /Link +/A << /S /GoTo /D (0:PID-FILE) >> +>> endobj +897 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 442.367 522.316 451.214] +/Subtype /Link +/A << /S /GoTo /D (0:PID-FILE) >> +>> endobj +898 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 427.359 226.649 438.263] +/Subtype /Link +/A << /S /GoTo /D (0:LOG-FILE-ROTATION) >> +>> endobj +899 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 427.359 522.316 438.263] +/Subtype /Link +/A << /S /GoTo /D (0:LOG-FILE-ROTATION) >> +>> endobj +900 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 414.407 304.666 425.311] +/Subtype /Link +/A << /S /GoTo /D (0:UPDATING-THE-FILE-SIGNATURE-DATABASE) >> +>> endobj +901 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 414.407 522.316 425.311] +/Subtype /Link +/A << /S /GoTo /D (0:UPDATING-THE-FILE-SIGNATURE-DATABASE) >> +>> endobj +902 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 401.456 300.93 412.36] +/Subtype /Link +/A << /S /GoTo /D (0:IMPROVING-THE-SIGNAL-TO-NOISE-RATIO) >> +>> endobj +903 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 401.456 522.316 412.36] +/Subtype /Link +/A << /S /GoTo /D (0:IMPROVING-THE-SIGNAL-TO-NOISE-RATIO) >> +>> endobj +904 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 388.504 371.943 399.408] +/Subtype /Link +/A << /S /GoTo /D (0:OPTIONS-CONFIGURATION-FILE) >> +>> endobj +905 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 388.504 522.316 399.408] +/Subtype /Link +/A << /S /GoTo /D (0:OPTIONS-CONFIGURATION-FILE) >> +>> endobj +906 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 377.491 306.33 386.457] +/Subtype /Link +/A << /S /GoTo /D (0:DNMALLOC) >> +>> endobj +907 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 377.491 522.316 386.457] +/Subtype /Link +/A << /S /GoTo /D (0:DNMALLOC) >> +>> endobj +908 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 362.601 272.049 373.505] +/Subtype /Link +/A << /S /GoTo /D (0:SUPPORT) >> +>> endobj +909 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 362.601 522.316 373.505] +/Subtype /Link +/A << /S /GoTo /D (0:SUPPORT) >> +>> endobj +910 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [118.555 347.393 272.487 358.273] +/Subtype /Link +/A << /S /GoTo /D (0:BASIC-CONFIGURATION) >> +>> endobj +911 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 347.393 522.316 358.273] +/Subtype /Link +/A << /S /GoTo /D (0:BASIC-CONFIGURATION) >> +>> endobj +912 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 333.974 193.424 342.82] +/Subtype /Link +/A << /S /GoTo /D (0:LOGDEF) >> +>> endobj +913 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 333.974 522.316 342.82] +/Subtype /Link +/A << /S /GoTo /D (0:LOGDEF) >> +>> endobj +914 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 318.965 269.279 329.869] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGFACILITY) >> +>> endobj +915 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 318.965 522.316 329.869] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGFACILITY) >> +>> endobj +916 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 306.014 364.132 316.918] +/Subtype /Link +/A << /S /GoTo /D (0:THRESHOLDS) >> +>> endobj +917 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 306.014 522.316 316.918] +/Subtype /Link +/A << /S /GoTo /D (0:THRESHOLDS) >> +>> endobj +918 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 295.12 189.011 303.966] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGURATION-EMAIL) >> +>> endobj +919 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 295.12 522.316 303.966] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGURATION-EMAIL) >> +>> endobj +920 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 280.111 193.165 291.015] +/Subtype /Link +/A << /S /GoTo /D (0:TRUSTEDEXAMPLE) >> +>> endobj +921 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 280.111 522.316 291.015] +/Subtype /Link +/A << /S /GoTo /D (0:TRUSTEDEXAMPLE) >> +>> endobj +922 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 267.159 204.622 278.063] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGURATION-LOGSERVER) >> +>> endobj +923 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 267.159 522.316 278.063] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGURATION-LOGSERVER) >> +>> endobj +924 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 256.265 232.347 265.112] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGURATION-EXTERNAL) >> +>> endobj +925 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 256.265 522.316 265.112] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGURATION-EXTERNAL) >> +>> endobj +926 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 243.314 194.55 252.16] +/Subtype /Link +/A << /S /GoTo /D (0:CONSOLEDETAILS) >> +>> endobj +927 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 243.314 522.316 252.16] +/Subtype /Link +/A << /S /GoTo /D (0:CONSOLEDETAILS) >> +>> endobj +928 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 230.243 192.328 239.209] +/Subtype /Link +/A << /S /GoTo /D (0:PRELUDEDETAILS) >> +>> endobj +929 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 230.243 522.316 239.209] +/Subtype /Link +/A << /S /GoTo /D (0:PRELUDEDETAILS) >> +>> endobj +930 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 215.354 275.077 226.258] +/Subtype /Link +/A << /S /GoTo /D (0:NAGIOS) >> +>> endobj +931 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 215.354 522.316 226.258] +/Subtype /Link +/A << /S /GoTo /D (0:NAGIOS) >> +>> endobj +932 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 202.402 194.002 213.306] +/Subtype /Link +/A << /S /GoTo /D (0:SYSLOGDETAILS) >> +>> endobj +933 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 202.402 522.316 213.306] +/Subtype /Link +/A << /S /GoTo /D (0:SYSLOGDETAILS) >> +>> endobj +934 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 189.824 224.697 200.355] +/Subtype /Link +/A << /S /GoTo /D (0:SQLDETAILS) >> +>> endobj +935 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 189.824 522.316 200.355] +/Subtype /Link +/A << /S /GoTo /D (0:SQLDETAILS) >> +>> endobj +936 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [118.555 174.243 334.753 185.122] +/Subtype /Link +/A << /S /GoTo /D (0:FILE-MONITOR) >> +>> endobj +937 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 174.243 522.316 185.122] +/Subtype /Link +/A << /S /GoTo /D (0:FILE-MONITOR) >> +>> endobj +938 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 158.766 225.803 169.67] +/Subtype /Link +/A << /S /GoTo /D (0:BASCLT) >> +>> endobj +939 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 158.766 522.316 169.67] +/Subtype /Link +/A << /S /GoTo /D (0:BASCLT) >> +>> endobj +940 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 147.872 281.543 156.718] +/Subtype /Link +/A << /S /GoTo /D (0:HASH-FUNCTION) >> +>> endobj +941 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 147.872 522.316 156.718] +/Subtype /Link +/A << /S /GoTo /D (0:HASH-FUNCTION) >> +>> endobj +942 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 132.863 220.283 143.767] +/Subtype /Link +/A << /S /GoTo /D (0:FILE-SIGNATURES) >> +>> endobj +943 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 132.863 522.316 143.767] +/Subtype /Link +/A << /S /GoTo /D (0:FILE-SIGNATURES) >> +>> endobj +944 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 119.912 380.71 130.816] +/Subtype /Link +/A << /S /GoTo /D (0:FILEDEF) >> +>> endobj +945 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 119.912 522.316 130.816] +/Subtype /Link +/A << /S /GoTo /D (0:FILEDEF) >> +>> endobj +946 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 106.96 372.919 117.864] +/Subtype /Link +/A << /S /GoTo /D (0:ALL-EXCEPT) >> +>> endobj +947 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 106.96 522.316 117.864] +/Subtype /Link +/A << /S /GoTo /D (0:ALL-EXCEPT) >> +>> endobj +948 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 94.009 235.705 104.913] +/Subtype /Link +/A << /S /GoTo /D (0:TIMING-FILE-CHECKS) >> +>> endobj +949 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 94.009 522.316 104.913] +/Subtype /Link +/A << /S /GoTo /D (0:TIMING-FILE-CHECKS) >> +>> endobj +955 0 obj << +/D [953 0 R /XYZ 71.731 729.265 null] +>> endobj +6 0 obj << +/D [953 0 R /XYZ 244.332 703.236 null] +>> endobj +952 0 obj << +/Font << /F25 852 0 R /F38 956 0 R /F31 858 0 R /F33 859 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1098 0 obj << +/Length 2119 +/Filter /FlateDecode +>> +stream +xÚíÝOsGÇñ»_· ªæ +Ë–cY¶vã*WD’CŒ‡ÖР. +ÝìLc¯öÕ/ÝB +k +/‘¿KÃǶ\P†ßt?ÏÓAkÖ +Zo^{_ +¿è^ÆakÔ%QÒO[a/îô’š5†ž×k'­ßÛýΠsv +õƒö•VV‰LýGéÙ÷›‡–‹‰°ÛK“oŸŠ·2œ[=|öÏñßýÜÖïçQ8lwj  œ‡Ñ°Ý +Ö µâΚù<3tyf|+7ß|‚(sßjŠ +]æîroč(díH2'•úBŸúF.õœòkSë+{0ÞVÎ7ßOýšÖõ/WÝë7W›Ë¥E®dQûoKb^2€çúÙ3lžâîÃçBZ™ÚêÓçgQ¿-s-³ÍunŒœSöȇJÀkð5_6\mC—øÞ­¬É«È—™™ÒÝÕ¯fi7È2~< +WIP×G¿áˆ×€Ó +FýŠÁ(:ž37Kmådw/fwfa2• +Ùmé³.ÿß(4Ý‹FBêBYµ]y +\£Q©ŸŽ +7÷® +©yýæY¯ÇK_ü“}{“ß;øÉ^ÕRÞªÉDêîô, +Úâ®üUvçª(ªß¹ÈM*‹âHyeDß +pŸŽMûOÃþñOG³Ú/{çGŠAƒ/À‰GÄQÓ”ÄEğÌl·3u^U“v +Ù}¡Šúk /€bƒ°éZÝ êã™,3 +PhvÏÑžEΚ~/ó©ÉçB§nù×.õ‘S5žÏs|ÉÛžÄO۟ޝ}U +۞.37ñ45ÚJí&a™éæ«x<’ûCÐĝøasõÛۗga¶Ç®DþÜ9¡grò·ÕïëgšR@í»ÜáBþîe<Ü9,ó<Š;£põÆ×ïÄœxóÆ競^]Ÿy͖Û÷Ÿûe&¿ß{ÌLÕòž—MpםpymEWž7€ÓHŒÃ .1î +¯Ÿ#ýœè7RË\dìíp74ûý1IÇOs¿š—³j„ßÉSº°"˄Uƍ²ÑÆÒ=ðµS]³Ó +“ŽÌÿ³,ðÏTa嶒ÁUg¥™* +·j~\L©pª±8jžØéOµx­ÅM¶{¢÷lÛâ`öj| +™oN±ª/ë +(íàù&­žádÿ`Òº +\]¹d5V”l®ºU?©ëŒÚÙ{Þm$ž£C3#Üá¡ÓÜÌ?;Ž%œœü‰ÿQz +oI|ÇáÏËêlÜê +¡7&Ÿ·Ú-ÛoŠÉË¢3yd„<«øðücGÒ0Ÿû©èÒÊÔV!㻳2aK1ùn7lÔæ‹ +!€¬ù(kúiØc¿:ûvüî§G뮛k+ìÒ-ƒ-ÄLÖ®Þ²®À7¿ +wý$çW·¹1µý>QÄ +À‰Üî +®6‡A5û °¹J]©€HSYž•åOÊÞº +Kuó)‹í56uåà +™ÇN¢‰z#^.à€??GMB†~ ýµÔ“ª005ó¹Ð“âa“ô”2€o7]mW'üŒíëû¢:=Ò÷yÖvqòŽÀã +6]㌫5Ϊÿ$ +Úç֜ïw€ä2÷µ?4èñZCGQÓÕ`?üœÌ§&Ÿ +ºi»ÔGV„9L +ø*¶{[£Î(‰’ÖxÚ:âÎ(\¥Ú~'î¹ÕU?Yò­1w~ u9±Ýµ~ýo+ór +U‹Ì +ßÕå°mf¹˜×–’&^€o(ŒöêÂhžFw³h쳚ofz¯õÇ€„qÌSÀ3»eÚ/Atvú­tÇšþúàtÉÍÅ¿–r)ëë 9 +à/ +«jß*÷JdY5L– +e!GUıȏp„ +0pòÕTêëö|9™(«L•/Ëz_)ìr]Ø+]ð‡(žµF5Órâb¥Ñ‚ š-sQþÝ +aō(ܪã¥ÊŽ”mDJžý[ôð‰pê®:|¹ó[¡Ž˜Ì•v€¹ZÔ + +Ž˜â +ðUÃ_OœA=õÝJ‘ÙÛúätãœJVŒžžR8ªV +ߪí±Ö¯n +~փ±Ó¥7Ym-xŸ‘ØÓÚ`ºß8ªߗaS€wÿK +#*žaŽìöþž[ô +6/ä"3÷s©­ËšÆþ·ÞŸë¢ç­)lÁÊ'À·6Ÿ»Á +UYÓï°¿“öÖžþǗ?ìõçLÊ(zí8Zl†³Õý»zOx&‘bkt ¢âÇý¡ +UeÇÇõ©›Î%Ò»j”ë\èÕ÷yíQk ¯ÀÇs8xòö’¿á¿–é2WöÞo6jŠk?~y!àùÞ_DáSwÃjGñ—õAMuui!Ï=ÂmËþb«›_µp¥íºu{¶Ý +1Ó'÷vKðR[X¥¶êÜ×LU}(ÒÙúqõ ÙÕM +Æ°ÌâŠËiœG'úÉ|ÓëSßÒ3ày€¿Ø=Àvq¶ïîÞH-s‘Õþ­,¹7Ú +ã6Ãxt’€ß:ï +;ÛsPüÉ×ãÿôcdœ +endstream +endobj +1097 0 obj << +/Type /Page +/Contents 1098 0 R +/Resources 1096 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 853 0 R +/Annots [ 950 0 R 951 0 R 1002 0 R 1003 0 R 1004 0 R 1005 0 R 1006 0 R 1007 0 R 1008 0 R 1009 0 R 1010 0 R 1011 0 R 1012 0 R 1013 0 R 1014 0 R 1015 0 R 1016 0 R 1017 0 R 1018 0 R 1019 0 R 1020 0 R 1021 0 R 1022 0 R 1023 0 R 1024 0 R 1025 0 R 1026 0 R 1027 0 R 1028 0 R 1029 0 R 1030 0 R 1031 0 R 1032 0 R 1033 0 R 1034 0 R 1035 0 R 1036 0 R 1037 0 R 1038 0 R 1039 0 R 1040 0 R 1041 0 R 1042 0 R 1043 0 R 1044 0 R 1045 0 R 1046 0 R 1047 0 R 1048 0 R 1049 0 R 1050 0 R 1051 0 R 1052 0 R 1053 0 R 1054 0 R 1055 0 R 1056 0 R 1057 0 R 1058 0 R 1059 0 R 1060 0 R 1061 0 R 1062 0 R 1063 0 R 1064 0 R 1065 0 R 1066 0 R 1067 0 R 1068 0 R 1069 0 R 1070 0 R 1071 0 R 1072 0 R 1073 0 R 1074 0 R 1075 0 R 1076 0 R 1077 0 R 1078 0 R 1079 0 R 1080 0 R 1081 0 R 1082 0 R 1083 0 R 1084 0 R 1085 0 R 1086 0 R 1087 0 R 1088 0 R 1089 0 R 1090 0 R 1091 0 R ] +>> endobj +950 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 705.191 297.204 716.095] +/Subtype /Link +/A << /S /GoTo /D (0:INITIALIZING-UPDATING-CHECKING) >> +>> endobj +951 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 705.191 522.316 716.095] +/Subtype /Link +/A << /S /GoTo /D (0:INITIALIZING-UPDATING-CHECKING) >> +>> endobj +1002 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 692.239 268.412 703.143] +/Subtype /Link +/A << /S /GoTo /D (0:DATABASEFILE) >> +>> endobj +1003 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 692.239 522.316 703.143] +/Subtype /Link +/A << /S /GoTo /D (0:DATABASEFILE) >> +>> endobj +1004 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 679.288 360.018 690.192] +/Subtype /Link +/A << /S /GoTo /D (0:SUIDCHK) >> +>> endobj +1005 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 679.288 522.316 690.192] +/Subtype /Link +/A << /S /GoTo /D (0:SUIDCHK) >> +>> endobj +1006 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 666.336 267.894 677.24] +/Subtype /Link +/A << /S /GoTo /D (0:KERNELDEF) >> +>> endobj +1007 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 666.336 522.316 677.24] +/Subtype /Link +/A << /S /GoTo /D (0:KERNELDEF) >> +>> endobj +1008 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 653.385 291.017 664.289] +/Subtype /Link +/A << /S /GoTo /D (0:MONDEF) >> +>> endobj +1009 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 653.385 522.316 664.289] +/Subtype /Link +/A << /S /GoTo /D (0:MONDEF) >> +>> endobj +1010 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 640.433 318.803 651.337] +/Subtype /Link +/A << /S /GoTo /D (0:MOUNTCHECK) >> +>> endobj +1011 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 640.433 522.316 651.337] +/Subtype /Link +/A << /S /GoTo /D (0:MOUNTCHECK) >> +>> endobj +1012 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 627.482 325.338 638.386] +/Subtype /Link +/A << /S /GoTo /D (0:USERCHECK) >> +>> endobj +1013 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 627.482 522.316 638.386] +/Subtype /Link +/A << /S /GoTo /D (0:USERCHECK) >> +>> endobj +1014 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 614.531 342.932 625.435] +/Subtype /Link +/A << /S /GoTo /D (0:PROCESSCHECK) >> +>> endobj +1015 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 614.531 522.316 625.435] +/Subtype /Link +/A << /S /GoTo /D (0:PROCESSCHECK) >> +>> endobj +1016 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 601.579 263.441 612.483] +/Subtype /Link +/A << /S /GoTo /D (0:PORTCHECK) >> +>> endobj +1017 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 601.579 522.316 612.483] +/Subtype /Link +/A << /S /GoTo /D (0:PORTCHECK) >> +>> endobj +1018 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 588.628 277.299 599.532] +/Subtype /Link +/A << /S /GoTo /D (0:LOGMON) >> +>> endobj +1019 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 588.628 522.316 599.532] +/Subtype /Link +/A << /S /GoTo /D (0:LOGMON) >> +>> endobj +1020 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 577.734 201.743 586.58] +/Subtype /Link +/A << /S /GoTo /D (0:MODULES) >> +>> endobj +1021 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 577.734 522.316 586.58] +/Subtype /Link +/A << /S /GoTo /D (0:MODULES) >> +>> endobj +1022 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 562.725 245.728 573.629] +/Subtype /Link +/A << /S /GoTo /D (0:PERFORMANCE-TUNING) >> +>> endobj +1023 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 562.725 522.316 573.629] +/Subtype /Link +/A << /S /GoTo /D (0:PERFORMANCE-TUNING) >> +>> endobj +1024 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 549.773 404.82 560.677] +/Subtype /Link +/A << /S /GoTo /D (0:FILE-CONTENT-STORE) >> +>> endobj +1025 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 549.773 522.316 560.677] +/Subtype /Link +/A << /S /GoTo /D (0:FILE-CONTENT-STORE) >> +>> endobj +1026 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [118.555 534.565 264.527 545.445] +/Subtype /Link +/A << /S /GoTo /D (0:YULE) >> +>> endobj +1027 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 534.565 522.316 545.445] +/Subtype /Link +/A << /S /GoTo /D (0:YULE) >> +>> endobj +1028 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 521.146 193.424 529.992] +/Subtype /Link +/A << /S /GoTo /D (0:GENERAL) >> +>> endobj +1029 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 521.146 522.316 529.992] +/Subtype /Link +/A << /S /GoTo /D (0:GENERAL) >> +>> endobj +1030 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 506.137 271.48 517.041] +/Subtype /Link +/A << /S /GoTo /D (0:DROPROOT) >> +>> endobj +1031 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 506.137 522.316 517.041] +/Subtype /Link +/A << /S /GoTo /D (0:DROPROOT) >> +>> endobj +1032 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 493.186 239.222 504.09] +/Subtype /Link +/A << /S /GoTo /D (0:CLIENTS) >> +>> endobj +1033 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 493.186 522.316 504.09] +/Subtype /Link +/A << /S /GoTo /D (0:CLIENTS) >> +>> endobj +1034 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 480.234 282.39 491.138] +/Subtype /Link +/A << /S /GoTo /D (0:ENABLING-LOGGING-TO-THE-SERVER) >> +>> endobj +1035 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 480.234 522.316 491.138] +/Subtype /Link +/A << /S /GoTo /D (0:ENABLING-LOGGING-TO-THE-SERVER) >> +>> endobj +1036 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 467.283 450.637 478.187] +/Subtype /Link +/A << /S /GoTo /D (0:DATABASE-CONFIGURATION-FILE-DOWNLOAD) >> +>> endobj +1037 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 467.283 522.316 478.187] +/Subtype /Link +/A << /S /GoTo /D (0:DATABASE-CONFIGURATION-FILE-DOWNLOAD) >> +>> endobj +1038 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 454.331 307.166 465.235] +/Subtype /Link +/A << /S /GoTo /D (0:SERVER-LOGGING) >> +>> endobj +1039 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 454.331 522.316 465.235] +/Subtype /Link +/A << /S /GoTo /D (0:SERVER-LOGGING) >> +>> endobj +1040 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 441.38 256.567 452.284] +/Subtype /Link +/A << /S /GoTo /D (0:GCM) >> +>> endobj +1041 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 441.38 522.316 452.284] +/Subtype /Link +/A << /S /GoTo /D (0:GCM) >> +>> endobj +1042 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 428.428 281.264 439.332] +/Subtype /Link +/A << /S /GoTo /D (0:SERVER-STATUS-INFORMATION) >> +>> endobj +1043 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 428.428 522.316 439.332] +/Subtype /Link +/A << /S /GoTo /D (0:SERVER-STATUS-INFORMATION) >> +>> endobj +1044 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 417.415 189.569 426.381] +/Subtype /Link +/A << /S /GoTo /D (0:CHROOT) >> +>> endobj +1045 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 417.415 522.316 426.381] +/Subtype /Link +/A << /S /GoTo /D (0:CHROOT) >> +>> endobj +1046 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 402.526 339.236 413.43] +/Subtype /Link +/A << /S /GoTo /D (0:LIBWRAP) >> +>> endobj +1047 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 402.526 522.316 413.43] +/Subtype /Link +/A << /S /GoTo /D (0:LIBWRAP) >> +>> endobj +1048 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 389.574 283.934 400.478] +/Subtype /Link +/A << /S /GoTo /D (0:SEND-COMMANDS) >> +>> endobj +1049 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 389.574 522.316 400.478] +/Subtype /Link +/A << /S /GoTo /D (0:SEND-COMMANDS) >> +>> endobj +1050 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 376.623 226.938 387.527] +/Subtype /Link +/A << /S /GoTo /D (0:UDP) >> +>> endobj +1051 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 376.623 522.316 387.527] +/Subtype /Link +/A << /S /GoTo /D (0:UDP) >> +>> endobj +1052 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 363.671 253.509 374.575] +/Subtype /Link +/A << /S /GoTo /D (0:SERVER-TO-SERVER) >> +>> endobj +1053 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 363.671 522.316 374.575] +/Subtype /Link +/A << /S /GoTo /D (0:SERVER-TO-SERVER) >> +>> endobj +1054 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 350.72 245.728 361.624] +/Subtype /Link +/A << /S /GoTo /D (0:PERFORMANCE-TUNING-SERVER) >> +>> endobj +1055 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 350.72 522.316 361.624] +/Subtype /Link +/A << /S /GoTo /D (0:PERFORMANCE-TUNING-SERVER) >> +>> endobj +1056 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [118.555 335.512 256.388 346.391] +/Subtype /Link +/A << /S /GoTo /D (0:EXTERN) >> +>> endobj +1057 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 335.512 522.316 346.391] +/Subtype /Link +/A << /S /GoTo /D (0:EXTERN) >> +>> endobj +1058 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 320.035 183.482 330.939] +/Subtype /Link +/A << /S /GoTo /D (0:PIPES) >> +>> endobj +1059 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 320.035 522.316 330.939] +/Subtype /Link +/A << /S /GoTo /D (0:PIPES) >> +>> endobj +1060 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 307.084 263.441 317.987] +/Subtype /Link +/A << /S /GoTo /D (0:SYSTEM-V-MESSAGE-QUEUE) >> +>> endobj +1061 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 307.084 522.316 317.987] +/Subtype /Link +/A << /S /GoTo /D (0:SYSTEM-V-MESSAGE-QUEUE) >> +>> endobj +1062 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 294.132 265.782 305.036] +/Subtype /Link +/A << /S /GoTo /D (0:CALLING-EXTERNAL-PROGRAMS) >> +>> endobj +1063 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 294.132 522.316 305.036] +/Subtype /Link +/A << /S /GoTo /D (0:CALLING-EXTERNAL-PROGRAMS) >> +>> endobj +1064 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [118.555 278.924 385.532 289.803] +/Subtype /Link +/A << /S /GoTo /D (0:SIGNED-FILES) >> +>> endobj +1065 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [510.361 278.924 522.316 289.803] +/Subtype /Link +/A << /S /GoTo /D (0:SIGNED-FILES) >> +>> endobj +1066 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 263.447 262.614 274.351] +/Subtype /Link +/A << /S /GoTo /D (0:SAMHAINADMIN) >> +>> endobj +1067 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 263.447 522.316 274.351] +/Subtype /Link +/A << /S /GoTo /D (0:SAMHAINADMIN) >> +>> endobj +1068 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [118.555 250.142 259.874 259.118] +/Subtype /Link +/A << /S /GoTo /D (0:STEALTHMODE) >> +>> endobj +1069 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 250.142 522.316 259.118] +/Subtype /Link +/A << /S /GoTo /D (0:STEALTHMODE) >> +>> endobj +1070 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 232.762 249.025 243.666] +/Subtype /Link +/A << /S /GoTo /D (0:HIDING-THE-EXECUTABLE) >> +>> endobj +1071 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 232.762 522.316 243.666] +/Subtype /Link +/A << /S /GoTo /D (0:HIDING-THE-EXECUTABLE) >> +>> endobj +1072 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 219.811 253.299 230.715] +/Subtype /Link +/A << /S /GoTo /D (0:PACKING-THE-EXECUTABLE) >> +>> endobj +1073 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 219.811 522.316 230.715] +/Subtype /Link +/A << /S /GoTo /D (0:PACKING-THE-EXECUTABLE) >> +>> endobj +1074 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [118.555 204.603 254.006 215.482] +/Subtype /Link +/A << /S /GoTo /D (0:DEPLOYMENT) >> +>> endobj +1075 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 204.603 522.316 215.482] +/Subtype /Link +/A << /S /GoTo /D (0:DEPLOYMENT) >> +>> endobj +1076 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 189.126 307.904 200.03] +/Subtype /Link +/A << /S /GoTo /D (0:DEPLOY.SH) >> +>> endobj +1077 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 189.126 522.316 200.03] +/Subtype /Link +/A << /S /GoTo /D (0:DEPLOY.SH) >> +>> endobj +1078 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 176.174 326.116 187.078] +/Subtype /Link +/A << /S /GoTo /D (0:NATIVE-PACKAGES) >> +>> endobj +1079 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 176.174 522.316 187.078] +/Subtype /Link +/A << /S /GoTo /D (0:NATIVE-PACKAGES) >> +>> endobj +1080 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [118.555 160.966 202.181 171.846] +/Subtype /Link +/A << /S /GoTo /D (0:SECURITY-DESIGN) >> +>> endobj +1081 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 160.966 522.316 171.846] +/Subtype /Link +/A << /S /GoTo /D (0:SECURITY-DESIGN) >> +>> endobj +1082 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 145.49 191.771 156.394] +/Subtype /Link +/A << /S /GoTo /D (0:SECURITY-USAGE) >> +>> endobj +1083 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 145.49 522.316 156.394] +/Subtype /Link +/A << /S /GoTo /D (0:SECURITY-USAGE) >> +>> endobj +1084 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 132.538 271.282 143.442] +/Subtype /Link +/A << /S /GoTo /D (0:KEYPAD) >> +>> endobj +1085 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 132.538 522.316 143.442] +/Subtype /Link +/A << /S /GoTo /D (0:KEYPAD) >> +>> endobj +1086 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 119.587 272.128 130.491] +/Subtype /Link +/A << /S /GoTo /D (0:CLIENT-INTEGRITY) >> +>> endobj +1087 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 119.587 522.316 130.491] +/Subtype /Link +/A << /S /GoTo /D (0:CLIENT-INTEGRITY) >> +>> endobj +1088 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 108.693 209.046 117.539] +/Subtype /Link +/A << /S /GoTo /D (0:SERVER-SECURITY) >> +>> endobj +1089 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 108.693 522.316 117.539] +/Subtype /Link +/A << /S /GoTo /D (0:SERVER-SECURITY) >> +>> endobj +1090 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 95.741 198.406 104.588] +/Subtype /Link +/A << /S /GoTo /D (0:DESIGN) >> +>> endobj +1091 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 95.741 522.316 104.588] +/Subtype /Link +/A << /S /GoTo /D (0:DESIGN) >> +>> endobj +1099 0 obj << +/D [1097 0 R /XYZ 71.731 729.265 null] +>> endobj +1096 0 obj << +/Font << /F31 858 0 R /F38 956 0 R /F33 859 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1206 0 obj << +/Length 1312 +/Filter /FlateDecode +>> +stream +xÚíÝMoÚX€á}~ +—°Àpýíåšš£V ªYŽ]žøVŒ/c›hòïÇÄ%™\יIG“äÝÌÓ4ÈHøœësΝcb\žM +<ž/Ïƶof0µŠÆrm˜®kÞÄ7mÇ1–‘ñyð‹9 +Yîdð!΋ê™Z׏û"Vi^ +¬‡–;PYuPleõÄ +¯Túe2±6‡l(üAýrŸÊâ}1üºüõoïÊø<òŒ©1Þ"Œ„å„å>Êe<#NâË6aŒ„[F3v͈:ž¹”©ÌÂDûgŠ6g€Š!åÒÍÀMÒaÕIÇowKŠeÖqwŽSÑ!‘õj¡ªÇœÌÖ*ÛUaŧ¿±ÚÊÕu®{O–øšÞÞÅÈëŸYÍÅÈn/F2œºŒªñ& +‹CÖ\ŽTZ=ÎÚûwáñB4ž‡Eø-Ìëyññú¥]B³ø°xõßœ~ÏDÀ©¿{gI,ÓbŒÙÍPž™µß¶©\ñ±˜â&.nµTø|ÏŠ¹u˜vu +ÎÂb«Ïqœ)g€ÿ8µ tñ§ +~£GJâϵ +~+µÛ +iT +$q*ï÷ýéގCå<À‹ ++mñÔFK«‰*{6ZZ”2Ð# +yØÛrÞ6ZæánÆ©î?=ŽŠãTÐæ +V¯fó¶ŸþöH}/ŒàDðBó  +³ŽÎ‚{SŪ¯$={ +„Ëçðob<ç–ùÏ(óà9Ӑ‡eþ³¶Ì¿ÚâÞþIw[$i·–' €'Åèýö<µeñ +y·›QµÍÑqO£{• '˜úM +¶’^J$ÜlúùAm6qº©×«·™Ì·*‰ôEÎ6ƒÔ€ç +aœž͆š¿ýÉ ,VÛ6ŽMTӎ˟êP™rÊâéïKìÍ +ÿw2KÃDßár¶àåç +}úˆv‡Š$îÚċRfN“÷ñ™ã +Û73˜ZSc¹6F–m¢ÌC\Óvê> endobj +1092 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [118.555 705.325 298.608 716.204] +/Subtype /Link +/A << /S /GoTo /D (0:COMPILATION-OPTIONS) >> +>> endobj +1093 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 705.325 522.316 716.204] +/Subtype /Link +/A << /S /GoTo /D (0:COMPILATION-OPTIONS) >> +>> endobj +1094 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 691.905 195.636 700.752] +/Subtype /Link +/A << /S /GoTo /D (0:COMPILATION-OPTIONS-GENERAL) >> +>> endobj +1095 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 691.905 522.316 700.752] +/Subtype /Link +/A << /S /GoTo /D (0:COMPILATION-OPTIONS-GENERAL) >> +>> endobj +1146 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 676.897 351.988 687.801] +/Subtype /Link +/A << /S /GoTo /D (0:COMPILATION-CHECKS) >> +>> endobj +1147 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 676.897 522.316 687.801] +/Subtype /Link +/A << /S /GoTo /D (0:COMPILATION-CHECKS) >> +>> endobj +1148 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 663.945 379.953 674.849] +/Subtype /Link +/A << /S /GoTo /D (0:OPENPGP-SIGNATURES) >> +>> endobj +1149 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 663.945 522.316 674.849] +/Subtype /Link +/A << /S /GoTo /D (0:OPENPGP-SIGNATURES) >> +>> endobj +1150 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 650.994 270.803 661.898] +/Subtype /Link +/A << /S /GoTo /D (0:CLIENT-SERVER-CONNECTIVITY) >> +>> endobj +1151 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 650.994 522.316 661.898] +/Subtype /Link +/A << /S /GoTo /D (0:CLIENT-SERVER-CONNECTIVITY) >> +>> endobj +1152 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 639.98 185.544 648.946] +/Subtype /Link +/A << /S /GoTo /D (0:PATHS) >> +>> endobj +1153 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 639.98 522.316 648.946] +/Subtype /Link +/A << /S /GoTo /D (0:PATHS) >> +>> endobj +1154 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [118.555 622.834 255.61 633.714] +/Subtype /Link +/A << /S /GoTo /D (0:COMMAND-LINE) >> +>> endobj +1155 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 622.834 522.316 633.714] +/Subtype /Link +/A << /S /GoTo /D (0:COMMAND-LINE) >> +>> endobj +1156 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 609.415 195.088 618.261] +/Subtype /Link +/A << /S /GoTo /D (0:COMMAND-LINE-GENERAL) >> +>> endobj +1157 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 609.415 522.316 618.261] +/Subtype /Link +/A << /S /GoTo /D (0:COMMAND-LINE-GENERAL) >> +>> endobj +1158 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 596.463 196.762 605.31] +/Subtype /Link +/A << /S /GoTo /D (0:SAMHAIN-COMMAND-LINE) >> +>> endobj +1159 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 596.463 522.316 605.31] +/Subtype /Link +/A << /S /GoTo /D (0:SAMHAIN-COMMAND-LINE) >> +>> endobj +1160 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 581.455 180.712 592.359] +/Subtype /Link +/A << /S /GoTo /D (0:COMMAND-LINE-YULE) >> +>> endobj +1161 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 581.455 522.316 592.359] +/Subtype /Link +/A << /S /GoTo /D (0:COMMAND-LINE-YULE) >> +>> endobj +1162 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [118.555 566.247 268.342 577.126] +/Subtype /Link +/A << /S /GoTo /D (0:THE-CONFIGURATION-FILE) >> +>> endobj +1163 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 566.247 522.316 577.126] +/Subtype /Link +/A << /S /GoTo /D (0:THE-CONFIGURATION-FILE) >> +>> endobj +1164 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 552.827 195.088 561.674] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGFILE) >> +>> endobj +1165 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 552.827 522.316 561.674] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGFILE) >> +>> endobj +1166 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 539.876 218.898 548.722] +/Subtype /Link +/A << /S /GoTo /D (0:FILES-TO-CHECK) >> +>> endobj +1167 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 539.876 522.316 548.722] +/Subtype /Link +/A << /S /GoTo /D (0:FILES-TO-CHECK) >> +>> endobj +1168 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 524.867 234.699 535.771] +/Subtype /Link +/A << /S /GoTo /D (0:SEVERITY-OF-EVENTS) >> +>> endobj +1169 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 524.867 522.316 535.771] +/Subtype /Link +/A << /S /GoTo /D (0:SEVERITY-OF-EVENTS) >> +>> endobj +1170 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 511.915 240.766 522.819] +/Subtype /Link +/A << /S /GoTo /D (0:LOGGING-THRESHOLDS) >> +>> endobj +1171 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 511.915 522.316 522.819] +/Subtype /Link +/A << /S /GoTo /D (0:LOGGING-THRESHOLDS) >> +>> endobj +1172 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 498.964 280.248 509.868] +/Subtype /Link +/A << /S /GoTo /D (0:WATCHING-LOGIN-LOGOUT-EVENTS) >> +>> endobj +1173 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 498.964 522.316 509.868] +/Subtype /Link +/A << /S /GoTo /D (0:WATCHING-LOGIN-LOGOUT-EVENTS) >> +>> endobj +1174 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 486.013 308.452 496.917] +/Subtype /Link +/A << /S /GoTo /D (0:CHECKING-FOR-KERNEL-MODULE-ROOTKITS) >> +>> endobj +1175 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 486.013 522.316 496.917] +/Subtype /Link +/A << /S /GoTo /D (0:CHECKING-FOR-KERNEL-MODULE-ROOTKITS) >> +>> endobj +1176 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 473.061 286.694 483.965] +/Subtype /Link +/A << /S /GoTo /D (0:CHECKING-FOR-SUID-FILES) >> +>> endobj +1177 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 473.061 522.316 483.965] +/Subtype /Link +/A << /S /GoTo /D (0:CHECKING-FOR-SUID-FILES) >> +>> endobj +1178 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 460.11 275.635 471.014] +/Subtype /Link +/A << /S /GoTo /D (0:CHECKING-MOUNTS) >> +>> endobj +1179 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 460.11 522.316 471.014] +/Subtype /Link +/A << /S /GoTo /D (0:CHECKING-MOUNTS) >> +>> endobj +1180 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 447.158 254.036 458.062] +/Subtype /Link +/A << /S /GoTo /D (0:CHECKING-USERFILES) >> +>> endobj +1181 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 447.158 522.316 458.062] +/Subtype /Link +/A << /S /GoTo /D (0:CHECKING-USERFILES) >> +>> endobj +1182 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 434.207 346.788 445.111] +/Subtype /Link +/A << /S /GoTo /D (0:CHECKING-PROCESSES) >> +>> endobj +1183 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 434.207 522.316 445.111] +/Subtype /Link +/A << /S /GoTo /D (0:CHECKING-PROCESSES) >> +>> endobj +1184 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 421.255 265.105 432.159] +/Subtype /Link +/A << /S /GoTo /D (0:CHECKING-PORTS) >> +>> endobj +1185 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 421.255 522.316 432.159] +/Subtype /Link +/A << /S /GoTo /D (0:CHECKING-PORTS) >> +>> endobj +1186 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 408.304 278.962 419.208] +/Subtype /Link +/A << /S /GoTo /D (0:LOGMON-CHECK) >> +>> endobj +1187 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 408.304 522.316 419.208] +/Subtype /Link +/A << /S /GoTo /D (0:LOGMON-CHECK) >> +>> endobj +1188 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 397.41 205.051 406.256] +/Subtype /Link +/A << /S /GoTo /D (0:DATABASE) >> +>> endobj +1189 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 397.41 522.316 406.256] +/Subtype /Link +/A << /S /GoTo /D (0:DATABASE) >> +>> endobj +1190 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 384.458 226.091 393.305] +/Subtype /Link +/A << /S /GoTo /D (0:MISCELLANEOUS) >> +>> endobj +1191 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 384.458 522.316 393.305] +/Subtype /Link +/A << /S /GoTo /D (0:MISCELLANEOUS) >> +>> endobj +1192 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 371.387 202.291 380.354] +/Subtype /Link +/A << /S /GoTo /D (0:EXTERNAL) >> +>> endobj +1193 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 371.387 522.316 380.354] +/Subtype /Link +/A << /S /GoTo /D (0:EXTERNAL) >> +>> endobj +1194 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 358.556 196.771 367.402] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGFILE-CLIENTS) >> +>> endobj +1195 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 358.556 522.316 367.402] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGFILE-CLIENTS) >> +>> endobj +1196 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [118.555 343.193 224.886 352.169] +/Subtype /Link +/A << /S /GoTo /D (0:DATABASE-FIELDS) >> +>> endobj +1197 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 343.193 522.316 352.169] +/Subtype /Link +/A << /S /GoTo /D (0:DATABASE-FIELDS) >> +>> endobj +1198 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 327.871 195.636 336.717] +/Subtype /Link +/A << /S /GoTo /D (0:GEN-DB-FIELDS) >> +>> endobj +1199 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 327.871 522.316 336.717] +/Subtype /Link +/A << /S /GoTo /D (0:GEN-DB-FIELDS) >> +>> endobj +1200 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 314.919 198.973 323.766] +/Subtype /Link +/A << /S /GoTo /D (0:MOD-DB-FIELDS) >> +>> endobj +1201 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 314.919 522.316 323.766] +/Subtype /Link +/A << /S /GoTo /D (0:MOD-DB-FIELDS) >> +>> endobj +1202 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [142.466 299.91 191.233 310.814] +/Subtype /Link +/A << /S /GoTo /D (0:SYS-DB-FIELDS) >> +>> endobj +1203 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [505.38 299.91 522.316 310.814] +/Subtype /Link +/A << /S /GoTo /D (0:SYS-DB-FIELDS) >> +>> endobj +1207 0 obj << +/D [1205 0 R /XYZ 71.731 729.265 null] +>> endobj +1204 0 obj << +/Font << /F38 956 0 R /F31 858 0 R /F33 859 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1241 0 obj << +/Length 746 +/Filter /FlateDecode +>> +stream +xÚ}UMoÛ0 +œ÷Wøh‰ë:v® +Ö¡;¬‡fÀ€uÅVba²dHr³ì׏Š(Ûqƒ$SÉ÷ +I%Á1H‚/w ®»»û§¬²$ÞUìA™Æeže’ÇYŸ vMð3üԒÞP­³² +ÓØ­Ïš(KBÙ +µaRD¿v_ïŸàê6Þn²õõPÆU–ë|çyæ|iÒµ„ ðQ$!Ón%niˆÁ +†Fi +3güG4㙎èìœ*ã¶ú¬ +íp?0Cöœº¯ƒThfâ荭ÔÆ'€ë‰r~mor¢¢Ž +te‘}ë4‹·ÂúþíùÇzO4Å$5§(vÔo +cè9ryˆ²"rÅÊ-1Ð2=Ó€¿–œÓÚç`ZÄÛQ­ÉÑ +Bc™ò«Äo²Ÿ»øÈSp-ޒ$;ŠWéy†ùÂÆö ÔZ”†Ôì¿ü>\łJê֙\LtMÐÝ +ci •¢g€à"! +M¥%ò$ž$û7 +÷ç¹s}«+Jv +vnñZ!öÈw= ,A>WQHå[R$³óÀJ*HGQÕP3Ñ̹÷ö—×¥ì/¯nU”Sp»š„ºQLS%*7™.=q1\ŸÿôЫ­†,Ó«²šœº^pYõãf¬—Ù”òF2gSfьû) †qYÚü§âƲœˆ +ŠŸ—‚NÀìPž +à5€ëuÁé€tžZ汍i/[Ê{Q¢ò~üÈóSã> endobj +957 0 obj << +/D [1240 0 R /XYZ 71.731 718.306 null] +>> endobj +10 0 obj << +/D [1240 0 R /XYZ 298.58 703.236 null] +>> endobj +1242 0 obj << +/D [1240 0 R /XYZ 71.731 672.579 null] +>> endobj +1243 0 obj << +/D [1240 0 R /XYZ 71.731 672.579 null] +>> endobj +1244 0 obj << +/D [1240 0 R /XYZ 214.345 650.952 null] +>> endobj +1245 0 obj << +/D [1240 0 R /XYZ 71.731 615.919 null] +>> endobj +1246 0 obj << +/D [1240 0 R /XYZ 173.1 605.124 null] +>> endobj +1247 0 obj << +/D [1240 0 R /XYZ 71.731 570.09 null] +>> endobj +1248 0 obj << +/D [1240 0 R /XYZ 71.731 511.311 null] +>> endobj +1249 0 obj << +/D [1240 0 R /XYZ 278.085 500.516 null] +>> endobj +1250 0 obj << +/D [1240 0 R /XYZ 446.422 500.516 null] +>> endobj +1239 0 obj << +/Font << /F25 852 0 R /F31 858 0 R /F33 859 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1255 0 obj << +/Length 753 +/Filter /FlateDecode +>> +stream +xÚ­V]o›0}ï¯àaR‰T +ۀ!}Øú¶Ú +¶JÍ[» +±Fñ‘ŽÕ~üüqi ¢R€E‘bÛçžsï¹ØÉ +ìÜ_`¿¬/–w4t(F,ŒCg9A‘OœûˆúÌY§Î“{³áu'š +G£Ø¥ÈŽ7Õ¶– +,sûÈËÔNdÙvŒ0 +¿Öß +|ŒVŒE( +˜ãù>Â! ?òí†Ë`Zí,(v +)ÊnÙj»»HûÚvb{m£ñ( + +ˆ¯$šëÔd,$[øØ­’Ÿ°Z‡ß:h/‹ô "vJ%/ªRÀ30W + +oꢒ ڄŽñ¢¿DÒwÜ bAB²xgH4SÑ#Áju· ¡;}5Þx”ÿÙcð°'1Õ +ˆYSmí¬Û +/ˆӂ1(¬Ò¶ê›Ä(»£Ö^v;Kef/šwêUÝɪlÇUiŽ_&UùŒ1ÍûF\—Dû!te +0Ï8Ä­0äÞ +î<™¥G‘胁ƒ£=îgu– wY +1d=‚·@¢À +ÈUG$w͘t›Û1ÑÍËqÙꂗüÀ¿ÊŽãÎùEÕi°ŒèúzákË + +I"DIhzÅZ’ùˆÄ š"þü¹ÚNšâî-†º!VªÝ(ÓA„bJTSSG€ðµÒ,öeQñZ4ĪE1[EŠE"þÊñš²Y +6Ÿ`'ï\!ŸÅC/ïs¡ÊÍ0v7]W_/—÷t– +¥b +9Œ^Ò7Úfšã +Êßfš{~ˆB +™,p¿}éžhW +ØžÊöVšSKtOÉìÕ>?Ü?ØI+sU"eNm€sêÍûòMÖV±—Øñufí¯ +ÔOvò²Ëàð +)bM®¬“XÕ9 z;HǘØ€?–âmòÁêYò4G㿳Î%IgxœjŸ›ÃEwN¡¥ºA3©aOg¢ÿàÏÊbËÿœ +þ›}8{xSxI™\Ċ”?"å3‚šª~ŒQÌÀ‰tràv}ñ$r` +endstream +endobj +1254 0 obj << +/Type /Page +/Contents 1255 0 R +/Resources 1253 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1289 0 R +/Annots [ 1251 0 R 1252 0 R ] +>> endobj +1251 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [384.443 643.876 431.293 654.458] +/Subtype /Link +/A << /S /GoTo /D (0:INSTALLATION-CONFIGURE) >> +>> endobj +1252 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [246.362 627.346 287.726 637.821] +/Subtype /Link +/A << /S /GoTo /D (0:YULE) >> +>> endobj +958 0 obj << +/D [1254 0 R /XYZ 71.731 718.306 null] +>> endobj +14 0 obj << +/D [1254 0 R /XYZ 418.398 703.236 null] +>> endobj +1256 0 obj << +/D [1254 0 R /XYZ 71.731 692.184 null] +>> endobj +1257 0 obj << +/D [1254 0 R /XYZ 71.731 677.24 null] +>> endobj +1259 0 obj << +/D [1254 0 R /XYZ 71.731 639.891 null] +>> endobj +959 0 obj << +/D [1254 0 R /XYZ 76.712 612.297 null] +>> endobj +18 0 obj << +/D [1254 0 R /XYZ 181.702 567.043 null] +>> endobj +1260 0 obj << +/D [1254 0 R /XYZ 71.731 546.902 null] +>> endobj +1261 0 obj << +/D [1254 0 R /XYZ 71.731 524.104 null] +>> endobj +1262 0 obj << +/D [1254 0 R /XYZ 135.691 512.547 null] +>> endobj +1264 0 obj << +/D [1254 0 R /XYZ 155.059 512.547 null] +>> endobj +1266 0 obj << +/D [1254 0 R /XYZ 71.731 458.051 null] +>> endobj +1267 0 obj << +/D [1254 0 R /XYZ 71.731 432.981 null] +>> endobj +1268 0 obj << +/D [1254 0 R /XYZ 135.691 423.481 null] +>> endobj +1269 0 obj << +/D [1254 0 R /XYZ 155.059 423.481 null] +>> endobj +1270 0 obj << +/D [1254 0 R /XYZ 135.691 411.825 null] +>> endobj +1271 0 obj << +/D [1254 0 R /XYZ 155.059 411.825 null] +>> endobj +1272 0 obj << +/D [1254 0 R /XYZ 135.691 400.169 null] +>> endobj +1273 0 obj << +/D [1254 0 R /XYZ 155.059 400.169 null] +>> endobj +1274 0 obj << +/D [1254 0 R /XYZ 135.691 388.512 null] +>> endobj +1275 0 obj << +/D [1254 0 R /XYZ 155.059 388.512 null] +>> endobj +1276 0 obj << +/D [1254 0 R /XYZ 71.731 334.017 null] +>> endobj +1277 0 obj << +/D [1254 0 R /XYZ 71.731 308.946 null] +>> endobj +1278 0 obj << +/D [1254 0 R /XYZ 135.691 299.446 null] +>> endobj +1279 0 obj << +/D [1254 0 R /XYZ 155.059 299.446 null] +>> endobj +1280 0 obj << +/D [1254 0 R /XYZ 71.731 244.951 null] +>> endobj +1281 0 obj << +/D [1254 0 R /XYZ 71.731 219.88 null] +>> endobj +1282 0 obj << +/D [1254 0 R /XYZ 135.691 210.38 null] +>> endobj +1283 0 obj << +/D [1254 0 R /XYZ 155.059 210.38 null] +>> endobj +1284 0 obj << +/D [1254 0 R /XYZ 71.731 155.885 null] +>> endobj +1285 0 obj << +/D [1254 0 R /XYZ 71.731 132.871 null] +>> endobj +1286 0 obj << +/D [1254 0 R /XYZ 135.691 121.314 null] +>> endobj +1287 0 obj << +/D [1254 0 R /XYZ 155.059 121.314 null] +>> endobj +1288 0 obj << +/D [1254 0 R /XYZ 71.731 48.817 null] +>> endobj +1253 0 obj << +/Font << /F25 852 0 R /F48 1258 0 R /F31 858 0 R /F50 1263 0 R /F51 1265 0 R /F33 859 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1292 0 obj << +/Length 1073 +/Filter /FlateDecode +>> +stream +xÚµVMÛ6œï¯Ð¡@%`MSßVn®o],vØAS€9h%Z&"‘.IÅq}I‘”%Ûm7E{HIœ™7oސ„Nå@çáî‡íÝt†N²$HœíÎ ÓÄIä€afqàlK磻Ø灘7 bè@ +Ú +pI¥_sRê &\äu÷ãÓöç;hBÉ8þ Ž\šèÎDŽá,6Z.hƒÿ@o”ítCg`’¥ÊÄO€fÒÒ‰ŸiŸÿάô‡+3&3¶[ó{“BwŠD1åy³Ï1a +6c +cÃԙ$)ˆ¢T[¯8¯%&žØ›ÉKΑÌÒŒ•¹È՗ÿžÁªÑO„ +±ÄóZì‘3q»wªQ£†’ÿ +s±GÅgóéGí"ˆ +?G +úYÂ`&G@>ÒҙûýÞb†D¿‘z”‚Yà;3vÆëçÍêƒÎ/‚RŒåa$J;ª$2 i"1e¡QýfÈÔ×µžQRŸô¬è:]蟵Ä6‚ùc0Û̏å<Ê,kîuj!qÛUô€X.úŽã'.PsoP1 +ÃdÝŽµ\KI_~†èN¿ücˆ@T@™r&ƒD‘œ ³ +ßËeǐ™-NÕÑŠ4€w +hgü¢XÇ€€^»G®?~XO¡à÷Ñ5ñ +îG:øüi³21GD³ +Š_Œº-®Ë!¯šošÃüêùŸ$®ÕÖ¡²§ðº`p%¶ðº†)iYKAohÇ4ÙX·–û‡§÷CƒªâÃb¡ž4TJc[GÓjÑ^ˆÃ›éôxoœŠüŒ= +(;/•ÒlÎlöP7o1i¿š¯’¬(1¬o·Dë×lö¶ÎŠ¢ãâ_]6Êñݺåâ¶}y«Ÿ%ò²È15—ípdñv{÷'E÷ +v +endstream +endobj +1291 0 obj << +/Type /Page +/Contents 1292 0 R +/Resources 1290 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1289 0 R +>> endobj +1293 0 obj << +/D [1291 0 R /XYZ 71.731 729.265 null] +>> endobj +1294 0 obj << +/D [1291 0 R /XYZ 71.731 741.22 null] +>> endobj +1295 0 obj << +/D [1291 0 R /XYZ 155.059 653.848 null] +>> endobj +1296 0 obj << +/D [1291 0 R /XYZ 71.731 599.352 null] +>> endobj +1297 0 obj << +/D [1291 0 R /XYZ 71.731 576.339 null] +>> endobj +1298 0 obj << +/D [1291 0 R /XYZ 135.691 564.782 null] +>> endobj +1299 0 obj << +/D [1291 0 R /XYZ 155.059 564.782 null] +>> endobj +1300 0 obj << +/D [1291 0 R /XYZ 71.731 510.286 null] +>> endobj +1301 0 obj << +/D [1291 0 R /XYZ 71.731 487.273 null] +>> endobj +1302 0 obj << +/D [1291 0 R /XYZ 135.691 475.716 null] +>> endobj +1303 0 obj << +/D [1291 0 R /XYZ 155.059 475.716 null] +>> endobj +960 0 obj << +/D [1291 0 R /XYZ 71.731 439.9 null] +>> endobj +22 0 obj << +/D [1291 0 R /XYZ 220.023 394.646 null] +>> endobj +1304 0 obj << +/D [1291 0 R /XYZ 71.731 371.157 null] +>> endobj +1305 0 obj << +/D [1291 0 R /XYZ 71.731 371.157 null] +>> endobj +1306 0 obj << +/D [1291 0 R /XYZ 71.731 356.213 null] +>> endobj +1307 0 obj << +/D [1291 0 R /XYZ 71.731 346.726 null] +>> endobj +1308 0 obj << +/D [1291 0 R /XYZ 139.477 328.893 null] +>> endobj +1309 0 obj << +/D [1291 0 R /XYZ 139.477 328.893 null] +>> endobj +1310 0 obj << +/D [1291 0 R /XYZ 299.426 328.893 null] +>> endobj +1311 0 obj << +/D [1291 0 R /XYZ 172.114 315.941 null] +>> endobj +1312 0 obj << +/D [1291 0 R /XYZ 71.731 303.822 null] +>> endobj +1313 0 obj << +/D [1291 0 R /XYZ 71.731 290.87 null] +>> endobj +1314 0 obj << +/D [1291 0 R /XYZ 139.477 275.094 null] +>> endobj +1315 0 obj << +/D [1291 0 R /XYZ 191.223 275.094 null] +>> endobj +1316 0 obj << +/D [1291 0 R /XYZ 363.017 275.094 null] +>> endobj +1317 0 obj << +/D [1291 0 R /XYZ 353.821 262.143 null] +>> endobj +1318 0 obj << +/D [1291 0 R /XYZ 479.18 236.24 null] +>> endobj +1319 0 obj << +/D [1291 0 R /XYZ 204.692 223.289 null] +>> endobj +1320 0 obj << +/D [1291 0 R /XYZ 71.731 211.169 null] +>> endobj +1321 0 obj << +/D [1291 0 R /XYZ 71.731 198.776 null] +>> endobj +1322 0 obj << +/D [1291 0 R /XYZ 139.477 182.442 null] +>> endobj +1323 0 obj << +/D [1291 0 R /XYZ 483.035 182.442 null] +>> endobj +1324 0 obj << +/D [1291 0 R /XYZ 71.731 157.371 null] +>> endobj +1325 0 obj << +/D [1291 0 R /XYZ 71.731 144.977 null] +>> endobj +1326 0 obj << +/D [1291 0 R /XYZ 139.477 128.644 null] +>> endobj +1290 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R /F51 1265 0 R /F25 852 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1329 0 obj << +/Length 1350 +/Filter /FlateDecode +>> +stream +xÚ­XËnã6Ýç+ŽèÂF4%‹zžè“㶃$h +E: +ÚŠ%!zž” +ƒ~|/Ň$GN"pR"yŸçžK[± +­/WŸ—W“ÅtjE(ò]ßZn­ià#â{V0uQH\k¹± +G× ÝՌm—à‘‹äx]æ»4K‹X>Òb#'iQÕ4kŸ-¹ÂJèq:zlw +0ñÁ¡TÄÙßû”3%)KWœò”U'F7ښ¿0v3³ƒ39ÙqV±¢Ö[f(Vf— + +¿ŠÅþ»œÖ 3 +é:›ˆ¡®•‚ +»dôŒ +ò4Ú\4>á芆 +Š¬€ùFF +&L¬|¯9]×RpMŒ +®cقŽ‚@Š]Œî97~J×¹H|ŽÕ æWŠ¥pLZŠ}Þò2JRR×»Ùdr8 +D +£ŒÚBvAцM”=ÚÊ6TS>&°9~QéŒÏ +0:&WoØl8å58ŒlŒï£àmʒòu’¶Piw‰s'‡QRçY§Êþ +;hÛ+’rŸ©ˆÒl ++ñ +•¯9}Ïlˆt«}KHT%øš'*­ýŽ­ýŒÕì€÷E^nRQ +:Áÿ +•W¬1 +ÐÕ±'3Ý +Mç ÈÐ×¥-‹‰,TL‹ +*nÙö|Š +† +°[¯Ê‡Cªg‚Õ +®dåAÝiò«›•=֚õš‹œDtvŒÆš/%>‘Ð+”tÛ;ˆ¹ +ñŸxIwҒ3ښµä â!'Ï[9±;ÖDŸïµÆæ›ÛâO +$O +q™Š'žšd*Wà–â٘À]W>;ь3BúV:(„O‘†.ÑG> endobj +1330 0 obj << +/D [1328 0 R /XYZ 71.731 729.265 null] +>> endobj +1331 0 obj << +/D [1328 0 R /XYZ 71.731 741.22 null] +>> endobj +1332 0 obj << +/D [1328 0 R /XYZ 71.731 670.879 null] +>> endobj +1333 0 obj << +/D [1328 0 R /XYZ 139.477 654.545 null] +>> endobj +961 0 obj << +/D [1328 0 R /XYZ 71.731 609.465 null] +>> endobj +26 0 obj << +/D [1328 0 R /XYZ 283.599 564.21 null] +>> endobj +1334 0 obj << +/D [1328 0 R /XYZ 71.731 544.07 null] +>> endobj +1335 0 obj << +/D [1328 0 R /XYZ 210.699 531.333 null] +>> endobj +1336 0 obj << +/D [1328 0 R /XYZ 119.552 518.382 null] +>> endobj +1337 0 obj << +/D [1328 0 R /XYZ 423.947 518.382 null] +>> endobj +1338 0 obj << +/D [1328 0 R /XYZ 156.074 505.431 null] +>> endobj +1339 0 obj << +/D [1328 0 R /XYZ 347.605 492.479 null] +>> endobj +1340 0 obj << +/D [1328 0 R /XYZ 71.731 457.446 null] +>> endobj +1341 0 obj << +/D [1328 0 R /XYZ 339.036 446.651 null] +>> endobj +1342 0 obj << +/D [1328 0 R /XYZ 71.731 443.249 null] +>> endobj +1343 0 obj << +/D [1328 0 R /XYZ 137.484 426.228 null] +>> endobj +1344 0 obj << +/D [1328 0 R /XYZ 71.731 411.837 null] +>> endobj +1345 0 obj << +/D [1328 0 R /XYZ 137.484 395.343 null] +>> endobj +1346 0 obj << +/D [1328 0 R /XYZ 71.731 383.224 null] +>> endobj +1347 0 obj << +/D [1328 0 R /XYZ 71.731 383.224 null] +>> endobj +1348 0 obj << +/D [1328 0 R /XYZ 138.919 373.725 null] +>> endobj +1349 0 obj << +/D [1328 0 R /XYZ 71.731 372.631 null] +>> endobj +1350 0 obj << +/D [1328 0 R /XYZ 138.919 362.068 null] +>> endobj +1351 0 obj << +/D [1328 0 R /XYZ 71.731 295.916 null] +>> endobj +1352 0 obj << +/D [1328 0 R /XYZ 265.782 270.013 null] +>> endobj +1353 0 obj << +/D [1328 0 R /XYZ 319.191 270.013 null] +>> endobj +1354 0 obj << +/D [1328 0 R /XYZ 71.731 235.354 null] +>> endobj +1355 0 obj << +/D [1328 0 R /XYZ 71.731 212.066 null] +>> endobj +1356 0 obj << +/D [1328 0 R /XYZ 71.731 212.066 null] +>> endobj +1357 0 obj << +/D [1328 0 R /XYZ 138.919 202.566 null] +>> endobj +1358 0 obj << +/D [1328 0 R /XYZ 71.731 201.473 null] +>> endobj +1359 0 obj << +/D [1328 0 R /XYZ 138.919 190.91 null] +>> endobj +1360 0 obj << +/D [1328 0 R /XYZ 71.731 169.891 null] +>> endobj +1361 0 obj << +/D [1328 0 R /XYZ 71.731 145.914 null] +>> endobj +1362 0 obj << +/D [1328 0 R /XYZ 71.731 145.914 null] +>> endobj +1363 0 obj << +/D [1328 0 R /XYZ 138.919 136.414 null] +>> endobj +1327 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F25 852 0 R /F50 1263 0 R /F51 1265 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1370 0 obj << +/Length 1798 +/Filter /FlateDecode +>> +stream +xÚµXMÛ6œï¯ð¡@l`Å©ï-Ý4=â +Š$®L¯ÔȒ+Qëøßw()Q–iÐbµü˜yóæÍPþêqå¯ÞÞŒÞÞÜÝÁ*#YÌâÕv¿ +’˜DqžJF҈­¶»Õ§õ›‚¥h7 +‹ü5#ú÷Ms8–UY?ê!¯wú¡¬;É«á_¶¿ßøxœC'çÀԄø”ÁCH"?Õm‹²Ó»œÊªÒOy+žxˆþ©Å†Eë“ +týîlE.›ö¬NŒ»üU +p +‰h6 +'tüPð²öÞøÓÓ +»FB–šÙ}œ3nŸ› +ŸòŸmE-õ`<:ŽÖˆÌŸJýuÓ£}EÓW;<* +EcðÉüÌÌ,ëgðXJªwûÁue‰’ z7Ay>Š +T +@k¬‘änŒÊ†Šë+” ™MÍ1ijŒks”eSw·Ï81*Ø£lžHG»ÇNì7 Œ¯€s–Á¡Ö8€J6™K„ iB}ëh&PºÞñÊùiC£5°¶Æcö8Q§éU' +Tžõ¥±îT”9ºÐw¢›9s)ӝ;)zü[)ZÞ‚h}všŒü8XÙ":ŸýÈ¿ÿí#üÐY¢(+q7SŒŠäÃu„§ +ŽfP²È„žnä +hDBßÒ` +³cåÛ÷LwÑ|1”*û +rmòI—Mi?!Y6£ô]ßµwU“óê±b9)k`$ŒðXLb—|ØnYt(Üa:ÍԌÄ̺«} +ž*ùŽ1‡Áürýã„Æ*„AUáÀ³~=‰ +ŒÜÈÁ +%ŸUɇ²©ö>Â(çŠØšîÛ¢ÎMŒÒšTLö(œu[eG`³Ö +lŒÑ–ŠkتÂÒz¥åËAѧPiè +ä€I<#ÂÌqX“àÊÙ +N§Z}Ò°ñ:aÀõg“Ö¿( +‰„Ò˜dIõ +CùúJ( +îÆ(GŽªÙ/!Ä¢£VJÀšÛCøÑQHò¶[@)b€€•÷[<¶ÆUš#ðԊ=lå»Áwúÿý¬žù ’“¹^Q‚ÚñÊ`¬¡›pJ( XâRèd +>hY +Ç +ƒóÔËáQ‘Bojì“øŸªìF(µ}Wà²,˜Ð÷%úÞ4rŽzž +«À¢™ +Tõ(t^e€tâ&AÓgXñ¡Ü@Mõî»øHè#õ?G4o'$/«NÉ +Yjc\A¢Zm7)¬ÇÂXðúQ\/„Ph/‹z0 +Œªó\åBçTÉ'¥ÖŒ- +<»:úu€øxp¯NYžÝ~D­JïSÙ6µj·†! +Œ]7Gñ‡Ê”MÅ• +—ŸÂe‰eÏø:,÷ŒBTÇ¥KMšÛÜŽE”m%ÌK‘Úpfš¢öêÅ + +óˆ ~Yh|Hž8”D)bùîp + +eË.Üxû5 +“<4°²Þ +j)÷dTÈžÔKÐ8†»»%Ô÷èÊø ñI1ʏÕÓÈ®Vk—[í4¥Ð,Gçpâi€„6fé.Çö#Ъuóêe‹ÁIIS£å +åœlüQ•€ +ËÈ_œ©"çÖjÇ?ŒXîŽâ;f.ɺ-8sÑ +tVÉMBŒÐÇwµ)°XIðòùŠ€k;L%bŒÃeëÀŒŸ3–ª&O,µ +ÀTèÇÇŠêЉJ›Ý¹±žŽƒ(E€pà灹û£éšî(òÒŽ nº+d¬R©5­¥ñpcÞ=Ã˓›YÆÚ¯jŠÇY +3ÕkÕ£—͆®ëiç2ôˆC÷\Ð톐q(·ªürÉ՛q'ÅG3 "ڂj™=ß³õ; H‚ïWQäñ¿žqʂËÙ×ØŒ†¶Äý²bP +™ï +à + +ò©±ç‰Z?¯òÔŽ_6>#ÕÓO î§VՎÀM +:îE;rüºœù˄³ +endstream +endobj +1369 0 obj << +/Type /Page +/Contents 1370 0 R +/Resources 1368 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1289 0 R +/Annots [ 1364 0 R 1365 0 R 1366 0 R 1367 0 R ] +>> endobj +1364 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [376.104 479.782 427.94 490.257] +/Subtype /Link +/A << /S /GoTo /D (0:LAYOUT) >> +>> endobj +1365 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [230.672 439.832 289.985 450.307] +/Subtype /Link +/A << /S /GoTo /D (0:DEFTRUST) >> +>> endobj +1366 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [186.749 362.85 237.718 373.754] +/Subtype /Link +/A << /S /GoTo /D (0:COMPILATION-OPTIONS) >> +>> endobj +1367 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [354.836 277.043 396.199 287.517] +/Subtype /Link +/A << /S /GoTo /D (0:YULE) >> +>> endobj +1371 0 obj << +/D [1369 0 R /XYZ 71.731 729.265 null] +>> endobj +1372 0 obj << +/D [1369 0 R /XYZ 71.731 741.22 null] +>> endobj +1373 0 obj << +/D [1369 0 R /XYZ 71.731 718.306 null] +>> endobj +1374 0 obj << +/D [1369 0 R /XYZ 262.066 708.344 null] +>> endobj +1375 0 obj << +/D [1369 0 R /XYZ 499.036 708.344 null] +>> endobj +1376 0 obj << +/D [1369 0 R /XYZ 138.919 673.773 null] +>> endobj +962 0 obj << +/D [1369 0 R /XYZ 71.731 662.75 null] +>> endobj +30 0 obj << +/D [1369 0 R /XYZ 294.273 618.556 null] +>> endobj +1377 0 obj << +/D [1369 0 R /XYZ 71.731 594.801 null] +>> endobj +1378 0 obj << +/D [1369 0 R /XYZ 362.22 572.728 null] +>> endobj +1379 0 obj << +/D [1369 0 R /XYZ 156.632 559.777 null] +>> endobj +1380 0 obj << +/D [1369 0 R /XYZ 256.786 546.825 null] +>> endobj +1381 0 obj << +/D [1369 0 R /XYZ 312.147 533.874 null] +>> endobj +1382 0 obj << +/D [1369 0 R /XYZ 71.731 520.823 null] +>> endobj +1383 0 obj << +/D [1369 0 R /XYZ 71.731 505.879 null] +>> endobj +1384 0 obj << +/D [1369 0 R /XYZ 183.546 494.322 null] +>> endobj +1385 0 obj << +/D [1369 0 R /XYZ 240.688 482.666 null] +>> endobj +1387 0 obj << +/D [1369 0 R /XYZ 71.731 475.797 null] +>> endobj +1388 0 obj << +/D [1369 0 R /XYZ 153.922 466.028 null] +>> endobj +1389 0 obj << +/D [1369 0 R /XYZ 258.585 466.028 null] +>> endobj +1390 0 obj << +/D [1369 0 R /XYZ 139.477 442.716 null] +>> endobj +1391 0 obj << +/D [1369 0 R /XYZ 71.731 404.858 null] +>> endobj +1392 0 obj << +/D [1369 0 R /XYZ 214.106 391.906 null] +>> endobj +1393 0 obj << +/D [1369 0 R /XYZ 176.846 378.955 null] +>> endobj +1394 0 obj << +/D [1369 0 R /XYZ 71.731 343.921 null] +>> endobj +1395 0 obj << +/D [1369 0 R /XYZ 266.908 333.127 null] +>> endobj +1396 0 obj << +/D [1369 0 R /XYZ 71.731 321.007 null] +>> endobj +1397 0 obj << +/D [1369 0 R /XYZ 71.731 321.007 null] +>> endobj +1398 0 obj << +/D [1369 0 R /XYZ 138.919 311.508 null] +>> endobj +1399 0 obj << +/D [1369 0 R /XYZ 71.731 310.414 null] +>> endobj +1400 0 obj << +/D [1369 0 R /XYZ 71.731 290.489 null] +>> endobj +1401 0 obj << +/D [1369 0 R /XYZ 480.508 279.926 null] +>> endobj +1402 0 obj << +/D [1369 0 R /XYZ 232.986 256.614 null] +>> endobj +1403 0 obj << +/D [1369 0 R /XYZ 383.896 256.614 null] +>> endobj +1404 0 obj << +/D [1369 0 R /XYZ 71.731 172.529 null] +>> endobj +1405 0 obj << +/D [1369 0 R /XYZ 246.435 159.578 null] +>> endobj +1406 0 obj << +/D [1369 0 R /XYZ 71.731 147.458 null] +>> endobj +1407 0 obj << +/D [1369 0 R /XYZ 71.731 147.458 null] +>> endobj +1408 0 obj << +/D [1369 0 R /XYZ 138.919 137.959 null] +>> endobj +1368 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R /F38 956 0 R /F51 1265 0 R /F25 852 0 R /F48 1258 0 R /F55 1386 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1425 0 obj << +/Length 1486 +/Filter /FlateDecode +>> +stream +xÚíYËnÛ8Ýç+Œ 6Ñ$õ.ÐYL;-:@b’Yµ]02-q"‰ªD5Íß)>,ɚ8ÐÇ¢›˜‘¯xyϹO®ò\œ¹øãúbûÚ÷W)H# +­®÷+?Ž@«ØÇ ñêz·ú°~YFÐvãá®1П/yÕ°’Õ¹þ—Ô;œ`u'H9|ñéú¯ +hTI=h€GŠÆ",a¢]ožæzŸŒ×!ÄyßR£AtŽý²AáڞÇüÓ1^ë|oIUf +Š‚œºcei6ÌÌ#ÒM4dŽ-1B%ÏçzŸ+ö¯CžJŒÒXÙ¥!D(ՆtÅoF„P +ü(–²ƒ +ØJ÷LAžö’éú{œ£‚Ú\y«¶5-öFá‰\e¥& +Ðõ&ƒÞ +²F<6cáY*ÞÛVĶ4Ӓ1؂hªÆà_çS‚Ÿ +'øDœô‡³vÞÏ^0&íÄ€·Ž”ÉèàøG=¢!¥ÐmªJp²QÊd±ók9ò¿YÞ2|š[û~( +ßљ_ËHÍÝxf&FþïWï®.ÏÃ3xŠc9O&þ©îH +ÍÚ#ñתôÜf +ƎrC:ºX29 +ɁҚä-ÉJº­î»Ïå¶áÈ[*—׍08þèrQö^Noßyûê|îžÒ׆r”<ÙØBKm£å†c¯ØpóÖû7åµÍëÇ#î!3Ærr’œdAŸ„ÒHÍêî€eÞäKŸ +€ƒäŒ=’Ò +c{ʲ~EƒSI‰Å¬Õ + >ÃÌ£÷}+ý·µž/ŸW#ðÝ +Ñhþ +p@Hfî(œúÔ€t‹G&Ý +ŠnyÓ¶i™íÆÓµ{qš®]_M¯“Ô×KùÍ2ãXT—‘W®:š†#} +ª_Ö +•ãÀƒñáC`š|‹t4¹"sŒ¹ ›>,žmÂp-[#RŠâÙBOe‰)˜MUnÚhdÚ¥uFM°5O÷»ãL¶tÙ±?¢•l°º-”:+ìÀw¬ß?ëÅæ&€ëˇ°ïŸ + ŽÔr=W—›*2ͧZ~Ñsëg +µ™á\ô3âJ{]»‰Üµ] +œ‰;‚Á]IÆݺ©d®IFWÔKEbo +ôšIÉL˜žŠàhI¬RçÉŠ$õšj̲±ŽÕœxR5µ}ÛyDuTôÍ¥1{ü«G +ƒ0u-£%·!­`Y_’¥z6Í{Î +îXÙÑýøÑÝx§n ü؎cve¶¬Œ5çœ<¯\QUÝqÉj;C™~ÙHñy©4?4,øC”€8pËcÛÍ„‹MÒQ’ +“€el'ŠH€Äþt1u•?¯/þsõт +endstream +endobj +1424 0 obj << +/Type /Page +/Contents 1425 0 R +/Resources 1423 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1289 0 R +/Annots [ 1410 0 R 1411 0 R 1412 0 R 1413 0 R 1414 0 R 1415 0 R 1416 0 R 1417 0 R 1418 0 R 1419 0 R 1420 0 R 1421 0 R 1422 0 R ] +>> endobj +1410 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [346.588 542.082 393.412 553.096] +/Subtype /Link +/A << /S /GoTo /D (0:SUIDCHK) >> +>> endobj +1411 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [405.446 511.198 457.252 522.102] +/Subtype /Link +/A << /S /GoTo /D (0:KERNELDEF) >> +>> endobj +1412 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [405.446 480.314 457.252 491.218] +/Subtype /Link +/A << /S /GoTo /D (0:KERNELDEF) >> +>> endobj +1413 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [374.722 449.43 426.528 460.443] +/Subtype /Link +/A << /S /GoTo /D (0:MONDEF) >> +>> endobj +1414 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [445.675 418.546 497.481 429.449] +/Subtype /Link +/A << /S /GoTo /D (0:MOUNTCHECK) >> +>> endobj +1415 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [442.756 387.661 494.561 398.565] +/Subtype /Link +/A << /S /GoTo /D (0:USERCHECK) >> +>> endobj +1416 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [328.337 356.777 380.142 367.791] +/Subtype /Link +/A << /S /GoTo /D (0:SQLDETAILS) >> +>> endobj +1417 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [351.849 325.893 398.673 336.907] +/Subtype /Link +/A << /S /GoTo /D (0:PRELUDEDETAILS) >> +>> endobj +1418 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [302.883 295.009 343.888 306.022] +/Subtype /Link +/A << /S /GoTo /D (0:SIGNED-FILES) >> +>> endobj +1419 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [305.709 282.057 346.715 293.071] +/Subtype /Link +/A << /S /GoTo /D (0:SIGNED-FILES) >> +>> endobj +1420 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [471.428 251.173 512.434 262.077] +/Subtype /Link +/A << /S /GoTo /D (0:STEALTHMODE) >> +>> endobj +1421 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [341.317 176.453 382.323 187.467] +/Subtype /Link +/A << /S /GoTo /D (0:YULE) >> +>> endobj +1422 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [315.794 150.67 362.618 161.454] +/Subtype /Link +/A << /S /GoTo /D (0:DATABASE-CONFIGURATION-FILE-DOWNLOAD) >> +>> endobj +1426 0 obj << +/D [1424 0 R /XYZ 71.731 729.265 null] +>> endobj +1427 0 obj << +/D [1424 0 R /XYZ 71.731 718.306 null] +>> endobj +1428 0 obj << +/D [1424 0 R /XYZ 248.487 708.344 null] +>> endobj +1429 0 obj << +/D [1424 0 R /XYZ 138.919 686.725 null] +>> endobj +1430 0 obj << +/D [1424 0 R /XYZ 76.712 663.811 null] +>> endobj +34 0 obj << +/D [1424 0 R /XYZ 388.999 624.438 null] +>> endobj +1431 0 obj << +/D [1424 0 R /XYZ 71.731 601.321 null] +>> endobj +1432 0 obj << +/D [1424 0 R /XYZ 71.731 563.502 null] +>> endobj +1433 0 obj << +/D [1424 0 R /XYZ 71.731 562.257 null] +>> endobj +1434 0 obj << +/D [1424 0 R /XYZ 129.514 545.235 null] +>> endobj +1435 0 obj << +/D [1424 0 R /XYZ 419.614 545.235 null] +>> endobj +1436 0 obj << +/D [1424 0 R /XYZ 71.731 532.164 null] +>> endobj +1437 0 obj << +/D [1424 0 R /XYZ 129.514 514.351 null] +>> endobj +1438 0 obj << +/D [1424 0 R /XYZ 129.514 501.4 null] +>> endobj +1439 0 obj << +/D [1424 0 R /XYZ 241.274 501.4 null] +>> endobj +1441 0 obj << +/D [1424 0 R /XYZ 71.731 499.377 null] +>> endobj +1442 0 obj << +/D [1424 0 R /XYZ 129.514 483.467 null] +>> endobj +1443 0 obj << +/D [1424 0 R /XYZ 129.514 470.516 null] +>> endobj +1444 0 obj << +/D [1424 0 R /XYZ 241.274 470.516 null] +>> endobj +1445 0 obj << +/D [1424 0 R /XYZ 71.731 468.493 null] +>> endobj +1446 0 obj << +/D [1424 0 R /XYZ 129.514 452.583 null] +>> endobj +1447 0 obj << +/D [1424 0 R /XYZ 452.729 452.583 null] +>> endobj +1448 0 obj << +/D [1424 0 R /XYZ 71.731 437.609 null] +>> endobj +1449 0 obj << +/D [1424 0 R /XYZ 129.514 421.699 null] +>> endobj +1450 0 obj << +/D [1424 0 R /XYZ 129.514 408.747 null] +>> endobj +1451 0 obj << +/D [1424 0 R /XYZ 71.731 406.725 null] +>> endobj +1452 0 obj << +/D [1424 0 R /XYZ 129.514 390.814 null] +>> endobj +1453 0 obj << +/D [1424 0 R /XYZ 129.514 377.863 null] +>> endobj +1454 0 obj << +/D [1424 0 R /XYZ 71.731 375.841 null] +>> endobj +1455 0 obj << +/D [1424 0 R /XYZ 129.514 359.93 null] +>> endobj +1456 0 obj << +/D [1424 0 R /XYZ 406.344 359.93 null] +>> endobj +1457 0 obj << +/D [1424 0 R /XYZ 273.822 346.979 null] +>> endobj +1458 0 obj << +/D [1424 0 R /XYZ 71.731 344.956 null] +>> endobj +1459 0 obj << +/D [1424 0 R /XYZ 129.514 329.046 null] +>> endobj +1460 0 obj << +/D [1424 0 R /XYZ 424.874 329.046 null] +>> endobj +1461 0 obj << +/D [1424 0 R /XYZ 71.731 314.072 null] +>> endobj +1462 0 obj << +/D [1424 0 R /XYZ 129.514 298.162 null] +>> endobj +1463 0 obj << +/D [1424 0 R /XYZ 370.09 298.162 null] +>> endobj +1464 0 obj << +/D [1424 0 R /XYZ 179.466 285.21 null] +>> endobj +1465 0 obj << +/D [1424 0 R /XYZ 402.658 272.259 null] +>> endobj +1466 0 obj << +/D [1424 0 R /XYZ 71.731 270.102 null] +>> endobj +1467 0 obj << +/D [1424 0 R /XYZ 129.514 254.326 null] +>> endobj +1468 0 obj << +/D [1424 0 R /XYZ 71.731 239.218 null] +>> endobj +1469 0 obj << +/D [1424 0 R /XYZ 129.514 223.442 null] +>> endobj +1470 0 obj << +/D [1424 0 R /XYZ 258.45 223.442 null] +>> endobj +1471 0 obj << +/D [1424 0 R /XYZ 450.747 223.442 null] +>> endobj +1472 0 obj << +/D [1424 0 R /XYZ 71.731 210.371 null] +>> endobj +1473 0 obj << +/D [1424 0 R /XYZ 129.514 192.558 null] +>> endobj +1474 0 obj << +/D [1424 0 R /XYZ 256.398 192.558 null] +>> endobj +1475 0 obj << +/D [1424 0 R /XYZ 450.617 192.558 null] +>> endobj +1476 0 obj << +/D [1424 0 R /XYZ 207.112 166.655 null] +>> endobj +963 0 obj << +/D [1424 0 R /XYZ 71.731 136.722 null] +>> endobj +1423 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R /F51 1265 0 R /F25 852 0 R /F38 956 0 R /F60 1440 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1480 0 obj << +/Length 1317 +/Filter /FlateDecode +>> +stream +xÚ­WÛnÜ6}÷Wè¡Hw‹&©Õ­ê$v +$­‘Ø@‹€\‰»b-‘‚.µ·ðǗIÝVë iK‰Cræð̙töt®Ï.ïÎ.®<ωA +àÀ¹Û9^?Ø8¡‡Aäcç.u>¯^g€lhµv±Wèÿ×¢(YÎø^?žêãuCòn⏻wgÐ +uq +} +#£r=ž‘<ÛÅ!@p£OÂÀWۇÑê²eyªv¢‘ƒ›DÉåÒ¿0Ô«~ÚõÞ%‚ïÛª÷¬Éš +Ô¢­znÞ +ý¿]cžêÎÒ6€Èãúá Z=ø³­=ʈ²ÿkünÔ +J:;0E!qùA‡áC'0ˆC”q# XGPgß#42B1ð‚PÚv6y  +€žÆÊõ}ÆHÛÞõ17Ò’ +N/’œQn *€§.Š€mÈ67æ_  +rˆfWÛ– +ƒmM+E5¬?Ž9 +'„s.̱ÛÉ +Úݯ‚aûÆõšm.œŠ¢­óÃ:ðW†p¿¯‚+{%œÒtzUË +<Ñ +äAàã؂.†¬Qd/ñÕ+ý/1^#Ï1Î1h³±ûÔŽ$išô°[ž­h2ÐÅåbŒAzS®ÞìfÜzT{16˜¶ŠœÙ™“†­±?!_I’²§Öy.ÇÕÌ!“r±àç³³ +¶ÏÌÁ2˜Ì®]vi–)déò¶Œ“ê0ñ +,$VFjó¶-KQ53—?Þ~èT• +b“qý +Ý2‡ٔnG³×’àB +³Íöo<šþùÖœÿmŒ¶ž +‡bD¯gý'‘“ŠÕ“ jՍ—c(ÌÕJ—–RŒÎyEx”ܧˆ‡=I<Ïίð8”-IŽ +<è£òž”,)‹g ù³ö¹Ãï¹ÖðžåÃþ%uêr °êdá|dyn$¡¢2,µô+©º¢0ä;&–±MQ¥ƒØ‹™T‰R¿¶oI3ÃO&šÁï1£|©ˆ,pcVRFÚImbVŽËU&UÌJe¢˜|U<±ÅӈY=“Ë¡E2Ԑ6ӊ{ÏÙÓP1ÇT7âm +yÂü-é©k‰ Ü[ «—šæ»Å}•ê— +^ 8Ž\ +áƈ`CËLeýtKeÃ5b²l7,{‡Œ¶Åž‹âLˆ•šmÞ©6k¡ªœR4øŸ€Ì¶ +³Ÿ4íhuíF¡mKӖÞhàþ}cZ·IBëz×æãèëID,œ“º”—ÿ +v2ÊzN{ +ÓVˆ¶aüˆ}G(”šò±bÍQ×3hñh×qÖí*[#È)é +»µ(‹o'­p}ŠÉuS±²ŽIז‚/íßœúÕLœgŒ}2V^Ì꫊ÒËOo†ùóI +ÏZo#/TÖoۂvî,5 +ÀòCÀ˜IüsÖ +tK*¯Dq0M¯.óE©$âP + +¡T€xʶ˪ïœ>ŠšœV[žZª÷"yý˜ܟ”åסۊ£C›îvê› +M1_T?YYg}–"zQc뮖ìýŸWìGÖd +1-ts!”ö™ŽO· +÷‚"àûýœ +ÇIÜ|õ•3ý\ž|–cy¥nˆ†žÞ œ,x{wö«¬1( +endstream +endobj +1479 0 obj << +/Type /Page +/Contents 1480 0 R +/Resources 1478 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1289 0 R +/Annots [ 1477 0 R ] +>> endobj +1477 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [338.667 453.13 390.473 464.034] +/Subtype /Link +/A << /S /GoTo /D (0:NATIVE-PACKAGES) >> +>> endobj +1481 0 obj << +/D [1479 0 R /XYZ 71.731 729.265 null] +>> endobj +38 0 obj << +/D [1479 0 R /XYZ 148.27 705.748 null] +>> endobj +1482 0 obj << +/D [1479 0 R /XYZ 71.731 685.607 null] +>> endobj +1483 0 obj << +/D [1479 0 R /XYZ 270.156 672.871 null] +>> endobj +1484 0 obj << +/D [1479 0 R /XYZ 71.731 660.752 null] +>> endobj +1485 0 obj << +/D [1479 0 R /XYZ 71.731 660.752 null] +>> endobj +1486 0 obj << +/D [1479 0 R /XYZ 138.919 651.252 null] +>> endobj +1487 0 obj << +/D [1479 0 R /XYZ 71.731 608.413 null] +>> endobj +1488 0 obj << +/D [1479 0 R /XYZ 255.65 595.461 null] +>> endobj +1489 0 obj << +/D [1479 0 R /XYZ 371.425 595.461 null] +>> endobj +1490 0 obj << +/D [1479 0 R /XYZ 250.081 582.51 null] +>> endobj +1491 0 obj << +/D [1479 0 R /XYZ 71.731 560.428 null] +>> endobj +1492 0 obj << +/D [1479 0 R /XYZ 185.115 536.682 null] +>> endobj +1493 0 obj << +/D [1479 0 R /XYZ 307.714 523.73 null] +>> endobj +1494 0 obj << +/D [1479 0 R /XYZ 71.731 511.611 null] +>> endobj +1495 0 obj << +/D [1479 0 R /XYZ 71.731 511.611 null] +>> endobj +1496 0 obj << +/D [1479 0 R /XYZ 138.919 502.111 null] +>> endobj +1497 0 obj << +/D [1479 0 R /XYZ 71.731 480.169 null] +>> endobj +1498 0 obj << +/D [1479 0 R /XYZ 71.731 434.201 null] +>> endobj +1499 0 obj << +/D [1479 0 R /XYZ 71.731 411.287 null] +>> endobj +1500 0 obj << +/D [1479 0 R /XYZ 71.731 411.287 null] +>> endobj +1501 0 obj << +/D [1479 0 R /XYZ 138.919 401.788 null] +>> endobj +1502 0 obj << +/D [1479 0 R /XYZ 71.731 379.845 null] +>> endobj +1503 0 obj << +/D [1479 0 R /XYZ 119.552 355.959 null] +>> endobj +1504 0 obj << +/D [1479 0 R /XYZ 71.731 330.889 null] +>> endobj +1505 0 obj << +/D [1479 0 R /XYZ 71.731 330.889 null] +>> endobj +1506 0 obj << +/D [1479 0 R /XYZ 138.919 321.389 null] +>> endobj +964 0 obj << +/D [1479 0 R /XYZ 71.731 310.365 null] +>> endobj +42 0 obj << +/D [1479 0 R /XYZ 154.983 266.172 null] +>> endobj +1507 0 obj << +/D [1479 0 R /XYZ 71.731 246.032 null] +>> endobj +1508 0 obj << +/D [1479 0 R /XYZ 71.731 221.176 null] +>> endobj +1509 0 obj << +/D [1479 0 R /XYZ 71.731 221.176 null] +>> endobj +1510 0 obj << +/D [1479 0 R /XYZ 138.919 211.676 null] +>> endobj +1511 0 obj << +/D [1479 0 R /XYZ 71.731 190.69 null] +>> endobj +1512 0 obj << +/D [1479 0 R /XYZ 71.731 156.718 null] +>> endobj +1513 0 obj << +/D [1479 0 R /XYZ 461.157 145.923 null] +>> endobj +1514 0 obj << +/D [1479 0 R /XYZ 290.509 120.02 null] +>> endobj +1478 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F50 1263 0 R /F51 1265 0 R /F38 956 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1517 0 obj << +/Length 1227 +/Filter /FlateDecode +>> +stream +xÚœWËrÛ6Ýû+žèBʘ0ŸÄÌtáÄIëLXžI'É– ‰`A2‰þŸÄÇMڍBîÁ=ç>x[/ð~»x±Œžz +†^F²„%Þrã +iBâ$òҐ‘EÌŒåÚ{?{¹ãe-ôÜgq0cÄ>_ª¢Ì÷¹ÜÚW.×vËªæûöË7š;t`–Š$  +‰ƒ +5tœéÌà1ŒÎ•ŒŽSÕØÁ—|¿·£aŸj3gñl#Ž@µ²OÝH¬/ÖišJ#֚-ø§9 +fbdÙPªÆœCäà ¶ÝÖ\"œvȝi<'wÝéymGÕJçe]¹ÿykÌ8&$a–z>e$s +pÛµø»ÉOn †Ž;•;îPñŠVžp8軝;qušjQØñ‡ ŽðáA*dûõœÆpIûRpi^ñDU + +6,ßà +œZàöèª?û\6_‘Ðg/înpx§ö\çŸýþ§ÿÇ·ooß4—SÒÅì¶(Ûè€KpYÛ9{ŒAxš€Ti”1ÿßÀŸÐRœµ"µù\‹Në +Õã̲Π+ïJç¢:•GÇ·0·ú +²èËÀ +Î^lÀN† +™2âÌÚ͏X55؋£CÌŸ‰4ÓG>ï•iföâ;ŽòÀ§ÝÍ2÷8u÷Í«»åÍíÛ_¯*UðÔ£$àA#n‡îàèeðp6K ›€•4éŠUgt"»Å$f]âÈ«c†•ªÇì +æI<à +_‰Mƒp6.Ó¯ŒR:rKŸúÄ·NJŸü£Í;áäùšYŽI3’ª„þÜÒ­ÿ§ž~<:FÄ@ÿ„Þ¢ÜêíUU«r¢”|7š( g¹¬õ¡ªk[ßܳýÄ Èw”®¹(œÜ›RÉó%³)øùŸkJHYµ‹KH`6Xæås»4Z +—-܍þšÓÈt˜¶{Ï*nèøl ¹Æf‡@ÍM<(nmû +âãÕHµ³ó6z`ÐTž5Ç +›yˆÉÓü+GeÅ,ÛØçÁ`pЄÙcµÓÙ€>ãs:s]€Ï¶á +} +ìÆèù^Gý•øóN!)a lÄÈ +H‡§ÚèÁ×@vMÔŽâldÂÇíÐ(’(£?nèT’ÃOòѧœ¡ipQêô²myµŒøT—B +endstream +endobj +1516 0 obj << +/Type /Page +/Contents 1517 0 R +/Resources 1515 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1562 0 R +>> endobj +1518 0 obj << +/D [1516 0 R /XYZ 71.731 729.265 null] +>> endobj +1519 0 obj << +/D [1516 0 R /XYZ 71.731 718.306 null] +>> endobj +1520 0 obj << +/D [1516 0 R /XYZ 296.666 708.344 null] +>> endobj +1521 0 obj << +/D [1516 0 R /XYZ 199.78 695.392 null] +>> endobj +1522 0 obj << +/D [1516 0 R /XYZ 311.879 682.441 null] +>> endobj +1523 0 obj << +/D [1516 0 R /XYZ 471.917 682.441 null] +>> endobj +1524 0 obj << +/D [1516 0 R /XYZ 71.731 644.792 null] +>> endobj +1525 0 obj << +/D [1516 0 R /XYZ 71.731 644.792 null] +>> endobj +1526 0 obj << +/D [1516 0 R /XYZ 138.919 634.919 null] +>> endobj +1527 0 obj << +/D [1516 0 R /XYZ 71.731 633.858 null] +>> endobj +46 0 obj << +/D [1516 0 R /XYZ 318.287 595.547 null] +>> endobj +1528 0 obj << +/D [1516 0 R /XYZ 71.731 582.392 null] +>> endobj +1529 0 obj << +/D [1516 0 R /XYZ 71.731 582.392 null] +>> endobj +1530 0 obj << +/D [1516 0 R /XYZ 138.919 573.928 null] +>> endobj +1531 0 obj << +/D [1516 0 R /XYZ 71.731 552.941 null] +>> endobj +1532 0 obj << +/D [1516 0 R /XYZ 71.731 515.98 null] +>> endobj +1533 0 obj << +/D [1516 0 R /XYZ 71.731 515.98 null] +>> endobj +1534 0 obj << +/D [1516 0 R /XYZ 148.603 506.481 null] +>> endobj +1535 0 obj << +/D [1516 0 R /XYZ 71.731 485.494 null] +>> endobj +1536 0 obj << +/D [1516 0 R /XYZ 166.315 473.604 null] +>> endobj +1537 0 obj << +/D [1516 0 R /XYZ 71.731 448.907 null] +>> endobj +1538 0 obj << +/D [1516 0 R /XYZ 71.731 448.907 null] +>> endobj +1539 0 obj << +/D [1516 0 R /XYZ 138.919 439.034 null] +>> endobj +1540 0 obj << +/D [1516 0 R /XYZ 71.731 418.047 null] +>> endobj +1541 0 obj << +/D [1516 0 R /XYZ 71.731 381.086 null] +>> endobj +1542 0 obj << +/D [1516 0 R /XYZ 71.731 381.086 null] +>> endobj +1543 0 obj << +/D [1516 0 R /XYZ 138.919 371.587 null] +>> endobj +1544 0 obj << +/D [1516 0 R /XYZ 71.731 350.6 null] +>> endobj +1545 0 obj << +/D [1516 0 R /XYZ 71.731 326.59 null] +>> endobj +1546 0 obj << +/D [1516 0 R /XYZ 71.731 326.59 null] +>> endobj +1547 0 obj << +/D [1516 0 R /XYZ 138.919 317.091 null] +>> endobj +1548 0 obj << +/D [1516 0 R /XYZ 71.731 296.072 null] +>> endobj +1549 0 obj << +/D [1516 0 R /XYZ 133.111 284.214 null] +>> endobj +1550 0 obj << +/D [1516 0 R /XYZ 71.731 272.095 null] +>> endobj +1551 0 obj << +/D [1516 0 R /XYZ 71.731 272.095 null] +>> endobj +1552 0 obj << +/D [1516 0 R /XYZ 138.919 262.595 null] +>> endobj +1553 0 obj << +/D [1516 0 R /XYZ 71.731 241.609 null] +>> endobj +1554 0 obj << +/D [1516 0 R /XYZ 71.731 227.562 null] +>> endobj +1555 0 obj << +/D [1516 0 R /XYZ 71.731 212.618 null] +>> endobj +1556 0 obj << +/D [1516 0 R /XYZ 252.568 203.118 null] +>> endobj +1557 0 obj << +/D [1516 0 R /XYZ 71.731 181.396 null] +>> endobj +1558 0 obj << +/D [1516 0 R /XYZ 71.731 181.396 null] +>> endobj +1559 0 obj << +/D [1516 0 R /XYZ 156.908 171.009 null] +>> endobj +1560 0 obj << +/D [1516 0 R /XYZ 71.731 170.025 null] +>> endobj +1561 0 obj << +/D [1516 0 R /XYZ 156.908 160.518 null] +>> endobj +965 0 obj << +/D [1516 0 R /XYZ 71.731 101.041 null] +>> endobj +1515 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F38 956 0 R /F50 1263 0 R /F51 1265 0 R /F25 852 0 R /F48 1258 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1567 0 obj << +/Length 1806 +/Filter /FlateDecode +>> +stream +xÚ­XMÛ6œï¯pk—¢Ÿ÷P M“49Žº=%=Èm«+‹‚He×ýõ +ŠCJ²µ›mš%™ä +ߌy34]íWtõîꧻ«›·A°ÊH³xu·[IL¢8\%#iÄVwåêãúõ!oï6 +‹èš3ŸǶª«fo^óŠ4U#U^?üu÷ኢ©›·,Zù a~jC^@C’‚m%ħ¡±ÄH¢·OÒõë^*q¬þÙx>]sœxêO< +’2öG“Ä,—ùñWq€G.ÍãC¥æ©ä» +l˜÷µ²³šO”²}ß媞T©íâÀ“KŸaÑúóƏ֌ËkóQŽ\¯Ž0ȓTü(oÃ]¥àp<œ8 ÚùИúÚ°êN˜Rg‰ÿjaK/È`N +(øŒd‘Ÿ³uÞUraïÌ'aôìÞ!ÉRÿÒÙ]ÇùV–ßrËŒzŒ#tiό,µK>шjž]îÌ(ñ3í©¯yW,l„$‰3;ÍV +‚œ@*?NNd¿ä +Æ +ìûÈþ;X2¥û„<èÜ2¯F¢!$ +öØyÇ\Ç¢¢†©z}7%×+\Š +Ÿ­•m^Ü£ +±€}Š)/å ÇB]íÌØ3î +Ðɲõqã¯õIÌ[!úº4S¶ÜŒ;Ñ7%1Ï¿OӬڄÔ1G‚KâêËd +c²‚Ɍé÷Þ*X<Æ,®hòdàÚóF'õ«35; +†¶Û|[Ÿ\P0Àür ›õåßœ](¹Òú€jRWƳÛ3uÔ’%ÔÇ01PG?CÞ3]NŸd‰~²1z8TÅa&c7eÕñB‰®²’&ÍnùÉ +ãZùœkž1恔gûþÕb¿wœ7<. €šgýì¥qpîI`6wiy¡óµ(&9*vg‰øLÀ<— +éä§)¡q`vÃUqãrj!›šYt&g’ór«ƒµ? ^Î +õñlÒú‡©mR8‘Á„Å”CÎôk)Gv«S˧ŠêÜ@Úù$¶Ž“‡ïq’?™äƒ$ÇN>W/ŠôËG÷p©×ñ—Âõ’x +ãçFÁ›™PöŒQŒœgä×­K]î­V«£¹ÍO›·–#N[»ŸQÕє +z†ð’»&íªQÞ$âßÖ<·¥à`Ü~Ÿ;"*y®–(òcÛòŠ¬ +±» ±~N¿;“¯ó~99Š9¯7ry׉NÚ:x^­ž !â0k×ÆJ ²0ÕÖ®q +Ì÷\. + o­ +(ȝê[ëWQ÷¥Ûa’ð]Ç%¬«]ÕnúãÖ +ò¿H1Ä?ëtm§Æ$Ì2ÛèŠØèŸo@ðòÚuºÃGc + +¶@ô +ÞÊ\åúË׎Ø¢»ÇxmÇti¡GŒÀ§tž-k€šâOÀEfhMAûMŽ»rÆçÉItnàI0Û-gUßI'Z›òË;!C\Ùݺ +ñµŠ  +îì,ÛRÚ3ï  pE~׉ãì +÷iYRì{æ}·¬ÌgÜ ý<žaé|1+¢±@ +w–ܲe@Žß^ð +§Žê{ʌÚoüÒÚ/;ñÅ*Œupž¡™ùÓë( +HÄܕÁs9œž9‹ Ëüi¯:•Œ{gW¹JaŒ¯õÆ×s¹;T{§w£Dm]–T—¥f”@ž4«&¯o@3à.Æ +5†B +fÐß±euvs{ZþòˆP¢ß\Ÿã +—Ä[WN`ñƒˆø¡@œÒS#ñCŠ®_Ž#Ýe®œË‡²Žt÷‚^êî^«J¹ +•Mïj®; |ß9Êçj>Kãߔ¶%dëy÷³Ø,_Þ§ÐØݐ5AYe8 +ëÈ^^w]É4Eët{fªÈí~ çÍɞœÝ'–4äÃïoÞ! +«bÄh&i£žO§ŒD–Ê=–•lë +Oр8AãƒožFƒÕ +&Ø€2'²Yp=š· +€»v|jâ€oZÀèV RÿW¡ø-JT˜Noö) R§>ï•)„Côaìe^Âˀ0ŒC[‚uT˜^!EúfÉ +²‘\ê›^æYs.=fŸÅ¬Œ +¥ªbÈÄWXºy‘÷+÷ +nˆ)M}ÊBY°”R3û¶ïf™ +%­Ál<è+ˆ|„jûDG1ƒËµ|ÐAYLŽÀýÅxFÃ3<ßv<ŸhlPÜVcÙ}º­1§Äšìe^b·ô§m~f1€xÄø™öm©+ç%ŠI­šƒq§Olé3¬qGÿRS° —?óš+üÙîÕñ&?ŸŒœ[yè×ìd®híÌxÒ +ü 3ƒ•1 +ŽG毉—ŠBJB0õµ©.sј×7§¡³? +fåžB© +ÌÇ? +³Ù’7wWÿöÙ +endstream +endobj +1566 0 obj << +/Type /Page +/Contents 1567 0 R +/Resources 1565 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1562 0 R +/Annots [ 1563 0 R 1564 0 R ] +>> endobj +1563 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [402.957 557.228 454.762 568.132] +/Subtype /Link +/A << /S /GoTo /D (0:LAYOUT) >> +>> endobj +1564 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [302.633 476.829 353.054 487.733] +/Subtype /Link +/A << /S /GoTo /D (0:THE-CONFIGURATION-FILE) >> +>> endobj +1568 0 obj << +/D [1566 0 R /XYZ 71.731 729.265 null] +>> endobj +50 0 obj << +/D [1566 0 R /XYZ 192.444 705.748 null] +>> endobj +1569 0 obj << +/D [1566 0 R /XYZ 71.731 685.607 null] +>> endobj +1570 0 obj << +/D [1566 0 R /XYZ 71.731 685.607 null] +>> endobj +1571 0 obj << +/D [1566 0 R /XYZ 429.516 672.871 null] +>> endobj +1572 0 obj << +/D [1566 0 R /XYZ 119.552 659.92 null] +>> endobj +1573 0 obj << +/D [1566 0 R /XYZ 215.99 659.92 null] +>> endobj +1574 0 obj << +/D [1566 0 R /XYZ 312.428 659.92 null] +>> endobj +1575 0 obj << +/D [1566 0 R /XYZ 431.95 659.92 null] +>> endobj +1576 0 obj << +/D [1566 0 R /XYZ 119.552 634.017 null] +>> endobj +1577 0 obj << +/D [1566 0 R /XYZ 381.806 621.065 null] +>> endobj +1578 0 obj << +/D [1566 0 R /XYZ 71.731 615.465 null] +>> endobj +1579 0 obj << +/D [1566 0 R /XYZ 129.514 596.246 null] +>> endobj +1580 0 obj << +/D [1566 0 R /XYZ 71.731 596.147 null] +>> endobj +1581 0 obj << +/D [1566 0 R /XYZ 129.514 578.314 null] +>> endobj +1582 0 obj << +/D [1566 0 R /XYZ 307.614 560.381 null] +>> endobj +1583 0 obj << +/D [1566 0 R /XYZ 71.731 535.31 null] +>> endobj +1584 0 obj << +/D [1566 0 R /XYZ 71.731 535.31 null] +>> endobj +1585 0 obj << +/D [1566 0 R /XYZ 138.919 525.81 null] +>> endobj +1586 0 obj << +/D [1566 0 R /XYZ 71.731 504.824 null] +>> endobj +1587 0 obj << +/D [1566 0 R /XYZ 71.731 457.9 null] +>> endobj +1588 0 obj << +/D [1566 0 R /XYZ 371.675 447.106 null] +>> endobj +966 0 obj << +/D [1566 0 R /XYZ 71.731 430.752 null] +>> endobj +54 0 obj << +/D [1566 0 R /XYZ 357.038 387.655 null] +>> endobj +1589 0 obj << +/D [1566 0 R /XYZ 71.731 367.514 null] +>> endobj +1590 0 obj << +/D [1566 0 R /XYZ 71.731 367.514 null] +>> endobj +1591 0 obj << +/D [1566 0 R /XYZ 71.731 316.756 null] +>> endobj +1592 0 obj << +/D [1566 0 R /XYZ 71.731 316.756 null] +>> endobj +1593 0 obj << +/D [1566 0 R /XYZ 138.919 307.256 null] +>> endobj +1594 0 obj << +/D [1566 0 R /XYZ 71.731 286.237 null] +>> endobj +1595 0 obj << +/D [1566 0 R /XYZ 143.073 274.379 null] +>> endobj +1596 0 obj << +/D [1566 0 R /XYZ 71.731 252.297 null] +>> endobj +1597 0 obj << +/D [1566 0 R /XYZ 254.693 241.503 null] +>> endobj +1598 0 obj << +/D [1566 0 R /XYZ 337.173 241.503 null] +>> endobj +1599 0 obj << +/D [1566 0 R /XYZ 206.993 228.551 null] +>> endobj +1600 0 obj << +/D [1566 0 R /XYZ 71.731 213.443 null] +>> endobj +1601 0 obj << +/D [1566 0 R /XYZ 71.731 198.499 null] +>> endobj +1602 0 obj << +/D [1566 0 R /XYZ 274.141 189 null] +>> endobj +1603 0 obj << +/D [1566 0 R /XYZ 434.439 189 null] +>> endobj +1604 0 obj << +/D [1566 0 R /XYZ 139.477 165.687 null] +>> endobj +1605 0 obj << +/D [1566 0 R /XYZ 247.932 154.031 null] +>> endobj +967 0 obj << +/D [1566 0 R /XYZ 71.731 126.135 null] +>> endobj +1565 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F50 1263 0 R /F51 1265 0 R /F38 956 0 R /F48 1258 0 R /F55 1386 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1609 0 obj << +/Length 1711 +/Filter /FlateDecode +>> +stream +xÚÍXKÛ6Ÿï¯ð¡ÀÚÀŠKRï9€I7HEÑè!遶h[ˆ^¥žÎ¯ï +ʒ¬M¶=õDR&9¯o†ß˜®Ž+ºzw÷ÓöîñÉ÷W)I# +­¶‡•G$Œ‚Uìs’„|µÍV×oN¢éd»ñxHלØñM]6y‘WG»Uf'y¥:Q˜þÜþrGQÔãW,&œ +äù4 ÈöxL +¬$NR}}œ¬ï+;Q¢<‰ŒÒ—®l€k“„3ž Tc{Áëàšê÷{©Ô¡/œby—‹"ÿ*ºŒ®ì·ú`Çî$íd'”Ýq•‰Nè/vy©{;Ù +<ßö8qZ¢$;ÞïOrÿùÞ.Ê:s2.ÚðŠÇÀސYÍ»K>ûÑÚÒUBh”ÆÚNØȉXj7ªÓž‰6±”øQ +{í +§NDéÚëìhŽYð£‡g'ŽÜnpÏ·¬ +Gç+YÖÕ³ž’9ø#Ó+9sûŸ.ËAWÿ×Í5T÷ÞÛ{Œœv–ÝXöÈÏ +þujdVŸ(åÇŸ +B)pÃTž™(ôÖH}u‘êžX·Äpk`DRøàñˆD•Øæ +F8HÆ[aÊŒ?N±ßIÕÙ +%‚Y +6>úAo3êÁDkߪ¿æ¥Ü°pý`—— +‡œ]”BŸ¿ØÅYï•;VÛÑi|û5H°À űó‰ +äØ +šå1@oYã<U—Ç +hÕ=Üx두@Š +q:œ êŒ2˜ +mÄà +°Fs@àQh-š°mO9~†¢VkOÕÔQª©»«l<µŸÞJ¡ê¥èIœø²ááZV]/ +ûµi띎X!K”WjÅûý O •ƒ €Ã+öÆå5ŠI +D+/ö +]qe­zÊ +éÌrŽÉòVî;­ Q­ÃE+W÷Ýȝ +òñIèNÎñy‡ëgf‰î +b} +2F¡Ò¡ðuÕÉlÀq«–ƹ;†nùmlÌ"Œ·—Âó±wá±uB¹EHMª‘#¹ÉWd,ìr{œd2,N!P!b‹° +¹Iè0Zï€ +ÏN +)"ø»•™Ïü_¬ÌŽ®Š +ÜLÙ°~Ò0yÑ·x“1 +FY)ü‚I9 +Ÿ™;“Œó‚ËnŽnlÙ +Z ºk© +¥Ê8â֝ËQ5Þ³ÈQ +ÐH)ðƒru%g—º•µ+™‡VþÕKW mƪ +”$çÖ}Ót®åí$’ +›3ÙA ”ñî5¯â7yÍӀè¹ÆħãÌf®b闻ùJ_8OønŒ©1°Ÿ26(a1IcýxYâ“(Ɨìçá|û˜Hš™óÀv€Y`B-Б0$ÉPùE+qËørpH¡Æ=í&€òTw +wAÕIøˆa`¡žs_FÂ`ÐY +6 +‚%1ÿ"GZ/*ì_5Ÿ¡”ÍC +¿i¯ ÊCFöm +ï¡PjP=ù¢Ã6ŽŒ€@J»ÃßZŽ^—‘ހ©òwxë€Õ +tº ye¹®E/êæÁQ3úæ$eR®JfSŠûrR¥ + $.>€¡d‚¢ÕÇá‡áx@Â¥=‡º]âyáÔŸû[”­²3ê(ºxBµrtÓÃ÷žß"?gðüù‰U†E†ÎˆÌP +ÁS‡ühÊ«!éžéa ^ÑBÈ·ÒÑóÂb®#NRŸ?Ÿ”ì¹€|œ)‰’àú–Ž@¡ëÃö)ñãÁª|Ú˜33w +‡] ÅJ-ž8·æ9s‘0/”k–žA(YèItý£&idˆjÞÖQR4øÎë}õKP|íOêã-®Ý +.Qnœ§ +ŠmÓY:O5¯ƒßn4kòl,›Xûl\'ýÛûÃ3¡@¿cþ¢è#äf‰‡YÀF{JYî†Q"A¹± +ôþð"óRù»Å#Ôµ©)3$9üԓö³ +\.ª +4àºwKøÿ󁁻]ÿ> endobj +1606 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [458.059 322.416 504.883 333.32] +/Subtype /Link +/A << /S /GoTo /D (0:TRUSTEDEXAMPLE) >> +>> endobj +1610 0 obj << +/D [1608 0 R /XYZ 71.731 729.265 null] +>> endobj +58 0 obj << +/D [1608 0 R /XYZ 213.326 705.748 null] +>> endobj +1611 0 obj << +/D [1608 0 R /XYZ 71.731 685.607 null] +>> endobj +1612 0 obj << +/D [1608 0 R /XYZ 388.759 672.871 null] +>> endobj +1613 0 obj << +/D [1608 0 R /XYZ 71.731 647.8 null] +>> endobj +1614 0 obj << +/D [1608 0 R /XYZ 71.731 647.8 null] +>> endobj +1615 0 obj << +/D [1608 0 R /XYZ 138.919 638.301 null] +>> endobj +1616 0 obj << +/D [1608 0 R /XYZ 71.731 617.314 null] +>> endobj +1617 0 obj << +/D [1608 0 R /XYZ 148.085 605.424 null] +>> endobj +1618 0 obj << +/D [1608 0 R /XYZ 71.731 590.316 null] +>> endobj +1619 0 obj << +/D [1608 0 R /XYZ 71.731 575.372 null] +>> endobj +1620 0 obj << +/D [1608 0 R /XYZ 139.477 554.216 null] +>> endobj +968 0 obj << +/D [1608 0 R /XYZ 71.731 514.664 null] +>> endobj +62 0 obj << +/D [1608 0 R /XYZ 322.763 469.41 null] +>> endobj +1621 0 obj << +/D [1608 0 R /XYZ 71.731 465.846 null] +>> endobj +1622 0 obj << +/D [1608 0 R /XYZ 71.731 450.903 null] +>> endobj +1623 0 obj << +/D [1608 0 R /XYZ 158.405 442.81 null] +>> endobj +1624 0 obj << +/D [1608 0 R /XYZ 266.412 442.81 null] +>> endobj +1625 0 obj << +/D [1608 0 R /XYZ 230.305 419.497 null] +>> endobj +1409 0 obj << +/D [1608 0 R /XYZ 76.712 401.564 null] +>> endobj +66 0 obj << +/D [1608 0 R /XYZ 385.269 362.192 null] +>> endobj +1626 0 obj << +/D [1608 0 R /XYZ 71.731 359.222 null] +>> endobj +1627 0 obj << +/D [1608 0 R /XYZ 71.731 356.353 null] +>> endobj +1628 0 obj << +/D [1608 0 R /XYZ 129.514 338.521 null] +>> endobj +1629 0 obj << +/D [1608 0 R /XYZ 129.514 338.521 null] +>> endobj +1630 0 obj << +/D [1608 0 R /XYZ 199.979 338.521 null] +>> endobj +1631 0 obj << +/D [1608 0 R /XYZ 250.35 338.521 null] +>> endobj +1632 0 obj << +/D [1608 0 R /XYZ 71.731 305.48 null] +>> endobj +1633 0 obj << +/D [1608 0 R /XYZ 71.731 305.48 null] +>> endobj +1634 0 obj << +/D [1608 0 R /XYZ 153.724 295.98 null] +>> endobj +1635 0 obj << +/D [1608 0 R /XYZ 71.731 294.887 null] +>> endobj +1636 0 obj << +/D [1608 0 R /XYZ 129.514 278.048 null] +>> endobj +1637 0 obj << +/D [1608 0 R /XYZ 139.198 278.048 null] +>> endobj +1638 0 obj << +/D [1608 0 R /XYZ 423.11 278.048 null] +>> endobj +1639 0 obj << +/D [1608 0 R /XYZ 71.731 243.014 null] +>> endobj +1640 0 obj << +/D [1608 0 R /XYZ 339.534 219.268 null] +>> endobj +1641 0 obj << +/D [1608 0 R /XYZ 389.905 219.268 null] +>> endobj +1642 0 obj << +/D [1608 0 R /XYZ 71.731 204.16 null] +>> endobj +1643 0 obj << +/D [1608 0 R /XYZ 71.731 189.216 null] +>> endobj +1644 0 obj << +/D [1608 0 R /XYZ 280.893 179.716 null] +>> endobj +1645 0 obj << +/D [1608 0 R /XYZ 469.678 179.716 null] +>> endobj +1646 0 obj << +/D [1608 0 R /XYZ 165.21 168.06 null] +>> endobj +1647 0 obj << +/D [1608 0 R /XYZ 410.832 168.06 null] +>> endobj +1648 0 obj << +/D [1608 0 R /XYZ 71.731 128.508 null] +>> endobj +1607 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F50 1263 0 R /F51 1265 0 R /F48 1258 0 R /F55 1386 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1651 0 obj << +/Length 1956 +/Filter /FlateDecode +>> +stream +xÚµZ]›V}ß_Á£WZ®ï\š”‡6ÝMR%iš8j¥$ªX›]#apgãß¹Ÿ +6k¯ +y±±gÎÌ +Î +˜‹œ{{¯.~›]Loób‡4ôfw +! +Bî FQPo¶ðŸL^.“u“V—> +ð„"ýþ²\­³<+îõÇ€X胬š›$W?|›ýq«é + +<Âã!•Žà\0¡òމöDÁHyÑä÷¬JçM ~ žlõwyrIåLÊM#=@€ö| ]m°NVË$+4ŽyYܕժ֟šÒŒ/S}póúӕ>zXfó¥>\A`I“šÿ$úmamõÇ<ÙJ0ÆZbŽ²Úž|'áÞ¥UZ˜Ÿîªrµã|‘Þ]B˜É&WQÉ8Eq`óêýç}__q€Siûû% &iµm–® +6æzskÑf6ŠM±€jªÜ؋ wPqÈ +‰¢ßÊç4mæÓŒœ'yOž†D +ÙS Aú,(ó£EŸRHÂAˆBl‚™eë_ôÉ¥ñŒ.­WûMŸƒy4ËZ’õª&ˆ +Ž~öÒÝÇÂ@£(·çÙX«t'sêCÖ,{|ø4†z‰ ›ÝgÅÜÏo}ŠÏ#DIl¬•MÚÇo:Ž¹Y9)nm7¶„µ\8廌Àá®Û«N }õŒy|jŸÈ\œ¹“²^úW²¬è­w‹®€<+lnÓŒ”dxž +±MoGd|Ê°¢„`' +FEË +þÙypª—An~M¥eí¯ÞSõ^¥5hpÝj+já¢AŒøcþÚBsIdšêÏŸ¿ÖåO?Ú +c“qÄ ÿáãõ͛Ôªy=»øïBR{ª£ÖbÔ +°ð櫋/ß°·€a@ +døAºò8YV +˜{Ÿ.þúF$Ý9gÂ#X.ö1çƆê4àÒyÌ!¡°Œ±l Äf{›P›ý +PŠQã™RˆOìx–ë|ŸcF \ã8f”£ì†Œ­e_ÒëœCŽšÅ7—êEíøV‹;¬MÚë>€D‘sBï¡ +Ø a0»C(î†1”žšÌŽ.9î +ŠlSóÔÕë˜;‚_Çܖ_Ùe‘Êì}OöŸÏÂ&,“˜p$# +¶ñ +& +5¢˜=pÕ +IÐô +adïM]éÆ{*ñ§F@à8õÆŽ€SÅž÷xZGðêô°ãU5[É)<Ùs÷ÀŽPÃø;І¢/‹Tß? +}9Žî°Þ/˜°`ÂqlÀÒ9`CH‚±˜"†Çé +Y + ÛŠ\7SóàgzP"ǀ`©ö4„ƒ"9+’]òÑ5ÀxR(Çðl +²ëÙe; OŠæé(öé(m€©A” +jC1Z„™qÚI&à;ûpö˜dŽáØñžíxZ6ËôÀ#¡Ó +ïÓp€ Ë¡&\ýÁ†ޓ +6¢XÒ` + +RX»˜GºÆ1Œ;*õy?Þ7ŽÁIb„CÝ㟝(öø>ÖCžî¿‡ +`ƒÓ=äFzhh1žEeÑÎðBÎ욢Îî‹€ÑCJ9œHšä6©Í§‡Ì6k·ö›*kšŽpSl5WA.ÈXžÁÂÞcÞ +€#8°Sß<»u«·yÿW£œÚ™Y¯³E'3ŸÄPKÖ +_÷£·œœҝ=­6 + +W;» +ÆŒŒßOx? +΁¹á™xÀË +›Mo +“Ù"À©“b¶U$‹E&G»ý™» +ŠÎ¯gïÞ¶ŠMýÜ „@,¢‚’°Ô +Z6«Ü„áçÌlµ0Ëåì2³§â>m:&VeÕâ}‘ú÷•ê}MU–—ÅnÕpn—{Ýá_߈®:ìæò»ºýÐ9Ž@¡K” +ÖÛXðëJÍ+¿g +€ÞÝݶŠ +|*¯ŠÌ +qX”}XXä P?©§4ØýW{ï:²|_Ne}‹Ûו~qóæíuøXŽGµàHhÀNnä Öä÷n'“©IÌG,t0H7B,–àKÆÎRN3GbŒ$Ht^Œ;*p8.žV¡ÑQÑó£U: +QtnD;Ú{4" +¯“\˜Ž#Çç +ôì%ñyä$ eƒƒ–ª÷ƒ>®ëòMVf—É|ëö\= + ÂÐ*ù: 2;âéüú°ÿÏA) +endstream +endobj +1650 0 obj << +/Type /Page +/Contents 1651 0 R +/Resources 1649 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1562 0 R +>> endobj +1652 0 obj << +/D [1650 0 R /XYZ 71.731 729.265 null] +>> endobj +70 0 obj << +/D [1650 0 R /XYZ 276.124 707.841 null] +>> endobj +1653 0 obj << +/D [1650 0 R /XYZ 71.731 684.946 null] +>> endobj +1654 0 obj << +/D [1650 0 R /XYZ 71.731 684.946 null] +>> endobj +1655 0 obj << +/D [1650 0 R /XYZ 312.835 662.013 null] +>> endobj +1656 0 obj << +/D [1650 0 R /XYZ 71.731 659.856 null] +>> endobj +1657 0 obj << +/D [1650 0 R /XYZ 71.731 644.912 null] +>> endobj +1658 0 obj << +/D [1650 0 R /XYZ 232.663 635.412 null] +>> endobj +1659 0 obj << +/D [1650 0 R /XYZ 375.818 635.412 null] +>> endobj +1660 0 obj << +/D [1650 0 R /XYZ 274.814 623.756 null] +>> endobj +1661 0 obj << +/D [1650 0 R /XYZ 402.928 623.756 null] +>> endobj +1662 0 obj << +/D [1650 0 R /XYZ 139.477 612.1 null] +>> endobj +1663 0 obj << +/D [1650 0 R /XYZ 76.712 595.462 null] +>> endobj +1664 0 obj << +/D [1650 0 R /XYZ 71.731 575.537 null] +>> endobj +1665 0 obj << +/D [1650 0 R /XYZ 195.507 563.881 null] +>> endobj +1666 0 obj << +/D [1650 0 R /XYZ 275.827 563.881 null] +>> endobj +1667 0 obj << +/D [1650 0 R /XYZ 330.785 563.881 null] +>> endobj +1668 0 obj << +/D [1650 0 R /XYZ 71.731 526.023 null] +>> endobj +1669 0 obj << +/D [1650 0 R /XYZ 378.976 513.071 null] +>> endobj +1670 0 obj << +/D [1650 0 R /XYZ 463.439 513.071 null] +>> endobj +1671 0 obj << +/D [1650 0 R /XYZ 71.731 510.914 null] +>> endobj +1672 0 obj << +/D [1650 0 R /XYZ 71.731 499.706 null] +>> endobj +1673 0 obj << +/D [1650 0 R /XYZ 71.731 499.706 null] +>> endobj +1674 0 obj << +/D [1650 0 R /XYZ 71.731 341.301 null] +>> endobj +1675 0 obj << +/D [1650 0 R /XYZ 299.405 331.338 null] +>> endobj +1677 0 obj << +/D [1650 0 R /XYZ 129.793 318.387 null] +>> endobj +1678 0 obj << +/D [1650 0 R /XYZ 344.51 318.387 null] +>> endobj +1679 0 obj << +/D [1650 0 R /XYZ 157.19 305.435 null] +>> endobj +1680 0 obj << +/D [1650 0 R /XYZ 296.934 305.435 null] +>> endobj +1681 0 obj << +/D [1650 0 R /XYZ 71.731 283.353 null] +>> endobj +1682 0 obj << +/D [1650 0 R /XYZ 370.857 272.559 null] +>> endobj +1683 0 obj << +/D [1650 0 R /XYZ 499.753 272.559 null] +>> endobj +1684 0 obj << +/D [1650 0 R /XYZ 71.731 269.156 null] +>> endobj +1685 0 obj << +/D [1650 0 R /XYZ 129.514 252.135 null] +>> endobj +1686 0 obj << +/D [1650 0 R /XYZ 129.514 252.135 null] +>> endobj +1687 0 obj << +/D [1650 0 R /XYZ 71.731 249.978 null] +>> endobj +1688 0 obj << +/D [1650 0 R /XYZ 129.514 234.202 null] +>> endobj +1689 0 obj << +/D [1650 0 R /XYZ 129.514 234.202 null] +>> endobj +1690 0 obj << +/D [1650 0 R /XYZ 71.731 232.046 null] +>> endobj +1691 0 obj << +/D [1650 0 R /XYZ 129.514 216.27 null] +>> endobj +1692 0 obj << +/D [1650 0 R /XYZ 129.514 216.27 null] +>> endobj +1693 0 obj << +/D [1650 0 R /XYZ 71.731 214.113 null] +>> endobj +1694 0 obj << +/D [1650 0 R /XYZ 129.514 198.337 null] +>> endobj +1695 0 obj << +/D [1650 0 R /XYZ 129.514 198.337 null] +>> endobj +1696 0 obj << +/D [1650 0 R /XYZ 71.731 196.18 null] +>> endobj +1697 0 obj << +/D [1650 0 R /XYZ 129.514 180.404 null] +>> endobj +1698 0 obj << +/D [1650 0 R /XYZ 129.514 180.404 null] +>> endobj +1699 0 obj << +/D [1650 0 R /XYZ 71.731 161.226 null] +>> endobj +1649 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F50 1263 0 R /F48 1258 0 R /F60 1440 0 R /F55 1386 0 R /F38 956 0 R /F70 1676 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1702 0 obj << +/Length 1688 +/Filter /FlateDecode +>> +stream +xÚµZ]s£6}ϯàљÙÈúFô­Ým:»Óv¶ÝŒíîtˆMf0ž6ÞLþ}¯ÀàÈÄBôÉ2ç +Ýs$®„qôáè·«_·ŒE J$•ÑÝCÄb‰„äQÌ(R‚FwëèëâýSº­³Ýõ +xA‘ù|_m¶y‘—ækZ®M#/÷uZ4?|¿ût +mšå-áˆqIu è#LšnÀ'1‘("1 +!V‹¿eo2óåÆŽÈöÓ@”Ñ@áè†qÄã!±(_j –Uiªù\]SŒ(ò¬¬ž¿Þ]ý{E +GÀ€Á¥ÄHJ­6W_¿ãh +?~ŠZĪœ¥lË,[ÛÀº¶ìÒÕ*ÛÛîõ5YT¶Ù²_ëÅ +ÆÚT‡zx7])b3ÈvÁÄwº?‡û¶Õ@0Ñ\²S€i¯»¢ƒé¢£¹–Û[WO› +ž¬Í7!„iT¥íf +ێΫ™KkˎwCæ'Cæœ!ÉÊÜgÉr˜LMµ¬KÙf ²?P›’!s‚q+ÀÏû“ìí_öu¶1í¢- +œ(͵Ãþã²_r +Véì>—­€÷ºZ~9:æÝIH› +¥ÇÛÖ§Ÿ³8Ž±®³‡kà” + +{Ój—¥_,ðáÞ5³÷зË‘/݊øphz0aB†‚4BêJ+™¥6áº,ŒÕå;‘i±UÉ ö„ˆžõ#¥‰7S‡Zº”LÄЂ3(nŸ§ÕÑ“Þ{‘‰ +ÜÊ÷9L،Œ¡Œ?Õײi +Æ‹Ò`F|IÃbñ™ŠIžçVd"§ô³nEüY: +Œe êþ ÝVäxÎÚ¡ÑvXý­oëwSºµEçA+Ÿå •*üöÑC +Æt>aÁ zšP)Qd–ê†J +ˆÝ³Ü殩Ah +ÓY¢êuhõƒžH +uðëÉ©„á³0` ABÑ +?ªuæžl1L6ÿšÙ%ü>~\xwBAïð)6OEEEŠÚùjOÍFü3-ò`imý3|Ÿ—î5•ÅMŸÚ5õ,ÃÎ_3äŠóWŸbŒñˆ¿Œ£:¬’Ú+£q—^{9»@>®ÄÀ]»Õˆ¿ŠÅvúkúe¿ªÊ·Å 6¡äÔb.šÉfHQg²>O9j2 +?œÀe¡ Íà“ˆy^XPø$œ +l†ÔˆÍŠÅvÚ¬z“ž[Å(’øžŠA?µ +áÙùl† +u>ë•œøÌ;ªÃ"Dér.Ðg¡ Ï ‡"óŒ¥X"u²˜!1â³i±>;†öp™XŽòì|6CŽ:Ÿ +‰Ž»Ì;ŠÃ €!IhI +¢]F “\ÎS’È$oßæ|Ã[ +ÿÙgõöy +WÈyËM$â²Ü€‡o +fɞ÷Ü +k=7`:ZšùG}mA¡¡çb +Ë<Çl$–ˆéð\¥Eýô†éŠ1qš®OÄßt†íˆëfÈYçº>Õq×yGu8&¥‚mç2òڙè×* +œÒœyíì>Ž!$†LV Á Í\Ò9àóŒl"X ÎÈ%ç1s„m'N?ªÇÌ +ºÑç0~"ãÖ¡<`PÎ|”Çgÿ‘*ÀàLÄWP–XO:øo) +ä?7ˆj + +endstream +endobj +1701 0 obj << +/Type /Page +/Contents 1702 0 R +/Resources 1700 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1562 0 R +>> endobj +1703 0 obj << +/D [1701 0 R /XYZ 71.731 729.265 null] +>> endobj +74 0 obj << +/D [1701 0 R /XYZ 257.488 707.841 null] +>> endobj +1704 0 obj << +/D [1701 0 R /XYZ 71.731 707.662 null] +>> endobj +78 0 obj << +/D [1701 0 R /XYZ 283.431 673.37 null] +>> endobj +1705 0 obj << +/D [1701 0 R /XYZ 71.731 673.221 null] +>> endobj +1706 0 obj << +/D [1701 0 R /XYZ 71.731 660.867 null] +>> endobj +1707 0 obj << +/D [1701 0 R /XYZ 71.731 660.867 null] +>> endobj +1708 0 obj << +/D [1701 0 R /XYZ 71.731 589.136 null] +>> endobj +82 0 obj << +/D [1701 0 R /XYZ 206.739 556.658 null] +>> endobj +1709 0 obj << +/D [1701 0 R /XYZ 71.731 556.509 null] +>> endobj +1710 0 obj << +/D [1701 0 R /XYZ 71.731 541.565 null] +>> endobj +1711 0 obj << +/D [1701 0 R /XYZ 76.712 465.5 null] +>> endobj +1712 0 obj << +/D [1701 0 R /XYZ 71.731 445.575 null] +>> endobj +1713 0 obj << +/D [1701 0 R /XYZ 71.731 445.575 null] +>> endobj +1714 0 obj << +/D [1701 0 R /XYZ 71.731 363.881 null] +>> endobj +86 0 obj << +/D [1701 0 R /XYZ 258.306 327.498 null] +>> endobj +1715 0 obj << +/D [1701 0 R /XYZ 71.731 327.318 null] +>> endobj +90 0 obj << +/D [1701 0 R /XYZ 283.431 293.027 null] +>> endobj +1716 0 obj << +/D [1701 0 R /XYZ 71.731 292.877 null] +>> endobj +1717 0 obj << +/D [1701 0 R /XYZ 71.731 280.524 null] +>> endobj +1718 0 obj << +/D [1701 0 R /XYZ 71.731 280.524 null] +>> endobj +1719 0 obj << +/D [1701 0 R /XYZ 71.731 162.766 null] +>> endobj +94 0 obj << +/D [1701 0 R /XYZ 206.739 130.287 null] +>> endobj +1720 0 obj << +/D [1701 0 R /XYZ 71.731 130.138 null] +>> endobj +1721 0 obj << +/D [1701 0 R /XYZ 71.731 117.784 null] +>> endobj +1722 0 obj << +/D [1701 0 R /XYZ 71.731 117.784 null] +>> endobj +1700 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F70 1676 0 R /F48 1258 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1725 0 obj << +/Length 1591 +/Filter /FlateDecode +>> +stream +xÚí™ËŽÛ6†÷óZtáYˆ&E‘”Ú¢@$i +€hï’ eÙ&"K +]fâ¢ßC‘”%Gš/Ùu3Šlò\þóéÒ`oãaïíÝ/‹»ùJœÅ<àÞbíQÁã¡'h€"x‹•÷aöj›ì›¬º÷†gҟ¯ÊÝ^æ²ØèË€Xé,ê&É»>-~¿ÃÆÕëÅÝà +!öˆGHŒX$B +/ÝÝ}ø„œüø»‡#者ºóBLåŒsïýÝ_߈`Ä8 +Â)#0=DqvhG°Ac°ÅPÌšÖîÌ³Nˆ‘ +ÁMÜL ŒþŠ‹©šˆh֔ÏC Q~›„@c‚XŒcxW® +™3Iv[G塬„Óë*ÏA +œ›>%ŽÂsãX§h§ +™WœŒ‚lǺœÖKY¬d¥üžÄHŠ#¥C7oîŽÎ2qM,£ðÆ/q¶Óç@ðH ( ×õ“«tT‰qÝ+ÁçüˆUÚäd]æىÖÐñYh9#ì麁6=^çñ:Û« +°NÛø|]k€ã +*D)» +_ +ᑯ*Àë2ÇNŒ†~ëC–ÅÚMø&抱ìâô€ +ƒä“€íÕÁØ ”_ صF:ÀB‚â˜Þ°æEÄ:ÙmY h‚±Ë|;ºÞ%/u0h +øØÁ`^ÔAæ +²‡ìõ +£„‹ ÈÎöêàlˆ˜^ ÙµF:ÈŽøšX#NãcUŠØe9wB6ô}dÌt2W”=f×KÔS6 +sš²s:ø!»ö(v­‘2BÅ7:ŠÁŒ #Ê>×Y³ZM€vYNÒFþÏ9‘œeÚ +dêI†9}*;Û«ƒ°Aàã:ÔÎ7bŸƒ ”†°®Lš"(Âhè™Si€ÀŽ~_l3ó@žÕMÝÊ&s/ԏŸz#Œ†ï5jú +KZî²ZŸd³5ï_ô‡6Ú +˵þ|Œ'l–Uò#ÆAš4²,æUŠŸÛTY]Ã¥žÖ +€‡y ó²þ}Žù}k‚e#.cH/²€)sGJÐxàæ1“êv ÔÂ#BY +Ƒ*uàHx>»ŽÙsCÙV©I­©² +uSñX'-0ÌXUò>`6w£MZÉ}c²ª +Ɂx0NFýAõ֑›~²})fÞ|iͱHek.’êžD³M»ËŠŠ/bžëÑŸ*UÀreÒš¡ÔzÔÖÉÆšCB¥9Ë#‹uYíºòšXz-†y×In*»4¿§öM‘ +¯þÞ! +š +á$>*£Dñá<<ûPî•Óú“^'ÂÁº˜£¢F£]’#ÂGŠ.ÚÝ2« +ÆXŒˆèçþä(‰O8e‚ÿ™ø†L`®û3&–IœýÎL#ƒipëcFœú¹ðQ/$Q,0év]µ9ðà”Ÿ¡yûx‘Ÿ‘5FÕ: +O€±šâŠg_B³\æÙ³n™T™ëž!¶€x,¹‡ú@ÒŸ¯“×ïÐ3}¡{¹ÁÑð G+¹^g`¡/V¶ó<ŒßeNLÿšX +×m‘ªe£U&;z²ê}§×$/ +“,d3O·YúÅå3üyƀ Œ4è +:k +Ù;;S¬Äú±1ül¿0ýÈ:(ÊÂOöû\ŠÉÒö—Áœ»šÑÒüX‘û}¶²ŽO;#@™ŸÈOú"œäÊM!ÿ¶» +íQ¶7Ú=D®áÞ,Õ.ü€7•þÿƒ]£V- +ömA£'ÿ©T#jÛ¹ÿðï?Ž2k\jÕÕû]ùÒÄÙ6û¶ùÁ +›ÓÃóõ=XeÞÚžem³Ü—U&~”ú³;Fµ{zÝ$Mkæwæl6™¥qÌ> endobj +1726 0 obj << +/D [1724 0 R /XYZ 71.731 729.265 null] +>> endobj +969 0 obj << +/D [1724 0 R /XYZ 71.731 581.021 null] +>> endobj +98 0 obj << +/D [1724 0 R /XYZ 220.987 538.756 null] +>> endobj +1727 0 obj << +/D [1724 0 R /XYZ 71.731 518.616 null] +>> endobj +1728 0 obj << +/D [1724 0 R /XYZ 71.731 518.616 null] +>> endobj +1729 0 obj << +/D [1724 0 R /XYZ 411.732 505.879 null] +>> endobj +1730 0 obj << +/D [1724 0 R /XYZ 71.731 472.903 null] +>> endobj +1731 0 obj << +/D [1724 0 R /XYZ 197.18 460.051 null] +>> endobj +1732 0 obj << +/D [1724 0 R /XYZ 71.731 434.98 null] +>> endobj +1734 0 obj << +/D [1724 0 R /XYZ 71.731 404.175 null] +>> endobj +1735 0 obj << +/D [1724 0 R /XYZ 197.18 392.604 null] +>> endobj +1736 0 obj << +/D [1724 0 R /XYZ 71.731 367.533 null] +>> endobj +1737 0 obj << +/D [1724 0 R /XYZ 71.731 367.533 null] +>> endobj +1738 0 obj << +/D [1724 0 R /XYZ 148.603 358.034 null] +>> endobj +1740 0 obj << +/D [1724 0 R /XYZ 71.731 337.015 null] +>> endobj +1741 0 obj << +/D [1724 0 R /XYZ 71.731 313.037 null] +>> endobj +1742 0 obj << +/D [1724 0 R /XYZ 71.731 130.7 null] +>> endobj +1743 0 obj << +/D [1724 0 R /XYZ 71.731 116.973 null] +>> endobj +1744 0 obj << +/D [1724 0 R /XYZ 71.731 115.727 null] +>> endobj +1745 0 obj << +/D [1724 0 R /XYZ 137.484 98.706 null] +>> endobj +1746 0 obj << +/D [1724 0 R /XYZ 137.484 98.706 null] +>> endobj +1747 0 obj << +/D [1724 0 R /XYZ 71.731 96.549 null] +>> endobj +1723 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F70 1676 0 R /F50 1263 0 R /F74 1733 0 R /F51 1265 0 R /F94 1739 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1750 0 obj << +/Length 1526 +/Filter /FlateDecode +>> +stream +xڕXM“œ6œï¯àæ¡Êh$\åƒc;©Jåg*9Ä©Ëhfš0ˆ•`7“òOë +¯œ— +©ûõë§îfqp +pðÓÝ»»í”*²8 +v‡€² +¥Y0£<ƒÝ>øsóþTv=—a§x#{}/Î]ÝÔíÑþ,Ûœœ©[՗yñ×îç;ì\ù+ø#Wþ¢8)Nb}ƒRœ[‡àãzƒfiôø%Š +¹ŒŠëM +û)Fiá×~❐œÃ»ß×}-Ú²ñ°BžKýhî<ˆ2°TD„¡€Sô TœèDË¥\Ø#LÇå¿ÁJ +ééÄ[Ö^z® +úCHàiÝš¬€±HæX“`ZU +/Û¡[CJQ‘ä~ñÑŸ +IŸq˜Ì6{;žŽ +B.{Ÿ_âߗœ‹é3Nñ øapyè +ÏG˜àÍcHÒ +쪏aºCnÍÉÝH^*á|BúfdyŠÉÁ¹! +B!sžÒ—ð€dHÙŠÚ×ò-Bh +«$C,Mý†]Èð†7Í"UɺëQ +Ú_â°Ü#Yy&$班pŠZ^q¥Jyq\:rð\Iq^XÕªƒ ‚ÈáŽHŒŠ”Xô×.!b^õB^ÖXµ$ÍXÍ^Âj%!ߖÍSyQ_Z®³gûK9€,n)&ž@, +õøljC8r®#Ж“'˜ +äB+b軡wí·šGc­ìõ•öÿêšç[“À±¡Ïcšó×ïÁÓÜ蘬ñpËs +åè;ie/¡Õh•CUŸDðgM¬)ʧƒœ;y¢›„ÈÛòŸáëÕs:Ùý©ôqIŸˆtÔß  +fbTyßóF„qºyiØþ§AH¡+醑PhL Ï8C™‡«7³\ªƒÔª±š§6†7Ö9Ù*2„ãEÐã{¯ƒc8“ܜ윳CHŸà‚»'ÛáñŒœ +˜QoùÌ¡â§ùu +d™Îô:hH# +š‚.UV¡¥tlvï +à® +B)í]p‡E +•éã|BkïÔP÷î¡NÐô‚èÌŒ^q˜¬Á¯4eÿè?æ8ÂçڧãÞlaú`î'ûZæüž "BP–²ëˆ‘­B–wy4ŵŒ·J1–>ñ‡ʓ‹Œt—®“¢ +°Ÿ.}PŠ÷ŠK9ÿöà +«ÊÞ@24§hÆYÁ4Í؁s™ÛJnuÉn¶°/²X·÷u»]I‰á åãA{}Ë +t‹ŽëÕ3 X‚(» +B[uþÛ6µâ6ƒZ”$ãê +cFaºd +é×F°¯ +²“ŒöŽ×F +nö[‚HPÌFyþâÖY + §ÕkKKÉXuú +•ß÷šW¶Ô†‘™3Ë€ó +Ë¶<‚p¡ +¹ÙánäL`®Ö鬕çSY»šáëHÙ@9Ú_üÎc +èå?øj.ÿ™1Çxth}5bW‘ÔûB{®êcëͪÁ +iW{'14n­ÉF]ʜ).Gâû“窠~ÿšë2o{_ºuPFªCێ™4ÓH6mÅDŽ¬€^¡z¥ç12×$ý~MžMPͶª?êŸi{hŸ%R‚ J{V¥£íQ +[áÊÜÜÙó +žh6=ÂUWº%v^×£„Å2cnµÄÝæAØ÷¥z>£ÿ‚"§ +¶²ºéç¶Bz‹PïžÜvãR)œãIÇ+€‹êí,ÝŸ€Ûã±]\}ñ-Ö[ð9šF¡»»‡;\ +€dÑ" +(ôoBÒ :ßé4ÆCM$ðDɃÃݯk»€_Fb¿Ë®Îi> endobj +1751 0 obj << +/D [1749 0 R /XYZ 71.731 729.265 null] +>> endobj +1752 0 obj << +/D [1749 0 R /XYZ 137.484 708.344 null] +>> endobj +1753 0 obj << +/D [1749 0 R /XYZ 137.484 708.344 null] +>> endobj +1754 0 obj << +/D [1749 0 R /XYZ 71.731 706.187 null] +>> endobj +1755 0 obj << +/D [1749 0 R /XYZ 137.484 690.411 null] +>> endobj +1756 0 obj << +/D [1749 0 R /XYZ 137.484 690.411 null] +>> endobj +1757 0 obj << +/D [1749 0 R /XYZ 71.731 688.254 null] +>> endobj +1758 0 obj << +/D [1749 0 R /XYZ 137.484 672.478 null] +>> endobj +1759 0 obj << +/D [1749 0 R /XYZ 137.484 672.478 null] +>> endobj +1760 0 obj << +/D [1749 0 R /XYZ 71.731 670.321 null] +>> endobj +1761 0 obj << +/D [1749 0 R /XYZ 137.484 654.545 null] +>> endobj +1762 0 obj << +/D [1749 0 R /XYZ 137.484 654.545 null] +>> endobj +1763 0 obj << +/D [1749 0 R /XYZ 71.731 639.437 null] +>> endobj +1764 0 obj << +/D [1749 0 R /XYZ 137.484 623.661 null] +>> endobj +1765 0 obj << +/D [1749 0 R /XYZ 137.484 623.661 null] +>> endobj +1766 0 obj << +/D [1749 0 R /XYZ 71.731 608.927 null] +>> endobj +1767 0 obj << +/D [1749 0 R /XYZ 137.484 592.777 null] +>> endobj +1768 0 obj << +/D [1749 0 R /XYZ 137.484 592.777 null] +>> endobj +1769 0 obj << +/D [1749 0 R /XYZ 71.731 590.62 null] +>> endobj +1770 0 obj << +/D [1749 0 R /XYZ 71.731 575.676 null] +>> endobj +1771 0 obj << +/D [1749 0 R /XYZ 71.731 564.182 null] +>> endobj +1772 0 obj << +/D [1749 0 R /XYZ 71.731 559.201 null] +>> endobj +1773 0 obj << +/D [1749 0 R /XYZ 157.41 539.577 null] +>> endobj +1774 0 obj << +/D [1749 0 R /XYZ 157.41 539.577 null] +>> endobj +1775 0 obj << +/D [1749 0 R /XYZ 364.731 539.577 null] +>> endobj +1776 0 obj << +/D [1749 0 R /XYZ 414.293 527.92 null] +>> endobj +1777 0 obj << +/D [1749 0 R /XYZ 157.41 516.264 null] +>> endobj +1778 0 obj << +/D [1749 0 R /XYZ 357.673 516.264 null] +>> endobj +1779 0 obj << +/D [1749 0 R /XYZ 71.731 514.377 null] +>> endobj +1780 0 obj << +/D [1749 0 R /XYZ 157.41 499.626 null] +>> endobj +1781 0 obj << +/D [1749 0 R /XYZ 157.41 499.626 null] +>> endobj +1782 0 obj << +/D [1749 0 R /XYZ 266.054 499.626 null] +>> endobj +1783 0 obj << +/D [1749 0 R /XYZ 71.731 462.663 null] +>> endobj +1784 0 obj << +/D [1749 0 R /XYZ 157.41 448.02 null] +>> endobj +1785 0 obj << +/D [1749 0 R /XYZ 157.41 448.02 null] +>> endobj +1786 0 obj << +/D [1749 0 R /XYZ 303.192 448.02 null] +>> endobj +1787 0 obj << +/D [1749 0 R /XYZ 356.873 448.02 null] +>> endobj +1788 0 obj << +/D [1749 0 R /XYZ 76.712 408.07 null] +>> endobj +1789 0 obj << +/D [1749 0 R /XYZ 166.376 352.593 null] +>> endobj +1748 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F25 852 0 R /F48 1258 0 R /F55 1386 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1793 0 obj << +/Length 1564 +/Filter /FlateDecode +>> +stream +xÚµXݓ›6Ï_á·3C`ŒÝ·|6étÚNΙf&Ƀ +:[s€(q®}Wh%Àæ®é4}1 +ˆÕ~üö·+ÓÅaA?=¡x}Ÿ{òôuœ.bJÖé&]ìnYD²$Zd4!q²^ìŠÅÇå‹#k4oƒ0Î6˄ØëOŒæ-+íM§XÑå!á—ÛgµÔ\Ÿw?÷[D‰£te¶ ‹0 +]"«ˆé²CG”f÷.¹g®Ýʖ›Z9Ž²« +bŸì5Y¹’.­:˜œ‹ؔA%†QL¶)V¡âúœrY¢4>t-39³͓Òå²ÅkýO¥††>+ŠqÿŸÄRšM—.`ëv& %ە_7*•> +Iº%›õãã"­.=U÷Jóê]gvmW„nÒs&Ek’Š +ä#8ûè=Žñ9Þ +Æ°î<ð¹-/ +E‚U;—tÄtÙ#ÿüëŠäš»÷ÎNyûgI]ÀëAq +ýªƒ×óÞÑ©[¬ix]ˆ¯d&•tJ»`; +‚òlÑNŠÆµŒr׊úp‡œ”®žùŸ +¯s> +zÞËÀÙ_DÝ}uOéKŸ̑Ç;^ +™«èÎZJŒñ±»én^Áw>ÿáùÍKodÉZ¡ðîÍïáû(?{뀷ïÞ~@{Ç} I2²ZyŽ«Ø]жžðå$⌬,Ã> +—H +ö¶N__ü®]cÅ{Ùµ—¥qëÂÔçæ2üãüt“Ɔ™ðŠÛ + +·-ϵu +͜ÐÆo7O +€o+É}™ä¬®åYùù¶8`XqôV~ûõ²æ&{Ä¡ž‡Éz&¬6wH®²gő«×>†ž-wd¡åPÔPæ®Î\Grtm¢¯x‰Ñ9JSq§©†QuLšüá²Wf욒-27E†nð[•ºQ2ÆQòœ²»€h“ŀ£ªI¬ÄYV‰Jîq†Õ¢„ÎÀ•‰ñ +,'ƒæzfì)$W>‘˜ˆNËpÏò;Û© +cÁ3Öž˜=8 +ôYÔÖ%WžI?|mJ‘ +ÍKLjx.Lú\J"¿xÊé߁ÌßX +ð[3º{l·ÔŒ›h0>mçùÛU#$®ä¡:º +̕£n§œ—LÍ1»ž1oµ +ÆGsŸZqÈ œ4ŸòìKDë6®Z/K)+Ž¢Ä×àIm1zÜJÿñt`³ÏLêûÎaŸ€cφ»ÞQžš +ÉÙ©Ÿ•j=­8ë‘ÇŒüˆê)öQ©ž`‚:˶m²3­1NVã&Œ›r(¡‰ï +~šNÑ$ó\††Â“ÌbûËü0—’Ž*øbïW©ýÁ‡¡3÷]ɯόQŒ@³'òx +g> endobj +1794 0 obj << +/D [1792 0 R /XYZ 71.731 729.265 null] +>> endobj +970 0 obj << +/D [1792 0 R /XYZ 71.731 718.306 null] +>> endobj +102 0 obj << +/D [1792 0 R /XYZ 381.708 703.236 null] +>> endobj +971 0 obj << +/D [1792 0 R /XYZ 71.731 692.184 null] +>> endobj +106 0 obj << +/D [1792 0 R /XYZ 220.471 651.526 null] +>> endobj +1795 0 obj << +/D [1792 0 R /XYZ 71.731 631.386 null] +>> endobj +1796 0 obj << +/D [1792 0 R /XYZ 71.731 631.386 null] +>> endobj +1797 0 obj << +/D [1792 0 R /XYZ 71.731 618.53 null] +>> endobj +1798 0 obj << +/D [1792 0 R /XYZ 71.731 617.284 null] +>> endobj +1799 0 obj << +/D [1792 0 R /XYZ 129.514 598.226 null] +>> endobj +1800 0 obj << +/D [1792 0 R /XYZ 129.514 598.226 null] +>> endobj +1801 0 obj << +/D [1792 0 R /XYZ 71.731 596.203 null] +>> endobj +1802 0 obj << +/D [1792 0 R /XYZ 129.514 580.293 null] +>> endobj +1803 0 obj << +/D [1792 0 R /XYZ 129.514 580.293 null] +>> endobj +1804 0 obj << +/D [1792 0 R /XYZ 71.731 558.211 null] +>> endobj +1805 0 obj << +/D [1792 0 R /XYZ 166.216 547.416 null] +>> endobj +1806 0 obj << +/D [1792 0 R /XYZ 219.904 547.416 null] +>> endobj +1807 0 obj << +/D [1792 0 R /XYZ 394.787 534.465 null] +>> endobj +1808 0 obj << +/D [1792 0 R /XYZ 448.475 534.465 null] +>> endobj +1809 0 obj << +/D [1792 0 R /XYZ 213.637 521.513 null] +>> endobj +1810 0 obj << +/D [1792 0 R /XYZ 71.731 473.528 null] +>> endobj +1811 0 obj << +/D [1792 0 R /XYZ 71.731 473.528 null] +>> endobj +1812 0 obj << +/D [1792 0 R /XYZ 71.731 440.771 null] +>> endobj +1813 0 obj << +/D [1792 0 R /XYZ 456.994 429.857 null] +>> endobj +1814 0 obj << +/D [1792 0 R /XYZ 71.731 381.872 null] +>> endobj +1815 0 obj << +/D [1792 0 R /XYZ 394.887 371.078 null] +>> endobj +972 0 obj << +/D [1792 0 R /XYZ 71.731 354.724 null] +>> endobj +110 0 obj << +/D [1792 0 R /XYZ 414.21 311.627 null] +>> endobj +1816 0 obj << +/D [1792 0 R /XYZ 71.731 287.871 null] +>> endobj +1817 0 obj << +/D [1792 0 R /XYZ 71.731 287.871 null] +>> endobj +1818 0 obj << +/D [1792 0 R /XYZ 193.331 252.847 null] +>> endobj +1819 0 obj << +/D [1792 0 R /XYZ 167.322 239.895 null] +>> endobj +1820 0 obj << +/D [1792 0 R /XYZ 354.11 239.895 null] +>> endobj +1821 0 obj << +/D [1792 0 R /XYZ 374.932 239.895 null] +>> endobj +1822 0 obj << +/D [1792 0 R /XYZ 454.323 239.895 null] +>> endobj +973 0 obj << +/D [1792 0 R /XYZ 71.731 223.542 null] +>> endobj +114 0 obj << +/D [1792 0 R /XYZ 298.094 180.444 null] +>> endobj +1823 0 obj << +/D [1792 0 R /XYZ 71.731 156.689 null] +>> endobj +1791 0 obj << +/Font << /F25 852 0 R /F33 859 0 R /F31 858 0 R /F38 956 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1826 0 obj << +/Length 1706 +/Filter /FlateDecode +>> +stream +xÚÕXKsÛ6ŸûWèfiF†Ÿ™K§IcO:žIŠR:}€ˆ„$L(’qüï»  i9nÚC/6IûüöÛœÅqá,î®^ï®6·ž·HPºábwXx‰Â \Dž‹âÀ]ì²ÅŸË7'RՔ¯nÜÀYzšûG +ø„ƒ%É» +ì,òí>eMÅê¯ÝÏWŽÒšÿƒZŒˆP9Xªœq£aLJNÜéý亁µ»ÝÕÛ>ÁíâmyVZÅ£šéYt/YiLé +Ndå:Ë/ÒrœŸIOê©&ŒÞˆº¬Ô{ÊYU +45b`zgÅ +†OʗŸ;Q®,aBkì)2³îíPªÔ'µ>/SR³²èÞʃùYÐÿ‡/Í™µgƒ +}èžÏäQI Ÿ[œ­•>Ê@&Ÿªaê‘àŠÓz¯ONàPtD¯€§àÌ +vQàÎ)œèžÍW%&jÎö>M/å·ßÿXÛP3Þ='ۃîízr}݈k團†H)‚˜*¯k;îCÕ ÊrL3§UÉkª$ìU<+bÅъü™ +AŽJ¢ªÞaTQYJ_Ym)nŸ€ã֍±ÀA±“(جbªÕ—RÊ–QËi*ÙçtÄƒŒIé(×iYÔŒÌsãC +r>Š²•z.‹õ¬ +-%€ÍPa-h®ª*%J„ \±ÇLtØÓ9©^•º %æäŸí†1ò|OTYä:ÁÚó•€UvÉžÈ„h*Ê°OiV,vCyFE›™vÓn°{ˆ +’JŒ +ª‡Óeyn„Êõ^í<²•(J- +z§^Þà$@NڕöÉq\.ýÒbñ^€?ãI±ŠûPb–糩@ƒfÂ髋,؉œñ +ÈDò4 +zO±`[ì3æºJ|lºT»jˆKÕNœ2!9˜Š«é××Æ + +."„NY=& («jX©ø©ÅŸJb©+íå¹Ig[«Êb+IŽd§4[Ûäô@õfý +7EajPWÝuz¢éçë^µŠ-Ωš( ­ÝË&éŽÉª^Â繋Ëqué +ZK>ûwZß +€·Ï[‚œ$îs®€ILGC*/吝ƞŒ-s™®BšÉ†äš +ˆŽý(æ²éBÚí@Z,(ÑÓŠZj¥ZúT™LÓIikNÒ=ŸbÙ4üšüÔ°2Ë%±þ·ùh™ƒ>YŠ1Š#$yN€ +ý24 À®(n +;29—}ÃFn˜|W=è±c +úE}ƒ{#é@7ÚOn£ú°¡€PŽ:äz Ð ì‰bÛ€’î6݈Àòf<–Ú³ÏFŸy”Ñôv€£”p~¯f: +Ä +9ØøéÌD"B~ÔZ:‹Q? +Xd°1å?U +± +ýeLÔr}Ÿ0@ +ìʇ“ +ޣ°{Œè,=4¹"sêèÓg +ŒŠCLߖ.1Æ¡lŠ +éÉq +ßCº +üñsñýXÈö€ +uÊ9TŽS4#?ò€!LúügÅ +íú©+VX +®oO +ÀÉÍA¢F’29×è©»¥W–·È;Ò9›âf&£2xΊŒ4”ÑHîý#Õàð|ü‰Ò°VÕŸ‹Ž† +°$DqŽð +(Zc3‡È= +^ +_â‰ÔOž¹î·¯Õ€6ÕÁ +ÓNw1›[7X@—uqà·ið¡²\˜¹ýù‰jg +òecˆâå– + +’ÏÁ_ﺭ[H;Í4Õz4- +%l:ý« + £óä<¡ïQ2Ú +®ÉkdΏ +}_ÓÊ׎Xd¹æÈ©.ÃF£ ÕŠF‡kËòúDêŸm²þ@kêZK͉ĥ@bF¥ÕJ +ˆ|8™ü Ãs²Z'*›<Pö¢³±‡Adm&À™ +(@陀Œù3ÝÚMôX2Š$”QJ¡i«ÕJ&+UÙ86rneè­ÛwwÛ·w¿®°›,×æÓ»ûûþåµô÷ãv|-¿Ü~x»¶}Ý +MèìÀ”1:Ê4mžŒïÐw¬>g +ØËÎ$Ÿ +\šSR4Õ%æên’ÇFÐ4^šQöÔ +³rz˜žì›tŒ‚) +Q੒ơµåíîêo¿K +~ +endstream +endobj +1825 0 obj << +/Type /Page +/Contents 1826 0 R +/Resources 1824 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1790 0 R +>> endobj +1827 0 obj << +/D [1825 0 R /XYZ 71.731 729.265 null] +>> endobj +1828 0 obj << +/D [1825 0 R /XYZ 71.731 718.306 null] +>> endobj +1829 0 obj << +/D [1825 0 R /XYZ 71.731 718.306 null] +>> endobj +1830 0 obj << +/D [1825 0 R /XYZ 71.731 718.306 null] +>> endobj +1831 0 obj << +/D [1825 0 R /XYZ 129.514 708.344 null] +>> endobj +1832 0 obj << +/D [1825 0 R /XYZ 71.731 706.187 null] +>> endobj +1833 0 obj << +/D [1825 0 R /XYZ 129.514 690.411 null] +>> endobj +1834 0 obj << +/D [1825 0 R /XYZ 71.731 688.254 null] +>> endobj +1835 0 obj << +/D [1825 0 R /XYZ 129.514 672.478 null] +>> endobj +1836 0 obj << +/D [1825 0 R /XYZ 71.731 608.717 null] +>> endobj +1837 0 obj << +/D [1825 0 R /XYZ 319.371 595.766 null] +>> endobj +1838 0 obj << +/D [1825 0 R /XYZ 187.895 582.814 null] +>> endobj +1839 0 obj << +/D [1825 0 R /XYZ 119.552 569.863 null] +>> endobj +1840 0 obj << +/D [1825 0 R /XYZ 71.731 547.9 null] +>> endobj +1841 0 obj << +/D [1825 0 R /XYZ 71.731 547.9 null] +>> endobj +1842 0 obj << +/D [1825 0 R /XYZ 71.731 546.655 null] +>> endobj +1843 0 obj << +/D [1825 0 R /XYZ 129.514 529.514 null] +>> endobj +1844 0 obj << +/D [1825 0 R /XYZ 129.514 529.514 null] +>> endobj +1845 0 obj << +/D [1825 0 R /XYZ 171.765 529.514 null] +>> endobj +1846 0 obj << +/D [1825 0 R /XYZ 71.731 514.406 null] +>> endobj +1847 0 obj << +/D [1825 0 R /XYZ 129.514 498.63 null] +>> endobj +1848 0 obj << +/D [1825 0 R /XYZ 129.514 498.63 null] +>> endobj +1849 0 obj << +/D [1825 0 R /XYZ 440.824 498.63 null] +>> endobj +1850 0 obj << +/D [1825 0 R /XYZ 71.731 483.522 null] +>> endobj +1851 0 obj << +/D [1825 0 R /XYZ 129.514 467.746 null] +>> endobj +1852 0 obj << +/D [1825 0 R /XYZ 129.514 467.746 null] +>> endobj +1853 0 obj << +/D [1825 0 R /XYZ 71.731 465.589 null] +>> endobj +1854 0 obj << +/D [1825 0 R /XYZ 129.514 449.813 null] +>> endobj +1855 0 obj << +/D [1825 0 R /XYZ 129.514 449.813 null] +>> endobj +1856 0 obj << +/D [1825 0 R /XYZ 71.731 447.656 null] +>> endobj +1857 0 obj << +/D [1825 0 R /XYZ 129.514 431.88 null] +>> endobj +1858 0 obj << +/D [1825 0 R /XYZ 129.514 431.88 null] +>> endobj +1859 0 obj << +/D [1825 0 R /XYZ 71.731 394.022 null] +>> endobj +1860 0 obj << +/D [1825 0 R /XYZ 344.565 381.071 null] +>> endobj +1861 0 obj << +/D [1825 0 R /XYZ 465.769 381.071 null] +>> endobj +1862 0 obj << +/D [1825 0 R /XYZ 391.359 368.12 null] +>> endobj +1863 0 obj << +/D [1825 0 R /XYZ 472.704 368.12 null] +>> endobj +1864 0 obj << +/D [1825 0 R /XYZ 206.624 355.168 null] +>> endobj +1865 0 obj << +/D [1825 0 R /XYZ 314 355.168 null] +>> endobj +1866 0 obj << +/D [1825 0 R /XYZ 71.731 333.086 null] +>> endobj +1867 0 obj << +/D [1825 0 R /XYZ 143.342 322.291 null] +>> endobj +1868 0 obj << +/D [1825 0 R /XYZ 247.002 322.291 null] +>> endobj +1869 0 obj << +/D [1825 0 R /XYZ 336.386 322.291 null] +>> endobj +1870 0 obj << +/D [1825 0 R /XYZ 119.552 309.34 null] +>> endobj +1871 0 obj << +/D [1825 0 R /XYZ 208.936 309.34 null] +>> endobj +1872 0 obj << +/D [1825 0 R /XYZ 71.731 287.258 null] +>> endobj +974 0 obj << +/D [1825 0 R /XYZ 71.731 273.061 null] +>> endobj +118 0 obj << +/D [1825 0 R /XYZ 166.466 229.964 null] +>> endobj +1873 0 obj << +/D [1825 0 R /XYZ 71.731 206.208 null] +>> endobj +1874 0 obj << +/D [1825 0 R /XYZ 71.731 149.102 null] +>> endobj +1824 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F25 852 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1878 0 obj << +/Length 1950 +/Filter /FlateDecode +>> +stream +xÚ¥Y[Û6~ϯð¢/60¢E]­yè%ÉÎ"mӉØÅvÑrlÚFµ$Õ$/ýí=©‹åé yIhŠ<×ïÜ8áâžo^|·}±~ +Nj‚Y”-¶‡E\$$K³E +Gd“F‹í~ñßå÷'Öh.WA”†Ë˜Øÿßð¶hºd•Ýh[Ñpy4ÿp»U +ÍÕêÛœ‘#°£vA”§„† ,’†Ëïö`¯ëÒ +—L—õÑþTŸ”æg\·M#€Vý +`7QŠ& )ŠèÈ«òXÖñ›Æ£Câœ€IáN6L²3÷ª„œ€j§ÿ‰ÕûÊË(E +ã±_Ã4T܉¶Š¶‰I±Ù8†gV›C‹ Î2’‚dHáüÜØN—¢ž<‹= +`HoŠF”Fo\žPäCYáê¿îN|÷ØùuOP>Ë.00É3Ëtëˆ +DU‰U”%ﲎ>ziÇê1}Åk‰‰`;®ÔøëNÔZ +²Ô__B,'E +Rc˜p$!‰Á©Ö2Q”N±Ò­œßߟ¹Gg̝PÁʝûPêÝ M[¯Áº <šøÌ>–gVUŸìÏ?LÈpù ”sK«›öšö š'O)€”P€P@atù\5£¿W³U +¯÷kcþ²nùŒ«w +=øEí¢µ£`àé=Çš +(°#¿bÅ%p•ŠKÌDÛS©,*Q\4CjHðÄԔ"ž¿„Ñè'°š5äv3Ì!~‚TÙÖ3Q™šOŒýA†s¡ ʺÄUà³iÍg|T@(ž–p dC!B“q±Z'ÉrW•6ä’ØŠ +{’Ë +MZgšã7waÏ4{`ŠßØ}Àû ?XµëJ°œýÖåø‚wcâ_Ã0:¶&‡wH€¯f§Â)Γ;G'áòÆ~ýp*«Î&š‡>öÞÜ3~vXón²˜ã8ÖBBò“h1ñ™'Ú +O +9:€K)€r)kÇZ»Š»VJŸÅØî2gaiò¢»œÞ+jé£PÚ +3Š,Ž$Ñ^×ë] +Cß +àåà/ÔlÑ+HžKÇÓùÆÔ¬8Ç|}^ŸÙŸºûq.ß$$î +õv•ãŸËÚr&ÙüMfriöe™ñã‡ûÛí|vÜñs€zyTÕØAOö}Ùd®#Œ +d + ûVƒÿ¿ + +5‡Ë†FŒQ€ØÀ÷¹ì ‘}ŠxB\Äu©N^”þö0 +4S}ðÑkV†êfÌq’’$yžC<<Š°Vµ}¬ÛJ1IÇÐ$¡—ﵬfh†òÐË̐š ¹#'3T"’çϏŽ€oöªïðëAœš +œûõ­žp©» +ÿqT€nž–3‰Õ`düË)¡Ó«ÁqÓ¡ëkØ€Ñ;H®°efíÞ+)Y‰dƒÀ#útífׂéV¢–œQòӔÆTØÞTŸ +œTçi[ç­# + + +Qž&^5U©ûaÕÍ:S%‘ó{çÓ÷|§ÉŸ#žTñ]ÏFdB§'žêÏ-ÕÛÝ,ŸŸC6ô +Ï"ïž„ ù<ò•oó܉jÿ\»ŒlëÌüQïY-ît~þšƒÒ°Ë;‹œ +Ö¯£Ô$鈊‰mSBJ’ŒXYBÒ1˜.æ›å»Ûì¢úT»œl"Š3n>Óª»^YT¶„'º—‡ùìhæƒÑŒÁ.Uô­N÷ë?+Úu©“QºO֝sñs1NQgÚé¡à.‡BFnJŸŒa(B7q€ŸklzøïJ͝ÓZ5êfž@Š€Ô·QdÝ«b€Ç]$› +šrXñ^ŸŸ}ûj®N›' +ÚÏC]žqO 8„—ì)‰ÀãœFV¹*XcšO_Ÿ»{õúößsrE ãd,×äæй¥À>ÉHêp›!nßv)šÇm·–«ŽÃ”ôH6©[]V‚!~dƒ|ÙôòôÀ3fpUŠžW"Mq˜ióŒ¡IŒ + +g{F<;r6kìÌèJißóªaëm‹þ*3­ô•‹¡™mTߌSA_›ŒfRéqoí«ùÆZ÷µŸRÄÎÌ͔ìqð8«ÄyÎãC”·}F¯Òó/‰ƒ€5ûŸnjižØ€õ³ë@3ò³'>@’! +×KWe9 ûÇYË~ ÷\»d{Gšš(Æ + +ôP1u:ÃjÐCÁ¯í©µG"ëZØêJ?÷×ìÂ=:áŠ}Y€]uÂgXÛ׳ Ð8;¥÷NO9ê +SWt9|O +]µ“ec>'çG”dß;¿úÇ*ÈÂp¹~(ëµ:9|DfXÁšhj“9 +LÛU€;ëVÉ58ƒUë?˜\C±Z#ž $âoðZg:³r3Ï"I^˜IÚý1Áv·?œü}Çôs(ÿþ͘àµV% +ûŠ|h>ºñjûâ/4gkÆ +endstream +endobj +1877 0 obj << +/Type /Page +/Contents 1878 0 R +/Resources 1876 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1790 0 R +/Annots [ 1875 0 R ] +>> endobj +1875 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [370.826 412.787 425.122 423.691] +/Subtype /Link +/A << /S /GoTo /D (0:LOGFILE) >> +>> endobj +1879 0 obj << +/D [1877 0 R /XYZ 71.731 729.265 null] +>> endobj +1880 0 obj << +/D [1877 0 R /XYZ 71.731 718.306 null] +>> endobj +1881 0 obj << +/D [1877 0 R /XYZ 264.546 708.344 null] +>> endobj +1882 0 obj << +/D [1877 0 R /XYZ 486.083 708.344 null] +>> endobj +1883 0 obj << +/D [1877 0 R /XYZ 71.731 673.31 null] +>> endobj +1884 0 obj << +/D [1877 0 R /XYZ 71.731 640.433 null] +>> endobj +1885 0 obj << +/D [1877 0 R /XYZ 71.731 640.433 null] +>> endobj +1886 0 obj << +/D [1877 0 R /XYZ 71.731 639.188 null] +>> endobj +1887 0 obj << +/D [1877 0 R /XYZ 129.514 622.167 null] +>> endobj +1888 0 obj << +/D [1877 0 R /XYZ 129.514 622.167 null] +>> endobj +1889 0 obj << +/D [1877 0 R /XYZ 71.731 620.01 null] +>> endobj +1890 0 obj << +/D [1877 0 R /XYZ 129.514 604.234 null] +>> endobj +1891 0 obj << +/D [1877 0 R /XYZ 129.514 604.234 null] +>> endobj +1892 0 obj << +/D [1877 0 R /XYZ 413.456 591.283 null] +>> endobj +1893 0 obj << +/D [1877 0 R /XYZ 263.172 552.428 null] +>> endobj +1894 0 obj << +/D [1877 0 R /XYZ 71.731 550.272 null] +>> endobj +1895 0 obj << +/D [1877 0 R /XYZ 129.514 534.496 null] +>> endobj +1896 0 obj << +/D [1877 0 R /XYZ 129.514 534.496 null] +>> endobj +1897 0 obj << +/D [1877 0 R /XYZ 71.731 532.339 null] +>> endobj +1898 0 obj << +/D [1877 0 R /XYZ 129.514 516.563 null] +>> endobj +1899 0 obj << +/D [1877 0 R /XYZ 129.514 516.563 null] +>> endobj +1900 0 obj << +/D [1877 0 R /XYZ 474.954 503.611 null] +>> endobj +1901 0 obj << +/D [1877 0 R /XYZ 169.922 490.66 null] +>> endobj +1902 0 obj << +/D [1877 0 R /XYZ 169.922 490.66 null] +>> endobj +1903 0 obj << +/D [1877 0 R /XYZ 190.943 490.66 null] +>> endobj +1904 0 obj << +/D [1877 0 R /XYZ 71.731 488.503 null] +>> endobj +1905 0 obj << +/D [1877 0 R /XYZ 129.514 472.727 null] +>> endobj +1906 0 obj << +/D [1877 0 R /XYZ 129.514 472.727 null] +>> endobj +1907 0 obj << +/D [1877 0 R /XYZ 71.731 457.619 null] +>> endobj +1908 0 obj << +/D [1877 0 R /XYZ 129.514 441.843 null] +>> endobj +1909 0 obj << +/D [1877 0 R /XYZ 129.514 441.843 null] +>> endobj +1910 0 obj << +/D [1877 0 R /XYZ 71.731 413.783 null] +>> endobj +1911 0 obj << +/D [1877 0 R /XYZ 129.514 398.007 null] +>> endobj +1912 0 obj << +/D [1877 0 R /XYZ 129.514 398.007 null] +>> endobj +975 0 obj << +/D [1877 0 R /XYZ 71.731 378.829 null] +>> endobj +122 0 obj << +/D [1877 0 R /XYZ 163.591 333.575 null] +>> endobj +1913 0 obj << +/D [1877 0 R /XYZ 71.731 313.435 null] +>> endobj +1914 0 obj << +/D [1877 0 R /XYZ 71.731 313.435 null] +>> endobj +1915 0 obj << +/D [1877 0 R /XYZ 310.065 287.747 null] +>> endobj +1916 0 obj << +/D [1877 0 R /XYZ 119.552 274.796 null] +>> endobj +976 0 obj << +/D [1877 0 R /XYZ 71.731 271.393 null] +>> endobj +126 0 obj << +/D [1877 0 R /XYZ 234.966 228.296 null] +>> endobj +1917 0 obj << +/D [1877 0 R /XYZ 71.731 204.54 null] +>> endobj +1918 0 obj << +/D [1877 0 R /XYZ 71.731 204.54 null] +>> endobj +1919 0 obj << +/D [1877 0 R /XYZ 496.454 195.419 null] +>> endobj +1920 0 obj << +/D [1877 0 R /XYZ 289.124 182.468 null] +>> endobj +1921 0 obj << +/D [1877 0 R /XYZ 366.802 169.516 null] +>> endobj +1922 0 obj << +/D [1877 0 R /XYZ 71.731 144.445 null] +>> endobj +1876 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F38 956 0 R /F25 852 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1927 0 obj << +/Length 988 +/Filter /FlateDecode +>> +stream +xÚíWQoÛ6~ϯЂµ±‰&)Q’7˜;¬EöPûP4ÃÊXŽM˜ +‰JÚ +ûï=™'ÇR”Äè^ö°—äD +? +?Þ}GÓ`ÐàõÙËùÙäUS2Mx̗A4I"’ 8ÉæyðqôËZîœ*Ç!tÿÿµ*`ˆ‰‘4~ ®ä˜ÑѪù£üPaªÆÌ;£žã䕠AÛ%q³]È9#MÀˆ‰ ™ßor£‹ÉFN( + +³—ïæÞŒx{õæ'o^³(n 6d +‚NýâÊ(µó.ì1×Ä»Îf—ô—»µ6Ê»ÀQœ·Î?_ÌfçÞþî² +cœž#Zn{š‚DYØšl6ó]Žßßã!Ο9°^öã +qdRWåÄØ +4“[ÙX«I%·k©‹?Á&0³Al·VEoFI*ŠÝ Ÿâ6 +Z L¥žÂÅ#ܔJnN\êŸ×Cjs[š`qFb–=k梆²nDÛÛS(|ÔǚŒ™tš/vT_a +ÚÜÔWŠq\-}¹|±u[JX@p/ÞxÑT@–ÖI§^ଵæ‡ÞÒ +­MþÊÒcÇ\Œît±òC×TкhrGå`³}Н* +„ƒ2MØËóNþÞ3 +«ëÝu¥ÿ”`”n†j®° +ȧ†æv»+UU +Ím¥FÅ(­u?ï#\[(Š¢i|Ä¹°“G$b(z°'{ïÒ^Û7^Y-Cd§ó§k.é + +ïòÓBºS€?=#fߊ«É麚þ¯«ÿ +]MNÖÕô_êê@Ê¢¬†CÕ¯ŠŒZ”zç\pù?^žXJ8þ¡§$ã +Â0†`I›ÇHšÞïr錊Á—×;0®)åíJ¯ +éê?Á_ÞÈJ +ht»Õ^¢q«y+¡xÑþ#—jkѶ +ùâ- =¯zÊ{ˆ€8Šd‚‘ +:9Yºzw/ÒÒT§”ꌩ‚ûáßÕÂév¹ 1‰‡ŒÀ¡ÍuNŠ‚ùã¹µ®õǷ݇1ƒvsh)Aë†å~O醏uÝóžgI#1 \Üv/‰£Æ¶m© +9ô5H>èp·ˆ-«\ª–Ã;íÖCçÒZuzž&Šô¶šÖ÷œâÃÌȎ2ƒqAè6ñU{œ +¡{ÈQhÚgp1”gÀ1™fŒ +sxœ[¹9zBW‡<9ð¹o²ý€j‰ +'72žX@ŸôM`µE ¡)GŠ°Ï]5LJHæ]pÛ<èÕñIV–‡xv;[ÂcáˆønxТ·²Ày£‹û +ˆäj€T + +"@C†0ԇˆ€†[ÏE÷7Dç' +‹Â9ˆHJ c‘GaYgɯ󳯎VJÇ +endstream +endobj +1926 0 obj << +/Type /Page +/Contents 1927 0 R +/Resources 1925 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1790 0 R +/Annots [ 1924 0 R ] +>> endobj +1924 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [434.806 154.631 489.102 165.535] +/Subtype /Link +/A << /S /GoTo /D (0:DYNUP) >> +>> endobj +1928 0 obj << +/D [1926 0 R /XYZ 71.731 729.265 null] +>> endobj +1929 0 obj << +/D [1926 0 R /XYZ 71.731 547.162 null] +>> endobj +1930 0 obj << +/D [1926 0 R /XYZ 71.731 523.472 null] +>> endobj +977 0 obj << +/D [1926 0 R /XYZ 71.731 234.929 null] +>> endobj +130 0 obj << +/D [1926 0 R /XYZ 401.782 190.661 null] +>> endobj +1931 0 obj << +/D [1926 0 R /XYZ 71.731 166.906 null] +>> endobj +1932 0 obj << +/D [1926 0 R /XYZ 137.534 157.784 null] +>> endobj +1933 0 obj << +/D [1926 0 R /XYZ 244.642 131.882 null] +>> endobj +1934 0 obj << +/D [1926 0 R /XYZ 365.128 118.93 null] +>> endobj +1925 0 obj << +/Font << /F33 859 0 R /F50 1263 0 R /F31 858 0 R /F25 852 0 R /F38 956 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1941 0 obj << +/Length 1662 +/Filter /FlateDecode +>> +stream +xÚÅXMÛ6œï¯ð©¶‹Ö·ä + +$A›Š‡$HœC‘ô@KŽ-,E +ïþû’"‡Ö—7ÛA/¶D‰ä̛7o†r§ +»xs÷j·ý=;Ž‹ýx±?.‚]ˆâ(^$ÒÈ_ìóŗÕë3®©×Ž¹«éÿ7„É!/ZaªÚ¯=wuR?D1.H³þ{ÿçkv”Ûyœí +?‰ç†ò"D‘›êýÞ +õôGÞê +\Ø£`'}ÙàòŒ +Šoà?£abېú›2 +l.yN”#gœ4AaIúm1ËÍK}œ%nïÜwޑJ¯+ÎÆ®n-˜¹Ë±ÀjDßq6z¹g]è®6ö)S»K$\ I˜. +ÏG;| +X0ÄEÃõMwóȌ¶•Ž +Œöó^L#“ ]âzÊmW‚B?Ðûõýè©@vWÒ +vªjr$uMr"ÎÜ\cK›±™rp”™fÂW7r?üñ!”ÿžPsõø,Dõb»œ\.ë8Z!Š +E†QN¶æåm7]áì>֜ ÂrŽË¹ÈÎoJùڏV—‘Å2 +rô[Ñý]úüo›Ÿˆ™¥È5˜^‘úÈër†–~ŽC±šŠ.’*Ÿ»ršÂòž~£(²4Ö17Ûò㈠ +Å7F^Œ3xz +ТAOñÂёvdZì‚ÿDŽu"3š¬xë‚>wÒÞ둇¢]lÝϪ¹¬ŒQàïàgå!o_ÖÁ2¯[6cŠ +(Hí>ÍqÄ ÇŠ6&1Ú + +ÌÝ\y0ÝÇ÷€ÚŠÏp9œí²Žl $͛,LÈîo ÒSŠH& +œš±– 9,rCû‘cR‚JŒ™ÕòŒ­íµ©qÝ\7ŸÉZFÈ(­°J”oê‡æQÆYÖJ3p–ÉÔŒå'ק=q±µt(T7F–úRfò¬õ ƒ\횀Ç`ú’6ü†gÞÏòl\GN‘qÊ8 š†$™ñ“’ÛÜ(ÛFÌ0^fExMŸs·œº""¥ÅºIÐ +Qɵ€3Êq>f,g*ö§¶Æ¢ºöÙp—.ùÑ0–=š6£\š†¹i›Š°ü™id–6o÷duÜ.}zûæó§þ՛Á&XÌ%—œòi¿öÒÕû[yýúý»œ€‚ÚOS7±ž!šÚžûŸO +L[וȧC>1ß ^ˆa§Œ³X÷ó3X6À +ŸÖ²ÏზëŸ×ï¶ÕnÉ£œ ±êM‘&¿©nӗE§«Ž‘ì<Ó`áÄ! +“¥ÊÒ$]œ-«®)à,è8ËaœµŒhŠÃÔÜaŒhÌ`Gé¹"A©ï +x¿Nmwy" 0æžC7ÝF‰{·¥Zˆ÷Øo–Ž +~&aJjñÌ$¹gŒ·P¯YÓyj"ޜyKs Ý +ų3ÉtóÍšOë-jY®œ¡œßÛ¬²Û€/Õbep +eɍŠŠB¶ +—†(%~ŽæuÿgB«cK1ÅqxŒÉy{Sō§k,ØÊò +ÂY©–U¹œTâÜÀæeEIiUg©±‚–ؘ­ÈYõðð`Œ¬8-²Â@D†ÌšgSÄTú¥Pµö[ɉ(‘ìªÊ +‘7|ýËj›—ÍÌ©Qö ÍÀ +ÜÏZ€a$#®ðŽzÊ庳$åÔËHýÚÑ<6R¥ÍJgÌäùÀ +ÛfN99[* +×DœáñwDȒK‘‘©èYÅ嵆KWÊyùMP§ +ŸŸ-SLÖ7ŒRi^軌—¥L"ÇŽáräx0¬«Æ +ߗ +¶9Gh Ÿ#OQ€×lhxd›cÕè̜“&«‹ U°{twV)y. +ô;¯ÆûՈٻa + +RSAúgÿiׄ +òã +ŽœB€B>‡„sáøÚÚ#³mT$DU!¡9mF‚f9:Xa¢JÐzª"Hû +­=ÅÐ2ƒÍW +Z€ +ÂqT¯E¡ +ì~)Äy¬Qu +Å +¥›3pŁ$—m3µ28fpPì,›€4 + T3Þç4‡›§ÚëŸFµzÏ¡šLºÐ·Øý_ûÞ·@ÝskS9!µœ­d;,Ȑd›™BpmhíñO7wõõŒ:üœÓV€·¬æµh+š,£m>=Ì^u‰µªFØt˜i\í$ùXâqìGùºÎ¿¡æä‹Î𓯇RudIÔ÷ŸPÛàíS~Ûßý +±ÔI +endstream +endobj +1940 0 obj << +/Type /Page +/Contents 1941 0 R +/Resources 1939 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1790 0 R +/Annots [ 1936 0 R 1937 0 R 1938 0 R ] +>> endobj +1936 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [118.555 363.363 172.851 372.21] +/Subtype /Link +/A << /S /GoTo /D (0:POLICY) >> +>> endobj +1937 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [290.389 213.722 340.81 224.735] +/Subtype /Link +/A << /S /GoTo /D (0:COMMAND-LINE) >> +>> endobj +1938 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [330.518 154.942 380.939 165.846] +/Subtype /Link +/A << /S /GoTo /D (0:THE-CONFIGURATION-FILE) >> +>> endobj +1942 0 obj << +/D [1940 0 R /XYZ 71.731 729.265 null] +>> endobj +1943 0 obj << +/D [1940 0 R /XYZ 71.731 718.306 null] +>> endobj +1944 0 obj << +/D [1940 0 R /XYZ 184.846 708.344 null] +>> endobj +1945 0 obj << +/D [1940 0 R /XYZ 306.997 708.344 null] +>> endobj +1946 0 obj << +/D [1940 0 R /XYZ 71.731 693.235 null] +>> endobj +1947 0 obj << +/D [1940 0 R /XYZ 71.731 691.99 null] +>> endobj +1948 0 obj << +/D [1940 0 R /XYZ 129.514 674.969 null] +>> endobj +1949 0 obj << +/D [1940 0 R /XYZ 346.15 674.969 null] +>> endobj +1950 0 obj << +/D [1940 0 R /XYZ 389.128 662.017 null] +>> endobj +1951 0 obj << +/D [1940 0 R /XYZ 71.731 648.966 null] +>> endobj +1952 0 obj << +/D [1940 0 R /XYZ 129.514 631.133 null] +>> endobj +1953 0 obj << +/D [1940 0 R /XYZ 181.11 631.133 null] +>> endobj +1954 0 obj << +/D [1940 0 R /XYZ 351.828 631.133 null] +>> endobj +1955 0 obj << +/D [1940 0 R /XYZ 450.627 631.133 null] +>> endobj +1956 0 obj << +/D [1940 0 R /XYZ 71.731 570.197 null] +>> endobj +1957 0 obj << +/D [1940 0 R /XYZ 156.075 559.402 null] +>> endobj +978 0 obj << +/D [1940 0 R /XYZ 71.731 501.37 null] +>> endobj +134 0 obj << +/D [1940 0 R /XYZ 387.682 456.116 null] +>> endobj +1958 0 obj << +/D [1940 0 R /XYZ 71.731 432.36 null] +>> endobj +1959 0 obj << +/D [1940 0 R /XYZ 71.731 388.205 null] +>> endobj +1960 0 obj << +/D [1940 0 R /XYZ 71.731 344.434 null] +>> endobj +1961 0 obj << +/D [1940 0 R /XYZ 133.111 331.583 null] +>> endobj +979 0 obj << +/D [1940 0 R /XYZ 71.731 315.229 null] +>> endobj +138 0 obj << +/D [1940 0 R /XYZ 96.607 249.751 null] +>> endobj +1962 0 obj << +/D [1940 0 R /XYZ 71.731 229.611 null] +>> endobj +1963 0 obj << +/D [1940 0 R /XYZ 460.819 216.875 null] +>> endobj +1964 0 obj << +/D [1940 0 R /XYZ 119.552 190.972 null] +>> endobj +1965 0 obj << +/D [1940 0 R /XYZ 71.731 169.024 null] +>> endobj +1966 0 obj << +/D [1940 0 R /XYZ 119.552 145.144 null] +>> endobj +1967 0 obj << +/D [1940 0 R /XYZ 205.618 132.192 null] +>> endobj +980 0 obj << +/D [1940 0 R /XYZ 71.731 115.839 null] +>> endobj +1939 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F38 956 0 R /F25 852 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1971 0 obj << +/Length 1682 +/Filter /FlateDecode +>> +stream +xڝXKsÛ6ŸûWhr±4cñ)RR‰Û$ãNÎØjM2 +ˆ‚DŒI‚%@;ê¯ïX€Ñ9ä`S„€}~ûíBÁì4 +f¯nwWþ‡8žmœm¥³ÝqoW^š€³u +y›$ší³/ó_sRKÚ,–QÌcÏmî2^ÖÌyÈJڋ”)ŒM¯0¢uì%ë,֖z~Æ+HVtj5ˆððr‰¶- +P•›K{zŽ/%ïŸåµ„¢ß&ª2Œbdu™ž8(Õǚ҃Ž-EÐsŸ„€wðã0”omn"`ƒmÒÝ')ûœ +[ÃM@X[ Iœ}X–Ì¢ŸGW!1ià‚—TebŽ‹vuWÝ؏µŸþ2 +¶Ï&«U•þKÎ,P­){"lš€Š&(£–ÆÅ +rëš"ãIøþGᝠ+—æö +ä6ÕÔne®b/Äi™T(ŸÁûgm#¶Î¢^:¿5YmzR6±CŠ!oP@¬øÈÄ áZ,Ÿß˜&F­‚”ŒÕõŠúÈq [ +³»‰ +ãµjsªºXu2Kâ +©+¬±·ZCCÝ6µ‘9AÝÍŽ±ÇEŒÈPfaK#u]0H.TÊÍЃ=É·>©V„f[Ž¹Î•Œ³€Ó +ÕKo›Œ¢”‡w÷è*êԋnàµíڞƒÃŒò ë/§ŠÑõì2”ªŽ(cŽ‡„D›VÐ W9ÄŽ¹ðV(°ÙßU;5Qòæ ·¡ošŸAAß+ÌŽû¶ +š‰™yƒaæD‡`™ÈÔšzÂÔKc +Ø-ÍH+F"TZÊý +±Æ;Œæëø`fíۣ҂ +çœýîÅáÛ¬¬ûÞhgœ/ýä[@1@¡Í.kç¡)™âŠsçÚbìØ +@ +ÈáAçÁ›h".þЋÖÒôÎòšËñOuŒ!µÚ ΑtCª +žŒ +4,¹gÔ¶yKÜ*3Ã1ý§•Ïë¡PÅK7S–!\èp’Í[k•*ý0ÚÜßúQ’Þßbû±†ÄŒ/~ºÚ»±G3›P|€Š»ydº™IÙÖ6/ƒ»ôñíÖR÷.wQì•â¬â<°œâՒ Ñ҉L‡JsèºÁå.’žáv §NÔ€ÔŸ)\݌f +ÃwŠºW‰@S +Œ80$Ɇ™¡×EÑt¶}[Êñœé€c(Ì +Œ3oìøê&\9 +ä +[™«×†&“8»åvh6C>¯¯Gþ_×âÚb>+ÚÃã;®ŠkÅϬéÌì?zÝ!2ãE[V(éóÝÃ" +æ;ÿóãß#Œöë +­od‰}&ژŽ}9KËŒEå'sÝsà6šÎì}š¬!äÝå®»)AûMºî«|5³=V°€qM%gÂ`ÓÚÚCŸ·œBÿmYcQa‘SÀÓd,^Ž?Œö€ñìàˆÈØ +SIyxÿè?<>Ÿ–oê®vWõ§ÛL^–gÉ +°†sܶHcJ ÝœŒ¹šÛŠ¿– + +¿ó²¢ +‡‹Ÿÿ•ùÍà‚Ü0• +­‰—Ö\ô±»VÓ‹ù—tŒ yÁŒ.m²i©Ã<ˆ>EÐa•S•°ªýÞ +WFSŠæ׌‰” žf9횟ºŸ_öGžQ–Lº"Q̂JG Ê„‰›e˜® /[²ŠYŽIŠÌãóðk}Wä™ÍÇ.}®bþ¬EÒßåÿ`ïžh +›•—nÜ%ÒÁ³w/Ž%žãDkEçAè­6x Œ‚Á‘÷»«ÿ~.B +endstream +endobj +1970 0 obj << +/Type /Page +/Contents 1971 0 R +/Resources 1969 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1994 0 R +>> endobj +1972 0 obj << +/D [1970 0 R /XYZ 71.731 729.265 null] +>> endobj +142 0 obj << +/D [1970 0 R /XYZ 400.851 706.118 null] +>> endobj +1973 0 obj << +/D [1970 0 R /XYZ 71.731 685.978 null] +>> endobj +1974 0 obj << +/D [1970 0 R /XYZ 330.937 673.241 null] +>> endobj +1975 0 obj << +/D [1970 0 R /XYZ 409.81 673.241 null] +>> endobj +1976 0 obj << +/D [1970 0 R /XYZ 452.699 673.241 null] +>> endobj +1977 0 obj << +/D [1970 0 R /XYZ 71.731 625.256 null] +>> endobj +1978 0 obj << +/D [1970 0 R /XYZ 393.123 614.462 null] +>> endobj +1979 0 obj << +/D [1970 0 R /XYZ 71.731 579.563 null] +>> endobj +1980 0 obj << +/D [1970 0 R /XYZ 293.289 568.633 null] +>> endobj +1981 0 obj << +/D [1970 0 R /XYZ 71.731 551.533 null] +>> endobj +1982 0 obj << +/D [1970 0 R /XYZ 71.731 538.581 null] +>> endobj +1983 0 obj << +/D [1970 0 R /XYZ 139.477 522.805 null] +>> endobj +1984 0 obj << +/D [1970 0 R /XYZ 71.731 497.734 null] +>> endobj +1985 0 obj << +/D [1970 0 R /XYZ 71.731 484.783 null] +>> endobj +1986 0 obj << +/D [1970 0 R /XYZ 141.968 470.302 null] +>> endobj +1987 0 obj << +/D [1970 0 R /XYZ 71.731 455.358 null] +>> endobj +1988 0 obj << +/D [1970 0 R /XYZ 71.731 401.757 null] +>> endobj +1989 0 obj << +/D [1970 0 R /XYZ 71.731 319.667 null] +>> endobj +1990 0 obj << +/D [1970 0 R /XYZ 71.731 284.634 null] +>> endobj +1991 0 obj << +/D [1970 0 R /XYZ 171.576 260.888 null] +>> endobj +1992 0 obj << +/D [1970 0 R /XYZ 71.731 225.854 null] +>> endobj +1993 0 obj << +/D [1970 0 R /XYZ 304.397 150.302 null] +>> endobj +981 0 obj << +/D [1970 0 R /XYZ 71.731 116.927 null] +>> endobj +1969 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F38 956 0 R /F48 1258 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +1997 0 obj << +/Length 1336 +/Filter /FlateDecode +>> +stream +xÚíWKoã6ŸçWøh#’’(-Š>¶híi‹è¡í¶i[XIT%*©÷×w(>ôˆœ +’=ôÐKd1gæ›of>†«Ó*\}žys{Gé*CYB’ÕýqE³%q²b” 4&«ûÃêõg^+Ñl‡kŠÌóƒš` Çk^˜ +®å +®Oú0K•T¢ÝüuÿËMh-Þޑx +"8ŽŽœ€‚2X +C8ŒŒAŠ0ÖfXºþ­«k©M‡keVnÍã}wj' +› +l’;m¿eo¢Ã£è"†R‚µQ”2flý|4Ÿ^dg~œ¹>çA‡fÚ¹ëOìßNB©Œ:™—–—gžWæEIólºjk~I +š:çÕ'÷“«/ZÕ^v`.f›ÇNoìN[w”°–ëBðVèˆå€16áíÏbï-ÛÓï6,Zÿ°‰ãõ¯fáÏ0$M«;à +>Íó’·>ÕÖÓêqpL6b; +wÏ­×y›«™o]ëˆv”MW:ÿâð¬Týîö¶àÆŒâè nû-ðO<‰Ü²VôxÎ÷gïš!ĔîˆdŸì¿ho6”­÷:gA.qș1÷‰mw™ +ñšYÈ/œo—ÉöÓªe‚(ê!äFìeYŠêààôûþîD«rYYðåqÈ +ž}éáR‚¢4›ÒါÖUlÞ3¬UÚËa[áü%ϋ)¿¿1°Äá*X’Ÿq„Q”x\ÚŸlÕ÷ãt-€‰C†âÍo +e(„s'Düh8n*L”¢Ü‰f^RܓèØ +lm„öʆx–]á’b׎ åÀÙÝAÌòz”E!7$^?ú Î°ÿÍt‰w³†3”±뀁£Qˆh”ZŽ?Ý>àÓÿrèüîÃ<ä‡YM +ljŸ{Îx`Ž + ÿfPoñhÓWœº€þ©Å^ý—Œ’;å[u^µJðÃÈœYgp^Å!JÃì)wöÙv}ËÓ +©›M¯¥n¹#‘ÙXôà<ðÊù)À«¢ÝºãLóqœâEdÊ^ÚÐÎe + +a4Ñ.€L¹u„n +²£ØÍ€jZh@ÛYwó +Rò=Ì<143‹q:rˆ€÷i;—ºŠ—öƒ mÊ +vc„Sß-tÛBÏ2‹†eYônýӋ`òñŒbžŽŠ©Pzªxã`|/YÆދ€”žDEî‰\˜Rœ!uÁìe¥Ñ 2ÓõÒØِ0ìöÜ4B„&\ò +pŸ(ԑš|³†tÌéž®íxaĬ# +!ÌçՃh.ƒhÑãvA+e(Å>Ž| +èä)9že +E,ó'T +z¡@­ê˜?­’ú– +X7ž"-ž— :€«/GÍõ¬æÀE©‰áÝc®Î3rjµæ)[ø²na+šÐ +Âi_oց vÁŠè +óÏ<7nàJbMI×JÙXŒH +Ÿ³© +Ì+©äʗ)ßÉn.Å­rZŸš‘Î +tÔN,än]lš3þÜÅ¥”ãñyIŒ" +‚ð“ìÆ5á2Qç +Xh=}ڞŠG1Šcr­˜nˆJ_ +‚ç„Ã%˜ÎîÜð0dÑi.†[œ¯W”_c8IPH“×sL—?màžŸ»1v¥6¶ãþ¢ˆ Õ>M“¥jöכn’"6\Ûü€ÓÍGãëM +P‰í|¬tªvüïÐ’0%Xâ3{úœ×Kù²ãh!ý³kU>ƒ+R.{êw-BQ”Å_ã®5 +@ù‹#zheÈ`o+O>ùéþæ_ ƒ +endstream +endobj +1996 0 obj << +/Type /Page +/Contents 1997 0 R +/Resources 1995 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1994 0 R +>> endobj +1998 0 obj << +/D [1996 0 R /XYZ 71.731 729.265 null] +>> endobj +146 0 obj << +/D [1996 0 R /XYZ 330.82 705.748 null] +>> endobj +1999 0 obj << +/D [1996 0 R /XYZ 71.731 681.992 null] +>> endobj +2000 0 obj << +/D [1996 0 R /XYZ 236.801 672.871 null] +>> endobj +2001 0 obj << +/D [1996 0 R /XYZ 71.731 638.211 null] +>> endobj +2002 0 obj << +/D [1996 0 R /XYZ 338.688 627.043 null] +>> endobj +2003 0 obj << +/D [1996 0 R /XYZ 158.844 614.091 null] +>> endobj +2004 0 obj << +/D [1996 0 R /XYZ 255.401 601.14 null] +>> endobj +2005 0 obj << +/D [1996 0 R /XYZ 71.731 579.058 null] +>> endobj +2006 0 obj << +/D [1996 0 R /XYZ 71.731 546.181 null] +>> endobj +2007 0 obj << +/D [1996 0 R /XYZ 71.731 546.181 null] +>> endobj +2008 0 obj << +/D [1996 0 R /XYZ 71.731 544.936 null] +>> endobj +2009 0 obj << +/D [1996 0 R /XYZ 129.514 527.915 null] +>> endobj +2010 0 obj << +/D [1996 0 R /XYZ 71.731 525.758 null] +>> endobj +2011 0 obj << +/D [1996 0 R /XYZ 129.514 509.982 null] +>> endobj +2012 0 obj << +/D [1996 0 R /XYZ 71.731 507.825 null] +>> endobj +2013 0 obj << +/D [1996 0 R /XYZ 129.514 492.049 null] +>> endobj +2014 0 obj << +/D [1996 0 R /XYZ 71.731 454.191 null] +>> endobj +2015 0 obj << +/D [1996 0 R /XYZ 71.731 454.191 null] +>> endobj +2016 0 obj << +/D [1996 0 R /XYZ 71.731 419.277 null] +>> endobj +2017 0 obj << +/D [1996 0 R /XYZ 71.731 419.277 null] +>> endobj +2018 0 obj << +/D [1996 0 R /XYZ 71.731 418.032 null] +>> endobj +2019 0 obj << +/D [1996 0 R /XYZ 129.514 400.891 null] +>> endobj +2020 0 obj << +/D [1996 0 R /XYZ 370.359 400.891 null] +>> endobj +2021 0 obj << +/D [1996 0 R /XYZ 71.731 398.734 null] +>> endobj +2022 0 obj << +/D [1996 0 R /XYZ 129.514 382.958 null] +>> endobj +2023 0 obj << +/D [1996 0 R /XYZ 370.359 382.958 null] +>> endobj +2024 0 obj << +/D [1996 0 R /XYZ 71.731 380.801 null] +>> endobj +2025 0 obj << +/D [1996 0 R /XYZ 129.514 365.025 null] +>> endobj +2026 0 obj << +/D [1996 0 R /XYZ 186.64 365.025 null] +>> endobj +2027 0 obj << +/D [1996 0 R /XYZ 464.117 365.025 null] +>> endobj +2028 0 obj << +/D [1996 0 R /XYZ 71.731 362.869 null] +>> endobj +2029 0 obj << +/D [1996 0 R /XYZ 129.514 347.093 null] +>> endobj +2030 0 obj << +/D [1996 0 R /XYZ 343.69 347.093 null] +>> endobj +2031 0 obj << +/D [1996 0 R /XYZ 435.285 347.093 null] +>> endobj +2032 0 obj << +/D [1996 0 R /XYZ 470.981 347.093 null] +>> endobj +2033 0 obj << +/D [1996 0 R /XYZ 379.823 334.141 null] +>> endobj +2034 0 obj << +/D [1996 0 R /XYZ 71.731 299.108 null] +>> endobj +2035 0 obj << +/D [1996 0 R /XYZ 177.285 288.313 null] +>> endobj +2036 0 obj << +/D [1996 0 R /XYZ 340.302 288.313 null] +>> endobj +2037 0 obj << +/D [1996 0 R /XYZ 396.201 288.313 null] +>> endobj +2038 0 obj << +/D [1996 0 R /XYZ 295.55 275.362 null] +>> endobj +2039 0 obj << +/D [1996 0 R /XYZ 442.597 275.362 null] +>> endobj +2040 0 obj << +/D [1996 0 R /XYZ 71.731 253.28 null] +>> endobj +2041 0 obj << +/D [1996 0 R /XYZ 264.277 242.485 null] +>> endobj +2042 0 obj << +/D [1996 0 R /XYZ 399.867 242.485 null] +>> endobj +1995 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F50 1263 0 R /F38 956 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2046 0 obj << +/Length 1826 +/Filter /FlateDecode +>> +stream +xÚµZKsÛ6ŸûWð(ÍØ0ž|äÖºI&$ӎ=Ӄ“MÁ&©”]÷×wñ¢H›¢­’œ˜î·Øow±ÄëÏ°»þzsvùŠ€bŠX7÷ADPÄHa†( +ƒ›Up»žÚ€»FVË +Å +Žìõª,ŸaL×û*mTYØÁòÞ^órœ$x±VÅÚܧ™ÊU£dœü~óûå€HPÒPcòŔ,AŒQ‹y³‘ðŠÀ‹ì +ê‘ÜMž/+{S§ÛMªÜ +UÛk‘nåÊb + +ĀrI¢ÅD€ +œ{·ÊÔ%8ñ3ïž¬à•Œ×KL÷yƒìÈ/y]Ú»9çN­Š¯Þ.O3Ðώz^P¡ˆòà‚P”gKÙ +iJ €Õy[ ü¬`¥ +CËˬcP¯OÇÚwÞÀiãŸmwÊ6j+A2q -]+U7•º[RŒØÄïÒìGºnÝJ÷ššÑˁÕÚØÅ»˜¿•EãÍTíòםã¹byúTîÝJŒ›êEŒÙÉŒ}V²Î`y +ÊÌu[VÒ,÷yZÉ&UyÝå· +Ÿà֌^Ëìy +ȳ9À¢á¢”DˆaœÂ‡ +ˆê! +Æq±ùQ²Jsç!l(Ô(Š£ÈŸ÷þ¬;—4AžíF­Y÷Eºo6e¥þñŠØ–+¥-fœªîښ²ö3 +ՀÁVý`q!šÊ;GžÛ»µYO#ÄFŽ~ØLã³ì¹ž)ëÁ%†n­Ölª%‹À\›2_ +1YûÙÊi+îÓÜ«æ![{‚£ +೜hÈË%‹GYùèK‹ógÚ”mSkÒáxufëÄGŒ‡T+‹íFÑCTøžžî’e7*7’y +îÇI›JîËÜ-ÅZÿšÞygÔgŽò™Rêš(äê ù÷7g?Ï` $H€ÙÀ%‘ˆâ ۞Ý~ÇÁ + +BŽA +Èx4S·Ç`ayp}öçÿ!$‚€à$†cB°f!áÜÉðÅÅÁž„ +KYžS—µ>{^ZÁ< +~;6£ +QÈ|=ìkµ.\Ò*2ùR +3(NW`€¡+ªiTNbš„Ú'ìTsöB£¥‡Ç._e!GXœ¶e± +ûµl|I£“%áñd(ûÆã2ÞÀãT!šGCe(f¡‘%ÊþÄ-¶|[çrhOeú7­÷µ‹^úì%þz„ä“u{I!À“8ž,Äp +QÄq<ɑ€ÝfŠŠûr„ß`[‚»°Ÿ¶Úš1Í_îåG=Y›6@ +¯ži”Nb(ÂáLqb(ѹO¿ÊFð +À-©]௚Ҍý’Z)ó0Fèɚ +p!à>œžŸNbåŸÐçÙOç("®t}4%}UŒP:tKiú¯el Û÷mŒž¬Î% C@6×©B +¯4D,&óð +ßÒ,t»Ü6­~Œp:lËiöfÉÄBAºmÒín”Æ“5`dxê:Uˆ¡‘h»ÎŽ +˜íù]ÓÎ2aÎñâŒw®ìÄÓ}ÝnÍé]Wü®‹ßÈj« +SnyÔɶpAñÄÏâÉBŒG +¥i2OŠa +ûO&9æP3À¶Õ +ýTdå¶%»s`¬Š* +ÓY®Ì)~Ûò©eåŽ#Ÿù“mØ +÷ƒ“—0@! ÄSËÉ2t²dÛXž +èKY7>ۓ +žÕ +ŽŠ­”|뮀h*zñéí†bÞÇù¡¡±Iõá†E +:”“n£QŸKþ-WGÚ|a·Ñ=zVúp€m}ÙÃx(x÷㱇ŒòŠÎ 2ÛþÆ¡Šç›â@;•¢ÓãÚ¿ëuÀÌËJ"LLã‹p +%a\pð"ß(/ß:@š»n#ëXptS±Ê÷þšŸq}ÝJÖeîlẖàsC«Lë¢mð +DRÜöUn¿š:û>Äw„i§ù}cwD*Ó©+ô³»-Ïeùc¿!ÞhÜ1å€ y‚0اs°+s•iÅ\£äA•y·ošíÖöõŸõ +]/ñU--à×1Ͳ–GíÏþßÀ75Ÿ ìqƒe9 +.Bš}#÷ï”ö^Tü/Ÿž +endstream +endobj +2045 0 obj << +/Type /Page +/Contents 2046 0 R +/Resources 2044 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1994 0 R +/Annots [ 2043 0 R ] +>> endobj +2043 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [157.299 623.953 205.787 632.8] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGFILE) >> +>> endobj +2047 0 obj << +/D [2045 0 R /XYZ 71.731 729.265 null] +>> endobj +982 0 obj << +/D [2045 0 R /XYZ 71.731 718.306 null] +>> endobj +150 0 obj << +/D [2045 0 R /XYZ 507.703 703.236 null] +>> endobj +2048 0 obj << +/D [2045 0 R /XYZ 71.731 672.259 null] +>> endobj +2049 0 obj << +/D [2045 0 R /XYZ 222.485 663.903 null] +>> endobj +2050 0 obj << +/D [2045 0 R /XYZ 296.367 663.903 null] +>> endobj +2051 0 obj << +/D [2045 0 R /XYZ 119.552 650.952 null] +>> endobj +983 0 obj << +/D [2045 0 R /XYZ 71.731 624.95 null] +>> endobj +154 0 obj << +/D [2045 0 R /XYZ 169.341 579.795 null] +>> endobj +2052 0 obj << +/D [2045 0 R /XYZ 71.731 559.655 null] +>> endobj +2053 0 obj << +/D [2045 0 R /XYZ 71.731 559.655 null] +>> endobj +2054 0 obj << +/D [2045 0 R /XYZ 365.826 546.918 null] +>> endobj +2055 0 obj << +/D [2045 0 R /XYZ 459.065 546.918 null] +>> endobj +2056 0 obj << +/D [2045 0 R /XYZ 143.042 533.967 null] +>> endobj +2057 0 obj << +/D [2045 0 R /XYZ 427.179 533.967 null] +>> endobj +2058 0 obj << +/D [2045 0 R /XYZ 71.731 518.858 null] +>> endobj +158 0 obj << +/D [2045 0 R /XYZ 258.693 481.643 null] +>> endobj +2059 0 obj << +/D [2045 0 R /XYZ 71.731 458.748 null] +>> endobj +2060 0 obj << +/D [2045 0 R /XYZ 289.224 448.766 null] +>> endobj +2061 0 obj << +/D [2045 0 R /XYZ 71.731 433.778 null] +>> endobj +2062 0 obj << +/D [2045 0 R /XYZ 71.731 433.778 null] +>> endobj +2063 0 obj << +/D [2045 0 R /XYZ 71.731 211.81 null] +>> endobj +2064 0 obj << +/D [2045 0 R /XYZ 409.461 198.859 null] +>> endobj +2065 0 obj << +/D [2045 0 R /XYZ 209.036 185.907 null] +>> endobj +2066 0 obj << +/D [2045 0 R /XYZ 71.731 163.825 null] +>> endobj +2067 0 obj << +/D [2045 0 R /XYZ 71.731 163.825 null] +>> endobj +2068 0 obj << +/D [2045 0 R /XYZ 71.731 162.58 null] +>> endobj +2069 0 obj << +/D [2045 0 R /XYZ 129.514 145.559 null] +>> endobj +2070 0 obj << +/D [2045 0 R /XYZ 350.722 145.559 null] +>> endobj +2071 0 obj << +/D [2045 0 R /XYZ 410.776 145.559 null] +>> endobj +2072 0 obj << +/D [2045 0 R /XYZ 71.731 143.402 null] +>> endobj +2073 0 obj << +/D [2045 0 R /XYZ 129.514 127.626 null] +>> endobj +2074 0 obj << +/D [2045 0 R /XYZ 71.731 125.469 null] +>> endobj +2075 0 obj << +/D [2045 0 R /XYZ 129.514 109.693 null] +>> endobj +2076 0 obj << +/D [2045 0 R /XYZ 71.731 109.594 null] +>> endobj +2044 0 obj << +/Font << /F25 852 0 R /F31 858 0 R /F50 1263 0 R /F33 859 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2081 0 obj << +/Length 1169 +/Filter /FlateDecode +>> +stream +xÚµWKoÛ8ŸûWèÅÖ4I‰zÈ»idÑíb7î)ÍA‘i›€LzE9Aþ}‡"©HŠã$@{±(j8ó̓ó Ú ‚.'.'‹‹(B9Ζ åE1Á ÏQ1œq†–+t3=ßûFÔ³9ãdc÷<×ê;!lsšg”O‹Fjå>èµ{VzFÉtÓþHµq›ë¢”•l€0³Ûå_⁄' ¡(ÅyJšE3gŒbJRXʓÌÁùÎœnO=ùЮàC+\”¥0Æu­k¿^kïÏJÖ¢lt=†4†âŽÎ)lAÄÞDߙòP +gÔF®òkUì„ Ûœ<Èfë?h5ß×R5Å]-·E]” +¢ÔíjµÎH5‹Éô~Æ #•\¹ÍoWŸÌâ~žŒ(íÖæPzc#êÅŠÖ‡}«ùWF¢ÒP +øՇÆ'ÆŸ·u$TӃ)})™b·-€¯/éÊ® +wŽñ^펒MI³»àR‡œ‘ÜÁ¹îY¯eóè«··[kæ%ŒFˆAÐMûé +¬» +1†’ +IMï¥3ԈM—Ôà‰=7º±,Jq’$!žŸïžØî;îH?<ŔòՓ‹ƒ$µ¡cyŒÓŒBâÎCkFâɋãXcŽ9˃áoÍn +\õ„¥AȞؙao±êGEÐë@îva;%˜òÍmCK§ôJœ]Íoš  +žgªè +¥‚î‘y0‡œ  +q.i·-v±ž:‘ƒÍ$lÎÒÁ³Ë¶€ìb¯+Yú¶öüؑÍ`ý?Q¬þQÕãY oǐÁ/zs!+až +Ž4^Öú8äÍÙCQ«S²W¥kñU+ñª}'úGUIµÖoöóDÌ]ص§‹WµŽ@¹ˆÀáSN~’õ‹2Ž'ÿEÌ +³Ø—µ¬üÊñÊËîÞ°k©î +_ؗ +_Ø×Àvíø®žóÅ»Jì«÷B‘â(ÏÐC+ºC1H$¬+t=ù÷W(I9> endobj +2077 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [239.371 618.516 293.667 629.42] +/Subtype /Link +/A << /S /GoTo /D (0:SEVERITYDEF) >> +>> endobj +2078 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [278.484 152.842 325.308 163.746] +/Subtype /Link +/A << /S /GoTo /D (0:THRESHOLDS) >> +>> endobj +2082 0 obj << +/D [2080 0 R /XYZ 71.731 729.265 null] +>> endobj +2083 0 obj << +/D [2080 0 R /XYZ 129.514 708.344 null] +>> endobj +2084 0 obj << +/D [2080 0 R /XYZ 71.731 708.244 null] +>> endobj +2085 0 obj << +/D [2080 0 R /XYZ 129.514 690.411 null] +>> endobj +2086 0 obj << +/D [2080 0 R /XYZ 71.731 688.254 null] +>> endobj +2087 0 obj << +/D [2080 0 R /XYZ 129.514 672.478 null] +>> endobj +2088 0 obj << +/D [2080 0 R /XYZ 220.163 672.478 null] +>> endobj +2089 0 obj << +/D [2080 0 R /XYZ 71.731 634.62 null] +>> endobj +2090 0 obj << +/D [2080 0 R /XYZ 357.218 621.669 null] +>> endobj +2091 0 obj << +/D [2080 0 R /XYZ 165.081 608.717 null] +>> endobj +2092 0 obj << +/D [2080 0 R /XYZ 71.731 586.635 null] +>> endobj +2093 0 obj << +/D [2080 0 R /XYZ 71.731 563.721 null] +>> endobj +2094 0 obj << +/D [2080 0 R /XYZ 71.731 239.815 null] +>> endobj +162 0 obj << +/D [2080 0 R /XYZ 213.661 201.823 null] +>> endobj +2095 0 obj << +/D [2080 0 R /XYZ 71.731 181.719 null] +>> endobj +2096 0 obj << +/D [2080 0 R /XYZ 71.731 181.719 null] +>> endobj +2097 0 obj << +/D [2080 0 R /XYZ 276.422 168.947 null] +>> endobj +2098 0 obj << +/D [2080 0 R /XYZ 71.731 133.913 null] +>> endobj +2099 0 obj << +/D [2080 0 R /XYZ 71.731 133.913 null] +>> endobj +2100 0 obj << +/D [2080 0 R /XYZ 71.731 122.705 null] +>> endobj +2101 0 obj << +/D [2080 0 R /XYZ 71.731 122.705 null] +>> endobj +2079 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R /F25 852 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2104 0 obj << +/Length 2041 +/Filter /FlateDecode +>> +stream +xÚµZ[w›H~÷¯àQ:'j÷•†}ËfåYÏNœl¢ì9{&ó€¥–Ä - {üï·ºéF`alóbIª*êûêÚ`oça¿¯®®oóBúÔ÷V[qŒ|z’Qê­6Þï³ûèXª|Ÿ Ï8ª^?déwŒéî”ω˜Eeœ¥ÕÙ¶zM²9Á³ù§»êŸÛh +'q«bþÇê×+l +Y®®þwEà-öˆGHˆè–$@Ko}žúýìmàË_=ŒXxæ҃Ç1ÓŒOŒ¯Wÿþ+„HA}ÇÇHÙÐ;fIŒÖ?ª>?ÄYb°x§ï,ZžUŸIñw +³S ‚zïá·{‰·/9 +úeŒ +¶£ +Òx +†O7i|Š$xš +ŸÕžõ‘gý5yZúË(/OÇë¢ÌŽª(¢*ú° +lM, CБ)yŽƒ-çˆ|l¹DLÒ¶?÷à:î׊î՜‰Y +X–ÑáxŽüœžïUd¢÷íx¶²*AúeŒï±B +Þ4D˜“ið†æÛJøÛ§_þµüoÖè­±nè]ím¢ÿ¡$ÕÈæ®T"·îÿîoW «;ž`šš>: +Ÿ‘$i€NGÒa¬C†ÓЁøÈ[—¿|™s<ûô¥‡è®)ÑҝçYþöø +lF CŒ„sœ +ŠÄÄDuÄž­“Ÿ4”«.{ÀœBw +fS·mðò§r_O?*)Ô9­+Ž³ +]œn³ü`Zž(ià•†mžù—jDŒ,ê£ +" +a2MQݶͶïçBÌŸý£‡hv4hiþúT”êPaºŽ’€8ã¿uÁŸQ÷sŠg§ž“_|°¡ +X0ܓ‘qÿB:Àr 8äyiŒÀCê3Ä ++xk=1«¢ +’rUÀöúê%Us*fs_ÌÞ¹Šy8&fÞm‰±ðyuQ¬÷ ÏýFOÆÍJ\Ô× ŠZ³yf;Š­€ÑìT\ +×ð'qQÏw÷*ɌÑçï1Nl*(Êúí£n²ü‡œ¯(u¿ÏÊœãXÚ +$ñŸÆüM©œû9ŠI6Ž£ +è +À}ð,›dÑÂ%A”oZŽL ÖEKí[÷,ƒõwžD౎”a9IçB @úoÌáSh®QljŸÈá=ùyž +0€ +ÝŽÃr¬&“Hp1 +˜ +#ÁlŽ7Mö·» +0'Ð\ƒÙÔ|§;-›NóSÚš³¢Z¶Ø”k&µ?ãÒ~D™”ý2ßG” ƒñ‘õzŽÃž+Šé4| ‘Œyë2 +îšMÝ­­Kñ¬²FI\Mè}1?زx@ +¿Ç +1cÓ +c +C[ÇíÆûæö· +pÇ+­±m*ýØ +ì\%QÝs¹=Kµ9qƒXi|—Ç¥]»@׶þ}yþCï@Dø> ÿX!~$È4õ› + + l«èêCOpO¡Õ ¥µM€mž +žmÓÖI +Äu¡rÛæÛ¬º/LÙïÁ}žÑ—˜iŒŒ¬õ£ +ॏˆœŠÖ3"âó +‚ÏóÎÞßÝ~èÝ5üMÝ7ÕáŽ+øJoØ +[»mêՌËÇ<Ûå‘#‰ÊqjÄ> +6ŸA)P(ý‘4+ÄÐÀÇ(`lø +”œ7«/`­5ZZ/wªç&o§R•GÉ++—á¶u@2|6²Œbðåñi猈Kw }·ì9 +@k +oKkŒ©*ÝÂä5ˆ‡š×ˆ áÈ +>ZˆA˜aDx0 +Č!Âl-]ÞÞ}þÖòŠk”[ŠûPŽÓãɍcç©m]?žÔØïU­Þk\| +8Rž#>¶ªâÖRD"JוIð0 +1ߞ3sœœ\PÌÞë9üAoŸ£8‰îuŽ˜^ŸÒG‹çg·àíg·žáƥɹ +ýܘ”•š":ì£ØíVOGýDKñ¬ýÚf‰]}žŸÓjϺìey}à©-ú[ëñ1c‹„Ú‡‰¶{ +˜ø™›ŸS*ž_Þ|æÍŒƒ/ÌÅjqOtÜ ùBžË@ŠŽ÷ÕŒÉSœš®6úqR.Üw_?®>;nn”%,°sïZÎrïv·îµZ6@r>ãÜõ¶U±„_ÃÝøš›e£·°V·vÔÍóãsÛS­«íCIg§“À0õù{Qyp¬ +ݚeÓ¡ÓvO +v:žå/ +_¯Ú‹ÆzÎÒâQj=郀~ûšðGØÉŠÈÕa<„CHå¥ñ·Ûz•ÖöFœM€Yú®'°€8ß3x‡.Ïɻޚ‡ë—•ûa^{..jŽn,û2MŸÇØ +JådœfEº1’”þ”n}*aøÈ$$WÚæc㑷$Z×G"O +Ý9Yu€²V® +Óur:7ñöèæöæÓ_KXÇÖ桃¹Pƒæ.Ó2¯3›ՋÇ:ӈŽÈ‡xc/Ò+*pä–E®Šž(õ¹곛 Š°NPô|w.AùóÇoÿçʐ +endstream +endobj +2103 0 obj << +/Type /Page +/Contents 2104 0 R +/Resources 2102 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1994 0 R +>> endobj +2105 0 obj << +/D [2103 0 R /XYZ 71.731 729.265 null] +>> endobj +2106 0 obj << +/D [2103 0 R /XYZ 71.731 542.765 null] +>> endobj +2107 0 obj << +/D [2103 0 R /XYZ 71.731 494.78 null] +>> endobj +2108 0 obj << +/D [2103 0 R /XYZ 71.731 494.78 null] +>> endobj +2109 0 obj << +/D [2103 0 R /XYZ 71.731 483.572 null] +>> endobj +2110 0 obj << +/D [2103 0 R /XYZ 71.731 483.572 null] +>> endobj +984 0 obj << +/D [2103 0 R /XYZ 71.731 298.616 null] +>> endobj +166 0 obj << +/D [2103 0 R /XYZ 320.077 253.362 null] +>> endobj +2111 0 obj << +/D [2103 0 R /XYZ 71.731 229.606 null] +>> endobj +2112 0 obj << +/D [2103 0 R /XYZ 71.731 229.606 null] +>> endobj +2113 0 obj << +/D [2103 0 R /XYZ 71.731 198.403 null] +>> endobj +2114 0 obj << +/D [2103 0 R /XYZ 71.731 198.403 null] +>> endobj +2115 0 obj << +/D [2103 0 R /XYZ 71.731 197.157 null] +>> endobj +2116 0 obj << +/D [2103 0 R /XYZ 129.514 180.136 null] +>> endobj +2117 0 obj << +/D [2103 0 R /XYZ 129.514 180.136 null] +>> endobj +2118 0 obj << +/D [2103 0 R /XYZ 169.922 180.136 null] +>> endobj +2119 0 obj << +/D [2103 0 R /XYZ 71.731 165.028 null] +>> endobj +2120 0 obj << +/D [2103 0 R /XYZ 129.514 149.252 null] +>> endobj +2121 0 obj << +/D [2103 0 R /XYZ 129.514 149.252 null] +>> endobj +2122 0 obj << +/D [2103 0 R /XYZ 71.731 147.095 null] +>> endobj +2123 0 obj << +/D [2103 0 R /XYZ 129.514 131.319 null] +>> endobj +2124 0 obj << +/D [2103 0 R /XYZ 129.514 131.319 null] +>> endobj +2125 0 obj << +/D [2103 0 R /XYZ 264.816 131.319 null] +>> endobj +2126 0 obj << +/D [2103 0 R /XYZ 432.586 131.319 null] +>> endobj +2127 0 obj << +/D [2103 0 R /XYZ 71.731 116.211 null] +>> endobj +2128 0 obj << +/D [2103 0 R /XYZ 129.514 100.435 null] +>> endobj +2129 0 obj << +/D [2103 0 R /XYZ 129.514 100.435 null] +>> endobj +2130 0 obj << +/D [2103 0 R /XYZ 71.731 98.278 null] +>> endobj +2102 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2136 0 obj << +/Length 1872 +/Filter /FlateDecode +>> +stream +xÚ¥XMsÛ6œûWè(ÍX0 ~*‡Î8NÚŠÓÔîD·€˜‚DL(PÉÄú÷] +ðCtR' +b÷áíÛ]‹Ã"Xüvõz{uók-6d“Òt±Ý/¢8 i²Yd%yBÛÝâãò®d§–«Õš&Á2&ö÷®–Ÿ‚€ +:µ +“%kE-íƒzo«z˃ù#äÁNîY!*Ñ +Þ¬þÙþq !î¬ ÙdAš­YS’0È`“$È­9Ÿ(MF»'>˜<0‹k¥Ë†«/àì5õ[bJâ~ +áv,™öŸ®«Íh{÷póîÁŽ¿Š¶ÄÅ­ª%žÄº¶ä² +FÏÉ +.Éw£ÉlÉe¡Î3ÎyÓ°oÈÔÓ> ØMãÅ:„9Ààåðð +–Op¹’U3žD1Ùě .p=.ðOÁpðÈqÂSÃx3mmaK +,¿èCëÏúbp× +rf˜™“ªŠ +€M­ +©=™»÷ eŸõ<ž°X£Õ됒MZۛúˆg±¢çjwr£‚«¶÷š–;¡W}~ +口ÿáï?큻Ç9ð)„b~ þ]§p«:ÏÜEӝNµj¶÷g8áڎêŠ=(ÞOÜ+VTüÚC‰ˆHñtÿæõÝ· +‡xù)ÇÔJSŸêv|Îñˆ€iürÖ +O¢rŒÃ°ì!™ ÂqQÖ +óÏ»7A8 +hŸ9ôcˆ7CþYûGü +Ópـ!I²$v) HŽëß²¢ +ë)XÜð™(Øë8êeÕ̕Î"xò¯h¢CP‹¶sàÑq‰·í Œð÷ÁxR–;KoʺÂÍ.„4€Ú›`ì¹S²yƒŽ+S+ÚR4ŸW)Âuó+M9 [B&Ö4%i€gþU·ü•]烵4!1¬AfœÓ†gù’ílŽ_ÛQ*`d ‡_= +÷«hŒ6Ì)þo'.ÐX™\©ßdáÄeBú·ÙA1H¡O¡ð@ÏV܍“—Ü5º°CP‡Ô:"¹¶ê©u§ +k`gرJÃÄ °N3’ÅébE$Lì+b»ýv +fH˜ƒ[äq +ëÎtr¿Ò\?æ`-øÍ\úÍHNÁ']tdèÓm +™`̟’iÓŸè|ÁA7›<"ÊŒçÆ€ÈüšE³rQ/7€»‰}Z`¯€ÔmñÑ<úÀÙ$&P­LV-Ñ×0Ù9“Cš‘$ôÜ,*ÖÌAE!㇩×ÆXFg-» +È¥åWš’Ҏa:ȞËג¡‚¢–õ¡öùúș„;å`x•Û’Ï9 +É#§/¹£Ä-VL~næØÑ«>(Ô ‹Dž@ýG˜,œÌ¿‡üèŠOé2©š“®m +Û²ã©qÙBö%ÈxH"]ŽäJÕÊ-Çâ5·eªíN7¶mϗ×gŒ’oúê +"ï €t†3!IÒÍiïŸ2!Œ^ý^›+ +>ÖÕÚõ8ÇõÀ¡ù@ +ƒ>ö©Ð^k}çjjà “ +ªí|œ%ZÖŽ®ékµ¹«ø*›„ПÐ(Æ]Êc5Wo@ôy|^¬³‘FfŒ]‡ }]+˜xÉ°ßÒ±?+”°jùèW|ï° +0 +)Ö©SÝð›BgmpåP«óžž`£BÜ6®h*Êëþ•ðW!”uç¿FDì8«ªsOÚAuŽï*o-Œ¬ù£‹·Ž/úâhR/xÅa +Ⱥ +D +¢¯X|ì ÷ßbs1È.öš¶>͝~dŸ0âÇQqƒa +^V°Ã&\ +&ö3%«‹ +ÕáÄ^Õ( +ÒDE’xýD>Ü?mu×TŠ +êCò’R ÈwžÿPê›Ä®VÙë ­Ž^%%k;åÔÿ«)`Îc.^Ül'í:éëÎ1ÚbR#Bùô|Ÿ\ç(–éDEJÛXØêtÆ_ȱ‘Ip/'NÖ0RNlän"€=Öø9eŽ5®ôåòäôGÛßùO߄MòHYò­B}p3$ېxãuš`Ê¥{aLòē +Ê +fœõÅníçº:$[ì”2(T“qxŒÙíe¢–®C +öæÍt£ + +“Ôpž€<4œâÌ]ãL)å3,š6Sû3‚3툊ýûÀZK»‘‰µäÓcü­LcS+¥ëÈvܞÛUí+<°ª¬^™ÿ¶Î‰fbÎÀ͒沕žéuå&tÚvŠ¹³]«Øu:ÛLzyî{å—ö‹øÊÆBï,}×R˛z¿Ÿk!³„„ÔKVØ"=Û!jRšW%CKòÄ|>ÁWÁyvñ£®oÎv¬,ð3¶þi_^OZ1É9Ž +éõ›±§ä’™C*·`xdÿ +ÀŒ +î'K±ëÄžÃïÐÖ%Kü8`º[€‚Oe! +ážÛÉ"ßg_¢Ub +zùšº3 +œþÕ7z+}™¥ރê›nl +„ùrÙԟÁ’|ëK݄$†’-ÍÁ@ü&=ùöõv{õ~žÖ +endstream +endobj +2135 0 obj << +/Type /Page +/Contents 2136 0 R +/Resources 2134 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 1994 0 R +/Annots [ 2131 0 R 2132 0 R 2133 0 R ] +>> endobj +2131 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [275.077 417.446 329.373 428.35] +/Subtype /Link +/A << /S /GoTo /D (0:SEVERITYDEF) >> +>> endobj +2132 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [403.543 417.446 457.839 428.35] +/Subtype /Link +/A << /S /GoTo /D (0:CLASSES) >> +>> endobj +2133 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [324.77 345.834 371.594 356.619] +/Subtype /Link +/A << /S /GoTo /D (0:LOGDEF) >> +>> endobj +2137 0 obj << +/D [2135 0 R /XYZ 71.731 729.265 null] +>> endobj +2138 0 obj << +/D [2135 0 R /XYZ 71.731 741.22 null] +>> endobj +2139 0 obj << +/D [2135 0 R /XYZ 129.514 708.344 null] +>> endobj +2140 0 obj << +/D [2135 0 R /XYZ 129.514 708.344 null] +>> endobj +2141 0 obj << +/D [2135 0 R /XYZ 184.29 708.344 null] +>> endobj +2142 0 obj << +/D [2135 0 R /XYZ 71.731 706.187 null] +>> endobj +2143 0 obj << +/D [2135 0 R /XYZ 129.514 690.411 null] +>> endobj +2144 0 obj << +/D [2135 0 R /XYZ 129.514 690.411 null] +>> endobj +2145 0 obj << +/D [2135 0 R /XYZ 176.916 690.411 null] +>> endobj +2146 0 obj << +/D [2135 0 R /XYZ 71.731 675.303 null] +>> endobj +2147 0 obj << +/D [2135 0 R /XYZ 129.514 659.527 null] +>> endobj +2148 0 obj << +/D [2135 0 R /XYZ 129.514 659.527 null] +>> endobj +2149 0 obj << +/D [2135 0 R /XYZ 215.302 659.527 null] +>> endobj +2150 0 obj << +/D [2135 0 R /XYZ 71.731 657.37 null] +>> endobj +2151 0 obj << +/D [2135 0 R /XYZ 129.514 641.594 null] +>> endobj +2152 0 obj << +/D [2135 0 R /XYZ 129.514 641.594 null] +>> endobj +2153 0 obj << +/D [2135 0 R /XYZ 175.631 641.594 null] +>> endobj +2154 0 obj << +/D [2135 0 R /XYZ 71.731 590.785 null] +>> endobj +2155 0 obj << +/D [2135 0 R /XYZ 71.731 562.725 null] +>> endobj +2156 0 obj << +/D [2135 0 R /XYZ 71.731 547.781 null] +>> endobj +985 0 obj << +/D [2135 0 R /XYZ 71.731 498.73 null] +>> endobj +170 0 obj << +/D [2135 0 R /XYZ 519.912 453.475 null] +>> endobj +2157 0 obj << +/D [2135 0 R /XYZ 71.731 429.72 null] +>> endobj +2158 0 obj << +/D [2135 0 R /XYZ 202.759 420.599 null] +>> endobj +2159 0 obj << +/D [2135 0 R /XYZ 363.594 420.599 null] +>> endobj +2160 0 obj << +/D [2135 0 R /XYZ 71.731 385.565 null] +>> endobj +2161 0 obj << +/D [2135 0 R /XYZ 137.534 374.771 null] +>> endobj +2162 0 obj << +/D [2135 0 R /XYZ 255.451 361.819 null] +>> endobj +2163 0 obj << +/D [2135 0 R /XYZ 214.814 348.868 null] +>> endobj +2164 0 obj << +/D [2135 0 R /XYZ 71.731 326.905 null] +>> endobj +2165 0 obj << +/D [2135 0 R /XYZ 71.731 326.905 null] +>> endobj +2166 0 obj << +/D [2135 0 R /XYZ 71.731 268.38 null] +>> endobj +2167 0 obj << +/D [2135 0 R /XYZ 176.04 257.211 null] +>> endobj +2168 0 obj << +/D [2135 0 R /XYZ 119.552 244.26 null] +>> endobj +2169 0 obj << +/D [2135 0 R /XYZ 300.412 244.26 null] +>> endobj +2170 0 obj << +/D [2135 0 R /XYZ 179.048 231.309 null] +>> endobj +2171 0 obj << +/D [2135 0 R /XYZ 71.731 209.226 null] +>> endobj +2172 0 obj << +/D [2135 0 R /XYZ 71.731 170.372 null] +>> endobj +2173 0 obj << +/D [2135 0 R /XYZ 71.731 155.428 null] +>> endobj +2174 0 obj << +/D [2135 0 R /XYZ 300.538 145.929 null] +>> endobj +2175 0 obj << +/D [2135 0 R /XYZ 71.731 127.404 null] +>> endobj +2176 0 obj << +/D [2135 0 R /XYZ 197.291 117.635 null] +>> endobj +2177 0 obj << +/D [2135 0 R /XYZ 76.712 100.997 null] +>> endobj +2134 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F25 852 0 R /F48 1258 0 R /F55 1386 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2180 0 obj << +/Length 1654 +/Filter /FlateDecode +>> +stream +xÚµXÝoÛ6Ï_áb²»XÕ·ä~h³fèÅâ> +m1°m‘EO”“ú¿ß‘<Ҕ¢Ž)ÖŸX'ŠŒûÝ÷ÑÁd3 &¿ŸœZ=»ŒãÉÂ_dQ6Y­'qøYº˜äqäi4YU“Ӌ-ÙwŽÍ£4˜&Ÿ~^ðæcD›C; +Ó)éoôŸÖϚÏÂ`ºQ?¬ÙèÅ5)YÍ:FÅìÓꏳ<»ŒÒI(²D¢˜GAè‡EDâ§A¡a\q—Y^hIð,gˆcŽéôûŽ +AŽð9ü‚,µüYn;jºÛRM©lº¥ís éÙeR8HÂ"ôÓ0 +Â+<^Ñõ,ŠäPwçŽÌÕҒ²ÛY”Niõ-áÀGïlõ"i©2™Ùó0ŸäA×RÒŠbOKFêúÊSDBšêÄHõò‘„|D„5ßl +›ŽpÁGéۚÊcC¶ + +!;Âjt +~GÌdÈäùô +úë(mÁhJÞxR8@M3­iÍnä>j°cꃠŒ|¯ÂO¹/uiáEÆ{ïœParÝW”dÝq©`éÀ +DÁ"ò3X@6ƒ4Ž|@d +ûE‘˜œÞ2Q~a  + +.ËÐ×»âÐIÇy”¥~žÈ'ó4ð‹`¡w¯¶-[^WB'•v +eM®ÕLt泊 í4Á0U¥µP·„iÅv +y|]˜ûÅÂæ†1I¯hIh¶\8¥B”Kl +« +%åÖp@e1)òÔ²ˆÈ_˜åú? +\+ç°)5/uñ9¢* +£J"œš×*ðo¥ÞŽ= +puÁF=j#3cõZp€ŒZÐdϛÊVÃq‡Iâ'qþÝÀ/TÜGAÖ +71²c±2Aj-µväMæqùI‚û,œ²ow¬ÛšØB­7LfÙ­Ž'mah‚D +-FÁÊ +ŸRL7‡.ëRÖA õ™ödÈXïsT©MjVõP:Òš8·5Ç $A÷€Åú*å +ñž”xÚhÉw;â +²[æX·^–ÝAÕäL×N7ÏzNNc?†”~€£ï +N³œ$&Ùɍ:ó +ÓAqµku§¶Ÿu£–ÔÆ6Ѓd"ÓwzO=ÔÛ{b(c6oéc"ÇPƒDŸÛ2•÷É«¬ÙcßRí•:‘Ð<°²â/ie”/e}ÙeVua”ŸySͪÌBY«Nzjgùšýë/d·¯©x®w+ýÖG³’ÕSq! +ú/ž»Lƒ +Ah€üTT‡÷¢·Åâ”-E;’?pšá +5 +=Ö¬ùù“\8àdKrK“ë–ïœsÞXn± +m[ÏÔï4è +s£5eÅv&ò™cԂ¹e·{1؀x—'æ¯üð5naÚ¢(w”Ä*£@ +w±e‡‰1Þ3š ;C•[jh‚Û`4”{ðŠ5‡/xR +EÕ — žig’5íítÇ·S›Êƒ³áõQtýXBrˆç#µ!MüŒ°M»€mGLÉÃóC/+{—=³:¶³tS³æ_ªÃþtüW»I]pK¹­X;KS&ùž6HÞ°º>w}i"JsS5éùë³Û³æ­­çÀªÓËÆŸìٞžBÃMÓiìžìDR?aÀŒŠƒHÕÔþS +χ_WNå­Ý±†öÆýö4,Öã +³ +žcðß22Gwôè5›0-ü LOÓßæB2^Ž40ٗòôÔhêZš< +4–iß›l¡Ÿ€vÀAãŒ:kè)¯W +·-šê÷Z‡BŽ€^šäýX~jžœH6ý£Ú™ŽSìбoW=Õ왎ᆠ+¶ƒVÒ±‘+D¶»Ÿââ4ŸFvïå,M§ïKøy˜%pC +ûy + +³=í +’ŸÃu~ +ÁÅ*ÄëÃð駱×/ã‹Ê‹öΡ_ײ¡Kâõ\^ú„~Ñ—A,ߖú!`r€R‰ùz­Ò̕”Eü[à~MoÕ€³TŒp•j +ÕôÑpÀt +Ž¶š1|ù×û?µ„Ë7Wšž^œ|ûîѲŸ¡€)8µÇ»–É›/‚W]õ!ÑEî +À(ðS[« +³ÿà Ð'ÉY5åó]Kap ?MäÿS⎮Õ=Tœé +œ -È0œ¿æú_Äò‰.ÿú@”õNŒ^ýX¢Eô +endstream +endobj +2179 0 obj << +/Type /Page +/Contents 2180 0 R +/Resources 2178 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2200 0 R +>> endobj +2181 0 obj << +/D [2179 0 R /XYZ 71.731 729.265 null] +>> endobj +2182 0 obj << +/D [2179 0 R /XYZ 360.531 685.031 null] +>> endobj +2183 0 obj << +/D [2179 0 R /XYZ 71.731 647.173 null] +>> endobj +2184 0 obj << +/D [2179 0 R /XYZ 276.72 634.222 null] +>> endobj +2185 0 obj << +/D [2179 0 R /XYZ 147.507 621.27 null] +>> endobj +2186 0 obj << +/D [2179 0 R /XYZ 147.507 621.27 null] +>> endobj +2187 0 obj << +/D [2179 0 R /XYZ 372.925 621.27 null] +>> endobj +2188 0 obj << +/D [2179 0 R /XYZ 372.925 621.27 null] +>> endobj +2189 0 obj << +/D [2179 0 R /XYZ 71.731 573.285 null] +>> endobj +2190 0 obj << +/D [2179 0 R /XYZ 172.861 562.491 null] +>> endobj +2191 0 obj << +/D [2179 0 R /XYZ 172.861 562.491 null] +>> endobj +2192 0 obj << +/D [2179 0 R /XYZ 71.731 488.603 null] +>> endobj +2193 0 obj << +/D [2179 0 R /XYZ 71.731 488.603 null] +>> endobj +2194 0 obj << +/D [2179 0 R /XYZ 277.567 451.905 null] +>> endobj +2195 0 obj << +/D [2179 0 R /XYZ 321.442 451.905 null] +>> endobj +2196 0 obj << +/D [2179 0 R /XYZ 259.854 438.954 null] +>> endobj +2197 0 obj << +/D [2179 0 R /XYZ 71.731 416.872 null] +>> endobj +2198 0 obj << +/D [2179 0 R /XYZ 71.731 416.872 null] +>> endobj +2199 0 obj << +/D [2179 0 R /XYZ 71.731 394.077 null] +>> endobj +2178 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F48 1258 0 R /F55 1386 0 R /F31 858 0 R /F60 1440 0 R /F38 956 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2203 0 obj << +/Length 1087 +/Filter /FlateDecode +>> +stream +xÚµVMoã6œçWè!23¢d}xm³I‘ÅnÑÖî¡è-Ó‰D*‰ÿ}‡âP¶ +°èÅ +ќᛙ7OŠ‚}?]üžŸžŸO’`I–Yœë],"’¥Ë ObR€q°Þ†·k +ïfó8Âq뭒_£(Þ÷݌Š!3BI÷‡Ú¹µV3 +ûáGÈœÛܱRÔ®g­?]Däú>‚Pd +‹b +ӈ$‹ŒI£ÂÁž{iUgVü‰w +nJøµA ÀœR@»cߝmf~sžEQž®:®+UoÝãNuÎòI= í“nå/µdµ{j;µïX3 +}bóœÿÀµÚïGŒF!n·¬~ýìŒ-3lÃ4ÿoȈä#:Œyל;_DŒ:hÃg—¬®õ9Fþn8ŸÕþÖFžQ-—WÎÿQÔµ={}§ÍILSG™Ž )&Ma +ýd k^„wó† ôKè ß9)bÌ-ÝsÄòøµ£«©˜qVÉäuÓk|ÚpÜ +‡€oÝëøŸK +Á—ô7^ŠVpi02Ûn¡³çSpœ†€8ÁHÁ„dçí†u·âæ +dôD™Ñ"„H7.»ìtŽò„€y1Ÿ^[>6üûJic‰zÌÑå¬ ¿·X +åV.ö•9Kƒë1{gŽJk±©ùz°²Bux¶QŸšY‚E­XÇJ +í +Dî¯ë©VÅENÙÒ§wX%ïÁkÜ¢yËQšðþZH7sgNc²ôš'€gÀ›V¿Ò;»[OÕr™J=:2’öDæ ØŽ€ÎÆÁR¯EûÁõ;ž€ÐŽð±„-X–‡B»µã¥j.· ach¬ýŒBæΖVˆûÆÊ8ॕ5»ÿð‹[O;icKc†ñI‡µrœÊ²ÐÒO~ÒÈ_Èfq>Íâ4T}?þŒreÆ +ÎÆŸVê±o5„ dŠÉ’Øúd É3ê©fWùj€Îµ[ìH ál“^€IrÏ»o +²áÆ©ñXqû®X +!Z5üï­[hÊTNèå& +•ê +îš +GÂ'(¹—S œÕ +©·á%ë5Ô^–0~ ·J^ZðãZÃ[ºóŒ±z³QœÄ;žIÏvÉK{Úuêøê³s‚í€w%TúàÇ#LǺ“þà×ÂÃîÕ8u^Ýã˜ÝÎÂÛÙ +P:˜‡wP}wÌÏYýQy|é|ÝOŒ‚u9ŸJgª"újðŠ-O·Îîð&Ç3癖ä xíö"šŸÁZHПaˆXýÔ]Ûދ†O²7"ÅbÔ§"[DÑ$]ݱ÷ÐõÙJ +“¯j­¹yÕ¢Ë9mž9÷ê}Ê.3ÄW#A5/{#¬ï“=ŧzæAø¶îýjxµO0@³Šb^ý=-µ±Ÿ +ƒyÉê“;/É«ïØó¯éœ’”ÆC±1q~æp·Ÿø‰H +endstream +endobj +2202 0 obj << +/Type /Page +/Contents 2203 0 R +/Resources 2201 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2200 0 R +>> endobj +2204 0 obj << +/D [2202 0 R /XYZ 71.731 729.265 null] +>> endobj +2205 0 obj << +/D [2202 0 R /XYZ 71.731 741.22 null] +>> endobj +986 0 obj << +/D [2202 0 R /XYZ 71.731 557.125 null] +>> endobj +174 0 obj << +/D [2202 0 R /XYZ 156.894 513.251 null] +>> endobj +2206 0 obj << +/D [2202 0 R /XYZ 71.731 493.111 null] +>> endobj +2207 0 obj << +/D [2202 0 R /XYZ 276.989 480.375 null] +>> endobj +2208 0 obj << +/D [2202 0 R /XYZ 71.731 463.274 null] +>> endobj +2209 0 obj << +/D [2202 0 R /XYZ 71.731 450.322 null] +>> endobj +2210 0 obj << +/D [2202 0 R /XYZ 139.477 434.546 null] +>> endobj +2211 0 obj << +/D [2202 0 R /XYZ 139.477 434.546 null] +>> endobj +2212 0 obj << +/D [2202 0 R /XYZ 213.05 434.546 null] +>> endobj +2213 0 obj << +/D [2202 0 R /XYZ 71.731 414.442 null] +>> endobj +2214 0 obj << +/D [2202 0 R /XYZ 426.946 401.67 null] +>> endobj +2215 0 obj << +/D [2202 0 R /XYZ 71.731 386.681 null] +>> endobj +2216 0 obj << +/D [2202 0 R /XYZ 71.731 371.737 null] +>> endobj +2217 0 obj << +/D [2202 0 R /XYZ 71.731 299.652 null] +>> endobj +2218 0 obj << +/D [2202 0 R /XYZ 71.731 284.544 null] +>> endobj +2219 0 obj << +/D [2202 0 R /XYZ 139.477 268.768 null] +>> endobj +2220 0 obj << +/D [2202 0 R /XYZ 139.477 268.768 null] +>> endobj +2221 0 obj << +/D [2202 0 R /XYZ 202.709 268.768 null] +>> endobj +2222 0 obj << +/D [2202 0 R /XYZ 71.731 246.82 null] +>> endobj +2223 0 obj << +/D [2202 0 R /XYZ 71.731 185.829 null] +>> endobj +2224 0 obj << +/D [2202 0 R /XYZ 71.731 172.778 null] +>> endobj +2225 0 obj << +/D [2202 0 R /XYZ 139.477 154.945 null] +>> endobj +2226 0 obj << +/D [2202 0 R /XYZ 139.477 154.945 null] +>> endobj +2227 0 obj << +/D [2202 0 R /XYZ 200.318 154.945 null] +>> endobj +2228 0 obj << +/D [2202 0 R /XYZ 71.731 134.84 null] +>> endobj +2229 0 obj << +/D [2202 0 R /XYZ 139.477 109.117 null] +>> endobj +2201 0 obj << +/Font << /F33 859 0 R /F50 1263 0 R /F25 852 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R /F48 1258 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2232 0 obj << +/Length 1263 +/Filter /FlateDecode +>> +stream +xÚµWßoÛ6~Ï_!b±"ʖ%°¬]ÖM€!~)Ú=Ðms“DW€šxý(ñŽeyÙìÅ¢%ò~~ßÝ1ðv^àýrñÓúâæn>÷Vþj.œõ֛/­Œx +úIzëÌû2y·§Ūé,Œ‚ÉÂ7Ïw¢üá®®Š$šPÅEi>ˆ­yæbJ‚É®ýáåÎŒÜҔç\q&§¿¯œÀméY1 +Cⓠöf‹Ø_„`Æ=}æE]AVfÔŸ”žŽ€'èey3û+íl+둩{Êó‡ºø¡qs· +ŒDŸX.š‘>A"-«ÝK³Å5ö̚@Å1XÈ€€;í[kbJ!"fžßjV³Ì¬•0O©ýÀÕ4Œ&ߛh²ŠææeáHäâ$²Y¡œ€Œ|ž +kQÃIz4‹§&ŽTCœøbϺ +öS{=#¡¿Šˆñ©èGœ¬‹ +ó욈ò[_Á°¯A<Åގ +@1{ŸÛ3 F +*.*®ŽÝyš³Jé1¯hVë@ôñ( +6: •Ë8U,?N—Ѭ» +¯ +@í$LÆ,=“O¿U:C”ÍcŸˆÝ}+~Èa{ÅR~àÚùŸQkÀóGúœ¢–øÍY@í‘É›RŒ"×ìsûqkA`#‹‹âŒ׀¯=kNƒ5 +­ÙMð~âj?€¡•U„KŠDՓ=†TÇÎF‰„£w4ÏORáúŠELÒÞdBK*¯ÿ +3–q²Þ6TnÊcÊÐø&FO\Â)®Æ š±Š¬I×7Ÿûµ’UP4Pûá *ôl+*CŽ*³EžáÓ¶‹fZ·Tӌž +2!åՔ$“–yÿôÇzóKmÊJö*„a£ý8˜#Ä¥ª œ@Üìs þA#û6÷[^žðçóՋ2ÃȏVµÍu*JE±.Ûì +rš²œÈ3VA +.×ÓxŸü€‹GV™Ý`F.ïQUHîËvÅZ +@²ÍÑä& +ü ]PužˆÆœÎpIí_šs#}ÈÖ`Š|vö*Öl{F†VL +tæx'À©ŽkŽ$cÛ“š°ˆÙ!~ +KäÏÙ·4è݆­íŽ5„ùÕ̑U‡nR±IĂ^K¶­!Ò +jÆê¹>ŠamÅq¿êŽ1æ@³sŠÄL°7mFš6ðÐÊLØÎN«Õ„Ýôc„Œñl™øqL^æìûÿx†i³ ŠYŠQ&‡ +ávBÒåP!-NxyW‰â-Á dy6ì0çØòßt(Q«~/p5îzh/GX kj.÷q"r€^ýø|üËWyvÕTÙë¡É¿œp'%û))Ή{[²»Z±éB†¡µÒ.(®Ïå/Aìöá=XÀsõj¬!·e6·$ðW +;o7- +l°Ë€méÎ-š¹Y9HÑí§O@ÒlÝ} +NBæ>‰_2,ô¥šë5Æ\€º‡º£Nµ<; +RV +åæ®^7Ç^™ÁŽ +‰„‰[ïo%Î +\éz¬›D×õ79-ÿt§)E7ÝX ë¡Âr{C9Њ*1îjoRsâÝÍxC‹ºnF¯ +¬Ls!‡dî_hJ&êMn§r}Ր㌆ªƒ:5gõÕôÄNzF(xf¹9 +X72Ü»z7l +ß9š®€vÜê3͹§ÇÄOtâWz–€ +úÖÒ?ñóúâoÅÔ& + +endstream +endobj +2231 0 obj << +/Type /Page +/Contents 2232 0 R +/Resources 2230 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2200 0 R +>> endobj +2233 0 obj << +/D [2231 0 R /XYZ 71.731 729.265 null] +>> endobj +2234 0 obj << +/D [2231 0 R /XYZ 71.731 741.22 null] +>> endobj +2235 0 obj << +/D [2231 0 R /XYZ 71.731 683.273 null] +>> endobj +2236 0 obj << +/D [2231 0 R /XYZ 139.477 667.497 null] +>> endobj +2237 0 obj << +/D [2231 0 R /XYZ 139.477 667.497 null] +>> endobj +2238 0 obj << +/D [2231 0 R /XYZ 199.392 667.497 null] +>> endobj +2239 0 obj << +/D [2231 0 R /XYZ 71.731 647.392 null] +>> endobj +2240 0 obj << +/D [2231 0 R /XYZ 71.731 584.558 null] +>> endobj +2241 0 obj << +/D [2231 0 R /XYZ 71.731 569.45 null] +>> endobj +2242 0 obj << +/D [2231 0 R /XYZ 139.477 553.674 null] +>> endobj +2243 0 obj << +/D [2231 0 R /XYZ 139.477 553.674 null] +>> endobj +2244 0 obj << +/D [2231 0 R /XYZ 191.103 553.674 null] +>> endobj +2245 0 obj << +/D [2231 0 R /XYZ 71.731 531.726 null] +>> endobj +2246 0 obj << +/D [2231 0 R /XYZ 71.731 470.735 null] +>> endobj +2247 0 obj << +/D [2231 0 R /XYZ 71.731 455.626 null] +>> endobj +2248 0 obj << +/D [2231 0 R /XYZ 139.477 439.851 null] +>> endobj +2249 0 obj << +/D [2231 0 R /XYZ 139.477 439.851 null] +>> endobj +2250 0 obj << +/D [2231 0 R /XYZ 197.18 439.851 null] +>> endobj +2251 0 obj << +/D [2231 0 R /XYZ 71.731 417.903 null] +>> endobj +2252 0 obj << +/D [2231 0 R /XYZ 163.816 406.974 null] +>> endobj +2253 0 obj << +/D [2231 0 R /XYZ 71.731 343.96 null] +>> endobj +2254 0 obj << +/D [2231 0 R /XYZ 71.731 330.909 null] +>> endobj +2255 0 obj << +/D [2231 0 R /XYZ 139.477 313.076 null] +>> endobj +2256 0 obj << +/D [2231 0 R /XYZ 139.477 313.076 null] +>> endobj +2257 0 obj << +/D [2231 0 R /XYZ 208.248 313.076 null] +>> endobj +2258 0 obj << +/D [2231 0 R /XYZ 71.731 291.936 null] +>> endobj +2259 0 obj << +/D [2231 0 R /XYZ 163.816 280.199 null] +>> endobj +2260 0 obj << +/D [2231 0 R /XYZ 71.731 243.088 null] +>> endobj +2261 0 obj << +/D [2231 0 R /XYZ 71.731 230.037 null] +>> endobj +2262 0 obj << +/D [2231 0 R /XYZ 139.477 212.204 null] +>> endobj +2263 0 obj << +/D [2231 0 R /XYZ 139.477 212.204 null] +>> endobj +2264 0 obj << +/D [2231 0 R /XYZ 220.422 212.204 null] +>> endobj +2265 0 obj << +/D [2231 0 R /XYZ 71.731 192.1 null] +>> endobj +2266 0 obj << +/D [2231 0 R /XYZ 252.651 179.328 null] +>> endobj +2230 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2269 0 obj << +/Length 1093 +/Filter /FlateDecode +>> +stream +xÚÍWÛnã6}ÏWèÃڀÍ%eÝ\À@ÝÄ)¶Ø8EâÅ¢Ø]ŽLÛl%Ñ¥xó÷ +’#GÊ:÷ô%€š™á9Ãs(‡zz?ýž8{{9yc2ŽüÈ[¬œQ@IŽœxä“$ôœÅÊûÔ;ßò]%ÊþÐi/ nH2“«fß +/y¥ŽS5= +é÷^V[ˎ"-tÃc|ílxŠ"Í( »†Ò™è’X©zÙ¬ýY+š‹Íh„ÄÛÀ»€áÀRmœíàoŠ:4ðtd÷Dauž +΂HìN6-ž3ˆD©¹9â$Ñxoýæ๪ŽZ8!,Š^Ž°‹rŽ^aáù?òj™ä5^ +5A)/þ=«ÚÙó®tG1'¬+ûƒUƒ‘³jt­ëm«Â£U9ŒV + +kUXänh[ÞnÖ{p«‰/:ñ[Mì¡ã°Ž.0³G ÐŸŒŸ6ÂÿÈ­íKäY +¹þ–[ õàÝ($”¢/f_yŸËÄ÷.>l›QÃo†!|Ž#6v៮€N¿ +› +}w|qQڛ +ÊÜŒ©;iÕiž +µ^k8]·`šaÆjk4ef)ב²v Ü(äf‹ÅøjU‚o„ +tÐÄ +4‚§[7SîÉ1?WgÑ÷ނjSž‘KŠŠ +y5ŒÓŠÖ.Ÿ²à¹øa +û­rñÛJAk +’ªüå¢]saÄmÑ7Íøœ›n<ÖFå–k]m”Õ¯%j]"³ÁÄnCòû'Ç/Ëa^çKÑÀZ»q'ŠU> +”0z*˜+þUæuŽ’’9*b)ªœ(E1|‘ +ùÈAãiàýîD‰G³â÷7ûœn©QòÃu]ŠÆ4Íéi1ìJµ)9²Ð•ý,XMÔÅé\@&IPzª&/ˆýY(¢Xuú6âKÐãÁ³×23ÖuËM¢®xYÕ»GUN€tøUáÊLÜðæ—ë÷ïÎuӋ‹ÙÅÜýv1œYœ*¥²çÙÃ]ç®:ÝœÚP"ÍÇèYCô·6prÿí¿WòFh¿{ \²?î$Ìg÷ÿ­$ +endstream +endobj +2268 0 obj << +/Type /Page +/Contents 2269 0 R +/Resources 2267 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2200 0 R +>> endobj +2270 0 obj << +/D [2268 0 R /XYZ 71.731 729.265 null] +>> endobj +2271 0 obj << +/D [2268 0 R /XYZ 71.731 718.306 null] +>> endobj +2272 0 obj << +/D [2268 0 R /XYZ 71.731 708.244 null] +>> endobj +2273 0 obj << +/D [2268 0 R /XYZ 139.477 690.411 null] +>> endobj +2274 0 obj << +/D [2268 0 R /XYZ 139.477 690.411 null] +>> endobj +2275 0 obj << +/D [2268 0 R /XYZ 214.325 690.411 null] +>> endobj +2276 0 obj << +/D [2268 0 R /XYZ 71.731 594.521 null] +>> endobj +2277 0 obj << +/D [2268 0 R /XYZ 71.731 581.47 null] +>> endobj +2278 0 obj << +/D [2268 0 R /XYZ 139.477 563.636 null] +>> endobj +2279 0 obj << +/D [2268 0 R /XYZ 139.477 563.636 null] +>> endobj +2280 0 obj << +/D [2268 0 R /XYZ 217.643 563.636 null] +>> endobj +2281 0 obj << +/D [2268 0 R /XYZ 71.731 543.532 null] +>> endobj +2282 0 obj << +/D [2268 0 R /XYZ 286.405 530.76 null] +>> endobj +2283 0 obj << +/D [2268 0 R /XYZ 71.731 439.851 null] +>> endobj +2284 0 obj << +/D [2268 0 R /XYZ 71.731 439.851 null] +>> endobj +2285 0 obj << +/D [2268 0 R /XYZ 71.731 414.899 null] +>> endobj +2286 0 obj << +/D [2268 0 R /XYZ 71.731 100.836 null] +>> endobj +2267 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2293 0 obj << +/Length 1688 +/Filter /FlateDecode +>> +stream +xڕXQs£6~ϯð[í™Xl0Ÿ‡ÎÜ]r™tz7‹ût×éÈ Ûê¢H\âþú®V‚sm +‚ +BÚýöÛoW³ã,˜Ý_œÛ]Ý|X­f[²M¢d¶;ÌVë€$ñv¶YE$£Ù.Ÿ}™¿?ÑZ±f±Œâ`Ÿ&æú^T_ƒ :¶Í"ŒçTqQ™â`® +X„ÁüØýãÕÑÜ<Ќ\q&ì~¹ +¬!7¢x®ÉjDڌe +$ +60ˆI†ÆŽ5Y“Po¿Içw˒òŒV +m]0WÒÜ¡UnêÄxc†ŒRìØpuÖ;ƒÛ¡çv0[j‡7³ÑîČ¹²ÝÿÅ2e +â•œ‰JQ^IóKñ’IEËÚü4{wdŽ0Ӑª¢%»6?ŸN<;Ùٍ]œ`T1û.·`*Ž¶ôhìE~^$ñœhWŽñaD¶±EIÒòDñýV2k%Wv Q<²Ï÷ +@­å +Zâw¿¡—9ÚFÁŽ-¢cÛäY*VZ;!*0u +Ì­¯{–Q°bèVFñ°Å÷Á2–ƒÒæìð® +ŽbM*Øšm˜Œþ±1ÝøkŒ +-{%«rýî†6&zMÑ6·¬e¯Åmɹüv=‡'€ +ÝVhÏف"Jûð;—|_à^ÂÆ­¢­:‰†ÿƒŒšY#E%]È}ŸÞ¶Ë°ÿuKŽ)•hÆt,Y)Kœî†Ë”’>󲵞Wm¹GÜGF’z‹÷çöF)ÆÊ'ô/ +L˜¥B/6« 0bšåßµ41œt­µé ì€b` ?­Œ¥ýdi +xš +–ðfI«ŒM‘ö‰+›ÔŸ?Œ7ƒ4 +¯_uâ›cõˆiœ‚Í÷Z,Ï#£§ù˜³‚¿ô¹­"â-žñš³JýŽˆã¹œ +O£d]ÑâB¥CëSbaYÆk5,nS¶ì×ìRQ/úœ1|dEYšp‡J89€{¡çKpÚ¡¯I~І)×A=,*e‹H]†Al—fŽµ€F|ï\öñÝc29²ºè@€Z|†ùœŒêO'ôӀöp:UÉ4eä(ÒϬGÔÓØ[ÝdÕ Î1V|]K› +WóŽR‡V26(îcè}T×$Nþ2ÿYãr€/ +S°»ýy4ɏUmÃÆ®pÇÓ²n +‘(_Ë"WŒ©ŸŸŒIÕóã®éÄ+hyhыy/+l•‹¡zö%Ôå$€QìüŒâ”Ÿ +è2ýŽßæEIJÒ` +vvöARÛå2íK'T/›€õŠDÛ +Ÿcˆ»\Ÿa\蟬ã—Á²ÊÑS”[ NnÞ̗(LYÍ>±ï”‚‹V]Ì,ˆgÑ¢‚éžÇì6¬ +{Pϔ1£Ô + +Zb"0v,©PÊÁFž™„·§ÿ +#CkPE–\œh³‚ÑF]E)5í +Ze͹V9(*šš +E±Šù”njˆÇ ;Hè0ŒÑ¯+Ý(Ñíæ[ñ¿Q|x®QÖÁÉŒóˆTº9z »t +r>€YæpFvÕ]Va(sš,S +k$= +uów}9ã5ÙlV˜Kʜ¡ +‹FYnI +º¬s”BãÀyݎ +$ß0R^T<èE°hG‡6ÛŠx +ìÄáa O‘N6 àÛ±ÜåŠáy‹Ä +Ø€©‡Ž¥ŽÖŒ˜lnw/+ž:µÏXâ¹Iž7Ä8˜¥b²î@ +ÈNµK8U&áÖ¬»Ôïîî>-–IÌ?Þ=>Ÿœ¿ën»ÃüØRõÀ»”×S±dø³¬µ:{Ø¥iv1BÈÔí±M÷ŸÞî~ÿ|Ùª>o&Œyž5Ëì>¿}øõχÛ7xœž÷ݧÛi4ºz薄‰ýÄ©Í€wŸîŽÛßYã¥"e° +ñ7)2{·#}85/kúèîÒÂd¢9Ë{'y +k;ôëÔ[=É:u«wüî> +˜+ó>˜œ6[4¶É»¶ÌBjj†¶ªâ6ãàÁ¡­PúŽ]Šø/ÃMB +oݘÔ%3šŽŒ¶ÚŒOñ°ðò£y!ќ(ÂZBB’† :x£ýًç› +yoj8°O`²Žï˜R?¿`³ÂbÌŸÍ + +ŸÂ=ÔÎåŒ+5dm¡xsA2n„ýêbûö>œ­kÓX^€Þ~±º£œzsPÔÊNÖK­Aûí\ïŒé§†¡oÓĂY¡Dýý†L‘®lyª†ŸË6h +Û •Ùw5,w»«ï(Ô +endstream +endobj +2292 0 obj << +/Type /Page +/Contents 2293 0 R +/Resources 2291 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2200 0 R +/Annots [ 2287 0 R 2288 0 R ] +>> endobj +2287 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [118.555 502.446 165.379 513.35] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGFACILITY) >> +>> endobj +2288 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [121.873 431.089 173.678 441.619] +/Subtype /Link +/A << /S /GoTo /D (0:KEYPAD) >> +>> endobj +2294 0 obj << +/D [2292 0 R /XYZ 71.731 729.265 null] +>> endobj +178 0 obj << +/D [2292 0 R /XYZ 381.337 707.841 null] +>> endobj +2295 0 obj << +/D [2292 0 R /XYZ 71.731 684.724 null] +>> endobj +2296 0 obj << +/D [2292 0 R /XYZ 119.552 662.013 null] +>> endobj +2297 0 obj << +/D [2292 0 R /XYZ 336.924 649.061 null] +>> endobj +2298 0 obj << +/D [2292 0 R /XYZ 71.731 614.028 null] +>> endobj +2299 0 obj << +/D [2292 0 R /XYZ 215.57 590.282 null] +>> endobj +2300 0 obj << +/D [2292 0 R /XYZ 181.001 577.33 null] +>> endobj +2301 0 obj << +/D [2292 0 R /XYZ 71.731 529.345 null] +>> endobj +2302 0 obj << +/D [2292 0 R /XYZ 388.361 492.648 null] +>> endobj +2303 0 obj << +/D [2292 0 R /XYZ 71.731 470.566 null] +>> endobj +2304 0 obj << +/D [2292 0 R /XYZ 71.731 412.16 null] +>> endobj +2305 0 obj << +/D [2292 0 R /XYZ 174.325 388.04 null] +>> endobj +2306 0 obj << +/D [2292 0 R /XYZ 377.551 388.04 null] +>> endobj +2307 0 obj << +/D [2292 0 R /XYZ 71.731 355.064 null] +>> endobj +2308 0 obj << +/D [2292 0 R /XYZ 71.731 332.15 null] +>> endobj +2309 0 obj << +/D [2292 0 R /XYZ 71.731 238.86 null] +>> endobj +2310 0 obj << +/D [2292 0 R /XYZ 71.731 218.935 null] +>> endobj +2311 0 obj << +/D [2292 0 R /XYZ 230.655 207.417 null] +>> endobj +2312 0 obj << +/D [2292 0 R /XYZ 71.731 188.892 null] +>> endobj +2313 0 obj << +/D [2292 0 R /XYZ 71.731 188.892 null] +>> endobj +2314 0 obj << +/D [2292 0 R /XYZ 191.293 179.124 null] +>> endobj +2315 0 obj << +/D [2292 0 R /XYZ 71.731 173.049 null] +>> endobj +2316 0 obj << +/D [2292 0 R /XYZ 139.477 150.83 null] +>> endobj +2317 0 obj << +/D [2292 0 R /XYZ 76.712 134.192 null] +>> endobj +2291 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F50 1263 0 R /F55 1386 0 R /F48 1258 0 R /F60 1440 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2321 0 obj << +/Length 1545 +/Filter /FlateDecode +>> +stream +xڝXێÛ6}÷Wè-2`ÑŒˆºh4MŠI‹"Þ @R\™²ÕÈ¢+ÉÞøï;IÝV»HûbQ9œ93sfhì +<ìýŒúq·ÚŸaÌKQÑÈÛå + +1ŠxêŌ¢„So·÷>ù¯ŽâÜÊz +PŽý™ç+U}Ƙ +.õšp_Ž +ªÌ•›g©Öû‡î§šf2YQm!›õŸ»_VØ*òz·úgE`ˆ=⑈ –r/&b$ô²ÓJ`# +s 4e^-œ|õû®ÄCîv™Õ„„(ŽR·«³›‚š±0¢Úpš$ˆÅ©¥`x[Ã_®ì|ýrb÷A«Œ}&^xE¡ÞJÆÌ + +›XÀ>êm0@ŠÐ(eŸ˜ùEYšQŸfØE¹1¯EnžíQšAŠN碔û °[¿¬)ÈÕ?73Ña +ÓaËuMyr~3žÃŒÔG}Õ?2»Žâ^Ë(힢1Ï}‘wÉZV­¶à +xˆŒYy­NziâÎK|UI7#Z3:È +¯‹VîgËO²iÄA~Æ +7ðCÌl÷*å$"ŒOݧ2sÈ%>èBg‹üŽäŽ +;ámnvÝŽ­êb^.ÕD˜Ç¹–ƒÙÌ<T2 Q';w_TðfÖ' ÀØŽÖÝæ‹6`cÛMÍ¥vž©%€k)öÿó)µÌ/ey?`¿ƒgšcaœ¢0Ž¿)[ +çOSā +žËÌ>ÇbD ï’%&(fÄã +ø&µ–†ˆ#£ó;upá€i)M²ÁòœÂ%”xA÷4ÛwkÆýúҘP‚×SnqO–Œ„‚zè—Ziqh¥Ýœï +%]Ô[g3ô÷ïz +9‰vH–Ñ + +ÃiИBϜø«jåw +×]œ1qz-vЮxRS> endobj +2289 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [362.646 646.668 414.482 657.25] +/Subtype /Link +/A << /S /GoTo /D (0:KEYPAD) >> +>> endobj +2290 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [185.814 603.538 237.65 614.012] +/Subtype /Link +/A << /S /GoTo /D (0:KEYPAD) >> +>> endobj +2318 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [292.602 154.826 333.965 165.301] +/Subtype /Link +/A << /S /GoTo /D (0:STEALTHMODE) >> +>> endobj +2322 0 obj << +/D [2320 0 R /XYZ 71.731 729.265 null] +>> endobj +2323 0 obj << +/D [2320 0 R /XYZ 166.376 672.792 null] +>> endobj +2324 0 obj << +/D [2320 0 R /XYZ 166.376 627.739 null] +>> endobj +987 0 obj << +/D [2320 0 R /XYZ 71.731 578.382 null] +>> endobj +182 0 obj << +/D [2320 0 R /XYZ 166.449 539.996 null] +>> endobj +2325 0 obj << +/D [2320 0 R /XYZ 71.731 516.241 null] +>> endobj +2326 0 obj << +/D [2320 0 R /XYZ 71.731 516.241 null] +>> endobj +2327 0 obj << +/D [2320 0 R /XYZ 71.731 501.297 null] +>> endobj +2328 0 obj << +/D [2320 0 R /XYZ 71.731 492.076 null] +>> endobj +2329 0 obj << +/D [2320 0 R /XYZ 139.477 474.243 null] +>> endobj +2330 0 obj << +/D [2320 0 R /XYZ 139.477 474.243 null] +>> endobj +2331 0 obj << +/D [2320 0 R /XYZ 198.096 474.243 null] +>> endobj +2332 0 obj << +/D [2320 0 R /XYZ 71.731 454.138 null] +>> endobj +2333 0 obj << +/D [2320 0 R /XYZ 442.746 441.366 null] +>> endobj +2334 0 obj << +/D [2320 0 R /XYZ 487.03 441.366 null] +>> endobj +2335 0 obj << +/D [2320 0 R /XYZ 387.006 428.415 null] +>> endobj +2336 0 obj << +/D [2320 0 R /XYZ 71.731 391.304 null] +>> endobj +2337 0 obj << +/D [2320 0 R /XYZ 71.731 376.196 null] +>> endobj +2338 0 obj << +/D [2320 0 R /XYZ 139.477 360.42 null] +>> endobj +2339 0 obj << +/D [2320 0 R /XYZ 139.477 360.42 null] +>> endobj +2340 0 obj << +/D [2320 0 R /XYZ 218.759 360.42 null] +>> endobj +2341 0 obj << +/D [2320 0 R /XYZ 71.731 338.472 null] +>> endobj +2342 0 obj << +/D [2320 0 R /XYZ 71.731 338.472 null] +>> endobj +1923 0 obj << +/D [2320 0 R /XYZ 76.712 282.462 null] +>> endobj +186 0 obj << +/D [2320 0 R /XYZ 345.974 243.09 null] +>> endobj +2343 0 obj << +/D [2320 0 R /XYZ 71.731 219.972 null] +>> endobj +2344 0 obj << +/D [2320 0 R /XYZ 206.166 210.213 null] +>> endobj +2345 0 obj << +/D [2320 0 R /XYZ 376.197 210.213 null] +>> endobj +2346 0 obj << +/D [2320 0 R /XYZ 306.867 197.261 null] +>> endobj +2347 0 obj << +/D [2320 0 R /XYZ 454.074 197.261 null] +>> endobj +2348 0 obj << +/D [2320 0 R /XYZ 71.731 182.153 null] +>> endobj +2349 0 obj << +/D [2320 0 R /XYZ 71.731 167.209 null] +>> endobj +2350 0 obj << +/D [2320 0 R /XYZ 414.211 146.054 null] +>> endobj +2351 0 obj << +/D [2320 0 R /XYZ 139.477 134.397 null] +>> endobj +2319 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F48 1258 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2357 0 obj << +/Length 2146 +/Filter /FlateDecode +>> +stream +xڍY[Û¶~ϯ0úXk%ْå§À&Ù]l““]E‘WŠmbeÑ¥šl}~}‡â +E]œÓ<¬.æsùŸ¹(ád? '÷¯Þn^]ß-“u°Nãt²ÙMË0H“õdµˆƒ,‰'›íäËô݁4W³yœ„Óe`¯ïdùGÆûZÍ¢dÊŽ¥ýAî쵐³(œî›?¢Üۗ;–‹BhÁ«Ù×ÍO¯BTŽˆ<-æq +Qž‚›e„™UcsàŽ3îf(ð¥šì5WœiŸÅ—š‹Ðöº• +—•_q£þߢÒWö™•[:%6ÊÓ^Ogïg3vôœ§Ë ‹—`Y£7l4‹ÃésGg+圈‚0]jórùÁÞ +ª®É;â݉éƒÙ +¶N‚,ÏEq°Š$ÁƒV:FèÙÓ\~Œù?à»Ó‰—[ŸÅÈ{qȟ‡8ÈbÛ?ïç‡÷]pž_NJ挪†æ²'ӗ)àkQd-ÓL ⎎WÅs¹/Åÿx/’Š¥‰ò7ó‡wì¬4+ֈVIÕCW);j÷œ§L;‹RÜpiµ²Š.‡¡@Už² +ªÙ2€øpéü“¬*ñD*“áuEˆà'Šþ£<Á-v™,Ê­0 +þ&¶5+Ü +८\€ +«êý„{ó’Û±Ø4î°øÎ|V„A +:RüZñGTö£ÜWÿ±i8É@ ]Õ:ˆ³˜ÎŒºïðfi$h™èû÷¿¢ÊÉ9ù0KµdjÝo-vùÍËm֑èO²ŽË/¢(,#Pl +ì0‘Üwâ +âp€Üâbbý?µ?Â$”e9H–„Ë\æüßEa, áqrEße›w?Ú¥E}š+Ÿ£q/Š.Hˆ-àËŒVÊYÆrC +0)åˆK0[”ÖR);8>3YóBWßKRLµ¬oËű®tׂ%4gŽpmšh2$éh@Eðõù§[{LB>ÏRcÓ÷’ŸñŽ¢|äKvÔÝó’«6ƒ‘5 +/ý–¶r¹‚,ãó#àëŠjz®Î'·× )„ª3×¢í9éLTeË«\‰§ñŠ`€šð¡Š€ÂÒ­Ï¥¯ Fÿ®V&§ +\Ò§XÏ)= +˜hb]j{Hí6§9-/úÝlÒ³ÑM©—”èíXځc×N’¯««K繎R”0YËš{Ëtó~µí|¡qå»ßŽ„˜Ukû}T›h»æKÞ.€|Š:.ì¯olâHüNÊÙ +†Ö9LiŽ¶'ÎÍ¿··÷Ÿfó4„>ðöññæþ¶y펇õ æ\b³ÿÓj|«Ÿï?Üþ~q§ÜÄ2\fv5€L5œÎà +șÇÓ×1±þ)÷Ÿn6¿þrYe—ÌƔ6—ÙfóËÍÃÇ?Þ¿9ÈJ—fbŒtöí§÷㮺Ÿ‹ÏÛë ‚~{nŠf†˜HœVÙôWÂ'oZgŠXg˜ïW®ÙÌ"% +t’ +ÄwŽ +Lž±À|=3‰ÃŸ1žn>7 ¬Æþa™ùP‰VÁ2Ný1D™œ@Ÿj&u«A)žm¬á‡]]Rn2áPߛ±RÀlüfÄQó8̂fžy”B¿µê®°Åü£7ø„ézeä AÊZ¯Áäë(ø5Mù=“æžÞž‚K~;4í}º2Y]Ö¥&6Y^[Â©â³9ŒœÚ>7¹® +å6#FF5Mš-ð|6ޒµ}Àößn²Ox«žÍÒ&!Ããn¶9ÕSÄ.1Îö +aQS\Œ–¶t™õräð'+6m[@(¹‚ËŸEK4!g¥C ¡µ›!x<=ÜY€m'ʁˆåHt  +X¬]05‚Œz'Œs$ +¢¿åЕ§™§·qí0€ëF2ÉVÖº]Š#êçªë0úڃk)g™CQ +©|mþ: +hí+Ù!›«,ÍjŠ +5°£úŸQM¥öAo-–ž{’hwMŸ$;»® +<؏)ÆÌSKyÏÔ«‹ + +;ìiÇß `쩒E­RMWï8hù ¯±<‚©è¯×ׯñhûí²I†åŸu8 + +g„Mj +fWÝ9šÀÙ¶Úh‰l7;úl÷-ö#×µ£×‰³~1KäŒ%Ê4dõŸŠzÖfí„Ö©q–¡#›_*Œ-È +¯œ¢ÕM’žCÇ'­J6#™á<ôâ>û’²ƒ*äMôÆêT™õšôý`ŸèYôRgÐxëBgÐ/Ya +,#7µtÃ1¯} +ðÍ" fE«sEÐÄ +̯ÙNÛÑ<³†Q,Š»m€ +Û1“«j‚É¿ +*£€)ÎÚzT*‰ûŒ.à> ©"‹1jæ!p÷ +³ŸêûÄ«³«i‹É±ÖÄ1Ut†_iAD«ÄñTkN<v+Ãä×fº +§ºdåÿçHçcÅ* +²l27xΰõ^Ä +‰ÛÍ«¶ù +endstream +endobj +2356 0 obj << +/Type /Page +/Contents 2357 0 R +/Resources 2355 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2388 0 R +/Annots [ 2352 0 R ] +>> endobj +2352 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [137.086 561.729 196.363 572.633] +/Subtype /Link +/A << /S /GoTo /D (0:DEFTRUST) >> +>> endobj +2358 0 obj << +/D [2356 0 R /XYZ 71.731 729.265 null] +>> endobj +2359 0 obj << +/D [2356 0 R /XYZ 71.731 718.306 null] +>> endobj +2360 0 obj << +/D [2356 0 R /XYZ 384.376 708.344 null] +>> endobj +2361 0 obj << +/D [2356 0 R /XYZ 119.552 682.441 null] +>> endobj +2362 0 obj << +/D [2356 0 R /XYZ 71.731 660.359 null] +>> endobj +2363 0 obj << +/D [2356 0 R /XYZ 139.756 636.613 null] +>> endobj +2364 0 obj << +/D [2356 0 R /XYZ 219.038 636.613 null] +>> endobj +2365 0 obj << +/D [2356 0 R /XYZ 71.731 589.001 null] +>> endobj +2366 0 obj << +/D [2356 0 R /XYZ 330.19 564.882 null] +>> endobj +2367 0 obj << +/D [2356 0 R /XYZ 172.303 551.93 null] +>> endobj +2368 0 obj << +/D [2356 0 R /XYZ 222.674 551.93 null] +>> endobj +2369 0 obj << +/D [2356 0 R /XYZ 71.731 529.848 null] +>> endobj +2370 0 obj << +/D [2356 0 R /XYZ 359.2 519.054 null] +>> endobj +2371 0 obj << +/D [2356 0 R /XYZ 119.552 506.102 null] +>> endobj +2372 0 obj << +/D [2356 0 R /XYZ 71.731 471.069 null] +>> endobj +2373 0 obj << +/D [2356 0 R /XYZ 71.731 401.395 null] +>> endobj +2374 0 obj << +/D [2356 0 R /XYZ 71.731 376.423 null] +>> endobj +2375 0 obj << +/D [2356 0 R /XYZ 71.731 285.191 null] +>> endobj +2376 0 obj << +/D [2356 0 R /XYZ 71.731 265.266 null] +>> endobj +2377 0 obj << +/D [2356 0 R /XYZ 230.655 253.748 null] +>> endobj +2378 0 obj << +/D [2356 0 R /XYZ 71.731 246.772 null] +>> endobj +2379 0 obj << +/D [2356 0 R /XYZ 71.731 246.772 null] +>> endobj +2380 0 obj << +/D [2356 0 R /XYZ 189.302 237.111 null] +>> endobj +2381 0 obj << +/D [2356 0 R /XYZ 71.731 231.036 null] +>> endobj +2382 0 obj << +/D [2356 0 R /XYZ 250.838 208.817 null] +>> endobj +2383 0 obj << +/D [2356 0 R /XYZ 71.731 190.184 null] +>> endobj +2384 0 obj << +/D [2356 0 R /XYZ 424.487 168.867 null] +>> endobj +2385 0 obj << +/D [2356 0 R /XYZ 236.976 157.211 null] +>> endobj +2386 0 obj << +/D [2356 0 R /XYZ 451.045 145.554 null] +>> endobj +2387 0 obj << +/D [2356 0 R /XYZ 76.712 117.26 null] +>> endobj +2355 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R /F50 1263 0 R /F25 852 0 R /F55 1386 0 R /F48 1258 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2392 0 obj << +/Length 1357 +/Filter /FlateDecode +>> +stream +xڝWÛnÜ6}߯У°’ºh7‰ +E‹Â‹EÒ®–Ú¬ËF€ +ïßw(^V’åží‹HQ +Î̙™3öŽ +ö~ÙüŒÛŒ» +C/GyBoWza„Qç^R”ÅÔÛ +ŒÏþû;KÞoc?Bz|ßµ_0ŠÇ¡ß’Øg²êZý¡+õXw[‚ýãøšÚ£^,YQՕ¬žØþœûuƒ!w›¯Sì$ +yì¥$A!‰Œ¢Ùš!ŧ±GPž‡^ÏœróçŠT‚ Š£ØJé݄D(Mr+5úMáš +QB•ã4ËP˜æ^’ƒãyj +¿ÝfØÿôñv›c÷ L~we^x%‘ +¥ãÐ +BP›À>)1 S)” +‹OúߪºÖ³rbŸUõ~­J=Êד¢kÎUÍAeD·ÎU‹^±NéUäiKc§¹ŒhÜa+UÏêÁ‹A²œ:£62•Ðã¡*G‹xÏ[©|øB íVÙwÚšY}™ßµÜ®0©gGނu&ùa±œáB°#ÿ‚c,àAôêøÊù,#ŒÏã§^Xä2l¡‹MþOêd­áŸÔRåk7è—AK˜ +Î=,Ìzåu€² ¢kÌÚŸjà +š˜d£&£ð  +ž1›z‹[·†tÏÙáÿÁ¡?¬çåP׈öGxæ5¥9ŠÒô_UËË‹ó +ÅÀß«LWc)¢$ +‹%%( +‰‡À7¹ñ4B Ò6ÿÖ + +8cþbÿ Ʊâ@æÊPQŠ2JŒ` +õŒR$d)Š +=$Ú +;ÂiÙä4S02+s Bsœ[ +t?©ïԖ$xRûIÉŠ ¥š +ÃÁf4Q¿°=0"b×ԐÌ_[BL‚‚í'ŠrF»£W CÆQœy%mOæ«X÷ýF¿ +m­,ç•4£ygµÊ2sÞ€Ԗ֐üýBæÜ QíëW,³‰LQ +í +³V]{X·Ø0Ì +3Âlo4@¹)f,سâq8# +.DîJš Èj­þ÷NòVh›Æ(ÂԆn•)Ÿm­•®LunÊÎU®%µbÒ ±ë„#¯aZ;¢\HY +bÇØàÛÍ©o‰?†UQªR:éFE!0ÎHeÎs*ÆÄI + 83@1ϱý_Õ(1UúKèXkɍçiýaè]חŒ9w=ë]²µ­#2u)q«j E›žŠQØTím¶+ø]’šzž»¿ûCÏŸ|àó= +o:ОğIì݉¯¥kÞ«fhôžvhö6Ií¥fjÀÜF["„fFÇmé.MìMǍ߂5'f­ŸÖCà +G +Z?4_HÒg¹ZyR¡n*«kkƒ={aÔX@V +_V£¬—ÂZ"OÆ=WÐæ[ևnb/ŽpVœ,‰¡(4èLfÛÔFu +ügŸ˜ŽØR +eN¿nüi=Œœ|ŽðLƒcŸB¬¶ˆ\±iØÁ PvýkPOCÿÂY·Ýº™ Ð{.–óÅ©jǎP%1hÎâŠO +8²ûäB¥!·Ú +WwüíÖ¶¿¬åükl†zR矂˜]THnõ7¹\{­ÓoÛ§>³®Uû]0Áç\÷6i-ÉÁÙ`ìŒbŸR“{@ +›;êä–6û+Í Ê0t¥,A©M +0\þBþüÔ9 +endstream +endobj +2391 0 obj << +/Type /Page +/Contents 2392 0 R +/Resources 2390 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2388 0 R +/Annots [ 2353 0 R 2354 0 R ] +>> endobj +2353 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [362.646 646.668 414.482 657.25] +/Subtype /Link +/A << /S /GoTo /D (0:KEYPAD) >> +>> endobj +2354 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [185.814 603.538 237.65 614.012] +/Subtype /Link +/A << /S /GoTo /D (0:KEYPAD) >> +>> endobj +2393 0 obj << +/D [2391 0 R /XYZ 71.731 729.265 null] +>> endobj +2394 0 obj << +/D [2391 0 R /XYZ 166.376 672.792 null] +>> endobj +2395 0 obj << +/D [2391 0 R /XYZ 166.376 627.739 null] +>> endobj +988 0 obj << +/D [2391 0 R /XYZ 71.731 578.382 null] +>> endobj +190 0 obj << +/D [2391 0 R /XYZ 193.425 539.996 null] +>> endobj +2396 0 obj << +/D [2391 0 R /XYZ 71.731 516.241 null] +>> endobj +2397 0 obj << +/D [2391 0 R /XYZ 71.731 516.241 null] +>> endobj +2398 0 obj << +/D [2391 0 R /XYZ 71.731 501.297 null] +>> endobj +2399 0 obj << +/D [2391 0 R /XYZ 71.731 492.076 null] +>> endobj +2400 0 obj << +/D [2391 0 R /XYZ 139.477 474.243 null] +>> endobj +2401 0 obj << +/D [2391 0 R /XYZ 139.477 474.243 null] +>> endobj +2402 0 obj << +/D [2391 0 R /XYZ 203.058 474.243 null] +>> endobj +2403 0 obj << +/D [2391 0 R /XYZ 71.731 452.295 null] +>> endobj +2404 0 obj << +/D [2391 0 R /XYZ 71.731 426.258 null] +>> endobj +2405 0 obj << +/D [2391 0 R /XYZ 71.731 411.314 null] +>> endobj +2406 0 obj << +/D [2391 0 R /XYZ 76.712 331.379 null] +>> endobj +194 0 obj << +/D [2391 0 R /XYZ 206.474 292.006 null] +>> endobj +2407 0 obj << +/D [2391 0 R /XYZ 71.731 271.902 null] +>> endobj +2408 0 obj << +/D [2391 0 R /XYZ 409.701 246.178 null] +>> endobj +2409 0 obj << +/D [2391 0 R /XYZ 339.823 207.324 null] +>> endobj +2410 0 obj << +/D [2391 0 R /XYZ 71.731 174.348 null] +>> endobj +989 0 obj << +/D [2391 0 R /XYZ 71.731 124.285 null] +>> endobj +2390 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F48 1258 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2413 0 obj << +/Length 1801 +/Filter /FlateDecode +>> +stream +xÚÍXKÛ6ŸçWø¶6s©·Ô¢Ú`ÓŠH²iÖ=iPpe®MT¯JÔnüï;$‡”h+‹ +{±(š +Î|óú(º:¬èê—?ï^\¿Ž¢UAŠ4LW»‡US’&Å*‹B’'áj·_}Z¿:²Nò~³ +ºŽ‰yŸj›¿( +c¿ ’5“¢mÌíƒyVí& ëƒþÍÁL>°RTB +>l>ï~{AQ‘ë×a² +2I¬Ô؆iNŠ0‡AF=b’©Ã³|}óôiXeÞ|¡`Q0³(ÎH +«­2(ˌ ÕG&Pߒá&bº~܄`Ã?Jmnæ¹2p:f†² +®»Ÿ=ô¬ +ж¶·–&‹ÿ¢ „#j²Å³ê®â5o$ + +»®í噜Ž +xÂ¹, ˆ +ˆ20Û!)’Àس; +\fŸFç®+ùޙ§Ÿ{.™šÜÜÜ +«OƵsgg+Ö?ƒò™Ç,ÎqJë® +ݱ2ŽÿFïüÑùXÉ'å +|)Qš² “õ£(9šÍzîÊ÷/Íû}+~x> +E‰S5;áöjÀcîQNÃj‹_':> ß ~lçi6,ùfÏxÝ6š†xO¢B7Œb“ÐÄ}šjHš"@ tœç×åW‘L3BãÂ.v1Ԏ²% + ðþI +$¹‡¿Ñ€[Ôê­hÆ//ñ€yiØYDh„ÖaiøûÊ ëŸ6Q¶Þýú÷«Û÷w·ooŽË¡¬ÐÌj7Ynq\˜’³œsÖ%.EH‚8úVXb’$¹]Œ8tŸ~Öì¹*išÙ\Šaµäªme$¢¹ïúëqè¯ESVãž_wL +r\P1 IŠÔêh2|kgœÔøsšTÏ*W«²ýQýðŸ{nÕ¶v1i“§î„M +)jn㢿4Øè™ÏõÌ +’S§ç§wb(?/Ø ž‹Ä——œÁ!Zº.2ë 3&‰MÜe¥¶aP˜&>òw\bÍùÁìIçÞJB’ +.¯ ~ €,ØÅssÛN)ˆÉò?)Q:Prˆ“0óÓòŒlM­h +øspæ)‰ °Ós—J7ž9Š}x, +P Ës+gȞƊ»Ê,­‚J +|€€šDD©Ð>šÂ›e€×ÃwfwœÏv§Š2šà›F5öGu&ƒp‡\ì^MU'FuiYC[s3€tóÍR­ý¥vª>/a59š™9(C©W²šjà¥ÒÐ>逎†Oiµ‰t*èp0›Ák &ò, aªC•$ +Cê1èÉöy‡cu¹†ƒ`8J嬆Jóˆ—æ_†;LòÂ<k³á +Ë:ŒîqŠíxc\íoögj> +Àqp7zEJÞà:Ž^H” uÓÅ +^ÌáZI˜ñɵߙÁ€‰ +¬dgÕ(ÛŸ‹Q +Mg7Zž”Ñ&Ÿšµ +IFŠŠô¡ŒÓ‡=ò^ÈÓRL€”āK ŠmøB<„ɋÐ.̈́ éBs +˜ġøém{øŒ$1"a +\–gå®O<Ä—˜)6¡rÆü©cþ°ÍÕm=Nšõ”œ€®kD›ùѝ¯¯¶(L®üâ0§œàY + +xIÔIgîýÐsÕx|e÷©¢B±c|Œù]YóǛ7ïnÞïî– +J–‘têS*é°4wŒ™žÿ;Šž»„a\'}¹1ó˜«H>ª?ïm:Éã³îŠ0ž<¹Ýª +Ûnn¶§ŸŠÐ<»(Ø&Žµ»£8Ö$ÒË $0è*ÝŽ6[ž(É +œŽ‡OIvû`Mû/ Ðp~^*qo™œ•07%óŸ ;›óçJd–÷ÌRÖtgS_þ! +œl +$¢€Ù&z>†Òke†¥FœBð‹^N$j¬F>€Ef8'øl”m +™R²ª:ù̲É\;5{“¶mÛÆé{䬗÷ÜÒ9{š»ΩâsÚߢœ#*ûŸí:GSLþÎ9œî¢£šäÖòÇ +=Ë#kÄP_’Àù + ¹‹ç}u›³þä3uu_Xb +֏_xßJŸ”Ìa¢+›Kf>€ªÒ”ú )FþõšgÒãÍr5Ûؖj;!^pŒŽ>sêj—Sg8¶cµw¢LQNf5­„›~y‘GÈЍ ¯ÕùçÍÒ>‘ñ°Ã£ÍlXŸ›peƒ/X¿cÝnš*ä !šy]ùH.4ñ}kûVæhŠ%.–b(UO_éäOG®.Àžt‚غÑsWä,š:ÈQÎt‹ŸÕ‡¥çÒ¬fúŽ3µE[¬æ†bÒÚÒ¥“Cç_†1O +äÏ|4g:]áÚÆm7ÃôC@õÓïí*P;Ëš‹[z†ðLà՛ºcvvxF]CœäÙeÔa{ˆÿ‘ÐÿT™5z[ÀÂñ +a{;nv/þÓu + +endstream +endobj +2412 0 obj << +/Type /Page +/Contents 2413 0 R +/Resources 2411 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2388 0 R +/Annots [ 2389 0 R ] +>> endobj +2389 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [234.081 656.766 275.087 667.67] +/Subtype /Link +/A << /S /GoTo /D (0:EXTERN) >> +>> endobj +2414 0 obj << +/D [2412 0 R /XYZ 71.731 729.265 null] +>> endobj +2415 0 obj << +/D [2412 0 R /XYZ 71.731 741.22 null] +>> endobj +198 0 obj << +/D [2412 0 R /XYZ 246.843 705.748 null] +>> endobj +2416 0 obj << +/D [2412 0 R /XYZ 71.731 685.607 null] +>> endobj +2417 0 obj << +/D [2412 0 R /XYZ 71.731 685.607 null] +>> endobj +990 0 obj << +/D [2412 0 R /XYZ 71.731 656.517 null] +>> endobj +202 0 obj << +/D [2412 0 R /XYZ 173.146 613.42 null] +>> endobj +2418 0 obj << +/D [2412 0 R /XYZ 71.731 593.28 null] +>> endobj +2419 0 obj << +/D [2412 0 R /XYZ 156.074 567.592 null] +>> endobj +2420 0 obj << +/D [2412 0 R /XYZ 225.533 567.592 null] +>> endobj +2421 0 obj << +/D [2412 0 R /XYZ 119.552 554.64 null] +>> endobj +2422 0 obj << +/D [2412 0 R /XYZ 292.302 554.64 null] +>> endobj +2423 0 obj << +/D [2412 0 R /XYZ 119.552 541.689 null] +>> endobj +2424 0 obj << +/D [2412 0 R /XYZ 71.731 520.383 null] +>> endobj +2425 0 obj << +/D [2412 0 R /XYZ 309.358 508.812 null] +>> endobj +2426 0 obj << +/D [2412 0 R /XYZ 119.552 495.861 null] +>> endobj +2427 0 obj << +/D [2412 0 R /XYZ 172.273 495.861 null] +>> endobj +2428 0 obj << +/D [2412 0 R /XYZ 205.877 482.909 null] +>> endobj +2429 0 obj << +/D [2412 0 R /XYZ 71.731 480.753 null] +>> endobj +2430 0 obj << +/D [2412 0 R /XYZ 71.731 465.809 null] +>> endobj +2431 0 obj << +/D [2412 0 R /XYZ 306.386 456.309 null] +>> endobj +2432 0 obj << +/D [2412 0 R /XYZ 360.946 456.309 null] +>> endobj +2433 0 obj << +/D [2412 0 R /XYZ 296.907 432.997 null] +>> endobj +2434 0 obj << +/D [2412 0 R /XYZ 357.321 432.997 null] +>> endobj +2435 0 obj << +/D [2412 0 R /XYZ 403.637 432.997 null] +>> endobj +991 0 obj << +/D [2412 0 R /XYZ 71.731 393.445 null] +>> endobj +206 0 obj << +/D [2412 0 R /XYZ 168.377 348.191 null] +>> endobj +2436 0 obj << +/D [2412 0 R /XYZ 71.731 347.975 null] +>> endobj +2437 0 obj << +/D [2412 0 R /XYZ 71.731 333.031 null] +>> endobj +2438 0 obj << +/D [2412 0 R /XYZ 426.039 321.59 null] +>> endobj +2439 0 obj << +/D [2412 0 R /XYZ 71.731 272.076 null] +>> endobj +2440 0 obj << +/D [2412 0 R /XYZ 408.296 259.125 null] +>> endobj +2441 0 obj << +/D [2412 0 R /XYZ 71.731 237.042 null] +>> endobj +2442 0 obj << +/D [2412 0 R /XYZ 71.731 211.14 null] +>> endobj +2443 0 obj << +/D [2412 0 R /XYZ 71.731 196.196 null] +>> endobj +2444 0 obj << +/D [2412 0 R /XYZ 71.731 102.213 null] +>> endobj +2445 0 obj << +/D [2412 0 R /XYZ 71.731 102.213 null] +>> endobj +2411 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F50 1263 0 R /F38 956 0 R /F60 1440 0 R /F48 1258 0 R /F55 1386 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2448 0 obj << +/Length 1017 +/Filter /FlateDecode +>> +stream +xÚÍW[o€6}ϯàm)8Ÿ`.ÑîJÛUӋºU€ŽÔ‡nUyÀ–@À$J}?c›@–FšÕ(íËØøræûÎ9ÆØ+<ìýpõÝîêæŽ1/EiD#owðXˆQÄS/f%œz»Üûcû©í ;?  +oCdÚOMýcZœ:Ÿð­TS›‰æ`Úªñ Þ㏪ +3x™ªÔ dïÿ¹ûù +Û@ +2‹" ” ‚c脈ãĄqßÉê”Ëû®Ñ\É +)™!èRî$F)$jq|’l-–îZŒ÷ðæ.Â^û£Pï"‡) ;Û®9šJþU‹£4‹—aÛՁ&/ŽÍžßZ™©Ã“I(¥éŽSfŒ1í©—–ޝ[™ËƒŠPœªÁ +šÞŽŸóm/Ž¥Põép M›.‹!dAÛgÑîüäù©>4gSG¿¢nÄKéˆçSŸmÖèK"”àÐÑW© +rˆ°ñˆnmøöA>ÈnòÆKn-Ԃۉ€^ê +Ž +„å[XÖú²9U¹éïí®£h[™/PÇVdÃ*ªÕp£€ÀµsÓ9=GR¬x_0Ç3ÝnÍhÝÔfÈZýÒè +/àôÿT®h.K×åb‰“K¯prÁèÞîšä‚þ(ÌMr}údF7Z +Êðž1›Œj07S +†WTƒ5¹ÜûNfqmžµúgªøYæêtŒ€ˆqMB‚9bä2:¬ÿÁ™;Ž Û©T&¯Gµ0äDQÊ­NãÒ®Ÿ6+eם)쏪(/)«Æ[5Åð.!©AZ9•o-h ©~‹œ`XœD%»aRìæ&!baD{-é1ÂÞ_!JÑøqâÄ +z}AëË83ãYs<Š:*UK3ÒŽººYã/ÏÆï~É¥-€ÔÞfdž1J¯_”‡Š²¯Š©Bj×Â҉/ÃÒ +– +ːÑÙQ‘eªµüvaLœ§Ë)ŒBj +hh›[v^Ž=g¹ h;ŸÅÆ­+40`5enõý<éBÖ {öZÄ +ŠòǕ9fõÚ©–î+Ô³»j7†’¯= +pŽy#X¬UYŸ$ +ÒÈÏâDÓ3 +ùvVÉÞܑ¥!ŠŠºóå|ŽÏ +S1ÊS¬à†Âg +âŒhø¬Ý¿Õ¥/Îê0 $jQ=ý +ŸK‚âޛËꑝCP)E7ì¥UÃÇǃšV²KŠ({{š~= +÷îƒÈ}ïô2kêŒw& + +¥sä0^4–Ê)¯þa„2„C¶ôTxe=ÐQAµˆ<ïVÒä +ºoF›V|„pdo¹y,åóùt.êeÝ;oͯ™N¶M7,Ýšoà­žÒÀk +QšDC +y§ˆ;Z_lù~wõãÞË +endstream +endobj +2447 0 obj << +/Type /Page +/Contents 2448 0 R +/Resources 2446 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2388 0 R +>> endobj +2449 0 obj << +/D [2447 0 R /XYZ 71.731 729.265 null] +>> endobj +2450 0 obj << +/D [2447 0 R /XYZ 71.731 741.22 null] +>> endobj +2451 0 obj << +/D [2447 0 R /XYZ 71.731 708.244 null] +>> endobj +2452 0 obj << +/D [2447 0 R /XYZ 139.477 690.411 null] +>> endobj +2453 0 obj << +/D [2447 0 R /XYZ 139.477 690.411 null] +>> endobj +2454 0 obj << +/D [2447 0 R /XYZ 206.226 690.411 null] +>> endobj +2455 0 obj << +/D [2447 0 R /XYZ 71.731 669.271 null] +>> endobj +2456 0 obj << +/D [2447 0 R /XYZ 71.731 633.375 null] +>> endobj +2457 0 obj << +/D [2447 0 R /XYZ 71.731 618.267 null] +>> endobj +2458 0 obj << +/D [2447 0 R /XYZ 139.477 602.491 null] +>> endobj +2459 0 obj << +/D [2447 0 R /XYZ 139.477 602.491 null] +>> endobj +2460 0 obj << +/D [2447 0 R /XYZ 226.281 602.491 null] +>> endobj +2461 0 obj << +/D [2447 0 R /XYZ 71.731 580.543 null] +>> endobj +2462 0 obj << +/D [2447 0 R /XYZ 71.731 545.455 null] +>> endobj +2463 0 obj << +/D [2447 0 R /XYZ 71.731 530.346 null] +>> endobj +2464 0 obj << +/D [2447 0 R /XYZ 139.477 514.57 null] +>> endobj +2465 0 obj << +/D [2447 0 R /XYZ 139.477 514.57 null] +>> endobj +2466 0 obj << +/D [2447 0 R /XYZ 226.281 514.57 null] +>> endobj +2467 0 obj << +/D [2447 0 R /XYZ 71.731 492.623 null] +>> endobj +2468 0 obj << +/D [2447 0 R /XYZ 71.731 457.534 null] +>> endobj +2469 0 obj << +/D [2447 0 R /XYZ 71.731 442.426 null] +>> endobj +2470 0 obj << +/D [2447 0 R /XYZ 139.477 426.65 null] +>> endobj +2471 0 obj << +/D [2447 0 R /XYZ 139.477 426.65 null] +>> endobj +2472 0 obj << +/D [2447 0 R /XYZ 244.791 426.65 null] +>> endobj +2473 0 obj << +/D [2447 0 R /XYZ 71.731 404.702 null] +>> endobj +2474 0 obj << +/D [2447 0 R /XYZ 71.731 356.663 null] +>> endobj +2475 0 obj << +/D [2447 0 R /XYZ 71.731 341.554 null] +>> endobj +2476 0 obj << +/D [2447 0 R /XYZ 139.477 325.778 null] +>> endobj +2477 0 obj << +/D [2447 0 R /XYZ 139.477 325.778 null] +>> endobj +2478 0 obj << +/D [2447 0 R /XYZ 229.857 325.778 null] +>> endobj +2479 0 obj << +/D [2447 0 R /XYZ 71.731 303.831 null] +>> endobj +2480 0 obj << +/D [2447 0 R /XYZ 76.712 260.772 null] +>> endobj +210 0 obj << +/D [2447 0 R /XYZ 427.288 221.4 null] +>> endobj +2481 0 obj << +/D [2447 0 R /XYZ 71.731 198.505 null] +>> endobj +2482 0 obj << +/D [2447 0 R /XYZ 71.731 186.366 null] +>> endobj +2483 0 obj << +/D [2447 0 R /XYZ 71.731 185.121 null] +>> endobj +2484 0 obj << +/D [2447 0 R /XYZ 137.484 168.1 null] +>> endobj +2485 0 obj << +/D [2447 0 R /XYZ 137.484 168.1 null] +>> endobj +2486 0 obj << +/D [2447 0 R /XYZ 71.731 152.991 null] +>> endobj +2487 0 obj << +/D [2447 0 R /XYZ 137.484 137.215 null] +>> endobj +2488 0 obj << +/D [2447 0 R /XYZ 137.484 137.215 null] +>> endobj +2490 0 obj << +/D [2447 0 R /XYZ 71.731 135.059 null] +>> endobj +2491 0 obj << +/D [2447 0 R /XYZ 137.484 119.283 null] +>> endobj +2492 0 obj << +/D [2447 0 R /XYZ 137.484 119.283 null] +>> endobj +2493 0 obj << +/D [2447 0 R /XYZ 71.731 117.245 null] +>> endobj +2494 0 obj << +/D [2447 0 R /XYZ 137.484 101.35 null] +>> endobj +2495 0 obj << +/D [2447 0 R /XYZ 137.484 101.35 null] +>> endobj +2496 0 obj << +/D [2447 0 R /XYZ 71.731 99.193 null] +>> endobj +2446 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R /F25 852 0 R /F11 2489 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2499 0 obj << +/Length 1490 +/Filter /FlateDecode +>> +stream +xÚåXKÛ6Ÿï¯0¶‡µM=š‡Ñhƒ$mÑ‹®{(’ +že +ÕÐäÝ:¿ŸC)‹’â4§ +z1 +Î|ó̓Žéb¿ ‹·7?noÖo|‘$ôÂÅ6[ø%!K‘y‹mºx·|uàÇN4+Çct +_ÕÕ{Jœý©Y¹lÉ»Œ®ð‹:ñšW.]îÕG^íq3㻌Ȼ\Ž«Û_nšbF@ãÐ8žë׏`Fc„Èuv䁚ÁJÔqxŋóGïÑ¥SñRȳë7îÐLƒ‘Àœù%,¥‰‚ÄðfåGàØT  +Â^î{­È’ Äë-ý.á -µf·;ä-ÎzàJ‰Çn@ü\“ŒžnD(rØdª +HB<(^þ!öy +1Câa£«qä8<4¢8¥”$8)Á(́ρí +åøŽ’Í>ŠªUðA$x}Td×2; +±A +A<БžL×°ðf僎VPäOÇŽ{íÀAo¥"“'ø©èp£ÐÆqO1 +ãÝ +hmyyàyu§yú©–Ùû"RëóÊcÒqŒ—ÈŽ +”Cah—µT‹9j<eƒS•þҋ./ +œ +xªá˜$ÙIœ’9» ZљÊPñöܘ”Ù?µ¢qR!QW"M5H#2SðŽ)qsQÛÏŠS6©éª + +ŒR„µ‹;—°ÉŠ`š—*–‚XÌ\µq®O8©„Â<4s2*Ówl-j~šÛÎ4£t*o²Ç# Ӟɲ“ãZš‰‡M•ƂK€WnŒTþ8jOEׁH‹«¬©Kœ­Om³.ê +/Ö¢Û­5gk­dÝ-ÙÕUŠîyýEðº°:ŽðVT¢®”âòoqÖvóp‰š)øàì)ïZbµ¯ÐRöé;ÔMÞi +;Ñty–ï@=ny&ºŒ4ŠOU‘—9ØŸŠsð +u:ÆuÅœo£MӞüþÚŠ™’gc{ÕÞõ:>ÝK×F)¹æí xÚÓ³YHÅ= +y**)Ymƒ6AƒL£.e‹hౄÌÝ:Ÿsã™7ëöX×EïÌÈ ›^;µñ-Ô\§²?ªXJ«²Ðl懱ûKvW)[Õºà±ÍÕŽ +o4;·£fr‹Ûµ1|ŠÌšg«ÒÕìEÝ¿3Ñ:÷(&ÆíFÕÕs~è@ÙÌ +*iÔóÞÑØTg‰‚Agñ<w€?îgÃæA3îû™ +뎷ôÆ!¡Qt­§Iµ±žÅTðámꇣ\üÃËcñåÎj„(­ûðí +“[õrW5¡GPlªDGY_øW¢dÒàn*ÙîæR֜œH7b'òg%?“$æ4™¡˜ù$J’¯9x6° ]{šO +fë©/ +îþ»˜ùêW”¢7»ÈaS€vÒÑã}H–EîýÈJ]‰aõ}>./ê‘?W{d.c + +Á[a”¢|º€¿Þ6æ躀Û$·frB@rŸ§-ç¢äél°˜|¶ÒhìÌëjšÄ@ Hµ+GÞ¶/P}Ÿáò˜Wý†Sû†—v+³»ýÈ°žG!ÂÚÌ>"MãŒ!­ÇØì#~@žñxD~ŸÓÌœâŽú¹‡ÄWxÄ +ÿ£Gܧþròcøm'ÿ¥‚ßx^¢ÓÑ­#¯·7ÿ²W8E +endstream +endobj +2498 0 obj << +/Type /Page +/Contents 2499 0 R +/Resources 2497 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2388 0 R +>> endobj +2500 0 obj << +/D [2498 0 R /XYZ 71.731 729.265 null] +>> endobj +2501 0 obj << +/D [2498 0 R /XYZ 137.484 708.344 null] +>> endobj +2502 0 obj << +/D [2498 0 R /XYZ 137.484 708.344 null] +>> endobj +214 0 obj << +/D [2498 0 R /XYZ 412.167 663.99 null] +>> endobj +2503 0 obj << +/D [2498 0 R /XYZ 71.731 660.798 null] +>> endobj +2504 0 obj << +/D [2498 0 R /XYZ 71.731 645.854 null] +>> endobj +2505 0 obj << +/D [2498 0 R /XYZ 203.048 625.734 null] +>> endobj +2506 0 obj << +/D [2498 0 R /XYZ 464.889 625.734 null] +>> endobj +2507 0 obj << +/D [2498 0 R /XYZ 255.616 614.077 null] +>> endobj +2508 0 obj << +/D [2498 0 R /XYZ 321.465 614.077 null] +>> endobj +2509 0 obj << +/D [2498 0 R /XYZ 71.731 564.563 null] +>> endobj +2510 0 obj << +/D [2498 0 R /XYZ 196.313 551.611 null] +>> endobj +2511 0 obj << +/D [2498 0 R /XYZ 249.712 551.611 null] +>> endobj +2512 0 obj << +/D [2498 0 R /XYZ 190.106 538.66 null] +>> endobj +2513 0 obj << +/D [2498 0 R /XYZ 71.731 526.541 null] +>> endobj +2514 0 obj << +/D [2498 0 R /XYZ 71.731 526.541 null] +>> endobj +2515 0 obj << +/D [2498 0 R /XYZ 163.128 517.041 null] +>> endobj +2516 0 obj << +/D [2498 0 R /XYZ 71.731 167.665 null] +>> endobj +2517 0 obj << +/D [2498 0 R /XYZ 71.731 167.665 null] +>> endobj +2518 0 obj << +/D [2498 0 R /XYZ 167.97 157.39 null] +>> endobj +2497 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F11 2489 0 R /F25 852 0 R /F48 1258 0 R /F60 1440 0 R /F38 956 0 R /F50 1263 0 R /F51 1265 0 R /F94 1739 0 R /F74 1733 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2521 0 obj << +/Length 1401 +/Filter /FlateDecode +>> +stream +xÚÝXێÛ6}߯ŒkMR÷Œ%‹$HQ‹®‹¶hú@[ŽED +QÚ­óõ +Š€nQ·iѧ"@HŽÉá̙33ÔbïäaïÝÍëÝÍömxÊb{»£„ÅQæ%EiDœ]îý¶Ÿ+Ø¥áõƧ^‡ÈŒw²úˆ1=µõ†DkÖY™äь¥ÜŒ>uÿ‰êd„Gv¥hW›ßwßß`kÈöm„œ¬ˆCm +O)A'žĈđ1Ãßø1ÆëWyÞ©ÓsV±òúE›ŠWŠ +&*€U{£ +ñ ‡â‰†»šƒœNǶUõ¶”VnysØ^j^¶9‡Q +EÉ·N)2jñ¢ÆŸÔ`R Úó«[hÅ +ÏÍRäŒjÌô(§F¿4+Š ŽÂ(Á!²ç.ýK7 +YœU)Ëޙ™Ÿ‡( ÁDëCÃêAkÍOB5µ +og/¯yý·ŸxÅëÁsYq_Ò:aJ=ÉÚ¡¢Ìž:~‰Ã-èjÐ +OmÜnóTœ(K3Ûsgø疫þþœ +ÈÊ"â³Ã¬7ٖ6»è·ŒR†“Î2såÛjÿÌ:Š“QG#„(cjõéŽIR£/D +tð’týcW:ymzºÀÈÌpo.3 +ŒR3Ññ5}Ó×Ñ«ûK0 +>‘ÍÀç6(šØY; óNä^ +a:Òt0q©ñvh~¥Ø_fŠœ°V€ŸŸOöQ™®`zŒ}0Þ.×(¥!Ìý®°yïøn +ñ˜¹7Ý/“Ð3eG3 +èŽñúŌ¡Ÿ'HÝÎR®gÚD¥ÍÃI隳ë Ï°-·øéÈù0D” ‹¿SuÌ5Š¥r¢4ëËÙ<éŸ2÷PŠîµ1“,"FPyœz +ÙØ¢NïÛ_ :ôŠüÑ0>ÍÊßÃ8<Ÿß +{m‚ÌUÝ#±‹e±$$›f¥°±+ÆÑžùIýƒü9ê18Î +ø|‰áÞîŸ=SÅwvm£Ù8߬Ÿ©¯³"sÀ ËÄVù»ñÌÆe“Ÿö§ëªïÅÿíÛDî÷ÂÖ­ +:.Ÿáqœô¢ž›ÑÓÉ|UiÌÔó_™wšþSlÐEh‚ |#2=žLRɀ]Héuhàþ‡Wï?ìÞü²s9ŸÛJ +F_gÞÒ<âFïÓ?!ÀÛ" +ÓÖËÓ ™ +y³»ù"Vj² +endstream +endobj +2520 0 obj << +/Type /Page +/Contents 2521 0 R +/Resources 2519 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2388 0 R +>> endobj +2522 0 obj << +/D [2520 0 R /XYZ 71.731 729.265 null] +>> endobj +2523 0 obj << +/D [2520 0 R /XYZ 71.731 547.162 null] +>> endobj +2524 0 obj << +/D [2520 0 R /XYZ 233.245 535.592 null] +>> endobj +2525 0 obj << +/D [2520 0 R /XYZ 71.731 487.607 null] +>> endobj +2526 0 obj << +/D [2520 0 R /XYZ 119.552 463.861 null] +>> endobj +2527 0 obj << +/D [2520 0 R /XYZ 71.731 461.234 null] +>> endobj +218 0 obj << +/D [2520 0 R /XYZ 412.167 423.243 null] +>> endobj +2528 0 obj << +/D [2520 0 R /XYZ 71.731 420.051 null] +>> endobj +2529 0 obj << +/D [2520 0 R /XYZ 71.731 405.107 null] +>> endobj +2530 0 obj << +/D [2520 0 R /XYZ 71.731 358.785 null] +>> endobj +2531 0 obj << +/D [2520 0 R /XYZ 196.313 345.833 null] +>> endobj +2532 0 obj << +/D [2520 0 R /XYZ 249.712 345.833 null] +>> endobj +2533 0 obj << +/D [2520 0 R /XYZ 164.104 332.882 null] +>> endobj +2534 0 obj << +/D [2520 0 R /XYZ 369.054 332.882 null] +>> endobj +2535 0 obj << +/D [2520 0 R /XYZ 182.664 319.93 null] +>> endobj +2536 0 obj << +/D [2520 0 R /XYZ 260.721 319.93 null] +>> endobj +2537 0 obj << +/D [2520 0 R /XYZ 71.731 297.983 null] +>> endobj +2538 0 obj << +/D [2520 0 R /XYZ 119.552 274.102 null] +>> endobj +2539 0 obj << +/D [2520 0 R /XYZ 434.283 274.102 null] +>> endobj +2540 0 obj << +/D [2520 0 R /XYZ 71.731 249.031 null] +>> endobj +2541 0 obj << +/D [2520 0 R /XYZ 71.731 249.031 null] +>> endobj +2542 0 obj << +/D [2520 0 R /XYZ 148.603 239.532 null] +>> endobj +2519 0 obj << +/Font << /F33 859 0 R /F50 1263 0 R /F31 858 0 R /F25 852 0 R /F48 1258 0 R /F38 956 0 R /F60 1440 0 R /F51 1265 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2545 0 obj << +/Length 1353 +/Filter /FlateDecode +>> +stream +xÚ¥Wm‹Ü6þ~¿b +ìB­õ›ürPÚkš€-izWJIBÑÚÚµˆWZ,;—ý÷ +I#¯œqH¡ +œeYš—gfž™ +W‡UžzyóãÃÍöE’¬JRfq¶zد’4$-Wy“‚Æ«‡zõvý¬a§žw› Šá:%îùLÉwa†nÑ5ë +’îƒÚ»g«6Qž>ØB +ÜæžU¢œàzóþáכ +ÙŸ áª+²ÔXÄqD¢0‡EJhX83ôPU\ëýжçM +áºê8ëyí^mLŽÛ¬ý($1@z'$‰'ãžK­ðXÇBƒ_^@¥ºŽW}{¶7˜h +È1ä¹“s'kçPßíVþÙ7Ü-jÁZ +~{pƏU+žìo&ë|˜•9jﳚtšvL7ßà±hr,.I!bcý +X]_`·+ّ»{vl˜þó ÐóÐï +™dn堐(ÎIÑÄÒK˜œ +A’ +Féµzt7O-gëžuœ[>™è0¶>qÛ +­²™Åoî˜{i”Æë +ÌG6œ(Fä¬wÏÝ +ÿ8!$,¡Msì +éú.€áXB·”Òv"B€¡4.¢ñ'€v)^¯é#ŸÞ@.{QzË'<ø5P&Ù–`ÖQݜj¿ +yǃ‰‚17æ* +J•:šØx–Dc1üœ}mÇç+ŠØ÷îñöŒ•ïgˆœ—ÍNìù' +«*5È~ÒaÆ +Ô.\žgz¬_(œvšçŒE–4ݵ­ª. + +jÇëAFŠþA«#7i„†gMÒ²,’0¥Y +æÑèQŸ×Žbwò&^zÏø­cÝÙœ4 +{ÃcŸôw³Óò +v`œI +ÁªßòŸÚ¢^ìDz‹Ï æ{6Ž=1¹àI +ef‰ïnŽô­v˹Ö6&¯Ä#œ +ÈU·•Œ4ƒˆê>Øž^³)Ôt=K¢Ó1f”ñf +!RۆÒ5F"Š«('qD]kLsRÄÐiFÒ +å§0ÓËòJۍD°ÔŸ)›—Tf%™›œ”^ÀÇKŸ$ûqFë)|w±˜\sÊ2óž’m5™âŠ5_R­"çŒo¯¢ð(L·óiqŠ&]uâÔ/äJ™“¬ŒœÔªáՇrjÌ( +BaÄÀ +âzœÒîfzSÝyqRûQ‘Ï3ÔY§·K^SBãÒ«û,.1³s +ô)±ÛÄ@HŠL0ùÆòÛ+(ûML,?ƒ¥â„Ÿ +›§åõùH‰ðÍksÇ9*þ dÝ:J +ÐàY>C§5³9öh{÷ìo2è,#ÃÚ4BŽzÍlÎù<ò„ G#1ǞJ{ð)zû³ó›ÿV8—†>_òïYØŒKO7æ‚RœwåïMdšâšgÆøè¡VsuÆÞO×Áôw-?¢Ð_äèG· 1¥$Í}ŸYê4jx·TýÌéX +,„ÉŽº3,[!ùíRI$qLhTÀ"!qN0‰Ñ7=çîÕ+·øÎ=^ÿþæîþþ¯Ÿn·'Ö7Û^mgu{õƒnþ³²ŒHÒÈ!ÐƜ®€˜]yþpó/:úé% +endstream +endobj +2544 0 obj << +/Type /Page +/Contents 2545 0 R +/Resources 2543 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2563 0 R +>> endobj +2546 0 obj << +/D [2544 0 R /XYZ 71.731 729.265 null] +>> endobj +2547 0 obj << +/D [2544 0 R /XYZ 71.731 741.22 null] +>> endobj +2548 0 obj << +/D [2544 0 R /XYZ 71.731 663.725 null] +>> endobj +2549 0 obj << +/D [2544 0 R /XYZ 71.731 640.035 null] +>> endobj +2550 0 obj << +/D [2544 0 R /XYZ 71.731 640.035 null] +>> endobj +2551 0 obj << +/D [2544 0 R /XYZ 148.603 630.536 null] +>> endobj +2552 0 obj << +/D [2544 0 R /XYZ 71.731 342.377 null] +>> endobj +2553 0 obj << +/D [2544 0 R /XYZ 119.552 316.613 null] +>> endobj +992 0 obj << +/D [2544 0 R /XYZ 71.731 290.297 null] +>> endobj +222 0 obj << +/D [2544 0 R /XYZ 336.57 247.199 null] +>> endobj +2554 0 obj << +/D [2544 0 R /XYZ 71.731 223.444 null] +>> endobj +2555 0 obj << +/D [2544 0 R /XYZ 176.548 214.322 null] +>> endobj +2556 0 obj << +/D [2544 0 R /XYZ 319.171 214.322 null] +>> endobj +2557 0 obj << +/D [2544 0 R /XYZ 119.552 201.371 null] +>> endobj +2558 0 obj << +/D [2544 0 R /XYZ 71.731 166.337 null] +>> endobj +2559 0 obj << +/D [2544 0 R /XYZ 119.552 142.591 null] +>> endobj +2560 0 obj << +/D [2544 0 R /XYZ 243.844 142.591 null] +>> endobj +2561 0 obj << +/D [2544 0 R /XYZ 375.021 142.591 null] +>> endobj +2562 0 obj << +/D [2544 0 R /XYZ 71.731 130.472 null] +>> endobj +2543 0 obj << +/Font << /F33 859 0 R /F50 1263 0 R /F31 858 0 R /F51 1265 0 R /F25 852 0 R /F38 956 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2566 0 obj << +/Length 1830 +/Filter /FlateDecode +>> +stream +xÚµYkoÛ6ýž_!`j1CR€ +: ŽËЊmênº¢`lÙª‡+Éi‚aÿ}—ÏHŽìÁ•÷ÅփŒçòžËKê{K{¯NžMOÎ^úŸ£8 7]x>Ã(à±úEœzÓ¹÷iô|%ÖMR'”ãCúÿyYü +1]nª1á#Ñ€e¡_” +ýŸ•c‚GKõ“Kýp!fi–6iR?O;ÁÆð‚ŽŒ˜PJÁ!\0Äq€ÝžL$ÒmsªM‰ù\_4«D_ÔIu“ÎÌMSnœ-Ä2-k}-=ÏéÂÙKŽœ&‘ ç‡!8¥ g«döuVæ¹(æ5š-–ºKÇ٘ Æ]Ÿ{ŒÂ(Ä}æM|ѐë–?'Æ£Ç +ãK-ò•H‹Çú¡Ô7ód‘© +0Ø  !@RšÍš·I§ÛߝvŠ~÷¥¹mÝÞ×%sg›º:»N‹³z3/õ£ÉFÿWeÙè«G?œ_‘Gg]ûº±iB0îË?=á +&2ÃÀæ"uéäÈՄÖwu“äúI.îLñUæ Í‘2· ’æÉ©}šÿïÊÍVçﲫ(šnN¥Å¬JDìÉ°u¶YŠÅ=R¹i܈)ŠíÔº68³•(–‡µ(3˜F”Ÿ»wš +íE_û + +±oÓQ»Ž#sy€hÛŠ‹ª4¡ +pwžÀVoZH} +ÑnZ›IøE³o†þÄŸƒ[Cÿt•?6·Åz]•ë*k>»¯HŽ‡-¢ +‰2ŠpìBb@w„/€Ì +\[H·£Ü#!¢„ë@ùœ ‘ž@ +``^u`Rü £Ñ‡»:+û Xˆ"JºQrJågšefp•(êÌ mL"êô)lXäݍ¬£I¥Ë°‰„T÷WBhXàÂ!ÝÔE]çx•–•+æÛÑ ÀåÈvõvB×*¥NΧ'ßN4à +ñ‰‡©ÁšFœY~òé3öæðfòãÈû®šæ +Ã0‹™ç™÷áäýÿa$äZDŠ±=F 9ƒ(1cC­©À+ŠPüØcÀ7‹ÌböA-f7’ +»‡ðaýÃ@Å1à}XCa=݂ק²ÏÐØãÏ}ÂÀ +:À†?Ña&$Ÿ~ì#Ë́íd¶åӏDX`—áë1Å£Ír7™ÇÀ¶dv°_¿}õåÅù393?ŸÚÍâáø)ðc¹xEÃx +lD1Bm$ì8LFEØ×ÑL‹E¹‡Ä#À:Û°’Ä‹Ë—o÷ðw0tOèÁF¶†ñ7Ԉâ/ ˆ +ô8ü +±€˜-OÙȍÂnìlK/ߎ +M/žŸïáñ`z(4 +XOQ< + +Ðø8'fì7©ØB§•5ïsÅ9j™b©eº(k•ç¥ìbПèNA[ô +˜RàqGôÿE2t{{ÛÃdäÃg(·íÛâêÃtÚc' ŸIëYÁ‰A9aŽKNGµ‡J.3wüÔ:zÚ§ÁZ)uK‚¥V‚}ÿZ_Œž–ÚŸ5Ò +T2ð&4@6óè*ù¶brȹڈä,j÷áˆ.XÓUZk˜ÅØo§<©Ž%ó +*K£¯î€®€&àf%äݍd4ÑO€¯uš©Ž»ïi³²ìùV{*A±þL&I!”p•%“Û<›8º;ˆPUWÓ©\›ˆK”RO/ŸÁV:»çGjŒ¥*•ð +`†ãdÇüŸ²Â]j +þùÆð çuÏd‘ÆÌTdêìÆT™Áëèd)0Ó7€07QNuëDÚÐÁ5 +æåVÎÀ˜Ìá +ÜžÐXj¹Z8êÜ> endobj +2567 0 obj << +/D [2565 0 R /XYZ 71.731 729.265 null] +>> endobj +2568 0 obj << +/D [2565 0 R /XYZ 71.731 718.306 null] +>> endobj +2569 0 obj << +/D [2565 0 R /XYZ 274.629 708.344 null] +>> endobj +2570 0 obj << +/D [2565 0 R /XYZ 71.731 607.532 null] +>> endobj +2571 0 obj << +/D [2565 0 R /XYZ 254.345 582.615 null] +>> endobj +2572 0 obj << +/D [2565 0 R /XYZ 71.731 570.496 null] +>> endobj +2573 0 obj << +/D [2565 0 R /XYZ 71.731 528.236 null] +>> endobj +2574 0 obj << +/D [2565 0 R /XYZ 361.651 516.463 null] +>> endobj +993 0 obj << +/D [2565 0 R /XYZ 71.731 513.061 null] +>> endobj +226 0 obj << +/D [2565 0 R /XYZ 171.252 469.964 null] +>> endobj +2575 0 obj << +/D [2565 0 R /XYZ 71.731 446.208 null] +>> endobj +2576 0 obj << +/D [2565 0 R /XYZ 71.731 446.208 null] +>> endobj +2577 0 obj << +/D [2565 0 R /XYZ 298.498 437.087 null] +>> endobj +2578 0 obj << +/D [2565 0 R /XYZ 71.731 435.05 null] +>> endobj +2579 0 obj << +/D [2565 0 R /XYZ 71.731 423.842 null] +>> endobj +2580 0 obj << +/D [2565 0 R /XYZ 71.731 423.842 null] +>> endobj +2581 0 obj << +/D [2565 0 R /XYZ 71.731 265.436 null] +>> endobj +2582 0 obj << +/D [2565 0 R /XYZ 434.029 255.473 null] +>> endobj +2583 0 obj << +/D [2565 0 R /XYZ 211.426 242.522 null] +>> endobj +2584 0 obj << +/D [2565 0 R /XYZ 71.731 207.488 null] +>> endobj +2585 0 obj << +/D [2565 0 R /XYZ 328.516 196.694 null] +>> endobj +2586 0 obj << +/D [2565 0 R /XYZ 393.173 196.694 null] +>> endobj +2587 0 obj << +/D [2565 0 R /XYZ 501.894 196.694 null] +>> endobj +994 0 obj << +/D [2565 0 R /XYZ 71.731 180.34 null] +>> endobj +230 0 obj << +/D [2565 0 R /XYZ 231.523 137.243 null] +>> endobj +2588 0 obj << +/D [2565 0 R /XYZ 71.731 136.348 null] +>> endobj +2589 0 obj << +/D [2565 0 R /XYZ 71.731 121.404 null] +>> endobj +2590 0 obj << +/D [2565 0 R /XYZ 413.683 110.642 null] +>> endobj +2591 0 obj << +/D [2565 0 R /XYZ 258.522 98.986 null] +>> endobj +2564 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R /F25 852 0 R /F38 956 0 R /F60 1440 0 R /F48 1258 0 R /F55 1386 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2594 0 obj << +/Length 1821 +/Filter /FlateDecode +>> +stream +xÚÅXÝoÛ6Ï_ᇶˆÖ§e§ë¶6uÚ +i’Åî` + +Ybl¡ŽäŠRSÿ÷;òŽ²¥(Iû0ìÁI‘÷}¿;Ñî­zvïíÑëÅÑèÌózS6 +»ãÞâ®çù6Ó^è¹lžœEÒû{pºŽ¶%/†–ØŸáó4Ï>Ú¶»ªŠ¡ +¢2Í3|‘ßáSäCÇ +¬ô_š­pñ.ŠS‘–)—ÿÙ$Èè̟ô& ÅØWRX®í0gâÂÀg=A14áp2ˆóª +Ç÷i¹ÆQ¹æŠäè,( +. +ÇðÐ,Kí·’šŒ–‘ä/oooñLƒûd‚±9’oI3`ñÑìû5/ˆwŽ÷qž‰†ž=ØádIï£LY†ó»ÚªåqŒóm.Km€‚ëE§g9c‡y®Ü’( +Úł+t"ÉGè¹Và©ÜT(AØð˜;ÀŒETìꉊ‹T +sŽ·’ö‹žõ@ + +Šu#Ž­G•,FË4‰ä€¶UMBc +yÑ’üÇVåÀº-붍ñˆ™C +Ó`ofœÅ=„tË <6 ¡ÀB™°‰õe^ò“DwæÛ5þ_+äÜ-@ +Žˆà•Šv•¶,žE:[·d q3|³X§„fæuH*±:ßWàæP:ÇMp{MÁ€PÕAT=nùÇ4”jŒøªª¬AZ‘”ÕÆàZIy¹4.ÎLçGb +b?à±€6ŒI·? +‚Œ6ë(Íú +ïMÅwNùJS€9/ +Ò +*±Ì«)íÓÊt©Ä÷ƒõ1ÓžÀDÕX +)/ædÕQ°Äœb—Vai1œÀŽ#Â]h ì©g(Æ`ŽJÞá>ˆÇ©75[Ñ@Ûxg„6šåÁµ-ÍÓ1³=·™åÿR6’Óâ\T›L>°q*Ë"¥:RƒqšÅ¢Jžlm–q‘nË×1„¿4KKãÅÆë-VRivtø².–ƒ¹.ŽxŒ`sÆVìžU=÷•ºLèªJ$&ŒËjûdˆô³:bð °ðŸ +Ü:,‡2짡5¶U‰Â§QŽ«w¡­q¡B@Ŷ>ˆŠ6ö;öc8ª¹uýìÉYVšÝ:^!VqŠ +Š¿ÇA‘ +Ôõ i‰ÏhüNºT›¯u'§6i»>`£%=#cŽ-/”b¿â\•¥Ý(ÊIt ö£Œ„Èï9鯐koS +ÿËÿUŠM^tQùN¡š¶ÕõBÇJҌ=ù¹±ÖÌÍ'âÃ×íºc²B}9‡aÝá8Lû‡oŽÃuÚêfû3M# +i·¥ge +–—*îÑé ýž#¬¥ +ý)[t~éP.ðCëoo^].ä|v1;] +Ÿ_Îg7ŽtuٔZs© +Å>ûŠPþÖ¯KmÿE‡`±ýAñæ3’äúÕ|þ×Õ͛htòÇW/›uƒÉÓÍâó†ß+áÙŇù;busþçùÅìílþ¢«Ïs}6 +ÞÍò +L +ÓÁAsƋM +Õ?ÏdWËÀ'?ÔQb·0_¥õ~:€ð +ª;ûê£éýÌ) +ÒýWF/µÛ•4 +êõ°ßhtµ‘ ê*uÃÕüü§«%zeè +²>ނX€EÞׂGæöšl|øCÏÿàÿqëðPûc£Ÿ–ÄH«¯R"!IZê?š«Å€oÝ|ž~3„Ó¯†ˆ³˜á¥@Û +)Û¯Ÿ;Àg±¹Š‚üù€~i–pµÿÛ'ØÐß_iIN;—yYæs_õ„gñ¢‰Úv:¬1¬y&|*ô;”Ú߁˜ŽdݵÿÐG‡µ4×±¿Ø©í»g[ŸéˆÆÆ +]ËúRœb­KËæÕiè°É€gMàÍ®VÅ·'f‹£„¥¡ +endstream +endobj +2593 0 obj << +/Type /Page +/Contents 2594 0 R +/Resources 2592 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2563 0 R +>> endobj +2595 0 obj << +/D [2593 0 R /XYZ 71.731 729.265 null] +>> endobj +2596 0 obj << +/D [2593 0 R /XYZ 212.238 708.344 null] +>> endobj +2597 0 obj << +/D [2593 0 R /XYZ 71.731 689.819 null] +>> endobj +2598 0 obj << +/D [2593 0 R /XYZ 218.048 680.05 null] +>> endobj +2599 0 obj << +/D [2593 0 R /XYZ 71.731 618.879 null] +>> endobj +2600 0 obj << +/D [2593 0 R /XYZ 119.552 567.073 null] +>> endobj +2601 0 obj << +/D [2593 0 R /XYZ 119.552 541.171 null] +>> endobj +2602 0 obj << +/D [2593 0 R /XYZ 71.731 539.133 null] +>> endobj +2603 0 obj << +/D [2593 0 R /XYZ 71.731 524.189 null] +>> endobj +2604 0 obj << +/D [2593 0 R /XYZ 71.731 476.712 null] +>> endobj +2605 0 obj << +/D [2593 0 R /XYZ 388.645 450.809 null] +>> endobj +2606 0 obj << +/D [2593 0 R /XYZ 71.731 412.787 null] +>> endobj +2607 0 obj << +/D [2593 0 R /XYZ 71.731 277.277 null] +>> endobj +2608 0 obj << +/D [2593 0 R /XYZ 71.731 253.385 null] +>> endobj +2609 0 obj << +/D [2593 0 R /XYZ 71.731 196.274 null] +>> endobj +2610 0 obj << +/D [2593 0 R /XYZ 71.731 176.349 null] +>> endobj +2592 0 obj << +/Font << /F33 859 0 R /F48 1258 0 R /F55 1386 0 R /F31 858 0 R /F25 852 0 R /F50 1263 0 R /F74 1733 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2613 0 obj << +/Length 1757 +/Filter /FlateDecode +>> +stream +xڕXYÛ6~ß_á·µ˜«û(ºr4ÍÛ`ÛuZIÐ- ‘%UÇ:þ÷ +rHZ’étûbIäpf8Ç73¶ÙÂZürõjsuóÖu1‰'Xlv +׳HàNjÐuHä;‹Mºøž|ÓŠgíjíøÖÒ#ø|]WŸ,ËɆveûKÚu +õŸeœ²­e&~Š*ÃÅ +MŠ²è +Ö­>o~œ²€"  +=Òbí86±­^<â[ªñ²C +‡¢Ïñ–¥’•dp‘ZÎ +E_ËgÎðåñ÷{|IiO·Ž“Ëû¡ëñm+WXE·%Kñ£šflm“‘=øJÉøuáªkÛ!±²ëöˆ +ë{­•ÇhÓŽuÓŽgJJ˺Œ.Sy#F2òg{óÖ·/ðžñl‹„àÁµë'ôQÒÇû:û¬U°ÁÅnŒ‘÷}dO¬-úã큶2zDqõÀ!1âðÝèþxd +JŽO<߁AÞ<äÂPv,9¥çXXšåX’TYr_§Åî8c”2 +“¡ìeX=tF³«KbLJˆïp뭃€Ø üčiÑr9áÏÖ=Û-Ê*Fß<²þÍ«÷tÏn‘]ÈÙYA +rvŸKÂ8VFK·_* 4ˆ]KÂsÎ +ÉFÖ1±Ãhĺç”FÞH‰ŒÃïwu×_ÔzÌ:‹ZG­?t¬}çÿçÚu‡ºMMÜCŸžö˜{#‰M$ñÄ* ök»¢ëYÕÿ·„#ënªÚ”‡Q@,H–I +n +A-ª›Þ M†z£uÒéUóï +(>Ê"ð÷Êyg—äŽÊ4lcÜÆ+E£+)PŽO–Z9oÚZÊŽ?N'` +k' ҉ïk”aŽlùÓZüzXy b×g-˜—©éE#^1ˆt.œ]¹@ߪÃ> +æv +^à†Š]ñ±ç»ƒúÚJ5(>*±¹çõÀ¡Hh‰ëw’,MØ;Ž +ĈŒÜ:¶‘k‘H鯜U†º–” +vå +xÒL׿ãP2åU5-mŽ÷ªŠ)ŸSUœZD5™MöX9'°ˆ¯ +÷£Aû„ž¶,èªx +°Œýä8Þ¯ÿÜð§T€ë韹%ÜVƒø8—lÛñl]^~2YÎ +d w_Ï`íÏ{þ­nøµ +\|è\œïéÁq5é/™X:¥Úvªõ:y®×þOZŠ;í18€§ + +„G{TÕ­gèÈמS€VÜ!«Ÿ’Øõ§Õïn7«»i]]¯ìh)ã°,Ÿò¡ÁÅB­ÑIÃMÝ,: +(;PN5^ +µAғ×n0’ðl0èØ%^ îhiìJXø]-5ÂN +/€úÏÛã0˜Á/ÖIݒ°Rö‰×\#ˆ’/-àóÚ÷aa‚Îï?ÜßÏ|òL¶f€s§ÍÈi%µ`ÿ +ŽÔ°nhGµšE•2ÎñÛõ¥.ì\»³˜R1 KlÔàGÕ7_ +³©8zQQêÝp/ÐųŠšÌܶž +.Xšìq'e™PÖ°åóP|w +K +a$»Ð·Ž%„º),ÙH©\í] +ëچ9íòëHqȋ$Ç}ár~>—§{ããJ’³äk7ìMžQá*[᲌šŒ^RCœ#@çã$ +eŒµâN/¯­òÉ +âìX.qOið2M7«ØYÖÐâÁMÙB7BÏ]ÁMcÈ®8±{Ê®)èmYÙÓJÕ+¶]sK1]ˆzê`‹®V¹gÄýJ³YO$Š‡~ž='•Z6ÍÖªŸÐlÁ7 +à©ÕknôIÜ«žç +Cðpšª‘Ôûf虚;©•š)ÏŽëO(•iNçS› +Ž麊 aðŸGWÏl:íõ@ÞâÜÔC붶C˜îã`ÜŒmŠÆԙA‘ÈؙÁœ8Ȗª?ÂU­¥ì̎Œ{µ +wf”Ÿ9âÇAüSQÉ6Mø_0’ +C3éÛøqÃû|ÎáÀÉû}±µ+RT¢@shÁDkŠ;š]4ŒŒ=iž|'‚ဠ+Ñå5Ëaáë[ÐÃ]Z`2®hžfíD„%𙔌J +°oýt_³SÃ5~Éÿ-ä»oa!™ÑŸŠ +‘EÇw–&涊õ5'jVu?™~åÄĪ¹óš +‘—[&ˆGƇš-ØöÃû©†ÙÔ(zü;èˆ+(pš·ÝbES'~ðUºÏiÝ +Ï/\B¿É}¬L7âv#'âÙ# ëÞ4֋ºÒOmÀKÖ +ªdÊÒ©)1‡ê{†ˆ†ÅzN}7Œœ&í̜òtÁóæcᙔS”„á܂™7à¿0c‘£VÃÁé–{–Ìÿ +œü% hAD1qùljgONüŒ¹úžQbÿ +endstream +endobj +2612 0 obj << +/Type /Page +/Contents 2613 0 R +/Resources 2611 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2563 0 R +>> endobj +2614 0 obj << +/D [2612 0 R /XYZ 71.731 729.265 null] +>> endobj +2615 0 obj << +/D [2612 0 R /XYZ 71.731 718.306 null] +>> endobj +2616 0 obj << +/D [2612 0 R /XYZ 71.731 683.273 null] +>> endobj +2617 0 obj << +/D [2612 0 R /XYZ 71.731 618.879 null] +>> endobj +2618 0 obj << +/D [2612 0 R /XYZ 145.006 605.928 null] +>> endobj +2619 0 obj << +/D [2612 0 R /XYZ 71.731 582.914 null] +>> endobj +2620 0 obj << +/D [2612 0 R /XYZ 184.11 548.045 null] +>> endobj +2621 0 obj << +/D [2612 0 R /XYZ 189.489 536.389 null] +>> endobj +2622 0 obj << +/D [2612 0 R /XYZ 184.11 524.732 null] +>> endobj +2623 0 obj << +/D [2612 0 R /XYZ 184.11 513.076 null] +>> endobj +2624 0 obj << +/D [2612 0 R /XYZ 205.629 501.42 null] +>> endobj +2625 0 obj << +/D [2612 0 R /XYZ 205.629 489.763 null] +>> endobj +2626 0 obj << +/D [2612 0 R /XYZ 71.731 458.182 null] +>> endobj +2627 0 obj << +/D [2612 0 R /XYZ 119.552 432.279 null] +>> endobj +2628 0 obj << +/D [2612 0 R /XYZ 71.731 432.16 null] +>> endobj +2629 0 obj << +/D [2612 0 R /XYZ 71.731 417.216 null] +>> endobj +2630 0 obj << +/D [2612 0 R /XYZ 71.731 367.821 null] +>> endobj +2631 0 obj << +/D [2612 0 R /XYZ 246.006 354.869 null] +>> endobj +2632 0 obj << +/D [2612 0 R /XYZ 298.31 328.966 null] +>> endobj +2633 0 obj << +/D [2612 0 R /XYZ 391.778 328.966 null] +>> endobj +2634 0 obj << +/D [2612 0 R /XYZ 71.731 306.884 null] +>> endobj +2635 0 obj << +/D [2612 0 R /XYZ 71.731 261.056 null] +>> endobj +2636 0 obj << +/D [2612 0 R /XYZ 322.887 237.31 null] +>> endobj +2637 0 obj << +/D [2612 0 R /XYZ 393.532 237.31 null] +>> endobj +2638 0 obj << +/D [2612 0 R /XYZ 443.789 237.31 null] +>> endobj +2639 0 obj << +/D [2612 0 R /XYZ 286.036 211.407 null] +>> endobj +2640 0 obj << +/D [2612 0 R /XYZ 71.731 209.25 null] +>> endobj +2641 0 obj << +/D [2612 0 R /XYZ 71.731 194.306 null] +>> endobj +2642 0 obj << +/D [2612 0 R /XYZ 472.124 149.838 null] +>> endobj +2643 0 obj << +/D [2612 0 R /XYZ 76.712 120.249 null] +>> endobj +2611 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R /F70 1676 0 R /F38 956 0 R /F25 852 0 R /F48 1258 0 R /F11 2489 0 R /F60 1440 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2646 0 obj << +/Length 857 +/Filter /FlateDecode +>> +stream +xÚµV[o›0}ï¯à­ 5®1—4ö@.í6¥M—ÒjÒ:ENâTb30Íòïgdž†ôº5yÁŸÁßå +>‘óƒvxp|æ8F +Ž|äáÌp\|¯e4 +N“Ä–ËÆxr¿”\âl*QI +‚–§¹™°E*6a,Ù]YŸg +)?>uÒrU"ÏÔ¥ŽWjœ’Ù:x‘pý«^±b +2ŠŠðmN +eŠÇ ÙNÌRÙ +G[á(!ÚKlÞ& ÝtE:ÅŒŠ¥ +ñ +q®g¹ ¡m¬“ÍX"O\æ§eØõ~û*ìÅ*ÿœªŸð q"úÂwe_ž€Î‰XìT.úaoh5|Í0h÷{ÊÔM©A·«ŒÎ sq©l—œ|ä> endobj +2647 0 obj << +/D [2645 0 R /XYZ 71.731 729.265 null] +>> endobj +234 0 obj << +/D [2645 0 R /XYZ 329.247 707.841 null] +>> endobj +2648 0 obj << +/D [2645 0 R /XYZ 71.731 684.724 null] +>> endobj +2649 0 obj << +/D [2645 0 R /XYZ 178.211 674.964 null] +>> endobj +2650 0 obj << +/D [2645 0 R /XYZ 323.047 662.013 null] +>> endobj +2651 0 obj << +/D [2645 0 R /XYZ 71.731 626.979 null] +>> endobj +2652 0 obj << +/D [2645 0 R /XYZ 71.731 604.065 null] +>> endobj +2653 0 obj << +/D [2645 0 R /XYZ 71.731 549.947 null] +>> endobj +2654 0 obj << +/D [2645 0 R /XYZ 71.731 526.257 null] +>> endobj +2655 0 obj << +/D [2645 0 R /XYZ 71.731 472.139 null] +>> endobj +2656 0 obj << +/D [2645 0 R /XYZ 71.731 450.506 null] +>> endobj +2657 0 obj << +/D [2645 0 R /XYZ 71.731 392.637 null] +>> endobj +238 0 obj << +/D [2645 0 R /XYZ 341.212 354.645 null] +>> endobj +2658 0 obj << +/D [2645 0 R /XYZ 71.731 331.528 null] +>> endobj +2659 0 obj << +/D [2645 0 R /XYZ 185.683 321.769 null] +>> endobj +2660 0 obj << +/D [2645 0 R /XYZ 71.731 284.723 null] +>> endobj +2661 0 obj << +/D [2645 0 R /XYZ 71.731 157.997 null] +>> endobj +2644 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2664 0 obj << +/Length 866 +/Filter /FlateDecode +>> +stream +xڝUÛnÛ0 +}ÏW}²F–eù’ŸmÅ:tغKS`Ã:ª£$Fe˳ì¶ùûQŠì4Y{±(š"yI‰zzïgo—³ð"ŽœY€,õ–k/攀ÉÂËbFò„y˕÷Ó?ߊŠ“m0g õ9Áõ\×·”²MßQ⋮Ô5þÐk\•"êo†OYoP¹E©Ê®”&øµü0£.‘ð‚%^ÄIÌSfӘ3‘ˆf $„FæÁIÄHlãg¹ÿiwýõ#ŠÅ”ʘ(W²¥ÂÆèFêÍ-º,C¯Ë ‡€1œFƒR·•#ŒâpÓï1 +oêò¥•®DéN]x`6¥„1~HìÐ1ü›;ρÀ·Ç&PÌYJ\_éNž¡%Ï™a1—¶;a4Kƒk­± +n‰šuÈ7C{ÛµiT9Ýo)·*ìAwNÚq!‚;×ÛîVJÝ­+\·p‘¡üŽ•PÕöEYiºÈ†äóˆd4{­® ãˆ@sf#ºVŠ•AáÄ9‰Ù +Á³•î +u/ +W<Øé +µ„–%d„‡Z[ÄOž(í±ì3”[iʕ4XÖAsYÃÝ$M‡O +(dÛêÖE©„­ÂÎn2{¶W +!äè)<|³ˆä¹7ç +hÉÄ=Y<>8òn9ûp±¬ +endstream +endobj +2663 0 obj << +/Type /Page +/Contents 2664 0 R +/Resources 2662 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2563 0 R +>> endobj +2665 0 obj << +/D [2663 0 R /XYZ 71.731 729.265 null] +>> endobj +242 0 obj << +/D [2663 0 R /XYZ 361.913 707.841 null] +>> endobj +2666 0 obj << +/D [2663 0 R /XYZ 71.731 684.724 null] +>> endobj +2667 0 obj << +/D [2663 0 R /XYZ 476.44 674.964 null] +>> endobj +2668 0 obj << +/D [2663 0 R /XYZ 71.731 627.353 null] +>> endobj +2669 0 obj << +/D [2663 0 R /XYZ 197.548 616.185 null] +>> endobj +2670 0 obj << +/D [2663 0 R /XYZ 469.704 616.185 null] +>> endobj +2671 0 obj << +/D [2663 0 R /XYZ 258.005 603.233 null] +>> endobj +2672 0 obj << +/D [2663 0 R /XYZ 145.006 590.282 null] +>> endobj +2673 0 obj << +/D [2663 0 R /XYZ 252.821 590.282 null] +>> endobj +2674 0 obj << +/D [2663 0 R /XYZ 71.731 575.173 null] +>> endobj +2675 0 obj << +/D [2663 0 R /XYZ 71.731 560.229 null] +>> endobj +2676 0 obj << +/D [2663 0 R /XYZ 336.433 550.73 null] +>> endobj +2677 0 obj << +/D [2663 0 R /XYZ 446.424 550.73 null] +>> endobj +2662 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F50 1263 0 R /F48 1258 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2683 0 obj << +/Length 1579 +/Filter /FlateDecode +>> +stream +xÚµWKÛ6ŸçWøhk®š§•C6HŠôÒuÐCÒ-Ñ2J$j·þ÷ +>õ°v€èÅ€d’šùæ›o†á®Þ +»_߄vüåôæñC”î¢eé1ݝ.» +£<Æ»<ŒQg»SµûŒw%€}pˆòã>Ef|'Ú/aÕcÏÚÚŒHs%¬}0OòJÍä*ü}ú +>yˆ2tLí±¬•Žî™Œ™eh™œZùøL(P‘E™²)ÉÑ1»C\ 8ŽÍæ“>= +ÝG̓²ˆÛ?Üyú¡ŒÒòë`æÒmU8Ý;#à•žÌ²ÎöÏR4 +±îšs3#uîÁðÓ<›¡"’œÉ@·Žv€à)6> +¬n‰ +{:<ØsÚÊLZ!Ùå¶2 +h¿<šµ¥h6HږŒÈŒõPÁW£tÿ€\Š|¹“‹ºöŽ±ÁùëBLΜ®mf§õ„/ +ŠŒC‹S/†Ý%ãL2‡,é­i]/ÔAO¬¢rGÅ:æ–,‹0—ÄNÎÖ*2,BPrF[é€#vvý³¶Š¯ìò†©YR¬ €­£Ö\ÒKÍ4ŒœÂˆ—Ê5C7n«Æ"랺ra9ᢝ ª{ÒLŸ¿ž`íد’nPF-ÑÌ¿Í~l7-9“òk݋Ñ1,)·É†(Zem‰RŒò‘ÉŸ +ÞöÒÓ®êMšŽœôSæBD€„[©äS¶-2’:wIÉ%)Ô^(=²;±î­Y˜ +ç +a +áxœè£4Z¥3ƞ‚&4Ž­ŽÅJô„ý#8€ÅÇIͱ{ +6V,ÏŽ$@be€WgmIŽŠ<Äʒƒ5å¶cµA_¢(œß4™¯D4vÖ/Ì0ÈkڜŒ{UK®€U9žxM­õÏWæ–9_[_œ‹d1, +fÉgÆŒçædÎÂ! {¬E· ތ>Êj•¥ñ3“WçDG%‹æ„µk–Óʈ³åª2 vT>«ïp“j=°üµhdç?Œq0pe +&©™‰Ž¶ƒ™Ž‰ZŽhS«àÕUpêb“MÒÿ©Ô +G©=Y8b†Œ.€Ïú(‰dÂ}Ü Äáþõ£6‹ÑV,J1r›5•®€WLÊe‡è}Ž8)Ý[}èmAžqŠL­<éµ`7S2ã +E8ÕÀ +ò +åacBb +J¶­Ê§šÍ€¶BĚ¢=W +ƒwOLùüZï1SÏSpFúʳPù‡•ø_çBüì +!H~çÊÎèZ†óÝzZœ]I“owHB' +1ĈûŽâó²ÞÏ귊íF‹t÷ùBE¹š4}õ +ýŸŽœKQ²þÿ§‡-›»„7vùîâ[Û!°÷û}a×ÜÔñ[V„ŠJÂøTgIªú]ŸØªRBÌӗvÁENÿ̹¥P<[‚SE~Í¢³ôÍTÅú Î!É cUÝÑ=E #ö”©—¹4ê‰éh|³#6ºàûxsÕ,V¶hÿ$PZyUB_äú + +¶uk +ÝC‘¡ä˜¯Z™±ëD/mûöº^6áU +ýĊÜÃqG¿Šœ•Û(Æ1XîQô“Ei£µ_¶5PõÊ«ÛbŽmÒÍy?KŠ,^Ezv”»©mÔ±ÑèA“l +®‹W } +m¿âø þœS +· 3ÕÅ +Ú=î컣A«(ˆª*Q›ØÇ Ûv±k“m§šcŠ¶ÛÆí‰ >S­û>‘rH–o± +‡ *Âìæ„Z—õ3]wŠ«Î=YÒÄãvŸ–&Ìë×v +Š\ÓÄ +ƒ’ºƒÊ_ûtXø–!!ô”ë,®mpÐèNræUT1¿uܶõP“7J@ÂxÉ^êm.‹ªc—tù—.‰sö1éïîýʵõö +̊]Ôª +íýUðҋfÊ(‡â:ŵUw®{Ì ÿŽ!?í¢× ÊñŒ÷Æ»VŽß—‘ +±7ŽT•¥Ã +bˆq¶ŽŸo]衁Šén`%튫4PòÑiç¶ +8NÁO­؍¯”š=/ÚDÙŸ/BnX˜C“ŠKÖl"Ëœ„΍³Ðô¥9J +{?L–ÎûӛÄ3òc +endstream +endobj +2682 0 obj << +/Type /Page +/Contents 2683 0 R +/Resources 2681 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2730 0 R +/Annots [ 2678 0 R 2679 0 R 2680 0 R ] +>> endobj +2678 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [299.735 277.606 346.559 288.51] +/Subtype /Link +/A << /S /GoTo /D (0:FILEDEF) >> +>> endobj +2679 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [355.166 277.606 401.99 288.51] +/Subtype /Link +/A << /S /GoTo /D (0:LOGDEF) >> +>> endobj +2680 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [427.474 277.606 479.28 288.51] +/Subtype /Link +/A << /S /GoTo /D (0:MONDEF) >> +>> endobj +2684 0 obj << +/D [2682 0 R /XYZ 71.731 729.265 null] +>> endobj +995 0 obj << +/D [2682 0 R /XYZ 71.731 718.306 null] +>> endobj +246 0 obj << +/D [2682 0 R /XYZ 235.861 676.38 null] +>> endobj +2685 0 obj << +/D [2682 0 R /XYZ 71.731 645.402 null] +>> endobj +2686 0 obj << +/D [2682 0 R /XYZ 137.534 637.047 null] +>> endobj +2687 0 obj << +/D [2682 0 R /XYZ 71.731 589.062 null] +>> endobj +2688 0 obj << +/D [2682 0 R /XYZ 71.731 589.062 null] +>> endobj +2689 0 obj << +/D [2682 0 R /XYZ 414.781 578.268 null] +>> endobj +2690 0 obj << +/D [2682 0 R /XYZ 463.199 578.268 null] +>> endobj +2691 0 obj << +/D [2682 0 R /XYZ 71.731 543.234 null] +>> endobj +2692 0 obj << +/D [2682 0 R /XYZ 71.731 543.234 null] +>> endobj +2693 0 obj << +/D [2682 0 R /XYZ 132.005 519.488 null] +>> endobj +2694 0 obj << +/D [2682 0 R /XYZ 71.731 517.331 null] +>> endobj +2695 0 obj << +/D [2682 0 R /XYZ 71.731 502.387 null] +>> endobj +2696 0 obj << +/D [2682 0 R /XYZ 260.198 492.888 null] +>> endobj +2697 0 obj << +/D [2682 0 R /XYZ 384.794 492.888 null] +>> endobj +2698 0 obj << +/D [2682 0 R /XYZ 71.731 489.786 null] +>> endobj +2699 0 obj << +/D [2682 0 R /XYZ 149.44 473.76 null] +>> endobj +2700 0 obj << +/D [2682 0 R /XYZ 149.44 473.76 null] +>> endobj +2701 0 obj << +/D [2682 0 R /XYZ 71.731 460.108 null] +>> endobj +2702 0 obj << +/D [2682 0 R /XYZ 149.44 445.466 null] +>> endobj +2703 0 obj << +/D [2682 0 R /XYZ 173.281 445.466 null] +>> endobj +996 0 obj << +/D [2682 0 R /XYZ 76.712 399.239 null] +>> endobj +250 0 obj << +/D [2682 0 R /XYZ 234.931 353.985 null] +>> endobj +2704 0 obj << +/D [2682 0 R /XYZ 71.731 330.229 null] +>> endobj +2705 0 obj << +/D [2682 0 R /XYZ 148.085 321.108 null] +>> endobj +2706 0 obj << +/D [2682 0 R /XYZ 71.731 299.026 null] +>> endobj +2707 0 obj << +/D [2682 0 R /XYZ 71.731 299.026 null] +>> endobj +2708 0 obj << +/D [2682 0 R /XYZ 71.731 297.781 null] +>> endobj +2709 0 obj << +/D [2682 0 R /XYZ 137.484 280.759 null] +>> endobj +2710 0 obj << +/D [2682 0 R /XYZ 71.731 246.099 null] +>> endobj +2711 0 obj << +/D [2682 0 R /XYZ 71.731 246.099 null] +>> endobj +2712 0 obj << +/D [2682 0 R /XYZ 71.731 246.099 null] +>> endobj +2713 0 obj << +/D [2682 0 R /XYZ 147.447 229.95 null] +>> endobj +2714 0 obj << +/D [2682 0 R /XYZ 162.67 229.95 null] +>> endobj +2715 0 obj << +/D [2682 0 R /XYZ 71.731 214.842 null] +>> endobj +2716 0 obj << +/D [2682 0 R /XYZ 147.447 199.066 null] +>> endobj +2717 0 obj << +/D [2682 0 R /XYZ 165.43 199.066 null] +>> endobj +2718 0 obj << +/D [2682 0 R /XYZ 71.731 186.015 null] +>> endobj +2719 0 obj << +/D [2682 0 R /XYZ 147.447 168.181 null] +>> endobj +2720 0 obj << +/D [2682 0 R /XYZ 209.065 168.181 null] +>> endobj +2721 0 obj << +/D [2682 0 R /XYZ 71.731 166.025 null] +>> endobj +2722 0 obj << +/D [2682 0 R /XYZ 147.447 150.249 null] +>> endobj +2723 0 obj << +/D [2682 0 R /XYZ 165.43 150.249 null] +>> endobj +2724 0 obj << +/D [2682 0 R /XYZ 332.93 150.249 null] +>> endobj +2725 0 obj << +/D [2682 0 R /XYZ 417.83 137.297 null] +>> endobj +2726 0 obj << +/D [2682 0 R /XYZ 71.731 135.14 null] +>> endobj +2727 0 obj << +/D [2682 0 R /XYZ 147.447 119.365 null] +>> endobj +2728 0 obj << +/D [2682 0 R /XYZ 209.464 119.365 null] +>> endobj +2729 0 obj << +/D [2682 0 R /XYZ 377.592 119.365 null] +>> endobj +2681 0 obj << +/Font << /F25 852 0 R /F31 858 0 R /F48 1258 0 R /F33 859 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2733 0 obj << +/Length 1573 +/Filter /FlateDecode +>> +stream +xÚœXKÛ6ŸçWøhk®H‰zÈa“l +Ú‰/EÒ-Ó6YD)îE{‡æC¢¬M6(ËZ֒Ùo>Î|ãhqXD‹·Ï^nžÝŸ‰ãEŠ”€‹Í~ArŠœ-²˜ œ’Åf·øŽ|udMÇÛ՚ÐhI‘ù|%ëÏQD}+êƒy¥ØéÈD}cŸuGn +ŽRuæIÔ +_%ÑòЊîÁŒ:ÉZt²]ý¹ùåYdÝrŸà +ù¶Æ4CyAkš¢4΍s{Ÿ.f7îð +ëؖ)ûíÔ;W¶Ü¹$:Á*ñ7ßÙÀÞïíìJVµœí¬»| +éò/¡:u®RGÙW»ÐöŽWŒãöåçˆF óâ,ªÊ<Õ²Ó1˜P!L‚ +ŠMtRŸ÷UÿáíPãöØíŠDËÞyØ4ŒÞÁØþ×à9I-Ž(ʒPºXÛuc˜IÒšpËD­:ßÚÝÏØM0¢Q2¬݌QLáÑ­™ÃªW|÷Üñ€ÀDœ.֚‘Yf-Œ\ÛÓh‘ß4¹x•AxìÕ?Cď2 +FÓør& +ÙÏìcÇÚ. œãÓ +DY†Èi©Óyä¥Nᗹ$šÈ=X'¹ã–™÷† +žUvîŠ ånÓÎózr +K_Y'díH‘Š¬q©öj^®!2ÌŽE¡”§«m+QÛ=²ÑÖç2ý¿–€Ø +Zk»ÌOÍâÍ*WŒí¶¯gòÄ,bÌҐ•_­ì]@M+K®Ü%±h~#ú +þõ7@H#ˆ.žÐZaš˜kBRSž&YŽRG]ŠˆŠN–/ïtÙýªÇDŶ+ +^só¯RqtTýÉŒÝ÷u©cQ3â9ÁaDw—ö¡éä¡eÍQ”¶ü3u4OΊeh˜YóõY»Â +&«¯Ñ$@ÄžðÔx§kë +v£(õ×n/åŒ) +°Åþ²é:0Eùp}U_ + +XvgÊFÑIO˜Š÷õ6ð€Dóü§³Ž +Šh‘‡fßʓYœO%d@v}*OÅŸþÏõ'Qï±­ø70 ŽÅQŽHç\`ú°Äû?a +øÿ4ló'`›}ÛÅ8›@áʪ‹Z×\š +×A' Š"êvoY;sAãGšxítœ#<Ž’§Qk8x~Jâ'Üã‹+àþiÉXÇ9Ž†žû–>õ +ÅÉw)9ƒ +aU%W„Âë g-o*VÎ2•@ÎIúL=CŸ»ih„äG²¯ +IwÇÊ#«^‰Úûªøj°ië8ǐ8l¿×£çju¯Ø{ +8.ÛÙÓÊýž +Â퉑YuI²RÌj'hV³í)ëiæü5RÇuô¹"ÎjmüÁ`ƒb2rä•ÐvÊÐëqøæ!«C‘ +B_”|wJÑ)—CèîŠóÁ%·Ü$m"$Þh—] +1ˆz8s*t4‹V)Köœ³§äÉ%}žMß6R +@Ž• +è€i–7ïßÞ1ÃÆŽž€' `‰y*Ùžñikûé©ìwõŽ·ÊmóqÜWÂ<ŒGv²Êُƒp_we + ƒ|žg,L ÖŸ©Jև›¹XŒ +€Ðæ%Ä©©ø‰×~Nä{ +ÿ +e^WN +™Ï˜¬·~2u‡¥ÉðòÄÊ#èQå"_e`³<Ö¢d•Cžš‡ÆqXŠ;÷öƒ$fWÓF㋂.ªÇ®kžßޞÏçUJ—šTš»œ+kÄJ$ªÛ·:#·x#ÛNÝnV1]Šoo‡’4a÷݄ºvV +N +G7S{ð}M'P}|w·ÆU*§H[îî4¹šfjTså1 +î+|é +öfs—?×2ïÂ)j”`T+ +,ò2àµ8èÅUwW +ä + +ÐuÅË”_ð懔åÅ#F“¹þ S+ +ýðÈ-¿>WBÙöT@é‡ñ&€íR“tƒöûö—¡Aéš`ƙӟ[^2?Â9.)^öÃÏPMÉÛZÍËyýÕº+rš<» gœdË'ų6nÎ].Ö4•0=D¡éïã¬ÁŒŠJ7!E˜Ú©.¡ÁžûͳÿýØÛ +endstream +endobj +2732 0 obj << +/Type /Page +/Contents 2733 0 R +/Resources 2731 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2730 0 R +>> endobj +2734 0 obj << +/D [2732 0 R /XYZ 71.731 729.265 null] +>> endobj +2735 0 obj << +/D [2732 0 R /XYZ 124.533 694.147 null] +>> endobj +2736 0 obj << +/D [2732 0 R /XYZ 137.484 676.214 null] +>> endobj +2737 0 obj << +/D [2732 0 R /XYZ 430.91 676.214 null] +>> endobj +2738 0 obj << +/D [2732 0 R /XYZ 243.227 663.263 null] +>> endobj +2739 0 obj << +/D [2732 0 R /XYZ 314.34 663.263 null] +>> endobj +2740 0 obj << +/D [2732 0 R /XYZ 71.731 641.181 null] +>> endobj +2741 0 obj << +/D [2732 0 R /XYZ 71.731 641.181 null] +>> endobj +2742 0 obj << +/D [2732 0 R /XYZ 185.085 630.386 null] +>> endobj +2743 0 obj << +/D [2732 0 R /XYZ 124.533 616.189 null] +>> endobj +2744 0 obj << +/D [2732 0 R /XYZ 137.484 598.257 null] +>> endobj +2745 0 obj << +/D [2732 0 R /XYZ 158.794 598.257 null] +>> endobj +2746 0 obj << +/D [2732 0 R /XYZ 204.731 598.257 null] +>> endobj +2747 0 obj << +/D [2732 0 R /XYZ 71.731 563.223 null] +>> endobj +2748 0 obj << +/D [2732 0 R /XYZ 71.731 563.223 null] +>> endobj +2749 0 obj << +/D [2732 0 R /XYZ 185.085 552.428 null] +>> endobj +2750 0 obj << +/D [2732 0 R /XYZ 71.731 532.324 null] +>> endobj +2751 0 obj << +/D [2732 0 R /XYZ 166.017 519.552 null] +>> endobj +2752 0 obj << +/D [2732 0 R /XYZ 71.731 497.47 null] +>> endobj +2753 0 obj << +/D [2732 0 R /XYZ 71.731 497.47 null] +>> endobj +2754 0 obj << +/D [2732 0 R /XYZ 198.087 486.675 null] +>> endobj +997 0 obj << +/D [2732 0 R /XYZ 71.731 453.3 null] +>> endobj +254 0 obj << +/D [2732 0 R /XYZ 350.343 408.046 null] +>> endobj +2755 0 obj << +/D [2732 0 R /XYZ 71.731 387.905 null] +>> endobj +2756 0 obj << +/D [2732 0 R /XYZ 331.943 375.169 null] +>> endobj +2757 0 obj << +/D [2732 0 R /XYZ 343.012 375.169 null] +>> endobj +2758 0 obj << +/D [2732 0 R /XYZ 487.745 375.169 null] +>> endobj +2759 0 obj << +/D [2732 0 R /XYZ 498.814 375.169 null] +>> endobj +2760 0 obj << +/D [2732 0 R /XYZ 141.41 362.218 null] +>> endobj +2761 0 obj << +/D [2732 0 R /XYZ 265.822 362.218 null] +>> endobj +2762 0 obj << +/D [2732 0 R /XYZ 306.31 362.218 null] +>> endobj +2763 0 obj << +/D [2732 0 R /XYZ 317.378 362.218 null] +>> endobj +2764 0 obj << +/D [2732 0 R /XYZ 381.037 362.218 null] +>> endobj +2765 0 obj << +/D [2732 0 R /XYZ 438.176 362.218 null] +>> endobj +2766 0 obj << +/D [2732 0 R /XYZ 449.245 362.218 null] +>> endobj +2767 0 obj << +/D [2732 0 R /XYZ 479.786 362.218 null] +>> endobj +2768 0 obj << +/D [2732 0 R /XYZ 490.854 362.218 null] +>> endobj +2769 0 obj << +/D [2732 0 R /XYZ 242.878 349.266 null] +>> endobj +2770 0 obj << +/D [2732 0 R /XYZ 281.712 349.266 null] +>> endobj +2771 0 obj << +/D [2732 0 R /XYZ 71.731 327.184 null] +>> endobj +2772 0 obj << +/D [2732 0 R /XYZ 389.886 316.39 null] +>> endobj +2773 0 obj << +/D [2732 0 R /XYZ 71.731 281.356 null] +>> endobj +2774 0 obj << +/D [2732 0 R /XYZ 395.833 270.561 null] +>> endobj +2775 0 obj << +/D [2732 0 R /XYZ 166.864 231.707 null] +>> endobj +2776 0 obj << +/D [2732 0 R /XYZ 71.731 209.625 null] +>> endobj +2777 0 obj << +/D [2732 0 R /XYZ 147.507 185.879 null] +>> endobj +2778 0 obj << +/D [2732 0 R /XYZ 232.716 185.879 null] +>> endobj +998 0 obj << +/D [2732 0 R /XYZ 71.731 156.574 null] +>> endobj +2731 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R /F25 852 0 R /F70 1676 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2782 0 obj << +/Length 1202 +/Filter /FlateDecode +>> +stream +xÚÍWMsÛ6œûWð(ÍX0 ’¢èCgÚØNÛif:ni ‘šI‚C€U”_Ÿ +ðÁӉө۞~ˆxûöíîƒïžïœœúauó†^ŠÒ-Þzû£‡w1Š‚ÄKBŒv1öö¹÷aõŠ$­€Ýzƒc#ýû†7¿û>.úŽ5 +Ÿ%H]Ö\ë+YRœ(¹zÅIב¿*:&ÏúVÍ&y·þcÿó•o`Ý<àØ +„ƒ8R 68Ñv· +E‚?Òšb*(ÉnõÀ*ªW‚ +‘}G +ú ÄŒb‹ŽÃ·Q¡%‰þˆ¬±œÖ¿âݣЗ±  +íˆtaý“ID˜ ùÑì8f3HB”ÂÒכ)Ÿ*óŸEº“Õ"Ú8F»ÀþÓPJš\/*âò‘ñº%CÆ{b +¯ :K¿,‰T;8EI„¥q 7™$¹þíhƋ†}¢O¿_óœ©ë +ÈápožÁFòœæ79­š€ùøÿ]pøÓd˜<ŽØ¡Â +'«úœÞÎd„%(Mü@‹|F©!ãøéë¿—•å×€4HñæÀ +[Ywn%/:Җ,3·Jš=ŠŸ +˜ï]`œp9pÊßÿôöþ7SD”†”ªà ÿ²¶„Ä>© 0[ãxõ×:ˆWŽ:[†Æ)zÿã÷›ÀÎpüî.6pˆ‘ñZD4‡¯×_bm£yØ@¹¥ Ýo§ÎËžÅ0%Bgý_"Ï퉃«$ž[Ÿ®f‹Ž÷íË·ÆGÆYF +)™–v5Bæ+Çkd÷ +kú†÷Š:ß:ÆCRˆgòA•Ö?JüŽ·ˆ³tT"‚RÓ$wã›h—ŠJmK ƒN'»åxhÈ_« +¥ºø?"KVS!I݊ÿC‘LgÑ'úºÂtÛ6}}°•a (IgÇk +_Y­5Ž©yeÖäO{:˜jÁ,[À«d8<ƒÔ•Œ^ŽC:ðHêçzœ"Q™éÄ +B`˺3M\L<Ž8×^Ùñ§Ÿ¬bÕÃÛFûh盡{G[ÚänÚÖà¶j/ƒš?Û:傚—Ž./æ]ÒI–õéŠåáhŸ"í‚Ê'”X7S“ót8^Fù˜Š£6¡nâ™/zœQCrùó>\ +œ§™zÑzå³·Vß鮣Ѭ1ÌiiçuO*VU= ‚5²ž˜­Î†Ã« +vŠ9ÒMof ­õ¶(JSëŸ#ãŸïšŠ°Ñiƒk'XgŠ#àJ}Ô·.IdTÜêËôÚkœÔ: +EÉU’OÊë›G`' +»#èá†\gþ_àÕ÷¥U§“¬gH[)£k +—<õ±¢¥;ž-“3afî4C†/OwXN<ìԇå +œ2ÃìQòŸÊêܜ Ÿæs{?ÚËŒãJj^A³]œñé S + +ª-r˜¢0 FïÆûŒ’Œÿ +G((= þH;—©ÁÒvÄHºíè&ך³Õ·&Sç„Ëå=±|,Ô¶ƒj¶É±Ž҆lA:€z!-/ +ÁõkE²ù¹pÒN-- +}ŸAdÀž˜-|AUEÏt +'¢Vœ?°º, +×Lݙo€ +c6‚Ƨ×ÌUœÂ!q»ƒQfJ6ÚNþr¿¿ú +åA!ì +endstream +endobj +2781 0 obj << +/Type /Page +/Contents 2782 0 R +/Resources 2780 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2730 0 R +/Annots [ 2779 0 R ] +>> endobj +2779 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [193.822 327.501 248.118 338.405] +/Subtype /Link +/A << /S /GoTo /D (0:POLICY) >> +>> endobj +2783 0 obj << +/D [2781 0 R /XYZ 71.731 729.265 null] +>> endobj +258 0 obj << +/D [2781 0 R /XYZ 226.737 705.748 null] +>> endobj +2784 0 obj << +/D [2781 0 R /XYZ 71.731 681.992 null] +>> endobj +2785 0 obj << +/D [2781 0 R /XYZ 71.731 681.992 null] +>> endobj +2786 0 obj << +/D [2781 0 R /XYZ 293.478 672.871 null] +>> endobj +2787 0 obj << +/D [2781 0 R /XYZ 71.731 637.837 null] +>> endobj +2788 0 obj << +/D [2781 0 R /XYZ 71.731 604.961 null] +>> endobj +2789 0 obj << +/D [2781 0 R /XYZ 71.731 604.961 null] +>> endobj +2790 0 obj << +/D [2781 0 R /XYZ 71.731 603.715 null] +>> endobj +2791 0 obj << +/D [2781 0 R /XYZ 129.514 586.694 null] +>> endobj +2792 0 obj << +/D [2781 0 R /XYZ 71.731 571.96 null] +>> endobj +2793 0 obj << +/D [2781 0 R /XYZ 129.514 555.81 null] +>> endobj +2794 0 obj << +/D [2781 0 R /XYZ 71.731 554.37 null] +>> endobj +2795 0 obj << +/D [2781 0 R /XYZ 129.514 537.877 null] +>> endobj +2796 0 obj << +/D [2781 0 R /XYZ 71.731 535.72 null] +>> endobj +2797 0 obj << +/D [2781 0 R /XYZ 129.514 519.944 null] +>> endobj +2798 0 obj << +/D [2781 0 R /XYZ 71.731 517.788 null] +>> endobj +2799 0 obj << +/D [2781 0 R /XYZ 129.514 502.012 null] +>> endobj +2800 0 obj << +/D [2781 0 R /XYZ 71.731 499.855 null] +>> endobj +2801 0 obj << +/D [2781 0 R /XYZ 129.514 484.079 null] +>> endobj +2802 0 obj << +/D [2781 0 R /XYZ 321.413 484.079 null] +>> endobj +2803 0 obj << +/D [2781 0 R /XYZ 71.731 481.922 null] +>> endobj +2804 0 obj << +/D [2781 0 R /XYZ 129.514 466.146 null] +>> endobj +2805 0 obj << +/D [2781 0 R /XYZ 71.731 463.989 null] +>> endobj +2806 0 obj << +/D [2781 0 R /XYZ 129.514 448.213 null] +>> endobj +2807 0 obj << +/D [2781 0 R /XYZ 71.731 446.774 null] +>> endobj +2808 0 obj << +/D [2781 0 R /XYZ 129.514 430.281 null] +>> endobj +2809 0 obj << +/D [2781 0 R /XYZ 71.731 428.841 null] +>> endobj +2810 0 obj << +/D [2781 0 R /XYZ 129.514 412.348 null] +>> endobj +2811 0 obj << +/D [2781 0 R /XYZ 71.731 410.191 null] +>> endobj +2812 0 obj << +/D [2781 0 R /XYZ 129.514 394.415 null] +>> endobj +2813 0 obj << +/D [2781 0 R /XYZ 71.731 356.557 null] +>> endobj +999 0 obj << +/D [2781 0 R /XYZ 71.731 327.252 null] +>> endobj +262 0 obj << +/D [2781 0 R /XYZ 135.806 261.775 null] +>> endobj +2814 0 obj << +/D [2781 0 R /XYZ 71.731 241.634 null] +>> endobj +1968 0 obj << +/D [2781 0 R /XYZ 71.731 213.79 null] +>> endobj +266 0 obj << +/D [2781 0 R /XYZ 290.958 176.574 null] +>> endobj +2815 0 obj << +/D [2781 0 R /XYZ 71.731 153.457 null] +>> endobj +2816 0 obj << +/D [2781 0 R /XYZ 71.731 153.457 null] +>> endobj +2780 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F38 956 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2819 0 obj << +/Length 931 +/Filter /FlateDecode +>> +stream +xÚÕWMoÛ8œçWèh5W€>(hŽè×bÛ +÷Ô. +ÅXD$Q%©¶Þ_¿€Iʒ#'N-z%Q3oޛŽâhÅÑë‹ç›‹?^%IŽë +åÑæ&BERˆ#œ Pd(ڔѧŋŠtšÉå +eñ"îúBŽŸãm{ÉÛ­{€HSÞ>qwºbnQ ¥ÝŠ·š-Óx±•\ïÜ£FŽ\ +¹ügóçEìaLp„ió +y­P +²žp 6Á2Ó(ÖfFÂCQ0›&ß¹Ò¬¥lŸQñÐ(î4@Õ1º +šØ˜Ï0€”\šÉJÈÝQ{\¡$I‘L+Mé‡a ™a:ŠÿœhÙùüŸšÄ†&CëŸ +æ×ãIÌïò¥6™ÞƟÑÑއŠ¶Õ(âƒ_k`FË£óŖÙ]Mžø à +‹‡b}] +_z +NGíó²«É š®ŽÅߙŽi<àZÐÛá +Ù{üŵúsŠKrjºôÙüQ1Ÿ?ÛŒ5?;œÔÆW„ž +§‰wz"kÁñ_Ò8Y +AQŽÊ2¥Þ_Š'ŸŒÜ\üq³É +endstream +endobj +2818 0 obj << +/Type /Page +/Contents 2819 0 R +/Resources 2817 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2730 0 R +>> endobj +2820 0 obj << +/D [2818 0 R /XYZ 71.731 729.265 null] +>> endobj +2821 0 obj << +/D [2818 0 R /XYZ 71.731 741.22 null] +>> endobj +2822 0 obj << +/D [2818 0 R /XYZ 71.731 718.306 null] +>> endobj +2823 0 obj << +/D [2818 0 R /XYZ 304.197 708.344 null] +>> endobj +2824 0 obj << +/D [2818 0 R /XYZ 71.731 691.243 null] +>> endobj +2825 0 obj << +/D [2818 0 R /XYZ 71.731 678.291 null] +>> endobj +2826 0 obj << +/D [2818 0 R /XYZ 139.477 662.516 null] +>> endobj +2827 0 obj << +/D [2818 0 R /XYZ 71.731 640.433 null] +>> endobj +2828 0 obj << +/D [2818 0 R /XYZ 71.731 592.528 null] +>> endobj +2829 0 obj << +/D [2818 0 R /XYZ 71.731 577.42 null] +>> endobj +2830 0 obj << +/D [2818 0 R /XYZ 139.477 561.644 null] +>> endobj +2831 0 obj << +/D [2818 0 R /XYZ 71.731 539.562 null] +>> endobj +2832 0 obj << +/D [2818 0 R /XYZ 71.731 504.608 null] +>> endobj +2833 0 obj << +/D [2818 0 R /XYZ 71.731 489.499 null] +>> endobj +2834 0 obj << +/D [2818 0 R /XYZ 139.477 473.724 null] +>> endobj +2835 0 obj << +/D [2818 0 R /XYZ 276.721 460.772 null] +>> endobj +2836 0 obj << +/D [2818 0 R /XYZ 71.731 438.69 null] +>> endobj +2837 0 obj << +/D [2818 0 R /XYZ 71.731 390.785 null] +>> endobj +2838 0 obj << +/D [2818 0 R /XYZ 71.731 377.734 null] +>> endobj +2839 0 obj << +/D [2818 0 R /XYZ 139.477 359.9 null] +>> endobj +2840 0 obj << +/D [2818 0 R /XYZ 71.731 337.818 null] +>> endobj +2841 0 obj << +/D [2818 0 R /XYZ 71.731 302.864 null] +>> endobj +2842 0 obj << +/D [2818 0 R /XYZ 71.731 287.756 null] +>> endobj +2843 0 obj << +/D [2818 0 R /XYZ 139.477 271.98 null] +>> endobj +2844 0 obj << +/D [2818 0 R /XYZ 334.056 271.98 null] +>> endobj +2845 0 obj << +/D [2818 0 R /XYZ 71.731 248.966 null] +>> endobj +2846 0 obj << +/D [2818 0 R /XYZ 71.731 233.958 null] +>> endobj +2847 0 obj << +/D [2818 0 R /XYZ 139.477 218.182 null] +>> endobj +2848 0 obj << +/D [2818 0 R /XYZ 139.477 205.23 null] +>> endobj +2849 0 obj << +/D [2818 0 R /XYZ 71.731 183.148 null] +>> endobj +2850 0 obj << +/D [2818 0 R /XYZ 71.731 135.243 null] +>> endobj +2851 0 obj << +/D [2818 0 R /XYZ 71.731 122.192 null] +>> endobj +2852 0 obj << +/D [2818 0 R /XYZ 139.477 104.359 null] +>> endobj +2817 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F11 2489 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2857 0 obj << +/Length 1338 +/Filter /FlateDecode +>> +stream +xÚÍWYoã6~ϯУÆŽnÉZ Í&Ù+ +o4Í#Ñ6YD9Y÷×w†‡D9^4-°À>‰əofŸ9ä:+Çu.Ž~[ +MσÀ™‘YìÇÎbéøiDB/q’À'iä;‹Ü¹®iݲf<ñ#wõ<­Ê¿\×_m^®Ô'A7kÊËcõÖ®™Z¬+Ѫ/[6ÝѪáíN}ÚT%o«fü°øxäjX€É³0MŒ8"i +9?$‘›*P_kŒÁ5ót<žëÃq/!3°N +ÿj8-øß,×ðªµhX]5 - ++çh^F[^•‚ "šû>™yaÃÿAp?Žð +8üï +#R‚oVðòéíH.‡¢•Ÿj©Qñ +-ÝÔB³[bœ€enè]åšó/Ü ~Ô_øª¬cäéšeOb»ß:ý<ö¢k$ séq'­u6Øi’3ß`ÂäMjçòŒÄî +ÎËsÓ­hŠâ‘—Óº{éHyG +žL@‹ê–;-ÇÎ?Ï +IìÅFÎÿŚkôuUð +ñê”6ß1ÛËÜ _VÍkӔ¯‡®®uàQ®ã„Ä—ñBÃ= +ƒ¡œ¯RX¶mécÁÄŽà +m8]dŠFmΖA¥é6³ªl¡ZõÕk›­Õ +‘4mè9ªè€0žSˆœÀ/· +T»æ`xº2i›Z[Œ +HêÜËÏ·€¶»E™€{§F¿£‹u›b +ÔRÎӉTýhôR>(œš³«ŠÚÖz]³fà +@DǶ4ówµ!:$=óLo•ÛÍã@êš69ÆÎȱיŠžÁõ +ÏšŒW’*îÔ:£¥ZÈL‚§©’‡ðÎõŸjOxCGHœuŠÃZèH$‘ +Øwg$õ:(—\d‡ðz$H»|á­ÆËÊè¬R\„/û²ŸçÅÇ +ÐÊ#q€£õ²0s­œ÷Ÿ¯ú=“åÖþ‡«ë~_¶AkóËíØÍûý-LÖöÅüf`š®+Uw<]..{'m°/[²~ +{à2û +œHF§öf¶wýößý&txÙ\¬Ëówg¿÷  +®)‡p»DŽ²$ +ïõ»þŠŽËs7CŸÝÌÏz‡™ŽèˎšxÄK èôï,>›v‡Š\Ìñü5Bü£5(oÚ@Í +Md'd>œè¬ˆ®óQDî£^r 6¢aP±=§ë9+±ôÉ#H5frb‰(;òrÃ,ë|W3©9|úOµ +„÷MÈ +IÆŸúÏÐSaœ?Öð±óúDÝ?盚9 +žk@Ššeö<óz†ÚkÒgкA€›ŒôÜaz)ÆïÙDÈþ¡ZV#lêýð²ƒaæëɁ)ÐhNLZ¡»Xwõ= +?¿nZ\n‹bZÓv=m«)hž.yÁ6Q×:[÷jûN‚ž5ï + l!ç«ØÅÉŠnׯYûŠößr$˜c’X€õ‡ÃAílqôGþ‰ +endstream +endobj +2856 0 obj << +/Type /Page +/Contents 2857 0 R +/Resources 2855 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2730 0 R +/Annots [ 2853 0 R ] +>> endobj +2853 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [241.145 485.016 295.441 495.92] +/Subtype /Link +/A << /S /GoTo /D (0:PRELINK) >> +>> endobj +2858 0 obj << +/D [2856 0 R /XYZ 71.731 729.265 null] +>> endobj +2859 0 obj << +/D [2856 0 R /XYZ 71.731 718.306 null] +>> endobj +2860 0 obj << +/D [2856 0 R /XYZ 71.731 708.244 null] +>> endobj +2861 0 obj << +/D [2856 0 R /XYZ 139.477 690.411 null] +>> endobj +2862 0 obj << +/D [2856 0 R /XYZ 71.731 667.397 null] +>> endobj +2863 0 obj << +/D [2856 0 R /XYZ 139.477 649.564 null] +>> endobj +2864 0 obj << +/D [2856 0 R /XYZ 71.731 637.445 null] +>> endobj +2865 0 obj << +/D [2856 0 R /XYZ 71.731 626.551 null] +>> endobj +2866 0 obj << +/D [2856 0 R /XYZ 139.477 608.717 null] +>> endobj +2867 0 obj << +/D [2856 0 R /XYZ 71.731 596.598 null] +>> endobj +2868 0 obj << +/D [2856 0 R /XYZ 71.731 585.704 null] +>> endobj +2869 0 obj << +/D [2856 0 R /XYZ 139.477 567.87 null] +>> endobj +2870 0 obj << +/D [2856 0 R /XYZ 71.731 555.751 null] +>> endobj +2871 0 obj << +/D [2856 0 R /XYZ 71.731 544.857 null] +>> endobj +2872 0 obj << +/D [2856 0 R /XYZ 139.477 527.024 null] +>> endobj +2873 0 obj << +/D [2856 0 R /XYZ 169.085 514.072 null] +>> endobj +2874 0 obj << +/D [2856 0 R /XYZ 71.731 466.087 null] +>> endobj +2875 0 obj << +/D [2856 0 R /XYZ 76.712 424.458 null] +>> endobj +2876 0 obj << +/D [2856 0 R /XYZ 71.731 409.514 null] +>> endobj +2877 0 obj << +/D [2856 0 R /XYZ 374.689 397.858 null] +>> endobj +2878 0 obj << +/D [2856 0 R /XYZ 139.477 386.202 null] +>> endobj +2879 0 obj << +/D [2856 0 R /XYZ 211.342 386.202 null] +>> endobj +2880 0 obj << +/D [2856 0 R /XYZ 272.716 386.202 null] +>> endobj +2881 0 obj << +/D [2856 0 R /XYZ 344.581 386.202 null] +>> endobj +2882 0 obj << +/D [2856 0 R /XYZ 71.731 332.6 null] +>> endobj +2883 0 obj << +/D [2856 0 R /XYZ 71.731 332.6 null] +>> endobj +2884 0 obj << +/D [2856 0 R /XYZ 71.731 295.044 null] +>> endobj +270 0 obj << +/D [2856 0 R /XYZ 341.355 255.671 null] +>> endobj +2885 0 obj << +/D [2856 0 R /XYZ 71.731 232.776 null] +>> endobj +2886 0 obj << +/D [2856 0 R /XYZ 71.731 200.712 null] +>> endobj +2887 0 obj << +/D [2856 0 R /XYZ 71.731 200.712 null] +>> endobj +2888 0 obj << +/D [2856 0 R /XYZ 137.962 189.918 null] +>> endobj +2889 0 obj << +/D [2856 0 R /XYZ 71.731 168.778 null] +>> endobj +2890 0 obj << +/D [2856 0 R /XYZ 71.731 134.959 null] +>> endobj +2891 0 obj << +/D [2856 0 R /XYZ 71.731 134.959 null] +>> endobj +2892 0 obj << +/D [2856 0 R /XYZ 137.962 124.164 null] +>> endobj +2855 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F38 956 0 R /F25 852 0 R /F48 1258 0 R /F55 1386 0 R /F60 1440 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2896 0 obj << +/Length 2179 +/Filter /FlateDecode +>> +stream +xÚµYKãžŸÏ¯0úÒv`ÓzK›Ùt +AÆA3{%ÚVFC’·×ùõ)’ŧ4v÷ {iYl²XõUÕWEÊ[œÞâ¯þŒÿ°} ÃÅŽì’ Y쏋 ‹I䧋4 +H‹}¹øŒüxÎ/#íW› ö–1Ϗ]ûÅó‚Óµ¯Ú“òæœWíZŒg*~œ»a¿ªv€«È[žújŒ‰¡Šk«±ëW?ïÿþÁCµ@'ßÐiã'1ɒx± "{™Pj/ÅZTL•"«®ƒÝQBdµƒ†åùwÏ@ÏR¿>ƒÔŸŸµãòÁ6|8Ó5:ÕÝá B2ïe”\/—®)î{ìz¥Ày@¯šªi^*ÏÛg +ČWšŒ-sˆàÛ*‰—ÜêíK/2ß$báëC$,x‚0üÔqÀÓlÉ} ϲ炐Š¿"¢Ì‘¥ÄÏ2ؙ/ÿÁ^³Ú„ +w,ŒqgÁ“™#\ðš‹GÑÕµ +S¶ûQÎö‚š,@Öbäµâ¡ +’Is{ó<äq¡D¢°3íE@oАï“$F4žÈxYWÃ(0‡¡YŽÌ¹Wa@ªÈ_ž×á)ŠiuÀ„JMÃç×Uq‰x݋ж–I+bӊذ"H„.Ñò€#MWrÞá1ešUäê%̈ÁD8ÌîTØmB”—eÅü‚ð÷Žé˜7~Y°žÆQ +²ü¿mÞTDŒþH/ŽÅp5B +Á¯ÿR +ŒtuU܀!<éiäléöº–{¬|˜ +;BƎ¶äáZœ-ƒÐ‘Áà +cJ·†ŽÙÄwÔ -Þ70÷¶ÜJ€JZÓoG99ö]ó0¢•ƒ‡·ÙM̘Á‰¥T3V +Ýì¯, +°fbÛvޔáz˜ +yӁy=tڊãͱ eUâÚ +@eÚÛÂÏ@ÎuÕ~Õœ±áûÜÉ~°ÁUUÛP!w!ÜŸÄ¥f;I†MŸâOI3ðˆ—jžÂ;IŒ3WàížžGžÄŽªTØKJž³Wþ¯ìZ„óÀžêŠ·ïLŸ¢§ùš’ +-iÃrÔçuØ°BcŽê +HÀþœU^y‡PºŠŠXæØJò`S1§sâMê©j%ºÌfß,™°Ý.fe•µ|X4㐄»PuU‘¹òÏ+Kæ;mcJv)ø- © +¢)q;·Š +lTÓª¬ßř_×V‹-XG§‰;r”†²˜kx2a‹ñ·£³ÏŽR­Injòè€pS +¶ÛãŠ:uú4î=Ch7*š‰îÎ[Gœ€âƁÖG[4ÇAÏÚ1[ ©;³ +¯dkÛAëRÆÎqÃF* + + +QÙ`ÖUû·£(=„¬Qmðà9G"BÓI"Y«0]ræ@Ú±Â.Lˆ«ÙšÀ¿ݑ΀=v®î(^6»‚‚ )Â4¶œ:EB5îmÑõLÐ=žC!%œ +û°š–Ž-œ;H¶¶*uèÓç³Ùigož +À3ò”Æv:­ ‚ÊD‡Á>⩕]_ÊC*k&áÜLð +µ“= +<˚Ȅ%”¬§4ÃÈÅó™¿=É/Aßc%þKFG.³º2ãxæƲ‹ ÉMØ'2Wô}UJ>RŠ}Sv%óQGÛ ++7BïßÞTÝÙÜþ_^à(“ãýÆßaluŒ—ÏRAӍìêœXyÔÿz몱ŸYq-x­Tbʀ楜“» +Yš +©¶ÞÅj§ÁÙüÖ¶™S.6–LF_IqhÞ«èZMqm)o~Zil×J¬LïKŒyû_$}W@šÓsðé¥Róš|,Îj§þ*|­ÚIýèí”B©ïš{/—úŠöÒßíªÓY +š +ÝÑÚ Ú‘8ìøfÏ €~œ–7·A ++1›õp +Je$ÙœuŸž—! + ‰=çäÈRkã +ÇÌ&T‘ºjw9žß°æ­,­[Äé +ÓÓØ_[ö ïiÞ}3í£íÌYàeHèAÑèë]&û›-U˜†$Kº8&Þ«iŽ³–üeÿáéƒö +endstream +endobj +2895 0 obj << +/Type /Page +/Contents 2896 0 R +/Resources 2894 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2730 0 R +/Annots [ 2854 0 R ] +>> endobj +2854 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [383.061 705.191 437.357 716.095] +/Subtype /Link +/A << /S /GoTo /D (0:RECDEP) >> +>> endobj +2897 0 obj << +/D [2895 0 R /XYZ 71.731 729.265 null] +>> endobj +2898 0 obj << +/D [2895 0 R /XYZ 71.731 718.306 null] +>> endobj +2899 0 obj << +/D [2895 0 R /XYZ 71.731 673.31 null] +>> endobj +2900 0 obj << +/D [2895 0 R /XYZ 71.731 647.407 null] +>> endobj +2901 0 obj << +/D [2895 0 R /XYZ 71.731 632.463 null] +>> endobj +2902 0 obj << +/D [2895 0 R /XYZ 71.731 581.126 null] +>> endobj +2903 0 obj << +/D [2895 0 R /XYZ 328.476 548.045 null] +>> endobj +2904 0 obj << +/D [2895 0 R /XYZ 76.712 506.8 null] +>> endobj +274 0 obj << +/D [2895 0 R /XYZ 195.31 471.333 null] +>> endobj +2905 0 obj << +/D [2895 0 R /XYZ 71.731 471.183 null] +>> endobj +2906 0 obj << +/D [2895 0 R /XYZ 71.731 468.792 null] +>> endobj +2907 0 obj << +/D [2895 0 R /XYZ 137.484 448.618 null] +>> endobj +2908 0 obj << +/D [2895 0 R /XYZ 71.731 433.509 null] +>> endobj +2909 0 obj << +/D [2895 0 R /XYZ 137.484 417.734 null] +>> endobj +2910 0 obj << +/D [2895 0 R /XYZ 320.706 417.734 null] +>> endobj +2911 0 obj << +/D [2895 0 R /XYZ 71.731 402.625 null] +>> endobj +2912 0 obj << +/D [2895 0 R /XYZ 137.484 386.849 null] +>> endobj +2913 0 obj << +/D [2895 0 R /XYZ 227.695 373.898 null] +>> endobj +2914 0 obj << +/D [2895 0 R /XYZ 71.731 371.741 null] +>> endobj +2915 0 obj << +/D [2895 0 R /XYZ 147.447 355.965 null] +>> endobj +2916 0 obj << +/D [2895 0 R /XYZ 71.731 353.808 null] +>> endobj +2917 0 obj << +/D [2895 0 R /XYZ 147.447 338.032 null] +>> endobj +2918 0 obj << +/D [2895 0 R /XYZ 71.731 335.876 null] +>> endobj +2919 0 obj << +/D [2895 0 R /XYZ 147.447 320.1 null] +>> endobj +2920 0 obj << +/D [2895 0 R /XYZ 71.731 274.481 null] +>> endobj +2921 0 obj << +/D [2895 0 R /XYZ 137.484 258.331 null] +>> endobj +2922 0 obj << +/D [2895 0 R /XYZ 348.969 258.331 null] +>> endobj +2923 0 obj << +/D [2895 0 R /XYZ 137.484 245.38 null] +>> endobj +2924 0 obj << +/D [2895 0 R /XYZ 71.731 243.223 null] +>> endobj +2925 0 obj << +/D [2895 0 R /XYZ 137.484 227.447 null] +>> endobj +2926 0 obj << +/D [2895 0 R /XYZ 515.254 227.447 null] +>> endobj +2927 0 obj << +/D [2895 0 R /XYZ 71.731 225.29 null] +>> endobj +2928 0 obj << +/D [2895 0 R /XYZ 147.447 209.514 null] +>> endobj +2929 0 obj << +/D [2895 0 R /XYZ 71.731 207.358 null] +>> endobj +2930 0 obj << +/D [2895 0 R /XYZ 147.447 191.582 null] +>> endobj +2931 0 obj << +/D [2895 0 R /XYZ 71.731 184.443 null] +>> endobj +2932 0 obj << +/D [2895 0 R /XYZ 137.484 168.668 null] +>> endobj +2933 0 obj << +/D [2895 0 R /XYZ 210.359 168.668 null] +>> endobj +2934 0 obj << +/D [2895 0 R /XYZ 228.769 168.668 null] +>> endobj +2935 0 obj << +/D [2895 0 R /XYZ 441.978 155.716 null] +>> endobj +2936 0 obj << +/D [2895 0 R /XYZ 460.388 155.716 null] +>> endobj +2937 0 obj << +/D [2895 0 R /XYZ 309.199 142.765 null] +>> endobj +2938 0 obj << +/D [2895 0 R /XYZ 386.179 129.813 null] +>> endobj +2939 0 obj << +/D [2895 0 R /XYZ 71.731 101.754 null] +>> endobj +2894 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F25 852 0 R /F48 1258 0 R /F55 1386 0 R /F38 956 0 R /F60 1440 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2943 0 obj << +/Length 1431 +/Filter /FlateDecode +>> +stream +xÚœXÛnã6}ÏWéCí"’)ɺžÀHö†íö¿eƒ-і‰TI*ŽÿŸ€8T$EiÓ] /&ErÈ33g†C#çà çãÙÕölõ! +·‰ƒØÙî ŒµŸ8Ixi8Ûܹ]Œ-p# _ºA„‘gÚ·Œ~F(8ŽŒ€3$p]à’^˜/YÓ)˜ŠWRI–kŽ8ðRžÌPÍh)_Þm>C˶ +›?ÀæúQ⥛Èqƒµ¡Ô€KŒ‘¬sÛm»]ŠhÁÌ9Qàë’œroÚkM'M̗îV°TœšÄ &L{\újg~ßka‚,ýhñؐL’üÂê›q‚™äA¯$|ÇDo¶×Ze•¢·±ÆÏÉn E{8ô' + +BM·”NÍkJY˜Þ¹Û[¿”çŠÛŠ^êÜmìôžÁ4ãV¥ Žt²º‡uÞÙB#×OŒMš4Ñ4Jb£ÉûG\7ÖŽþ 6ôð:õüp£üØ­¿ž:ŠÑê4pŠ ˜GgÉî‡^V3ð@/¹rã§e +-ÀSF؏29ñؓlÈrË&)Hµ¿°f% V„œT©¯;k€^nà{±¿1ÚÝþIpþ›Òè®óPÆÉeUÝÍMïKí€×n +„^è‡Fò;³þ“JǗEûžï廜YèþdZ˜Úlº)}F(ËÄÊ2ŸÅ`˜º™È +Sg0* +ÖV9yA’ÎÈøÈS\ +ïH7î†IìEi26(T³Ve¥Ü|hŠè¶sŒîŒ»èZÓššÎ]CÇn9Þ)²58)La?@Ýõ)y àTÀ +feŠ‡. +诂 +µÜÅ3\—v€€÷® ßCï#Ë'HrF`®c·dÕÖÔ +Íšh+9GHgÒÊÊe^w9¿Ó—Y$`\|ê56xòŒË<æü#ˆå€"RÃ'ãÖÊ×ýr}àËV{wõôƒÜŠ»7üò{Պ'謕#Mû•3záœ$©*ÐÌ®Úé=ÿ͛blçþ + +ŽÂRO”9±óp +a䞲ãð@Ó +öÆ&~ýqýéz +6ÿG`¢ÍŠ1·Íµ2tŸò֘÷ï\ŸGé“™L|EŠŸÏï¶VøÖd~ÒŽÊúË_*û›Â8Ádö×çòK)y©ìMÄ+³îæ+Ñ0V­ê¿ZҒ¹{.%ëæ+rŸ2Ñ×Ց°ÎyÁÉs×yø?9Ù:ªÈ*q5Œé/leTZDDøSiJÙL] ƒŸ¯ +8ÜÖ¿ÃŒ“šé*ȔBù«X†3ÙZŒž£‡Yog{+Àlàæh‡Ÿ•pœ1ù•ÜAœðÄ¿“šßªTw/ÆÞŒâ% +_ÂÃá†ÜWªN+Í×Þºº°6ÙëªSO«» +órêÍl­ÆÛÞ¡Ým§; +7þêƒÙç +a$° rüµ®UÁmt‰*|£‹zy¡œ€‹›¶i8Â|Õª‡5s³Ô/aH˺K»ÃŽ«îVëØ¢-ñ^¶büŸÂD<ÒA£A +z3–! +õCD–ŒŽÉ—.û'Ã(6>£ï>ãLbi‰_±ÑSIš¥þÅôM¥Œné4€öÙ[ˆ5•µK:°K¬ÊŒ8ŠéÒOä2ÏIþÆÄÉ}uPbVû¶ª,‹•ó/‚Õä +'òø’üsOøÉڋS»"ÓÊ> endobj +2944 0 obj << +/D [2942 0 R /XYZ 71.731 729.265 null] +>> endobj +2945 0 obj << +/D [2942 0 R /XYZ 71.731 741.22 null] +>> endobj +2946 0 obj << +/D [2942 0 R /XYZ 137.484 708.344 null] +>> endobj +2947 0 obj << +/D [2942 0 R /XYZ 71.731 673.31 null] +>> endobj +2948 0 obj << +/D [2942 0 R /XYZ 71.731 673.31 null] +>> endobj +2949 0 obj << +/D [2942 0 R /XYZ 71.731 650.396 null] +>> endobj +2950 0 obj << +/D [2942 0 R /XYZ 71.731 492.465 null] +>> endobj +2951 0 obj << +/D [2942 0 R /XYZ 71.731 492.465 null] +>> endobj +2952 0 obj << +/D [2942 0 R /XYZ 71.731 467.681 null] +>> endobj +2953 0 obj << +/D [2942 0 R /XYZ 71.731 378.594 null] +>> endobj +2954 0 obj << +/D [2942 0 R /XYZ 71.731 378.594 null] +>> endobj +2955 0 obj << +/D [2942 0 R /XYZ 71.731 344.01 null] +>> endobj +2956 0 obj << +/D [2942 0 R /XYZ 71.731 276.851 null] +>> endobj +2957 0 obj << +/D [2942 0 R /XYZ 71.731 251.243 null] +>> endobj +278 0 obj << +/D [2942 0 R /XYZ 459.796 214.027 null] +>> endobj +2958 0 obj << +/D [2942 0 R /XYZ 71.731 190.91 null] +>> endobj +2959 0 obj << +/D [2942 0 R /XYZ 181.818 168.199 null] +>> endobj +2960 0 obj << +/D [2942 0 R /XYZ 243.775 168.199 null] +>> endobj +2961 0 obj << +/D [2942 0 R /XYZ 119.552 155.248 null] +>> endobj +2962 0 obj << +/D [2942 0 R /XYZ 186.49 155.248 null] +>> endobj +2963 0 obj << +/D [2942 0 R /XYZ 71.731 127.188 null] +>> endobj +2941 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R /F25 852 0 R /F38 956 0 R /F60 1440 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +2969 0 obj << +/Length 1959 +/Filter /FlateDecode +>> +stream +xÚÕXKã6ŸÏ¯0’cmYoÛ ’E'ٙ$@’Ãômfl‰–ž­Dª{<ðß*²HKu‚$» +,ú`’],~UõU±(U¬üÕëßݜ؜Š¢ÕÑ;Šaºº;­ÂCâÅÁ~µB«»|õvý}É:ÅûÍ6Lüuâ™ßïÛæï‡ÅЋŠ0K’Õ%͍™©’›AÙJeF¢Q|ûë¢êl–궪í7ïï~~á¬Ý«0Y +S#Šm'Þ1^mÃØKüƒÁôk«øWžk÷*>Œ„CÀï FKÝi +ûÚõÅPóF™™jÍÎÉ1éÁƒÿٝ?MÛóÛ|øëœç +'%{/=:yÖä +:ƒœÇÇ©Î_„”è²O5Š H¬tG’ ß[CÌOϋ¡bœ™ðMä¯?t=ÅmC&–Láà5e.ف—&{RÎTVrieIùiš*3ê˜*œ»Mú떄ž +rÞàêÐ;$æ|‹ó„3°“ +J‚ÀDžQ®úÌ$§ãd[sµ Ö¥Û\‰ä³ÿÄúéq>ôÁ`ߋ“ÈØùùf›ú>ð@H3BžÌÐù' +-ÇÁITn-ÇÈëáýÙüVmÑ·ŠõôŸøÜ+Ÿ" +VpéfŽž®‡^ññƬq•y°;Ð1Ѐ>tF‡î +Y¿ƒ'2Fädu#\3ç¢\r€h‡ +yLùû¥þGì +âp5ZþÚìCkDYI£/Pé +V‹žwføZ›õmsyçZ^j&*@w±æ]ú®î + +y‘<z~‘]ÛVŒ¿ +]˜ƒÇ.OµêÐäwA{oýíñ=*Ô³â#þã_|fNrÈŸ&Û4„r€õ +C~k2b†P/7XŒÌì ³$ë‡+uÜ?È(àëÄüõ!3F€6Ø\YÈâvŸ™)ÖHˆœCÊïQzP–íÍKRÚ|¢}=ö¹,uìÀôN7ôÈËç$žÖ9ÇôoŠÜÛý÷ƒŸbÜ;1%:3(™Ž‡S€ºŸE³ +¶ÅùúlÆÿ5ő +Ìxaµ–š]i5eHXêl”h +„Ç[šò€6†Ë✭à²l˜‹7Tx‡ uwÂiR×sÑóLÑñ„Ü¢€r4ŠÞÛ[¥ +·ñŠË÷$-'Š +¿ÙÁ˜ +7ŽSdrÛTçÏàî[/À‘ +Ï«&ôÖ +6!¢ÅN׌ÅOd§ž™Öb] +}ɝãSÃ{YBž#`²ŒÞæùã6°F§NÒ÷žu—PZ_Ïkà +œ©"Éö46Ašl³Žu×ç,±äp¿"W$ Sê¬KŸ„*[›é°J„|¶8¯cT`Ñ¢žªóîÕÀOìrs +ó(3­ÔÜJ9ÔînUWÏ¢@*@À” +QÞré*•©šÍ¬ +ºÂEàq£[קTºQÐQàÕÔªœ+(,W€©—F„ôuÛ.±FY9÷úË65l±=@óqÛìÓUKúðhŠXìvŠÝËњª;šáháJ²z +òîl}GfY‚ÝR.ŒáÏPðAž’Ä^§¡AM=,mÓœŠzcø3 +~87¬tKA©f÷L †K·‹ÅXcöcé®Û\`Êð +j‰Dº3Hë]£™ý4I)ÛßÀ#œ1@'Ÿ.ö6¥Ì +iž=g¹œœšÆ˜'†( ²=MGžßTvR¬WCG‹MnèV\ÚUû"ÙÖP +zzdm‡”=oRStÛ:Ne­g ±o$·Óˆ^m ƒrãnh3IÄ8™°é$Ò惱°™à”¬)ž;þ÷ür–Š×.Ž)~ò8™¢›F +pŠsG?¿ž‹fh¢9;ç¬Û"< ݄hÌ(þˆ +àSÿ2Hþúfî +gÂsî×3š +cGSsüçiaƒA +¿™ñbÁ$º +Ÿ7®ýÈ™©FÏ@Šý*‡kÁŸkDH±jkƒhOq“;úîÀô[dŸç@[Ûf +ŠþŒM¢?&‡ +,î‰ +^[š>ØC+3É +4Ö:ÍE©dXôÆá@`v‹Pó¯9‚5–_C•Ó«ØŒã4 +›–|‘·sïàM–¬Ïú1ÁÎƱú?¶:Qø•"=~à° +£ˆT­ýDÂæÅ­†T͌©IÏïÛöÊYd5ºÔ¶èñ=·Û藏êÊÅšŸÿœž/ךÓx¿œñ”\prߒ ÕPÐJŠ +µ›góÑô£²ÂûÞf=DìUÎì’ãØžÏNº‰ +§™ËÝQG;sË28k@^iºÀþ;÷5‡#k?dŒ[ʁpï +'j)¿Xé,EºŠeû]^ݳˆdÇ(ž|‡ÚDû5¿ +'öœ(piÛµŽ HŒoŠ—ÑS)ìU’]ïá +Șb>õ +ãÀ +âpš‡ot+ñš£õGP÷¡&ê»0ÜÛšóÉ'ÅÕ[œü®Va«AìÁá3©õ·är§É:Œàð ÁÚt-«[:}ÒÎØXžBm} +%ƒõ#›| +µµíù”9 +}Í_ΣkñtVŒÜ$ÉZ~ÊéÃ~/¡B:Ñèÿ#£®”ŠŽ^ЇûÞÞ~yKŠŽûç݋ZŒH +endstream +endobj +2968 0 obj << +/Type /Page +/Contents 2969 0 R +/Resources 2967 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2964 0 R +/Annots [ 2965 0 R ] +>> endobj +2965 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [218.479 152.204 272.775 163.108] +/Subtype /Link +/A << /S /GoTo /D (0:SEVERITYDEF) >> +>> endobj +2970 0 obj << +/D [2968 0 R /XYZ 71.731 729.265 null] +>> endobj +2971 0 obj << +/D [2968 0 R /XYZ 71.731 741.22 null] +>> endobj +2972 0 obj << +/D [2968 0 R /XYZ 71.731 718.306 null] +>> endobj +2973 0 obj << +/D [2968 0 R /XYZ 233.156 708.344 null] +>> endobj +2974 0 obj << +/D [2968 0 R /XYZ 308.303 708.344 null] +>> endobj +2975 0 obj << +/D [2968 0 R /XYZ 71.731 643.273 null] +>> endobj +2976 0 obj << +/D [2968 0 R /XYZ 71.731 610.02 null] +>> endobj +2977 0 obj << +/D [2968 0 R /XYZ 71.731 589.544 null] +>> endobj +2978 0 obj << +/D [2968 0 R /XYZ 76.712 563.268 null] +>> endobj +2979 0 obj << +/D [2968 0 R /XYZ 71.731 543.342 null] +>> endobj +2980 0 obj << +/D [2968 0 R /XYZ 71.731 489.741 null] +>> endobj +2981 0 obj << +/D [2968 0 R /XYZ 256.451 480.08 null] +>> endobj +2982 0 obj << +/D [2968 0 R /XYZ 302.52 480.08 null] +>> endobj +2983 0 obj << +/D [2968 0 R /XYZ 372.798 480.08 null] +>> endobj +2984 0 obj << +/D [2968 0 R /XYZ 414.025 480.08 null] +>> endobj +2985 0 obj << +/D [2968 0 R /XYZ 71.731 473.856 null] +>> endobj +1935 0 obj << +/D [2968 0 R /XYZ 71.731 435.547 null] +>> endobj +282 0 obj << +/D [2968 0 R /XYZ 341.758 377.524 null] +>> endobj +2986 0 obj << +/D [2968 0 R /XYZ 71.731 354.629 null] +>> endobj +2987 0 obj << +/D [2968 0 R /XYZ 71.731 354.629 null] +>> endobj +2988 0 obj << +/D [2968 0 R /XYZ 71.731 309.614 null] +>> endobj +2989 0 obj << +/D [2968 0 R /XYZ 71.731 250.834 null] +>> endobj +2990 0 obj << +/D [2968 0 R /XYZ 306.05 240.04 null] +>> endobj +2991 0 obj << +/D [2968 0 R /XYZ 71.731 192.055 null] +>> endobj +2992 0 obj << +/D [2968 0 R /XYZ 176.527 168.309 null] +>> endobj +2993 0 obj << +/D [2968 0 R /XYZ 320.376 168.309 null] +>> endobj +2994 0 obj << +/D [2968 0 R /XYZ 119.552 155.357 null] +>> endobj +2995 0 obj << +/D [2968 0 R /XYZ 71.731 133.275 null] +>> endobj +2996 0 obj << +/D [2968 0 R /XYZ 328.187 109.529 null] +>> endobj +2997 0 obj << +/D [2968 0 R /XYZ 472.036 109.529 null] +>> endobj +2967 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F48 1258 0 R /F50 1263 0 R /F31 858 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3001 0 obj << +/Length 1891 +/Filter /FlateDecode +>> +stream +xڝXێÛ6}߯0öÉ֌î—-ŠÛ6E/@v +Ø䁖h›XItE)Y÷ë;äÔÅÚMÚ'˔HΜ3sfHouXy«Ÿ®Ÿ¿¿zõc®r’'A²ºß¯‚,&‘Ÿ®Ò0 Y +¬îËÕÃú푞:Ön¶Aì­c‚¿oEóÁó‚Cßòæ€C’ÖGʛü× +> + +ìð‰7 +ÛDÞúÐòîŒCµhx'ÚÍÇû_®ñg_­¿ÃwÃJ\âï5¬¥ ++?x±OÔ4ÀLj竭b/Mш{˃<±‚ÓÊ°Ó2ÚÕ¬é +žPZ1³Eߔ–uEæPqJò,¶î~ œÈ#¡ŸÛ¯G"=U%6AŒþlvï„ ڔȔ–bÖN‰EÛ +Éüp4®í‚ãç œ +’Ç>Q²Š†fŠ|%ŒÃ-+BöÕî< +jy– +«m +[Kìl€Ð˜¹oÙß=À\é0%ˆJ¯üˆ„Q(XŒÕI|ؐ€D'Yš­ß³¢oF£†JvêŽÀ¹'ñ +({Súàà +d×ÀE +CµRä+`ô€IAí* +÷' +ÖøGˆ. +×ô‰×}c­²ËØïŽMøF +å9þW–rÂþÃQðQLRž±JNgÊ~W6cd{SÖ\Hí€¿ÖÅeÑõQ†¶^Z"mú”L +K㆛¿{aÃÑɛh]:Øt9µ\(Yx=M[ȊT“F9ZŒ:Oÿ¯ðC'­2ÕZº.%©“Õ’kŠÙ˜P'‘W ñèúñ¢—³,ÝÚ8†„'õjÁ˙|šÄÎå Ûk“ûªûÏi~!H +ë·èµÈ¢ÉÑû£7'r¢a—Ë=“ /l`³õb)5} +»aô7.‹ÖZJ÷ÑBúC™lmæg£‰Ðed°ŸkǺ÷Ç_±5S(³ê[œšx_y’D:Òbý™ÙôõŽœÜjiBBšP +ŸLùWÑ|sјZ’þa­Xì +¶XFtHûCo˜ÞàgÚªd,+Þ<âH¡Ì8²B +?ŸÐ$ž˜Õt[Ì° + +ŸHt³nŸyUMû¢ + + +QŸšm‹ +ƁɶGÚjfÖÐÅ:6ä/›4Á„áÉBŒ3+O‹A;yST}éÊü5¹ví  +!×£Zø»hkÝZ +²æȉ‹òùbý ­\ʲ¥þ†—Ìž?4¹6\境 +:چUƒÔ·BtÜ|[SàÖ~àgT +‰åՔ€k¥ +O×ó”7Ý"s–æ%Ú +ÑÛYÊ×» +œ36׳š@UÌbahÙ,€šÑábhœRœÒ@Y1D°ôði~Ÿµž™Àï燪n™åE°Fqv©çŽùœHÕ Î–›=œWú–}3­§Ýèœä +ÆМZ±«X-m +¶ l7³q[rIáÃrÔœ-8åP§Q±«yÀYÇUÿ?%ûÙà÷€ëqQÄS’x®}jĂŽù!‰¢Ô~rQ<TIú8-c}¹Ìâ92 +I’€ÓSÖmۊV^š£ë6O¢ +Ž™Ýü,IkWb‡sÑpGBåbFÑ¢pÇL6ÚÿYägYw7*žj38)Ê%øUŠ +a’áMÈR— +µ3 +æ$Lð~žEçšînæêGw¡ëà°ý6ƒî9O 6Cÿo +Züq +&Ùú¯×8%ÊFS¢ˆø.LÁ·ûM®ê$Áûå +d:©¶Z +5]0ŠM‡ßñŠê'×Zµcí¥Y +‡–IÑ·í«–_§;óú¹pÀn:ºÐô­ïÃYÇx«é‡òNÍ + +òü‰K®uZ·gêbÀDÇf +»UO‹§šÐáo-Jì1͂h.<8%º\FNµJáÈpû ºÂ*ƮҀ€¡m +)9îZ|Ó·Ü©VwoVF%+˜YcÖ^y¥7cÿ»Ý1)z'êéÙGßàÈg ªŸ=rœåüN`~šìÝœàžžTß “cåC{®4ýœôK +:‹·%ᬩ±Õ#ŠÖ·ä@ð4†TÑá±ðƒ—¬ÝK + +šèžåÞâ#Þ©š¢§vøőêÈŽÞª7XQñ5-Kœ +­æ=øø0æÐwz*€r’†&â`2åöþê_¬küa +endstream +endobj +3000 0 obj << +/Type /Page +/Contents 3001 0 R +/Resources 2999 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2964 0 R +/Annots [ 2966 0 R 2998 0 R ] +>> endobj +2966 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [358.234 705.191 412.53 716.095] +/Subtype /Link +/A << /S /GoTo /D (0:SEVERITYDEF) >> +>> endobj +2998 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [372.531 532.568 419.355 543.472] +/Subtype /Link +/A << /S /GoTo /D (0:FILEDEF) >> +>> endobj +3002 0 obj << +/D [3000 0 R /XYZ 71.731 729.265 null] +>> endobj +3003 0 obj << +/D [3000 0 R /XYZ 259.306 708.344 null] +>> endobj +2940 0 obj << +/D [3000 0 R /XYZ 71.731 659.113 null] +>> endobj +286 0 obj << +/D [3000 0 R /XYZ 289.939 621.898 null] +>> endobj +3004 0 obj << +/D [3000 0 R /XYZ 71.731 599.003 null] +>> endobj +3005 0 obj << +/D [3000 0 R /XYZ 71.731 553.988 null] +>> endobj +3006 0 obj << +/D [3000 0 R /XYZ 71.731 553.988 null] +>> endobj +3007 0 obj << +/D [3000 0 R /XYZ 71.731 552.742 null] +>> endobj +3008 0 obj << +/D [3000 0 R /XYZ 137.484 535.721 null] +>> endobj +3009 0 obj << +/D [3000 0 R /XYZ 244.143 522.77 null] +>> endobj +3010 0 obj << +/D [3000 0 R /XYZ 430.562 522.77 null] +>> endobj +3011 0 obj << +/D [3000 0 R /XYZ 387.743 509.818 null] +>> endobj +3012 0 obj << +/D [3000 0 R /XYZ 476.47 509.818 null] +>> endobj +3013 0 obj << +/D [3000 0 R /XYZ 71.731 494.71 null] +>> endobj +3014 0 obj << +/D [3000 0 R /XYZ 137.484 478.934 null] +>> endobj +3015 0 obj << +/D [3000 0 R /XYZ 239.042 465.983 null] +>> endobj +3016 0 obj << +/D [3000 0 R /XYZ 318.733 465.983 null] +>> endobj +3017 0 obj << +/D [3000 0 R /XYZ 403.853 465.983 null] +>> endobj +3018 0 obj << +/D [3000 0 R /XYZ 71.731 463.826 null] +>> endobj +3019 0 obj << +/D [3000 0 R /XYZ 137.484 448.05 null] +>> endobj +3020 0 obj << +/D [3000 0 R /XYZ 71.731 428.872 null] +>> endobj +290 0 obj << +/D [3000 0 R /XYZ 260.774 389.499 null] +>> endobj +3021 0 obj << +/D [3000 0 R /XYZ 71.731 369.395 null] +>> endobj +3022 0 obj << +/D [3000 0 R /XYZ 162.171 291.865 null] +>> endobj +3023 0 obj << +/D [3000 0 R /XYZ 249.772 291.865 null] +>> endobj +3024 0 obj << +/D [3000 0 R /XYZ 71.731 269.783 null] +>> endobj +3025 0 obj << +/D [3000 0 R /XYZ 119.552 246.037 null] +>> endobj +3026 0 obj << +/D [3000 0 R /XYZ 178.101 246.037 null] +>> endobj +3027 0 obj << +/D [3000 0 R /XYZ 71.731 243.881 null] +>> endobj +3028 0 obj << +/D [3000 0 R /XYZ 71.731 228.937 null] +>> endobj +3029 0 obj << +/D [3000 0 R /XYZ 76.712 189.848 null] +>> endobj +294 0 obj << +/D [3000 0 R /XYZ 397.601 154.381 null] +>> endobj +3030 0 obj << +/D [3000 0 R /XYZ 71.731 131.981 null] +>> endobj +2999 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F25 852 0 R /F38 956 0 R /F60 1440 0 R /F48 1258 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3033 0 obj << +/Length 1861 +/Filter /FlateDecode +>> +stream +xÚœXKsÛ6ŸçWèfiÆFHP|(39ž™€ujg¬žÒ + ’0Š–ãš¿Ÿ +`Á—h§§žBÀbßî~@°8.‚ŏo~Øœyû)Š²Ih²Ø +4‹É:LiDIÓÅ®X|^~8±ZófuGã`÷ûAV=¶šŽnJ±ó‰‰êÖ}éwƒ“TڍD¥ùj +,Ð7u–•Ð²Y}Ùýü&@µ@§p Ó]˜Ä$KâÅ +]“8ȜR'Ö¥šžê³[eÁRº1ËsÙVxèA¢æªÍOnÄWaŒü–óZ +Y)Ô÷"[7ÈY +jž‹Ãen›{ú41VÚÿ9`E6°";(ÙxŸþ„êÿ~8(®ß» +I°È`C²6Ҁl6öÙõÛ‘ ‰£Ô/x7#""QØ-x[3ÐÖIº—nH +&~•š&}þMšü +:„çÖ:géa²2ïÁúUfŠä£ŸxÃÑÛ[D„š©Ú3oDÎJ£)ž, +H”Pô]èt„“iŒ4~ógÄËu +›ì÷Ý0bCÍ +D¢Ç +ì{tXŸÄCÇ +qL‚ôû®KH¶ÙøUhä's¬Çܹ-µšKþ +îZÅœŒ7ädç,$›4ƒI‹3Wœ/*©;‘ +}tãlpŸg?è +¢x‘m‰NZñc»G9Ìý|5~g¥À•F¡€7Š«Ӕp㪌øQÎYdŒ +Æa~Íw^Æä(š@8‚0óYó:“Î{qlek±@\pi<Äęš¢“süŠi¶Î+)ÔÌ ô0ø£ä̆4͖ a$`„UÒ}<‹²ì–ºA~âùŠË'÷yXEƒ|0ÜÆÍ€w†›žš4« +Œû࿶Ä? +LäSŸß›Ÿt`byʍƒL$Iœ"ÞPŸSÑý¢Ä3“ðßBØü€v§VáúE'<›h3›DˉóLœŒèê$©k¿­ÂeÅÊÎØñùàhØv9ËÆâ®ÇGž&Ñ +’íKˆ4%4ržg‘ +ý0 +$íœôÌEcŸ +S%+fÒøºÌ@^˜vœ¢÷;™¢ +‡<©I§3ҋaýu’»•Zƒ„.UÍw#Ë·•¬jhçší}ÖåP2¡ŽòÆW+È*ɳI/Ÿ„x(ìruu&•‰ƒddO`¶—­îrøŒ“zTt”=ñ« ïyC9˜-§ÅÎ×Ñ®Cø3i ”RÒµÏÜGë¯FE{ÒÖxm®5'$]Â+þÕ)v +¹uB¢”N{«o£6¿¢(%1$Öš þè,«ôãÄú/žîø’çš-óê'Vžu]5jÓ.n§œhÖøš +nóŒ¯ÛÝp +y,z.ãM# +Xf@°7€oGŒ ÊQk+¢¿[®¬A +~ÂúÀž8Á\œæÄÃaBâ +Ð<ԞÅ×ã}'áoŽR7Ÿïð—Yc!Ç-ñE’øî–ˆ.»/ŠßúÝÌêMÒ¡w‚J ÔÙ-Å!d“ ò$û_øÞÖþtݍÇhhJˆŽ ­”8Vž·í/žÐ iùK:ùžš27 yÞ̓£})„f]tuð&øvƒé|ÛnÍvÏ\{vyµëÞH¿k;ÞÕÌåA·Š3+ÿçøs÷é.»js,$ +ÎuhØ­BêîC† +t™Q“ +÷ÓõlšƒS›HXÜvlÈ÷ + +nÝؐØksîP§yø$Jn+ë}ÃáœìýÅ\5cRPžÁ¬‡Îzœ'P¯ñ&XMÇôul€âPw€2(ƒŽ[OŠI“N +Š¡ŽÎFŒ¯ +VC›ÿœB [ +=3˜µNvõhD7z_ˆÖ¡áã+ê9„0€]rïNžØLœ3ÞöšM͛Þàxyæ/{e·Uу¥< ++ N÷þ”Z–"³À!>syž¯¡‘‡žÊB1ï%ŒøXËFnÖ×öœŠGSúú«î}aŒŽÖž]œge9—Y!¡iÔ£p– +ÆЍ + + ƒIÖ³ÁÌ£¶­kë>šV3„°nž¹™~Ÿýù +#¢Ã|“¥Ÿèð.ÊŸ—ú*}–2 +ÿ*ª +¢º(ÍÏjJ§úšÉÂÄ +fŽ¿È5Œhs>mŸš5º­{ŸÑÕë9vX×ÛDük΃ö͔«éíx€ÊæÜ??ÉóKmÁÝ›§þ..Ð"ïnŽOŽŽ[+œ?¡L ’÷CՆvaƒÄ®Ž^ÿœÔ£×'ËèòÖrmEϒÒ÷ŸRìֈŽpžÔŒ§œÁ{šgŠ.J}_ƌ7·[k~µ +çO¡5*eQ¬yq;vN +áy[2t‹ìbtbµïXe!ý] +&ŠOhi[¬{Ó±^zm„Pàÿ=B̘ánM-^8@Û3ÿ +ÃÝ[çTû3C/»ª9PߐCŒn%Ûã©{T>jZ£MH²Z}–’Z€«ÑhËÇݛ-]ž@ +endstream +endobj +3032 0 obj << +/Type /Page +/Contents 3033 0 R +/Resources 3031 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2964 0 R +>> endobj +3034 0 obj << +/D [3032 0 R /XYZ 71.731 729.265 null] +>> endobj +3035 0 obj << +/D [3032 0 R /XYZ 119.552 695.392 null] +>> endobj +3036 0 obj << +/D [3032 0 R /XYZ 190.544 695.392 null] +>> endobj +3037 0 obj << +/D [3032 0 R /XYZ 200.398 695.392 null] +>> endobj +3038 0 obj << +/D [3032 0 R /XYZ 274.628 682.441 null] +>> endobj +3039 0 obj << +/D [3032 0 R /XYZ 71.731 654.381 null] +>> endobj +3040 0 obj << +/D [3032 0 R /XYZ 71.731 639.437 null] +>> endobj +3041 0 obj << +/D [3032 0 R /XYZ 232.17 629.938 null] +>> endobj +3042 0 obj << +/D [3032 0 R /XYZ 71.731 580.423 null] +>> endobj +298 0 obj << +/D [3032 0 R /XYZ 336.363 541.051 null] +>> endobj +3043 0 obj << +/D [3032 0 R /XYZ 71.731 520.947 null] +>> endobj +3044 0 obj << +/D [3032 0 R /XYZ 71.731 520.947 null] +>> endobj +3045 0 obj << +/D [3032 0 R /XYZ 341.676 495.223 null] +>> endobj +3046 0 obj << +/D [3032 0 R /XYZ 410.737 495.223 null] +>> endobj +3047 0 obj << +/D [3032 0 R /XYZ 71.731 447.238 null] +>> endobj +3048 0 obj << +/D [3032 0 R /XYZ 119.552 423.492 null] +>> endobj +3049 0 obj << +/D [3032 0 R /XYZ 185.015 423.492 null] +>> endobj +3050 0 obj << +/D [3032 0 R /XYZ 71.731 397.49 null] +>> endobj +3051 0 obj << +/D [3032 0 R /XYZ 71.731 382.546 null] +>> endobj +3052 0 obj << +/D [3032 0 R /XYZ 139.477 359.333 null] +>> endobj +3053 0 obj << +/D [3032 0 R /XYZ 76.712 331.039 null] +>> endobj +3054 0 obj << +/D [3032 0 R /XYZ 71.731 311.113 null] +>> endobj +3055 0 obj << +/D [3032 0 R /XYZ 201.093 287.801 null] +>> endobj +2893 0 obj << +/D [3032 0 R /XYZ 71.731 259.905 null] +>> endobj +302 0 obj << +/D [3032 0 R /XYZ 288.562 220.533 null] +>> endobj +3056 0 obj << +/D [3032 0 R /XYZ 71.731 197.638 null] +>> endobj +3057 0 obj << +/D [3032 0 R /XYZ 71.731 197.638 null] +>> endobj +3058 0 obj << +/D [3032 0 R /XYZ 466.108 161.753 null] +>> endobj +3031 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R /F50 1263 0 R /F25 852 0 R /F48 1258 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3062 0 obj << +/Length 1973 +/Filter /FlateDecode +>> +stream +xÚ¥XÛnÜ6}ÏWìã.à¥E­®Z 5œ4EÚž‰Q Hò@¯ž»ltƒ(ÙÙ|}‡äeÅMÐK+órfæÌÌ!ƒÕq¬^=ûåöÙåËÝn•“< “Õíaf1‰hºJw!Éâpu[¬>¬¯N¬íy·Ù†q°Ž‰y^5õÇ C'ê£ù$Yub¢Ÿ0¿ú7/§FöæMÔ=ßDÁú؉þl>UM-úŠÛ|ºýíY€°`ÚÒ$&Y¯¶aDâ 3 níò +¬žß„ñšÕ=;âW!- +†›· +/EýÙ¡­šB( +8Ž,Å]Ç:a²º0/|Cãõõ‡ï‡žÝ•\^̆T +­©9ÇO}cžwˆ§ãESse&˜ž¥!É­w?qÐ6=¯{ÁÊò<‚;œ +Vø‡yi:»c­¿ ç +7à‘Š)úå€ÿ™}ö}6ŽëyŸ=ÙïöÉ,†,œ¶k`ÓÊ3óvŒòuÉ'Dž"ìO|ÿyCÁ˜N»bašš +þÚPJÕES›)! Ð+€³è”Ì‘WmÛt>!¬™› +BHnÙcmƙùs3|+àmÉöÜÛ@U,ùæÛqsØ}R*®X¢ã{H +÷ÏSSŽ1}Õõ¡.¬ +TZ”yÞÇ)É"À§q}žé6»t­ÑÂÑӌÜå$ +B;ºmJ±Ÿ°±c°‡ÛÕSÊ Û0OI +~žr¡lääH4úÇHw¡i␟ã¬x[—ç%˜q@‚l f¯1ê/ÕëQ—e†ªò;}GiB’„þóvËš.lz4Çw)ŸòyœéEÅeϪ!>@n\E„†¡O3[ƒÄ±n:ËW]vf%qÑ:ré3=õÚŠUQˆ +R1¹ôŸ~ó+žš'ŒýOïí(%A@ÿ7õŽ÷ÌølÚ)srš& -'³–iGMÂëm‚Kš¢²µ˜Œ Û"éÖl† +æøs¬o°"ô”bp/5š1¥19.íaÝ +¡ùlÙ VãÖ0^eàÖ$Òn‡ªÃC*üï[(­ÏÍÐ(› + +ž°Ë\ÞÞmÂ`}/šABï€A s(Í ‡ô?”.h4Ãošf$ŒrÇ%¬Ö +;R’å.c;.‡²—nýdæ!!ÅŽšØƒ1ŸåF +ƒw'(VÏ䲚Rêž`a~á²Ø3M”£Äa/”$16EÕHŠ¯ +˜gº)LTaQöcnë¥â ‡ªá€bÏ4+Gø‡Íb¥š +b?˜gê8ŽÜšÇY-Þ +8®%7ÊKý`jÄat +SŸ +¹ +Ǻb¡ ¹mô±Î?ãÇÞŽ{ +Ž‰rèž +íù +F«¡ +®œa^ª=—XDJèÎ’×-Éy%­Ñ  +ƒw$ƒ3Òßlï'eÃÛ.‰H˜:ª?‹Òƹ]Xð–Cݬ÷ªŒšºžBÝÛ%|L +ŒžÅj¹¡?éZlœo>œ˜Ë +n™¢jŸ{ð +Å +Œ=Eó¯Z²t͌kàî9»÷ +gÞñ‘Ñ_”ù¢šzvêhb^Ç·^ƒšzˆ +ŽA-™ªÊY(Þ[[f 'dԝ#lÍrÅ«P,råÛ +t,U=lÕ»ÕÅõ“ò ’ºþö»û¥Ææ$ +C$X&ÆnÏ0{«Š +TpWÑŽ YW +ù9jØçKm’æ°?0ÔHn[ƒy3öÇåÐv?™ùI0-¥¡±+ʇ¡,[¹`fC€ãÑÌ^ÎڔžçõÏñ_Sc +kgw^±C~ЈÆîü¢ÅSä@98]Rúm0i +ž)9%QìK–ŒŠCŒsŒïÔ+ìŸKNÍcBW¢œ&Xtj +çO8õöõ«ëw4—Ô +ãÊúùo8© +02Û֐úbē@£èxŽ#S·¥Pbsg·wšÛþjžËnA® +14–Ì®¥šFÇ+ìÉÔAä$ 7¶îävèšj.É|ÉéBçF¢[§¢ùð€°s‡Kn–ž±£î3Xuoù¡Pá6UÅ +ÍÞÞ.ÜqúâeÄ Ýa@XLZû=¹ŽåSúWE·±Šsr’nù^°Ò-¶gƒ*u£0 ÙEÀ{TI(ÞùÄ$"9vª÷×oÀOÀÀá +¶„Ÿï„î&&9ëC7êÚ©‘ÇŸP?¯ÞÈïR¢4V& +ŽÐ@цvÊ×Ò×Jïÿ|ƒMœA˜Ä©e£eÚÜ»(G€óyê4&äV„¹sñ’Aõ?l¹æ†f®Œ +%P­â¶ùênicŸµ»yíֆ^/iU€é²¬Ý¥lœð +ª@ôuÇ-8T€ªønQÌ©QE (–NàÝqÔÂæ'è|Øhsî]®>àgÛ&Ót­NŸ„Ά­žbîç:£àœÖb4þnÑðBúç(ÌÏéÕÔn)£±ËI1ïøìé~Lv÷?»&œ&Œš0'ŒYäÒÖóÍ÷ +k'Ëþ +ÿJp<)¶\i +w­{–=¯– +€¶* + +I$ù^ Nt™‡ +ŸÕµAëþ¥â„{\žšm +Ü +f6ŒºÌöwAܶ4ÝÙkVТ-Ý݂áæ6rz9í]_@‹ÏÔÙ;HŒ˜8òf\ß>ûZ5 +endstream +endobj +3061 0 obj << +/Type /Page +/Contents 3062 0 R +/Resources 3060 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2964 0 R +/Annots [ 3059 0 R ] +>> endobj +3059 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [420.935 224.785 480.249 235.367] +/Subtype /Link +/A << /S /GoTo /D (0:DB-UPGRADE) >> +>> endobj +3063 0 obj << +/D [3061 0 R /XYZ 71.731 729.265 null] +>> endobj +3064 0 obj << +/D [3061 0 R /XYZ 71.731 741.22 null] +>> endobj +3065 0 obj << +/D [3061 0 R /XYZ 71.731 718.306 null] +>> endobj +3066 0 obj << +/D [3061 0 R /XYZ 71.731 660.359 null] +>> endobj +3067 0 obj << +/D [3061 0 R /XYZ 178.211 649.564 null] +>> endobj +3068 0 obj << +/D [3061 0 R /XYZ 283.356 649.564 null] +>> endobj +3069 0 obj << +/D [3061 0 R /XYZ 377.392 636.613 null] +>> endobj +3070 0 obj << +/D [3061 0 R /XYZ 157.728 623.661 null] +>> endobj +3071 0 obj << +/D [3061 0 R /XYZ 324.471 623.661 null] +>> endobj +3072 0 obj << +/D [3061 0 R /XYZ 430.553 610.71 null] +>> endobj +3073 0 obj << +/D [3061 0 R /XYZ 119.552 597.758 null] +>> endobj +3074 0 obj << +/D [3061 0 R /XYZ 71.731 582.65 null] +>> endobj +3075 0 obj << +/D [3061 0 R /XYZ 71.731 567.706 null] +>> endobj +3076 0 obj << +/D [3061 0 R /XYZ 250.112 558.207 null] +>> endobj +3077 0 obj << +/D [3061 0 R /XYZ 76.712 529.913 null] +>> endobj +3078 0 obj << +/D [3061 0 R /XYZ 71.731 509.988 null] +>> endobj +3079 0 obj << +/D [3061 0 R /XYZ 354.434 498.331 null] +>> endobj +3080 0 obj << +/D [3061 0 R /XYZ 71.731 437.161 null] +>> endobj +3081 0 obj << +/D [3061 0 R /XYZ 289.622 424.209 null] +>> endobj +3082 0 obj << +/D [3061 0 R /XYZ 446.542 424.209 null] +>> endobj +3083 0 obj << +/D [3061 0 R /XYZ 71.731 402.127 null] +>> endobj +3084 0 obj << +/D [3061 0 R /XYZ 71.731 402.127 null] +>> endobj +3085 0 obj << +/D [3061 0 R /XYZ 189.708 391.333 null] +>> endobj +3086 0 obj << +/D [3061 0 R /XYZ 312.014 391.333 null] +>> endobj +3087 0 obj << +/D [3061 0 R /XYZ 119.552 378.381 null] +>> endobj +3088 0 obj << +/D [3061 0 R /XYZ 71.731 357.075 null] +>> endobj +3089 0 obj << +/D [3061 0 R /XYZ 71.731 357.075 null] +>> endobj +3090 0 obj << +/D [3061 0 R /XYZ 214.714 345.504 null] +>> endobj +3091 0 obj << +/D [3061 0 R /XYZ 410.64 345.504 null] +>> endobj +3092 0 obj << +/D [3061 0 R /XYZ 193.444 332.553 null] +>> endobj +3093 0 obj << +/D [3061 0 R /XYZ 258.997 319.602 null] +>> endobj +3094 0 obj << +/D [3061 0 R /XYZ 353.482 319.602 null] +>> endobj +3095 0 obj << +/D [3061 0 R /XYZ 195.376 306.65 null] +>> endobj +3096 0 obj << +/D [3061 0 R /XYZ 71.731 303.248 null] +>> endobj +306 0 obj << +/D [3061 0 R /XYZ 397.807 266.032 null] +>> endobj +3097 0 obj << +/D [3061 0 R /XYZ 71.731 265.853 null] +>> endobj +3098 0 obj << +/D [3061 0 R /XYZ 71.731 250.909 null] +>> endobj +3099 0 obj << +/D [3061 0 R /XYZ 71.731 178.262 null] +>> endobj +3100 0 obj << +/D [3061 0 R /XYZ 193.006 165.31 null] +>> endobj +3060 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F38 956 0 R /F25 852 0 R /F48 1258 0 R /F60 1440 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3104 0 obj << +/Length 1685 +/Filter /FlateDecode +>> +stream +xÚœXKoÛFŸûWÈA"`®IJ|(@ +žNœºHZ QNN¹ŠH–»Ž­þúÎ>†KRL‘Ssˆ–û˜ç7ßÎÚ[ +ÞâãÕ¯»«›ûõz±%Û(ˆ»Ã"HB²ñãEŒH‹]Ÿx\Ýi#hëžAè­B¢ïêê›çÇ®eÕQOñôT€¬ºÖ_¢ zPÔ\è«u6ÞêØ2qÖS§ºb¢nï»ß¯™d€ÒSðýàÐLÝ, +K£,3VVÝiOÛ^Äà +y¬?úõßæìÒ2 + +à +i!ïÏŸŠÿz± +UÝ.çò%×җ—Š¶R'Êøx!ãØÖ]³ŽöÎ +Û] +süd%؉NKœë Z‚ JKŒä–_.å +ኳèrLܓÊ›BqåkzjJŠ&Þ¹îƒ +ÿv([q{ݕ=wæ,KEOƒ©U‘.3„4Ÿ"ªµL³)Áל\È À܌pÝ΀}fAŠñžxr^MÃ'cæö²Ú+ðJµš‚{˜öµGí.qnèDhšeÀ Šši{b\·²¬z)tŠfzšð‚5ÄÒsL?T7 +»‰Iø +7ŒˆblMÒ¡a诙t(Mwf²ÕŒ\å7 +!0æÝ^ßNuËp]zv«z(øИÈhӇ=ÈÚô` Ð¢Érõ’ÕÑæ!Í +;߀ˆ%Ž4qä]ZÎÐö¡­O#Ž¡'Ã.CÌ^ÜæÞ®r$žÊ›ºd™nŽñã¶Æx¯Ì~8V¿uŒ¢2L—®®¥« î6$ýG}Y%Šœ(ƒÅ$Þ$c„S™ÓWÆ­2:§4!‰·A¥xYòo˜QèlÌE?Üã-¢Úy‘zLN‘œu¢Œ\66²çÁÞÐ5vü|ž/ ø§6"ažþÙÜn<²öûÜZ†B V‡$ˆ þžÌÁŸnÐÄäPaEßè\šoÈ6îõºs-Zœlq +&mø°Z<*_tÒð=ªÉ®Õ/}B÷Ø&ՕO±M,Ó_J`›~0k· ÙëkސÕqÚ8Šú“ëžkOõ겧L +û‘–Œ6ÓÐû +̬ÎïΫÀ +§åÁr# +ƒ†- +ã¯PohÆÒrșš*Õüç¯F +vQ—9ÿ)›Ò)};ƒ‡¶rÔòƒ±ñ,+œîôNj45­L-Ld‰Ê]Oc³œÇlt•NÅ +/3—Ál* $c˘LF|x7\Þ/^Ž + ý~CE6ƒ +ÞQ<©mŠ$†>>ٌ#«/ËiLš4䵑†êŽÕ'õú0IƒÞªØ&Ÿñ +ã©ÿ>`ð¥{ëëÅð(НŒõÛÏFŽSÑ5zX²'yŠŸ‰Ò–DÒI #|^=þEÓüϪ<ÛמG6[ÃûoF“z²ôãûßûÍäã-ŒóÙŸ”Ÿ‘÷f^z"–ª‘#x ƒ Žgª'¯žõXõœr B/–²õVšS?²}øg !®£€øÛHu=Qb,ÇÔõawõ/C/à0 +endstream +endobj +3103 0 obj << +/Type /Page +/Contents 3104 0 R +/Resources 3102 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 2964 0 R +/Annots [ 3101 0 R ] +>> endobj +3101 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [222.853 251.135 277.149 262.039] +/Subtype /Link +/A << /S /GoTo /D (0:RECDEP) >> +>> endobj +3105 0 obj << +/D [3103 0 R /XYZ 71.731 729.265 null] +>> endobj +3106 0 obj << +/D [3103 0 R /XYZ 71.731 718.306 null] +>> endobj +3107 0 obj << +/D [3103 0 R /XYZ 165.479 695.392 null] +>> endobj +3108 0 obj << +/D [3103 0 R /XYZ 71.731 637.445 null] +>> endobj +3109 0 obj << +/D [3103 0 R /XYZ 71.731 593.289 null] +>> endobj +310 0 obj << +/D [3103 0 R /XYZ 439.554 555.298 null] +>> endobj +3110 0 obj << +/D [3103 0 R /XYZ 71.731 532.18 null] +>> endobj +3111 0 obj << +/D [3103 0 R /XYZ 71.731 461.485 null] +>> endobj +1000 0 obj << +/D [3103 0 R /XYZ 71.731 411.422 null] +>> endobj +314 0 obj << +/D [3103 0 R /XYZ 100.394 345.945 null] +>> endobj +3112 0 obj << +/D [3103 0 R /XYZ 71.731 322.456 null] +>> endobj +3113 0 obj << +/D [3103 0 R /XYZ 409.472 313.068 null] +>> endobj +3114 0 obj << +/D [3103 0 R /XYZ 119.552 300.117 null] +>> endobj +3115 0 obj << +/D [3103 0 R /XYZ 71.731 278.408 null] +>> endobj +3116 0 obj << +/D [3103 0 R /XYZ 406.105 267.24 null] +>> endobj +3117 0 obj << +/D [3103 0 R /XYZ 194.53 254.288 null] +>> endobj +3118 0 obj << +/D [3103 0 R /XYZ 71.731 252.132 null] +>> endobj +3119 0 obj << +/D [3103 0 R /XYZ 71.731 237.188 null] +>> endobj +3120 0 obj << +/D [3103 0 R /XYZ 491.994 216.032 null] +>> endobj +3121 0 obj << +/D [3103 0 R /XYZ 71.731 197.399 null] +>> endobj +3122 0 obj << +/D [3103 0 R /XYZ 71.731 187.437 null] +>> endobj +3102 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R /F25 852 0 R /F48 1258 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3125 0 obj << +/Length 1314 +/Filter /FlateDecode +>> +stream +xڕV[o€6~ϯ ZU +ªÅƒX)Û4ÙŠê6™UUí®*˜ + +±G˜Ivþ}ññp ÙªO_Îå;ß¹„ÞœzÎ~ٜ­¯âØËIÎ#îm*/ÊIhê¥qD2y›­÷yu±+öhý báŠûœPòKF÷‡¶–÷vK»¢–oí_·v±Sº³«ZvÂOÂÕ}[wG»õšdÝ©Öÿºùý,D³ÖW,ô2ò<564æ$bÜ +¢„°0³FUu#Î×¢+ÍSxА$9µ‡o–6?_ßKՊ÷Móurü'oü€‡áJ|+›ÃVØðKãÒØ`W +ÜÚŶnE ÕBÿ·a3O֭Ъy"¥’ÑœX’ +ÎÚ_/‹FÈmÑŸªh}1Š$¢,é‘LS’Ä^'$åˆ##ÜD4ÍV›úцÖ&ŽÆ7³.} +A¥ +«måÆtDš$%YDœÀp&M­Øk9°ÀŸ˜Ð +X& +öîÇZ— +b# +ÌÜ% +°Ö +¥ªjƱòÄÆbže@: +Õ¯x¬E7“bøÙ>ù[ÁÂútŽl5lQ»q'ºg!Üé¡, +®Íã'Ÿ²• +^ØÄ4‚ØD$g›žÆöA¿C÷³‘ûáÐ[Ñ]QúûŸf«úQœÛgÜdKÎy㌂ÂŽOEs +Øxm¢â}îKpp¢9úœ­^‡p/ʺÂT.ð°U²+~0ÄA?5Ÿ=8¯Ÿën÷=Ÿ¹5È8|a +ŸÅ×7rÑg¡;QÅéZðÛ]8ŸÙ-ZY©ŠQ‹g=# +T:\µpO +=ÀP‡ +d²3EáíÊ|6()û#U'Š;§_˜|+ÅÞP8rbdы}™V1ÏÆÁojÝ-å+ÍÈVÑ"S㌓ +ðŽTÅҁژCB bk\ˆS[ò̑±èî‹€fùɞÖøS@‰1ŽX2,ÊI,ë“ +äK[[FՈWpøQÉભgcV+^XLìÑ­ +œ£œ‘ŒæNëcÏmxÏ죲5ÉÖGtÁb +“lp°R­}»]Q7õþíSâ✄ÀŒlZlF%t”Qðc2 +Ú¥‰£Ýè!1·§=àédNÄŸ€(ìËÅ«(iøÄ9ÅŸ5Ê|åK¹,’Œs-f”‰ +l'˜Ã¥1ՓltÓŽ€:ä®+ÛkŽŠÉôe~€[»*쁀U_“‡û­ý;¥/µ5k.Т + +x |tÐØçt'öÚµ?˳Èò +v~^GvQù1Ä·? ó×w +#ÖG{಺8ºPJ8Ò­ÖÜ8tB¯wà€^B +‹Ñn§aÙþ%Kàšj +‡ +áL1§&¢ÆU7A +gÅ·oûsþpŸ>I’8þX(E%4¡­ÒZ5pˆ&$Nxd‹4²ˆAó +Ù0§PœT>éÓ R8Š7;·íÀòJ +˜õÕëjÖÜúÈÒÍjÔ§±ø+Wüm#DzÙ±sC²ª:áæàç]í +úVf卿í€ØÃ³É +1×­ds +¬è`€à‚7ª'Ý®F³ÜWö{Õv}FšÕšÇœ› +á€ZJò˜kQƒº»™õ +Ôé—אû•KîKY6J£3P–ŒÑ€ŒŠŽ³6ûÑq“‚ûãíÅo—¿~úãòŸÍ_&š7vm ²^¹~×('ßµ +¬gl:ƒÀL +¡ðÅ8ZÞÌњôíÔŽhœ,!œ¢=ŒOž\nÎþ·»‰Ë +endstream +endobj +3124 0 obj << +/Type /Page +/Contents 3125 0 R +/Resources 3123 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3149 0 R +>> endobj +3126 0 obj << +/D [3124 0 R /XYZ 71.731 729.265 null] +>> endobj +1001 0 obj << +/D [3124 0 R /XYZ 71.731 574.904 null] +>> endobj +318 0 obj << +/D [3124 0 R /XYZ 253.971 529.65 null] +>> endobj +3127 0 obj << +/D [3124 0 R /XYZ 71.731 505.894 null] +>> endobj +3128 0 obj << +/D [3124 0 R /XYZ 145.006 496.773 null] +>> endobj +3129 0 obj << +/D [3124 0 R /XYZ 71.731 463.797 null] +>> endobj +3130 0 obj << +/D [3124 0 R /XYZ 71.731 463.797 null] +>> endobj +3131 0 obj << +/D [3124 0 R /XYZ 200.866 450.945 null] +>> endobj +3132 0 obj << +/D [3124 0 R /XYZ 71.731 430.84 null] +>> endobj +3133 0 obj << +/D [3124 0 R /XYZ 71.731 395.986 null] +>> endobj +3134 0 obj << +/D [3124 0 R /XYZ 71.731 395.986 null] +>> endobj +3135 0 obj << +/D [3124 0 R /XYZ 224.307 385.192 null] +>> endobj +3136 0 obj << +/D [3124 0 R /XYZ 71.731 365.087 null] +>> endobj +3137 0 obj << +/D [3124 0 R /XYZ 487.866 352.315 null] +>> endobj +3138 0 obj << +/D [3124 0 R /XYZ 201.492 339.363 null] +>> endobj +3139 0 obj << +/D [3124 0 R /XYZ 396.536 339.363 null] +>> endobj +3140 0 obj << +/D [3124 0 R /XYZ 71.731 324.255 null] +>> endobj +3141 0 obj << +/D [3124 0 R /XYZ 71.731 309.311 null] +>> endobj +3142 0 obj << +/D [3124 0 R /XYZ 76.712 258.566 null] +>> endobj +322 0 obj << +/D [3124 0 R /XYZ 331.5 219.194 null] +>> endobj +3143 0 obj << +/D [3124 0 R /XYZ 71.731 196.077 null] +>> endobj +3144 0 obj << +/D [3124 0 R /XYZ 71.731 151.284 null] +>> endobj +3145 0 obj << +/D [3124 0 R /XYZ 71.731 151.284 null] +>> endobj +3146 0 obj << +/D [3124 0 R /XYZ 71.731 150.038 null] +>> endobj +3147 0 obj << +/D [3124 0 R /XYZ 129.514 133.017 null] +>> endobj +3148 0 obj << +/D [3124 0 R /XYZ 71.731 113.904 null] +>> endobj +3123 0 obj << +/Font << /F33 859 0 R /F50 1263 0 R /F25 852 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R /F48 1258 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3152 0 obj << +/Length 1248 +/Filter /FlateDecode +>> +stream +xÚµW]oÛ6}ϯР+H@E“”šyèÒdË°"ÀêaÍ0(m•ÅL’›yȏï¥HÊŠ,í°œ„ŠL^Þ{ιÂÞÚÃޏ?,/·Qäå(Ohâ-W +ÍŠIê¥E£Þ²ò>úכâ©çmR†}†ôz-›Œéz׊f­_uÅvSˆæþ¯ßpý°‘]¯ŸDÓó Æþºý^¿ÚÊFô² +þXþ|[‹[†œ +|JbåSHb†H +y!ÙvªíÕ¢ÜðòÓB6õ +þ”|ñÄÛEUì•5°‚–êýß}ÿáú§›w¿ýróçò÷ûÉ}ñR”§˜ +÷QŒRJaÍËr}üRvzèÜð? +›ßqMcâ/œÊ§^ÈŠš +XŒ”Mež!ŽjWÛý^W²®e@™ÿl^<`†;±uažè¥^oEͯŒ!CÁ^îôCi}èžx)Vûbĉ¢œí{-,[råz×ÁýäRØ³£ØÁ‚’Kj>ñf€±ÿ +0y¥'ÇüÌŠÌ‚g¯£æŠcy£1Ê³Ô +8ƒ}âWåÜåkì(rœ0Æ(Š +Ÿ9ûœCšoëÚB)µž@sŒµ +û˳°€Vˆo²Ø›_ +¡ƒJÕ/ÜØ)ú3Œ-ƒÌ‘ÿKEdR’Ÿî~9iå䄢$€_\A +xã.Šâÿ$ŽGÙoÎyHŒjP Î +­BzVC#2‡HÚBg¿Ž%GÿìÚò¿v@Zåæ‹öÚ$™É¥­èj‹¢ªìv9ÑÌeˑ"tVB™b.Ò'¢×™;‘˜Üõšø€Š +3ÊœAœ–6°_ÇՔr†‡œoUñ + ñ7"šÿ-GՃ‚„ùHW-(g#%Lw0šV)ƒ–Æ(ʙ¶ ¯T+M3ÿZ (jñèï~µ{ª@Û㿃Ha-ՍàG@±ÿIõ]]"K]œ¢ŒS‘MŒkpU +-ü4å÷œèʳ”À<5(ÌsûÄHF9ŽÅa—NŠ³©ÜHÙqKPÿÌycé>€3¹ * +‹Œ*ÚBˆ<"â,ŽÆVoî·I?HàÔ°[ý×óa¬±mqÜÅÂü¿¡]Ž¬C_Ñ$5u»í2È©Ï»~®1&@åÄËü~idÃgš +Í9W« ò»nšC[YÍÉ#ƒ!ŠF֋3w’ +EIj7MYî6rWW3ˆlN€³ÝŽ +¥¶ÖÈña5ã!É”Æäš9#'ùÁÅS;jŽ­h€ç2!E„ä“Põ;õ +R|Ä€Tj±©;g–¢8O +÷€AŸ%‰«éZèª5§2] +%críbØÏH +r&Ác̺"Î+*ÅÌUÔÛÎMÿÏ*@ÞvcÆCÅ@äð1Ðr·5zfՈû*ýQ±ž+]0fé8w‡¡úÂh•#šÏsôA“fو³xS<ځi°¡Î+ÇtT&eItæèn¥9¢Iõ3s9šK3Ñ9ј‰dÍ6¶GéF<Õh#KÆâöÇî̄1” +KÉMÆÓFXtN«3uÖBÕ·ûÓŒ~t@ªŒ€ Ë@À±;S> endobj +3153 0 obj << +/D [3151 0 R /XYZ 71.731 729.265 null] +>> endobj +3154 0 obj << +/D [3151 0 R /XYZ 71.731 685.031 null] +>> endobj +3155 0 obj << +/D [3151 0 R /XYZ 129.514 667.098 null] +>> endobj +3156 0 obj << +/D [3151 0 R /XYZ 71.731 632.438 null] +>> endobj +3157 0 obj << +/D [3151 0 R /XYZ 71.731 632.438 null] +>> endobj +3158 0 obj << +/D [3151 0 R /XYZ 234.539 621.27 null] +>> endobj +3159 0 obj << +/D [3151 0 R /XYZ 71.731 569.215 null] +>> endobj +3160 0 obj << +/D [3151 0 R /XYZ 71.731 569.215 null] +>> endobj +3161 0 obj << +/D [3151 0 R /XYZ 71.731 536.219 null] +>> endobj +3162 0 obj << +/D [3151 0 R /XYZ 71.731 536.219 null] +>> endobj +3163 0 obj << +/D [3151 0 R /XYZ 71.731 534.974 null] +>> endobj +3164 0 obj << +/D [3151 0 R /XYZ 137.484 515.915 null] +>> endobj +3165 0 obj << +/D [3151 0 R /XYZ 71.731 513.758 null] +>> endobj +3166 0 obj << +/D [3151 0 R /XYZ 137.484 497.983 null] +>> endobj +3167 0 obj << +/D [3151 0 R /XYZ 71.731 470.296 null] +>> endobj +3168 0 obj << +/D [3151 0 R /XYZ 137.484 454.147 null] +>> endobj +3169 0 obj << +/D [3151 0 R /XYZ 71.731 441.096 null] +>> endobj +3170 0 obj << +/D [3151 0 R /XYZ 137.484 423.263 null] +>> endobj +1100 0 obj << +/D [3151 0 R /XYZ 71.731 381.171 null] +>> endobj +326 0 obj << +/D [3151 0 R /XYZ 377.353 335.916 null] +>> endobj +3171 0 obj << +/D [3151 0 R /XYZ 71.731 312.161 null] +>> endobj +3172 0 obj << +/D [3151 0 R /XYZ 145.006 303.04 null] +>> endobj +3173 0 obj << +/D [3151 0 R /XYZ 71.731 268.006 null] +>> endobj +3174 0 obj << +/D [3151 0 R /XYZ 71.731 268.006 null] +>> endobj +3175 0 obj << +/D [3151 0 R /XYZ 187.406 257.211 null] +>> endobj +3176 0 obj << +/D [3151 0 R /XYZ 71.731 235.045 null] +>> endobj +3177 0 obj << +/D [3151 0 R /XYZ 201.175 224.335 null] +>> endobj +3178 0 obj << +/D [3151 0 R /XYZ 417.283 224.335 null] +>> endobj +3179 0 obj << +/D [3151 0 R /XYZ 435.733 224.335 null] +>> endobj +3180 0 obj << +/D [3151 0 R /XYZ 478.622 224.335 null] +>> endobj +3181 0 obj << +/D [3151 0 R /XYZ 139.656 211.383 null] +>> endobj +3182 0 obj << +/D [3151 0 R /XYZ 187.257 211.383 null] +>> endobj +3183 0 obj << +/D [3151 0 R /XYZ 71.731 191.279 null] +>> endobj +3184 0 obj << +/D [3151 0 R /XYZ 334.424 178.507 null] +>> endobj +3185 0 obj << +/D [3151 0 R /XYZ 242.42 165.555 null] +>> endobj +3186 0 obj << +/D [3151 0 R /XYZ 160.368 152.604 null] +>> endobj +1101 0 obj << +/D [3151 0 R /XYZ 71.731 151.259 null] +>> endobj +3150 0 obj << +/Font << /F33 859 0 R /F50 1263 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R /F25 852 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3189 0 obj << +/Length 1772 +/Filter /FlateDecode +>> +stream +xڝXKoã6ŸçWøfˆdQ²d9E/Ín)ÚŠhœCÑ-Ñ6ID)‰÷×w(rš‡•ì¢›”†ä73ß<(ovœy³/W?í®VwA0ÛºÛȏf»Ã̏CwM6³Mà»qèÏvéì¯Å퉖5«–Žz‹ÐÕÿ·¢øÛóücSñâšIšŸ(/®õ¬>1=8 Yë/j¶\{‹cÅë³~”‹‚×¢Zþ³ûùÊ3°Vw~8#×'áZr|žQ +Á`ão­Q +n¬ lâÅ®=  +Pfƒ +Z7•™ŠŽŠ{*™:t&=×7öÉÌQ*o6zó +‚·ëڙ=@)#õAs–êmCoöQ‹šx±Kâ4jw4Æù÷À³)ÑÆõÖ1 +ïuRvXoA›¬6V¥EªeF–Z»Š ل®Ç8Äw·!Ñ{¯Y­2‘ÐlõBaÄ÷+ƒmYûnEàBĞ2Ä€:Šæ¢Ð³„šÁÞÈ%–Cš ­ñM^CzB«aHYóœÁ©ÄmeŒïrºŒŒ Õ¹ïYÃí»% Â^²€éøZ1*E!7x=ÜžbÒ]1­©Ù(g%'–<Ë&¿ôÈ­Ž²ŠU>µ1ð¢ÈÄ*~89ƒ«MNVo&¥;HŠËêwà•Ù+Ì®¢dJ{OYà +Œ×ߣó5z|é‡pêaåŽïÇù^÷šˆªev'tÒ8bõ&ÈQ +)ù ÓЌ#8Èßú•!Ô'·ʂUá©«3ÞšÚ`=XGnˆ¥fkJÍ-ì¹ôœÅ³ÞžÔ“Åç,k–ëñAÉ·$†ÉãÓý§Õã—ûOzÚf Îä·ªRdÒÚ2†­†Òй6 +’MYŠÊù€±SŸÐÞ¢T1gœ×È +t¹/oðÅ=|£èrWÝÒ%‰f¹ã(hŽlxÚºcBÑÑF÷&ÖX¡’Pz=V ¹ôÿ ÈSÊrÌ/H!bžèõ$² 2Y'ª +†³ŠVš!féƒnZÆÄí;Øî'‡°+E +'eê}Ñ+ã¬zQQG3y_6wþEå ® +¬>á9hó;/’¬I»óŠCi"å`1ñüTŠb²ÀB3Ç!+¥=–QtØG¶éÜJ›Zä° +¬f{ö-øÔIùó[mgšZº¬Db†¹L>~ѝÎEÿÅ¥€>Ëëª×í'çÕÜ>üÚ%àK:Y¿¢ÞÌê-¿å³æÂ蒎ãßúr^uó~Ë­•ËhÝUj9â‹É&xŒåb~xdšÐ^1ºÕ¶ +º¥Ž«Nú +ÍÛ»%ûÁœ×J]O°f‚ë9­ž•Ç¬§¥m>SœÀ¥67æð‚B{v¶-ë³-ÊRÇJ4¥ÃSìÑ4 +)¡˜ +Á·¶Ö'ª¶N(k×&`hy;žtì·T?Ð1Š“fùsI@AlãlW +Š4]Ìh<-çÑØ +phæ: +•Ž’Ùš‰¶ì+l?Œs¯<‰&K‡@!™Yvdç‘mÅ^&¶”@€AFÏ'›A‚¹G÷F‹® +Vë;JwyDò=Š +jŠAäŒXß&62ª±es^U]=4ò•@ª¬R¿ò„u±:ó!Èù(?Œ^„ÇÙdÁ!'}\0óÍWó÷ø“Qpe6‚æ0iýéœ?¯e µ’‹?ÍmcÕ»CɇŽ¹ŠùMÔìFKÂÕ·“ôCwíŒsÚÛœ*z”`Š§-à¿-ÊñŸKÁ£ûՃ +°%<|ƒYr-Šìmšº'i»¹ynŸëqN—ÝF:%ÂàIJr„‹ksöaÔÞþþ4DõªN¢PñŒƒÚÖtŽÑÕ!čBlŽÎ³ýÝխ׌ӌѻk ÄóP¥Ý’øºU„IÆs^6ÊM¯GÏ4° +2iƒ·« +êXü ѬÄ^àŠ–ÞXRoƒ.K­M–R.£Š‰ +ûœÖ. Bû‰üš6øyd@‰ vÃÈ~ +ÑÎT?*×ê;€ÂVwž~›vVCošJ9ANž±·Å +¡rÚVÿ1QõDCûQ¯Ôg/ÚnÔÚ-qIŽý>%6Ñujw°ÙÄŽíâÿk»ž}&܀دQŠa0Þ¿Ž‡’Þ’IsܕrÊ +ÑÆ +«Ü¡”à–åmÖ(c®Æe¡knúW)㱒™»“dpÅHmzé}. +|Â$±2ä̉!¢~+Œ+>ï®þmd•] +endstream +endobj +3188 0 obj << +/Type /Page +/Contents 3189 0 R +/Resources 3187 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3149 0 R +>> endobj +3190 0 obj << +/D [3188 0 R /XYZ 71.731 729.265 null] +>> endobj +3191 0 obj << +/D [3188 0 R /XYZ 71.731 741.22 null] +>> endobj +330 0 obj << +/D [3188 0 R /XYZ 327.188 705.748 null] +>> endobj +3192 0 obj << +/D [3188 0 R /XYZ 71.731 681.992 null] +>> endobj +3193 0 obj << +/D [3188 0 R /XYZ 227.735 672.871 null] +>> endobj +3194 0 obj << +/D [3188 0 R /XYZ 119.552 659.92 null] +>> endobj +3195 0 obj << +/D [3188 0 R /XYZ 71.731 625.26 null] +>> endobj +3196 0 obj << +/D [3188 0 R /XYZ 71.731 566.106 null] +>> endobj +3197 0 obj << +/D [3188 0 R /XYZ 71.731 566.106 null] +>> endobj +3198 0 obj << +/D [3188 0 R /XYZ 480.464 555.312 null] +>> endobj +1102 0 obj << +/D [3188 0 R /XYZ 71.731 526.007 null] +>> endobj +334 0 obj << +/D [3188 0 R /XYZ 497.739 482.909 null] +>> endobj +3199 0 obj << +/D [3188 0 R /XYZ 71.731 459.154 null] +>> endobj +3200 0 obj << +/D [3188 0 R /XYZ 71.731 427.951 null] +>> endobj +3201 0 obj << +/D [3188 0 R /XYZ 71.731 427.951 null] +>> endobj +3202 0 obj << +/D [3188 0 R /XYZ 71.731 395.208 null] +>> endobj +3203 0 obj << +/D [3188 0 R /XYZ 71.731 297.814 null] +>> endobj +3204 0 obj << +/D [3188 0 R /XYZ 71.731 251.612 null] +>> endobj +3205 0 obj << +/D [3188 0 R /XYZ 71.731 199.806 null] +>> endobj +3206 0 obj << +/D [3188 0 R /XYZ 71.731 184.862 null] +>> endobj +3207 0 obj << +/D [3188 0 R /XYZ 71.731 156.73 null] +>> endobj +3208 0 obj << +/D [3188 0 R /XYZ 173.612 147.069 null] +>> endobj +3209 0 obj << +/D [3188 0 R /XYZ 325.989 147.069 null] +>> endobj +3210 0 obj << +/D [3188 0 R /XYZ 417.158 147.069 null] +>> endobj +3211 0 obj << +/D [3188 0 R /XYZ 71.731 141.926 null] +>> endobj +3212 0 obj << +/D [3188 0 R /XYZ 173.612 130.431 null] +>> endobj +3213 0 obj << +/D [3188 0 R /XYZ 240.316 130.431 null] +>> endobj +3214 0 obj << +/D [3188 0 R /XYZ 307.653 130.431 null] +>> endobj +3187 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F50 1263 0 R /F38 956 0 R /F48 1258 0 R /F55 1386 0 R /F60 1440 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3217 0 obj << +/Length 1643 +/Filter /FlateDecode +>> +stream +xÚ¥X[›8~ï¯Èc"M +°Á@¥>Ìv:Õ¬¶ª¶Mªíjå'Xœi›þú=ÆÇ3ŽóЗÁûÜŸï\2Á➯Ÿý±}¶¹gl‘‘ŒSŸØ +4I&‹„Q’Æt±Íÿ,_âÔÉfµŠq°Œ‰}ŸÔõ§  Çs£ê£}ՊªªŸ±»®vQ足+UwrËc£º‹}UéZuºYý»ýóY€fmî£t‘‚M<26­Ã(&YŽXӈÄAjmºmá~’.EÏ-\Ö¢S_W°öK§ñ ö€–Í=G³ˆ„Yj{©ïÏ*YÈýŠËÏ÷§Ö^ð¬á`DÆÜ}ê”î= +sMŸífï,;·szӀ|^ïG%Ëü +œÃžs'Lhäî\äœy!˜—Rw†X¶ +Âp}Sein-֌rByÑ + {~/ŒµkÊS„gŸmö[¥óséÎi{ìb¬¶¯T×â7U¡¶T{Œ )XJ±/ìwC%ÆœÉðéá04Ê9 µ9Œ€ÜÙ4 +–›ùU=ϋ5cFÃøðßâÇ(öýªÖ +rR|6¢©òpX1Øí;b1BYëÎ¢m§Û}!³+ô¹?¬ +a„z90\•[]êN|ÇäqɄÔm4|Û¡QuhY»ÿÄA+¥wÒŒ‹áOèr +‘Ɲï¢Z +ËSÙGâân'KmPÿfnßž8uÅÄì>.ºÄ³¶à +ò÷²rûüj žSª¶sî5ráD®Bˆ{~3±ßˆÚ]E5攚åéŠà`%GZƞ"u&ª03^ä}L]Ò +±ž¹:3Ïؐ¥„ÏŠÆCÝg\Øs<(gh +õ(Š£ßŠmÿâã*ŒüBس™† @‡–ö$÷êpñ¢` ó#ìâÒNҞ÷{Ù¶^Á÷|7_‚ÖåªSñFkKŽ‹&TOqj»xµŽ‚ØZ +}ˆ„(çï³hDÝ©Ú©ýðp·yÿúáÎqÇT4¬, +õØÀ_’&Éš“A'ì} +F`’lZ +ŒIJ"lªÊuRŒtÒàü®ÄN +µØª·ô0b Fd¿€ÕFZþغˆC¿IÜq8B +g{ñcaë<ì7¹ì ª2·»ÝśpdØ®RpÓ®±+B˜ÓŒÄ‘éC”dnâè +çàµÁÂæÒsÊL +g7R#·‘µbá"Õsź™Ž£ÂCÂb6͗ÏWTï87nÃC¢Qžš°G}Ø +#”lx}Ø`p«“eÙNæ€ÁL— +TÒZACçµh÷Ï/c"ÆŠB€/OcvÐçsMyl‚ÉL‰RýÝÀEGÒáP. þ‹V:T‡a‹T_ÇȮКŽ•åˆ3ªž)IæƳJo¬ŒXH">ÄkÛUu?i|G†œ@Ö±§ÂTzDêaðÓ!æžnr§䛛°h™Ç>³wx¬ÔÇ£ó +Ç #ÑL3‰>ÆÊ-l=6oòÜÉr€l«d¥$C#[•CC÷¡#§qU‚ +b +÷òM”-jØZ;Ü +Óuײ“מ=ÁÛ_0öù +7&Ìú)9fs˜EЃ† +6á†ÎfäôJ?÷ËçÜ4Äò²âñòJ +ƹál +Ç¢ +¡ +nËü¹}ØÇÚ>î %:égÐÚÔªä¹;æÜ¡ÑÕööÒv²B‹COÇ;`„á¿m4Ó"äGÿ$›JµŠµ?Ue-AUÔSõfVÑž,`ẐîÓE̳ƶsCq +_ë¬|ê°K® +óxL ­î^Ýß~økûßÝíööÝÛ·Û + );q³z<¡Ì«!ÃǞaÈñšíPÏ]–+S‰EùXÔŸ‘¢» + +2­ñbœ73»r€ªú ›jTâÅNŸ»_³ÂCüÞد±yØÂ* +ËÝÄrðàC£‡&L C®mZÏ%dD‚Ðû17 +йgȵFý9þÈ +`öŒ~¡˜sæšÇõt~(K¿’5rž¡(ρªçü¥‰¯ŸlŸŠfSªÝGŠ'iÆHH‡îfŽ[‡F8LSEáÚ»s÷±EÀ• + +‚ø͹‘‘€ +HÝü,N +']w÷4&œ0Î~+CŠáo‚ £ñ_ +”ð`2IYšÏàõ|‚†PGÝÿÏ+oúfQ +&5Tä$dˆHœyw^mŸýˆ•) +endstream +endobj +3216 0 obj << +/Type /Page +/Contents 3217 0 R +/Resources 3215 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3149 0 R +>> endobj +3218 0 obj << +/D [3216 0 R /XYZ 71.731 729.265 null] +>> endobj +3219 0 obj << +/D [3216 0 R /XYZ 71.731 718.306 null] +>> endobj +3220 0 obj << +/D [3216 0 R /XYZ 233.676 708.344 null] +>> endobj +3221 0 obj << +/D [3216 0 R /XYZ 378.338 708.344 null] +>> endobj +3222 0 obj << +/D [3216 0 R /XYZ 451.162 708.344 null] +>> endobj +3223 0 obj << +/D [3216 0 R /XYZ 405.646 696.687 null] +>> endobj +3224 0 obj << +/D [3216 0 R /XYZ 139.477 685.031 null] +>> endobj +3225 0 obj << +/D [3216 0 R /XYZ 76.712 615.492 null] +>> endobj +338 0 obj << +/D [3216 0 R /XYZ 345.185 576.12 null] +>> endobj +3226 0 obj << +/D [3216 0 R /XYZ 71.731 555.448 null] +>> endobj +3227 0 obj << +/D [3216 0 R /XYZ 263.032 543.243 null] +>> endobj +3228 0 obj << +/D [3216 0 R /XYZ 446.921 543.243 null] +>> endobj +3229 0 obj << +/D [3216 0 R /XYZ 280.905 530.291 null] +>> endobj +3230 0 obj << +/D [3216 0 R /XYZ 402.278 530.291 null] +>> endobj +3231 0 obj << +/D [3216 0 R /XYZ 196.751 504.389 null] +>> endobj +3232 0 obj << +/D [3216 0 R /XYZ 71.731 469.355 null] +>> endobj +3233 0 obj << +/D [3216 0 R /XYZ 119.552 445.609 null] +>> endobj +3234 0 obj << +/D [3216 0 R /XYZ 254.205 445.609 null] +>> endobj +3235 0 obj << +/D [3216 0 R /XYZ 119.552 406.755 null] +>> endobj +3236 0 obj << +/D [3216 0 R /XYZ 399.011 393.803 null] +>> endobj +3237 0 obj << +/D [3216 0 R /XYZ 340.053 380.852 null] +>> endobj +3238 0 obj << +/D [3216 0 R /XYZ 169.633 367.9 null] +>> endobj +3239 0 obj << +/D [3216 0 R /XYZ 289.035 367.9 null] +>> endobj +3240 0 obj << +/D [3216 0 R /XYZ 144.179 354.949 null] +>> endobj +3241 0 obj << +/D [3216 0 R /XYZ 71.731 354.241 null] +>> endobj +3215 0 obj << +/Font << /F33 859 0 R /F48 1258 0 R /F25 852 0 R /F60 1440 0 R /F31 858 0 R /F38 956 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3245 0 obj << +/Length 1540 +/Filter /FlateDecode +>> +stream +xڕXێÛ6}÷WèCìb—Kêî.&Ù` +Ž@°Û‡ É-Ñ»º8¢Ž[÷ë;Ԑº­ÖHŸLJäÌá™3Ñ©stšóqõÛÃêæÖóœ-نnè< + +7ˆÏ"'ò\®ó:_Öï2~jDœ¹vºþŸ«Ê¯”ºÇ¶–å)^d\–W8k2ƒ¬R +ŽdوO×ÇZ6g|TT¥lªzóíá÷5°><¬Ÿ¯ +©Ã +2âm'b!ñ˜ï$ÅJ¿ð\Jh8Œl·žS +ç°úŽ°Ë(ñ]fwáj7 +HŒuí®ŽLùÄóC·£!ˆÁ™ncÂâYž+N•æNÆK} (^×¢àõ£Òèoný؉ÈÐ×®·àËók‘ 6Dþ!š¬Jî¥øÃË.þ<Ë<ÇÑ~ŸÎ8NÅaãÑ5os㹬Ն맍¬>Cêa Ã;y”%7VuÐr¡w\ÜŽÖچØ_Kh -Þl؇“×Œ‘0ñTM +kÿÕFEmfJâ|vÊ%žª•é:J³äTW'í„ÒH¡ôj‚oîø{֐«ÖZäynhz֋ûèX`¯QŽp–× [Š'ãåK¢ÆìN –B€ShJ4óY•š(å (‹ÔÈñ +H{—‰DÛüÔòŽ-Kñ^ä¢;ÜRØOÃm€÷37 ¡‚nÿY,ÊÖ®BÝ2\ûMϹ¥€ÓeÕó!º÷"ãړ¬ZóÒŸÒæÚÅ¢uò’sYZ ™ßz/†œ!Ed-]JðÙ8ž†2 + ©J%SQσ±ÈH0Š=ŠHä÷¬¥Œ<‚ÄÛ%î|—è*jVÚì oՋŒÜÿ +XçtX|m™ËòQ³g|3 +ŽO}Ä«cF‰¹³¬ŽŸ */x6øsQÕb#ã} +Eiˏ©ÿë4ö’¶qìfÙlB¹k{aŽ#F)þyÃü!aŒ†Fy;`Â\GT€‰Xã‚{;'OS‰Òµ¹—Ž&Ýá6b”Ú˜™{l^kœ^IDc+N’î¬P-#=÷'^ +[.èÓŸ®Œyv»7JÏ°íPzæÙµè7Ù!·ƒÒìQçB+Já +O6rs‚ŠFpø6W•Ÿ¡¯Œ%ô2Æaùð¬=«Ãùµ0®ˆF +Òp9S<·á®ÓNú}qpÔWܪ4jYˆöŸfÃwš†]}б/-£‹ÕD'ÕÆ&ž&‘·àì9ŠåèM{Já`oL‚Véžê+Y&âÅQHâJµEŸP} +öÅ +Â0š³jDaü4ú¶™ ­ +¯fWno +ðò=·ÅHeU›§“J2‡'Lç—)ÀðFÕk )â²qš6t~Ž%~ýPk¶ÐÐù1ìÚ^l:ƶ$€~Ö§>‰˜¹²%®©;C;ˇûZÀ¡5ÖbƒŠ8 +íØ1-ì¡ÓZ"󟩵o’ÞhÇb×Í1ºwßÌÕcf¯É¿€Èàìv1T³xgŸ«$ã +<™ +¯{ˆz"æÒ£“6 ô‰«¯òËÐÅ +èñے\~Ú\‡T3ÑȧN–zö•”âð kŸ +šgÙ$Y—˜zZ +°Š-™ì +ŸÕFŎ-]ëƯþžšŸtq׳œhž»«BOmB +€€yœUeª®p=6ö×z¹”Ÿ†Ê8ìÁÝÏ»8ôá°¯ïP$ms-† +–!Íž¥ìÏÐ%x’ᚔǬ¹HÏœ1Œ³›7s=éf‚hÈúß÷?Š°ë ›â)­ØÒu+ûDXúž~ÉYb•“/9ç +2eµ©'>a„ÍV­}UÆGÔ]Ó + +Ÿuï ?ÛAÙâ'BGë?IÞŠæÝÐÅÞ\΋}cïûîÝݔ¢¹É«„çÝ·í"˜×沐õoRCB]Ça÷é3çÅžßžÔ2ùBVð +ŽYr=–³¹Q`# +Ë\&fȍÅ0hP#ü‘\ø¬ïÌÇÅeVŠ@‡O› +DÄŠÊý_wïoî?Þœóõp«·zË:¢ÿ­9.ü†ŸèwVÅœ˜ +Ÿ +×pUyÖB:ÿ‹ã?¹·Œ +endstream +endobj +3244 0 obj << +/Type /Page +/Contents 3245 0 R +/Resources 3243 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3149 0 R +/Annots [ 3242 0 R ] +>> endobj +3242 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [279.95 246.325 351.88 255.433] +/Subtype /Link +/A << /S /GoTo /D (0:SEVERITYDEF) >> +>> endobj +3246 0 obj << +/D [3244 0 R /XYZ 71.731 729.265 null] +>> endobj +3247 0 obj << +/D [3244 0 R /XYZ 166.376 675.292 null] +>> endobj +3248 0 obj << +/D [3244 0 R /XYZ 166.376 631.636 null] +>> endobj +3249 0 obj << +/D [3244 0 R /XYZ 292.012 631.636 null] +>> endobj +3250 0 obj << +/D [3244 0 R /XYZ 166.376 610.618 null] +>> endobj +3251 0 obj << +/D [3244 0 R /XYZ 244.122 588.398 null] +>> endobj +3252 0 obj << +/D [3244 0 R /XYZ 166.376 545.058 null] +>> endobj +3253 0 obj << +/D [3244 0 R /XYZ 166.376 490.163 null] +>> endobj +3254 0 obj << +/D [3244 0 R /XYZ 71.731 437.221 null] +>> endobj +342 0 obj << +/D [3244 0 R /XYZ 253.472 404.717 null] +>> endobj +3255 0 obj << +/D [3244 0 R /XYZ 71.731 381.6 null] +>> endobj +3256 0 obj << +/D [3244 0 R /XYZ 249.513 371.841 null] +>> endobj +3257 0 obj << +/D [3244 0 R /XYZ 71.731 349.758 null] +>> endobj +3258 0 obj << +/D [3244 0 R /XYZ 71.731 339.796 null] +>> endobj +3243 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F48 1258 0 R /F60 1440 0 R /F55 1386 0 R /F31 858 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3262 0 obj << +/Length 1817 +/Filter /FlateDecode +>> +stream +xڕX[oÛ6~÷¯°šiRwè€4iŠn-‚&.†¡ +Æ¢m͒šŠRÿû +ÞdI•“öI"Ež¿óCagç`çýìíz¶ºö<'AIè†Îzëžq€|9‘ç¢8puê|_îiÕ°z±t<~^òòÆî®­³r§§-ö4+_éQ³gúeÏE£ß²²a +ÏwuÖ +õTÁˬáõâŸõ3lÌZ]؉ÁŠÐ—6-I ‚Cgéú(À±6ê·Å2ÄxŽõc©W,g Bœ+ýòe›åö­æÅè£8Š†HêÝKBPD +d á–üa¬áÕÝûWzX±ºÈ„Èx)Îê•F +µ†­î@ë§užœlž~RýøÞҚ–MVšÏiV³ +DüxN»‡aÕÚª9»]3ãáÕ»ë‹/×ÿ^]¬/nonÖ+tÚøœ›wm–^îÙæð¹[þ‰5{žêÏoìL +Ïy±·Œæ¹11ía"Ûêg+håk¡Ô‰šæ~Éò>úŒå%—"V×nà¹$ЈbÄÎ2!Cú)±â2µ¢PÜ@ŒuZÁðÏ æ¬.Y®ÇõÂysÈ¡¥{€—Â~„b—8K™Á‘‰Õz/Jæ¯À¥IG3·i뚕MnRRŽUÅ놥fGi?l¹á€YÙ>™4?,ñƒ¶Ö _ΞÈEvµ‹ü© +ѓUfL{ŠÃ.ø.J¢ +)èf‘ci×5coï®ôàpÃDϕ‰E>hw_M|`;鹩XyVücÖìFþ +lòP,åZrÁ'<×Ôh|Uù3{·ž}Ÿ +␐ / +?„C†cß3ùÁs1Â@ +%‰çÔÌÙÎ>Oìòây®gwéÕQÜêÚMª2HÐúÈ%ª4$ +Ânäø>Ì%Ú³¿$›Óº”XUHôãq»!äÄ"Œ›h|h4Œúä³ÜðZ’Š +Jú’O*D[03·§ækš z/ñŸwé¡áºX‚%fÑváé +–ƒœÓÔl1Òr ËÙŒKª‚§mÎÄTÂW5—ùhÌ¥;(q¢±©ÅiÞBö/Ïd±ÜÐF¥ì1©>FÅ¡n +¬µñ2¶G6eè€î‡Œê—UÊd\ +V‡‚6Æúùšr8Ï'æG òF~3S@š9=O݃ô Œ; +”}/ò +ƒ-b8S­`¶Å°¶• +ÐM–ËÆ" +æ&œŽŒÕ/%³IÚ!^Tªfv™;ìZ4QŸ6÷ìÃCnE«M× +-H<7û—K)tyØÈñF‹ ûm +£‹‚Ä)1«Š6ûUÃWwº#)h5Aîû(ÁÝ$H‘qRt35²yéHEPüËŠOå+"}# +q® +ÕIstÙ_ÚÅZ±AêM9($JÅ çó=äû‘ÕðlH ï8¶K- š¥hìÚC–v +õ +’Uœ=÷gꙑ\éNYcD–Ž`§Âa˜K[$A‘ + +ϕ¬Š§:²gå +Vu¥[£8 +×Cûœ­î„tû-Y5ÙX ôïæ­×å)±¢K§ú{&ªŽŒ4C;4q°@$ñ;ÐßC3qŠP7â$é¬îiÛk)hd{šiæúì!!Ñ +©ņ– +ÉL%?IBäçÓrœnL£Êg¯º®yOÈClâô¥Jé©ÏÓŸÈ¢ûz¢¢Æ "Q‡u•E° +²H +‡nÉ$­oõmMWuäS + ›‡Rñ8Y²Œ£ê2[»^ŠWŽNÄaŒ–£‡ˆèÆÖ +”‚œ±|P¯hšÖL&N;ccùŠÙMÓIŽ‚"öD‹ÊÈ{–s™£&0Ç!–õc&Ø8²SRҜœ?˜b˜åæCɛ^}äºØ›U + +^O–bå‹ŸŸ"(†!<”Úƒ³~ ;ùηŠåá¶Ýà÷ÿZÉfVß9—53«/¢Ñ*§ +xƒžð§ +ò"Äó)„茑ҚÈò£µ®¡?T³ï-€šÁ“‚ +Í[ +Õû˜í;öšUU?EL뢯ԜfÈð +“Hw«ž0>WAY`”®œÙ ÷j_/œK2Œ‚þD=î³Íޜڞ·yj¡¥†Ž)k”•/g +%1Šƒh‚Q>íD'Ú² +)oûà(ÁÝ¡6|Çdòœõ<žÐ$×ùtp,?†;¯¹+\ê{«K]ŽºCݪùz@PÐënu‰‹éK¬HBhŠÂîÿ^Šºì +"ˆŽ.«O—8•‘ÏgɈš¢n-äLÊÄFsFv:ÍÁŸ.竚œ“×}+Sý £eóßmÒÊ +£ß +W¶ÊÅ®µ +_†Ltáþ +vÎÙÅò>EæWÙTòdÿá +þ+zAЀI@$®ù㝄kÇÿ~ôL“ +endstream +endobj +3261 0 obj << +/Type /Page +/Contents 3262 0 R +/Resources 3260 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3149 0 R +/Annots [ 3259 0 R ] +>> endobj +3259 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [189.445 94.856 248.758 105.331] +/Subtype /Link +/A << /S /GoTo /D (0:KERNELDEF-CONFIG) >> +>> endobj +3263 0 obj << +/D [3261 0 R /XYZ 71.731 729.265 null] +>> endobj +1103 0 obj << +/D [3261 0 R /XYZ 71.731 580.971 null] +>> endobj +346 0 obj << +/D [3261 0 R /XYZ 318.907 535.717 null] +>> endobj +3264 0 obj << +/D [3261 0 R /XYZ 71.731 511.962 null] +>> endobj +3265 0 obj << +/D [3261 0 R /XYZ 71.731 474.781 null] +>> endobj +3266 0 obj << +/D [3261 0 R /XYZ 166.376 421.273 null] +>> endobj +3267 0 obj << +/D [3261 0 R /XYZ 71.731 363.16 null] +>> endobj +3268 0 obj << +/D [3261 0 R /XYZ 71.731 333.292 null] +>> endobj +3269 0 obj << +/D [3261 0 R /XYZ 71.731 333.292 null] +>> endobj +3270 0 obj << +/D [3261 0 R /XYZ 231.311 322.497 null] +>> endobj +3271 0 obj << +/D [3261 0 R /XYZ 71.731 300.549 null] +>> endobj +3272 0 obj << +/D [3261 0 R /XYZ 71.731 300.549 null] +>> endobj +3273 0 obj << +/D [3261 0 R /XYZ 71.731 267.538 null] +>> endobj +3274 0 obj << +/D [3261 0 R /XYZ 162.999 256.744 null] +>> endobj +3275 0 obj << +/D [3261 0 R /XYZ 139.746 230.841 null] +>> endobj +3276 0 obj << +/D [3261 0 R /XYZ 363.047 230.841 null] +>> endobj +3277 0 obj << +/D [3261 0 R /XYZ 71.731 228.684 null] +>> endobj +3278 0 obj << +/D [3261 0 R /XYZ 71.731 213.74 null] +>> endobj +3279 0 obj << +/D [3261 0 R /XYZ 438.645 169.272 null] +>> endobj +3280 0 obj << +/D [3261 0 R /XYZ 358.334 157.615 null] +>> endobj +3281 0 obj << +/D [3261 0 R /XYZ 76.712 140.978 null] +>> endobj +3282 0 obj << +/D [3261 0 R /XYZ 71.731 121.052 null] +>> endobj +3260 0 obj << +/Font << /F33 859 0 R /F50 1263 0 R /F25 852 0 R /F31 858 0 R /F48 1258 0 R /F38 956 0 R /F60 1440 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3287 0 obj << +/Length 1906 +/Filter /FlateDecode +>> +stream +xڍXÛŽÜž}÷W4é,6©{à‡Ä™‰œözƒq;@à]x9{DŽ$vDif¯Oñª‹5“yéÖ +d +V:UÞÜoðæ¯þv|µ¿‰¢Í +Ò0Ý +O›0OPL²M +(OÂͱÜ|ÝŸ­è¥gÝ.ŒMù+Ú_1·÷æ‘€MEyûÚÜõ3•œ¹âmÏv1ÞÞwŒÿn +5¢åœèv¿ +z +-¬ýMœorÀ”Æ +S@â +âMÆ(Á¹Á$‡Ë¥Vkd¹¶ó÷7 †i8=djZ +¡(%°  +ÿù»ìYƒz1CgŒÄ=í"ŒÝž¶¹ Ý=ëÍõyâ­qȶeµyøX±Ö\Á +’l‡¶UžÑÖÂdbD)ŠÓԙCû»’­€ƒÍçQâF¿6&h[š‹ï +Š̍¬ÄPÛ¬äýÌ=à¿,EIC J“Ì,š,×kþ#:$Þ)€ñÄïQµ 0ÌÝ@z2TYúa +©™CÒ +Üx±?ræda¬ðKo]s§<2Øœß1MEŠîþP?¬ú'âƒ(ôpz^Cª<ñƒx»`‹±Z×bØ +­M኉@j&?ª1TMø~¥fÇ[ÉhWTæzÂÆxûùÝ·×·Ÿ®?~û×õíç÷¿|Ò{†ÙíŽlKs- +Kã-·ÿœ°ÿ\ŒFßxû°ƒ;ÖI.Z³Î¯8Á+Þ e¹çãÐÒÆ.t+~Š2`¯ +K3Vœ˜lz/ +9JÉÂK +ÐhÞ@Ž¢gܲò +íùrÃJÑQsýÂF€+\­'Šÿ úñéÈêÇŒ +•izëÇ|[QéžèâÒéÙŒdå„ŽVÎ~• +÷Nžý^Ï8PIQåÓ}îo4«awjOv‡¥hÿÒÿ`ó9Õ$ ü8óۗìanX³–ˆ©šåF–:µ +xá—wŸçvÿ +ûÏÀ;·ãu•]UÖ¢b +z~Fæþž#JôÌÍ ­º‘,G$ç¬é+g]ÛcŽœˆ1g¥{taÆ{œ«ÔuC*ל^Qܖ¹ýôOсïgݪ¬E<ÓÉ7 ‰—’çû)Dӗýª žÁiŒŒØ‚€u¥íçøhY.ÁÁ«"€E^f÷¬/ö]JõS‹‚Ö+„È(œ28ƒUŒ,vœäLnj÷,Bjõú„Ãd^·:v'D¯åÊ£ÏP˜Bi(€$W +FqÙJQýÙ$“$C±g{snØN1ލùOcl.ÆLз +ù#æ/\˜¥äÅŠJ<¶fÕ6x5š|.Á_ˆX +`[ý{Gâ‘Ž–â)Ò>£§û¢ÌǞ!ƒìöŒ-ê¡d{*›œd÷ +kûՖ€ÂG¹o.Fë”×Tk!˜öڄÿҖ®§žy›ZUéÄ1KãV8ŸÄŠâEý0•ŸËÕ6¡ ­Óèi>®jD0éZT•ónŠhÝI³ >ŠtZd­¯<”-ÛITÌ÷8NdÜ?ë:Õ­é¶Øëä\Ý D¯€·ròÐ,EÜi—¹ÒWz·Ûh|Ã÷ñÃÏ +Äš%“ör^EìÓ€|²èþPûéuÎ?® +œBá|<8ñžÓšÿW¹ñ‡ö€öôŽ:‡+ +~ÉFl„õ͵ŠF)ƖÎú«á÷•­iŽbH䙓•k†¥ö·¢ + +a}ŸïØI]/C-}T?û€žæ +õad™ãŸ+lã~Á0k$÷ñÓZBbš€ihú:šî)ªˆ³¹A[Bly +?åÐQ"2ù,„Õ¡ +åYæCºuL0 +Eò‚×þƒŽ{3‘­Ò}ý? +Ó/O$Tן%ø°‹ÔqTÉϏp`hèOfÒÖÖA˜~|*{ÓMOƒ&MÍä[P!ƒSDTpåâëä·µ\ü“©I@<è2«îãlßxRÚ¢.$žš4 +Õ­8ŽÖ¬,i¬œ +SÏù¯jYö†¬éµ¬>ªuŠlêîŽõúœ©›Tµ„ +!qû +\&àñÚܕìD5ÓÕM„ñ +`œ·6߄ø9Ÿhn{ æRGÆãî†KïPÈ¢ã—Þ¹ +R¿žxsòxûåú%(ÿ~|£†>ãwÎúb„ãò5BÙÁŠpΊ\_ý›Ï§Ï +endstream +endobj +3286 0 obj << +/Type /Page +/Contents 3287 0 R +/Resources 3285 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3319 0 R +/Annots [ 3284 0 R ] +>> endobj +3284 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [322.989 100.238 394.919 109.346] +/Subtype /Link +/A << /S /GoTo /D (0:SEVERITYDEF) >> +>> endobj +3288 0 obj << +/D [3286 0 R /XYZ 71.731 729.265 null] +>> endobj +3289 0 obj << +/D [3286 0 R /XYZ 182.838 708.344 null] +>> endobj +3290 0 obj << +/D [3286 0 R /XYZ 370.215 708.344 null] +>> endobj +3291 0 obj << +/D [3286 0 R /XYZ 153.428 696.687 null] +>> endobj +3292 0 obj << +/D [3286 0 R /XYZ 262.575 696.687 null] +>> endobj +3293 0 obj << +/D [3286 0 R /XYZ 420.192 696.687 null] +>> endobj +3294 0 obj << +/D [3286 0 R /XYZ 430.262 685.031 null] +>> endobj +3295 0 obj << +/D [3286 0 R /XYZ 76.712 656.737 null] +>> endobj +3296 0 obj << +/D [3286 0 R /XYZ 71.731 636.812 null] +>> endobj +3297 0 obj << +/D [3286 0 R /XYZ 71.731 618.179 null] +>> endobj +3298 0 obj << +/D [3286 0 R /XYZ 271.55 608.518 null] +>> endobj +3299 0 obj << +/D [3286 0 R /XYZ 299.856 585.206 null] +>> endobj +3300 0 obj << +/D [3286 0 R /XYZ 71.731 561.699 null] +>> endobj +3301 0 obj << +/D [3286 0 R /XYZ 149.161 553.096 null] +>> endobj +3302 0 obj << +/D [3286 0 R /XYZ 166.591 553.096 null] +>> endobj +3303 0 obj << +/D [3286 0 R /XYZ 149.161 542.605 null] +>> endobj +3304 0 obj << +/D [3286 0 R /XYZ 166.591 542.605 null] +>> endobj +3305 0 obj << +/D [3286 0 R /XYZ 71.731 505.514 null] +>> endobj +3306 0 obj << +/D [3286 0 R /XYZ 258.441 493.858 null] +>> endobj +3307 0 obj << +/D [3286 0 R /XYZ 71.731 460.48 null] +>> endobj +3308 0 obj << +/D [3286 0 R /XYZ 149.161 450.092 null] +>> endobj +3309 0 obj << +/D [3286 0 R /XYZ 166.591 450.092 null] +>> endobj +3310 0 obj << +/D [3286 0 R /XYZ 76.712 390.854 null] +>> endobj +3311 0 obj << +/D [3286 0 R /XYZ 71.731 370.929 null] +>> endobj +3312 0 obj << +/D [3286 0 R /XYZ 380.481 359.273 null] +>> endobj +3313 0 obj << +/D [3286 0 R /XYZ 299.506 347.616 null] +>> endobj +3314 0 obj << +/D [3286 0 R /XYZ 71.731 317.435 null] +>> endobj +3315 0 obj << +/D [3286 0 R /XYZ 185.573 307.666 null] +>> endobj +3283 0 obj << +/D [3286 0 R /XYZ 76.712 278.077 null] +>> endobj +350 0 obj << +/D [3286 0 R /XYZ 261.448 238.705 null] +>> endobj +3316 0 obj << +/D [3286 0 R /XYZ 71.731 215.588 null] +>> endobj +3317 0 obj << +/D [3286 0 R /XYZ 249.513 205.828 null] +>> endobj +3318 0 obj << +/D [3286 0 R /XYZ 71.731 193.709 null] +>> endobj +3285 0 obj << +/Font << /F33 859 0 R /F48 1258 0 R /F50 1263 0 R /F25 852 0 R /F51 1265 0 R /F55 1386 0 R /F31 858 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3322 0 obj << +/Length 1490 +/Filter /FlateDecode +>> +stream +xÚÅX[oÛ6~ϯ0²¶›ÑÝÒC1¬Å2¬éÐaÍP +ëÐe–I€âøߏW] +9Eó°>‰ŠÈÃïûÎá9Göf»™7ûõêíýÕÍmÎ2%A2»/gAƒÈßÌ6aÒ8˜Ý³ï*ØĖë ö10Ïw”|ñŒ`×2LvfŠÃC1Y™_¢BfPQ.́–‘·Ø1,Nfê@ ”-ÿœåYX7·±7K%Š$R˜Ö~ +ßKfë ±—PŸÐ#Rfî#š~“˱2" +¬}$ñÆ,ûa4™žÉuây‹€>™Aš@ +— +|À€}Z™1,µjˆ °®5kýʙ8šÁ^æÇߎíO0#­‹ÞX +qþÀ/^았)ùôÉ + +†3[;†šÆ ±!¹Õ·Ø†Jüä^ +±šÌhî=Í­êÌ8‡ÒG—!Uè (ÇXwr + ßªœš0·‡ò +ºèŽ4O~â’ýC.•ïµQ¬/Œþ€'À6J‰) &p̺wÝŸ7æá=åž +¹ŒLÿböƒ€ÛMq›O-œ3Mµ÷Ÿ?cH•Û,æ4ÉþUDFóF©xc·æÇoä÷‡Üøggûûq{À„è6ˆA)ùÚíîxÁÄ«”ø6ü»«QSºo›Wh`7ŸŠù‡ÁÞIî7·A<ó#FI` +Œ6q6[§ H£ØØT%ªØmÒÅç + +3R +š'4“ì͘-©{l×þd +ýA•ÈUiÝXä?Û%Ãœ$ +åBœ€-£Ø}n-HÁ& +ÜZ-ÖI—cdË®ò‹zJyw + +ž+ƺŽ©º Ë55ÏëýÒ÷H¹d`k +ó}A©ídl’kûŸì:Hº*ÏÚÂÍVОG·B6î8”+×a +¢M,€Ìu +0ÏuT +9V&̏¿x+)ØV‚·yÕ—‚99˜mD +—~Œ@Ì.GŸÆ'XEVŽNÑÉŠ6>âÂÚ)•B0Ç5¡¬ºUꎞXUÔ|ë$¥—÷Ú¬Rå#¯<·ÛuEÒvÌÝ)%£ûº-°uoMw|5b0ì@ +¬:5§üŒás‡ZGì6ê¬b×µåˆ)ύÈX?¹ˆ²Ç#‘uG»n`êŸ+\[n×D5 +õõ”·rF[»ž@å¡7í‹^X¡|Ï[ÎNÐ3H56ñ<êP­aêdUN8w—exYœ£²KÛºpq®®¿ ±‘þ.—AŒ(CDŒ¡wn g-3ex‡ ¬ +5×ΙEšhqA6ÞnuԚ˜WúMãö4å‚>.ûòtÎjóžâi³–|@.€£\è'ò]† Ë2—Åj + +ÓŠL +&µ5šH +Y¢$uF”G?Üý> +dl†žÜ±yæîV + +N†(0‰UÎ(h:Ô +ÑW^¯³FXå³= + +#gu•³Z{ù<2ŒôÂ|E)sÔ°}ñDŽÜM +oöù1ð\†Øi˜ +e°ñ"-ËÌ@U( +¹AâÌ(òjnA[uŒÒÐ(\ΝAÉZ’_Ëûº€ªì›˜sÕ üJøšñ<(ü8ÁŠ+m„Np•Ð¢žSEºÛE~ÓP&úDŽöY'å +“lss§ p\HC“Wæ¢Ë஺xMÐI3‰uã°rӎó R2*³¬+ÿ6doûŒo +-GÌ"}ÄZôcCeHößÞ®ŽtGuµPK2úã±{;z6L«õÀ­õ˜µ)Ƕ:µDë¿ZA§ê»Ê²52öœ‚„I³loÝB AÏ™ÈÛŽÏ>;*]ˆž•òíiè×óšt²­Š__–Ÿú[6+W˜D-³z7£Z])A÷ÛüržŸ_âߧVڊIN•TýôÜQ[Y[X/ÉGS)0m¹ì¥’x±š¬°]%ƒ¯îÜwÖt¡äŠÇ¢Õß1àì?žÑý3€^lZp϶àI8ÚòËýÕf + + +endstream +endobj +3321 0 obj << +/Type /Page +/Contents 3322 0 R +/Resources 3320 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3319 0 R +>> endobj +3323 0 obj << +/D [3321 0 R /XYZ 71.731 729.265 null] +>> endobj +3324 0 obj << +/D [3321 0 R /XYZ 71.731 416.09 null] +>> endobj +354 0 obj << +/D [3321 0 R /XYZ 337.725 376.717 null] +>> endobj +3325 0 obj << +/D [3321 0 R /XYZ 71.731 356.613 null] +>> endobj +3326 0 obj << +/D [3321 0 R /XYZ 129.235 343.841 null] +>> endobj +3327 0 obj << +/D [3321 0 R /XYZ 71.731 282.904 null] +>> endobj +3328 0 obj << +/D [3321 0 R /XYZ 420.878 272.11 null] +>> endobj +3329 0 obj << +/D [3321 0 R /XYZ 353.551 246.207 null] +>> endobj +3330 0 obj << +/D [3321 0 R /XYZ 376.952 233.255 null] +>> endobj +3331 0 obj << +/D [3321 0 R /XYZ 275.824 220.304 null] +>> endobj +3332 0 obj << +/D [3321 0 R /XYZ 71.731 198.222 null] +>> endobj +3333 0 obj << +/D [3321 0 R /XYZ 309.009 187.427 null] +>> endobj +3334 0 obj << +/D [3321 0 R /XYZ 71.731 134.277 null] +>> endobj +3320 0 obj << +/Font << /F33 859 0 R /F50 1263 0 R /F25 852 0 R /F31 858 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3337 0 obj << +/Length 1244 +/Filter /FlateDecode +>> +stream +xÚ¥W[s£6~ϯà-öLLlïÛn.Ž™ŠÓx¶ÓÙítȶš$šõ¿ï’aìxۇÄÜttŸï|ç"äm=äýpñi}q}EÞÊ_%aâ­7^žŒýy°ðQè/ãÐ[çޗÉÍ.­$æÓY£IìëßF¿"nkNèV?i¹K œÒwr‡õŎ ©¯•x:G“-'r¯•ŒÉøôõÈžu}Æ^0÷£y*§fAûË$ö` +‚@{ûò#åÍb9y(«—ìçúÚÊn·Ù4Gp6 +ÑäUšÝxÐŽŒ™‚ŒXhã¿í0ÕŠÛ^H\êë,- +}õÅû[C «0UOà/0 +°îcNQWàîC" + +inX{1¥vaU$K%aƒ±ˆMÃxòfvÛ?•œW +Æ4p5ýUlx,È«"[£D|p¢á-üÕ›́ìùJ/ |÷‹/ÍҏŽ‹2çu%]h’“ísœ_Y`¹ŸÀÓ ž|SÿpV+|÷„ÖØ,Oåõ`› +Ø+¬Hs¬ŠØì°aÜ.3Šƒ&ð.­=Í'ãÇ#8ñíjtÏ%r!ÖçŸåž/§ú=gLŸiñÕ +ñãªH3<šÃÂ).Äûˆ‡rÑz07›šfŠØQߞuÖ§ G^ÅÀ‘wß[,2N*iI]O—°ïKd—,'* +ZŽb ™™ ž„FWáš®ÖçD\å +MKq®ªLu3’õ£Ú=ÖÙ¡ƒX +à§yαnnµo9þ4ªêÎPWŠz‚+]Á°<·Ë·R±x:=ÚtÐ?Õe喚žc¢Âv%„šåœ³uZŠûŽâŽ£L +w³ÿŽ€Ž +B– +jaŒÌŽ3Q«2‡ónØD!Ø@å ò8g# +õ€ñòŽß`›,Î’‹šbÄúvL8™^¶XljŠïËÍA,ÞãzîPVVÞÅú?Ò::ÖΎ–·°rà  +8ŽcYs*ŽÄ£×Gý~ʞL¹¡Š¿Á„OèÂiõÒUû£yÜJÆ©äGõÓ6ɑDè\“)—GêØšÛÿ±a(yp;ômpo4yÙ·Ìz€Ól÷.s'ÕhaF‰ ˆ0'"”h7h[ïÈaÀW[†4#)ܱÞ4ßt(›ù1FÞŽ“Ì›Á%0&ÀU³ùuÅY62f†+?Zُeù ’äXBÍ>h@Œã™²*uɛ +QâGIග· +±œæÌòM™<,€0.€÷#üLe† 5B×ÆOÁI>p÷óýsWb>OÐ2—ujìÞ[Qž› +ÝëÁéÞÚê«sDÐÝd4*P;¹ÝsŒ?=ß^?Áô +¿@VsÕJ +›ÎŽØŸYž°W3ÛòÓ_yä”õ–ñŸð(zj +ž{P3u'Á²wà™›Ï +ç*MZÀm +=UŠ@$Êà©#ŽÉ°Ð&•ZœµBéU‰7"Ž.yz|žù]ßüt÷ëÏwÓU8¹4Ã2s‹ª +·aµ•ÆŸÂ‡óSùaŽ—]>Ü®/'dK›lÇîÉÅÈÜÖ;ôµÍOËÌØm€h¿™IÈèB4ŠßªÒjžT\OJ±ê•ÁUàn€*†HA +ðPѵ¬®íº'^ç +­‰àŒ;_ù¶‰&sgÅÝúâ_̇:˜ +endstream +endobj +3336 0 obj << +/Type /Page +/Contents 3337 0 R +/Resources 3335 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3319 0 R +>> endobj +3338 0 obj << +/D [3336 0 R /XYZ 71.731 729.265 null] +>> endobj +358 0 obj << +/D [3336 0 R /XYZ 368.684 707.841 null] +>> endobj +3339 0 obj << +/D [3336 0 R /XYZ 71.731 684.724 null] +>> endobj +3340 0 obj << +/D [3336 0 R /XYZ 71.731 641.988 null] +>> endobj +3341 0 obj << +/D [3336 0 R /XYZ 71.731 641.988 null] +>> endobj +3342 0 obj << +/D [3336 0 R /XYZ 71.731 640.743 null] +>> endobj +3343 0 obj << +/D [3336 0 R /XYZ 137.484 621.664 null] +>> endobj +3344 0 obj << +/D [3336 0 R /XYZ 71.731 586.63 null] +>> endobj +3345 0 obj << +/D [3336 0 R /XYZ 71.731 553.754 null] +>> endobj +3346 0 obj << +/D [3336 0 R /XYZ 71.731 553.754 null] +>> endobj +3347 0 obj << +/D [3336 0 R /XYZ 124.533 528.762 null] +>> endobj +3348 0 obj << +/D [3336 0 R /XYZ 137.484 510.83 null] +>> endobj +3349 0 obj << +/D [3336 0 R /XYZ 71.731 475.796 null] +>> endobj +3350 0 obj << +/D [3336 0 R /XYZ 71.731 429.968 null] +>> endobj +3351 0 obj << +/D [3336 0 R /XYZ 71.731 429.968 null] +>> endobj +3352 0 obj << +/D [3336 0 R /XYZ 124.533 404.977 null] +>> endobj +3353 0 obj << +/D [3336 0 R /XYZ 137.484 387.044 null] +>> endobj +3354 0 obj << +/D [3336 0 R /XYZ 71.731 364.962 null] +>> endobj +3355 0 obj << +/D [3336 0 R /XYZ 71.731 319.134 null] +>> endobj +3356 0 obj << +/D [3336 0 R /XYZ 71.731 319.134 null] +>> endobj +3357 0 obj << +/D [3336 0 R /XYZ 71.731 256.284 null] +>> endobj +3358 0 obj << +/D [3336 0 R /XYZ 230.783 243.333 null] +>> endobj +3359 0 obj << +/D [3336 0 R /XYZ 326.523 243.333 null] +>> endobj +3360 0 obj << +/D [3336 0 R /XYZ 431.728 243.333 null] +>> endobj +3361 0 obj << +/D [3336 0 R /XYZ 71.731 197.405 null] +>> endobj +3362 0 obj << +/D [3336 0 R /XYZ 71.731 181.151 null] +>> endobj +362 0 obj << +/D [3336 0 R /XYZ 275.564 143.935 null] +>> endobj +3363 0 obj << +/D [3336 0 R /XYZ 71.731 120.818 null] +>> endobj +3335 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3367 0 obj << +/Length 1574 +/Filter /FlateDecode +>> +stream +xÚ­XێÛ6}߯ +ˆhQÖÍò°]$AŠmZt݇ ŽD[ÄÊ¢*Êv¯ïðŠ›µA’öeMRç̙á™ÑúÎÞñw7¿ln–oW+gÖq;›€ +qâ$«¥QàlrçÓâ® uK× +"!ý{Ç«ÏŸì +«özICAXõRÏڂêAÁE«G¬j©ú‹}Ãڋ^:ðŠµŒq¿l~œñ +,À„˜< +G(#Ç +Bù©õðñáîöþþ•=&gÍ +”‹ÈHY$d[Òåh)ã9í15ͱ6 +Rå%ø +(° ŸýÈÏàÖSðøîÖÅ/6o®a€CàŒ‡Ž¶<>cJMvŒ!š7š÷FÿøS"ûýnÖÞòmä;)ð‡*–~€pŽÊú²nxŠ·è +ÖhÕmë-=(ð^°Â( +׎'s!‰õ†÷;ˊþ¥‡Ú†R”Œ‹ó$&žçTd +«[ë³ +Pï// +ã$Ï*„ž|¥ +ï‰(ˆYÞRZMÉè2 k?gi©˜ +K[ƒ‹èŸŠºAŽ8?“WvY%ZˆÍMÈ6ÙŒT•åD¢Û]&ŒliAÜÀ_œ?.ž!ø(ljº.%zÆ+ѓt.XVŒÜÁڝ³‹á”£å°Z뀝ø&y5€m%žck¯IwΖvÇؕˈµœjŽ·¥áŒ}b­'ŽÒ:ÈãOŸ +MMž“_ü`0¬QÚ¡hož§¥ŠÝIþ,z±n˜ZdðG‹=²‡é}Ϟ$}:˜ †öSY-B=äѳŠ +úW ++öhž.+Ãç²~†°o܁ÿ?ç2†ì]`ÞRñù3“Åÿ9›t俕?H‹a +4ƒ.²ÒÄ(ö +”Œ¥¯ôÞ0 +ê+”JØc”óVҜ€š2øU)H¡1ÁF) +_êñ“€LS +jSêEVíÜpnfæ<*©XP;ô¯ +¶DВUf–H2"ì3iã¢Ç’Ÿž€ì(tÁVː)e.ì©Äŋֈ¿vÎÃő¹ +•ÖëÅRÓ +¬”ÜõàV±­±kh†œZ: «etŽ]Â"ŒŠôÊG‡R¹ôì@$—Îá†jvÚ¿_å +òV@ÎHyT²·f +pMg·ŠË„q›€g!§h•Ó+ +%çOæ̒é8~ÃۋÜ`]*3Lgè€Î?5͌1㲞!q}\•Ši”^·ì VTŠ%‹¬ŸÏ8 ¹óôX“¶Ð/#„Ž2ª™©cƒ\lèßGÖe㜈•¥·ñËg³òXçZ— +z¶›!êhw«Ž"gŸˆ‘‰ö"5šÚå‚9A54Þ«ëŽàHÝa/NPƎ—®ÆFD#~ÓíiwcJŸgÕþò£Í8Iî 싙Þ*LP`Sb +ڍ›êK®ôñP3[ÎLÅA*( +oÚIgØK9¯¥~œŒªëԞj[s:Üoð¥|“ꇖý«.NæuÏ£•¬^žòÞ;“Vw +gý±Ÿæk +>ã2`<ÏÇzm¿ÔdÂudÊòI®ø +•(Ó¹våÊ6Ðoåv{$ƒã)ÙW2 Pò6SJûVxÒW¯|„ãØêþ±=Ôs]uˆúÚÐ]Y Áà”4Ya 肬 ŠŽM~–—ŽŽœÝÎ*Ûk’©¡ßWì«eŸ/Žü™úÉEÝQÀ©%°ÑŠ +C"Œª° +t‡ÃÞfž$AašZÏÏ?ÉØ©ú~᪱ÞI%%+»ïÈ®Ëés?¿nË4’á/^ƒø +Þ¿žÅÝ&Aý§Í?›EpVhµ +ÇDö°È°u•Ž¿š!û(/7/•Ãk}Ä'‰í˜þœ˜“ö®ûºÕ9)ŕ3™Ÿ +ªŒ“º“Jáä”ïvª±š=rfñ^ŠÈ]A³§[iŠŸÆ? +Q} +œH©g[ڞէ•œdò\Ñcgf +"À«\|Ðd +ôœ1øŽún? +X³0d’†vk։6LW +YÐîafUžûO‡óI=z° %'p +žìZü§ÆEyüšœÙg° +Ä Û6ü/Ìð¢¬RŒ|Y)Ã5ò×F#ãhôʛÍÍ¿)³è² +endstream +endobj +3366 0 obj << +/Type /Page +/Contents 3367 0 R +/Resources 3365 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3319 0 R +/Annots [ 3364 0 R ] +>> endobj +3364 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [344.508 130.895 416.438 139.608] +/Subtype /Link +/A << /S /GoTo /D (0:SEVERITYDEF) >> +>> endobj +3368 0 obj << +/D [3366 0 R /XYZ 71.731 729.265 null] +>> endobj +3369 0 obj << +/D [3366 0 R /XYZ 321.711 695.392 null] +>> endobj +3370 0 obj << +/D [3366 0 R /XYZ 71.731 673.31 null] +>> endobj +3371 0 obj << +/D [3366 0 R /XYZ 71.731 601.579 null] +>> endobj +3372 0 obj << +/D [3366 0 R /XYZ 71.731 562.725 null] +>> endobj +3373 0 obj << +/D [3366 0 R /XYZ 71.731 547.781 null] +>> endobj +1104 0 obj << +/D [3366 0 R /XYZ 71.731 453.798 null] +>> endobj +366 0 obj << +/D [3366 0 R /XYZ 366.095 408.544 null] +>> endobj +3374 0 obj << +/D [3366 0 R /XYZ 71.731 384.788 null] +>> endobj +3375 0 obj << +/D [3366 0 R /XYZ 71.731 353.585 null] +>> endobj +3376 0 obj << +/D [3366 0 R /XYZ 71.731 353.585 null] +>> endobj +3377 0 obj << +/D [3366 0 R /XYZ 71.731 320.843 null] +>> endobj +3378 0 obj << +/D [3366 0 R /XYZ 71.731 320.843 null] +>> endobj +3379 0 obj << +/D [3366 0 R /XYZ 149.718 296.962 null] +>> endobj +3380 0 obj << +/D [3366 0 R /XYZ 197.04 284.011 null] +>> endobj +3381 0 obj << +/D [3366 0 R /XYZ 418.258 284.011 null] +>> endobj +3382 0 obj << +/D [3366 0 R /XYZ 71.731 258.94 null] +>> endobj +3365 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R /F25 852 0 R /F48 1258 0 R /F38 956 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3385 0 obj << +/Length 955 +/Filter /FlateDecode +>> +stream +xڝVMÛ6œï¯Ћ +¬hRÖgšŽÛŠÈ¢AÖE +€9È2m+‘IÙñ¿/)UÉñÖٞDR3Ã7o†ÄÁ>ÀÁ/wo×w‹‡å2(P‘Fi°ÞQž ˜dA¶ŒPžDÁz|žœ;”­Šr +F ž%È}ß þ7ÆÑŸ“Œïݒ*›CÉøœ›éuƒƒPڍ×t +ãÙ^2}vKàL +9ÿ²þí¬ÅC‚ƒÜ`Jc‹)$I‚Nƒ0ŠQ‚sêëbÌCBPšd~1L± Ú՚µ5u³ZìWnŒ9»¯ +;Eå$Tz->,>Ñ#µØ?ؐv—UeæÖtñ%ÉPD‡:ÉQ’aNt&‹È²—å†RZÍ#<{v䙕Ft†­›XfkªÎJÓÆ­Ž¢f£Êmµ$£šÅÊ#„¶dlµžçx& +ŕhZVC1NL Z]Û + •Ù é«Æ”‰V3á‹iXºšj5ԟŽí_>‡§ÐÐâ_×9Égà +†”—›š†=*¬ +CÏW²õÑ "Ðs€©„Á†NRßvOHÚuä–šÔC˜1û@F鳄2-%ßNãXzH2;_÷•À7W„ +Ìj˶•¢•¬ÔjœŒõP¢Fl;_ت“’r]Ÿ'ÕÃŒw_ó“šKÉÌ~ýþñ—O;Á=ÐÉŠIù;t_Ÿ[‹@ë~4`}§Ø™­!vC’'v;[t;p6¢É +Ôs›®Èk1œ7Í.e +šKõ‰Rî&ýÙSÿŒºÊ"“â+ÁÞ÷Rۋ¿Sq£ŠÈ-ü ì +Ê#ŒôIŒñŸUမ=öö[ÂœãNϘ}Ó7’Þƒ•=çåËë›àì"ä &vâô +vÈÂ(ANƒtŒöŠë‰dJÚV§Ròÿ2þœßåEëìvàlNh¶Cs?ÝûQ]‹“Oßßç5Szè÷Iæ/†|à­ùþ~ìôX-®9ÿKyË€S7MtÓ: \ЯŽºçBulk>[zŒ +ð ü3çç +! +œ2¥Šcÿ–žzßlÎBM™4×-âTûbÓvóñ=¯Ø–ú»åU­© +x®ç™q/]F¯À‰–/ +‚’Â<SŒâD3M'.?¯ïþ7²ëo +endstream +endobj +3384 0 obj << +/Type /Page +/Contents 3385 0 R +/Resources 3383 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3319 0 R +>> endobj +3386 0 obj << +/D [3384 0 R /XYZ 71.731 729.265 null] +>> endobj +1105 0 obj << +/D [3384 0 R /XYZ 71.731 637.559 null] +>> endobj +370 0 obj << +/D [3384 0 R /XYZ 427.295 592.305 null] +>> endobj +3387 0 obj << +/D [3384 0 R /XYZ 71.731 568.549 null] +>> endobj +3388 0 obj << +/D [3384 0 R /XYZ 71.731 537.346 null] +>> endobj +3389 0 obj << +/D [3384 0 R /XYZ 71.731 537.346 null] +>> endobj +3390 0 obj << +/D [3384 0 R /XYZ 71.731 504.604 null] +>> endobj +3391 0 obj << +/D [3384 0 R /XYZ 71.731 504.604 null] +>> endobj +3392 0 obj << +/D [3384 0 R /XYZ 418.956 467.772 null] +>> endobj +3393 0 obj << +/D [3384 0 R /XYZ 71.731 442.701 null] +>> endobj +3394 0 obj << +/D [3384 0 R /XYZ 71.731 122.268 null] +>> endobj +1106 0 obj << +/D [3384 0 R /XYZ 71.731 105.914 null] +>> endobj +3383 0 obj << +/Font << /F33 859 0 R /F50 1263 0 R /F25 852 0 R /F31 858 0 R /F38 956 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3397 0 obj << +/Length 1036 +/Filter /FlateDecode +>> +stream +xڝVßoÛ6~Ï_!`fCý¶ä!íœ6Ś©óÔ-Ñ6YHʆ÷׏'’Jä:r»' +©»ãÝwO‡œµ‡œ÷oW·qìÍÐ,‹2o±ò¢iŠ’0÷ò8BÓ4ò¥÷uònCE +D)ž€È¬ïxý +ãhÝ +V¯Í‘$Û +aõ¥Ù© +5†Ke$V+ê'x²L +Ìі×Lqá_|ŒÀ6¬«Û(õ +Eaš@PAÆ(›fZÈQˆUŠô©v’Ou€Žð#< + +]=›úátb̓€ÖdYÑRu°ü˜¬s–g¶²6$b +% +d^ÚÐù‰Ä +]¡§ž(|eÖç²t)«L\®²¡%ç›HwsïKЊ(æGéd•£Ã z + $ i +š9b¿û)ÔÛ2ukÕK&h¡yyð³tbçX,ŸÙ\—Çi—TiËg +±¢‚ÖÅŒx%w5‹Ûg‹Fð‚Ê>ï +ºîoÅ £Ðª-À’T]YSìMuY³î%Å!J¢DŠhß+ ì ²ë6;œ.qíR²mS +¬û²”F2ÃQ£ý5‚Õ +€6Eó‘ÖJ0êLø‘é֐ +î虊7“êÒ:WG&/¹@y†Š³dX`RQ¡zªèXzšTè +ÑÀG>âbŠÉÎ5œR£8ŒNY惐ºDŒE€µ{šFìÚ­æµ)FôæÃçOó±tÍÒfÅ +³«èŽVö"è ,é@“–hÄëbcµIUñ=Œ6ØìHÕºDt»øc$emÇÖ5tä¢4;—­2œð¥Š¯;ìÇUւïG¢©ùÙ`%%¯õC{] +¹Ÿ‡gì£3ßã3ߓŸfíq%Kº"m¥†oa +˜Wõoážlé5ÒгúŒ«#+×Ïd'å抎jÃû—–ÿ<уüéÀ‡Ïzœëf}ŒûÓb²ßPacÛ»•ÔêÄûEÿwý<ƌïn­“ó‡¹=úbž7ëç¿çVzž¹?¿ŽZ +³~züb¥·Öþ¯}òË +fŒ§GVÊk|b +èf ++Nüœ×ȳ +%‰›Õú‘kËËÖ +jËÃÑ @™Ðó +ª©rsî¶iûé÷®.XIkûíÊ†×nf[ø9ŽË-:fv<Ó¿à8÷‚4Gqnÿ1Y>0™/.þM{ +endstream +endobj +3396 0 obj << +/Type /Page +/Contents 3397 0 R +/Resources 3395 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3319 0 R +>> endobj +3398 0 obj << +/D [3396 0 R /XYZ 71.731 729.265 null] +>> endobj +374 0 obj << +/D [3396 0 R /XYZ 443.684 705.748 null] +>> endobj +3399 0 obj << +/D [3396 0 R /XYZ 71.731 681.992 null] +>> endobj +3400 0 obj << +/D [3396 0 R /XYZ 71.731 650.789 null] +>> endobj +3401 0 obj << +/D [3396 0 R /XYZ 71.731 650.789 null] +>> endobj +3402 0 obj << +/D [3396 0 R /XYZ 71.731 618.047 null] +>> endobj +3403 0 obj << +/D [3396 0 R /XYZ 71.731 618.047 null] +>> endobj +3404 0 obj << +/D [3396 0 R /XYZ 150.976 581.215 null] +>> endobj +3405 0 obj << +/D [3396 0 R /XYZ 71.731 556.144 null] +>> endobj +3406 0 obj << +/D [3396 0 R /XYZ 71.731 119.148 null] +>> endobj +1107 0 obj << +/D [3396 0 R /XYZ 71.731 102.794 null] +>> endobj +3395 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F38 956 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3409 0 obj << +/Length 1373 +/Filter /FlateDecode +>> +stream +xÚ­WKÛ6Ÿï¯0ÐCm Šõ–œ"‡<6E‹¶Y`}Kr %Ú&,Q*)ewÿ}‡äP–ŽZ· +ôb>L¿ùøÍpä-Ž +oñë͇ÝÍæs.¶d›ÉbwXYL"?]€a@²8XìŠÅ×åÇmZ&Wë ö–1±íÇZ|óŒàØI.ŽvJÑêD¹xcGí‰ÙΩV­íqѲUä-’·Ovªªok¹úŸûýÆCX›ÏAŒðSøq€A­?$I–@'%ŸYT1ñ#%Í ËW·<[(0sÐÃZÚÁ‰+ß[LlôÌ6Wª_ÙH³4gJ1¥a#þ€‘(%Yà/֚4µGïVl±äuÕð]}àí ¹èšŠ–è÷¡–Ž®l¯nZ^;ª:Å&œå=»lž +ñe|ÞÙ\¶®ül‰Û×k&èŸdëÆÌw×9ÐvžqٙLÐÛ +tUsÕÚS£›G' +3Æü˜€F:ŠÑ_ŠQÉÞj(SŸy±GáÇG-ñ®ÊºB« +‰ä„¡€S˜X éÓšdŽPoíâ(,Ž<Æ)œ3\hŸ'íyÙý‹uցcÝ] +VÚÉÖn ‡‰Š®BÏ€&¡ÕŽå6Áˆâ&:XYþâLujÆ£ Îà%t 5ã‡a)qK*mÖ^æ‚f +y]‡°Á‡úcíû$‰1€ñ +5@˜{£ë†ácN屫˜@«ªËûÅŽ +Qᖣ>Ï8þÆk8P>pÅ.ÇHa +°Êrì‰dÖÔ3CÃN0Ú#Œyûh™Z%X~¶)~Œ +SߕðkO'¥µ +ŒEg§ö=:ßQ@¬Fýoìð E`ë Àú‡]ͧ~¯Z”•¿TO@P¥›ŸLeÔ¡a*æ|ë†lÙ + +Ôæ€Z œƒf ++ ƒ8nî.Y_ØÝÝ¿—ÙñÝŸx°ßK¶©Þ¿ +É6r»AsÊLIâõf +2­ +ÖNÀÕ랣Ͷ$õ“ëqà‘(é{‘ ö #@gþº%G,a¿4L|žÿd‚±b.³ +jâíÿÄÓãyž§A&š‹®kÙç!wəPŇQ`¡¿%QÕv +8ŒxPèûÈÓí#ÕoóTjô"­ØßDoµa’sÆÞ×;ٓvþ>'êŸæ'׉ç-ßç-ÿAõ“©G:=ì@»²µ:xu«‘A* +ÚI¯B2' ýw¶yb}b Búá’)ytG±Ì~Zۚ<ÕÂÃcFÛwÇ +‡zÕÏÙæJ±aRnrØ»¡%“íÿ_ôXï~æó5BïíÐ÷‘×ÚâqjôÔV+Waz¶Ñ)@·a&é«`áþÉEø;gæÎG{èãt1ù +}–‡™OŒ>€ãˆ$ ê8ÉF[nw7ÿ{Ò/v +endstream +endobj +3408 0 obj << +/Type /Page +/Contents 3409 0 R +/Resources 3407 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3435 0 R +>> endobj +3410 0 obj << +/D [3408 0 R /XYZ 71.731 729.265 null] +>> endobj +378 0 obj << +/D [3408 0 R /XYZ 479.061 705.748 null] +>> endobj +3411 0 obj << +/D [3408 0 R /XYZ 71.731 681.992 null] +>> endobj +3412 0 obj << +/D [3408 0 R /XYZ 71.731 650.789 null] +>> endobj +3413 0 obj << +/D [3408 0 R /XYZ 71.731 650.789 null] +>> endobj +3414 0 obj << +/D [3408 0 R /XYZ 71.731 618.047 null] +>> endobj +3415 0 obj << +/D [3408 0 R /XYZ 204.502 607.118 null] +>> endobj +3416 0 obj << +/D [3408 0 R /XYZ 71.731 585.035 null] +>> endobj +3417 0 obj << +/D [3408 0 R /XYZ 184.567 574.241 null] +>> endobj +3418 0 obj << +/D [3408 0 R /XYZ 371.066 574.241 null] +>> endobj +3419 0 obj << +/D [3408 0 R /XYZ 71.731 552.159 null] +>> endobj +3420 0 obj << +/D [3408 0 R /XYZ 206.784 541.364 null] +>> endobj +3421 0 obj << +/D [3408 0 R /XYZ 71.731 519.282 null] +>> endobj +3422 0 obj << +/D [3408 0 R /XYZ 71.731 473.454 null] +>> endobj +3423 0 obj << +/D [3408 0 R /XYZ 329.253 449.708 null] +>> endobj +3424 0 obj << +/D [3408 0 R /XYZ 71.731 421.648 null] +>> endobj +3425 0 obj << +/D [3408 0 R /XYZ 71.731 406.704 null] +>> endobj +3426 0 obj << +/D [3408 0 R /XYZ 438.654 397.205 null] +>> endobj +3427 0 obj << +/D [3408 0 R /XYZ 252.03 362.236 null] +>> endobj +3428 0 obj << +/D [3408 0 R /XYZ 345.97 362.236 null] +>> endobj +3429 0 obj << +/D [3408 0 R /XYZ 453.293 362.236 null] +>> endobj +3430 0 obj << +/D [3408 0 R /XYZ 71.731 355.26 null] +>> endobj +3431 0 obj << +/D [3408 0 R /XYZ 227.696 345.598 null] +>> endobj +3432 0 obj << +/D [3408 0 R /XYZ 321.636 345.598 null] +>> endobj +3433 0 obj << +/D [3408 0 R /XYZ 76.712 327.666 null] +>> endobj +382 0 obj << +/D [3408 0 R /XYZ 322.06 288.293 null] +>> endobj +3434 0 obj << +/D [3408 0 R /XYZ 71.731 275.139 null] +>> endobj +3407 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F38 956 0 R /F48 1258 0 R /F60 1440 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3438 0 obj << +/Length 1493 +/Filter /FlateDecode +>> +stream +xڝXMÛ6œï¯Ѓm`Eëòå=4Ûl»Eѱ-š" %Êf#‘ŠHu×ÿŸ”8€E­í$=-E“3oÞŒ6ð^àýt÷vw7ŒcoÖËhéí +/JŽWÞ*ŽPšDÞ.÷þš> +q-I3ó£$˜&Hÿ}àìCD‡¶¡ì ·®Ž˜²{ý$D/Ž\Hœ¢L’Ù"˜ +*Oz«âŒJÞÌþÞýr¬ùcx©ÂŽ\t˜ü0IP,=?^¢p™hPßÍüeLw—nÑÙnþÅ¥~ú$ez-HÆY.ÔVš7 +å¯_Ô +ψú!;’ì“8_ÏIÛR‚uø!kŽ7šp+Ì~¢e²4È.lnŽ«‡Îɓõû³ežÅ(c'ÌmM2ZœôŸ€^ +ñjC>·Ž!9üÎa·ehÄ +nmE˜Œ +K€jXßÃæ÷íÓÆß¡-10K^êFa£œáUX*Š-jrÃ+oeÝÂ5^@Ѓ +ÞôÆ3-ËA"aóH”‹æìLƒ~úÑhæ2ŒÕaLj1"2Ùâ²roÁ-j +“’Ó +oŒi3àåÑ`˜@®újÜlh“{kâ–ÔÎJ¶tŽ1ý'ãe[±k]iXâ÷ŠeÄäuTenò~¥¬}¹·YhÆ&u•A6±-dkW¡‰[ª ’L’üF°}«iîÈX +‚a‹æ];¹wE"Žü8؟¬¶ôÂ'»ÉWד‘Р¬6Û +–GÏŒÍ|OÙŒŸ©CLjʷcÃïS>Œ/\¡(Lô«=IQ’zþj‰ÒÌ©w}?c¬ÒigkÓOzÄP;E÷ØI¬{à5azU÷[Š9¡œÄá`ŠY¬P +jzP#Í +œìf©²£GŒW5-aXyŠ]ðý4ÓÖÊ,L.ýÈ §š.»ÝJ + +;}[wŠžÌÎGdx +ð¥|@ƒœ ùùê,L§pÝ÷ Ãû’ø +(_¿ã^Ç:²µ³h+ž·&FmH8C 7”èWš9°­V +žÝëW +3T¥^XýQ6"£ë‡%ÁÝ;‰o˜åzѐžl#¯­“PÇ0ðŠ[CïÌ*19ØwÚhá@ߧz×ê-Ar3^MRß®aŽ}O>­§’~š +ŠŒ7öõ¢tµ=õÓgÑýŽ3òŠ»ÎÚjOš¹Ò$WMëL—ê¯{òHcž"fŽŽó¯ùë +*±ª`|U1ë8§ÔüÅ&bæ¿ß<@Vµy`† „®#5B§(Dћ(šË¬~L +a€éöw†)0®jƒÄš +æd ÷ÃC¯Ug®Bõ‰‘ªÃý¡9‘ÙÜH邲—j¯Ìé±|ÔŽ©„›DïO`aøm³JQŽ¶tŽ +ÅZ§ñÈўdØÖžS2j²³Z³sôx—w”šî¢`•žÚŠÒš_¥†úíög0Iu.-S +æ|/tf?ÆÎ́N•zÔò°" +%\|³„¿]ŒñUñÌoSn°X»Úe +øªå{©òèŠf,ÞÏ-iN–U›”ŽŸ +×µù,Ö¹û¿|Ê4“IŸlæÔòÜX8=íB³€ìB¡ +Š¡ShM]zSÆ(ˆ×#é›þÿOk>ãMÃéåqÎ-,G͈hÆÇ¡ +^šn®i|*ŸŠt-é$FQê’ÁYéP<.¬a|ìëŠ Ú×ߜ&#ZNŽX*T¶™(›Áékò“¥BnۓIõ ÔÐèŸ$Ž'U*ÙŸâ.I¡Ø–kç»ÝÝýÅ} +endstream +endobj +3437 0 obj << +/Type /Page +/Contents 3438 0 R +/Resources 3436 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3435 0 R +>> endobj +3439 0 obj << +/D [3437 0 R /XYZ 71.731 729.265 null] +>> endobj +1108 0 obj << +/D [3437 0 R /XYZ 71.731 408.668 null] +>> endobj +386 0 obj << +/D [3437 0 R /XYZ 313.416 363.413 null] +>> endobj +3440 0 obj << +/D [3437 0 R /XYZ 71.731 339.658 null] +>> endobj +3441 0 obj << +/D [3437 0 R /XYZ 71.731 308.454 null] +>> endobj +3442 0 obj << +/D [3437 0 R /XYZ 71.731 308.454 null] +>> endobj +3443 0 obj << +/D [3437 0 R /XYZ 71.731 275.712 null] +>> endobj +3444 0 obj << +/D [3437 0 R /XYZ 204.502 264.783 null] +>> endobj +3445 0 obj << +/D [3437 0 R /XYZ 71.731 249.675 null] +>> endobj +3446 0 obj << +/D [3437 0 R /XYZ 71.731 234.731 null] +>> endobj +3447 0 obj << +/D [3437 0 R /XYZ 71.731 221.779 null] +>> endobj +3448 0 obj << +/D [3437 0 R /XYZ 139.477 206.004 null] +>> endobj +3449 0 obj << +/D [3437 0 R /XYZ 161.335 193.052 null] +>> endobj +3450 0 obj << +/D [3437 0 R /XYZ 309.569 193.052 null] +>> endobj +3451 0 obj << +/D [3437 0 R /XYZ 379.556 193.052 null] +>> endobj +3452 0 obj << +/D [3437 0 R /XYZ 71.731 167.981 null] +>> endobj +3453 0 obj << +/D [3437 0 R /XYZ 71.731 155.03 null] +>> endobj +3454 0 obj << +/D [3437 0 R /XYZ 139.477 139.254 null] +>> endobj +3455 0 obj << +/D [3437 0 R /XYZ 149.718 113.351 null] +>> endobj +3456 0 obj << +/D [3437 0 R /XYZ 385.76 100.4 null] +>> endobj +3457 0 obj << +/D [3437 0 R /XYZ 71.731 98.243 null] +>> endobj +3436 0 obj << +/Font << /F33 859 0 R /F50 1263 0 R /F25 852 0 R /F31 858 0 R /F38 956 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3460 0 obj << +/Length 1559 +/Filter /FlateDecode +>> +stream +xÚÝXYÛ6~ß_a ¶5—”E + +ô!Ù&íö¡1E‘mÑ6»²šJò +ÿŸCqšËÚMzœX@kŠœã›™o†¢“ý„NŸ¿xœŸžz»\Nb^0Yï&^ĉÏÂIžôHÄœÉ:™|œÝ +D^ÉbŸð8qbŸ7:ûD©·?*ÛÛ¥R +Be—öWuöŸƒ.+ûŸÊ*9÷él_šêÉ. +uŠ*]Ì?¯Œ hÖÕ[O˜O–~à£,à$ +øNʘµŠƚ0šœË+¥³ÒˆXÇ#:Y_ÂОzz¹›3:§ŽB{?QNu–>Á“ +<0vvÿ—¶º(d™ë,iܯôàØTïæ +Ÿ˜¶J€v1G9µÿÂëçzP)îßà»r+²L&Äžhœb +‰9Bñ*I”ñßéèÙ[¢Á"ë +I"ûïœKt'ÂuàdqD(å`A­y5÷`sQÝ +äöî¶V +*¿µ:‰à`à›ƒ1% +ƒçnWóE@k#Ʊžñ%„ŒÙ1z8ȁ +" +‹¥ÏH +‡ˆŠ,ÊE U9pÏ© +ÃHž«ƒÀȔ}J“gbSÿúuÎàš> +p?•,gÆ¬µ•©šòTŽžRGG—ee.·j‡Ù|Êû/oü|!1ˆ + +Š­ +ƒxŠÒXÝ?éJ^۝~ÔÙ µèÓ&@¿ +T*m-ª +Ÿ¥}æº,ÕÆ$ŠÛQ› Ï£*-*fíàöcîõv¶Þ/å|IgÈL3ë$,›Üª·a¯Ó§ÖÊ¶®Æ ;û³®¶:™Ð©c$àH†pŸAÈj"ñèÎØ`–j-ŒËŠîŒ7Ù@wª·ÎÒ£Ø +T& +d€.œ’ˆÆ֚²žWMU×€•KL± +*±ìò—KZ᪊œTáê^ÝïkKæ +Ò"åF(4<ª +U]—OKG©>cYòp@F"K®lçX o9.î×pÏÚwˆø˜¥QL(çÿÄÒÀ +&˜Õ4„®Îúðo%Òûmõh«’)’‘ÚgºI±¯L‡¯ì>ôHoÚ:þc †1ñ9û7AeqUöAýúŠÇŽG¶ÓçñkÜ®‰ë¹îäpìIm3uÎ9Ÿ5.™ãÒt v‹R梕 +ƒó}ˆ±Óï*ýªOš¬ÄÞ÷­÷Âõ67Øl:v9Õ]šŽ»Ê +]é­N§mbJ²GùžwUmó63wŽÂÄ£d:[Œ_Ýô +:ƒÌ +dC¥­XD}(eÌ6cýQä¹,œøâv÷a#° +(™nçÆ1*þœöL<8µ/ÄϟŽè”0}·óy6H +£ã¹€í•é÷ŠW¹sMÜ@ãoVþ0h#A1›¥4ä"ÜRWQð¥!}£ +Y¬oVƒHþüݪÃ^ƒÆ×ÑÖó* +•šRlR9Qï‡Ñþò¯R“7BM u”“‰"Ç*­S)²úñ)ñŠœ*LP‰£$°€Aë聹jÑøÂ{§ yq1éÜëZâ0Îü—Œ>Þ0k=JÂØ?gtý—éœzÄcgt +. eÿw6¥Ø\š¢ìîu—n/9ó¯NI~Ié +ºM›~#zëÁ=§KT}9ÞÄ&å®ÐDZ+'ÜóƒgŠŸNÓãF‚ +ÔÏ:Y‚¶ÛI +µ†ÿ©Œn!P­›¥Ê +úÊ­ŽËs$ΚŸ=æ +‚£'ŒFC'8Ѳ + +Øxåžô¥a +)ÝýX¹þ{'Ë×ýNbŠô±^OZk‡¹W£0C“y¶ÒºAm̆ +Û4W‡'ž +4‚†BÐRV +êeQ8Wáæ[Šœópƒ­Ao2ýšôÉe“Gž2Ž7ÚÎç#P +°°óÝÈÃïFo + +^ñVØ|Ò-Oñ.ç0à +ÁóàzÈðBöqå’ñsãeçöøMo1p‹5AœÚVê +ŠÖþ2CÇ3ÝÎ.TÍӘq•ÓÿnÖû–·ŒàÊãÀêÃøêûöDH{GÞ¬/þ‡ +Is +endstream +endobj +3459 0 obj << +/Type /Page +/Contents 3460 0 R +/Resources 3458 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3435 0 R +>> endobj +3461 0 obj << +/D [3459 0 R /XYZ 71.731 729.265 null] +>> endobj +390 0 obj << +/D [3459 0 R /XYZ 221.609 707.841 null] +>> endobj +3462 0 obj << +/D [3459 0 R /XYZ 71.731 684.946 null] +>> endobj +3463 0 obj << +/D [3459 0 R /XYZ 317.557 662.013 null] +>> endobj +3464 0 obj << +/D [3459 0 R /XYZ 407.688 662.013 null] +>> endobj +3465 0 obj << +/D [3459 0 R /XYZ 71.731 633.953 null] +>> endobj +3466 0 obj << +/D [3459 0 R /XYZ 71.731 619.009 null] +>> endobj +3467 0 obj << +/D [3459 0 R /XYZ 71.731 559.995 null] +>> endobj +3468 0 obj << +/D [3459 0 R /XYZ 166.047 534.092 null] +>> endobj +3469 0 obj << +/D [3459 0 R /XYZ 257.124 534.092 null] +>> endobj +3470 0 obj << +/D [3459 0 R /XYZ 119.552 521.141 null] +>> endobj +3471 0 obj << +/D [3459 0 R /XYZ 208.607 521.141 null] +>> endobj +3472 0 obj << +/D [3459 0 R /XYZ 71.731 499.193 null] +>> endobj +3473 0 obj << +/D [3459 0 R /XYZ 119.552 475.313 null] +>> endobj +3474 0 obj << +/D [3459 0 R /XYZ 199.003 475.313 null] +>> endobj +3475 0 obj << +/D [3459 0 R /XYZ 71.731 453.365 null] +>> endobj +3476 0 obj << +/D [3459 0 R /XYZ 71.731 368.922 null] +>> endobj +3477 0 obj << +/D [3459 0 R /XYZ 119.552 344.802 null] +>> endobj +3478 0 obj << +/D [3459 0 R /XYZ 191.432 344.802 null] +>> endobj +3479 0 obj << +/D [3459 0 R /XYZ 71.731 324.698 null] +>> endobj +3480 0 obj << +/D [3459 0 R /XYZ 119.552 298.974 null] +>> endobj +3481 0 obj << +/D [3459 0 R /XYZ 190.346 298.974 null] +>> endobj +3482 0 obj << +/D [3459 0 R /XYZ 71.731 277.026 null] +>> endobj +3483 0 obj << +/D [3459 0 R /XYZ 71.731 231.064 null] +>> endobj +3484 0 obj << +/D [3459 0 R /XYZ 235.247 220.269 null] +>> endobj +3485 0 obj << +/D [3459 0 R /XYZ 71.731 190.964 null] +>> endobj +394 0 obj << +/D [3459 0 R /XYZ 322.06 153.749 null] +>> endobj +3486 0 obj << +/D [3459 0 R /XYZ 71.731 140.594 null] +>> endobj +3458 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R /F48 1258 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3489 0 obj << +/Length 1234 +/Filter /FlateDecode +>> +stream +xÚ¥WÝo€6Ï_Ô‡)Ö@"õ!—ÞU­®jt·}êõÁïb +_f“ü÷µ›íî&m)؆™ùÍÌoƳØÙ;Øùùêýö*øEÎ +º‰ÃØÙîœ0¥hC'‰B”ÒÐÙæΟî}ÁZÉ;Ï)v)‚ç}SÅ8ܝš÷pÔ³ª`¢Ÿ†,8,ŠŠ—°µäÞ»ûNÈ8ªšZÈŠóþÚþz + +¬à#ÅNª0ōÉ'”"‚cÇ7ˆâ@=4Œ/xöí.“â LÅ»?Âã +÷Z¡R懊H"?ÀÛmaŸîùœkvðìx«T÷·°Ëùã°Dœk‚º‘"ãÁëê€w])ـ•Œ“Ö!(ŠñÊØWLqÎwl(% +ˆ +žZZœ$§e—‡ +~1h'ÇW.ku+ŸÃŒ/Œ;(ðƶ,˜AÃ:nœþ>ˆŽçÈÆÈâäϬjK±–gb'¬žŸ/g/Ã0Y«]º>ßé+Ù.dè,3 +rù:ÅG¯YÃB§šbmË;ôzã#Æ|6Ÿ®HnBDâDÂôœ¹|׀ãz6zŒ +òöá^ +~ÓJÑÔ¬|kðÏÓ­zé¿/rE8¶!DofÚšß +® +².pï.ÏÅRîݎÍiŒ«/G íx?T«@ž +Žeþ®ÙíD&¬yݎjVñwŠpšNim›:?‚³òsÁ¿óܞ3;Ù®XVˆÚl +6!ïžý ±$˜Ã‚.xEÂaõGæ$—MÆJíÕØNVMFµ,X”¢—<·EÆëŒ} ƒ_ëòÿ×$ùÅâ>˒›‹Õøª|„ÿ§ÙÞ/uü‡><X_ÛÁǐ:$A!¡pÿÓÑÔñ“¥‘Ñ¡‚X"Iê~jözÑ=BoÍ@¡†’€é–CšûÒ +£8"‹Yg“ 4$Ž¯GÄ° +L '›¹Åœ1/ÄîÁ +©ËDÉ +K3à< Y¬& Ø +ŽmÞõ“šQ„&}‘Ã‘ØjŽ¢Ô5sÕÖK•qXgMՊV†˜§7#aÞóÍ¢JÀ%pÄ +eCϏŠ³lšãøÊqˆWºˆ^‡ +³šGR׈û>¯uhüÒæÅ_Ìxcnçю(íêÀcdÉqÿù$² +SŸE +8±3Ê-hÚ€ +M7)J6Ta\ŠQÉLiœå͈€ZÌ&uå>xÊ =ìªä•p¬ÓÀ€xÔÙ·4ëø~(5<œá^„Ýg};éd÷SmûÕªqj¿<¢ËÍó#íQÔ7\þÕ#a +³“Ô‡Ã3lsÕÃ@ŽgƙŸ- +œã¶Ò?ž¶,Ó2ßØÞú¯^+f\uµÿ‡Ð + Ež¹ d³–·JO”~Î[^çŒ +¡R7ýgƒd&ÀÐhõ{šœ€G> +ŒÈËŠ­&EG@ãS@c”.ÊjŽñÜ[%gýɹÃÒl"dI”&NæwZ=©’7ßÌ +C§€Ÿ §êûz¥ðŒÿ'e5uÓš;žîô3QœP7 +ê–pÂyTBèè'Úêgc””ªM”ù„¬>l¯þ¥ŽÕ” +endstream +endobj +3488 0 obj << +/Type /Page +/Contents 3489 0 R +/Resources 3487 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3435 0 R +>> endobj +3490 0 obj << +/D [3488 0 R /XYZ 71.731 729.265 null] +>> endobj +3491 0 obj << +/D [3488 0 R /XYZ 71.731 741.22 null] +>> endobj +1109 0 obj << +/D [3488 0 R /XYZ 71.731 303.761 null] +>> endobj +398 0 obj << +/D [3488 0 R /XYZ 338.395 258.507 null] +>> endobj +3492 0 obj << +/D [3488 0 R /XYZ 71.731 234.751 null] +>> endobj +3493 0 obj << +/D [3488 0 R /XYZ 235.057 225.63 null] +>> endobj +3494 0 obj << +/D [3488 0 R /XYZ 71.731 190.596 null] +>> endobj +3495 0 obj << +/D [3488 0 R /XYZ 71.731 190.596 null] +>> endobj +3496 0 obj << +/D [3488 0 R /XYZ 71.731 177.779 null] +>> endobj +3497 0 obj << +/D [3488 0 R /XYZ 71.731 162.835 null] +>> endobj +3498 0 obj << +/D [3488 0 R /XYZ 234.492 118.233 null] +>> endobj +3487 0 obj << +/Font << /F33 859 0 R /F50 1263 0 R /F25 852 0 R /F31 858 0 R /F38 956 0 R /F48 1258 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3501 0 obj << +/Length 1833 +/Filter /FlateDecode +>> +stream +xÚµXK“ã4Ÿï¯Èm’ª‰×o;PE +»;7–ƒÆV±Šed{‡ðëiIÝò# +v¡à’ØŠÔÏïën%ܜ6á曯 +^Œ|“$›CpÈã|ópÜÄe€Q±)’8(³xóPo~Ù~ufmÏõngá6 +Ü÷Wªy†ñiТ9¹¥Ž]ÎL4÷î­?s÷pV]ïžDÓó]nOZôW·tQè•Þýúð݋Í›¢‰Mû(ς2Ï6û¬’2sF=œEG"êA¢.Þ°GÉ»™=hŽš)|É&¯â1©NÆR +ñœ@¿YÛJQ±^šŠ£ +ZóŠ—èÊ»0 +I%ž®ì£88d‘38² „=Ñ"<éõÄF©Ú +º:œ7i_Þ²ñ>F!º‰ Ò^ëIL"óÌöqòUtSoºíìÊ£ç“ +aæ¯K + J ŽÈÓ söÀtÄú+É*ø÷.CÎߢÜ~°dÀ°ºçøÓœ[rW xpVÀÃ]Ö¬;ß¹7bx¶ÙüÌ’–Câ, ÒØ_ +~\žéP—Fp‹åRšÞn_@µå/ÉÙà +&ÏÐ'»™LÓvÒðÖ ” +x2ÙIðžÌë +sæ²ÄüÀû-W§NƒÏ(Ùœ?ڌƒAs£Š±ž÷'”Àª2a2 +Ìhº¢£ +S@‰`žÙA‰Ú +Š‡ + Ð +¢‚q +Qkà“èκ‚5ñ|Âì5¿îFÇî& ™]"€O‚:¿µ&åà„ýšÞ5 +[\”¯îçZ9WrŒeÂÁvC!±ã¯]͏Ü4 +kÏ¢ykØo®‰Î¡Ì†˜bnºÊ]NÙ G1šÙ”#q™Iâûà”+@Nó  +=Žß7.ÃÍþ€T=8I‚()ç™rqq©¥Çàz((%ƒ-ۆ2DÄÿ>,†níÂ +Hî{Ÿ-ÀK’¯ú‘æ +jÜU¯ƒp‹àíÄ¥•ˆQ(Ç€Þ~U&ƒ{&å*îX¿@o–dsDçú±3'‡9±WÀº†U—ûÅnÓ»^RDAi2ƒŽûHώŒ~xñn&C +endstream +endobj +3500 0 obj << +/Type /Page +/Contents 3501 0 R +/Resources 3499 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3435 0 R +>> endobj +3502 0 obj << +/D [3500 0 R /XYZ 71.731 729.265 null] +>> endobj +3503 0 obj << +/D [3500 0 R /XYZ 71.731 741.22 null] +>> endobj +3504 0 obj << +/D [3500 0 R /XYZ 480.384 675.467 null] +>> endobj +3505 0 obj << +/D [3500 0 R /XYZ 323.515 662.516 null] +>> endobj +3506 0 obj << +/D [3500 0 R /XYZ 71.731 650.396 null] +>> endobj +3507 0 obj << +/D [3500 0 R /XYZ 129.514 619.676 null] +>> endobj +3508 0 obj << +/D [3500 0 R /XYZ 71.731 617.519 null] +>> endobj +3509 0 obj << +/D [3500 0 R /XYZ 129.514 601.743 null] +>> endobj +3510 0 obj << +/D [3500 0 R /XYZ 71.731 599.587 null] +>> endobj +3511 0 obj << +/D [3500 0 R /XYZ 129.514 583.811 null] +>> endobj +3512 0 obj << +/D [3500 0 R /XYZ 71.731 583.711 null] +>> endobj +3513 0 obj << +/D [3500 0 R /XYZ 129.514 565.878 null] +>> endobj +3514 0 obj << +/D [3500 0 R /XYZ 71.731 528.02 null] +>> endobj +3515 0 obj << +/D [3500 0 R /XYZ 231.302 489.166 null] +>> endobj +3516 0 obj << +/D [3500 0 R /XYZ 71.731 441.181 null] +>> endobj +3517 0 obj << +/D [3500 0 R /XYZ 168.258 417.435 null] +>> endobj +3518 0 obj << +/D [3500 0 R /XYZ 71.731 330.595 null] +>> endobj +3519 0 obj << +/D [3500 0 R /XYZ 444.918 319.801 null] +>> endobj +3520 0 obj << +/D [3500 0 R /XYZ 71.731 271.816 null] +>> endobj +3521 0 obj << +/D [3500 0 R /XYZ 71.731 258.864 null] +>> endobj +3522 0 obj << +/D [3500 0 R /XYZ 71.731 243.92 null] +>> endobj +3523 0 obj << +/D [3500 0 R /XYZ 71.731 204.132 null] +>> endobj +3524 0 obj << +/D [3500 0 R /XYZ 425.813 194.471 null] +>> endobj +3525 0 obj << +/D [3500 0 R /XYZ 245.404 182.814 null] +>> endobj +3526 0 obj << +/D [3500 0 R /XYZ 76.712 153.225 null] +>> endobj +3499 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F11 2489 0 R /F25 852 0 R /F48 1258 0 R /F55 1386 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3529 0 obj << +/Length 1796 +/Filter /FlateDecode +>> +stream +xڕXÛnÛ8}ÏWx±D‘dë`Q€iÚŠè +Ý¢í-ÑQIôŠ”Sï×ïPäP—šÙìK$+äp.gÎÌНífîìÕÉóõÉÅËår–8I至õvæǁ³ò¢YŽô8ðgëlöu~“œ€õâÜÜyàèç5¯Ÿ¹®¿kjVíô'Aʜ°êLÿ’9Õ/9R¿±JÒÅʝïj&úSÉ+&yœøŸ~sâµ.^úÁÌ[9ËUè+¥Îœ0pâ0˜ÁÇõ<­Uàx¡ã)m¢xþa/¯„Å=‹ÜÙ¹²%Šô®·|G^¥’-Ÿ^?=žÏï^<(ïƒ2`J†­éÊRŽeÑWCˆš +XA6ã1ç-øãçÀ£˜lø4áÞ#õq²qLË>‘F]`6J¡†aå3âaò„dú)Ça)؏v + +åT},ˆ§­JÆm÷`¿ê0Ša±Ý-”[*!”hg¢"¹ÃÉèsŽ™ +®ŸÄžfÇyfSðÙÔ£ãÊCb~Ï¥5¥ö€åð: +Šm»ÔânšŒödËMi#»«®êlÔnØÉš3ˆ6žïšúdñ%±hà?z­Ÿê£¬ +ê󚶝9E4ðbŒ48Fn +œò¶ÍxÆíZq9•¬¹nîT?ƒÚ•Z{Ô¿2ŠÇ{ªfõ)B( œ@Ï<ðÒPíÛ +ø[Áÿ§þYŽþÞ1 R"iaƒ@ŸiÙoôžÿ'ú‘ÃI`ЙþÅ ›Õý¢ZQeS‰dšeŒzÕo_0€åА»"ÿ +'Fóßí˜ rcv)gí>µ±0ȉ˜‚ + +ŠxõÉ2Ð/šôœÊð®AÆñ®&m;§å€.Õe†3}aÈ4„AÎ +'ÚöÉ;™Ø‰VÿûbÉreõpè\Ùå*1šK¥1ê/ï +ôˆ­NN€ܛèÚ†»Þè®ÃN)x“‚²fû=†j[c“7š€µrC!ÿh\mýy„Uu¡^&(v™xÐEBÐbèÔÁ†V÷h9Ør³>ùN֑6 +endstream +endobj +3528 0 obj << +/Type /Page +/Contents 3529 0 R +/Resources 3527 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3435 0 R +>> endobj +3530 0 obj << +/D [3528 0 R /XYZ 71.731 729.265 null] +>> endobj +402 0 obj << +/D [3528 0 R /XYZ 221.609 707.841 null] +>> endobj +3531 0 obj << +/D [3528 0 R /XYZ 71.731 684.946 null] +>> endobj +3532 0 obj << +/D [3528 0 R /XYZ 71.731 684.946 null] +>> endobj +3533 0 obj << +/D [3528 0 R /XYZ 187.566 674.964 null] +>> endobj +3534 0 obj << +/D [3528 0 R /XYZ 71.731 620.005 null] +>> endobj +3535 0 obj << +/D [3528 0 R /XYZ 71.731 620.005 null] +>> endobj +3536 0 obj << +/D [3528 0 R /XYZ 188.234 609.211 null] +>> endobj +3537 0 obj << +/D [3528 0 R /XYZ 157.459 596.259 null] +>> endobj +3538 0 obj << +/D [3528 0 R /XYZ 347.515 583.308 null] +>> endobj +3539 0 obj << +/D [3528 0 R /XYZ 163.546 570.356 null] +>> endobj +3540 0 obj << +/D [3528 0 R /XYZ 391.031 570.356 null] +>> endobj +3541 0 obj << +/D [3528 0 R /XYZ 71.731 553.256 null] +>> endobj +3542 0 obj << +/D [3528 0 R /XYZ 71.731 542.361 null] +>> endobj +3543 0 obj << +/D [3528 0 R /XYZ 139.477 524.528 null] +>> endobj +3544 0 obj << +/D [3528 0 R /XYZ 71.731 486.506 null] +>> endobj +3545 0 obj << +/D [3528 0 R /XYZ 71.731 475.612 null] +>> endobj +3546 0 obj << +/D [3528 0 R /XYZ 139.477 457.779 null] +>> endobj +3547 0 obj << +/D [3528 0 R /XYZ 417.292 457.779 null] +>> endobj +3548 0 obj << +/D [3528 0 R /XYZ 167.143 444.827 null] +>> endobj +3549 0 obj << +/D [3528 0 R /XYZ 215.522 444.827 null] +>> endobj +3550 0 obj << +/D [3528 0 R /XYZ 263.571 444.827 null] +>> endobj +3551 0 obj << +/D [3528 0 R /XYZ 71.731 406.805 null] +>> endobj +3552 0 obj << +/D [3528 0 R /XYZ 71.731 395.911 null] +>> endobj +3553 0 obj << +/D [3528 0 R /XYZ 139.477 378.077 null] +>> endobj +3554 0 obj << +/D [3528 0 R /XYZ 71.731 340.055 null] +>> endobj +3555 0 obj << +/D [3528 0 R /XYZ 71.731 329.161 null] +>> endobj +3556 0 obj << +/D [3528 0 R /XYZ 139.477 311.328 null] +>> endobj +3557 0 obj << +/D [3528 0 R /XYZ 71.731 276.294 null] +>> endobj +3558 0 obj << +/D [3528 0 R /XYZ 71.731 276.294 null] +>> endobj +3559 0 obj << +/D [3528 0 R /XYZ 298.619 239.597 null] +>> endobj +3560 0 obj << +/D [3528 0 R /XYZ 71.731 161.639 null] +>> endobj +3561 0 obj << +/D [3528 0 R /XYZ 71.731 161.639 null] +>> endobj +3562 0 obj << +/D [3528 0 R /XYZ 198.296 148.688 null] +>> endobj +3527 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F38 956 0 R /F60 1440 0 R /F31 858 0 R /F50 1263 0 R /F70 1676 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3565 0 obj << +/Length 1464 +/Filter /FlateDecode +>> +stream +xÚµXKsÛ6ŸûWhŠI3B€owrHópÓé¡i|K2 +Š„$L(’I;êôÇw,øá€žŽ€ì·ß~»XØ[ìÞâú◛‹go|‘’4bÑâf·`IH/bŸ‘$d‹›bñaõò5 +—ë + +œUHÌóe]}ô<¶ï¥šöæS› +™š.Í[wàfpšÛΌDÕñuà­öRt'óéXW¢«åúÓÍo +ÂLÉӆF!I¢p±a œÄ€úœÞÃÚw=ïùsµúٛÈ[$°( +Ô¢(!qBa;=¹Ì¶ŒŒú ìË»¬ütõÑ +œ¶?þ-ySËÞèUËïžÆ¥7óé”/&qÛÝ +®<¯xk\È*ó¬û®éÑÓ/ +2õ+—üwrœaqD I-Ùª +# +-qf;“[ÑÉL"«UvDòï"? ûžŠoy!ªquۊ=î$ûÒ:fîv©vëg‡/, +Kƒ +íðÃ÷Iúç~ +béđ·Í@隆«;õ‡k‰,6>õ£ +9£f—‰“°ºÍöCh$n +±>fRüe=»3»Ú³9Oµsjð—å: +ÕVK'A +)c +ƒYçi·SPƒ—Ã_Œ¶‘4œ®YžÊJ%Xáûé\B&Îàoq’ZÛríÇ+­}—Ôb Í&0Mš +<³\sÆ ­ðǖ7\f +/OVŸ–ðã‘Bÿ¢ÁÏÃ3†ÿ~M +ç1cÐöÂ‹Ëт#·ü˜€i<—IË5œe9(ÓgÁ£Êl'îŽõˀ΃„ª + +Ž9«mht£êm +OKÛ¯P6•ϟׂ|Ï¿:üŠ€æPŒò +òÿÜ·]]–µÂz?sG +Øâì¬iJa]®+k; +\•Â®ÝÕrRDŽd)S>ŸÅF +:!”'X8ßvó„äU1äï äbÚv\ +^¡Í‘Hó^ÉóNŒAA +YŒZ_ÛY£÷æ©f,Œ®ŠoqÅÝÈG®m +†0IE6„N˜@Ž-zæÑ +H9Ïïrá”'vÈóZ®ig^ãÔhJhôdFÿ¿FÔýœp7ÍëÞ°‹Rõ) Âh.ÕcÖåm7µs‚è£ +Þ, @¡ÅWfl¬ÁÀZƒ¡©}0h?‹ŠÑHáEã{dÅ +ŸþTÔŒ­–*ù ±!˜slð‰@¶ž+¶ÊPí’5€—œœEX΋g|§b  \ð*W¿Ÿæç¥Æ1Â,~ñ€èÌçkœÓ5æÓ{b2ñzÄû€ŒŽÏ2zȇêŸDiø€õSÁnвòŸ áï +;údŸ5]õ¿IoÊ"èOÇ +ý*ëœUÉÇCÄFf¿†t•­\CîZŠAF˜"}™a»H“˜$ЕÍt‚DKhE]ÙÃæŒ2ÌgM€ÍÛñ†ƒßsž õÒ¢hûí|ñy7 +íT™åvºUàòöövyyÖ7)8Ž}œ-›\Še³6²vÈá\š•ö‡Éùü°–|w—jŠÔÕúG$§‰4 +BàZæ +sQšp­¡ñƒˆ™–È + ¡Å<Q'|ŠS±Š“Õë¯Ô +n^òá"šu*PzËp*]Õú†Ð#3 +û¥f¿FíŸ,¹ª'¡Ÿùí§qXFöã&òŒÕ{šëªÿUc¥ +õÔÔ©Á±. {Ü«§g ÷²õ7xn +'ÞÎp±„—ž6Cue=™aˁˆâ‰¶ßÚ{ÚÔ:ý†í÷ÐÚ5føÇÛW­íd}D§”‰d؛˜Ãº“aéÙ܈b†š“=ÿšW|'*d03±ªƒØR„œ¿~[æ0^7<=à + jdŸžûÒ$×rbëҌ*[p’œã4U'©7ÜÜÜòº%c‹ÛÀí¢†ÊBžÙw#HâzEœ+ƒüJù~þ?—iRû ”ûztž^Š1ÖÍ8˜-y}sñÜJÚ +endstream +endobj +3564 0 obj << +/Type /Page +/Contents 3565 0 R +/Resources 3563 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3591 0 R +>> endobj +3566 0 obj << +/D [3564 0 R /XYZ 71.731 729.265 null] +>> endobj +3567 0 obj << +/D [3564 0 R /XYZ 71.731 718.306 null] +>> endobj +3568 0 obj << +/D [3564 0 R /XYZ 71.731 718.306 null] +>> endobj +3569 0 obj << +/D [3564 0 R /XYZ 188.333 708.344 null] +>> endobj +3570 0 obj << +/D [3564 0 R /XYZ 119.552 695.392 null] +>> endobj +3571 0 obj << +/D [3564 0 R /XYZ 396.271 695.392 null] +>> endobj +3572 0 obj << +/D [3564 0 R /XYZ 369.402 682.441 null] +>> endobj +3573 0 obj << +/D [3564 0 R /XYZ 130.341 669.489 null] +>> endobj +3574 0 obj << +/D [3564 0 R /XYZ 119.552 656.538 null] +>> endobj +3575 0 obj << +/D [3564 0 R /XYZ 71.731 634.456 null] +>> endobj +3576 0 obj << +/D [3564 0 R /XYZ 71.731 634.456 null] +>> endobj +3577 0 obj << +/D [3564 0 R /XYZ 180.582 623.661 null] +>> endobj +3578 0 obj << +/D [3564 0 R /XYZ 71.731 575.676 null] +>> endobj +3579 0 obj << +/D [3564 0 R /XYZ 71.731 575.676 null] +>> endobj +3580 0 obj << +/D [3564 0 R /XYZ 71.731 542.8 null] +>> endobj +3581 0 obj << +/D [3564 0 R /XYZ 71.731 542.8 null] +>> endobj +3582 0 obj << +/D [3564 0 R /XYZ 188.712 532.005 null] +>> endobj +3583 0 obj << +/D [3564 0 R /XYZ 71.731 471.069 null] +>> endobj +3584 0 obj << +/D [3564 0 R /XYZ 71.731 471.069 null] +>> endobj +3585 0 obj << +/D [3564 0 R /XYZ 71.731 438.192 null] +>> endobj +3586 0 obj << +/D [3564 0 R /XYZ 71.731 438.192 null] +>> endobj +3587 0 obj << +/D [3564 0 R /XYZ 180.582 427.397 null] +>> endobj +3588 0 obj << +/D [3564 0 R /XYZ 376.017 401.494 null] +>> endobj +3589 0 obj << +/D [3564 0 R /XYZ 71.731 398.092 null] +>> endobj +406 0 obj << +/D [3564 0 R /XYZ 322.06 360.877 null] +>> endobj +3590 0 obj << +/D [3564 0 R /XYZ 71.731 347.722 null] +>> endobj +3563 0 obj << +/Font << /F33 859 0 R /F38 956 0 R /F60 1440 0 R /F31 858 0 R /F25 852 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3594 0 obj << +/Length 858 +/Filter /FlateDecode +>> +stream +xÚ¥VKSÛ0Ÿó+ÌôÒbE–ãçLÒŽ + -€ÃtJŠ­ØšÚR*Ë0üûʖ +âÁº®ÈGŸµXY(ôÀÔ ¬ÀE ôµH­_Ç9^K"Æ6òàôxÌÙ5„(«e™^ªp™cÊõLæD +9¯€–(“d< +™ òN/•œQÉÅø÷âË +4°&=h + +“?m0َçú–ŠÀƒ¡õflû +| +ʈ–± +*’p–jùoMj³{KeÞ +ž!A3á‚9j(ï¶ãß +:ۋŸ^<å™ýýÞð{ã +ÅŒYs!ãÖf§\à:šûÌÐn'“,&Ï&%©*œ‘êÐ Îib ÓªOñ®R経¢Ùü–aþòçåé×yüI‚û +ª–ž‘+—éóDšãC@eè?ÿ5üfgG³ø”;“ÄkœäMp’š8µ4HôqZ˜éqÖêSÕÚæÀ(áåRx:2Éæ¢Äò¿Ó=û6;þt?A(î +?Qė[Už)˜ŠdÇnœ^›+™¬0íHa.xœîQȜž± Z +Ç «4lx~€߶;¶àEÍ0 +ôôX]ÔEG£Ë‚Ì»²ÍZ +»Uccpl»p«UhìñµãN«wkAK,î +“È~à2Ùlm1y™ +Ý7Nœ‚©«=Aµ„žŠVÛ KçÛ!ºBœÊš$²}1ú=ùjvqþù|®'×Ѓ/Év0Úõj¥v +S0P>(6.MÜ]’ÈŒ»"žþ +ãŽâ®$ˆÿaŒ=à†Öýbó&ŠV÷Nëyp‚p 5NM‡` +f¡W¹à·ŠùÜbóôá¢ÐãÌ.›.±É +aRГÑÞôí’×LVOÜÉ{ +~YàäOA›/@ÛxA“»û4sV˜™~9µü‡ñ[s÷–8m^œqãGU+zƶªþŠŠDtcÔÀ8‘4!ûûûÙŽrIÜ*$ûÏ;ïÇ`$s«|4øæ-kZÈ~ƒi¿)‡].º>©~6TRnÎ0BR’‚W5Ÿ­Â— +°®FÛÞ<,ú­¯Xÿ{„ D‘RðUÃUÅت^Oçd±÷^ï·» +endstream +endobj +3593 0 obj << +/Type /Page +/Contents 3594 0 R +/Resources 3592 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3591 0 R +>> endobj +3595 0 obj << +/D [3593 0 R /XYZ 71.731 729.265 null] +>> endobj +1110 0 obj << +/D [3593 0 R /XYZ 71.731 175.542 null] +>> endobj +3592 0 obj << +/Font << /F33 859 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3598 0 obj << +/Length 1774 +/Filter /FlateDecode +>> +stream +xڝXÛnÜ6}÷Wìã.Ð¥u¿ô-1êÔE.E³A[ŽE@K܉TEÉ®óõ +ŠCêb¥iûâ•(r8sxæÌÐÞî²óv¯®^ž®®oÃp—“< ’ÝéŒ +²˜D~ºKÀdq°;•»ßö7m{Ö +ŽAìícb~o€øÝó‚ËÐqq1CŠ6åâóÖWÌ_õ‘˜œÒˆ€yŽÜĶSÅÕæ9Rô@JüØʑv+VqHNkþ™ö\º4㚫øRT¬ø4œRˆ5£bh‘Uƒ(Žµ:¹GV×ndN6ð±÷^ѳ¥r ãP/œBÌÖ葚kž—·?ޏ&£hpÔ£‹Qd’FmxPrè +|.dÉÌŽιã÷‡ÀÛž¥þ®AY¬Ð +µqîACFl’œI<ïk\ðà +bŠç„ +Gaãä‘ +a›Fé2¡í4F.d˹xZÓCߎ€@¯Æ—­üIcú‹üÑnT +eôŒ7mÍ&zó +š§,5injV/µŒpq +åЛiL+áƒ>D0Šˆ™vªX‡˜Ì×PÔJÚœF$|O³À_"ñý»Cï> +ülÿnC?ﱀ0Þ²!‚õ¶.5íàªÕ(xibƒ·Ÿ˜j÷ÈÏÓ!ÕÊÚ Ð«šc+G”Øœ + +Ώ‡–BYŠéœ#áC?ÿ®Ýr«Ý6o1Ï1!ï]I0±\¿;֐í=+1s9aÄÉû|jãJ®Ó›• l5DÛ¶†ÕS’>ŽåŽ÷j•ç%íéV:w²YلTü„Ÿœù²3Ïvî19耲u'h«æ$2954¶ +_$€j ”‚¥Îéµò¶ô% +¯Á÷Èßšvð‘šÓ (Ã;=l +1¯¥dhLÈÞج(˜RŽãã¡Á§Ž©¡îqoô +OOn-8xoÒ2а@ÅÛ8ÈèNêu&uno +îky¹8ÒT, +ªYÜÙ4ÓoÁA(>¥9¢¬°>=É*9Ô¥mKmK' +Ç!& ·q3Å8òæ¬íŸA5ì™×s7±ã5”BŠa¿ +| +Ý7ÀXøR[W7ŒÂNncÏŸ‚£©d]*[ÃbOÃë’‚]`ÄGŠ +×G–C1[=9k Rä3ƲV®ª}Ù‡ÄY;Fk·0ÂZ~–Brµj[h:¬PÌjº5ØhV^˜Z÷ +ƒ€l+ۂøM[ø[Ҏ}í& +߁³u@W+69f–öð:öíêÂZ›’<õ|­µ`?òHeÆ>  +?Ÿ>IóødëãˁOÌÅF +à)07ž 6#4 +Åš–³y+àÃ}%uMäñ82Ÿ +ÑäF °x‘ë= +y?Vé¹O]Ӭà +x¿v’Û“¢¶ÃœI\Áf§kjpš“º–¥$º|i€5£X[[}e]`0%2œšÑº™€šá~’¥®·ýú§¶O¿/Šj<ëÅ¡À\ÿ°~+{Áë[8æYƒ×WÏþAœu¡ÖÐAÈP›io˜¯+µéÄáÉþwᡕJ™.²Æ²>f1üŸ—5cà>,ò5ŸÇáӗmQóƒ:“ÐÚìŸìŠôΎ¹¯˜xŽŸO’cŸ@×6dƒO®­_n²pÙžÔ¹š,jÐÅo<ë ~)ŸmFfÁ +œO7² +2árn\$˲Ý1ÎHúòŠ¢âž]-šš'L “'l¥Ÿ²ÕW£ÏlM`z¹€œÏËØL›Ÿ†ñ ҄äpþïaܝ—õº@Ö܊w¿Ìïr؏Ul®‘VÚ!å§ ¶€1EȳèQƹ%›€ÌÉ­`6/©Øôoßßa«œÜs&G§M9Ì¡•NÜÿÈõ$eºÉgÛ]sLw±¢ãmoÿ©$à +ˆ‘ÝÜLqÌœYU°›Û×/ŽöœzoûýöÀ;)ÆûÂ($y–/ +ðAã +¢ªÕ[=#Êü*a™FpûOHî!SÒd±ä»ÓÕßCÓ-î +endstream +endobj +3597 0 obj << +/Type /Page +/Contents 3598 0 R +/Resources 3596 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3591 0 R +>> endobj +3599 0 obj << +/D [3597 0 R /XYZ 71.731 729.265 null] +>> endobj +3600 0 obj << +/D [3597 0 R /XYZ 71.731 741.22 null] +>> endobj +410 0 obj << +/D [3597 0 R /XYZ 184.629 706.118 null] +>> endobj +3601 0 obj << +/D [3597 0 R /XYZ 71.731 685.978 null] +>> endobj +3602 0 obj << +/D [3597 0 R /XYZ 71.731 685.978 null] +>> endobj +3603 0 obj << +/D [3597 0 R /XYZ 226.629 660.29 null] +>> endobj +3604 0 obj << +/D [3597 0 R /XYZ 348.381 660.29 null] +>> endobj +3605 0 obj << +/D [3597 0 R /XYZ 129.793 647.338 null] +>> endobj +3606 0 obj << +/D [3597 0 R /XYZ 71.731 626.234 null] +>> endobj +3607 0 obj << +/D [3597 0 R /XYZ 71.731 579.428 null] +>> endobj +3608 0 obj << +/D [3597 0 R /XYZ 348.624 568.633 null] +>> endobj +3609 0 obj << +/D [3597 0 R /XYZ 147.105 555.682 null] +>> endobj +1111 0 obj << +/D [3597 0 R /XYZ 71.731 539.328 null] +>> endobj +414 0 obj << +/D [3597 0 R /XYZ 276.558 496.231 null] +>> endobj +3610 0 obj << +/D [3597 0 R /XYZ 71.731 472.475 null] +>> endobj +3611 0 obj << +/D [3597 0 R /XYZ 71.731 402.418 null] +>> endobj +3612 0 obj << +/D [3597 0 R /XYZ 71.731 330.687 null] +>> endobj +3613 0 obj << +/D [3597 0 R /XYZ 71.731 297.81 null] +>> endobj +3614 0 obj << +/D [3597 0 R /XYZ 71.731 297.81 null] +>> endobj +3615 0 obj << +/D [3597 0 R /XYZ 71.731 296.565 null] +>> endobj +3616 0 obj << +/D [3597 0 R /XYZ 129.514 279.544 null] +>> endobj +3617 0 obj << +/D [3597 0 R /XYZ 246.285 279.544 null] +>> endobj +3618 0 obj << +/D [3597 0 R /XYZ 71.731 264.435 null] +>> endobj +3619 0 obj << +/D [3597 0 R /XYZ 71.731 249.491 null] +>> endobj +3620 0 obj << +/D [3597 0 R /XYZ 428.729 239.992 null] +>> endobj +3621 0 obj << +/D [3597 0 R /XYZ 124.533 187.489 null] +>> endobj +3622 0 obj << +/D [3597 0 R /XYZ 129.514 169.556 null] +>> endobj +3623 0 obj << +/D [3597 0 R /XYZ 71.731 167.399 null] +>> endobj +3624 0 obj << +/D [3597 0 R /XYZ 129.514 151.623 null] +>> endobj +3625 0 obj << +/D [3597 0 R /XYZ 226.081 138.672 null] +>> endobj +3596 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F50 1263 0 R /F38 956 0 R /F48 1258 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3628 0 obj << +/Length 1684 +/Filter /FlateDecode +>> +stream +xڕXKsÛ6ŸûWpŠ‡H3ÂøH'ÓIŠu'v“C’$BjŠTIЮûë»À.ø)Ïôb€ÝýŸ}ÁŸ·ó|ï׋Ÿï.^ˆ"/gy&ÞÝÖ +3Îâ õÒ(dœ»ÂûºžÚ‹£–ÍrrÁ~¯êê›ï‡»®QÕ—ZqØ +U]âLï%öu«q€*-—±¿Ø5J?áÒ¡®”®›å÷»ß/|R +t +F:­‚„³,áÞ*Œ÷3TêŠ:SÈtlU!I +µÅïSÝáàqø +Q‘FºÆo#‹n#On,kQàh#ºVÒxMšëKÚ¹ÙËÍ=àpy"l#*·AT»Ñý`.˜º +B–;”[ž€èÊ +Íc£ê§o>÷[i<Ùž9ù0 +û +úy +Bwu,XQˆÈÊɚ°Ú +kUb&3bkü’jÊâ *JU| +XÉJ©ÿžzÆH "Œz +C“Í·€¶ªæè`Éwîöj0Ç~«Z;DéÀxTzï®êMk7õQžzÕs[ÂÈ8o4ä]«‚ +.âK£èL¥ÜÇ„@Qó€aÿÞü‘Í + ŠVæÜ ú5¶èQLò +Í)ú+ +œ®%~Ñ:اE{Khœ?k\.ÆœqàŽà&ƒÓúèŽÖaáNtØÍóˆEêtK©ÐFŒáöó'äŠZžæ?C žÀÓ +øÐæµÔ†$è.Ø\ûÃ}–g¹ýf>õïš/©©;0xöq +}\ +ϊ“ž§>jØMDš]j§ +<Ří@EA“!àF* §»º²™JU/öî.æHãÇœÚì©­.ËÚPþØN +¶ú + +oò +â„åñLå› +•Ï6aåë_ÅTm16‰ +pTõ +L}B0º+‡Y]9lwR;äGH•EZž”ǵ4îÁՓ`zÕ8(Š-dŸ¬‡žY™7âƒjêjXtºŠ>ó +h ×îVWg`ζ‰'¹'6ðjR–d;6ò^®•sϪêþ9}ñ +Åæ^žçž±8Ø­È\—°Îà¡Êý%7'ïÔÁµkçXýƒR¢nÔƄ6øÓuÊòÔô[cd +Ïûˆ‚ñ[ò—Þßv4t‘}ÀÙ +ð> endobj +3629 0 obj << +/D [3627 0 R /XYZ 71.731 729.265 null] +>> endobj +3630 0 obj << +/D [3627 0 R /XYZ 71.731 718.306 null] +>> endobj +3631 0 obj << +/D [3627 0 R /XYZ 216.118 695.392 null] +>> endobj +3632 0 obj << +/D [3627 0 R /XYZ 71.731 572.653 null] +>> endobj +3633 0 obj << +/D [3627 0 R /XYZ 71.731 547.582 null] +>> endobj +1112 0 obj << +/D [3627 0 R /XYZ 71.731 478.954 null] +>> endobj +418 0 obj << +/D [3627 0 R /XYZ 158.772 411.32 null] +>> endobj +3634 0 obj << +/D [3627 0 R /XYZ 71.731 407.489 null] +>> endobj +3635 0 obj << +/D [3627 0 R /XYZ 71.731 392.545 null] +>> endobj +3636 0 obj << +/D [3627 0 R /XYZ 232.394 373.063 null] +>> endobj +3637 0 obj << +/D [3627 0 R /XYZ 493.213 373.063 null] +>> endobj +3638 0 obj << +/D [3627 0 R /XYZ 332.115 361.407 null] +>> endobj +3639 0 obj << +/D [3627 0 R /XYZ 441.157 361.407 null] +>> endobj +3640 0 obj << +/D [3627 0 R /XYZ 139.477 349.75 null] +>> endobj +3641 0 obj << +/D [3627 0 R /XYZ 71.731 344.585 null] +>> endobj +3642 0 obj << +/D [3627 0 R /XYZ 275.127 321.457 null] +>> endobj +3643 0 obj << +/D [3627 0 R /XYZ 453.188 309.8 null] +>> endobj +3644 0 obj << +/D [3627 0 R /XYZ 71.731 260.286 null] +>> endobj +3645 0 obj << +/D [3627 0 R /XYZ 266.499 234.383 null] +>> endobj +3646 0 obj << +/D [3627 0 R /XYZ 422.114 221.432 null] +>> endobj +3647 0 obj << +/D [3627 0 R /XYZ 520.813 208.48 null] +>> endobj +3648 0 obj << +/D [3627 0 R /XYZ 71.731 196.361 null] +>> endobj +3649 0 obj << +/D [3627 0 R /XYZ 129.514 165.641 null] +>> endobj +3650 0 obj << +/D [3627 0 R /XYZ 71.731 137.581 null] +>> endobj +3626 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F38 956 0 R /F50 1263 0 R /F25 852 0 R /F48 1258 0 R /F55 1386 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3653 0 obj << +/Length 1337 +/Filter /FlateDecode +>> +stream +xڕWmoÛ6þž_!tl#1£ë­APlE³e@·¢ð€iP0m¥%A€–e¿~GñHYŠœf_ÌñŽwÏ=wGûÞÖóœŸÏ~ZŸ]ÝF‘—“< oœñÂ,&« õÒ($Y +zëÒ»Ÿ¿ßÑF±v± +c +3Ÿ¯«/Ÿn»–W[³%é~GyuiVjÇÌdWKefŒRl±òçۖ«g³µ¯+®êvñ°þõÌG³ì¶^JòÔŽmË ‰I–ÄÞ2\‘Øόq_Â0 +I÷RƒGý +>ô‡¯ÞÛ²EÏ· è—vF0i­Ìä}`#+¯­flh«xÑ«§ÐmùŒŒú†Šh‹ +ªZ +j²‡yU°.pc(ÈH诬ýE +V +£ƒ$Ïs{®Þàõú€·ŒbŽD€`HrU4ÔºT—h-TG +ʼnËI4xdó-Sµ³Æþӎ»±€qØÌ +iåp6@"Ý©Éyº±WÕfd}&{nS·‡Núè]`Œ+yË +žùy‘Ä646nÎÉ*éôRkÇÔ +.r‡Ç¶Üq&ò ŠçÆÒèiÇlü­Ö²¶ +#hӈÞLò’Çì7D^°ùÿÜ_[¯7ŒªÎÚµïlrZª÷‰ñw#xÁ²n›”'pl»Jñ=. +Wšâuõ GÔIËҕ§jv±þs=sñ?YwK‡ÓÑÔ`³6 +õIð·KˆIÄR&Ã׋ +Dþ“‹ÒKkXÉ7ϣ˧¶YjCþ‹ÎfÞL»Ž:h +`7‚ +–c6“Ü‘pTžºªŽ +z°îàò#xꎕl|ºo\°˜ša<2‹òº;€©‘¿«,ŠÃÕèÜÙiÚ +T[ÑNG +éä +M-Ð6G¢Þï¹·Š@ÆŸ—?ÉS +OÒ8‡Þ$ȱîÎñdpx2'Q’ÙŽÁŠ¶X&Ÿ?_.—j¹’`R4L¬O·„dQjûÂøR{’(u}Y +Ñ@{ +c{€€Š>RÉŸ +á#œ‰VÀSÓ#è‹PÞӈä+¬ +1?ú›fó.€°˜&è€Už$«SXÝä²xp‚/qbŸüp|³ìÉÚßÌŽg!×DÕ«’mh'”YhŸèñ3£¥iÑzua†×ÍD•“šB— +ì#z¹Ö|?mɞ~³w÷ +za„VÏ{2(Šêí륟uÔ-Jê¢Gá¬~Ꙑ~¡Ï +¬à{P +Sû$2˞Žý +³©·ø»‘Bãztœ|£ã©ž_âõúb” +#ø‚žï¥ +^}z|Ë +ÄÆâˆï†~ŠŸ<ÑjB—]7#ßÍÂ&,ŸªN`¯ÓJ8ìm¢‘W;€¿¹bªžjš”Oå1Áá̶­»æxcŸ¥!IVéAþ†˜¿w:{÷àm©°W2E¹Gނ“}ËÛéÛôÁ]ýlZ`ñÐ[bÿóí{³òØ×̚v(W§ÒÐÉUßde[iÎŸØdҌ.Bþ—þ©y9ü‘h!I_ +/”Œ +ýqcúˆLܝi/mßՋ`6ñpönfï• +2sÜ­Nhœp*¯^4õÙÍìX+îäô‰%Èж< +4>„ï±3+úé—Oßo˜O\ûŠ(Ü_€á¡|ûÊq®öM0*!RµªÕàžk=XLÞè + +ò»7vçâêFï×ÇòG« +Gj +_Áœz}³Spø +ý•Êâ¯o¹‚þžÆF{šD>¬ÏþÝìè› +endstream +endobj +3652 0 obj << +/Type /Page +/Contents 3653 0 R +/Resources 3651 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3591 0 R +>> endobj +3654 0 obj << +/D [3652 0 R /XYZ 71.731 729.265 null] +>> endobj +3655 0 obj << +/D [3652 0 R /XYZ 129.514 708.344 null] +>> endobj +3656 0 obj << +/D [3652 0 R /XYZ 447.718 708.344 null] +>> endobj +3657 0 obj << +/D [3652 0 R /XYZ 71.731 680.284 null] +>> endobj +3658 0 obj << +/D [3652 0 R /XYZ 129.514 664.508 null] +>> endobj +3659 0 obj << +/D [3652 0 R /XYZ 71.731 613.699 null] +>> endobj +3660 0 obj << +/D [3652 0 R /XYZ 71.731 565.714 null] +>> endobj +3661 0 obj << +/D [3652 0 R /XYZ 71.731 542.8 null] +>> endobj +3662 0 obj << +/D [3652 0 R /XYZ 130.311 533.3 null] +>> endobj +3663 0 obj << +/D [3652 0 R /XYZ 149.679 533.3 null] +>> endobj +3664 0 obj << +/D [3652 0 R /XYZ 246.516 533.3 null] +>> endobj +3665 0 obj << +/D [3652 0 R /XYZ 283.415 533.3 null] +>> endobj +3666 0 obj << +/D [3652 0 R /XYZ 76.712 498.73 null] +>> endobj +422 0 obj << +/D [3652 0 R /XYZ 322.06 459.357 null] +>> endobj +3667 0 obj << +/D [3652 0 R /XYZ 71.731 446.203 null] +>> endobj +3668 0 obj << +/D [3652 0 R /XYZ 71.731 229.619 null] +>> endobj +426 0 obj << +/D [3652 0 R /XYZ 322.863 190.247 null] +>> endobj +3669 0 obj << +/D [3652 0 R /XYZ 71.731 167.352 null] +>> endobj +3670 0 obj << +/D [3652 0 R /XYZ 215.451 144.418 null] +>> endobj +3671 0 obj << +/D [3652 0 R /XYZ 71.731 119.348 null] +>> endobj +3651 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R /F51 1265 0 R /F60 1440 0 R /F25 852 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3674 0 obj << +/Length 212 +/Filter /FlateDecode +>> +stream +xÚ]œnÃ0 +„w?‡6P+ÔeE—M€ÎڒFëÊ,²2ŽO_ʒLw<‡ŽÕ›­v)¡gœìCLñ:)˜!öNõ~–<ŠŠ„5±¢ûΈÂ]’®Dë0OƒÏeÊÓXÌ×\œylÖ.ùü[¢9Ÿcj>íG +7¬ÝÌÆ€Õ•©åDŒ£†V(Fh +ÔSžÙŽ±~-âþ.á+ÎK×õŒ„× +±þòÐ~÷±4œ¡ÚÊ5õŒDWÚ»þîæÝVÿ²aLG +endstream +endobj +3673 0 obj << +/Type /Page +/Contents 3674 0 R +/Resources 3672 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3591 0 R +>> endobj +3675 0 obj << +/D [3673 0 R /XYZ 71.731 729.265 null] +>> endobj +3672 0 obj << +/Font << /F33 859 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3679 0 obj << +/Length 1943 +/Filter /FlateDecode +>> +stream +xڝXɒÛ6œÏWðf©"ap?$U¶ã€œK*ñÜì +0$$1“ ÇÊק±’ 8“”O܀^_¿n0 +ÎAüzšë›‡»û_H¥Iž§ Ã(‹p +"QÖÜEà9G°vÄ +ŠŽŽŸ?uV h(¯ÿ±öB¶Î. Ö>K$Üœ{žûr‡AOà§EE€$By^es'?DÑ0KŒŠ" +œîþØØ!*æ]z5ŽʋÂî² Ç1Šâ”Hô‘ÿxÓ&<Ðㄠ0ÆN°fP%YŒà¥>Ï3ê¢cˆLåAVíwû›ä(-âïñ·TÐS”±án +Œ¬çÜœ¡Ë8+Pœeÿ‹ø6èx¯€z~‰d +]fÀ7IŒ˜âXꎵm)Â&¿²–ý¿ÔäÁ¬,{®ÉS}i»ö-åó܉矕$;Û2¡­üÎåm³â˜€Þ'Óv‡®dãžê[Œ–ÛO0N‚ןd'f£BŠ\(¶z}TX÷\1Ú7e²Q°hYi¹Á4î¡ +ZŸîSçÓëyš8 +]³1Ô¶Ç(ƒ M‰Ñ7I82ÐGÆ;åŽ$ÉÃz‚‘KMvÖ#ÎÁ#7 +žÁÌ3ëь +ºk],ÝÔY +ßOUðç +SœÕ<âÙ ÅMJŠp·|eç¶záQNhæ +f!JbWÊ +m—ŸUšJŠpìÕš4B—ä>Öß9€õ +ÄAԔßæ³Ñ\£ògŽE +mç'Ž†}”íØ>wg[ýžee +ÄIˆÝ6Çp„ +ÌúYòóÊgF®IIHö4|TŸ>,×%¯Öì~2‚ÝÀjæÌ#NC„³Ì¯%]DŽéùªMÅ<ø#®‘Ë8·ef(û áÝ~ÏÇ +™h ®‡ +s7 +桖ÄϜb³ûŒOvTö핐žé>·†ír÷àØ°+uš„‰ÁïëSŽc° +×ùkhÅüÚ€Ë:§Íu©€×’.Ž.C':(GÞ^À8 ìÚ°Êåɝ›ŒÝð$ƒ÷µ®Øž +y8†ÄÍ$&[9+Ënq}‘70Ø°.qâ2»wcðãÜC-E³ñ²aô‘‘8÷á9ôà’­~Â|Κxñ—åw}GmÌHšúÞø²cêܳ +W€‹ +Œòœ¥pŽŽiyèm#ñ¿©gB +endstream +endobj +3678 0 obj << +/Type /Page +/Contents 3679 0 R +/Resources 3677 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3711 0 R +/Annots [ 3676 0 R ] +>> endobj +3676 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [424.445 341.713 471.269 352.617] +/Subtype /Link +/A << /S /GoTo /D (0:BASCLT) >> +>> endobj +3680 0 obj << +/D [3678 0 R /XYZ 71.731 729.265 null] +>> endobj +1113 0 obj << +/D [3678 0 R /XYZ 71.731 718.306 null] +>> endobj +430 0 obj << +/D [3678 0 R /XYZ 489.793 703.236 null] +>> endobj +3681 0 obj << +/D [3678 0 R /XYZ 71.731 672.259 null] +>> endobj +3682 0 obj << +/D [3678 0 R /XYZ 71.731 672.259 null] +>> endobj +3683 0 obj << +/D [3678 0 R /XYZ 247.52 663.903 null] +>> endobj +3684 0 obj << +/D [3678 0 R /XYZ 413.974 663.903 null] +>> endobj +3685 0 obj << +/D [3678 0 R /XYZ 119.552 638.001 null] +>> endobj +3686 0 obj << +/D [3678 0 R /XYZ 288.895 638.001 null] +>> endobj +3687 0 obj << +/D [3678 0 R /XYZ 71.731 635.844 null] +>> endobj +3688 0 obj << +/D [3678 0 R /XYZ 166.376 582.867 null] +>> endobj +3689 0 obj << +/D [3678 0 R /XYZ 252.129 574.18 null] +>> endobj +3690 0 obj << +/D [3678 0 R /XYZ 166.376 517.398 null] +>> endobj +3691 0 obj << +/D [3678 0 R /XYZ 211.638 507.629 null] +>> endobj +3692 0 obj << +/D [3678 0 R /XYZ 288.613 507.629 null] +>> endobj +3693 0 obj << +/D [3678 0 R /XYZ 207.235 495.973 null] +>> endobj +3694 0 obj << +/D [3678 0 R /XYZ 325.07 495.973 null] +>> endobj +1114 0 obj << +/D [3678 0 R /XYZ 71.731 487.752 null] +>> endobj +434 0 obj << +/D [3678 0 R /XYZ 169.341 449.474 null] +>> endobj +3695 0 obj << +/D [3678 0 R /XYZ 71.731 429.333 null] +>> endobj +3696 0 obj << +/D [3678 0 R /XYZ 71.731 429.333 null] +>> endobj +3697 0 obj << +/D [3678 0 R /XYZ 307.873 403.645 null] +>> endobj +3698 0 obj << +/D [3678 0 R /XYZ 449.281 403.645 null] +>> endobj +3699 0 obj << +/D [3678 0 R /XYZ 190.096 377.743 null] +>> endobj +3700 0 obj << +/D [3678 0 R /XYZ 71.731 355.795 null] +>> endobj +3701 0 obj << +/D [3678 0 R /XYZ 237.707 344.866 null] +>> endobj +3702 0 obj << +/D [3678 0 R /XYZ 299.933 344.866 null] +>> endobj +3703 0 obj << +/D [3678 0 R /XYZ 258.579 306.012 null] +>> endobj +3704 0 obj << +/D [3678 0 R /XYZ 119.552 293.06 null] +>> endobj +3705 0 obj << +/D [3678 0 R /XYZ 71.731 271.097 null] +>> endobj +3706 0 obj << +/D [3678 0 R /XYZ 71.731 212.198 null] +>> endobj +3707 0 obj << +/D [3678 0 R /XYZ 71.731 212.198 null] +>> endobj +3708 0 obj << +/D [3678 0 R /XYZ 254.604 175.501 null] +>> endobj +3709 0 obj << +/D [3678 0 R /XYZ 71.731 140.467 null] +>> endobj +3710 0 obj << +/D [3678 0 R /XYZ 71.731 48.817 null] +>> endobj +3677 0 obj << +/Font << /F25 852 0 R /F31 858 0 R /F48 1258 0 R /F55 1386 0 R /F38 956 0 R /F33 859 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3714 0 obj << +/Length 1671 +/Filter /FlateDecode +>> +stream +xÚ­XKÛ6Ÿï¯ð­6°âŠŽž)zhÒn“"i +d +ŽH{àJ\›ˆLº$µ÷×w$>ô°ŒHŠžLQÔ<Ÿ™ùfèxµ[Å«Ÿ®^Þ]ÝÜn·«•ÉVw«mR¢8+Vù– "%«»zõqýjO†©MDÒx!ûûJŠ?ã˜ìZÅÅÎnÚ†]Û¥Ù3»häÇkw@3õrþºûù*v&€~<ÒR¢g°HPր7¢’‡ æÀŽŠ;ŠíUN“æ;Áj»Ÿ?ÍÌš΄qŠ¿öW±Šñ£¹ +¬·«'Þ4/&V®rTæ«(‰dmÂhzâ£Õ³gÕ§™îÎ0jZØLŸˆW¹€/, +€UŎf&Ñ!`øÃ%}ÎuêÜœwœ®™â]øX팗ð¹zâڝ©¹®šrhr§Ÿ +¿¡uËüžýeJÉ>²6˜àAeŠ­kÎޙÿ‘?9a»ÂĚYLõWœ,Êoänáë™ã3ÝßlÒtí +ØKm=„ó/€Ð²a—ºš4cŋîžÊL—sŠsÆÉ +I×Ob1?Î,™ââ+Œ:m²tÝkŒ¹%é + +!8Mú²MS”—xe J<Ö"]ÁåÅúÍá(;ú%T»Ç +6ŽišáRØ +! +u/} IŽ +²;JÊs+û{ïØÃ$§µå(^¬l§aÌz(ÍÀ°N›'zZ²d#œåþX­äщ”®DŽŠwP?rÐ +,õÜVŠ=ÎKJpÃiÃÿéqDõÇyÊvVÈ-TiWiN +”ƒ +“b£,qŠ Ƈ7‡'Ñ +÷¬±㰌I‡ñµ[ÑÖ +fÆfö^ +©Äµa"Œ×ÈÑ]HŒ +f"øÌÓPO>^õ‹M +„ä‚Rd›S<Íyv +ý'žÞ÷,;äWªØ(ÏñWÒn` +ûðw„i–?“ŸƒçKFÅDþ@Ý| +nQJŠi­ZÅš +p=švïõAGÉ’ž©öYÏ'†šÃõÒHÅ/Ì£|†Ôëg€s +Ò +•eö, +€ ÂIøÊÝ!ægœ)ÿ á-"ÛdÖ +†¬Û˶©ý4¶!~6Ÿp‹Šb˜Û£o#œCˆ¶9ÂØ +è­Üï! +Öӗ‹õ ŠÑCžä,‹uuÕ'ÿ7Áß-ŒÖ_:ë{FyRÜ +­R±N/Û³ +×âü{ ÎF5÷–íü ]I¥Ú£ñ +Ž²@/[üÌmðüþúúîÝÛp¿1­^ºÌ.ùÕÁ¡Ûûš³w +„m9dÒ¶°ä +{’µ]9ƒwýŒ;® +ýþ? xí`Øê2aãáZ—gÅW1`œ”þ|hµ ÀâJ-.°óÎUV@öR"90Χì^Ë9¥ÓÖH˜«x5$åÂ@4¯]è(Tåè²Ç‘¿ Ð +bº¹MÇÃ/IŒŒy€êráæÂL +Ž$€8Æ}×µ=­í}üàxRM¡ô3˜3mÏRàÉ?Þ]ý +ÒZe? +endstream +endobj +3713 0 obj << +/Type /Page +/Contents 3714 0 R +/Resources 3712 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3711 0 R +>> endobj +3715 0 obj << +/D [3713 0 R /XYZ 71.731 729.265 null] +>> endobj +3716 0 obj << +/D [3713 0 R /XYZ 71.731 718.306 null] +>> endobj +3717 0 obj << +/D [3713 0 R /XYZ 344.496 708.344 null] +>> endobj +3718 0 obj << +/D [3713 0 R /XYZ 71.731 665.838 null] +>> endobj +3719 0 obj << +/D [3713 0 R /XYZ 137.484 650.062 null] +>> endobj +3720 0 obj << +/D [3713 0 R /XYZ 71.731 634.954 null] +>> endobj +3721 0 obj << +/D [3713 0 R /XYZ 137.484 619.178 null] +>> endobj +3722 0 obj << +/D [3713 0 R /XYZ 71.731 617.021 null] +>> endobj +3723 0 obj << +/D [3713 0 R /XYZ 137.484 601.245 null] +>> endobj +3724 0 obj << +/D [3713 0 R /XYZ 71.731 599.089 null] +>> endobj +3725 0 obj << +/D [3713 0 R /XYZ 137.484 583.313 null] +>> endobj +1115 0 obj << +/D [3713 0 R /XYZ 71.731 564.134 null] +>> endobj +438 0 obj << +/D [3713 0 R /XYZ 331.319 518.88 null] +>> endobj +3726 0 obj << +/D [3713 0 R /XYZ 71.731 495.391 null] +>> endobj +3727 0 obj << +/D [3713 0 R /XYZ 200.478 486.003 null] +>> endobj +3728 0 obj << +/D [3713 0 R /XYZ 238.116 486.003 null] +>> endobj +3729 0 obj << +/D [3713 0 R /XYZ 150.545 460.101 null] +>> endobj +3730 0 obj << +/D [3713 0 R /XYZ 71.731 438.019 null] +>> endobj +3731 0 obj << +/D [3713 0 R /XYZ 177.115 414.272 null] +>> endobj +3732 0 obj << +/D [3713 0 R /XYZ 71.731 412.116 null] +>> endobj +3733 0 obj << +/D [3713 0 R /XYZ 71.731 397.172 null] +>> endobj +3734 0 obj << +/D [3713 0 R /XYZ 71.731 384.22 null] +>> endobj +3735 0 obj << +/D [3713 0 R /XYZ 139.477 368.444 null] +>> endobj +3736 0 obj << +/D [3713 0 R /XYZ 186.142 368.444 null] +>> endobj +3737 0 obj << +/D [3713 0 R /XYZ 434.269 368.444 null] +>> endobj +3738 0 obj << +/D [3713 0 R /XYZ 455.847 368.444 null] +>> endobj +3739 0 obj << +/D [3713 0 R /XYZ 139.477 355.493 null] +>> endobj +3740 0 obj << +/D [3713 0 R /XYZ 71.731 333.53 null] +>> endobj +3741 0 obj << +/D [3713 0 R /XYZ 289.443 322.616 null] +>> endobj +3742 0 obj << +/D [3713 0 R /XYZ 407.569 322.616 null] +>> endobj +3743 0 obj << +/D [3713 0 R /XYZ 71.731 275.005 null] +>> endobj +3744 0 obj << +/D [3713 0 R /XYZ 354.1 263.837 null] +>> endobj +3745 0 obj << +/D [3713 0 R /XYZ 256.248 250.885 null] +>> endobj +3746 0 obj << +/D [3713 0 R /XYZ 407.28 250.885 null] +>> endobj +3747 0 obj << +/D [3713 0 R /XYZ 71.731 216.225 null] +>> endobj +3748 0 obj << +/D [3713 0 R /XYZ 196.473 205.057 null] +>> endobj +3749 0 obj << +/D [3713 0 R /XYZ 267.496 205.057 null] +>> endobj +3750 0 obj << +/D [3713 0 R /XYZ 71.731 180.898 null] +>> endobj +3751 0 obj << +/D [3713 0 R /XYZ 71.731 165.789 null] +>> endobj +3752 0 obj << +/D [3713 0 R /XYZ 139.477 150.013 null] +>> endobj +3753 0 obj << +/D [3713 0 R /XYZ 297.214 137.062 null] +>> endobj +3754 0 obj << +/D [3713 0 R /XYZ 330.352 124.111 null] +>> endobj +3755 0 obj << +/D [3713 0 R /XYZ 370.245 124.111 null] +>> endobj +3756 0 obj << +/D [3713 0 R /XYZ 381.765 111.159 null] +>> endobj +3712 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F25 852 0 R /F38 956 0 R /F60 1440 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3759 0 obj << +/Length 1730 +/Filter /FlateDecode +>> +stream +xÚ¥X[œ6~ß_Ô>ÌH‹ƒÍuVª”t»ÙŠjÓ(™>%QäÏ@Ã`Êe'Ó_ßc|3d“4OsìsûÎ +Ï98žsõóöêÉsßw6h‘ÈÙî +?Ø /JœØ'( ‰³Íœ·«ÛœÖ +kÖ. œU„äó–Wï< +úŠšrëܗìZ.»œÉEÉ×Ø[)‚–5pÏûíoWžøã — +q‹ +^"ø +vTÞ X–¬µ®ÐOÃ=$t\ +£ +h5 +ÝjA²Ù +j·hXÚñæ,_‹V>+Ÿ&áê$_äºb™|Ý)چóN®h¥>„®Œ)ÕkÃhFwš•>—±œ £}Ù)SŸØ+ûñ^.Ò\ñTR)> +Wü„ú ²‹ ڄX*ÚöE70ƒos§ú(H80 +šu®x_+Ê©ùIˆ’Àה{ÞÌŒÙWuSÑ + +à„ÃÕA[Eø^р—ׁ·ºž+E•:GúQ€ÙÊ +!҂ÝxUž×QžB +š‘£oŽÀ/yÇŽÄŽ3÷ +k¹Ÿ"e4 +ìÑߊºYûñŠýÓr‘]Ï=̔ðU;3MËR +îŒC­z±ŸÑ|ƒ³ +žàF6šâÒ!*¢0ÆÆ>V8é  4€Ò÷Uÿê^ +/ש hÚŒ²äüöpûj€HHô­r@N×Ä[=ˆl‚ö'ÏCÏI@¯(zá֞*:T}}XÐßP +kª¶ßÍÃݘ²wΏ‰!2þÌy™™d'\0 +o|ÅŸ +u¿+‹TR*ŽƒFç1WžŠ.ŸùrBgÇ»ŽFSìÏsïƒûh×7 +iQ.œýêÅ/ßéÊù +íX5Wjǫڔ +¯k£ø˜6/Òª|œ›Éù0§¢,g»Ó(1AV[H\°P† +¢ÊÎ>%5îz§ŒHs[Qž÷œgÛ +Ž2¬p¡£²aÇ ›A_됔ý€÷7œ +Õë۞–åù+UTÉ +ËUñ/›å¬ +V%³Žh;Z>æ]-+Ð5]_ +]•oÞt 䵭ۑÎ%U) +l¥(3FmL?f+ºïd—pQãº)’.FÄhLÉ[a6Qá‰8©ÞÓŠšuŒ›„ú H›‚÷ÚÝMšJR]íÜ=S‹vyÑªÔ +Dp8ä(7ŠQ, +Nè!âGRƒùBä8Yœf‡¢=¥:°Aå#ù¯,XÕ-ä³ F ÁPÌ ;ƒÄ&»³ž'Rí‹F×ÀKÛdŒÓ1¶ŽcìêLMmšÀP«°¢81ÙøÖ«; A +ÉuÔW+®;œTé0d1}åúÑøF±¡hþ +œX¶Tû¢yÖB„€;k!ݐz&àk§"ëÂ`ÕY™<Ÿ\,UßË?*ËBZôf¡¹aˆHB@iŒ"hdYß*—Ÿ71C + ¬ÍXoº‘ç­žÉGjàóøáh + Ÿ~ýóÍöå³?î>Üþþâîå?miÙ᧢ð¬Áß* + + + +{‰^±ï”‡ +ò#YfœÔy(7*h"‡Vy +x5 +ŽñËöCÇ +†]ʏußéHºÊž—¥lÞÇR?Žûç«ô:PicÇ +<#—” #›â­œ³rÎ[»²‚6†æ5mÛB#[Ê + +Ó‰Úƒ#=rÐFÛ@V(š±Ž8R“ì‘N¶CC>¬<ùp]ùÜ\[ICoïÕö3{û¹"ÖöQ,“ù:C—,!¬bbSý +7Þ $±ÓC™U +6“X6BL©‚Þs^Þò‘çVp„"_MŸmþ£¢ÄJh™üȘRæQt×™]å‡ìÑY7&p("FÞD€,‚௖Íp +îÐУòq2¹6N`r7Éž¥ÇœՇ–uõi ±4øË3 +˜³œØõ3èÁí\¶€S +e0 +[öôs%æþċ4Ù®ššîÖ\'s]{­;,êl8ë€Ú׳nQžI43vhñE–²ñr™`6o™)ƒSÃãdƒÆYôë +oŠòN•]3V6Lƒ +Æ»du菢$܌ŠÀEô,B"‚B?°û© ++zÔ¿hÄ +dŒƒZí)Žô­©kæ¿C]3ÝT^ØL7þ2Q,ÇÑÉ4£‚«oK~.ý[ä¢-?lg +¢~ðVÚw“/3Mm*wñ€Ÿ/*(÷_FÿòEþä¢ñ·Á8qšäxäY!úóWIJžÐÖ/LŠ¢ƒ±N/8mY:2iå_÷Õ"Š¡; þ'Š +¬Œï€;ë·û– +&˜%I`;²š€ôHeÇ9œžûDuÉnæÕúÑÒ$b‡+ƒ@Ù/!֑»íÕ(.q +endstream +endobj +3758 0 obj << +/Type /Page +/Contents 3759 0 R +/Resources 3757 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3711 0 R +>> endobj +3760 0 obj << +/D [3758 0 R /XYZ 71.731 729.265 null] +>> endobj +3761 0 obj << +/D [3758 0 R /XYZ 71.731 718.306 null] +>> endobj +3762 0 obj << +/D [3758 0 R /XYZ 71.731 708.244 null] +>> endobj +3763 0 obj << +/D [3758 0 R /XYZ 139.477 690.411 null] +>> endobj +3764 0 obj << +/D [3758 0 R /XYZ 172.961 677.46 null] +>> endobj +3765 0 obj << +/D [3758 0 R /XYZ 280.029 677.46 null] +>> endobj +3766 0 obj << +/D [3758 0 R /XYZ 470.623 677.46 null] +>> endobj +3767 0 obj << +/D [3758 0 R /XYZ 71.731 652.508 null] +>> endobj +3768 0 obj << +/D [3758 0 R /XYZ 71.731 639.437 null] +>> endobj +3769 0 obj << +/D [3758 0 R /XYZ 139.477 623.661 null] +>> endobj +3770 0 obj << +/D [3758 0 R /XYZ 298.38 623.661 null] +>> endobj +3771 0 obj << +/D [3758 0 R /XYZ 71.731 598.59 null] +>> endobj +3772 0 obj << +/D [3758 0 R /XYZ 71.731 587.696 null] +>> endobj +3773 0 obj << +/D [3758 0 R /XYZ 139.477 569.863 null] +>> endobj +3774 0 obj << +/D [3758 0 R /XYZ 421.855 569.863 null] +>> endobj +3775 0 obj << +/D [3758 0 R /XYZ 176.289 531.009 null] +>> endobj +1116 0 obj << +/D [3758 0 R /XYZ 71.731 523.871 null] +>> endobj +442 0 obj << +/D [3758 0 R /XYZ 263.698 480.773 null] +>> endobj +3776 0 obj << +/D [3758 0 R /XYZ 71.731 457.018 null] +>> endobj +3777 0 obj << +/D [3758 0 R /XYZ 245.866 447.896 null] +>> endobj +3778 0 obj << +/D [3758 0 R /XYZ 355.335 447.896 null] +>> endobj +3779 0 obj << +/D [3758 0 R /XYZ 71.731 422.825 null] +>> endobj +3780 0 obj << +/D [3758 0 R /XYZ 71.731 288.207 null] +>> endobj +3781 0 obj << +/D [3758 0 R /XYZ 71.731 253.461 null] +>> endobj +3782 0 obj << +/D [3758 0 R /XYZ 71.731 253.461 null] +>> endobj +3783 0 obj << +/D [3758 0 R /XYZ 71.731 252.215 null] +>> endobj +3784 0 obj << +/D [3758 0 R /XYZ 137.484 235.194 null] +>> endobj +3785 0 obj << +/D [3758 0 R /XYZ 176.777 235.194 null] +>> endobj +3786 0 obj << +/D [3758 0 R /XYZ 71.731 215.104 null] +>> endobj +3787 0 obj << +/D [3758 0 R /XYZ 180.523 205.605 null] +>> endobj +3788 0 obj << +/D [3758 0 R /XYZ 199.89 205.605 null] +>> endobj +3789 0 obj << +/D [3758 0 R /XYZ 71.731 193.949 null] +>> endobj +3790 0 obj << +/D [3758 0 R /XYZ 137.484 176.016 null] +>> endobj +3791 0 obj << +/D [3758 0 R /XYZ 206.375 176.016 null] +>> endobj +3792 0 obj << +/D [3758 0 R /XYZ 430.423 176.016 null] +>> endobj +3793 0 obj << +/D [3758 0 R /XYZ 137.484 163.065 null] +>> endobj +3794 0 obj << +/D [3758 0 R /XYZ 190.894 163.065 null] +>> endobj +3795 0 obj << +/D [3758 0 R /XYZ 326.674 163.065 null] +>> endobj +3796 0 obj << +/D [3758 0 R /XYZ 326.424 124.21 null] +>> endobj +3757 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R /F25 852 0 R /F51 1265 0 R /F38 956 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3800 0 obj << +/Length 1675 +/Filter /FlateDecode +>> +stream +xÚ­XÛnÛ8}ÏWø¡Ed ¢u¿hÑ[ÚfmƒÆÅnÑF¢m!º-%Õ5°¿Cr(KŠ²Ýy5¢g†3gÎ +m-¶ +kñöäåúdõÆu1‰'X¬7 +׋‰D‹ÐuHä;‹uºøbŒÚѺe|i:ŸeD=_UåWËr¶ +ÏÊ­ +ºœ=QËvÇÔ"¯–¶eà††ñï çÛú· +]Xœñ­E6ãPØ7í "Ÿç/LÇ#Ÿ)šÝ#ñ#ØköÚ1qƒŽš=ŽØѬü«amœO—f`YZŠ^Îÿ\« +e;®ça¿xùêõù›‰?®=ˆ‡:`$wbâG±2å’ÑO_äá>5lrvqܥ팟.}ßh”4©Ê¥gêK™±2Á훮LÚ +ŸÊ·SóòõUøCÎh‹{©zp&Žl³ŠåôøSV¶ü° +|SuþƒuÎÎ0†Ãxû.±,[„î/D[€ZEÓŒ| šz³Q]ë`V][w­Zï³<×ðªnq•Ý +€éSŽP-W +S`: +Ó9DŸ}úîÃÕúýÒ ¿Ÿ?ohÞ>€fØ +§Ç-T(%Ÿ—¶-²º ÈdŽeµÌª'ãf‹š/Š©žBìk±‡þƒœ–âXõ%w£î)™b¯FœšJ;U Ñ +MZà +\vÚ'÷î€J0‡`#& +Q`€ôÖ3•ìÚ»u„³'IßªT¥ãiO<`úòtiGF« +KÖPžInƒïGOÓ +ÓÃqÃîš6Í^$°âi3‰¡öÊC¯ˆz¹ Œ +ƒ1ä€Éž›Û¬Æ&»‚N$ŒÊD¢ØâžXz°˜Ÿ5§t_Èô¹úôîŽ +ƒ„ªG +X„sÑ.oQqÀe¥Å5r +:Td]ŕÓ>åÇÄ>ö©ÿ*u7"žå÷ƒê‘J\ƒgÛ +:@ñ‰œãªFaQm&_Fu ïšÓÔۀÌ@k©[V +¬ŒsgäwÛuÖ +e€8ši$Uq +ïËI—KŽ-ž‘-ÑcÆÜÐ €ðl˜ò=åÄ +Ÿ8q8Ä°]ŸžºúãõÓëÁäinYiJˆ<¯g +éùÒŽmøᯘûéu¢d{µx€<û©ùà—Ì'õÈ&‘æl$ŒªÚç3©9[u +_åÌ«æ&+WÚÝuìüýúãçQ.Ça/ÿ óLGî± +fa}<ãùãë‡õ‘%» +’îªõ³gê¹bm²þóäa!s+G0ÙRÅê:e-Í~§|ï4MêLÖñ@dÌÕêfîcA +W7BO”Sç%œ¬•«+7Hòj+ïל@6^ñ”\‹Flù>{¡3ˆc¯FØ‘nü#7À:Þ3eÍx~˜v7h +©’ádšhÀ[pƶEåà:×<}uxŠÕغ–Cuö +]=káÏÔEYچùyWåéÜžÛÏ3œUÛÿc±Ýöièiyr­™Üç'¥ìWšƒÅš­‡­m&ìèRšõ^\Î +üÕÏî1¢-êˎžÐÌŽ[šsWÚ×¢Îr= +få`dü°éyœ7wþƶ‡¢Ó—Â6§v|U˜‹˜T’Øî;§i2€uÎ̒µ8kÜ>E{3c³þõè +ØLvDŸˆfüóc2ÀÏ3IàÙôŸ‹Ñ€Û$² ‹ÂÐñgñóõÉ¿çï +endstream +endobj +3799 0 obj << +/Type /Page +/Contents 3800 0 R +/Resources 3798 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3711 0 R +/Annots [ 3797 0 R ] +>> endobj +3797 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [155.018 479.686 201.842 490.59] +/Subtype /Link +/A << /S /GoTo /D (0:CLIENTS) >> +>> endobj +3801 0 obj << +/D [3799 0 R /XYZ 71.731 729.265 null] +>> endobj +3802 0 obj << +/D [3799 0 R /XYZ 71.731 718.306 null] +>> endobj +3803 0 obj << +/D [3799 0 R /XYZ 180.523 708.344 null] +>> endobj +3804 0 obj << +/D [3799 0 R /XYZ 199.89 708.344 null] +>> endobj +3805 0 obj << +/D [3799 0 R /XYZ 71.731 696.687 null] +>> endobj +3806 0 obj << +/D [3799 0 R /XYZ 137.484 678.755 null] +>> endobj +3807 0 obj << +/D [3799 0 R /XYZ 71.731 671.617 null] +>> endobj +3808 0 obj << +/D [3799 0 R /XYZ 180.523 662.117 null] +>> endobj +3809 0 obj << +/D [3799 0 R /XYZ 199.89 662.117 null] +>> endobj +3810 0 obj << +/D [3799 0 R /XYZ 71.731 650.461 null] +>> endobj +3811 0 obj << +/D [3799 0 R /XYZ 137.484 632.528 null] +>> endobj +3812 0 obj << +/D [3799 0 R /XYZ 71.731 610.446 null] +>> endobj +3813 0 obj << +/D [3799 0 R /XYZ 71.731 610.446 null] +>> endobj +3814 0 obj << +/D [3799 0 R /XYZ 71.731 577.689 null] +>> endobj +3815 0 obj << +/D [3799 0 R /XYZ 237.877 566.775 null] +>> endobj +3816 0 obj << +/D [3799 0 R /XYZ 251.765 553.823 null] +>> endobj +3817 0 obj << +/D [3799 0 R /XYZ 124.533 513.724 null] +>> endobj +3818 0 obj << +/D [3799 0 R /XYZ 137.484 495.791 null] +>> endobj +3819 0 obj << +/D [3799 0 R /XYZ 485.336 495.791 null] +>> endobj +3820 0 obj << +/D [3799 0 R /XYZ 71.731 480.683 null] +>> endobj +3821 0 obj << +/D [3799 0 R /XYZ 137.484 464.907 null] +>> endobj +3822 0 obj << +/D [3799 0 R /XYZ 71.731 401.146 null] +>> endobj +3823 0 obj << +/D [3799 0 R /XYZ 278.733 388.194 null] +>> endobj +3824 0 obj << +/D [3799 0 R /XYZ 71.731 353.161 null] +>> endobj +3825 0 obj << +/D [3799 0 R /XYZ 71.731 343.198 null] +>> endobj +3826 0 obj << +/D [3799 0 R /XYZ 71.731 343.198 null] +>> endobj +3827 0 obj << +/D [3799 0 R /XYZ 149.141 333.699 null] +>> endobj +3828 0 obj << +/D [3799 0 R /XYZ 71.731 332.605 null] +>> endobj +3829 0 obj << +/D [3799 0 R /XYZ 149.141 322.042 null] +>> endobj +3830 0 obj << +/D [3799 0 R /XYZ 71.731 320.949 null] +>> endobj +3831 0 obj << +/D [3799 0 R /XYZ 149.141 310.386 null] +>> endobj +3832 0 obj << +/D [3799 0 R /XYZ 71.731 309.293 null] +>> endobj +3833 0 obj << +/D [3799 0 R /XYZ 149.141 298.73 null] +>> endobj +3834 0 obj << +/D [3799 0 R /XYZ 71.731 296.712 null] +>> endobj +3835 0 obj << +/D [3799 0 R /XYZ 149.141 287.073 null] +>> endobj +3836 0 obj << +/D [3799 0 R /XYZ 71.731 285.98 null] +>> endobj +3837 0 obj << +/D [3799 0 R /XYZ 149.141 275.417 null] +>> endobj +1117 0 obj << +/D [3799 0 R /XYZ 71.731 251.258 null] +>> endobj +446 0 obj << +/D [3799 0 R /XYZ 352.821 206.004 null] +>> endobj +3838 0 obj << +/D [3799 0 R /XYZ 71.731 182.248 null] +>> endobj +3839 0 obj << +/D [3799 0 R /XYZ 398.463 147.224 null] +>> endobj +3840 0 obj << +/D [3799 0 R /XYZ 71.731 114.248 null] +>> endobj +3798 0 obj << +/Font << /F33 859 0 R /F50 1263 0 R /F51 1265 0 R /F31 858 0 R /F25 852 0 R /F38 956 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3843 0 obj << +/Length 1467 +/Filter /FlateDecode +>> +stream +xڕXÛnã6}ÏWè‹ +Ä +u¡$°mꎻè"mbôe,h‰¶ˆ•D¯.ñúï;/ºXÍn_"‘âeæ̙3ãàÅa¿_ýºœº¹÷ýÅ­C/\l÷ +?X# +ƋÈ÷PLŒÅ6]|rî2zlXµ\y;!RÏ;Q>cì +ڊ—5unsv­^›Œ©—\,]ìè5«^᜗í‡+¬Mž¹'xÃýa ï_ynŒ"ÁK€Ž•Ÿþ‡¹ +¶¬\ +° ûðÓh24“«cg›U¬ÎDžªá^TöåD«Ž³ZŽ¡ŸÒdù’ +ý¥7÷òŠ™ÉÍ·£šš'{xsŸMà¯YæùÈw}íÌG^'/s_žXŽ>u·ÞŸÿKAÓüšåzˆ•;ˆÕÊÅÕz±’±Š¬Ž8æüÎgüÒ%Ž bbƒG.ʟÕé£H˜Ã=ðÐ]kÓïrÎÊŠ~ù>&Ñ(ìÀëŽBKê‘t‡ƒ@ó\œÔ+Ÿ|›K–4? +eë­ºçT”—(Å»šæÍ;Š=Wñœ¹÷ȍçEC#ÃÀ”v%DDR?ŠMIw’Õ¹b>ÌìhÍ`ÄÔ(¥ +•3jt£ +ÈÕ€œ`.xÈ׌O + +שÌMÕÒ}µô°# +5Rù/µly5ŽŒ(D(ö\ÍíÇ/šüPryBeäM_— +q`LšAb¯WÓ"ôԀד$GíQáêv4¢ÒŸèÀÈ £¡e:ËI5©ªm|=Ž&®òÃ^h¬H Î͍î +æ©ÿŒ –BOW‹ÕŸê` +·SƌÑòXØvÖgS}ÛÎx!$T*@L{°3‹U–šA{em ¡UÓ +µ€Ÿ/G^i­Uj,5H¶µ5É ¯¿ž¹®hëfli«±Ó +\±ŠâLú¡²Ž› + +ú”,âSl!r™µ>£å\ØfŽÉEbŠo<ƒXÈfæ@•€Û0±òBb}â–µ€ñp)Œz1\ß-zØÉôy墭ó3$/v®UI ƒˆHør +Éi›b=€2é/³W§çEj* +š +•gKš;|º{¿¶ŒêÀí6Q¶(ê·Ë ŸŠtÈG‰éJ;7ŒŒ˜ëZB†ž†€ + +hä‘çL+/gÐ + +Öfœ†²­/ÁÓÒpÉꋍº°Tm\­NŒÉVàË@ânÿxxÚÎÅ̉Ýþž¹jéK1ôuŒb¬+Úo3i±LFa€ + ˆèy¬Äv%ÛKÓ÷°†RxFRÚzš}mÝB‘=k„†œñQ؇€ZÄ¢™Ò +‘ïÀîÎÞf#Ñ(©ñÃú‰Úàg0©@ýE1í‡øõŠÇJšmkdLl÷I÷¶GM2–|‘º\Ša7 +«Ð ,tòRè©®|ãFPi‘KÏː8דÚŋ‚¥ +šŸ­/°ž·š-¡~‘úÁR +X;­£=hÑ +brâyn5~&à)˙e،ÞEV{Ò©cÛŒˆŠø~j@ŊŸ-('°±2aÆý†ço +ž²Úå#°}®dTlϪþgŸ&TÄJ{†×ŒiÒÆCÒbŒÖ–Ž +©ç:03­üÂĬt +¢š8r¬D¢ºwޔciãÒò +%µß‚€Ö’­c2†fÇrQ +,4F—æm³ZŠ“>õ5Ö +„žt +à÷×ȏüŸñuuë{÷v;Á;Ï÷SR›:³2Ô9BñžŒÑ +Ú\|‹ÚÔžeû•#Kži5T¯›·lŽrϞç?nþþ|ÿž +°óðñóÓæqcçŸÍ#| +Šu©£.üŠ +]K +ý3ç +ø +ãÈ,æÔזÑ18 +ûÍÿ‹L/²ñí‰ÉC†[1 +<ﻝZßðYò +~ɏÿ“°vÁ= k裘h*ÅÁhËf{õ/’‹a +endstream +endobj +3842 0 obj << +/Type /Page +/Contents 3843 0 R +/Resources 3841 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3711 0 R +>> endobj +3844 0 obj << +/D [3842 0 R /XYZ 71.731 729.265 null] +>> endobj +3845 0 obj << +/D [3842 0 R /XYZ 71.731 718.306 null] +>> endobj +3846 0 obj << +/D [3842 0 R /XYZ 71.731 593.787 null] +>> endobj +3847 0 obj << +/D [3842 0 R /XYZ 71.731 570.097 null] +>> endobj +1118 0 obj << +/D [3842 0 R /XYZ 71.731 502.629 null] +>> endobj +450 0 obj << +/D [3842 0 R /XYZ 281.757 436.376 null] +>> endobj +3848 0 obj << +/D [3842 0 R /XYZ 71.731 416.235 null] +>> endobj +3849 0 obj << +/D [3842 0 R /XYZ 226.659 403.499 null] +>> endobj +3850 0 obj << +/D [3842 0 R /XYZ 221.488 390.547 null] +>> endobj +3851 0 obj << +/D [3842 0 R /XYZ 71.731 362.488 null] +>> endobj +3852 0 obj << +/D [3842 0 R /XYZ 71.731 347.544 null] +>> endobj +3853 0 obj << +/D [3842 0 R /XYZ 205.298 326.388 null] +>> endobj +3854 0 obj << +/D [3842 0 R /XYZ 321.568 326.388 null] +>> endobj +3855 0 obj << +/D [3842 0 R /XYZ 71.731 288.53 null] +>> endobj +3856 0 obj << +/D [3842 0 R /XYZ 173.23 262.627 null] +>> endobj +3857 0 obj << +/D [3842 0 R /XYZ 220.532 223.773 null] +>> endobj +3858 0 obj << +/D [3842 0 R /XYZ 71.731 208.665 null] +>> endobj +454 0 obj << +/D [3842 0 R /XYZ 278.19 171.449 null] +>> endobj +3859 0 obj << +/D [3842 0 R /XYZ 71.731 148.332 null] +>> endobj +3860 0 obj << +/D [3842 0 R /XYZ 243.167 125.621 null] +>> endobj +3861 0 obj << +/D [3842 0 R /XYZ 476.37 125.621 null] +>> endobj +3841 0 obj << +/Font << /F33 859 0 R /F50 1263 0 R /F31 858 0 R /F25 852 0 R /F48 1258 0 R /F55 1386 0 R /F38 956 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3865 0 obj << +/Length 1964 +/Filter /FlateDecode +>> +stream +xÚ­Y[oÛ6~ϯÐ[l fHJÔ¥ÀdY:tX;4õ +íPÐ2 + +U$O’“f¿~‡W‰’’&C_b‰"Ïõãw +Ü8øåä§õÉùë0 +2”Å4Ö» Œ2„ã4HBŠRFƒõ6øžžÜóC'šåŠ2Œˆ‘þœ¬«OӛcST7zèáXŠ3ýØí +~(ë%Á +3¡Í +Èù{ýë 6*Àþd°ÿŠÒ +1ÃC„Nµovzý'JÃë«÷Ÿ__/#ŒøýíçW×Ë/þŒº†O‘žTŽúwW—°9e‹{±Õ#›ýËõρwûº ÕÈ”€ˆE)è©ŽÈËBT™7TTMqb§Ýe©¥ +[1ò†Ür¬tȔ‡(d,XŠ2ëûg™Ì[Ï°t9/Ë +Ï¿ŸXb†g +% F,̬Œ2««òÁ ˜Ú +E'‘]²‰™Üù‘(ª¢+xYüë2Å9dË;Ÿá­0IµÞ»5Î$í¡˜„Æ7Ä€®€S-DÁÉ¥TÙ Þ +õB]­¹už~ +)Y¥` +UJz«5fÁ÷ØՍðæb›jÒÆ`htSŽP4*÷`ìŸP‘n#«A©Þ,[ e(V²ò’D[xõ•ß +JñÊ8? +:£8qI‡ÎsWK’.Œ{W+¹ïÊ~[É¿¥øÁ$Tè +ö‡„:].åì€Všå·{^T3q1A ÔšÙûMeƒjƒ–ƒóÎtàˆ¢0Î +ßyáAÝ4⟣hÍ° +ŸÌ +Œª¬ùv”DœéŒ+êÊŠº4ÕDSߎ֌¯-Î +%W"ï +Ze +^Èp +‹u tPˆEٞù +ћª2å« +·ÛˆŠ©¿r›ce‹Iÿžæ{‘9Õ/·õÖ"ïfIyºÇ,Pe8H! q€,ň„. .žÈ,DY€Š®5aOÒhR¯Åéì[ÖÊr +‹ŽJ” +¬   + +¬hŒbœá»º³µºìe(ÂÄ*ÿZ‚òw’.jå¿»¢>¶z 9”Ô +ÂTtzšŒ­«V†îLè„—Ðò™WUmžÛƒÈ‹ÝÃh¶9äP=4(g¡ñ|py-•­ +:j{V„ ˜%ÃS€ú¡„Ij2S[•zH¿®ŸœlҞʺþr<üU­ÆY¥u9vÄŸn»Šßª·dQïæœj+NZ*_›ÛCQŠíªšÆNÞ +휖uÎ˶ãØÍ©U + _˜!Y +€< +Æ +Û +%–Ënf%|IcùE;(C +g‰ÂUéêËðŽ73É +i +Æ®òÐLm®Â,F$ʂÃÀL2=s=}#4jorGPš—¬EÇVXQT#>íÑ ×l­&µ)ÿCSԍ.7CZd-#hf±W#é¡žýîCª|T£†€~ØhÎâG +å–ÛAì¬ç/{sõnýnI“ÅÅÛ«™0Ä@ç"j§Û³Ñ¹bóÓGGã©<Ú~Á™OøJÉ1f|­P$ +Åԇà>öCÉ6²ÓŽ„Ž8Á_Ìé¥R¹c +@zϵ:¯|σž +QY +Ôú=WGbÐ.x—Ü!Žbœ:>/‹Í¹lHΛ +™P™0=Ú{hià7”Aà•Lú +¶wGpØ0‚ˆÈœÌ&+-ÓböxùÙPPH§~ +ÑÅþ2C¯RŠO“`cølÕZÀpB +ŠÈóQ‡/âY]ۙW͆8SÐÄìyýX<íÇ^Ê+÷HO(eŒ{˜*ídž€œaN®Ö'ÿœÈ HL€+3à× +¡ÙÉoO䇐bè³ }PDºÁîäýÌ*ŠJ²È®Ò³ PuFR»J5ü~&R`r²˜ŠiŸH—:@Ë +š²™C‚£$M ÿ`ƒtÚ¬ÒŸ·è›U}äyœ +„aWC·’A +ÛnŽ³Q»^s#†gmiŽg¹X> hœ¡|¶öŒS›#*V„=È5˜RpSúìãÞCÇm +«ØΰÞr/ª9O@”“Ÿ÷ÚÓ©7B Qԓ%ùƒe^nµ:©ÏžÔ­0”ÄféÈB^ÞK×réŠȝ՝š|öÊ-KÌyéÞ3eGØ\š=ïçõ¡°þW03¥ùT +Ù³œÍs$ à5rӄ]ÏÒ\YÀîð€!F4dŸ7fØý4 +™º8 + +Xf"ò‡eÏțo +fÜÚ© +™ôv},këƒ +¹_I!»qäw3ÏŸ.Å#à%Š?žCsàfÓ'!OßV‘epzÒ@2$~靉¹ +‘ +ÿÖÅȝêlô©nzâs¹îÉK’Êé™w$!JÀë +ŸýÎw$Ï9˺Ç:wûçݎ&)œ®Ær¹`/r‰»_ +hù.a3çKem¯ÐۖCƒÝ ïþŽC”:z$ÁâÌcæM/:’Ðaƒõ’IÖ°«ÙY¯ÀŒžèNAÜ¿? +¢K“!ˆƒî-‰*UÃù¹ºŽPÁðc-/—§ž`el‚Ÿ1 +{€²òye’?Øû,öȵÝ0}Ú⊲·­“@LHæ8³àC5ŠØþ?$2À8 +ôg‡S¿i +úXo +endstream +endobj +3864 0 obj << +/Type /Page +/Contents 3865 0 R +/Resources 3863 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3711 0 R +/Annots [ 3862 0 R ] +>> endobj +3862 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [169.873 493.883 218.908 504.787] +/Subtype /Link +/A << /S /GoTo /D (0:PATHS) >> +>> endobj +3866 0 obj << +/D [3864 0 R /XYZ 71.731 729.265 null] +>> endobj +3867 0 obj << +/D [3864 0 R /XYZ 71.731 718.306 null] +>> endobj +3868 0 obj << +/D [3864 0 R /XYZ 338.1 708.344 null] +>> endobj +3869 0 obj << +/D [3864 0 R /XYZ 290.091 695.392 null] +>> endobj +3870 0 obj << +/D [3864 0 R /XYZ 71.731 660.359 null] +>> endobj +3871 0 obj << +/D [3864 0 R /XYZ 160.229 649.564 null] +>> endobj +3872 0 obj << +/D [3864 0 R /XYZ 399.688 623.661 null] +>> endobj +3873 0 obj << +/D [3864 0 R /XYZ 71.731 608.553 null] +>> endobj +3874 0 obj << +/D [3864 0 R /XYZ 71.731 593.609 null] +>> endobj +3875 0 obj << +/D [3864 0 R /XYZ 496.333 560.797 null] +>> endobj +3876 0 obj << +/D [3864 0 R /XYZ 71.731 522.939 null] +>> endobj +3877 0 obj << +/D [3864 0 R /XYZ 231.83 497.036 null] +>> endobj +3878 0 obj << +/D [3864 0 R /XYZ 220.403 484.085 null] +>> endobj +3879 0 obj << +/D [3864 0 R /XYZ 71.731 462.003 null] +>> endobj +3880 0 obj << +/D [3864 0 R /XYZ 71.731 462.003 null] +>> endobj +3881 0 obj << +/D [3864 0 R /XYZ 71.731 460.757 null] +>> endobj +3882 0 obj << +/D [3864 0 R /XYZ 137.484 443.736 null] +>> endobj +3883 0 obj << +/D [3864 0 R /XYZ 137.484 443.736 null] +>> endobj +3884 0 obj << +/D [3864 0 R /XYZ 71.731 442.355 null] +>> endobj +3885 0 obj << +/D [3864 0 R /XYZ 137.484 425.803 null] +>> endobj +3886 0 obj << +/D [3864 0 R /XYZ 137.484 425.803 null] +>> endobj +3887 0 obj << +/D [3864 0 R /XYZ 71.731 406.625 null] +>> endobj +458 0 obj << +/D [3864 0 R /XYZ 247.934 367.253 null] +>> endobj +3888 0 obj << +/D [3864 0 R /XYZ 71.731 347.148 null] +>> endobj +3889 0 obj << +/D [3864 0 R /XYZ 134.217 321.425 null] +>> endobj +3890 0 obj << +/D [3864 0 R /XYZ 348.59 321.425 null] +>> endobj +3891 0 obj << +/D [3864 0 R /XYZ 71.731 319.268 null] +>> endobj +3892 0 obj << +/D [3864 0 R /XYZ 166.376 268.773 null] +>> endobj +3893 0 obj << +/D [3864 0 R /XYZ 266.879 257.295 null] +>> endobj +3894 0 obj << +/D [3864 0 R /XYZ 287.115 245.639 null] +>> endobj +3895 0 obj << +/D [3864 0 R /XYZ 378.67 233.983 null] +>> endobj +3896 0 obj << +/D [3864 0 R /XYZ 219.205 222.327 null] +>> endobj +3897 0 obj << +/D [3864 0 R /XYZ 71.731 182.631 null] +>> endobj +3898 0 obj << +/D [3864 0 R /XYZ 160.229 175.767 null] +>> endobj +3899 0 obj << +/D [3864 0 R /XYZ 398.333 162.815 null] +>> endobj +3900 0 obj << +/D [3864 0 R /XYZ 193.424 149.864 null] +>> endobj +3901 0 obj << +/D [3864 0 R /XYZ 360.507 149.864 null] +>> endobj +3902 0 obj << +/D [3864 0 R /XYZ 474.189 149.864 null] +>> endobj +3903 0 obj << +/D [3864 0 R /XYZ 71.731 134.756 null] +>> endobj +3863 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F38 956 0 R /F50 1263 0 R /F25 852 0 R /F48 1258 0 R /F55 1386 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3907 0 obj << +/Length 1807 +/Filter /FlateDecode +>> +stream +xÚ­XYsÛ6~÷¯Ð›© +â}€ÓΞnÜ&“x:µú”æ"! 5EšiGÿŸ‹“‡à$é‹ +áXìñí· +ú‹ýÂ_üzõóæj}E‹i˜.6»EÈOóE +(OÂÅŠZ|òîøԑv¹ +ßK‘úǚ¿|?Ü÷-möjêÜ×äF +»Qƒš-ßÓ8iŸAÎçÍû+_«°Ÿ“E÷§±žúJŠ1Jü\)ðÀ:òF +[ßÇùhw˜ Ø@ŽÜu¿Œ| 5³ÜcÛeè{ϔõ\MpRö°$ +íÎjª%˜³†/aîFÍ(µaP֔4 +ãŠazÌO€€»ól÷ w=ÅfKîðsýKx¬Öcֈÿ™Ü +ŠÅʚU 4ɔM\ž +Ìz^†‰GŽmœVD(Ôύ¹Ë¹ù +ÖµՌ=õ'—~.õz®â*5­çï|4ŠìÌò2ð + +ÄM5œ¶úÚÊTYY²ã‰Ö€ZÑfîÐÝ8šöú뚕žæ +îHEÛk£}âs¢wl‰@^âœÀl0wTE€XÜםã‡ðÌ£\á/ñ~Zd2[€1d‰àú·”Š ¥ô&€vDÁ(ëVQ¡,N«ÄG¹_š“C"m„-&uHå +n˃ïX;Ëœöà— +®ØÂÌyIϏïX + + œØüfmeT‡ÿ§–²V%”ŒBE`œà‹Or鑔 +ț臚0ôr‹’Ù ï'5å©1? +9Jrëð»ïÞ>l +–aæÝ~|ëp,ž5ŠívÊg6ŽP<²É.+_/“ÄãÃÍpXOՔN^qâ¹±”RSçe\Æ”5ù&E€Š0ÖÞ +Ž€’Üa` +(X?ª³é˜Xòe +e–³3yƒ +¥Aa+J3èå(V1pMfö~úHyùÙ!2„ŽÎMyZ›¹›ÈoÇ9 +£bÏÒ¶âXµHÑÍú;› X'L 8¹qÖ»IB™äxfšöŠœöœTs +ý‡Üt€Úß=ïLu}’!3iPXN +J"cíôPE›Ì­{­·¢ +'õîầ3AaT˜Ssø/2ñÑ†dìãÉPÍÄ»e9baücÜ;܀u_˜(ÊÓ +ð߉\ˆO +iÚW¿Š¢ +i4uÄ­iA¿#ÒP©DëøZ“tÄfjFs¯Ò³Žóoª? +ƒÓЈŒäԏ'Æ9ÝÎ;`¯ +œœ0dqêÅg›Þ5N‘mž3Ý<ÿB:gÓ"_‹f "žºž·ÊßlŠ +Ù~W«æ`hx;j +t5=ž| +ñzìó3[ÒœãÿNrúà8ñ +©»è¹§¬g"/05sµÄÍkL.(7³ùûH:EäÑʃ®€e—^Ì3ÈÐÀ•Ïr [í¶¯åäWrÐ|PmÅü˜Ó÷êӉøⓣ<˜ñ‡j8KBª1²~ÓIœtTqåå›oäؐ”ó~úLRÕ»mŸ–³Éå»`‚Ç<}ß]=ÀՄì'™³ðߣÉîl)Lë"¿ßẟq‡ñõ\e˜ +6Á!£¢Øü9=ýä[()Rxû( uVçéäÈÛÍÕ¿dšÖ‰ +endstream +endobj +3906 0 obj << +/Type /Page +/Contents 3907 0 R +/Resources 3905 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3937 0 R +/Annots [ 3904 0 R 3912 0 R ] +>> endobj +3904 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [472.026 631.069 522.316 641.973] +/Subtype /Link +/A << /S /GoTo /D (0:PATHS) >> +>> endobj +3912 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [70.735 618.117 135.213 629.021] +/Subtype /Link +/A << /S /GoTo /D (0:PATHS) >> +>> endobj +3908 0 obj << +/D [3906 0 R /XYZ 71.731 729.265 null] +>> endobj +3909 0 obj << +/D [3906 0 R /XYZ 71.731 718.306 null] +>> endobj +3910 0 obj << +/D [3906 0 R /XYZ 463.929 685.031 null] +>> endobj +3911 0 obj << +/D [3906 0 R /XYZ 71.731 647.173 null] +>> endobj +3913 0 obj << +/D [3906 0 R /XYZ 148.134 621.27 null] +>> endobj +3914 0 obj << +/D [3906 0 R /XYZ 119.552 608.319 null] +>> endobj +3915 0 obj << +/D [3906 0 R /XYZ 71.731 588.274 null] +>> endobj +3916 0 obj << +/D [3906 0 R /XYZ 71.731 588.274 null] +>> endobj +3917 0 obj << +/D [3906 0 R /XYZ 71.731 587.029 null] +>> endobj +3918 0 obj << +/D [3906 0 R /XYZ 137.484 567.97 null] +>> endobj +3919 0 obj << +/D [3906 0 R /XYZ 137.484 567.97 null] +>> endobj +3920 0 obj << +/D [3906 0 R /XYZ 71.731 566.589 null] +>> endobj +3921 0 obj << +/D [3906 0 R /XYZ 137.484 550.037 null] +>> endobj +3922 0 obj << +/D [3906 0 R /XYZ 137.484 550.037 null] +>> endobj +1119 0 obj << +/D [3906 0 R /XYZ 71.731 520.897 null] +>> endobj +462 0 obj << +/D [3906 0 R /XYZ 404.76 475.642 null] +>> endobj +3923 0 obj << +/D [3906 0 R /XYZ 71.731 451.887 null] +>> endobj +3924 0 obj << +/D [3906 0 R /XYZ 71.731 382.203 null] +>> endobj +3925 0 obj << +/D [3906 0 R /XYZ 313.09 371.035 null] +>> endobj +3926 0 obj << +/D [3906 0 R /XYZ 394.882 371.035 null] +>> endobj +3927 0 obj << +/D [3906 0 R /XYZ 438.258 371.035 null] +>> endobj +3928 0 obj << +/D [3906 0 R /XYZ 71.731 323.05 null] +>> endobj +3929 0 obj << +/D [3906 0 R /XYZ 380.938 312.255 null] +>> endobj +3930 0 obj << +/D [3906 0 R /XYZ 450.815 312.255 null] +>> endobj +3931 0 obj << +/D [3906 0 R /XYZ 71.731 290.173 null] +>> endobj +3932 0 obj << +/D [3906 0 R /XYZ 378.846 266.427 null] +>> endobj +3933 0 obj << +/D [3906 0 R /XYZ 458.128 266.427 null] +>> endobj +3934 0 obj << +/D [3906 0 R /XYZ 119.552 253.475 null] +>> endobj +1120 0 obj << +/D [3906 0 R /XYZ 71.731 224.544 null] +>> endobj +466 0 obj << +/D [3906 0 R /XYZ 295.804 181.073 null] +>> endobj +3935 0 obj << +/D [3906 0 R /XYZ 71.731 157.317 null] +>> endobj +3936 0 obj << +/D [3906 0 R /XYZ 150.824 135.245 null] +>> endobj +3905 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F48 1258 0 R /F50 1263 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3940 0 obj << +/Length 1118 +/Filter /FlateDecode +>> +stream +xÚ­WMoã6œçWè¶2+úþ(ÐCšf·)œvø²èö@KtD¬D•4ÿŸC‘CK®›MќHSä›73o†tè=z¡÷éâ§íÅÕÇ$ñª ÊãÜÛîœ$­‚0/œ"‰ƒ2‹œmãýáߎ䠚\­ã,ôóÀŒ7‚ +Ãøq”Œ?š¥—±£—fªZj&XE¡o7 +T>ΟÛ_/BKìG3ûë8®‚,Êa’YX_V€ˆÑ ôäÅLž54áʚhDi +\΀Ë$(² +LN€· +„Tteþ“F¡’)‹ú#Z‘ß,Μ`†AYEô5ÌBa#Cž†{q~ǙÿŒQS­€C+ºDf‰ñ“PÕ +£èLí¢Kv§^éš&å­£2 +òâÅA +‰BH!gX ›Åz:(Ò3 +?Ž”Hµ£D}8҃]y€ÃƑթÔ,ó©8ó¢"ˆ£,r™AG0æAZU†b +”Z@Eéo'(˜ü²œß˜Ù YC6ž&özA5f~ VI:]g2ƒÖŽr‹ÂXӊ„Óiì?C‚'gÒÄ:‹õ(¥ 9üp¶ôŽUä +3%æ«% 3“ +À|Ý"TC÷“ÇÎÂqÒS³Gì͊jÙ0‡0_amò% +œ|ɧÐ%adi‚*HßƃVõÝÏs(•¬À͗Æá1°{1ŠIŠ0ˆ¬^"³uIZkG›öCGjÚ8œþ“h™ZŽŠ¯žˆŒÒJ;“$“ +7VÄ1 UÙ2g[”˜‹’©°Žˆ@¶NçÏLµ§õ䲫õŠÙÕå±ÿw1»¢€R¹ÖŠ«æò +ìl] +è!ðqQ”@ÓZWñ€ÍQ(Ò9¿ð£¥ÂxM +e©tA^biî+²Ãðš–XB +ÔpêÞßIgÈ© >Â1*1ÕŠ +º3¥'wé‘—ž‰øØï0„hç 麡:• +Ñ©îŒ&ÞüÈ +pÝ]Ôi3Ý»;ç÷ҋ¡ò+KïŽçÑÂâ²Áы@˜Ð¬ÖЭª$>ÑÝŒ·ÄäB-2†ÎÌóu¢¢)ãµnMÆ (3&ô@z'Žƒ³ô¶Å*¶­ü$Ÿ;\`ÃàtÎö¯\JæŸÅì$”ŸÅ’#ç39‹Ç™²x%:)^ÒìmÁIÞœIæâ+&ïm€Þ+!n‰,2ñ +ƒÌÕŽ$|؟<—þGöTÕ-]¶y‹ÝKÑÿ’?Ïún³¹ýtœy;Õ“ýcï£Â†Á°Ú1eVÐ÷š\ÆVµl>Ðhàª:ŠpÇ +ì±ÍBo럞R¯xñyUÅþõow7ïŠ9^‹‘Ï«åjn]w P)Ñeè. +û͏«"õ¯ï6·?¿çµ}Ž|ëTž;¬VEûÙ7ŽÙXà€{Ž~› +γ7/:á”û߀ÿù÷ÍÝ͗÷ªœ† +µ°ï{­à“ +DÇê÷'&º£>æOŠþÄÞº„µÒ>iËbqäv{ñ70xsÅ +endstream +endobj +3939 0 obj << +/Type /Page +/Contents 3940 0 R +/Resources 3938 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3937 0 R +>> endobj +3941 0 obj << +/D [3939 0 R /XYZ 71.731 729.265 null] +>> endobj +3942 0 obj << +/D [3939 0 R /XYZ 71.731 741.22 null] +>> endobj +3943 0 obj << +/D [3939 0 R /XYZ 71.731 718.306 null] +>> endobj +3944 0 obj << +/D [3939 0 R /XYZ 203.307 708.344 null] +>> endobj +1121 0 obj << +/D [3939 0 R /XYZ 71.731 691.99 null] +>> endobj +470 0 obj << +/D [3939 0 R /XYZ 345.522 648.893 null] +>> endobj +3945 0 obj << +/D [3939 0 R /XYZ 71.731 625.137 null] +>> endobj +3946 0 obj << +/D [3939 0 R /XYZ 71.731 625.137 null] +>> endobj +3947 0 obj << +/D [3939 0 R /XYZ 425.094 616.016 null] +>> endobj +3948 0 obj << +/D [3939 0 R /XYZ 205.508 603.064 null] +>> endobj +3949 0 obj << +/D [3939 0 R /XYZ 71.731 580.982 null] +>> endobj +3950 0 obj << +/D [3939 0 R /XYZ 71.731 535.154 null] +>> endobj +3951 0 obj << +/D [3939 0 R /XYZ 71.731 522.203 null] +>> endobj +3952 0 obj << +/D [3939 0 R /XYZ 71.731 507.259 null] +>> endobj +3953 0 obj << +/D [3939 0 R /XYZ 71.731 496.365 null] +>> endobj +3954 0 obj << +/D [3939 0 R /XYZ 139.477 478.531 null] +>> endobj +3955 0 obj << +/D [3939 0 R /XYZ 71.731 466.412 null] +>> endobj +3956 0 obj << +/D [3939 0 R /XYZ 71.731 455.518 null] +>> endobj +3957 0 obj << +/D [3939 0 R /XYZ 139.477 437.685 null] +>> endobj +3958 0 obj << +/D [3939 0 R /XYZ 71.731 412.614 null] +>> endobj +3959 0 obj << +/D [3939 0 R /XYZ 71.731 401.72 null] +>> endobj +3960 0 obj << +/D [3939 0 R /XYZ 139.477 383.886 null] +>> endobj +3961 0 obj << +/D [3939 0 R /XYZ 71.731 373.824 null] +>> endobj +3962 0 obj << +/D [3939 0 R /XYZ 71.731 358.816 null] +>> endobj +3963 0 obj << +/D [3939 0 R /XYZ 139.477 343.04 null] +>> endobj +3964 0 obj << +/D [3939 0 R /XYZ 71.731 330.92 null] +>> endobj +3965 0 obj << +/D [3939 0 R /XYZ 71.731 320.026 null] +>> endobj +3966 0 obj << +/D [3939 0 R /XYZ 139.477 302.193 null] +>> endobj +3967 0 obj << +/D [3939 0 R /XYZ 71.731 292.131 null] +>> endobj +3968 0 obj << +/D [3939 0 R /XYZ 71.731 279.179 null] +>> endobj +3969 0 obj << +/D [3939 0 R /XYZ 139.477 261.346 null] +>> endobj +3970 0 obj << +/D [3939 0 R /XYZ 71.731 249.226 null] +>> endobj +3971 0 obj << +/D [3939 0 R /XYZ 71.731 238.332 null] +>> endobj +3972 0 obj << +/D [3939 0 R /XYZ 139.477 220.499 null] +>> endobj +3973 0 obj << +/D [3939 0 R /XYZ 71.731 210.437 null] +>> endobj +3974 0 obj << +/D [3939 0 R /XYZ 71.731 197.585 null] +>> endobj +3975 0 obj << +/D [3939 0 R /XYZ 139.477 179.652 null] +>> endobj +3976 0 obj << +/D [3939 0 R /XYZ 71.731 167.533 null] +>> endobj +3977 0 obj << +/D [3939 0 R /XYZ 71.731 156.639 null] +>> endobj +3978 0 obj << +/D [3939 0 R /XYZ 139.477 138.805 null] +>> endobj +3938 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F38 956 0 R /F25 852 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +3982 0 obj << +/Length 1841 +/Filter /FlateDecode +>> +stream +xÚµZ[oÛ6~ϯÐÂÚ@͐¢$J6 ËÒµC»nˆŽÅÀÈtLLO’›e¿~‡âŒ£zv¥>Y‘Èï\ŸÃÃCž`ïÞÃÞÏ?./®^Qê%(‰üÈ[®=$G±ÇšâÐ÷–+ïÃìz÷šæ +?ijéßë²øˆ±¿«dq¯_=î2ñ\?6¡²rNðÌ +šEõp>-¹ÀFO:òŸŸ Dð ÇZå›w7Þüq}sóÓÍOœéö×#€á‡Þ‚0”€EíŽ_K-6uÍïBqˆº7V4>6<ßÂk¢_mx­î„(ôS%R!ç~8û<'áL¬ôÛuUæÖŠ™Ec>—Æc\ÿ¬„òWagóŒÜÙ¡åz¯2LZ%!ц(Wb­<Éw™™dÔ]ñÇyΌßËm#K£õ­h®[}–sÎú­Ìe£ +E­ +õ™âš1-ꕲÐj.xºéö„\ހ÷ÌØœÍÚÃÜwŒhŽl +·M¿g²nÄÊtc!ÍG^™ÑuY5֗w{ÿ}a^³áMϵ&¶7|îc£‘ +Y”Vý4ÝU••¡8xÍ>Nœ&n‚U܈iÝi1ošŸÛ²®å]fšõV€rmù¶uðA8)Eä^ +G†Š. +ž| +-À6.ÚIY&&kX»N îô·UÝšâŪ +óÒE±wB××Ë9ƒ=«òŸ;ëMžƒËaöÕ«{1d†(P™àBSó¢M“gzh/‰1 +HlG> +P;šÖÚ/a +±$Ùc9<õ €L'v]–Í© +š$£èo:+$ä ç²v +û1Ea +ösFVŠÜ-Y +еâMK²[SV +†‘@C +P‚¢$°j+äN"««LÞ]©ü5`.ñÁ‰4:°·¢—Êœ&k¥ûö +cf?èÖ~^:s`åUòN-å];[û% +Q@û1žåé_n/EšíV6›•`íR„=!ëÅv=èØnØIAb”`HÃD¢6cœA +Y{DXØÏ<ÎGë2ƒÍ‚ëÁmؕ€µ˜Š|Ÿ&d–õ×c™ä +A€Ìíçª-[7ˋ¿/”S°G<»LÞ EAä¥ùŇOØ[Á7Ȉ&±÷ÐŽÌœO +çÌ»œøý`0X +A#JŽ‚ÀpHA`0Ú* öÉn@ƒš§Q +jGÿŠ\¹)³•©pz^  +0Ô%SH§Pù>éK¿•÷ +Tšò"OAeJ¯Pà) +ƒ6ŽËÑ -™1Œ`Á¹î<ÈNšÌ [i­;/—G8œ@šå°'ôZ•¶xҵ̗y<[‰ +ƒAŸÇãX–Lj¡ˆúÓðÈ0ŠL¶¿Œ=Bã2 + +™· +¯šÝö4ÏÖa€ÀŽcœÀâX–ÅÐG~œLÃ"ìÝ>3ç¿Ë·Ghœ@š£±+Ԟšúg™ŒÛê+-‹B×*Ç>[»n'#ù +‰ÑÒK#ГMC/ +wԔ(—ïÐ;PGoWèû­=î‰¬1y¶", +ÆnœcAZ.ÁœžhãTW5‰Ý8_ +ár¡ŽË®Ðå<†Úðì ¡î˜›Úk}¶– +F€Çî¬cAZ¢áØìGí¬8AŸ=_^Ÿ;BôB +Ñ]¡ïø?2ßå–Õ|—5Œå®>k%Ÿ­Ý7€Áñã>d€ +FT’,üæ‡>}7t꩏F> +TÉ8?Q + +X'9÷Q8Ìû!;ãÜ7 +t»"zÒO=÷¯À€£‘•Èh–LJPâG“d5Ja +1 +çòõ'ê8ì +}]ښR]~ +É\çk0àÀ`þÈd4HK"‰PÓiHTŠ±N}Su$v +º†Ã1þÎ>àzÀ q0’¿± -˜ ? Óð‡Á¥'ÜœL!ÓÑב9|ØëõŽŽñz¶V”F +ã¿Äî3ÝKíŒy>ƒ³«-(äö +Ÿ†âîPxô]#ã%xÅ³Lªf±êUfúųËgú¡-&àWððzùî­~*wÍv×èç\MÖ]øëΌ +º¥5Ñ65ÔuÝÿšŸ¹•d~õjf8áë9U·ûdŠ*" Žœíª·°¡›ׁҺmª^8'ØmؖB +ØôNÀuö\¶žZD +Nm‘·`‘ ѳàD‰4øõŠR”e3tÙÏP +ñÚëÓŸ¬û¡ª£Žª]ë4ÂÏ÷yÛyäOºŽéŠ*m +S6µÈ +$_»ŠÝœÓr(YÈFòLþËUÉmd Žªú}Ù]íªOëŃwZæ¹ÃÍd!zíì}§*Š\ÓÕ1GÞñzóF:Ãü6>•æ‹ãÙb¡þ^ω°§ª# æ(¢bׄ¹ÒWòÉ¿-tÿmÂO`qCuµ`sÇœ8þøgä +endstream +endobj +3981 0 obj << +/Type /Page +/Contents 3982 0 R +/Resources 3980 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3937 0 R +/Annots [ 3979 0 R ] +>> endobj +3979 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [394.18 569.699 443.216 580.603] +/Subtype /Link +/A << /S /GoTo /D (0:PATHS) >> +>> endobj +3983 0 obj << +/D [3981 0 R /XYZ 71.731 729.265 null] +>> endobj +3984 0 obj << +/D [3981 0 R /XYZ 71.731 741.22 null] +>> endobj +3985 0 obj << +/D [3981 0 R /XYZ 71.731 718.306 null] +>> endobj +3986 0 obj << +/D [3981 0 R /XYZ 71.731 707.163 null] +>> endobj +3987 0 obj << +/D [3981 0 R /XYZ 139.477 690.411 null] +>> endobj +3988 0 obj << +/D [3981 0 R /XYZ 71.731 609.549 null] +>> endobj +3989 0 obj << +/D [3981 0 R /XYZ 225.663 585.803 null] +>> endobj +3990 0 obj << +/D [3981 0 R /XYZ 279.062 585.803 null] +>> endobj +3991 0 obj << +/D [3981 0 R /XYZ 354.718 585.803 null] +>> endobj +3992 0 obj << +/D [3981 0 R /XYZ 251.246 572.852 null] +>> endobj +3993 0 obj << +/D [3981 0 R /XYZ 257.523 559.9 null] +>> endobj +3994 0 obj << +/D [3981 0 R /XYZ 325.308 559.9 null] +>> endobj +3995 0 obj << +/D [3981 0 R /XYZ 71.731 537.818 null] +>> endobj +3996 0 obj << +/D [3981 0 R /XYZ 71.731 524.867 null] +>> endobj +3997 0 obj << +/D [3981 0 R /XYZ 71.731 513.659 null] +>> endobj +3998 0 obj << +/D [3981 0 R /XYZ 71.731 513.659 null] +>> endobj +3999 0 obj << +/D [3981 0 R /XYZ 71.731 385.938 null] +>> endobj +4000 0 obj << +/D [3981 0 R /XYZ 71.731 373.819 null] +>> endobj +4001 0 obj << +/D [3981 0 R /XYZ 71.731 362.611 null] +>> endobj +4002 0 obj << +/D [3981 0 R /XYZ 71.731 362.611 null] +>> endobj +4003 0 obj << +/D [3981 0 R /XYZ 71.731 300.842 null] +>> endobj +4004 0 obj << +/D [3981 0 R /XYZ 71.731 280.917 null] +>> endobj +1122 0 obj << +/D [3981 0 R /XYZ 71.731 232.698 null] +>> endobj +474 0 obj << +/D [3981 0 R /XYZ 161.302 187.444 null] +>> endobj +4005 0 obj << +/D [3981 0 R /XYZ 71.731 167.303 null] +>> endobj +4006 0 obj << +/D [3981 0 R /XYZ 200.478 154.567 null] +>> endobj +4007 0 obj << +/D [3981 0 R /XYZ 71.731 129.496 null] +>> endobj +4008 0 obj << +/D [3981 0 R /XYZ 71.731 129.496 null] +>> endobj +4009 0 obj << +/D [3981 0 R /XYZ 143.761 119.997 null] +>> endobj +4010 0 obj << +/D [3981 0 R /XYZ 216.389 119.997 null] +>> endobj +3980 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R /F25 852 0 R /F48 1258 0 R /F51 1265 0 R /F60 1440 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4013 0 obj << +/Length 1653 +/Filter /FlateDecode +>> +stream +xÚÍXKÛ6Ÿï¯ð¡@l`Í%%Qœ$» ¶hŠ"ñ-Ɂ–鵺’š’ÒîúßwødÊr +( +ôbÑÒh^œùŸ¡ðâaï¯Þl®nÞ +á"CY +ċÍ~FÂqºHÂ¥4Xlv‹ÏË·ÖŽ\®ÖÅËÙë[QÁ8xèdQ?Ø[Ç®ä×vÙ +ž]”bEðÒ (.Ÿ@Ï×ÍoWعöɉýudˆ’¢8µg{{ŽWÉÿîžjÃEë®õÄz>8ÉÚBž§úNÉ_k7nÞQŒHÁz +iëÌ“Ìšýü¡PùW'G|9r4¶rŸxûö +ho +ù«µZ +g‰!Ÿ0·ŒtÃڃò#wRkù$±²÷Îe!w}þ[a¯ä +“.Î}Ÿ¡1rã]ÿŊrº/{QÂÖtùLOéT‰ÜNíuêÓoG骚‹ª«f"¥Èt•·ùMÔzÞýûŽi]Rt͜*Œ2œsŠ>™ +<åJ·äC‹Œd +€èyq)Æz·sái7tu# +[E¥aûnyH‚" +?Ï# Ü£v’ƒ¿yS²|@ȑN?œPÔÔÇ~ÓÁ}Ø՗ë‰gÕ8z=ë߃šx?±}²ï‡ì^³1Nð̈́ãQ|.€6rNìOSÈ+µx,µ|,5·™þ™j²_·|š;‡œ x<éª!ÏE› +i÷3 +”Ñä{5INU +„êYž*`¿ˆü\ykU—<óO¿sê ‹ Š0ñ÷Rë•\‰òé’fs*I*fý@t.ì8B”þœ¶FŠVä¢T— +ÔMgAM’¬ +ˆî{?YIÎZîMšêX•Eý8ãb¢ +ðäF;©+_æs +žâJç +9ç·o+&„¢(NNO_µžö?Õ<ý€; +ØG +§³~Ot5š 0ü:1¯±þːèÌ`l©nt€9˜êÍ¥ù +ϙ=mzž`ƒsýÊöÃ/3ÜtÍx.:?!Lç +~ºÊ=vS6 @Yl%ŒšÏ²sÈ1Ë́ÛSÎ +ú9Ý_ßØnbšþ˜ÑöäÐ3±®wn4‘çTg +ŒÏ‡C)Ö +D#ëUšyoÜm®þŸHg +endstream +endobj +4012 0 obj << +/Type /Page +/Contents 4013 0 R +/Resources 4011 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3937 0 R +>> endobj +4014 0 obj << +/D [4012 0 R /XYZ 71.731 729.265 null] +>> endobj +4015 0 obj << +/D [4012 0 R /XYZ 71.731 741.22 null] +>> endobj +4016 0 obj << +/D [4012 0 R /XYZ 71.731 718.306 null] +>> endobj +4017 0 obj << +/D [4012 0 R /XYZ 71.731 654.05 null] +>> endobj +4018 0 obj << +/D [4012 0 R /XYZ 71.731 640.035 null] +>> endobj +4019 0 obj << +/D [4012 0 R /XYZ 71.731 625.091 null] +>> endobj +4020 0 obj << +/D [4012 0 R /XYZ 183.331 615.592 null] +>> endobj +4021 0 obj << +/D [4012 0 R /XYZ 426.191 615.592 null] +>> endobj +4022 0 obj << +/D [4012 0 R /XYZ 71.731 566.077 null] +>> endobj +4023 0 obj << +/D [4012 0 R /XYZ 71.731 566.077 null] +>> endobj +4024 0 obj << +/D [4012 0 R /XYZ 71.731 556.115 null] +>> endobj +4025 0 obj << +/D [4012 0 R /XYZ 137.484 523.238 null] +>> endobj +4026 0 obj << +/D [4012 0 R /XYZ 316.96 523.238 null] +>> endobj +4027 0 obj << +/D [4012 0 R /XYZ 320.835 510.286 null] +>> endobj +4028 0 obj << +/D [4012 0 R /XYZ 71.731 482.227 null] +>> endobj +4029 0 obj << +/D [4012 0 R /XYZ 137.484 466.451 null] +>> endobj +4030 0 obj << +/D [4012 0 R /XYZ 71.731 459.686 null] +>> endobj +4031 0 obj << +/D [4012 0 R /XYZ 71.731 459.686 null] +>> endobj +4032 0 obj << +/D [4012 0 R /XYZ 161.694 449.813 null] +>> endobj +4033 0 obj << +/D [4012 0 R /XYZ 229.479 449.813 null] +>> endobj +4034 0 obj << +/D [4012 0 R /XYZ 71.731 448.752 null] +>> endobj +4035 0 obj << +/D [4012 0 R /XYZ 161.694 438.157 null] +>> endobj +4036 0 obj << +/D [4012 0 R /XYZ 229.479 438.157 null] +>> endobj +4037 0 obj << +/D [4012 0 R /XYZ 71.731 437.096 null] +>> endobj +4038 0 obj << +/D [4012 0 R /XYZ 161.694 426.501 null] +>> endobj +4039 0 obj << +/D [4012 0 R /XYZ 71.731 425.44 null] +>> endobj +4040 0 obj << +/D [4012 0 R /XYZ 137.484 408.568 null] +>> endobj +4041 0 obj << +/D [4012 0 R /XYZ 212.482 408.568 null] +>> endobj +4042 0 obj << +/D [4012 0 R /XYZ 71.731 406.411 null] +>> endobj +4043 0 obj << +/D [4012 0 R /XYZ 137.484 390.635 null] +>> endobj +4044 0 obj << +/D [4012 0 R /XYZ 373.278 390.635 null] +>> endobj +4045 0 obj << +/D [4012 0 R /XYZ 71.731 368.553 null] +>> endobj +4046 0 obj << +/D [4012 0 R /XYZ 251.665 357.758 null] +>> endobj +4047 0 obj << +/D [4012 0 R /XYZ 310.445 357.758 null] +>> endobj +4048 0 obj << +/D [4012 0 R /XYZ 71.731 323.098 null] +>> endobj +4049 0 obj << +/D [4012 0 R /XYZ 192.836 311.93 null] +>> endobj +4050 0 obj << +/D [4012 0 R /XYZ 251.616 311.93 null] +>> endobj +4051 0 obj << +/D [4012 0 R /XYZ 137.484 298.979 null] +>> endobj +4052 0 obj << +/D [4012 0 R /XYZ 189.937 286.027 null] +>> endobj +4053 0 obj << +/D [4012 0 R /XYZ 71.731 263.945 null] +>> endobj +4054 0 obj << +/D [4012 0 R /XYZ 245.11 253.151 null] +>> endobj +4055 0 obj << +/D [4012 0 R /XYZ 341.548 253.151 null] +>> endobj +4056 0 obj << +/D [4012 0 R /XYZ 394.948 253.151 null] +>> endobj +4057 0 obj << +/D [4012 0 R /XYZ 137.484 240.199 null] +>> endobj +4058 0 obj << +/D [4012 0 R /XYZ 223.163 240.199 null] +>> endobj +4059 0 obj << +/D [4012 0 R /XYZ 292.702 240.199 null] +>> endobj +4060 0 obj << +/D [4012 0 R /XYZ 124.533 226.003 null] +>> endobj +4061 0 obj << +/D [4012 0 R /XYZ 137.484 208.07 null] +>> endobj +4062 0 obj << +/D [4012 0 R /XYZ 207.491 208.07 null] +>> endobj +4063 0 obj << +/D [4012 0 R /XYZ 279.401 208.07 null] +>> endobj +4064 0 obj << +/D [4012 0 R /XYZ 71.731 157.26 null] +>> endobj +4065 0 obj << +/D [4012 0 R /XYZ 155.237 144.309 null] +>> endobj +4066 0 obj << +/D [4012 0 R /XYZ 71.731 129.201 null] +>> endobj +4011 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R /F51 1265 0 R /F60 1440 0 R /F25 852 0 R /F48 1258 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4069 0 obj << +/Length 1585 +/Filter /FlateDecode +>> +stream +xÚµXKÛ6Ÿï¯ð¡ÀÚÀŠ&%Q=€i’¶h +HŒEÓ-qmveÑå5üï;‡zØJÚK/kR$çùñ›áÒÅnAoï~ØÜ­ßDÑ"'y&‹Íã"ŠsB“l‘F!ÉxžØ”‹?—¯öâØÊf„œ.â~_éú +¥áîÔšzç>]N•|pÃv/Ý Ò+F—žÁÈæäüµù厢 ë7!_d ?‰­þ €9á9ƒAL8͜u|aO­ßÄÙh3ƒa˜˜nÓϏ $͖—UH—úä&¢‘np2ÎLš‹©4Ža°ƒ +‡™£µ”% +qº9Ý4ÉÓNwšå^y)Ÿ×V譑QB¢Œû}FVǓý#['^Õî×Å +ÅŸÑÿª"nøN—. Ëzâè„p +)‰iž# O6UOˆVéÚžsgUUèYeó×çÿ[í~÷Â~}^ŽO ~Q–ÊŠ(mιQÜÿôá êòE֔„ $¢E-HÌ#çÀV˜ýwž¶ + aqÒµ‹$+¡t`¶ºHn÷Ç)É£Øï_»—ª™ +þÒ°ß:I쪌Ej9HøUžŸ·µœB§o£vµeÑß?»Ú¥wÅC®ÇxvKö |žz¥ +>®"žËnŠ;[Óåîž»k<ôm‚»[ûð14ã.~IJRHbFÌܝ„ŒR„û'iÚF(F +4=~Û=^_µ=7âè&_(§mûù×|3°Àœq +€" +i,Õ¥hùK㘪ó›[؃Ùˆ®ûÀpÀÃÀwnT\Þ⇭ÍÁIU¥›¢Å–OÇ£nZ7yÔHªèÊUD"ÉþŸŠa*[ƒb[1Ɩ²–q¿âà²mçµÕãŒ6]jà.±äžÅAG#% +ÊÞ¬2ðӍe-¶Þ—v¯ +r2r sÀl@f$Éûk8Fd¶”s K˜ß¯Žžm\„€ÊrÞSfØè]ˆl6 Ý·’9 +n-ANä I³3œžµ? „x=ƉqÔ +žƒY;»G_ç}È+ÄœÑÇF‰Vú¶6ؘÑú*Ž]-ñô&PëXïðZ¶Åz¯MkˆåçóŒ»YFx’úÀ¥kÝÌ" &š +S Œä—²ŸÌ‰‡™õ|e“ZYØÌp`ԗDê„`|ßëVÎq`È¡>±or ƒÛ@.WÊž%ýômrF[ +‘(ŽæÆù$ò$gé€4{¬E• +TmZP‹ƒüþýËw¯çx%dðé¡7 +9q2aá­ô<ډJvP2̘§Q +¥@Ÿ»·êï|ñ-œ + +ëþ÷Œí\!ï +J€/î}Èœ®ŸH—B +úŽÁa–ÿ¯º":u` +ɓŠ +ꟊd/ØR +gnȀà©XN†í`K +ó•®&”"W‰x_ˆ¢Ï².Gå±ë]Ì4Œ]ßS)žóæ?šŸ‘_2ÄHœ ]ÜŽÖž~ÔÆš›µo€k¬,#{Fë +³åÁ¥BLš|ŽÇK홪W\)ÓzJÔSúê+ +sŸÔ²Å^âÉíë*ñœ + +@T„ +‚u±Q¶¹|Và%€h'¯œ‚ +ò€ñjýª0OÞAá£qñŒ^êúÞV!Tљ'Œâڂ±3•Ó]ÛE¿<®(?ikþYvNž~Á–m_̯ýo “ŒâÙÇ+?Ï}µ·Af¬eÑ^E±”•[8>}€'vŸéõ@3ÁøfG„ž»ê +„r§¯4VŸãºÂÍÚŸÇ&C™mu¡« Uì}‘-ªSéÑ#|`ÛYoºÇF¥ŽáëÛå8Õ +lаS +ï0Ój¶—YËý;ùÔ40ó[ +Ž•<À¯Nøú5}‡Ã³1 +z O¯ý`ûœ—?ÎÑ +®ë_¢ï®¢D)<ló3N^#+-ÊksûJÚ¿"k·v1 MÚ?€>oì +ûðqÆ(ûB؃°•ÍAÕ}t1÷¢ˆ- +‡ÓKöÕ!mŽà|=ßW[ð^«¥)׈ª{#8aþ„GÚ +`=ô\Q· ³Yõ ÞÕÚ#Ŝ›3wÈCŒ\ý+d + +ü¥|ä‰üƒ8§“#¯7wÿ,©¢Y +endstream +endobj +4068 0 obj << +/Type /Page +/Contents 4069 0 R +/Resources 4067 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3937 0 R +>> endobj +4070 0 obj << +/D [4068 0 R /XYZ 71.731 729.265 null] +>> endobj +4071 0 obj << +/D [4068 0 R /XYZ 71.731 718.306 null] +>> endobj +4072 0 obj << +/D [4068 0 R /XYZ 330.494 708.344 null] +>> endobj +4073 0 obj << +/D [4068 0 R /XYZ 495.814 708.344 null] +>> endobj +4074 0 obj << +/D [4068 0 R /XYZ 161.265 676.234 null] +>> endobj +4075 0 obj << +/D [4068 0 R /XYZ 213.557 676.234 null] +>> endobj +4076 0 obj << +/D [4068 0 R /XYZ 76.712 654.615 null] +>> endobj +4077 0 obj << +/D [4068 0 R /XYZ 71.731 634.69 null] +>> endobj +4078 0 obj << +/D [4068 0 R /XYZ 473.604 623.034 null] +>> endobj +1123 0 obj << +/D [4068 0 R /XYZ 71.731 583.482 null] +>> endobj +478 0 obj << +/D [4068 0 R /XYZ 468.524 538.228 null] +>> endobj +4079 0 obj << +/D [4068 0 R /XYZ 71.731 514.739 null] +>> endobj +4080 0 obj << +/D [4068 0 R /XYZ 200.478 505.351 null] +>> endobj +4081 0 obj << +/D [4068 0 R /XYZ 337.802 505.351 null] +>> endobj +4082 0 obj << +/D [4068 0 R /XYZ 248.248 492.4 null] +>> endobj +4083 0 obj << +/D [4068 0 R /XYZ 318.364 492.4 null] +>> endobj +4084 0 obj << +/D [4068 0 R /XYZ 71.731 470.317 null] +>> endobj +4085 0 obj << +/D [4068 0 R /XYZ 242.4 459.523 null] +>> endobj +4086 0 obj << +/D [4068 0 R /XYZ 384.067 459.523 null] +>> endobj +4087 0 obj << +/D [4068 0 R /XYZ 119.552 446.571 null] +>> endobj +4088 0 obj << +/D [4068 0 R /XYZ 71.731 445.191 null] +>> endobj +4089 0 obj << +/D [4068 0 R /XYZ 71.731 430.247 null] +>> endobj +4090 0 obj << +/D [4068 0 R /XYZ 221.025 419.971 null] +>> endobj +4091 0 obj << +/D [4068 0 R /XYZ 291.285 419.971 null] +>> endobj +4092 0 obj << +/D [4068 0 R /XYZ 432.221 419.971 null] +>> endobj +4093 0 obj << +/D [4068 0 R /XYZ 139.477 396.659 null] +>> endobj +4094 0 obj << +/D [4068 0 R /XYZ 247.351 396.659 null] +>> endobj +1124 0 obj << +/D [4068 0 R /XYZ 71.731 368.763 null] +>> endobj +482 0 obj << +/D [4068 0 R /XYZ 358.399 323.509 null] +>> endobj +4095 0 obj << +/D [4068 0 R /XYZ 71.731 299.753 null] +>> endobj +4096 0 obj << +/D [4068 0 R /XYZ 71.731 243.021 null] +>> endobj +4097 0 obj << +/D [4068 0 R /XYZ 456.007 205.95 null] +>> endobj +4098 0 obj << +/D [4068 0 R /XYZ 236.592 192.998 null] +>> endobj +4099 0 obj << +/D [4068 0 R /XYZ 71.731 170.916 null] +>> endobj +4100 0 obj << +/D [4068 0 R /XYZ 71.731 147.071 null] +>> endobj +4067 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F48 1258 0 R /F50 1263 0 R /F51 1265 0 R /F60 1440 0 R /F31 858 0 R /F38 956 0 R /F55 1386 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4103 0 obj << +/Length 1728 +/Filter /FlateDecode +>> +stream +xڝX[oÛ6~ϯð[mÀf%Y’¥ÖuëÐ[$}j‹‘h›ˆ,j"•Ôûõ;o"­dé^Y&Ïõ;ß9ÇÑⰈ¿]ý|wõöÃv»(Q™'ùân¿ØŠ%Šòb±Û&šÈ’Å]œøŒ|ĝ ýj“dÑ2Gêÿ{Ö~‰¢ä0ôŽ=šWç¡!kõ(ŽD=4lGK}€“þä|œûý*Ò&Œýd‹8EÛ4O€›$)Qçð¡(Ž•9ŠcKÍ»4ŸN«$Z-­°PÚáõGõ€”×Fƒz­|'ŸF‹ôr·S:Þqe$Û«ÿ«8[’žSÖª1*PŽv®ª§ +·Æ¹¶VOXvbóN0ÿ»†’VšgªÚ³OGÒ>{ºbmK*Á}±5iè*ɌÑæ68-݌Tf:”'Â9>˜<t@ž*Aá€À§N}ԧՇ/Q)SŽvÜëoZŠ­k(€µˆ0¡³ph‰x’€`ýÃ:ðZ +OýРdmsVî‰M€0Q9P©Ã 15£RàíO€cãEÔ=ß©¶Š'™Dº†˜.µ}#œreßõÞšzNý²Š™j ©ƒŒ>ŽLªy2ÆÑêè²à #¥œ¥/`N"Sgù¢BöÌ䍊Ĭ +‚Eöm.ü5;ajÏª™T¢¥ +‰) ©C71<Ç'ýTSˆ­`œÎ*æÁɛ¿9QÒøñÅu7œ8R> +Úƒí¥•ž"³u1páã©'P +DK 2Ôߺ†VTƒœl±nĔâ›bÂ7q£<ËAñšð–ˆOœÜÚØýš®äÑ¢€+y*¯ä Êv™¹q&|†Æâåå֜™ +òç?(¯Ÿ0TÒ>‡ÛMZÊ$ +ØМîp +–ƒ;éþ€f$ +V¢ñKâÞцԯ¬Å°ÄëDt=“_<Қð9fÝ4ŽÍ¥ŸlŸ« +Ê:„Š>K*Ϋ<[j`A~æò˜&h—&6+ÓlŽ3‚óQnÏCõ©³GÒtH +z`\€šˆ #i„òž˜ôÀD÷Àw«-ÔÄ°^ +Ýüß-pd‡€Ú5_JG2vvÁžËqf£ûQ“ºŽõ¶ÎîÏÁåëÛõ +"‹@“ÁšÍCÁHë0çŽ0} 'µ”ˆ› ù;ËnëˆÅ)û ËRt£>„yG*P«áG°LÀ #ójßF®aag +—=i©*×ÓÑ.KQY.éWÛÝŽö—QùL{‰•]Š +ˆ/âôŠ€Ô„ +. +Ü +f2äU¡Ç'×î # +Å04FPD>£caz&vŽyÍ ++}^š©ùx‹bàdÇݎžß5jÈ}úDë9/vh[Ææê|pã%‘¯[ˆZMA +ðÁdÆQV7õŒ +Ý}˜"ŠûAñ.+}TyôiÅÈRÎ+žXʈ'9ÒϟLÔÉŽ˜œ„A>¬ÿcÕ1¹‚„~ + +EürÁá1«äôÿ ÿŒéƒwT_ST²Þ\*>w÷òà9r}+ß®õí@Ššf¥ +l +ï7Äçלä_¬lБT^nbÕäG_A +'Ïxžq9ûëjG`Ò~É¥|, +˜ÝԀ'­“C +q=׶‘\ +xèÕd#30ŸÙ¹‹ÊåJyÐ¥ +#ù.«º¬e{Š{®ÜÒd;Ê ä/Ž¬™±ŸOۚ˜°Øª®5šÌ·¿(Ølƒ±AšŠžéæh'&åÄá(øw8a³{94±Æ„Ú⍞,zq«ßÉúg­z2âÏ0˜žB«g€€eׯlÒÛ¹ÄÁðÍ-ýG­5o{";”-"l\hš !x¶1ŒE0Œ”ß±TÇÉÚ߄¥ÏvrwŒF÷Žùœ~~ÙÆ}xSå3ýÉP©]aí8bV}6ŒžˆŽ|öŽNï¹õëL”g³ +æf€b'ñ™&SlKs}Ô/uÏ +£Ù8ì{Æ-‡Ï™¹ +Å©æœ4GERø­·:ÂÖèéM>tš pïw¢m +h[5C +No~z£a€«arº|ïž_Ÿm +Â‘eÃqóÒy3éùÛÎ>;ÞÁî'·ªšªÈk6 7 +ß­ +‰ã™‘¶6k=[[ø»mº#«ôgSœÈ)®Ž8AÚ¥¿dÍÍ| J!·‘™ +¬Ëf +a—Û{®(išâ®q{Ø +a–­knÔïw0 +%j؈âï7nVéX;’ý&ê$• +ÛÄÜ07PÐýå0qq˜g°éÉ'©–- +6*è?°T¡àgÑàgÙ +¥;9Š¥;Tj—±wå×»«‰5¢ +endstream +endobj +4102 0 obj << +/Type /Page +/Contents 4103 0 R +/Resources 4101 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 3937 0 R +>> endobj +4104 0 obj << +/D [4102 0 R /XYZ 71.731 729.265 null] +>> endobj +486 0 obj << +/D [4102 0 R /XYZ 380.907 707.841 null] +>> endobj +4105 0 obj << +/D [4102 0 R /XYZ 71.731 684.724 null] +>> endobj +4106 0 obj << +/D [4102 0 R /XYZ 200.478 674.964 null] +>> endobj +4107 0 obj << +/D [4102 0 R /XYZ 71.731 626.979 null] +>> endobj +4108 0 obj << +/D [4102 0 R /XYZ 301.208 590.282 null] +>> endobj +4109 0 obj << +/D [4102 0 R /XYZ 363.783 590.282 null] +>> endobj +4110 0 obj << +/D [4102 0 R /XYZ 71.731 568.2 null] +>> endobj +4111 0 obj << +/D [4102 0 R /XYZ 211.127 557.405 null] +>> endobj +4112 0 obj << +/D [4102 0 R /XYZ 262.294 544.454 null] +>> endobj +4113 0 obj << +/D [4102 0 R /XYZ 71.731 541.051 null] +>> endobj +490 0 obj << +/D [4102 0 R /XYZ 357.638 503.836 null] +>> endobj +4114 0 obj << +/D [4102 0 R /XYZ 71.731 480.719 null] +>> endobj +4115 0 obj << +/D [4102 0 R /XYZ 173.957 445.056 null] +>> endobj +4116 0 obj << +/D [4102 0 R /XYZ 426.657 445.056 null] +>> endobj +4117 0 obj << +/D [4102 0 R /XYZ 232.716 432.105 null] +>> endobj +4118 0 obj << +/D [4102 0 R /XYZ 320.107 432.105 null] +>> endobj +4119 0 obj << +/D [4102 0 R /XYZ 71.731 417.37 null] +>> endobj +4120 0 obj << +/D [4102 0 R /XYZ 71.731 402.426 null] +>> endobj +4121 0 obj << +/D [4102 0 R /XYZ 71.731 308.07 null] +>> endobj +4122 0 obj << +/D [4102 0 R /XYZ 232.617 282.167 null] +>> endobj +4123 0 obj << +/D [4102 0 R /XYZ 320.456 282.167 null] +>> endobj +4124 0 obj << +/D [4102 0 R /XYZ 71.731 247.851 null] +>> endobj +4125 0 obj << +/D [4102 0 R /XYZ 294.335 236.339 null] +>> endobj +4126 0 obj << +/D [4102 0 R /XYZ 194.251 223.388 null] +>> endobj +4127 0 obj << +/D [4102 0 R /XYZ 71.731 221.231 null] +>> endobj +4128 0 obj << +/D [4102 0 R /XYZ 71.731 206.287 null] +>> endobj +1125 0 obj << +/D [4102 0 R /XYZ 71.731 158.929 null] +>> endobj +4101 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R /F48 1258 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4132 0 obj << +/Length 1850 +/Filter /FlateDecode +>> +stream +xڝXKsÛ6ŸûWèfqjÁ|SêL;“æÕtÆOl:I I˜KVÔ_ß±ŸIÓ +lär±ûíî· +º«ãÊ]œœúíñêöM¬vdûñêñ° + +qãí* |²üÕc¶úž~y¢UÃjgãGî:&ú÷¥(?¹®lk^ +õ­K›³œlNL/ráxî$«ŸAÏ_\¹hÂí?Zy ñœ(Tlü$!AšñÜP[ÏWû&ÛõÃEæâš×j¡Ž+ +@)øâ +| ²õœÕF¹’$Z‘2QÛòɍÜgNj֬–\”úŠG@ö'xäéë”⃜ˆáÚW¢nô*òÂÛ6«ÐuïŠÓ;ˆªÑ Âú|ê +#+*žCtˆ~ò%h–q%£/9Š÷fSÒ÷\-žõ +—é‚}ŸG¶žµOðÊ +×&H +!¢†9-“Dí]¢ÍuÇæôEŽÓˆHÖLÔ sŽœ]Hüxg,|`ÍÓ«{' ×/ÀT•ÅÏêûE¿»«-Œw5G$†JÀ7/L.øïÅÄw}#CŽç~7‰Æ%Ðg– +Z— ·ŒfrœÃu[ö¥­WŒƒ¯ÈT.ÄˋCÄÖ”ÚÈ +Ñ,Û +F(ˆ(‹oéöcŧw¯–2!"^b +jØKꍪv£ +2˜«¹8qdvî}<ó<׫¬XÖ5úšša«°ª¹ãGëg:`›£A’×P"êãƒo)TØË8m˜¹A–c÷ŒÌ,«šXÌèÝz×LŠR¶›æwÍ2àNsýÛHQ؂PÅ˲ +Ç +hŸ(Z[†BÁŒ +TêÒ6GKL~]+D¯ÝkG‰RVˆòzêëRìEv¹î‰™F&ö«R¬MÝ +ªWZG)>ìð[Ž +4 +_Új®- 7¬P€{þéxà©vÛ„Ò‹-£æ™Ýמ{†Êè^bÀߌpy—æ²TúIK[úO¯?,e|HŒØ¹®jtåœhæøÐô„™ +Þvœ:FŠ‘·kymÞµ–ÝúDU +kÿõSÞ54X•áçRË©4¹=Ö¢­nPI›žô +m!ŠèXU¹àŸY +"¥À[G]YƒÏP¹ +¥)“hFW)ð«Y[jŽ +äB2ì±öDÏiÚ}I4ΓáČaLÂÝÎÎ&™M”Eåð +Xm±‘ƒ[LÍòÈËwN,/ä8åg3‹3‹‹Å'X )ùÞКeu0 +/™%aûªûŸ[Ÿ[[¶Ez®;N; |›õs†0a1žÑ¥lŠ\÷îô&FŒ5ǬW¬bƒa@LSß +©²}Ú +ÍìxìÇ Ûì<{æòt3íf–úÕº=štQŒšš1°Ï4é ê¥bïÑRѐ6Gíqßéâ#çå +0ÕCÍTÓp£ÈšXÙÔþÜ6«¬ßï^šx‰Š¶å {DÔÈÓ6v6/#IâŠüXÒ>òfRu +C#KxXÔ3äOÝçº +5Ø¡Ç¢ê÷xûþI_ÜÝ÷›0}ñÊ€hU³”÷-"çûšÖ#2œôÍ÷)ôÛSÁž.e®Ñn +<˜ÁîáÃ=*ha#rÒîle9ÂÆÝ +M,1S)yµŒ¯œÆ™ñvi’oÍ hȱëB7ýl­f1ŒÜ«@æ°ñÁRCGY_=ßݏ_@«·Ö6É2ÍÛìëœÕÔÎ䙱‘&©aÔY{!ˆÒZöµ±w9ÎV»xN&ì'_Ko€ééáôçÉ +àí„ì×SŒ +[ +. Bœž>ù~4ïiŸ[™Ñ–—²±|ŽÛ–VÌ, +òÉŸ€0³ïÀ;ƒ#qڈarÜ­Ãó²U§æùøø +€0ÿ‚âxj +ž7ž +Ÿ0ʞ=ܙª›ùR~k{è(nð?¶}8TXäÕ6 +'šžãl”)èçîÆò™<ì1† +h +u:8HÎu‡!ŒØÁÚ+ӚWÍŒ“‰‚*"ÊMkÏX£>ÓéQ” ž|*š³ðˆñlr^~Æ[è éaŒ!Ó +}tÝzd«M?ÁHïüÑ+¯¯þ ­Ý +endstream +endobj +4131 0 obj << +/Type /Page +/Contents 4132 0 R +/Resources 4130 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4169 0 R +/Annots [ 4129 0 R ] +>> endobj +4129 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [118.555 428.324 165.379 438.854] +/Subtype /Link +/A << /S /GoTo /D (0:CLIENTS) >> +>> endobj +4133 0 obj << +/D [4131 0 R /XYZ 71.731 729.265 null] +>> endobj +494 0 obj << +/D [4131 0 R /XYZ 238.03 705.748 null] +>> endobj +4134 0 obj << +/D [4131 0 R /XYZ 71.731 681.992 null] +>> endobj +4135 0 obj << +/D [4131 0 R /XYZ 71.731 681.992 null] +>> endobj +4136 0 obj << +/D [4131 0 R /XYZ 204.055 659.92 null] +>> endobj +4137 0 obj << +/D [4131 0 R /XYZ 471.281 659.92 null] +>> endobj +4138 0 obj << +/D [4131 0 R /XYZ 313.821 646.968 null] +>> endobj +4139 0 obj << +/D [4131 0 R /XYZ 379.425 646.968 null] +>> endobj +4140 0 obj << +/D [4131 0 R /XYZ 71.731 624.886 null] +>> endobj +4141 0 obj << +/D [4131 0 R /XYZ 228.303 614.091 null] +>> endobj +4142 0 obj << +/D [4131 0 R /XYZ 283.914 614.091 null] +>> endobj +4143 0 obj << +/D [4131 0 R /XYZ 326.812 614.091 null] +>> endobj +4144 0 obj << +/D [4131 0 R /XYZ 425.073 614.091 null] +>> endobj +4145 0 obj << +/D [4131 0 R /XYZ 310.743 575.237 null] +>> endobj +4146 0 obj << +/D [4131 0 R /XYZ 386.707 575.237 null] +>> endobj +1126 0 obj << +/D [4131 0 R /XYZ 71.731 545.932 null] +>> endobj +498 0 obj << +/D [4131 0 R /XYZ 292.43 502.835 null] +>> endobj +4147 0 obj << +/D [4131 0 R /XYZ 71.731 479.346 null] +>> endobj +4148 0 obj << +/D [4131 0 R /XYZ 364.291 469.958 null] +>> endobj +4149 0 obj << +/D [4131 0 R /XYZ 327.928 444.055 null] +>> endobj +1127 0 obj << +/D [4131 0 R /XYZ 71.731 428.075 null] +>> endobj +502 0 obj << +/D [4131 0 R /XYZ 276.558 384.604 null] +>> endobj +4150 0 obj << +/D [4131 0 R /XYZ 71.731 360.848 null] +>> endobj +4151 0 obj << +/D [4131 0 R /XYZ 71.731 305.8 null] +>> endobj +4152 0 obj << +/D [4131 0 R /XYZ 200.279 279.996 null] +>> endobj +4153 0 obj << +/D [4131 0 R /XYZ 71.731 244.963 null] +>> endobj +4154 0 obj << +/D [4131 0 R /XYZ 221.369 234.168 null] +>> endobj +4155 0 obj << +/D [4131 0 R /XYZ 257.343 234.168 null] +>> endobj +4156 0 obj << +/D [4131 0 R /XYZ 268.691 221.217 null] +>> endobj +4157 0 obj << +/D [4131 0 R /XYZ 71.731 199.135 null] +>> endobj +4158 0 obj << +/D [4131 0 R /XYZ 71.731 166.258 null] +>> endobj +4159 0 obj << +/D [4131 0 R /XYZ 71.731 166.258 null] +>> endobj +4160 0 obj << +/D [4131 0 R /XYZ 71.731 165.013 null] +>> endobj +4161 0 obj << +/D [4131 0 R /XYZ 129.514 147.991 null] +>> endobj +4162 0 obj << +/D [4131 0 R /XYZ 156.363 147.991 null] +>> endobj +4163 0 obj << +/D [4131 0 R /XYZ 451.484 147.991 null] +>> endobj +4164 0 obj << +/D [4131 0 R /XYZ 215.551 135.04 null] +>> endobj +4165 0 obj << +/D [4131 0 R /XYZ 274.589 135.04 null] +>> endobj +4166 0 obj << +/D [4131 0 R /XYZ 344.716 135.04 null] +>> endobj +4167 0 obj << +/D [4131 0 R /XYZ 144.179 122.088 null] +>> endobj +4168 0 obj << +/D [4131 0 R /XYZ 71.731 119.932 null] +>> endobj +4130 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4172 0 obj << +/Length 1226 +/Filter /FlateDecode +>> +stream +xڝWKoã6ŸûW°èÅV\’zèÁ +ò*6Úx‹›=Ð2m‘)¯(%p}‡")KŽ“¹„cj†œùfæㄠ +"èzòÛbòù* +QŽó„%h±Fa”c’d( +Îb†+ômz±åûFÔ³€Ådš`»^Tꑶik©6vëЖâ“›­°BYÍ(™:-êg8çûâ÷ q.øü (ÅyJšñ#`,Ç1M@ˆpL2ëÈ#cñȺ³:zßIð¡Snµs»Ëån_º­'㔘Ñxz+»µåzk¥G“›ùÃM°žœŸü~QÔËVNçE–¥•Šj·oáïØ(ÞŽµÐîj·šã̱;¡5ߌvÂ\bßÊpJ7‚;«õ ¶7wóY™žívŽ®»l-¶RŸz®ùŒ‘é³qÀ +ØŒ—ª7®k¶µ§`Ùðy#+¥GPA-~Ž²ö ¯«z”“q=zžKòåbòcBá@‚(¢yŽY +¢$ÉpÈrTì&æCHŠQŽ(ÎóÕ­'œ³¢!XeÞÊjÇ1&PmΚë#á0‚*2ÍÀ(&q†hŠ + +l3Ìg™þu9Ÿå«qôóU”¡ +J/‰ºÒ¥4Á‹PR +g‡;þdÐ6ø¥ÙTCV:˜Ýªµ?lɂ`17Š|ç%ŽÓ8ìT)§`:44 eÐÚnrµ²BQJ¡+ÿôÞ(OqDÿNçÀ¥8 +ãwSÒ¡“L4"˜¥Šs܃ûíNêâ{_G'qb¿ü|~3H±°Á·ž‘ŸD×ÚFŽÕj€®þŒÐ7¢5ë»öíK ^œK‚‘&qݖh¬Ðt}f€e՜^ês`ä.1ÖÔsbqúNÈwó‹€þ×#Aœ&Ä!œ2+°i–€E—Š>[Y®Æ\j:Ÿ°òR*^Ž +Ôó®)â®=Âlp: +ˁÐÝùA _–"pGZƒ¡; ŒD$òúúE6ž„{6)ú·H +8ïáÔIÙÓrí\\ŸãÚ0‡n÷{èÚÕÀ÷euP|וü€$Õ])¹ +ÃáÝքG%ËPg8ýÈ|Sl¹Úˆ“7Ú<Dzô³šm_õØ÷ÜÉÄióÍ(PKó~Ør’ÿ +Ãúœ‚ó} +éƌ®˜Ž +ìD]H¯÷·»ƒˆŠ'?‘ œ> +zÄ9`öuµj +̀œîªÇ•;·6Eq€8ÃûgŠ5%|÷z«ùýí—ÇnŒF³³4 å‘&aŸìžáf4›Š341L“ŸÇuQËœcšm¥ª¶v±^ +ŠÅ¡3Gê³jW_ºÉìúÁS!<çfŠR¡PFåY֕ÚÙá"vãp­!uýªtFÿkdgQs ¡Ü‡#˜RþŒø0G +endstream +endobj +4171 0 obj << +/Type /Page +/Contents 4172 0 R +/Resources 4170 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4169 0 R +>> endobj +4173 0 obj << +/D [4171 0 R /XYZ 71.731 729.265 null] +>> endobj +4174 0 obj << +/D [4171 0 R /XYZ 129.514 708.344 null] +>> endobj +4175 0 obj << +/D [4171 0 R /XYZ 71.731 680.284 null] +>> endobj +4176 0 obj << +/D [4171 0 R /XYZ 204.234 629.789 null] +>> endobj +4177 0 obj << +/D [4171 0 R /XYZ 71.731 600.127 null] +>> endobj +4178 0 obj << +/D [4171 0 R /XYZ 71.731 524.456 null] +>> endobj +4179 0 obj << +/D [4171 0 R /XYZ 129.514 506.523 null] +>> endobj +4180 0 obj << +/D [4171 0 R /XYZ 244.422 506.523 null] +>> endobj +4181 0 obj << +/D [4171 0 R /XYZ 71.731 491.415 null] +>> endobj +4182 0 obj << +/D [4171 0 R /XYZ 71.731 476.471 null] +>> endobj +4183 0 obj << +/D [4171 0 R /XYZ 428.729 466.971 null] +>> endobj +4184 0 obj << +/D [4171 0 R /XYZ 124.533 414.468 null] +>> endobj +4185 0 obj << +/D [4171 0 R /XYZ 129.514 396.535 null] +>> endobj +4186 0 obj << +/D [4171 0 R /XYZ 71.731 394.379 null] +>> endobj +4187 0 obj << +/D [4171 0 R /XYZ 129.514 378.603 null] +>> endobj +4188 0 obj << +/D [4171 0 R /XYZ 259.277 365.651 null] +>> endobj +4170 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F25 852 0 R /F48 1258 0 R /F50 1263 0 R /F38 956 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4193 0 obj << +/Length 1487 +/Filter /FlateDecode +>> +stream +xÚ­WÛnã6}ÏWۇØ@ĈԜE +lÓì¥À±@±ÛF¢m"’šJrŒùûŋ.fšh +Bš"g†3gÎ +ýÕ~å¯Þ^øzüy{qý†D+â£8J£Õv·J0JŒJü‘ ^m‹Õ—ṍ6=k7 +IÒu‚ÔøNˆ‡NMw⯠+þ~û +¶ÖŽT¿îÚáÛŸ¥U·ùsûëõž¡,&±Ô&(%xå +¢ŽuŽ:P^ÃùÈ_7­ØàhýÈ +Ö©•Žm,ÈUÖj`ñ én0&LnQ”!ó_ýÈo™† +9ë:^ïÕ§þÀԄ + +Þ뵖òòJÍy—ð¶ÃÝÀ¥ +&(‹ôEÞ°No€jøý©ëY¥æŸÕP>º×jþ:²#3Gêba„hz.Žcz¡Æœ–åK÷EÊóhœ ‚£PºÞ3Ÿ#Dä’49AX‡÷NÿO#(Muêœö +מmžðŸdsK^šiÅôÕéëêñ2u'Jv©~*Üç5Š{Ö?I¯^¹ +Œ6ibülM/~õ}²?¶t/WÊÿhRˆR§I/à6Fa–܍[›a0ÿ¬†!Ãdô!©±Ì“auHµÿà*¹N1“#ëuŸ¿¿»y.ñG¯MftLº¶æ=+5ä*Ñê#¬ +’¿‰ bQd +’ÏԘQ&i\Á14òlF:±]3ƒKQSÀž8àYy=xDÂ8æy¬Šà_OûÈÜó£:û«ÎÅ°£,LÍÁŸ~¹uĔ„(&v“$Vé +/Hc”ÀŽYº[šZÒî¹ÑQŠ‚̪VŠþ&-} +à–€{”ÿœvg1"£EÛë7«qŒÒ44{²CŽ|2ÇçvdTIeo0R°9ŽüÄ÷'uïôÍþ(*“0>Z™ƒf€ŽšN+“{Žmsže.Ž} +ÕÖ¬ôZÖA±¯{—1Ž +ËeœÖYÉڊCbZÕBɕÜ)3uŠX†•í&µ%aÆĎZmsWË;ž̈́=n\àÈ»i•—p;GV¢($&ô»^xùÝ¥ŒÊà$PÆ-¶äA‡†ãžÊP +Ôä€(Œmv^¹ +FYŠÏÄUÝ>ïKÉB&$ñK‰K`»Áé:tÂ8œÜÛÄù£èmN›*Z +=±ýS7Ä»SiFˆ@”ÎQª; + +c¥šPX + +‰‘Œù^mƚl„é„ +¬Õ%Šëþšª¡`•Ð +MSòÜT]XAÖ»Þ~üôáVM + 5ž`œæúAäH@äÐÌÒ!ÉJ­ÕÈTH–z‡üT—ªèºP‹ +ï™Ù>UÜ€.âa +ωÄÒi·7’ƒ-à ß]ìã%!0t +ÚbèbÁSœ:üXô¿òþÿòñ1aÒYGi›;XwŽ)¥ŒôÄ0€Ðå-oLgj€‹¶`íŒRò +¢T1SÂK±ßÛ§HNzÏKšÌ†KG0?ê㞊0ßëkÍ.ËûŽ•»‘ÂÚ#ӂZДCm}èŠ-Ýù»Í€°ZWÏ·G>ô§y{=” +mZ> endobj +4189 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [456.983 556.717 506.019 567.62] +/Subtype /Link +/A << /S /GoTo /D (0:PATHS) >> +>> endobj +4190 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [260.781 543.765 307.605 554.669] +/Subtype /Link +/A << /S /GoTo /D (0:CONSOLEDETAILS) >> +>> endobj +4194 0 obj << +/D [4192 0 R /XYZ 71.731 729.265 null] +>> endobj +1128 0 obj << +/D [4192 0 R /XYZ 71.731 718.306 null] +>> endobj +506 0 obj << +/D [4192 0 R /XYZ 463.515 703.236 null] +>> endobj +4195 0 obj << +/D [4192 0 R /XYZ 71.731 672.259 null] +>> endobj +4196 0 obj << +/D [4192 0 R /XYZ 71.731 672.259 null] +>> endobj +1129 0 obj << +/D [4192 0 R /XYZ 71.731 648.795 null] +>> endobj +510 0 obj << +/D [4192 0 R /XYZ 151.162 605.698 null] +>> endobj +4197 0 obj << +/D [4192 0 R /XYZ 71.731 582.209 null] +>> endobj +4198 0 obj << +/D [4192 0 R /XYZ 343.419 572.821 null] +>> endobj +1130 0 obj << +/D [4192 0 R /XYZ 71.731 543.516 null] +>> endobj +514 0 obj << +/D [4192 0 R /XYZ 316.686 500.419 null] +>> endobj +4199 0 obj << +/D [4192 0 R /XYZ 71.731 476.663 null] +>> endobj +4200 0 obj << +/D [4192 0 R /XYZ 374.702 454.59 null] +>> endobj +4201 0 obj << +/D [4192 0 R /XYZ 481.65 454.59 null] +>> endobj +4202 0 obj << +/D [4192 0 R /XYZ 177.942 441.639 null] +>> endobj +4203 0 obj << +/D [4192 0 R /XYZ 274.17 441.639 null] +>> endobj +4204 0 obj << +/D [4192 0 R /XYZ 71.731 419.557 null] +>> endobj +4205 0 obj << +/D [4192 0 R /XYZ 164.094 382.859 null] +>> endobj +4206 0 obj << +/D [4192 0 R /XYZ 244.592 382.859 null] +>> endobj +4207 0 obj << +/D [4192 0 R /XYZ 288.038 382.859 null] +>> endobj +4208 0 obj << +/D [4192 0 R /XYZ 341.996 382.859 null] +>> endobj +4209 0 obj << +/D [4192 0 R /XYZ 71.731 367.751 null] +>> endobj +4210 0 obj << +/D [4192 0 R /XYZ 71.731 352.807 null] +>> endobj +1131 0 obj << +/D [4192 0 R /XYZ 71.731 303.756 null] +>> endobj +518 0 obj << +/D [4192 0 R /XYZ 317.013 258.502 null] +>> endobj +4211 0 obj << +/D [4192 0 R /XYZ 71.731 234.746 null] +>> endobj +4212 0 obj << +/D [4192 0 R /XYZ 71.731 234.746 null] +>> endobj +4213 0 obj << +/D [4192 0 R /XYZ 189.011 212.674 null] +>> endobj +4214 0 obj << +/D [4192 0 R /XYZ 71.731 177.64 null] +>> endobj +4215 0 obj << +/D [4192 0 R /XYZ 474.288 166.845 null] +>> endobj +4216 0 obj << +/D [4192 0 R /XYZ 230.634 153.894 null] +>> endobj +4217 0 obj << +/D [4192 0 R /XYZ 274.539 153.894 null] +>> endobj +4191 0 obj << +/Font << /F25 852 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R /F48 1258 0 R /F33 859 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4221 0 obj << +/Length 1727 +/Filter /FlateDecode +>> +stream +xÚ­XYoã6~ϯð£ +Ä +EÝ +l6ð +í[4Š"»X02c‘%C”’M}‡â¡‹vŽÝ—ØŠGœ™oŸ¹ˆgÛžœ?ûm}vñÎ÷g)J#ÍÖ·3?L—ú³Ø'( Élœ™]Ï/wôP³j±$!žÇH}~(Ë;¡ŸÞ–ú·Õw+h®žþªA8/ +žo« +Îé^,Ÿ®?ÃZ=èözº—ÄOPxð%@!N”òÍvê<&Ïh8T嶢{õ°oD­ŸÝ0õ¹a_0&ÛšG^šÏz§ÏÊB +l›ŠÖŒÔ¿Êÿäì|ø +U‚e šiUób«ž +xœ +¿ctšÇàhÒsϖ +A©÷º +M:Ž}Õò}` +Q¯µâÿÆŽÍ†K£Î +ŠB85/öÕ\µ`ÞËØ°Š×­q€°OÌËStÓÿšKm‰±èq9TœÖÌ R1±+ócq0°N +Xz±‡0Ž5`žìS¹uáD|DÒá’Tí?—’Ðq<æԀAš/|cq4Â9/˜;Ÿ}mŸ¬ž,÷{ZlÞ*éϐŽ‚gőµúâ¶Éó‹]S—ZV +™ã¥œãTŽ6s„>¹m^ +/ðP‚mî\æ¥`:|£á80Âçá7#ÃÝü5. +ýŠ‰ +.àS™Ä•¿ÊÜ~ò•®’Õ•ôzJAHWø¶Ž^¯>¿su॑°ÝV +SïÆ¢“¬S +‚Q¥`ÓËI'ª{áEá”p«ïml²Š>Ž«t¹Yž£+ú•h‚,­1jŠºœä +rTCµÌ† +š"Gg×ë?? +NVôSN +Я鍝gwæø +Ò`kkØÚ9,<—·Ê~­ uA÷FŸ•©90ºŠûƒqÓP¢ßhÚqÄ1(2ñ§ +ogÍ$~Šã$EQ7T¿ŽÛ¶%‚QD`å 1ÂyEK„ 1ÑÍþÆØ`XöâöökÓ€' +Ÿ +]ѲÓÕ AQ>§ &£nØŠ'Ã4’†ÑK[”a݆©öÐäµöþg%x* +vžQÓ +ɓÜ)lb+cÒ&~"_.ýŽéïa¯¡‡GOÁ™BBtTL]™ìU‘©ž˜ ˜ÄÏQd㖙-c²j¶ƒÿtZŽ<È(«ãŠÕëE +ÌA•kLöa°öÆö +OУÐ{Fû9š «S¹7ÙªËáC]„ÉÄv˜· +`CËg×íOWýe„ Fî‘Øü¹‹˜d’¶³*ÙК‡ +–1ÙFúÕsœœ°ôm KŠÓÅOÁôzdßI +š +ÐÒ2£ +V²Š΂¶~IðŒ”,ožvsýñýêïn?Ëv,»Í~šj§ùBd?ÔÓªêK +X6˜ÿ_Reßž]V:ÒρKí†+"Xm^[ +7O!|µ3àVƒIñÜFûšÓânŽu™Ó[|Of,¥žŸþ.ûÛi·ÔÒjá%óm³‡)EŒÆØÄa„»çUYìí£6$(œÀøñœ +{îudWÏ»@Ê +rA[ww/¶Ÿ +rö +/ÇSVY䏎‰ì?Î ýFÀÈèœyúªKÒN™' +s^R€ˆ€6bòŽâ›vè[ï +gb¥IÐ'¡|ë$O^ÍÊõH' +µ‘8¶R +YÃá# D‹žŒIYž€aØômþ±ú÷í=͛ÓÍ(’—¡^«Íó_w}Òg3 +•ÂµbíµÍ5ãÄΎ7݋f4™v鮊¹šB Baì÷+T +Uê,T  dƒ/ÍnCwbõ‹a®‘Æðf +èð¥CˆVë³ÿ”u +endstream +endobj +4220 0 obj << +/Type /Page +/Contents 4221 0 R +/Resources 4219 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4169 0 R +/Annots [ 4218 0 R ] +>> endobj +4218 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [325.796 299.96 385.074 310.864] +/Subtype /Link +/A << /S /GoTo /D (0:DEFTRUST) >> +>> endobj +4222 0 obj << +/D [4220 0 R /XYZ 71.731 729.265 null] +>> endobj +4223 0 obj << +/D [4220 0 R /XYZ 71.731 741.22 null] +>> endobj +4224 0 obj << +/D [4220 0 R /XYZ 71.731 718.306 null] +>> endobj +4225 0 obj << +/D [4220 0 R /XYZ 119.552 695.392 null] +>> endobj +4226 0 obj << +/D [4220 0 R /XYZ 216.527 695.392 null] +>> endobj +4227 0 obj << +/D [4220 0 R /XYZ 119.552 682.441 null] +>> endobj +4228 0 obj << +/D [4220 0 R /XYZ 71.731 660.493 null] +>> endobj +4229 0 obj << +/D [4220 0 R /XYZ 71.731 627.482 null] +>> endobj +4230 0 obj << +/D [4220 0 R /XYZ 71.731 627.482 null] +>> endobj +4231 0 obj << +/D [4220 0 R /XYZ 193.314 616.687 null] +>> endobj +4232 0 obj << +/D [4220 0 R /XYZ 71.731 594.74 null] +>> endobj +4233 0 obj << +/D [4220 0 R /XYZ 261.358 570.859 null] +>> endobj +4234 0 obj << +/D [4220 0 R /XYZ 119.552 557.908 null] +>> endobj +4235 0 obj << +/D [4220 0 R /XYZ 193.314 557.908 null] +>> endobj +4236 0 obj << +/D [4220 0 R /XYZ 71.731 535.96 null] +>> endobj +4237 0 obj << +/D [4220 0 R /XYZ 71.731 535.96 null] +>> endobj +4238 0 obj << +/D [4220 0 R /XYZ 71.731 534.715 null] +>> endobj +4239 0 obj << +/D [4220 0 R /XYZ 129.514 517.559 null] +>> endobj +4240 0 obj << +/D [4220 0 R /XYZ 237.827 517.559 null] +>> endobj +4241 0 obj << +/D [4220 0 R /XYZ 189.011 504.608 null] +>> endobj +4242 0 obj << +/D [4220 0 R /XYZ 71.731 482.526 null] +>> endobj +4243 0 obj << +/D [4220 0 R /XYZ 71.731 482.526 null] +>> endobj +4244 0 obj << +/D [4220 0 R /XYZ 71.731 482.526 null] +>> endobj +4245 0 obj << +/D [4220 0 R /XYZ 139.477 466.75 null] +>> endobj +4246 0 obj << +/D [4220 0 R /XYZ 139.477 466.75 null] +>> endobj +4247 0 obj << +/D [4220 0 R /XYZ 488.913 453.798 null] +>> endobj +4248 0 obj << +/D [4220 0 R /XYZ 71.731 440.747 null] +>> endobj +4249 0 obj << +/D [4220 0 R /XYZ 139.477 422.914 null] +>> endobj +4250 0 obj << +/D [4220 0 R /XYZ 139.477 422.914 null] +>> endobj +4251 0 obj << +/D [4220 0 R /XYZ 310.564 397.011 null] +>> endobj +4252 0 obj << +/D [4220 0 R /XYZ 124.533 364.882 null] +>> endobj +4253 0 obj << +/D [4220 0 R /XYZ 129.514 346.949 null] +>> endobj +4254 0 obj << +/D [4220 0 R /XYZ 152.199 333.998 null] +>> endobj +4255 0 obj << +/D [4220 0 R /XYZ 209.753 333.998 null] +>> endobj +4256 0 obj << +/D [4220 0 R /XYZ 177.374 321.046 null] +>> endobj +4257 0 obj << +/D [4220 0 R /XYZ 269.189 321.046 null] +>> endobj +4258 0 obj << +/D [4220 0 R /XYZ 350.255 321.046 null] +>> endobj +4259 0 obj << +/D [4220 0 R /XYZ 390.065 321.046 null] +>> endobj +4260 0 obj << +/D [4220 0 R /XYZ 71.731 318.889 null] +>> endobj +4261 0 obj << +/D [4220 0 R /XYZ 129.514 303.113 null] +>> endobj +4262 0 obj << +/D [4220 0 R /XYZ 71.731 290.062 null] +>> endobj +4263 0 obj << +/D [4220 0 R /XYZ 129.514 272.229 null] +>> endobj +4264 0 obj << +/D [4220 0 R /XYZ 265.941 259.278 null] +>> endobj +4265 0 obj << +/D [4220 0 R /XYZ 329.731 259.278 null] +>> endobj +4266 0 obj << +/D [4220 0 R /XYZ 71.731 257.121 null] +>> endobj +4267 0 obj << +/D [4220 0 R /XYZ 129.514 241.345 null] +>> endobj +4268 0 obj << +/D [4220 0 R /XYZ 71.731 206.311 null] +>> endobj +4269 0 obj << +/D [4220 0 R /XYZ 71.731 206.311 null] +>> endobj +4270 0 obj << +/D [4220 0 R /XYZ 208.806 195.517 null] +>> endobj +4271 0 obj << +/D [4220 0 R /XYZ 71.731 160.483 null] +>> endobj +4272 0 obj << +/D [4220 0 R /XYZ 71.731 160.483 null] +>> endobj +4273 0 obj << +/D [4220 0 R /XYZ 180.552 149.689 null] +>> endobj +4274 0 obj << +/D [4220 0 R /XYZ 124.533 135.492 null] +>> endobj +4275 0 obj << +/D [4220 0 R /XYZ 129.514 117.559 null] +>> endobj +4276 0 obj << +/D [4220 0 R /XYZ 365.517 117.559 null] +>> endobj +4277 0 obj << +/D [4220 0 R /XYZ 433.551 117.559 null] +>> endobj +4278 0 obj << +/D [4220 0 R /XYZ 71.731 115.402 null] +>> endobj +4219 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4281 0 obj << +/Length 1427 +/Filter /FlateDecode +>> +stream +xÚµXÛnÛ8}ÏWèCl ‘u—Ü +ÇNRŽ›5°XŽEAKŽCDURŠ›¿ß¡HêÙÛ»/1/Ãá̙™ÃQ,coXÆÍÙÕæl¶v]cnÎ'06;Ãõ#Ӟ»Fè:fä;Æ&1>O–š(1›^8Ÿ5 Mù{Ké—à +U{« –£TÎ +ØÔó'tj[“=›Úþe|úuóþÌR×ë_°Á6Bs +Z¶°áÂq#3ðlxŠoE҈/Žã÷NקZËëlÔŸh†¥_,ËIÁ*e*bj +M +kò­ +AII2|® +Œ¿Š +è)[ÔQ9&>DŸa^àž$ÒoóO‘쁀jyÛgR{œ4§/z7Oˆoéä+Ùï1à ,Úc,l»Ÿé·Œ +ep­ +-8hùZ˜c ÷„K9Ç7lÏt=ˆEý&ZŸéÁ[xᇩ +Gê04moÁۋ²¢ +L U!‡;ñÐÕ4L +T¿Æ‚<^—Û ‚7: T#[¡§ó扗‘\åE)K¯mŽ +f*325×OJMV¬o7?4ÀfGžثЯæwÌ_‡V³â÷Š0M[­Zy’7EàµÁÝæP·rÒ1<åT +<(›šöù*WeΖְ‹8ֱ՝u"ŸŽa"Wa:G1âD5 Wû +ÈÄO kU‰^áŽk›NÑñHŒ¢ +̈́]c”ŠM±ãu +ÿ·Î>¥û–9€»1IIùR»€Y¿Ëù¶e†þ +Ý6{.Íþ¬¿œŸ6NÁ®¯¢õfzXàJ ¬!‡ ޑœH2sÑ ‰ß +a\‰àÆJ1ÓOãˆö{øYÒ +*;YÌ*Îf)€f[’Ïp‰8.씊¶ÙÛŒxXœ°±}•ÁÇ +“Ê +^ŒºYz!fßHrâœ?FsqOOªµt%%·÷W‹Ù#€ú,£ +³J‹?\nn•w5HÍ Aë„Qðí?ñ*;bÑRm/ÖË«k× +ëÀ_ϝµ +MÜåzµZ»Wþ*ºŒ¬Õµ7wƒõµum‡Î2òN] Ü” + +»•X +àÎ«ºS +7¿éóî?Ü-ÿ>¡F÷xG,j:%„e=’loî +‘ø( +6±œÿcD–¹!ŽKéÙê_ó wdµ9û™„Û +endstream +endobj +4280 0 obj << +/Type /Page +/Contents 4281 0 R +/Resources 4279 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4169 0 R +>> endobj +4282 0 obj << +/D [4280 0 R /XYZ 71.731 729.265 null] +>> endobj +4283 0 obj << +/D [4280 0 R /XYZ 129.514 708.344 null] +>> endobj +4284 0 obj << +/D [4280 0 R /XYZ 71.731 628.199 null] +>> endobj +4285 0 obj << +/D [4280 0 R /XYZ 71.731 628.199 null] +>> endobj +4286 0 obj << +/D [4280 0 R /XYZ 190.535 616.687 null] +>> endobj +4287 0 obj << +/D [4280 0 R /XYZ 71.731 583.711 null] +>> endobj +4288 0 obj << +/D [4280 0 R /XYZ 71.731 583.711 null] +>> endobj +4289 0 obj << +/D [4280 0 R /XYZ 184.438 570.859 null] +>> endobj +4290 0 obj << +/D [4280 0 R /XYZ 124.533 543.711 null] +>> endobj +4291 0 obj << +/D [4280 0 R /XYZ 129.514 525.778 null] +>> endobj +4292 0 obj << +/D [4280 0 R /XYZ 265.055 512.827 null] +>> endobj +4293 0 obj << +/D [4280 0 R /XYZ 324.96 512.827 null] +>> endobj +4294 0 obj << +/D [4280 0 R /XYZ 76.712 494.894 null] +>> endobj +522 0 obj << +/D [4280 0 R /XYZ 334.383 455.522 null] +>> endobj +4295 0 obj << +/D [4280 0 R /XYZ 71.731 432.405 null] +>> endobj +4296 0 obj << +/D [4280 0 R /XYZ 71.731 348.757 null] +>> endobj +4297 0 obj << +/D [4280 0 R /XYZ 71.731 312.892 null] +>> endobj +4279 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R /F25 852 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4300 0 obj << +/Length 174 +/Filter /FlateDecode +>> +stream +xÚ]Ž=‚0†÷þŠہRZ®«4N݌Cpðç‹) +N÷^Þ{òœ€ + +ÉÁ“ŒQ + +wZjð +(ŽŒp +Œ’ܢߕVðzßg–IÔð4O1>—»žuõg=›Â¶ËÌJ€‘‚ö3+†qa7&bÓç +°«[—?w&¥áÖÊ5” + +ÝäC\îU +Ç0µôþs+ž62Ž£4‰vfÇԞ|Ã;£ +endstream +endobj +4299 0 obj << +/Type /Page +/Contents 4300 0 R +/Resources 4298 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4169 0 R +>> endobj +4301 0 obj << +/D [4299 0 R /XYZ 71.731 729.265 null] +>> endobj +4298 0 obj << +/Font << /F33 859 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4308 0 obj << +/Length 1893 +/Filter /FlateDecode +>> +stream +xÚœXKÛ6Ÿï¯ð-6°¢EJ”š-°Iw7[ŽhÚÍ!éA+Ó»zUlýï;²dÙÉE/6E‰ä<Ÿ™ù†îb¿p÷W®þ³¹Zߺ . +(£‹Ínbzxº +"^°ØlŸ–oÓžjyœrHȖ +©ÿ›í +»Ë­hEYęš»ãqÛÕŒQOŸ ÕèƒØ|»úcó# +ë1j¶.‹Ï®Kö] +ˍÖ?Ämü7\ï'2Ø +–­ï@ŠE €~ˆÁ +Njçyj§7e›Â*ê.۔«A2Þ\MʙŒ›1uÎå Ö&‹Oý«<ÖŒExòÍò{X‹ÕÛžØNÞZÀS¹;=¹‹X[iIŠGŒD ˆ]!ƺ˜ ˆbeð +øèYþÄ}Ò£1NÆãºå+L—·ƒP\ëòxPÿ÷Ewÿ~,#8ƒ +9SŠ°ÂÙý™ûj?ã1Lu±ùF +ŽÔŠ›”ëÏœ£Ï"„óyœòÂ%OÊ<çÅVáh²=eˆ„vû²’vÓúÆ5=#5Œ£ˆžD±0 +„ïW9±þwz;I˘‰¢lmÜ€o’ž2âî‚Á息ŽeˆyVþ»‡Ÿng„vÌg# +vŒyð×îxÝMWUe­=¶+ë)ž®õDœ§±(Ìê,S#˜ñÝå—X>I\ðÛßC^@¿âÑE‘U±-Õþ_$žx-v‡IHXßW +D©Ú#²F + +Ç@î՟Ôú/‘S[O©3!jÅTЙŒÇŽ‚±³ÐzÈ1+̖܀D +ì€@ß­w]–­«žM×m¹Ö"Ú(îeC"œáë»Èó# +&„ÐÓÏ‘ú‘ÕlÞáIʓ'£dÜNԕré©rx5ãrï,m¿Q™¥‡CÒA:4™Oèž|®EËûéÓð<ä3fùÈã€ÔÖ]ӚÐ'ÖÉs +‚AjòŽ²Îi¶wÆg?x÷ËÏ·&ç +i^H0ý_é +3‘š±N£tÎ +À9v Kó?8£{܊ÀVÖ_:ª# +X¶ÇK•×h_t³áG#„C4ÆÃ)¯O +f +lÅHËÜ0—ci ûyÑØ{†ÎØÕ|' +°“!#ª +ÅŠÅP×t€ÔÃLÀcàŒÐ¡àûtY–í\’ €ò±1‘žär +`Øùß;ý®.ób™çí™(øõ¹j7EÄŽ>&e- +nܹ:@¡øÄšœè‚ÓŽp^ãìŽPØSµP9šåŽó¥‡l/Å)yñ<ï+Ü +ø( Ö +€²â +¿˜ðɗ¡Æ`mTÜ.C‰ +ŽŸJÑ ”úŽh0‡Cô+Pû +_¶DºðoD¥I‚ÏF +Üà([ô‰Šž/cõø~% +:‚ΙzÓ$êQTíŒÌï»±q©·¹(P•ÍÈR°7ƒSw+$HD&+Z°FE>ŒÚxR<5ê©æY¬r¯|U*•ï`¢?Y4m_wUoÕà +ò +p$Œ¡¡ +ò4s¶»€ñ1k2;ô/TTÁ`;jUëdúÊ3]›l4mÝî;ÕKEûvsõוlÜ(錠†„ë†t‘äWò +S>âžØÔ|±»úufä¡Y¥ŸÆn€74«L«}àw\$Ræ`Ì +í·nˆo$1þýöfI’|êZåŒ +ÙÈ2 +ÓUj3CÕ¿VOÚeL[]cŽ¡ +] +uÊÞsýÍH†‘Ù%Bû¥ +Z4}ú#Obɱ8&McC·ÿгóúY7[iÇÞÏÅ>mÕpÏ[ƒ ZLWNõÄ»Rf‘gU=Í + Î Ú¬=ŒŽ"¯2a ¥É‡àÎÞtĖ» +I<–¬«¶±ê¡õþ‡>óu3vf +ù؆p.e”UáÔžøšíijž÷:)MŠ>ͶƒÏM¹ÑÑR7­uÂNÚ¢4okîhŒh¿€z.í©'@m取bÂëUßÑ€ê±Ç +lýJ®* +4k +àK +€ÕV& +ÔT +ñŸÍ©9ã‰AéAŽ|ºž•ü©j°ôëã±IûÅ' Á#äC—÷-¡=—|X}9ô a\p„(iìÙŸRòŠ™¿/ßf +W +æ­!}ÀèõkëKÓ˜™ VwÅQ‡u©#”Ì»ä%œ÷iGx}é°e4\+Mûì™ëzg×Çc²uU–ÔIçŽååPÊíÿæáþö7 +‘9Š +^ñBK©ôÖ2ޟš.Ÿ»¥t7XŽióŒ9)ò©ÿŸXó9Iz¶UœŽoPÚQô\DdÌô5ÏÐ76 +ÁÈôbӀ†×uYKþw}VMœӻ¡þŽBÚpÄÓQ?ùzÊ׏}ãE1H>0}{/L!Œÿ؈ÓP +endstream +endobj +4307 0 obj << +/Type /Page +/Contents 4308 0 R +/Resources 4306 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4354 0 R +/Annots [ 4302 0 R 4303 0 R 4304 0 R 4305 0 R ] +>> endobj +4302 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [244.462 633.894 292.95 644.798] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGFILE) >> +>> endobj +4303 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [442.935 633.894 489.76 644.798] +/Subtype /Link +/A << /S /GoTo /D (0:DATABASEFILE) >> +>> endobj +4304 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [128.518 456.435 187.795 466.965] +/Subtype /Link +/A << /S /GoTo /D (0:DEFTRUST) >> +>> endobj +4305 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [326.288 308.676 373.138 319.258] +/Subtype /Link +/A << /S /GoTo /D (0:SAMHAINADMIN) >> +>> endobj +4309 0 obj << +/D [4307 0 R /XYZ 71.731 729.265 null] +>> endobj +1132 0 obj << +/D [4307 0 R /XYZ 71.731 718.306 null] +>> endobj +526 0 obj << +/D [4307 0 R /XYZ 357.56 676.38 null] +>> endobj +4310 0 obj << +/D [4307 0 R /XYZ 71.731 645.402 null] +>> endobj +4311 0 obj << +/D [4307 0 R /XYZ 274.699 624.096 null] +>> endobj +4312 0 obj << +/D [4307 0 R /XYZ 316.482 624.096 null] +>> endobj +4313 0 obj << +/D [4307 0 R /XYZ 71.731 602.014 null] +>> endobj +4314 0 obj << +/D [4307 0 R /XYZ 71.731 602.014 null] +>> endobj +4315 0 obj << +/D [4307 0 R /XYZ 278.384 591.219 null] +>> endobj +4316 0 obj << +/D [4307 0 R /XYZ 71.731 569.271 null] +>> endobj +4317 0 obj << +/D [4307 0 R /XYZ 280.317 558.342 null] +>> endobj +4318 0 obj << +/D [4307 0 R /XYZ 362.917 558.342 null] +>> endobj +4319 0 obj << +/D [4307 0 R /XYZ 139.756 545.391 null] +>> endobj +4320 0 obj << +/D [4307 0 R /XYZ 71.731 523.309 null] +>> endobj +4321 0 obj << +/D [4307 0 R /XYZ 71.731 523.309 null] +>> endobj +4322 0 obj << +/D [4307 0 R /XYZ 71.731 490.567 null] +>> endobj +4323 0 obj << +/D [4307 0 R /XYZ 71.731 490.567 null] +>> endobj +4324 0 obj << +/D [4307 0 R /XYZ 71.731 489.321 null] +>> endobj +4325 0 obj << +/D [4307 0 R /XYZ 129.514 472.166 null] +>> endobj +4326 0 obj << +/D [4307 0 R /XYZ 285.577 472.166 null] +>> endobj +4327 0 obj << +/D [4307 0 R /XYZ 397.058 472.166 null] +>> endobj +4328 0 obj << +/D [4307 0 R /XYZ 71.731 457.431 null] +>> endobj +4329 0 obj << +/D [4307 0 R /XYZ 129.514 441.281 null] +>> endobj +4330 0 obj << +/D [4307 0 R /XYZ 71.731 428.23 null] +>> endobj +4331 0 obj << +/D [4307 0 R /XYZ 129.514 410.397 null] +>> endobj +4332 0 obj << +/D [4307 0 R /XYZ 312.726 410.397 null] +>> endobj +4333 0 obj << +/D [4307 0 R /XYZ 245.339 397.446 null] +>> endobj +4334 0 obj << +/D [4307 0 R /XYZ 71.731 395.289 null] +>> endobj +4335 0 obj << +/D [4307 0 R /XYZ 129.514 379.513 null] +>> endobj +4336 0 obj << +/D [4307 0 R /XYZ 389.746 379.513 null] +>> endobj +4337 0 obj << +/D [4307 0 R /XYZ 163.437 366.562 null] +>> endobj +4338 0 obj << +/D [4307 0 R /XYZ 410.001 366.562 null] +>> endobj +4339 0 obj << +/D [4307 0 R /XYZ 76.712 349.924 null] +>> endobj +4340 0 obj << +/D [4307 0 R /XYZ 71.731 334.98 null] +>> endobj +4341 0 obj << +/D [4307 0 R /XYZ 242.583 323.324 null] +>> endobj +4342 0 obj << +/D [4307 0 R /XYZ 76.712 295.03 null] +>> endobj +4343 0 obj << +/D [4307 0 R /XYZ 166.376 239.553 null] +>> endobj +4344 0 obj << +/D [4307 0 R /XYZ 267.551 228.076 null] +>> endobj +4345 0 obj << +/D [4307 0 R /XYZ 254.792 204.764 null] +>> endobj +4346 0 obj << +/D [4307 0 R /XYZ 322.29 193.107 null] +>> endobj +4347 0 obj << +/D [4307 0 R /XYZ 71.731 153.304 null] +>> endobj +4348 0 obj << +/D [4307 0 R /XYZ 379.654 146.44 null] +>> endobj +4349 0 obj << +/D [4307 0 R /XYZ 459.593 146.44 null] +>> endobj +4350 0 obj << +/D [4307 0 R /XYZ 265.931 133.488 null] +>> endobj +4351 0 obj << +/D [4307 0 R /XYZ 332.252 133.488 null] +>> endobj +4352 0 obj << +/D [4307 0 R /XYZ 119.552 120.537 null] +>> endobj +4353 0 obj << +/D [4307 0 R /XYZ 71.731 48.817 null] +>> endobj +4306 0 obj << +/Font << /F25 852 0 R /F31 858 0 R /F38 956 0 R /F33 859 0 R /F60 1440 0 R /F50 1263 0 R /F48 1258 0 R /F55 1386 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4357 0 obj << +/Length 1894 +/Filter /FlateDecode +>> +stream +xÚ­X[Ûž~Ÿ_!Æ"š€DJ +‡Ǟml³Sô¡[²MÛBdÉ+ə̿ï!yš›µÉŽÍ‹u1ynß9ß9õ +õ +nîŸnë ð’H.œ§œÇA8“^p +î=íŒΖÇôÜšjîsAg1±×»Ý.k²²HsûŒžGbŠÒæR̓hŠjûö7Î#{÷kv(ÔÎÞ/Ëâ7JùÖ21Kµ˜Å‡ŽI7i­œŽP̲ +ÄüëéçŠö‚±qÏXŸ1A€ +=Ÿ‡DÐØZëûÏYsô·Gµý\_Nïßh‹µ€^ +;a5ìŒ9¡!™Ö¿ŸVË?ÿú÷¿Ú +aHÜB°ÞŠ˜PîþïŒ-«žÿ×b!Ê2‘n›µžŒ4­Ñž%8+Ǟ¯‘‰¢IËûv I,C5ˆÏ1úŒqsěV«yJºs•Cló2á +:& +λÅ÷ó2Ýùêk£ŠF¥ÙÁe’ïþ u<=>¬>±„OàÅiL‚š +Øâœ6ÇES.Ž²k×eD"üŸ Ôéé˜fhµÿӄQ~À‰"Ðp’ö¿ØFmaØ_r¬¥<+ð]¹Çë¥9_š·y‘€îØÉÓyd7Ôçtk«gd@(Mw02•mœJ'ÉÛÕ×ôtÎÕ»©B¡P‰Ñ0£{5žžÔÕb“:*ï¬ +lÉœŒÃ‚dŒLÂĕ +s¿ÓûF¬é}­ +VíùšmxÎWÂ;‡µ€„ʔìÍêéæ÷]ïÔc +“Œ‰ðDðÒ۞nô§„šŒ$IàUÊÛßümbW3HèvÙÕ1”Šän“¡U’B„ðZ'p +á€Ì" µ÷s >~úøøñÁÆ3ŒûÉÅÀœ„@–£ËòtÎ ;t‰EñÌ€'\m +ÁÍC1gtvùåÁ>êøÏ9aqÛçÌä˜Þ“©Ñæ.ãáAÍ:ûªÔö̬ÅänG9ډ©áJ&RHkíÈÊ×=$b³GÝŸœèʋ}yaàD¥ҝ²+ZÇÞÚEœ +ŒuŠÍ +e +|V)k‚Šì{t’Ø­žŸ˜ó»²žm¬›yöY¯kã–Õڗ·öñ­ËÀ˜u0F öÜo]]hgzØŒ/Êۉ +H ù„¢ÏÀ`×:è#Š™ŒŽL©€Ä +»þ +®<³í3¬¶Ç#ÈÆpïï—ì˜CÏUÑŽL2,¶0 +À¯(›‰Z‹tËc߬P;ÃôŽ±„˜]B0(qÆþ°c;°÷9«•v5”³¬Ákm¯ÇìpÌç:!Ìc¥ yNªØ™Ž‚&­àÚå”Þ\àŸG5A¥ +hšÆÅ̀¢@ +z*LÊ«Ê4Ä©®ÑoÉÕôTgnj­ôà +šRóe.m~Â0å@µ +«0ƒÐ€H±œz“Â-LU™6ÕMéŸ + +Í[Rê}³à1kj•ï§z +v,’ýùýžqõé—OŸŠò +$h‚ä’ ÈËFœë(ÉÜø>ØGxXkЗYØõQG“e‘¿žê¯›ïYÉ: +ž—@ +­®20ÁÕœ?¥v +ŠC*Ÿ—º¥Ä)î\•Q™D}8Is(µS€±g“ÖÇ?ábÖ[ÌaM܂O`Ñ>;˜–%)u0ïû˜ÁŸ€¡†Pƒ§aӀiš4 + ŽŸŽû”µhÁ þ^g­Aå‡J¬/ߕýךX +ò懙ëÎ+Æiʚ«ŠÛ®y5RU +æÐuEB·Ã/šºœí™nÛÓÅ­ßô 3FßWû4HàÌF¥i€Tâg‹$lÃÞû‘ +endstream +endobj +4356 0 obj << +/Type /Page +/Contents 4357 0 R +/Resources 4355 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4354 0 R +>> endobj +4358 0 obj << +/D [4356 0 R /XYZ 71.731 729.265 null] +>> endobj +4359 0 obj << +/D [4356 0 R /XYZ 71.731 718.306 null] +>> endobj +4360 0 obj << +/D [4356 0 R /XYZ 71.731 718.306 null] +>> endobj +4361 0 obj << +/D [4356 0 R /XYZ 201.593 708.344 null] +>> endobj +4362 0 obj << +/D [4356 0 R /XYZ 289.432 708.344 null] +>> endobj +4363 0 obj << +/D [4356 0 R /XYZ 71.731 653.385 null] +>> endobj +4364 0 obj << +/D [4356 0 R /XYZ 71.731 653.385 null] +>> endobj +4365 0 obj << +/D [4356 0 R /XYZ 327.928 642.59 null] +>> endobj +4366 0 obj << +/D [4356 0 R /XYZ 431.327 642.59 null] +>> endobj +4367 0 obj << +/D [4356 0 R /XYZ 119.552 629.639 null] +>> endobj +4368 0 obj << +/D [4356 0 R /XYZ 280.235 629.639 null] +>> endobj +4369 0 obj << +/D [4356 0 R /XYZ 71.731 607.557 null] +>> endobj +4370 0 obj << +/D [4356 0 R /XYZ 71.731 607.557 null] +>> endobj +4371 0 obj << +/D [4356 0 R /XYZ 160.219 596.762 null] +>> endobj +4372 0 obj << +/D [4356 0 R /XYZ 71.731 583.691 null] +>> endobj +4373 0 obj << +/D [4356 0 R /XYZ 166.376 533.196 null] +>> endobj +4374 0 obj << +/D [4356 0 R /XYZ 239.819 498.406 null] +>> endobj +4375 0 obj << +/D [4356 0 R /XYZ 347.414 498.406 null] +>> endobj +4376 0 obj << +/D [4356 0 R /XYZ 71.731 458.711 null] +>> endobj +4377 0 obj << +/D [4356 0 R /XYZ 334.123 451.956 null] +>> endobj +4378 0 obj << +/D [4356 0 R /XYZ 71.731 416.923 null] +>> endobj +4379 0 obj << +/D [4356 0 R /XYZ 71.731 416.923 null] +>> endobj +4380 0 obj << +/D [4356 0 R /XYZ 71.731 404.106 null] +>> endobj +4381 0 obj << +/D [4356 0 R /XYZ 71.731 389.162 null] +>> endobj +4382 0 obj << +/D [4356 0 R /XYZ 164.878 379.528 null] +>> endobj +4383 0 obj << +/D [4356 0 R /XYZ 423.285 367.871 null] +>> endobj +4384 0 obj << +/D [4356 0 R /XYZ 71.731 306.701 null] +>> endobj +4385 0 obj << +/D [4356 0 R /XYZ 71.731 306.701 null] +>> endobj +4386 0 obj << +/D [4356 0 R /XYZ 327.908 293.749 null] +>> endobj +4387 0 obj << +/D [4356 0 R /XYZ 71.731 280.679 null] +>> endobj +4388 0 obj << +/D [4356 0 R /XYZ 71.731 265.735 null] +>> endobj +4389 0 obj << +/D [4356 0 R /XYZ 158.405 254.198 null] +>> endobj +4390 0 obj << +/D [4356 0 R /XYZ 71.731 226.302 null] +>> endobj +4391 0 obj << +/D [4356 0 R /XYZ 71.731 226.302 null] +>> endobj +4392 0 obj << +/D [4356 0 R /XYZ 149.141 214.646 null] +>> endobj +4393 0 obj << +/D [4356 0 R /XYZ 71.731 213.553 null] +>> endobj +4394 0 obj << +/D [4356 0 R /XYZ 149.141 202.99 null] +>> endobj +4395 0 obj << +/D [4356 0 R /XYZ 71.731 201.929 null] +>> endobj +4396 0 obj << +/D [4356 0 R /XYZ 149.141 191.333 null] +>> endobj +4397 0 obj << +/D [4356 0 R /XYZ 71.731 190.272 null] +>> endobj +4398 0 obj << +/D [4356 0 R /XYZ 149.141 179.677 null] +>> endobj +4399 0 obj << +/D [4356 0 R /XYZ 71.731 178.616 null] +>> endobj +4400 0 obj << +/D [4356 0 R /XYZ 149.141 168.021 null] +>> endobj +4401 0 obj << +/D [4356 0 R /XYZ 71.731 166.96 null] +>> endobj +4402 0 obj << +/D [4356 0 R /XYZ 149.141 156.365 null] +>> endobj +4403 0 obj << +/D [4356 0 R /XYZ 71.731 155.271 null] +>> endobj +4404 0 obj << +/D [4356 0 R /XYZ 149.141 144.708 null] +>> endobj +4405 0 obj << +/D [4356 0 R /XYZ 71.731 123.69 null] +>> endobj +4406 0 obj << +/D [4356 0 R /XYZ 71.731 123.69 null] +>> endobj +4407 0 obj << +/D [4356 0 R /XYZ 459.135 111.832 null] +>> endobj +4355 0 obj << +/Font << /F33 859 0 R /F38 956 0 R /F60 1440 0 R /F31 858 0 R /F25 852 0 R /F48 1258 0 R /F50 1263 0 R /F51 1265 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4410 0 obj << +/Length 1301 +/Filter /FlateDecode +>> +stream +xÚµXMsÛ6œûWðÐ5cB)~õV'±'œÔ“š'ǘ%Ž)’@và•`ñ¬‡q„âxåxÁ +E~jÐ>Wbkœˆ-xãdœÇö]ªV}Yđ +±|.'ž”e•B™k|fŒ‚°ø>Ï)ç域ìWؒ +¬ž«Hi›úÅôíZ&Šž$'Š1j­¿Ë°eÈ +PfӐ÷¬YD«ÌU#5 +Æ!G©h Õ»5‡Z6' +©2“ŽÉÐý+ˆ|ɱ¢*A䖔ÑH(Y»³îŒµå(nlâî—+F1ëzQÆl ;™ ²¡Ó”0Ê÷µ@j¡åu98‘‚VZO«¥–­ÜjH­ž"¬ØMRw­qÈ$›;q5’³ªÆçH¢Ö£ÚNIb<~nŠ2Ø?£¹hًñùN*}ÄV’ d•HVôl³_Î-¡(ŽvíTӌݳÜ2Ù/§?_Úý”&Ånە˜æ–2øqn:@€³e~aHêêÈ^ˆ3„Ó±ÐE;Ti^Օ ¢ÂneAø#·9­¥ µ³ûÀõòl°,;|P•ŽÕ¬ +UœŸ-r~äSŽAsâÕè;‘è2g²>Ò%£»VšÍ9©\:𝯠=5LHÝ^ÚØúJdRaw›axTÑWù‡”4­5nž u-ƒŸR†R +Ø)h I?Ν· ó¥M$;Å83–’Ÿí/`ÖA†¢4;¥ +/ö}×ó¶ŽîfÔïᥡªõ(ŽâW<üŽvŠœ6ÍßÖœbØËËMY©â€ÆþYx¡jïÚNå›ß›á;éìîuF±’ÀV‡™±Ö*S +©ž²:hG +)ÈtUeVíÁ7|sÓnª'Ú\š>ïW¢—Ô z-IãL§°·Õ-á?À£ŒLXmÚƳW÷!÷ÓLåè MWïBè¡|Œž1Cæ€ +ý:åïLåûÒH'4Rs•ê™Œãw’ŠyÍhQÖG±‡ÐÛrVŠo ðfà†6Tê=Ò~î‰ +QÜÀÜQÚoonMG:ìHÅÆejß˖ +—e¢’·»HÞîFaýa`üÚȲ1/ÅÙ{®èÞøž`?Ni›Öò +‘€ÊI-(kúÏ¿áp¯8”_§Øøê¿~ +ÚY'§EÕAÁ'œw[Öϒçãddð}ÚôHœúèóŒé6°ó¯` +Ëg<1àw[Hìý@>žÐôÿ˜áS#Œ#úòM [?„‹öýќOë‹úã +endstream +endobj +4409 0 obj << +/Type /Page +/Contents 4410 0 R +/Resources 4408 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4354 0 R +>> endobj +4411 0 obj << +/D [4409 0 R /XYZ 71.731 729.265 null] +>> endobj +4412 0 obj << +/D [4409 0 R /XYZ 322.429 708.344 null] +>> endobj +1133 0 obj << +/D [4409 0 R /XYZ 71.731 680.284 null] +>> endobj +530 0 obj << +/D [4409 0 R /XYZ 312.83 637.187 null] +>> endobj +4413 0 obj << +/D [4409 0 R /XYZ 71.731 613.698 null] +>> endobj +4414 0 obj << +/D [4409 0 R /XYZ 197.299 604.31 null] +>> endobj +4415 0 obj << +/D [4409 0 R /XYZ 438.732 604.31 null] +>> endobj +4416 0 obj << +/D [4409 0 R /XYZ 360.555 578.407 null] +>> endobj +4417 0 obj << +/D [4409 0 R /XYZ 71.731 566.287 null] +>> endobj +4418 0 obj << +/D [4409 0 R /XYZ 71.731 566.287 null] +>> endobj +4419 0 obj << +/D [4409 0 R /XYZ 149.141 556.788 null] +>> endobj +4408 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F25 852 0 R /F50 1263 0 R /F38 956 0 R /F51 1265 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4422 0 obj << +/Length 296 +/Filter /FlateDecode +>> +stream +xÚ]‘Ánà +†ïy +Žô5&@rܺuÒŽÛ¢]Ö +šBS€*©(í^$€Ú“müû÷'€#@ފçŠX®¥$5¯5jÒìJÅQhb$òJ!iZòMW{{Œ.,* Ïñ©m}ôCo¹^/Œ¢ÎÆsXHCÝ)¿nMÎ>}×»6ç«¡ß`—ŽBQ;Ú,_lŽ[{rW·RQH6?Í{3ïr­€T V—#,PòaXrUŠe È eìàOq4 žÑI/žV&Ë>Æ +ÓI÷.'»iá”ú>ÇöF5VÁ&mžNÙYs +ŸŸï +܂ýý·å›9Pr)æã²Ë +÷âÂvH» +‰uV~ÍíÉt8Çã9ò‡óÜý¥ÔŠËñ:Z`:ÓŒO€žzmŠ?›U„¶ +endstream +endobj +4421 0 obj << +/Type /Page +/Contents 4422 0 R +/Resources 4420 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4354 0 R +>> endobj +4423 0 obj << +/D [4421 0 R /XYZ 71.731 729.265 null] +>> endobj +4420 0 obj << +/Font << /F33 859 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4426 0 obj << +/Length 1803 +/Filter /FlateDecode +>> +stream +xÚœXÙ®Û6}ÏWøÑF¯h‰Ú +ô!-²¢KÐ8@‹€h‰¶˜+K‚HåÆß¡†ÔfÝ4@ÑŸX”L +g9sfFîæŒq7/žžæúãáÉþ9 +7Ô%Q˜„›Ãi{$öœMìú„úÑæoÞo*X£x»shœlS‚קùÎs·¹P¢®X‰ÏžsŠº–KŒû@iŒ«·Š³R»¿¯÷ÏAzJ҈Fúž & õ6ŽŸߧxÜ«Œº[VáUTªíòþ|žËë^>¬ªZá⟪w4Ü>à*˜y.Ù¥`ÂJ1oµ]U‰ê|g¶ì +Ž«Q–žº°{m·§m”â—ÆHVæ¡ìŽ;/Ü~Ö?Œ5 +Epñ’W¿ÓVƒ· +’44&^ë¶ø!œuÅEVWR ‘pס+(‹‹Ñž±Wi܊’êœßᲓ` ÙR_8®ê“ÝìGۺѡ“ø42ë€äùüU³AòLo'CÀŒê +¢c£„„êGÚĔx)/EŽúÀO‡×.ûÒû9ë;êUÉ¿†J’8FÙ³À¢ +aq4ËêK#Êޔ>®œ‡ú`5Mmƒtª +ž˜ùs𥠟ÄUm°X7ŒeÚ7Î*4j†8eÑÔŽõ¹e—Yì=T>ëq +$š/\1ÈAÚ«Zw +ŸÂ.ðÐoj„™š;‰TË2Žoõ*Â#¡Ì +d FžyÕ‡ß|t(̧º,1uÐxdœç(q±œ€Öò5<ƒ¹š`ÎóïM“IÝyü +‡W짯ÿ€¯Dî&W¢ÀQèËý +_êöãg`™xžÄ +í¶‰r¥©C©ÙªWxàD0 +ž/Öhv‰$(Ù#óMï{ O-eðË‘ç¹ +œT- +b4Ð +C +OÌ˜²»Ž¶üöûIür[LaX}Öú³²³iâOü@Ó8<øg‡A +R?¶û²¢¬X†ëCëø^J"šÎ#lpaÔpŽ;X3ë_k_˪3“íVeR;ŽÃoT9²û,‘{4™“1 +C² +e +•-öaƒc +]å`È +KÉÎ@–e •µ‰Õ×¥Ö!ÿ&È+±ŒCâÑ78Æ%A08p‘㎺ÛN”ʱFŽÀ.¢Â +vh’pæ +ÖD¬7Qü+>øà†îJê{nh7£nçgŒîŠŠœª÷ ؈Œ5Ö=ýxÇyËÊ]°*0ZX WV²UªŒî¢Ð:êϝE§¯ÄŠŒ _+®ÌI[6<'Lfk­ç­ ++[Îr³ +Kœ£¢bíuÝuœœÉ\˜-‘¡)‘%7ÅgQº^¿yö€õÀՎ¹›gÆC!²b·o#::óÌMQcMÃ+ ·±ö, +T‘Bx + +ìƒ"¢1žs²–# +ÞIŸ&,!Þ"ÚçÓÏžx +*óÃŒˆžÉÈ'|÷ª¢7Ü|ê€ÂՃv1«Ì]ï3ž~\oÀ»V÷'p²í‚¡äÍúDяA"dÚæŒZzwSÞYÀÛñz`ðe˜Ø” +•ªÞNëË +AAƲ#“ü?g©( +!þF–Š,u›|¬aF&)‰u8ÍÈÇÍ +šó¡pþßy'L×xµö•GŠe}êdª“v_¯N0'h +Î +¶£·6]ד~š,mÌy§Q®ÛÒèʵqH! s©æ`26µT2k + +{z;×Ý8À÷èžYãA{LÍ®Ò=ôc0 +h_Úr¶KÀóÆx`We­ê²bŠìT£S[_ւ:%ã^Ñ»E  vY#>, +o{_Ûê/JŸ +-Dn誁ЪµD–7¥vÿݔ»g#,Ô25Oï¿ÒFýÂÎ"»·{³ûÑΉÓäŠÂÔó Ä†iÜ¿ø]¥#œ”+};Ð +ð‚·ÈVp6ùԀç#·÷‹òGùè +˜Û¢1†d'¢I§w6ÄíÁñ·žíÔ9aô¡%)xÙ¬ÃÃðÎàñk­øZCBHî ç«ÓŠŽ˜„3ŽŸ]Ĺ²v,S¡˜|äʞº7NZÚíw¡7o +Sjʲ“â-6lm.±L,šªió»öÔÆTêhã,ïÒÙ;ÏOþ +1> +endstream +endobj +4425 0 obj << +/Type /Page +/Contents 4426 0 R +/Resources 4424 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4354 0 R +>> endobj +4427 0 obj << +/D [4425 0 R /XYZ 71.731 729.265 null] +>> endobj +1134 0 obj << +/D [4425 0 R /XYZ 71.731 718.306 null] +>> endobj +534 0 obj << +/D [4425 0 R /XYZ 472.151 703.236 null] +>> endobj +4428 0 obj << +/D [4425 0 R /XYZ 71.731 672.579 null] +>> endobj +4429 0 obj << +/D [4425 0 R /XYZ 252.392 663.903 null] +>> endobj +4430 0 obj << +/D [4425 0 R /XYZ 218.144 650.952 null] +>> endobj +1135 0 obj << +/D [4425 0 R /XYZ 71.731 648.795 null] +>> endobj +538 0 obj << +/D [4425 0 R /XYZ 282.566 605.698 null] +>> endobj +4431 0 obj << +/D [4425 0 R /XYZ 71.731 581.942 null] +>> endobj +4432 0 obj << +/D [4425 0 R /XYZ 71.731 581.942 null] +>> endobj +4433 0 obj << +/D [4425 0 R /XYZ 71.731 524.836 null] +>> endobj +4434 0 obj << +/D [4425 0 R /XYZ 71.731 524.836 null] +>> endobj +4435 0 obj << +/D [4425 0 R /XYZ 191.082 514.041 null] +>> endobj +4436 0 obj << +/D [4425 0 R /XYZ 71.731 491.959 null] +>> endobj +4437 0 obj << +/D [4425 0 R /XYZ 71.731 491.959 null] +>> endobj +4438 0 obj << +/D [4425 0 R /XYZ 71.731 490.714 null] +>> endobj +4439 0 obj << +/D [4425 0 R /XYZ 137.484 473.693 null] +>> endobj +4440 0 obj << +/D [4425 0 R /XYZ 424.176 473.693 null] +>> endobj +4441 0 obj << +/D [4425 0 R /XYZ 285.259 460.741 null] +>> endobj +4442 0 obj << +/D [4425 0 R /XYZ 71.731 458.585 null] +>> endobj +4443 0 obj << +/D [4425 0 R /XYZ 137.484 442.809 null] +>> endobj +4444 0 obj << +/D [4425 0 R /XYZ 402.568 442.809 null] +>> endobj +4445 0 obj << +/D [4425 0 R /XYZ 242.111 429.857 null] +>> endobj +4446 0 obj << +/D [4425 0 R /XYZ 71.731 401.797 null] +>> endobj +4447 0 obj << +/D [4425 0 R /XYZ 71.731 386.853 null] +>> endobj +4448 0 obj << +/D [4425 0 R /XYZ 194.772 377.354 null] +>> endobj +4449 0 obj << +/D [4425 0 R /XYZ 124.533 336.507 null] +>> endobj +4450 0 obj << +/D [4425 0 R /XYZ 137.484 318.574 null] +>> endobj +4451 0 obj << +/D [4425 0 R /XYZ 396.759 318.574 null] +>> endobj +4452 0 obj << +/D [4425 0 R /XYZ 71.731 303.466 null] +>> endobj +4453 0 obj << +/D [4425 0 R /XYZ 137.484 287.69 null] +>> endobj +4454 0 obj << +/D [4425 0 R /XYZ 173.728 261.787 null] +>> endobj +4455 0 obj << +/D [4425 0 R /XYZ 289.712 261.787 null] +>> endobj +4456 0 obj << +/D [4425 0 R /XYZ 416.695 261.787 null] +>> endobj +4457 0 obj << +/D [4425 0 R /XYZ 137.484 248.836 null] +>> endobj +4458 0 obj << +/D [4425 0 R /XYZ 71.731 247.621 null] +>> endobj +4459 0 obj << +/D [4425 0 R /XYZ 71.731 232.677 null] +>> endobj +4460 0 obj << +/D [4425 0 R /XYZ 176.337 222.236 null] +>> endobj +4461 0 obj << +/D [4425 0 R /XYZ 71.731 184.378 null] +>> endobj +4462 0 obj << +/D [4425 0 R /XYZ 137.484 158.475 null] +>> endobj +4463 0 obj << +/D [4425 0 R /XYZ 71.731 156.318 null] +>> endobj +4464 0 obj << +/D [4425 0 R /XYZ 71.731 141.374 null] +>> endobj +4465 0 obj << +/D [4425 0 R /XYZ 190.289 131.875 null] +>> endobj +4466 0 obj << +/D [4425 0 R /XYZ 343.674 131.875 null] +>> endobj +4424 0 obj << +/Font << /F25 852 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R /F33 859 0 R /F48 1258 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4469 0 obj << +/Length 2174 +/Filter /FlateDecode +>> +stream +xÚ¥YÛ®Û¶}ÏWø­2Ó%êR 9ERŽh‚àdESŽÄm +‘%’»ã¿ïP +’’ÌÝ:=O–l^fÖ¬Yœ¡ÃÍqn~|ñŸ‡û·qŒ)H‘Òtóðž‰#yL7YLIÎèæ¡Úü +üpâý(ävGYDŸ®ªz¬»–7úýí6càãEnã,ƒþö¥™~ú8 +ތ§í?¿qØ<ŸmŸ£qJhŸÙeŒÄQ®7ßíDˍ؝ëRn£<èvƒ^ê•Zkÿ6 +79,‘&j‰¢ ,e°ø4÷k'?ÿ Nãâh¶U’()Ìž­mê/Û( +N˜ÛFS’d‘™`œW« +R6ˆ^ê +[—Q¿\ƒ×ßµ<óæ;ýVví§0€Ç‹ä +gÄŸi&ûZ”„q¶ÙE”,Ò} +YØvžÃ©®*3ÁÒmĂ㖌펒÷§ºäMs +ñx +nvŠY¶r¹íÊæ÷W¯ÿûã +¯ + +Œ×OuƒìšêAM +Œkç3o+z+ôSÏåP·G$Øà ¿îú9ÏøD‚ãå,Zô²^¡xæǺDŸT<;YiÄк`ã‰ã:ÎZí©~–‚W`ÔÂð³ynÚñ(»3B3O-J!\¡åæ0² +£‚Ä€9ŽB,~zԟ£ÁDñ@ã=VY4i’ˆÄ9E +0Á-aìú^‘ÄÜÀôL=8h8š>ÙEecmƒØ4ݖ²à ßÇÎЗ˵‘œT<ž°VlGõ©†€4FöEs5Ö +êQryœ+¢ß’u +F6Í®ågáÕ&P„ÜjÎû×ïÞxÂO’‚Þ$jY€§èO•Íž{‹j!GÇ(ÉHÌRKG~>q/!•&³ÄŒƒxxÖ + ðÊz¶¥YðŒwJž-O'#NUgSŒ{ßÅILŠµÔ9ªõ +ÏŠ,­·Ž*„‘mś®û²©]Žè%&¹Uªhøî(Ž*~փžŒ7 +ÿ +y6?Š®—FøU!Ìóœ#»8 +dl©wƒ¥$r1ü?‚ $r؏Ÿ©3š¡{¹JüCgk(eÝ?¯2—Ÿâ£‰/K1ð +€ eтnqĖÔz[»³ +»ÄÓÍd +F™ +‚˜cË ;ó„òem§ðˆæª$Ð@øØÇ$£ÑYj^)ú†—3«oWNr’æٝ9kÇŸÁËZjcX‰ÂŒ›4óUb Ÿ9):Š€PU¥zÂCݯ&ù| <:9Ô%A–ëZýÐóã(x4HRàšÇm<Éùô2v +ÎU|œ”'ý6ô¢¬•µ¥~¯ÛiV7‘öÁÒ +~Q*¯vhtvÀ7ƈº +a8DðR »þŽœ¢ýå„åº$)Cz)іh÷ˆ6êšý H +P£ë-îÖCæŽÆ&ýYžx{TOزyh-ŒÜZžÅèÍ °X +âéªcwŽ-–"ÑÄRttn`“0c\Ò5Ç¥©ô«T¯\ÍÁ2&à$ɖèDÓß +óWï.ˆÚ“*oœ‹(PœŠßä8±cöÛ6J”;&Ù +KWë­*ËÇ¥‰ŽÐ]]‡&‘Ž„DÈ÷†9‹e$ +ÖØ`•Â¯0ƒ™²$Ì¥g”8IétD˜ +¥bšY§% +‘ +úß`Mø"d+\Œ«.IHãt!bAdþ/*¿îë¯yj +9&ܳkÍԀܥ#?û)wA¢OŸ€@݆ÑLRá1 +^êÇ«KYdáÄ¥¶uΫé,àfUÕ?¬É=ˆÒéJÉ¥xŒ4† + + +› +šº”%h@Š±./ +—+ +˙òÑʃ>À¥ÆÕÑVŠÔ™òÆØ*†õÈ<2) +/Aê45 +_¡·™œï1yÃ%3ÕVÏz4,UË_²÷œh9Æ +«òÔ€T+Œ‡†uR`• e¿UŽmÐfè¿¥uM¬gÃ1tŠ{óņBmîXj +}Ñ,Y˜;WèËÏÖ +T +ʏ6Y!ŸJΊiHr,]nZEw°è§=•]‘Ü]žØŸæ‹JàWûøðæÝçw¯?øÊÓ2Y_§€CŠg +µž»‚ Nº +%©þB—JF\±ÔaYصÂÍR3ðî#$QžªÚ|Ë4 +¯\3ïFèw +Æ©õ•iŠŒÔ×6u3º«‰Áv‹ø j +ώy×GY1•EËSö³Â” +i{ô G.|2ã +E!û<&‘k +fØ.°Œ5 +ʶ$Ìœv}¹oÜ +i +çG–'ËæxÆ +øÅ\Zl]7ÏMËnz~ûÓÇ)Kș÷žöÖ媓J1þ"¥mêÖ!·Õú-"ᲆÝ+Ù»œwò°B“ïb_@Š1›ù6D)ŠgØp»h–‘<ô\à™ê¿ +Ððì«ZÂ9ÓÉë +Ä·ƒ¹‚r.Kès÷%ôa”¶|¿ÙÔ +X§nöß +MT$In„fqò^圿#‰àžhºDÚO6·Iw+”Aá˜.œÖPšÁ ö·†ú/A3Wa5Ž—l3Y\âjFb\]~¹@©Ï6·Rêx`]֚†+Žƒh +gí³.i8R +¶CMҙ‹\â–Œ)%ÌQü[µÉøtœV°Ý\þÒÍnYí +K}M­¹»Œ›šþhÿŒžŽÍ|âTai}óêªwŽŒ/• kPµæ-Œß” +ŠE®Íµ„b‰ï +Qé}ìØõïnRœfÆÒΙüiþG1aáª[wՌO}¡ú‚âMª8`üÔÝÂì–ށv{tªø˜{wÅ€”Õ‡ՙºJƒxÎô +—¢Èß?“—Ë +A·0ó?•ÿhå)t¹p,1p8E&DaŒ˜óæáÅ_¥<ò +endstream +endobj +4468 0 obj << +/Type /Page +/Contents 4469 0 R +/Resources 4467 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4354 0 R +>> endobj +4470 0 obj << +/D [4468 0 R /XYZ 71.731 729.265 null] +>> endobj +4471 0 obj << +/D [4468 0 R /XYZ 71.731 670.486 null] +>> endobj +4472 0 obj << +/D [4468 0 R /XYZ 71.731 670.486 null] +>> endobj +4473 0 obj << +/D [4468 0 R /XYZ 219.117 657.534 null] +>> endobj +4474 0 obj << +/D [4468 0 R /XYZ 285.737 657.534 null] +>> endobj +4475 0 obj << +/D [4468 0 R /XYZ 71.731 622.501 null] +>> endobj +4476 0 obj << +/D [4468 0 R /XYZ 71.731 622.501 null] +>> endobj +4477 0 obj << +/D [4468 0 R /XYZ 341.557 598.755 null] +>> endobj +4478 0 obj << +/D [4468 0 R /XYZ 71.731 550.77 null] +>> endobj +4479 0 obj << +/D [4468 0 R /XYZ 71.731 550.77 null] +>> endobj +4480 0 obj << +/D [4468 0 R /XYZ 215.441 539.975 null] +>> endobj +4481 0 obj << +/D [4468 0 R /XYZ 387.425 539.975 null] +>> endobj +4482 0 obj << +/D [4468 0 R /XYZ 433.92 539.975 null] +>> endobj +4483 0 obj << +/D [4468 0 R /XYZ 119.552 527.024 null] +>> endobj +4484 0 obj << +/D [4468 0 R /XYZ 460.847 527.024 null] +>> endobj +4485 0 obj << +/D [4468 0 R /XYZ 490.177 527.024 null] +>> endobj +4486 0 obj << +/D [4468 0 R /XYZ 175.721 514.072 null] +>> endobj +4487 0 obj << +/D [4468 0 R /XYZ 185.125 501.121 null] +>> endobj +4488 0 obj << +/D [4468 0 R /XYZ 353.273 501.121 null] +>> endobj +4489 0 obj << +/D [4468 0 R /XYZ 438.213 501.121 null] +>> endobj +4490 0 obj << +/D [4468 0 R /XYZ 71.731 488.07 null] +>> endobj +4491 0 obj << +/D [4468 0 R /XYZ 71.731 473.126 null] +>> endobj +4492 0 obj << +/D [4468 0 R /XYZ 345.306 449.913 null] +>> endobj +4493 0 obj << +/D [4468 0 R /XYZ 391.801 449.913 null] +>> endobj +4494 0 obj << +/D [4468 0 R /XYZ 267.703 438.257 null] +>> endobj +4495 0 obj << +/D [4468 0 R /XYZ 76.712 408.668 null] +>> endobj +542 0 obj << +/D [4468 0 R /XYZ 153.609 350.645 null] +>> endobj +4496 0 obj << +/D [4468 0 R /XYZ 71.731 347.676 null] +>> endobj +4497 0 obj << +/D [4468 0 R /XYZ 71.731 332.732 null] +>> endobj +4498 0 obj << +/D [4468 0 R /XYZ 71.731 251.218 null] +>> endobj +4499 0 obj << +/D [4468 0 R /XYZ 211.416 238.267 null] +>> endobj +4500 0 obj << +/D [4468 0 R /XYZ 379.504 225.315 null] +>> endobj +4501 0 obj << +/D [4468 0 R /XYZ 251.148 212.364 null] +>> endobj +4502 0 obj << +/D [4468 0 R /XYZ 71.731 190.282 null] +>> endobj +4503 0 obj << +/D [4468 0 R /XYZ 119.552 166.536 null] +>> endobj +4504 0 obj << +/D [4468 0 R /XYZ 278.485 166.536 null] +>> endobj +4505 0 obj << +/D [4468 0 R /XYZ 318.992 153.584 null] +>> endobj +4506 0 obj << +/D [4468 0 R /XYZ 147.507 140.633 null] +>> endobj +4507 0 obj << +/D [4468 0 R /XYZ 352.216 140.633 null] +>> endobj +4508 0 obj << +/D [4468 0 R /XYZ 182.087 127.681 null] +>> endobj +4509 0 obj << +/D [4468 0 R /XYZ 378.906 114.73 null] +>> endobj +4467 0 obj << +/Font << /F33 859 0 R /F38 956 0 R /F60 1440 0 R /F31 858 0 R /F25 852 0 R /F48 1258 0 R /F55 1386 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4512 0 obj << +/Length 2045 +/Filter /FlateDecode +>> +stream +xÚµY[ã¶~Ÿ_¡‡kcš€D]ÈCRd +hƒb§Š$hh‰¶ +‘DG”vâßÛnÖÎx‚æeDK$ÏááwŸó‘ƒƒS€ƒ¿=|÷ô°ÿ†A†²˜ÆÁÓ1CiHƒ$€(e4x*‚Ÿ6=óK'ÚíŽ2ŒÉ}~[eWʆWö÷§mÂ6‚w}» +“Pöíϔ&¶õ¹ŒêÎÛ_žþþ€}0N&Æw4ŒMá!†SküÇm„7% +4³PÛÆó–àhQ©GûF6ÕշIJ“ý]Ë¢¯„vaÿ‰á Ëq€-“8AaLÀ)cSñúÌËæ¿ç²èYÚ3WÓ‘4õý_ÊÊY88ˇ-śŸ¬ +­§s©f>˜6Œƒ©ÝF,ʂ +¡(óQW¢:îÀƒ²9¹–Hžéº³›A‰ +oy·º&˜,ÆñrM¢åJ¬¬(¡(¢ÃŠ^šg#;×¢ +mófKØæZËÖûö8ן”ʏvƒ^ô^ÈöÙMÆÝÒIÊ#·tb­Båmy06"¶á©|ÑŒx÷yŒŽ~orðÄ|1[OõRvùÙÏ![Ê6G×åjÇ\žRå–lü +6¬º÷ECÛ¶?lÁÝVÔjñ +þ`¿vÒ=íÐØEp:‰0žïoÙ(èk£ösÈi+Ò~j·$ÝëX[ÇÖúÊÂô:i“ØNÿFŸŽ·}TeÓÿþjnX›â·Ÿl}»±—V^< +ð¶?E£“ôKÙÊŠMç€ðŸ-Ñ[Þ;€žeïûŸ¹ +oc¹ôïyʋÈí«ò°·þªý¯}Ãk˜%Æx³kÝŒ[·á!,RaCʞËÜqÊE–MçÖÚə?ǟɧ$w׺ÿ­z^Ålã÷ +A°hwNÌЮÓin + ÑqO)C®/wLÉŸÍý& +e;Øj—ý}®z¿u.Øð7uÖ²5fž<Úv.ëKY +ŒpqwVµ ^V +F’ùZ{VóëH +óÕæ²ùczê[q׊ïXðÇ ˆpœ%% +8–“Ì‘âù/®'™öÌ  +T˜\{mhÿlæß[OödIÞÉöºboçŠÙ0Èâû +ÖüÙá¹n]Òý)³çJþ±<ý9 +qYIæ(B„DŸ·†œ<(Y‰Î2«PŸ +¬V|‹C¥Ôù–ü¡Ð:ßúçæžúg”ÅœŸ¥Z9œ?lÌ^!·ÿç6U›VÝoÓe Ö‡ïŸ +~{Ðr ÄAaƈ‚Ëëý>€á„eYŽ"8>ükeP˜0”¥¡e{ +ƒtIü(#S)L¡0Š©^ +M2PŠa± +‘$t:•› +"ø IA° Ûpû¥“mÞi}”‘]HK +?ê!ƒŽ€öP¡í€žíáe›É.ŒtÉqavúȁlÂVö‡á/xjîó¢tæ!D&Äá€Ùt §:ï©Eˆ™ñ8~ÄUF³EžX¥áBã„)ŽÊúR•Bù)|¬ÒŸ› +†µô +pžçþ› +m‰VëV7Ä=•wupê‡0KŸ`L0l–期 &"'&ŽSíZè +Š:(Ë§Ê +^4¹®º\D±íTŸ9†Ž7µ †õJÌbjp8á2‚k„öÓRvk"JQ8Jl§1o' +cP%jÁ!»høA/ ;'v:HßüóÛ|¿bÐ%$Y®(?óæ$Ûo~×DÞwÜȜê_~ +%kѝ5-ʜ¡™»­p²úåQG%ï«n>‘ +ÙäV‰ ã$¹‹ Öh%„Žïå¢$Â{Qõ +êÅ$°0„“ç›Fß&0º °Q§¹|1gœ³VŃ«vê"òÒlŽ¶üèSŸX#¶6dе†b¯ºÏ(TÇ¡Àœeš$FQõ§‰ô,»/ZŒzJ© +Σ8Zä@Þ·-(V+HÎbuYŽ~ÔºeOŒ­žT<÷o +æ¯>Rb]÷Fx¢fxâq3'9ïù‚ÆV=sKVöŒ9qxŽéʜWZ\žœÿ€ÏŸ ±ûv‘†ÅŽnÇËÓÙ§Œ˜wæ¯ê›2êÁ|cÑsW}5«aXšÈÆ0Í<$>_U'jTóË +xnbÆ:t՞{þ÷Hj: +È~?ýžé‘MûW.b¯5fØ£§óm +@K€ ºÈf”>ÄÎC_ +-VWÃþ +ÝÝC'k$Dy7s +õôœ£ˆ>?AbÎ +$ÀbðòmŸ£„!–Ð7ø.Œ[°ýxö‰žŽŒ£tœÓ[–Àÿ,c7w`°À@HÑÇEù\ͪB +Õ|ðhÌõÑË ©ü¥™C +&(Š˜ãÙ»áe§Š +º„üir1¡ìîÜ{ +é­5 {ä`‹¥§˜N™‹KwK„­8HÙÒÝŸüÐx!+vú*v +)±P'§šú+<ÁKÇìNL®)dŒWkû5¹ÁÒt(¹¶Œï×z͇ +‰Š¢ÅfÌ®Oםßé—Q¿úÈÙ +ì[ÌšÙf®ù¥áœ~EýŠ?ãÆÞ;Çà΢ÆòŸ“57EÈ×ÙQÞuϏ/‘.ª_Q +l<ÅLÀ¶¢€£!ý|E™¿Ÿ±]$ßš£µj€Ù¢tŽÈÅ.\àNØ»› +§+Â\³ +‹2.paÐüÞáÍx‹ë3O—¬áövþïa×N†£}Ìè«LŽ¿ú?Õ%Lb}> endobj +4513 0 obj << +/D [4511 0 R /XYZ 71.731 729.265 null] +>> endobj +4514 0 obj << +/D [4511 0 R /XYZ 71.731 741.22 null] +>> endobj +4515 0 obj << +/D [4511 0 R /XYZ 71.731 718.306 null] +>> endobj +4516 0 obj << +/D [4511 0 R /XYZ 286.913 708.344 null] +>> endobj +4517 0 obj << +/D [4511 0 R /XYZ 232.158 695.392 null] +>> endobj +4518 0 obj << +/D [4511 0 R /XYZ 119.552 669.489 null] +>> endobj +4519 0 obj << +/D [4511 0 R /XYZ 71.731 648.284 null] +>> endobj +4520 0 obj << +/D [4511 0 R /XYZ 119.552 623.661 null] +>> endobj +4521 0 obj << +/D [4511 0 R /XYZ 71.731 585.639 null] +>> endobj +4522 0 obj << +/D [4511 0 R /XYZ 130.311 576.139 null] +>> endobj +4523 0 obj << +/D [4511 0 R /XYZ 149.679 576.139 null] +>> endobj +4524 0 obj << +/D [4511 0 R /XYZ 130.311 564.483 null] +>> endobj +4525 0 obj << +/D [4511 0 R /XYZ 149.679 564.483 null] +>> endobj +4526 0 obj << +/D [4511 0 R /XYZ 130.311 552.827 null] +>> endobj +4527 0 obj << +/D [4511 0 R /XYZ 149.679 552.827 null] +>> endobj +4528 0 obj << +/D [4511 0 R /XYZ 130.311 541.171 null] +>> endobj +4529 0 obj << +/D [4511 0 R /XYZ 149.679 541.171 null] +>> endobj +4530 0 obj << +/D [4511 0 R /XYZ 130.311 529.514 null] +>> endobj +4531 0 obj << +/D [4511 0 R /XYZ 149.679 529.514 null] +>> endobj +4532 0 obj << +/D [4511 0 R /XYZ 130.311 517.858 null] +>> endobj +4533 0 obj << +/D [4511 0 R /XYZ 149.679 517.858 null] +>> endobj +4534 0 obj << +/D [4511 0 R /XYZ 130.311 506.202 null] +>> endobj +4535 0 obj << +/D [4511 0 R /XYZ 149.679 506.202 null] +>> endobj +4536 0 obj << +/D [4511 0 R /XYZ 71.731 494.545 null] +>> endobj +4537 0 obj << +/D [4511 0 R /XYZ 166.376 439.069 null] +>> endobj +4538 0 obj << +/D [4511 0 R /XYZ 277.002 427.592 null] +>> endobj +4539 0 obj << +/D [4511 0 R /XYZ 166.376 415.935 null] +>> endobj +4540 0 obj << +/D [4511 0 R /XYZ 226.289 404.279 null] +>> endobj +4541 0 obj << +/D [4511 0 R /XYZ 352.663 404.279 null] +>> endobj +4542 0 obj << +/D [4511 0 R /XYZ 166.376 392.623 null] +>> endobj +4543 0 obj << +/D [4511 0 R /XYZ 71.731 372.745 null] +>> endobj +4544 0 obj << +/D [4511 0 R /XYZ 166.376 317.268 null] +>> endobj +4545 0 obj << +/D [4511 0 R /XYZ 315.781 305.791 null] +>> endobj +4546 0 obj << +/D [4511 0 R /XYZ 239.765 270.822 null] +>> endobj +4547 0 obj << +/D [4511 0 R /XYZ 71.731 250.945 null] +>> endobj +4548 0 obj << +/D [4511 0 R /XYZ 166.376 195.468 null] +>> endobj +4549 0 obj << +/D [4511 0 R /XYZ 207.244 183.991 null] +>> endobj +4550 0 obj << +/D [4511 0 R /XYZ 241.54 160.678 null] +>> endobj +4551 0 obj << +/D [4511 0 R /XYZ 166.376 149.022 null] +>> endobj +4552 0 obj << +/D [4511 0 R /XYZ 353.906 149.022 null] +>> endobj +4553 0 obj << +/D [4511 0 R /XYZ 315.879 137.366 null] +>> endobj +4554 0 obj << +/D [4511 0 R /XYZ 283.924 125.709 null] +>> endobj +4555 0 obj << +/D [4511 0 R /XYZ 71.731 118.407 null] +>> endobj +4510 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R /F38 956 0 R /F51 1265 0 R /F25 852 0 R /F48 1258 0 R /F55 1386 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4559 0 obj << +/Length 1991 +/Filter /FlateDecode +>> +stream +xڕXێãž}ï¯ÐÛØ@›-êbÉä!Ìl&Ø+ŠH Z¢ÛŠ%Ò¥éé¿ß¢XE]¬ndŸDI$«Î©+OA|÷ÝãÝÃÇ8찏öÁã)ˆÓ”åqdqÄò4 + +Ëà_›¿žÅµ“ív¥áæÀÜó/eYu•V¢vï·Yº‘¢ëÛmœm€q_¿DQæFŸ;)êîŒý÷ãßïB”ÿáñîw +†aÀŸç,>€AÆ÷,æIP4wöG + +,ÌҀ³Ã!Zœî~]Y•Š ËyD«Ülû3 +#Z5À`«„ÅÉ>²xyÂâ}°?ÞC†xŖ§›¯TÏòÒÌ +÷عǧæª-)አ+§þP©-7ý7÷±œTÆôÒbø˜äA|ï+Ç-÷Á.Es€ûñ,Ý"ƒ” +/.û +· Ž¯êÒž÷/a)ü§Õۚ| Ó°:¹qw^nˆ‚_@tCš»çµÕWëÀLýb‘Ë;ÎÙ>Ý;µ +­¬ +O}+q4ŸÝP¢ qÔ·ÛœTáÈì'äïÙþ(²“ F9‡Õ=[Tzª§yï!²t—1 +&;Ó\×tŽà?÷Ÿ?žÆ­ +š™*Çm&\)”õùÇ_VôÕ +È ÍA/GÐÅÒy£9‘]‹ÎE“Gp[œ+gál˜<Õ?#ýÚ5^¶\!­•ª”Þœs#Å`br +¬6 +àWüPV¥z×­¡ÂùVÜK£Û©Ҟ€ýךË÷݂‰V +££éCp7ý;YP{N¡wb¿Ã4*ž«ºžž3Ú¥”§m +nD_£tÑwº]Uˆšlw®Jܣꌬ‡÷ +v +¡`\1ÊÑ£i&Î]zMÕȹŽ;+äµ»UŽ•G­»J=YVQú‹ý¯{dö¬{ˆÐ!‰€é$‰DaÌrH+¡ÓdžÍJªáËÒØOZg² +ùß.ŠiÈç¶ÔW›ùÝÌw[Hîsèüsøԕ +÷&í$öÄÞ;ý¢) + +Å,‚Œ +Vʀjn{0¢9‹Jý-nØÅn¥'ÌÃǯƒè¡ÄÌJK’ +X’eÿW‘X+-P¢7ëU– šEF) +Ó3{u}¿fFÞ|«Êrô™0ª¥ñ +HuaôtÊ«E!!§›ä÷ + +í#Z\tQƒÑžÕ=MïqJoÀ¡fŸå6om·C3/Ù퀂ŽÃmÚف9;žÕc +(¿a>:§·ë0ÝarøÚ2eŠò¹¯ÐMc Î"YS®•Eï2YÕœŒ1)j£Uªƒ7 +Î,\ÌïPÃBà/Wt‹ø«î–/È IÞ~ø~ñۊM\ð’]»ÛêmS +N–‹ès+Ôu, +YËÃàûŸ~þñÃHgÑP8oÅ +> +ÏB÷­ÁE×ñHØZi€"zÕ(dŠ=ÅóPŸÆÜ=­ï +ÈdôTh¬!Õß`Ycš‰Šp +Hsñž»^Vâp±òçU±ç·RÓ +J©/oŠÖ+L|Oˆ +>ÈéՏ˜øF¡ú³‹}Õµ +Ë؝)*G‡º'Šñ‹ZÃڕ)ÎCÆAəÉmûáEԕ"©ÎŽ=Ž&Y&€7Ž%ï(à Ô‘?V؀¥áŽ€‚1²ƒ'ê¡sçß›PxSÏ;e¿Óҍàht™„úq™ +ù£V“8t§h°íÝÍ,²Ë +ú²NÀ}JR=I«h ’$|ïÁôŠ}8ÒÄy5HÙx€Ñ6’Ÿ+s“b +¥ØJNi=kCEBø| JÝ,µìæ[Í·Á;;ºJ%Kò  Yø‘M”–ZúÌÕM +³¢T*j°}é}# +=ʙ˫¡ì=O1¬cCˆ’t×V²€öå–6 +Ù6D™|ê ++©2 +Ãñt?I^Æ蘫;údç¹Ç˜³FŒ²”µô$Nþ6s‘¯(Ê«n­VxŒvZ«b؆Y‰Ò +:#ßÐ?@X¬EéÅùfáAÇßM™¡šp× +˜³žøEõë[ +’OŠò] +qßאª’psÿZõ¢‡æÖjðøtçèlî?Tªÿ†¢þ¹å +;[§Z_—s+ +÷®Ã•“hWšRÂÃk +ӛkUTx›äo˜—×Ûù +ÚGÈOi}+êÈÃty+ý;øƒû; +endstream +endobj +4558 0 obj << +/Type /Page +/Contents 4559 0 R +/Resources 4557 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4556 0 R +>> endobj +4560 0 obj << +/D [4558 0 R /XYZ 71.731 729.265 null] +>> endobj +4561 0 obj << +/D [4558 0 R /XYZ 166.376 670.002 null] +>> endobj +4562 0 obj << +/D [4558 0 R /XYZ 166.376 594.662 null] +>> endobj +4563 0 obj << +/D [4558 0 R /XYZ 370.224 571.452 null] +>> endobj +4564 0 obj << +/D [4558 0 R /XYZ 289.59 559.796 null] +>> endobj +4565 0 obj << +/D [4558 0 R /XYZ 71.731 531.649 null] +>> endobj +4566 0 obj << +/D [4558 0 R /XYZ 139.477 513.398 null] +>> endobj +4567 0 obj << +/D [4558 0 R /XYZ 76.712 485.104 null] +>> endobj +4568 0 obj << +/D [4558 0 R /XYZ 71.731 465.179 null] +>> endobj +4569 0 obj << +/D [4558 0 R /XYZ 471.39 453.523 null] +>> endobj +1136 0 obj << +/D [4558 0 R /XYZ 71.731 392.352 null] +>> endobj +546 0 obj << +/D [4558 0 R /XYZ 294.169 347.098 null] +>> endobj +4570 0 obj << +/D [4558 0 R /XYZ 71.731 323.342 null] +>> endobj +4571 0 obj << +/D [4558 0 R /XYZ 380.441 314.221 null] +>> endobj +4572 0 obj << +/D [4558 0 R /XYZ 320.377 275.367 null] +>> endobj +4573 0 obj << +/D [4558 0 R /XYZ 71.731 253.285 null] +>> endobj +4574 0 obj << +/D [4558 0 R /XYZ 71.731 253.285 null] +>> endobj +4575 0 obj << +/D [4558 0 R /XYZ 71.731 220.542 null] +>> endobj +4576 0 obj << +/D [4558 0 R /XYZ 177.634 209.613 null] +>> endobj +4577 0 obj << +/D [4558 0 R /XYZ 352.346 196.662 null] +>> endobj +4578 0 obj << +/D [4558 0 R /XYZ 186.968 183.71 null] +>> endobj +4579 0 obj << +/D [4558 0 R /XYZ 71.731 137.783 null] +>> endobj +4580 0 obj << +/D [4558 0 R /XYZ 146.67 111.979 null] +>> endobj +4557 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F48 1258 0 R /F55 1386 0 R /F31 858 0 R /F38 956 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4583 0 obj << +/Length 504 +/Filter /FlateDecode +>> +stream +xڝTMoã œçWpŽ¥þ8îWV»ZuuOÛ +ˆMjŽ6D6–›¿8@W^©êÅffÞ›Ç +<Ÿo>—›xŸ$ €EJRP +AB)̲„ÀœPÖàOð¥a'Íû0"ŽöS] +-”d­Ýï̜鱓,àƒýûHHfW÷š³V7áSùsƒ +ŸÇ7àIRHrcw¢Ü‚ÿ–6þ—ãËÖ®uÃç<ñž"›ðt7‡Ó +bŒMâK\|êUeœ €€Iᝠ+"-΃æM- +ñqàµSÖV¬m_᭓<±êoˆQàyˆið2x5jvhç$t£Fm7̚žUîŽRҊéê;œgâ Ê3£&°ð—±DòyE‰ +‚ +©öV‰xàí1>ÖñÝ݊(y +Q–ùÇbjxïš  +:W¬€v]ó¡êÅI«~)ÜԈªùˆr +0É B‰[† +sDœ»þ˜z¡5—®;}×(ƒèèØ[ +¶«HÖ¹œ:~ø’»qОÖkmoU˜KBË +­z35~^þßž-E«âw쌄îT-fOúÀõtë‚yMÊäjaæÜÀaèIÏOB–ZÒ¥çðþðÓ#•©QRýµï~|u„ +†o_‹ÅSeš6ÅDԌIV8b¥‹ oåæœGœ +endstream +endobj +4582 0 obj << +/Type /Page +/Contents 4583 0 R +/Resources 4581 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4556 0 R +>> endobj +4584 0 obj << +/D [4582 0 R /XYZ 71.731 729.265 null] +>> endobj +4585 0 obj << +/D [4582 0 R /XYZ 71.731 718.306 null] +>> endobj +4586 0 obj << +/D [4582 0 R /XYZ 177.663 708.344 null] +>> endobj +4587 0 obj << +/D [4582 0 R /XYZ 160.478 695.392 null] +>> endobj +4588 0 obj << +/D [4582 0 R /XYZ 71.731 647.407 null] +>> endobj +4581 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4592 0 obj << +/Length 1764 +/Filter /FlateDecode +>> +stream +xڝXI“ã4ŸÏ¯ÈCR$j/qìô*†­ jžŠ¢f8(¶Òí +IîT8ðÛy²ždËq÷Pœ,Ûò[Ÿ·}r°zZ«Þx}z÷ð}”¬¢€ +’,Y.«4$i +®Ò &Q|XŠÕÇõ7%í›]”fë0 fñ-ëªvë[Íež©Ö\«[Å̺l¥’›?N? +ªÂ”Da²×ª‚Õ.m¡QrC”ü©²-ÌúëGs=•(®XP+oR±ÚèãäxˆZÅ>%Y®vqD²45Š$­KÊø2 ֌ɫŸ`ÒÜQsAqÃzð®—Mïs^qEÏà™1% +Mgí¿+qS^q÷Ò +sðÀz€‡˜õ©äòÞÖÐsÅ5faDŽ ‚vk{+ùÑ,ΚžWzÔàBªV Æ3ošž™uGógúdý¿Ž=ã—M”¬/LŒŽuLPś§©rka”ŠV•sœÆç¹`­3•¬â +óüˆŒUT¿G;ú®m<Á žm¶öeád:”%/›0Y3t o›OA=õbú©C£†P. ceMZ‚]°¿z. +;ßfbάRŽÁ›+;Â&ۊ+vš™'çÍ$úy[w‚ËyŠ–ÌÂ-sÁ; +ɟM’?ÜÇ$Ë2Ðb0ÖÙzÛ€ÁšÈr©VBrŒ#»[•žr«éÌŒ X—î`„ +³(åyˆ•ãNíÿ.Ì(P\¬Ï‡[_¡”OAX +f*±¯ÔÖ8‘« +œ8 +=%„ŸuŒÖ‹‡^Š‡ªÍiõ !íŒÎ õ +S»4 +ó\¡‹®(Á\þg€ 1Z]W×;öäÝÖ«‰{ +tJ.£’læzûêãðêØÇm5 +=6šm[¥œv +ˆyYåCá"ü*9m|Óð+@`¡Ž.ð]uÛ +’õšÞv)î'ü¬ ­ßAT±¥4؃§YlÃúÏ1ÙO@Ìe! +R˜AvŸûÖÓÇ^Ë÷²}%ߧÃ`tãïx +ý@÷Òv­kɚ +B†:“ÿYÇÖÑ7³ +ïÌ×( +iG¯ÙÖYcƒá挋¯ìXÎ/óÎ7©Î׎©¶3 + +”‚éڕºApôSä +D'­’8~1É€ +ì¢A +ó3 +ÝG³sŸMvF Ù¡EìǹŒe +—M +Š+=ê¡tanÍsŠ±JŠZÓ" +¢šÈK®Àþ^°œû#I¢Ä‹ˆý³—Hkš¹TúÆÔdbÒ€ +¬ž4è¢í;s;€ä˜«[Ç¡V7+Þ4MÂRÝ|B`8Š: +Jö: +òŸ¢šPS€!ŒHFæ5¬uº·mQÒt¬;Žk/¶iæ‡xT­UF7áÞ4Í’nžswÕÕk›vé`«šÝáY3ÚLòĚ\׋²m%~Ì16غœãŽêJØèôµ.gÉsóúKs雂 ™ +3NZ!=chO§‰syL +Çõ +Fþ +a +ã„iÉ,©©”mÎ'83uÕæ3ÖxJFiÚœu1ʙbœÞ'ünhº¹ c +Ç$²ªõ\Ә Â⌚}Z4†&Œpê +D©†Iµ8&æ«ÖAzäÎ6‡$€Æ|ƒ~Ñ +G¶ô)|/q³® Ãn2Ý+¡Ûšÿ튿O͍u–A[jtuŒÎ>± +0Ÿà. +^7ñώMésP¬’÷Kù1èÄP÷/Œ`žº†ç‹§ŒqÐûgt +¹Çï›0Äâ÷ݕ+ë—rç³Öœ|B`ê`œ˜>"|ÐŒ®r'< +,eV—Ùî»X/\Ým\`ZCiÓ»shGÝ'Ž¯i›Ý` +9™Õ7¯y˜MÞÎ +D͵ۙGuoóÚ#"ޑ’;†­Êù™Í”ýㄚћ +4§ë[–_àŠp² :A|p€š>ƒÜCàôïnÝó‹€$@ÊvqH’,ŽÔán¬ñn‰q +Q`ûŽmyÓiêžéIf¬¡LÛíï×Շ‡üó0N}ˆ˜ÌÖßJ^±·Fž€ÃÀq#Î0ÜÌםñÂà;š +°lœï +_àîGÑÓ#G¶ ëg=Án£÷Ñgm7³fÛ1©F”ÆFƒ+ÐÉ`|)i¬ƒPûâfGˆÐl“,ч_;Ó1M±Þ“µ>çžÀÓÏÌŒ»£‹ËÇ$#ûôøÖÑÅK¥4 Ïn:£ƒW$#J±fkoF¿n +Íí͑%ÊH +á]æR#žYɔŠ‡ÒŽéQfp<™Á1€Oë³Ð0Œí_ÀÔûæ»Ó»}'”1 +endstream +endobj +4591 0 obj << +/Type /Page +/Contents 4592 0 R +/Resources 4590 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4556 0 R +/Annots [ 4589 0 R ] +>> endobj +4589 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [250.25 517.862 309.527 528.766] +/Subtype /Link +/A << /S /GoTo /D (0:DEPLOY-LAYOUT) >> +>> endobj +4593 0 obj << +/D [4591 0 R /XYZ 71.731 729.265 null] +>> endobj +1137 0 obj << +/D [4591 0 R /XYZ 71.731 718.306 null] +>> endobj +550 0 obj << +/D [4591 0 R /XYZ 468.494 703.236 null] +>> endobj +1138 0 obj << +/D [4591 0 R /XYZ 71.731 692.504 null] +>> endobj +554 0 obj << +/D [4591 0 R /XYZ 399.509 651.526 null] +>> endobj +4594 0 obj << +/D [4591 0 R /XYZ 71.731 628.037 null] +>> endobj +4595 0 obj << +/D [4591 0 R /XYZ 71.731 628.037 null] +>> endobj +4596 0 obj << +/D [4591 0 R /XYZ 182.356 579.795 null] +>> endobj +4597 0 obj << +/D [4591 0 R /XYZ 71.731 557.713 null] +>> endobj +4598 0 obj << +/D [4591 0 R /XYZ 263.44 546.918 null] +>> endobj +4599 0 obj << +/D [4591 0 R /XYZ 119.552 533.967 null] +>> endobj +4600 0 obj << +/D [4591 0 R /XYZ 223.491 533.967 null] +>> endobj +4601 0 obj << +/D [4591 0 R /XYZ 119.552 521.015 null] +>> endobj +4602 0 obj << +/D [4591 0 R /XYZ 259.735 508.064 null] +>> endobj +4603 0 obj << +/D [4591 0 R /XYZ 162.71 495.112 null] +>> endobj +4604 0 obj << +/D [4591 0 R /XYZ 71.731 480.004 null] +>> endobj +4605 0 obj << +/D [4591 0 R /XYZ 71.731 465.06 null] +>> endobj +4606 0 obj << +/D [4591 0 R /XYZ 241.728 455.561 null] +>> endobj +4607 0 obj << +/D [4591 0 R /XYZ 71.731 425.38 null] +>> endobj +4608 0 obj << +/D [4591 0 R /XYZ 71.731 366.096 null] +>> endobj +4609 0 obj << +/D [4591 0 R /XYZ 71.731 318.111 null] +>> endobj +4610 0 obj << +/D [4591 0 R /XYZ 423.03 307.317 null] +>> endobj +4611 0 obj << +/D [4591 0 R /XYZ 71.731 259.332 null] +>> endobj +4612 0 obj << +/D [4591 0 R /XYZ 71.731 236.418 null] +>> endobj +4613 0 obj << +/D [4591 0 R /XYZ 71.731 236.418 null] +>> endobj +4614 0 obj << +/D [4591 0 R /XYZ 138.919 226.918 null] +>> endobj +4615 0 obj << +/D [4591 0 R /XYZ 71.731 225.825 null] +>> endobj +4616 0 obj << +/D [4591 0 R /XYZ 71.731 205.899 null] +>> endobj +4617 0 obj << +/D [4591 0 R /XYZ 297.956 172.024 null] +>> endobj +4618 0 obj << +/D [4591 0 R /XYZ 76.712 143.73 null] +>> endobj +4619 0 obj << +/D [4591 0 R /XYZ 71.731 48.817 null] +>> endobj +4590 0 obj << +/Font << /F25 852 0 R /F31 858 0 R /F38 956 0 R /F50 1263 0 R /F48 1258 0 R /F55 1386 0 R /F51 1265 0 R /F33 859 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4623 0 obj << +/Length 2118 +/Filter /FlateDecode +>> +stream +xÚ¥Y[sã¶~÷¯`3©4cAÀëŸ5»Ùf;ÓÙiê>t’΢`“cŠTʎúë{ +€ÃY·y±H 88ç;ß¹ÁqôÅÑ_nŸœ»Ùä<*I™±,º»x“žÈ¢œ3R€,º;F?nÞ×â<Êa»ciŒ¡1±ä¹í¯'ٍö}ìíç°åùFžúQÚ÷ºW£Úþûî¯71 +ûÝÝÍ/7 +ãˆF4£„—i”ÓŒpšDÕéFÿÀ(’§%eÉ£AF÷7ìJó‚0ÎÜ.»šòŒ n—±’š„ð$cÚL–P’–y”•`&|3¿ՖśÇg1èÏ#šŸ›ª?ÅØ +š¶¯ÚŒýÇ€ˆ +@,KŽš]žÆhŽã ²@Äîjiw5H[ +o +P𝺪Qžìs-”}8HÙM¶r”íÕŸRïj”D\øŽeéFªéñ +FbûÐßkE +¥$K3«”§Z4 +±k>¡6ÏMÛZ³ÒtfàˊD˜­]?L§)É3îÖôàùpuÆé7ùŸ32  +ŸŠÄI<Úd9 ¿î\ +¶»ç|(8aqî6cSqgó±FÙÆÞ€ŸMó\3+—ÈN.®†æŒ¥*g¥Š—„•ŸTYÝt˜¿T+I—neÓ¹¶ +»–ËLŠÆÕêÐtÇfHM b/Õæœ{–©¹œpˆN\¿¿šaožž×G„ÀŒIVz=nÑš—ÑûCvGµ$:ðw°ž2]?s‡+¶1P +~Šcöpq|ïϺª) +1·«š{3« +€/-Ž—.5ւß!6à +)ð¥'¹?ý=„œ +À@˘ä#߈³_¿€ssØëŽð›çP`>””0ޖš0Sèg€ŸîLh¯ã=`hYs¬fŸîWyHŽƒÇëÿ‘ Yi°í;æI¬Pºëÿšoo×ÉÖFâ*”S‹3Ce¥•PG%ºœcËf¯D0'yYL‰e™_!i’"æG +‰Ä,âÁ +ûQ£Ð£o€šjÔošêFjãÊG©=ÙÉ ·xÊÔ9"' •BóŠ„Yg1¥± +hN=–wM{œUª@ +‚®:õ{fEì(u?b]ÞögãYKášÓ¥³ÆŸoÕ€÷ûE) +¶Iì¢Á•|U#b2LžÓ‘£ hZqhårš\ÙæùåÛbí­ú¯Fÿê2j¡¢Ê±š¢ +IÐ埻µ·‡Ù(ªüŠ«ë!x¥¶#2ýv%CÕýÅ-u€x EÛ?4«\ßûQaeƒ"r6Ï|çXõÃ?þŒ¢.€i76v`qκ8ó'jƒÜxð W¢[*¬GbyÇæ“€î0™iü _Àñž9¿ +͓ðÈ|àÞm© +õÜȆm=è=`–Ú/çcki +m,ó‰[aP +A×[ÎG[ ç4 Üfѓ˜ +0P:*éuTóé¯ÅIWœÃÂCÃa׌d +;ã*B² ÷MöÇ£¡þ|ª#­ + +#÷ŽˆfE +L5ŸʶMuώT6(ݺGý³œ +™gјaǀ}÷§q1æ>H|wÇ*÷ +;S(u®@οӈ<‰wïM—ƒñÕÔI*€e¢[Wö;°œæR¡ +º7ãTµA"ôŠ­Ÿ9ù}žQÆ®“'Ÿj‘©±nüt +N©SïûÏûnOÀ®}sÔ2^‰ +ºž$1õT¿õœª=±ÇŸêÛW&{è +_*¶£%ä–,ñ¹‚_%^Q¯, geP»·*ÅŠëEçéô£4%ÐÐœDN'—~hþ#_ +åU +Àc0Îr¯Þtácš„U”CÕ)²%y}UÑw.v²Ôw +X_Ö¹ÅæŸnNP\Â#ÁT3záuûЯ/v^¡ßWÃ*„ /œNœrEI²$›7ê®ní8ähšŠKº|x“û! +Iò2€¡æ^@¿Ü–Ï•~ÿ;Ý|°¥¬-Äк1Qà˜02P8q ËæçnÁ + +ƒJj:‡¶“0¬PæâòWýGwFë+2hÚNŽ#Óu¢}ùf^íá}W}ƒ\»ðS8ÖÎnV1ÇW l£›k+ƒ—Òµl[Ø;ﵜ° +Ú;²˜$)ރ@ݯÿˆËèlÓyÙǯ|Ò@dPŠž¡ßwêçÀ!;ÜIzºázÛQFþñžŸõZüC%ÑÉzè +úZžû³bý‘ÿÀÿ +endstream +endobj +4622 0 obj << +/Type /Page +/Contents 4623 0 R +/Resources 4621 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4556 0 R +>> endobj +4624 0 obj << +/D [4622 0 R /XYZ 71.731 729.265 null] +>> endobj +4625 0 obj << +/D [4622 0 R /XYZ 166.376 670.002 null] +>> endobj +4626 0 obj << +/D [4622 0 R /XYZ 227.66 649.659 null] +>> endobj +4627 0 obj << +/D [4622 0 R /XYZ 280.83 626.346 null] +>> endobj +4628 0 obj << +/D [4622 0 R /XYZ 166.376 604.426 null] +>> endobj +558 0 obj << +/D [4622 0 R /XYZ 263.069 542.491 null] +>> endobj +4629 0 obj << +/D [4622 0 R /XYZ 71.731 519.596 null] +>> endobj +4630 0 obj << +/D [4622 0 R /XYZ 71.731 519.596 null] +>> endobj +4631 0 obj << +/D [4622 0 R /XYZ 71.731 516.727 null] +>> endobj +4632 0 obj << +/D [4622 0 R /XYZ 137.484 498.894 null] +>> endobj +4633 0 obj << +/D [4622 0 R /XYZ 336.217 498.894 null] +>> endobj +4634 0 obj << +/D [4622 0 R /XYZ 71.731 483.786 null] +>> endobj +4635 0 obj << +/D [4622 0 R /XYZ 137.484 468.01 null] +>> endobj +4636 0 obj << +/D [4622 0 R /XYZ 365.906 468.01 null] +>> endobj +4637 0 obj << +/D [4622 0 R /XYZ 176.776 455.059 null] +>> endobj +4638 0 obj << +/D [4622 0 R /XYZ 260.343 455.059 null] +>> endobj +4639 0 obj << +/D [4622 0 R /XYZ 333.867 455.059 null] +>> endobj +4640 0 obj << +/D [4622 0 R /XYZ 137.484 429.156 null] +>> endobj +4641 0 obj << +/D [4622 0 R /XYZ 361.643 429.156 null] +>> endobj +4642 0 obj << +/D [4622 0 R /XYZ 71.731 394.122 null] +>> endobj +4643 0 obj << +/D [4622 0 R /XYZ 184.527 370.376 null] +>> endobj +4644 0 obj << +/D [4622 0 R /XYZ 124.533 356.18 null] +>> endobj +4645 0 obj << +/D [4622 0 R /XYZ 137.484 338.247 null] +>> endobj +4646 0 obj << +/D [4622 0 R /XYZ 398.234 338.247 null] +>> endobj +4647 0 obj << +/D [4622 0 R /XYZ 71.731 323.139 null] +>> endobj +4648 0 obj << +/D [4622 0 R /XYZ 137.484 307.363 null] +>> endobj +4649 0 obj << +/D [4622 0 R /XYZ 76.712 277.774 null] +>> endobj +4650 0 obj << +/D [4622 0 R /XYZ 71.731 262.83 null] +>> endobj +4651 0 obj << +/D [4622 0 R /XYZ 310.831 251.173 null] +>> endobj +4652 0 obj << +/D [4622 0 R /XYZ 71.731 244.305 null] +>> endobj +4653 0 obj << +/D [4622 0 R /XYZ 157.912 234.536 null] +>> endobj +4654 0 obj << +/D [4622 0 R /XYZ 187.859 222.879 null] +>> endobj +4655 0 obj << +/D [4622 0 R /XYZ 71.731 215.903 null] +>> endobj +4656 0 obj << +/D [4622 0 R /XYZ 222.388 206.242 null] +>> endobj +4657 0 obj << +/D [4622 0 R /XYZ 139.477 194.586 null] +>> endobj +4658 0 obj << +/D [4622 0 R /XYZ 353.924 194.586 null] +>> endobj +4659 0 obj << +/D [4622 0 R /XYZ 290.666 182.929 null] +>> endobj +4660 0 obj << +/D [4622 0 R /XYZ 401.986 182.929 null] +>> endobj +4661 0 obj << +/D [4622 0 R /XYZ 225.956 171.273 null] +>> endobj +4662 0 obj << +/D [4622 0 R /XYZ 71.731 164.404 null] +>> endobj +4663 0 obj << +/D [4622 0 R /XYZ 71.731 131.129 null] +>> endobj +4664 0 obj << +/D [4622 0 R /XYZ 71.731 131.129 null] +>> endobj +4665 0 obj << +/D [4622 0 R /XYZ 161.265 122.526 null] +>> endobj +4666 0 obj << +/D [4622 0 R /XYZ 71.731 121.542 null] +>> endobj +4667 0 obj << +/D [4622 0 R /XYZ 161.265 112.035 null] +>> endobj +4621 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F48 1258 0 R /F55 1386 0 R /F31 858 0 R /F38 956 0 R /F50 1263 0 R /F51 1265 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4670 0 obj << +/Length 1152 +/Filter /FlateDecode +>> +stream +xÚÅWKoã6ŸçWè(+š€Þíb}€Ø¢G_ŠnQ02m‘D­Hmb ?ŸC‘T$Ë ŠôÐ +"ŠÎó›c +œ +ür÷ÃánÇA‰ÊŒfÁáÄFžÈ‚<ŠšHip8„?Ö¬×|ØE4Å!ÁÈ.~â}#/-ïŽ}×Ò>‡]œ‡Œ•šÛ÷Z*­v +~œÃÎìþ>)‚lf‰±QŠQ†KX$(Å +5úûŽ$8”#(ɋ°b]蚻•Rõ^Uœ}yº–£v2—^tçYÞ.zŠT_;‚CŠÜ +;3Ñ}°ë±Ó¢±ËˎŸX滇ÏB_©«Æaà;vyÓ æþžŠIPœdt +@za+ÊrD3 +d‘ ŠìÙߘ1VÓpŽAž® + +Mº'9—rcô¢4o­Ñ/RŠ!—e€ŽÖŸà7²bÒLó£`ƒìÍ®è`«iþêX˧Í~'Ñpµ7ZB +§ÄÚà9iû{ú„Ýf~kÓKFÑ.Ê0• +‡ŠÛuŽøûd·Œ'š +à‰2^ÜÔõŠJv'qV + +G~bc£Wòcÿ*6TuÿxŸí%€D^ɑûžT$4¯ô8øä, +®dÛC)Žv§gÕ#;ó.¡\œ[VƒèõûÒ6÷æ‹Ãš1Z€‡ìµ +k^d#ÕóJœDµ,Æû"hÄæÕ[ +· zg­ûA|cš¿¥ÿܟíË#¿Œ/Ýö/ÌAP™ŠŽ9|ûÅ)J²|E +đÇaf$Ù}Á˜š&˜ža|€FlI nbèe²“ۃ?†çs§ÙšÚr ÉQYPd|£m•%àWêÅÖ/þhŽÊ.OÒÝ%œUµ]­;aÚq×JÙò7̓aow͘X§üKŠÓð™µ}ÃoH<‰Š±«÷¹oXÍeê¥"1 +„SHŸ»õ€yœ/c/;»r|É +¢íÎDÔÆ¹Ú [¢&/D +{–š +8Ÿ³™#We 9*ÊÔþx#¹9ÊáÎtÉ]%k«.ÉŠ±þôŠ¶Ò + œ9õ&›ÿ:B +ÐóåíŸA”P”‚Ï‘ +3„& +¥–® k¡¶øÞ +éVg]Ùü ҈ΰáGŒ«© +gÚj¹ôÃ8àQñu„ÉD!ߏþ]?~>];e!äê*=–:éÊj!'”v~ýØ*Ù +ïÕi·îlR”(ƒÑ˕åÌ;>ˆ +ن›+œªcIP4æN8'žjá³áÚnîý˜'Ôӂ ’ÄkØ/î4²îžéá‰Ø»ÆžM²l]°­èD;¶«º£@'£8GŸü/èW¬­a + +ª÷cŸ^a&i̜Ši$6Ãe»éŒ‹,67s1 hêìl;õÇ[MäÆôÏz +^*% +Œ-ÚýÅŽÀ€4žþfþñaG~mæu64søÊyØ +ž§1*âë0M"{+—' +9hPšÏåúxC€'+–zŠQd«)‰Ž‹+dŒ®iÿ‚Œ-†ÀùŒœEÑÕϛÕOª +Úç`\ J‰—«3?îþÎƒÓ +endstream +endobj +4669 0 obj << +/Type /Page +/Contents 4670 0 R +/Resources 4668 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4556 0 R +>> endobj +4671 0 obj << +/D [4669 0 R /XYZ 71.731 729.265 null] +>> endobj +4672 0 obj << +/D [4669 0 R /XYZ 71.731 718.306 null] +>> endobj +4620 0 obj << +/D [4669 0 R /XYZ 71.731 680.448 null] +>> endobj +562 0 obj << +/D [4669 0 R /XYZ 394.464 641.076 null] +>> endobj +4673 0 obj << +/D [4669 0 R /XYZ 71.731 628.144 null] +>> endobj +4674 0 obj << +/D [4669 0 R /XYZ 71.731 395.746 null] +>> endobj +566 0 obj << +/D [4669 0 R /XYZ 312.35 362.521 null] +>> endobj +4675 0 obj << +/D [4669 0 R /XYZ 71.731 339.935 null] +>> endobj +4676 0 obj << +/D [4669 0 R /XYZ 137.534 329.644 null] +>> endobj +4677 0 obj << +/D [4669 0 R /XYZ 71.731 314.536 null] +>> endobj +4678 0 obj << +/D [4669 0 R /XYZ 71.731 299.592 null] +>> endobj +4679 0 obj << +/D [4669 0 R /XYZ 71.731 286.64 null] +>> endobj +4680 0 obj << +/D [4669 0 R /XYZ 139.477 270.864 null] +>> endobj +4681 0 obj << +/D [4669 0 R /XYZ 71.731 248.782 null] +>> endobj +4682 0 obj << +/D [4669 0 R /XYZ 329.163 237.988 null] +>> endobj +4683 0 obj << +/D [4669 0 R /XYZ 71.731 200.877 null] +>> endobj +4684 0 obj << +/D [4669 0 R /XYZ 71.731 185.769 null] +>> endobj +4685 0 obj << +/D [4669 0 R /XYZ 139.477 169.993 null] +>> endobj +4686 0 obj << +/D [4669 0 R /XYZ 293.318 157.041 null] +>> endobj +4668 0 obj << +/Font << /F33 859 0 R /F48 1258 0 R /F25 852 0 R /F50 1263 0 R /F31 858 0 R /F11 2489 0 R /F74 1733 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4690 0 obj << +/Length 1285 +/Filter /FlateDecode +>> +stream +xÚÅXϏ£6ŸÏ_Á1‘ÇŒ¡ZUjw:U{ª4‘öÐöà€¬%€ø1³ÙCÿöÚØC˜IŠÝ9aûùù}ßûÞ3Ð98ÐùõæçíÍæÞ÷Ä¡:Ûœã‡À(tˆï{Î6uþ\}ÌhÕ²zíz®jpǪŒ< +YѪ÷¶TÏzí“;–-SïYÙŽÍúïíï7Po»¹GÈÚÓõ°ÈÀ0R›~K„wöLH ýZ'oYÒv5Ss'V ç›É?>c-6@U3^4-Ísåö_òjyYÐ\ŒÑäæ鞁pŒ +‹Hö¶¶™>z“1c®Ij^Í#Õj°cû²ÖkŽŒ8šwª +IÎE€uè·ë®NOÄē¶™ñæ|§§5‚«²ËSãO׊åÚë§Â,ëc'ã"Ä©ϊÁµõ­vo?, +<Ö—Ƙ€!ÊØ +ÛK7h—·Í€ + +HÀ=`!ð#lðÈùŽ}aÉƂå +Á8‘OXà¢Ð( Â#BïÄ-‘ïF.ºr÷*n-©f ã’8k„W¬ÙcYPãŠ6â]­iGsjèÕM»D8Z€†Hù©ŠZ]¯QŽ:tǑ„ÃÌvšsº³væç¹oŒxá(;^ÐúŽñêÛâÄ9ô€‡.Q;Ø{gjó‚·6QŸ³å–œæü+ÛtUJMÜц Žë71Ê_F +æ×)­ +xø€[‘ºRÉ<ì $rDÖa[Êp«©¢ +# ž"³—D:†b ²Æg‘îfÕçƒú±év)©Ü–BÄ?§Of +ßflᄶȳ)%÷87& +;a¶>™Ÿ Ou÷¥(F“ÌdœES +ë +§Ï<ƒ™k5“6J>€þ@ä +¶DZ +/äÍÄZ(ZL^ÎËÚmO/׏Âþ׉>¥5)ÏY:‘#›ŒFÙ+š|Š£ËÔ¬oD”Xº(^÷RÈÏ㟓Žéxžj©íªiòíË®¶SIïøÄMÆî&[ÿ0ª +%}LՋ'Z€Å”ݝ6ô˜Q^žÏA +] +ñ#«!\ +†„†8š¡ûŒ!°`ƒËž +ü q€í’#"ÕIü +š +áß-„?) +‰âaÈ1¥ÜÓ®ÄëiŠúªž—ì +søÀë–Ø`Ï¥ù%t°HüfèėÐ!ÿè:t¢«Ñ‘ˆX% +rëäMv^¬`µ(ƒZ%Ò® +Jژh&­5 !*é¿ +Pí‡ûŸõ”Œœ—’Äo„çÅl# +x +jߊA + +T7Y› +hLªñ—Ÿ·N:Ñ°a]Ê×Ûì¡Ýå +FCàþT.cç[Ž +/D,ô!C]ý㧇‡OwîEôŸ9 +ŸWV¿ŽVBÕÀy0'ú7pdµoŸnÞ>v¢h +ùW•Ÿâ‡ÖtsÍ©iÙq©+”U]X%hbi‹¬mk)ÛËÎUœ¥¿ØþŠ/ü§²³.YtþÕ'Éhq˜wâéØ/OêËíÌdB‹ +›òhJÒøÁášFœNö¡ŠQi}Òè?ß=è€ý³iÿ! +ÈZµ„-¶õO{þ”qÓ0™ÛrR³Qƒ»ªœß+Íå×dh "E¹L,¯KãAdß#¯¯ŸŠîÝ]ž’ÕàÜa?AàMÒÂúò6ùÚÃ^²]ñŒÅS1Áɒ_¶7ÿ™" +endstream +endobj +4689 0 obj << +/Type /Page +/Contents 4690 0 R +/Resources 4688 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4722 0 R +>> endobj +4691 0 obj << +/D [4689 0 R /XYZ 71.731 729.265 null] +>> endobj +4692 0 obj << +/D [4689 0 R /XYZ 71.731 718.306 null] +>> endobj +4693 0 obj << +/D [4689 0 R /XYZ 71.731 706.187 null] +>> endobj +4694 0 obj << +/D [4689 0 R /XYZ 139.477 690.411 null] +>> endobj +4695 0 obj << +/D [4689 0 R /XYZ 71.731 655.377 null] +>> endobj +4696 0 obj << +/D [4689 0 R /XYZ 185.862 644.583 null] +>> endobj +4697 0 obj << +/D [4689 0 R /XYZ 71.731 620.423 null] +>> endobj +4698 0 obj << +/D [4689 0 R /XYZ 71.731 605.315 null] +>> endobj +4699 0 obj << +/D [4689 0 R /XYZ 139.477 589.539 null] +>> endobj +4700 0 obj << +/D [4689 0 R /XYZ 71.731 554.506 null] +>> endobj +4701 0 obj << +/D [4689 0 R /XYZ 185.862 543.711 null] +>> endobj +4702 0 obj << +/D [4689 0 R /XYZ 71.731 519.552 null] +>> endobj +4703 0 obj << +/D [4689 0 R /XYZ 71.731 504.443 null] +>> endobj +4704 0 obj << +/D [4689 0 R /XYZ 139.477 488.667 null] +>> endobj +4705 0 obj << +/D [4689 0 R /XYZ 71.731 466.585 null] +>> endobj +4706 0 obj << +/D [4689 0 R /XYZ 185.862 455.791 null] +>> endobj +4707 0 obj << +/D [4689 0 R /XYZ 71.731 436.613 null] +>> endobj +570 0 obj << +/D [4689 0 R /XYZ 315.985 401.146 null] +>> endobj +4708 0 obj << +/D [4689 0 R /XYZ 71.731 378.561 null] +>> endobj +4709 0 obj << +/D [4689 0 R /XYZ 137.534 368.269 null] +>> endobj +4710 0 obj << +/D [4689 0 R /XYZ 383.788 368.269 null] +>> endobj +4711 0 obj << +/D [4689 0 R /XYZ 71.731 333.235 null] +>> endobj +4712 0 obj << +/D [4689 0 R /XYZ 119.552 309.489 null] +>> endobj +4713 0 obj << +/D [4689 0 R /XYZ 122.869 296.538 null] +>> endobj +4714 0 obj << +/D [4689 0 R /XYZ 122.869 283.587 null] +>> endobj +4715 0 obj << +/D [4689 0 R /XYZ 182.326 270.635 null] +>> endobj +4716 0 obj << +/D [4689 0 R /XYZ 71.731 257.644 null] +>> endobj +574 0 obj << +/D [4689 0 R /XYZ 332.418 220.055 null] +>> endobj +4717 0 obj << +/D [4689 0 R /XYZ 71.731 216.863 null] +>> endobj +578 0 obj << +/D [4689 0 R /XYZ 298.925 185.584 null] +>> endobj +4718 0 obj << +/D [4689 0 R /XYZ 71.731 162.999 null] +>> endobj +4719 0 obj << +/D [4689 0 R /XYZ 119.552 139.756 null] +>> endobj +4720 0 obj << +/D [4689 0 R /XYZ 376.895 139.756 null] +>> endobj +4721 0 obj << +/D [4689 0 R /XYZ 71.731 136.354 null] +>> endobj +4688 0 obj << +/Font << /F33 859 0 R /F11 2489 0 R /F31 858 0 R /F50 1263 0 R /F25 852 0 R /F74 1733 0 R /F38 956 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4725 0 obj << +/Length 1773 +/Filter /FlateDecode +>> +stream +xÚÍYIÛ6ŸçWèP`l`Ä!µ+-tKÑ +ŠuPI +‰ +³ÑI +Ç=ô·÷qÕbÎR$zÉP2ùÖï}|OÁޝ‡œŸ^|·{qó: +œ +åIx»œ&á,ñÒ0@Y +x»Ò{»ùþ@»‘õ[?ˆñ†`€?°®jÏ5kFõ<¶êo¿ +Ó +«Û‘©çC;ŒÃöýî—X«œy +Ä +!( +†œçFq‰ŠqŠŽ‚"‚Bui¶ù¶ÜŒ)ys§ž‡c×µÂ&ЬÞì·°–¯à6úo/Þâ쁏¬=ƀßdæ7ö|áqš*Ý»m¢”ýŽ,ÕBiÔÞî[ +ÚŽãÁ‡öÅJ +™k!q†0N@›ÔòÃ¥Qn6q.1)"Ql6œzJʵ²í¯ã m/zFMvÀvœ8‰iŸßa +TlP’ÓÈË@r ÉyŽ‚píAŒg;Àž$»ô`!% (&ùʃ‡¥ ¢möüΝ:H\ +îz> QDx‡c +‡„ò˜ôªíFÞ6üFLîJ—‹1Šòe\L­‹­”7}áp1NPYY·þ،ŒÖ~MŽRáàäoŠ$_ê'FId-P1 + +ê¡:ɧ’÷ð¶?ë îÅ ÈB”!“Í[¥  +¯] +çadµ[ŒÆ$᜕?ýºÀ'Ë=«m›WÂa$­X•ñ›ÎœäÍ0Òª¢“,°{YÊ ],TÿÈꮲµ¢ªÂÉ +|-dîXÃz^<ŠÚÌ+³ÔFœ + eR<:†E>/³ +y¶Ä~Í^ëæ×€¥¥V +ò”yKN‘LPJ‚‡šŒۆxÃ$µúN†•»ºžù7 +Ðÿ*ú‚œ‹žwãàfâRˆµâ݄¡œPA•±ô +t^æZâëp +Gu{ií6ˆ7§f +(«ÆîQÑY² +Òqé’±Ò¡±è,%VK¢Ã x·7I ûhm°§ª¶ •³ÜçØÆ^¯¬.¶ŠWIGzKfʄœVüï™dªðkýÑ(TŸC4@_3Ÿ¬ø-ûȊx&Ÿ€™$Þè–ãÏ-±:ê8PSÊ[oîÅ?¬ïy9ÝlõÊÙ¡­Ù”,[ +U5Kòì×غÕL7€5&¹~ž dËÏÏúCÇ +.²RzÝ,ö§&œÆÄf™ +}Ó+ˆšTný QŠt‘ƒ}Ã%ÀWÎ]¬èè| « m}Ù9áÖN9ÛHáþ ²z9ÆôŒÍ›‘óðÒQÇŸÖã՞Ü^§‡¯ôf2Û +][€ó%¯K&M0ÜÑþUãÞñõ±v²®Ä9ELbÕõíœìŠÄUäwª7Ž÷¬‡ò> endobj +4687 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [231.351 646.411 290.628 657.315] +/Subtype /Link +/A << /S /GoTo /D (0:DEPLOY-LAYOUT) >> +>> endobj +4726 0 obj << +/D [4724 0 R /XYZ 71.731 729.265 null] +>> endobj +4727 0 obj << +/D [4724 0 R /XYZ 71.731 741.22 null] +>> endobj +582 0 obj << +/D [4724 0 R /XYZ 366.208 708.344 null] +>> endobj +4728 0 obj << +/D [4724 0 R /XYZ 71.731 685.759 null] +>> endobj +4729 0 obj << +/D [4724 0 R /XYZ 409.437 675.467 null] +>> endobj +4730 0 obj << +/D [4724 0 R /XYZ 215.013 662.516 null] +>> endobj +4731 0 obj << +/D [4724 0 R /XYZ 427.803 662.516 null] +>> endobj +4732 0 obj << +/D [4724 0 R /XYZ 71.731 627.482 null] +>> endobj +4733 0 obj << +/D [4724 0 R /XYZ 308.002 616.687 null] +>> endobj +4734 0 obj << +/D [4724 0 R /XYZ 71.731 600.334 null] +>> endobj +586 0 obj << +/D [4724 0 R /XYZ 420.232 567.024 null] +>> endobj +4735 0 obj << +/D [4724 0 R /XYZ 71.731 544.624 null] +>> endobj +4736 0 obj << +/D [4724 0 R /XYZ 71.731 524.698 null] +>> endobj +4737 0 obj << +/D [4724 0 R /XYZ 175.72 488.319 null] +>> endobj +4738 0 obj << +/D [4724 0 R /XYZ 221.916 475.367 null] +>> endobj +4739 0 obj << +/D [4724 0 R /XYZ 321.93 475.367 null] +>> endobj +4740 0 obj << +/D [4724 0 R /XYZ 427.323 475.367 null] +>> endobj +4741 0 obj << +/D [4724 0 R /XYZ 144.458 462.416 null] +>> endobj +4742 0 obj << +/D [4724 0 R /XYZ 71.731 459.014 null] +>> endobj +590 0 obj << +/D [4724 0 R /XYZ 344.163 425.704 null] +>> endobj +4743 0 obj << +/D [4724 0 R /XYZ 71.731 403.118 null] +>> endobj +4744 0 obj << +/D [4724 0 R /XYZ 332.491 392.827 null] +>> endobj +4745 0 obj << +/D [4724 0 R /XYZ 119.552 366.924 null] +>> endobj +4746 0 obj << +/D [4724 0 R /XYZ 329.124 366.924 null] +>> endobj +4747 0 obj << +/D [4724 0 R /XYZ 71.731 353.559 null] +>> endobj +594 0 obj << +/D [4724 0 R /XYZ 345.343 316.344 null] +>> endobj +4748 0 obj << +/D [4724 0 R /XYZ 71.731 313.152 null] +>> endobj +4749 0 obj << +/D [4724 0 R /XYZ 71.731 298.208 null] +>> endobj +4750 0 obj << +/D [4724 0 R /XYZ 266.268 289.743 null] +>> endobj +4751 0 obj << +/D [4724 0 R /XYZ 427.231 289.743 null] +>> endobj +4752 0 obj << +/D [4724 0 R /XYZ 71.731 205.26 null] +>> endobj +4753 0 obj << +/D [4724 0 R /XYZ 71.731 205.26 null] +>> endobj +4754 0 obj << +/D [4724 0 R /XYZ 71.731 180.189 null] +>> endobj +4755 0 obj << +/D [4724 0 R /XYZ 71.731 180.189 null] +>> endobj +4756 0 obj << +/D [4724 0 R /XYZ 143.761 170.69 null] +>> endobj +4757 0 obj << +/D [4724 0 R /XYZ 71.731 157.653 null] +>> endobj +4758 0 obj << +/D [4724 0 R /XYZ 143.761 147.377 null] +>> endobj +4759 0 obj << +/D [4724 0 R /XYZ 71.731 123.078 null] +>> endobj +4760 0 obj << +/D [4724 0 R /XYZ 143.761 112.408 null] +>> endobj +4723 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F11 2489 0 R /F74 1733 0 R /F50 1263 0 R /F38 956 0 R /F48 1258 0 R /F51 1265 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4763 0 obj << +/Length 1655 +/Filter /FlateDecode +>> +stream +xÚœXKoã6Ÿï¯ðÑ"F€Þ‹¶À>ºzhEnmŽDÛDdR+J›ºèïP$%S‘§ØöbQ9œÎ÷Í +ÃÕ~®îÞŒ¿sû)ŠV*R’®îw«( +Q˜§«,"(OÈêŸZý¶þp MÇÚM@’pCdYSËӑ‰ÎŒwÒ<ÛM”­ÙQvÌŒ€êÔæûŸÞ„v[ØŸí8DIëJÂÜlúά®åÞ +äÎns°rkªìÎm/Ìà‘×µm퀇 +׬±¹ÐzÜ~JÂUÛ§±Þ +Çá(͆}»cs +›îx͐ÞB +y~ +ܪ@;*ËÌÚR +TTvþ¹1Fq»=J*|5á +'ëÓKw²®å†$`ŸØ¿ÕÒW +åEbÄr±“ž£Ýs +AÊâ +`Ç0ûs+õŠ_yŔsÏN¶GÚqiÕsO.TGëšU浬9œºº±“l`Ð + ×_µš”×t[3­ÕÐòî™BÆ +§!šÀ±õNÍšžÞŽ_!ÖCô3EÉŸ-­ +m· ý²kåqòïB8D)„öš¬ §'ÅŽÝÍê·oYÙÉöÒ!V.:íuR +;Z,-ÚЋ^±Êú) +!Ìr€£ìÎ{ѵWÚ @Æ8uж<4û[33‹ÏfÆ +£Ñ!ß-ÈÊNósI +RF .Ü€c:W¬]ŸÍdsÆë6֚–Ž3»§ìçѝÆËlî@Ú +I<‹zcš9åŽÉBð¯åx§g>I#”OÑ€Ñâ_.XÕÛÙýÂÍÈ_͜•‡^Õù2GI +ùÌ ýœ€¶fǹ^6 +µÅÄãµç®n†¯S¹lVMk€Ýu¯`U‡ÅF»®o*Ú±Ù2ÅZ[ûÛRhˆà\/>È +@3Œ +Ê`Ð2ےÀ*—ÛClgÂ!­Þ8Vç +‡ìú›¹kÜåi¯ŠÓ-Ul–3LÙç1áBó3?°gÒx/^ +Þ~ûìwhÔ^0XÕš +d + +ªFPèóûÊe¯êÓâõÇ +À×ѕaòLàŸÙ5{0fŒísÀJha‹DGªîF ÙJ + RHéqfOW7ñ(FCNÉòõ +¬¥µy‘Cý¥T +íµUj„_Œ~›G@bbÝÒߓ¥T +¢Â± +ÿÜʪwµ®ì»Š·’TÏ»©" +ë§Zî÷€?› +£d:ŸioãÅcSWAprC +>Ål}kuòŸeöÍ$á—Ý¢f.PüØן +ù¡@qšN>à.Ì +ý0“œ«7]MQA=xsNŒc91+&(乩˜.TìçèõÛd¯—µ +zוÁifàiž-œÐ8g٘ÿÞ)Õ™+j\ãžB=º’y€mWI5@ +M§f +2^à +)p +ÄpÙñ‡¢ë)#ž_"{×qÂ +Ì"„‰=AŒ‰·æÇû7ÿÁ§í# +endstream +endobj +4762 0 obj << +/Type /Page +/Contents 4763 0 R +/Resources 4761 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4722 0 R +>> endobj +4764 0 obj << +/D [4762 0 R /XYZ 71.731 729.265 null] +>> endobj +4765 0 obj << +/D [4762 0 R /XYZ 71.731 718.306 null] +>> endobj +4766 0 obj << +/D [4762 0 R /XYZ 261.687 708.344 null] +>> endobj +4767 0 obj << +/D [4762 0 R /XYZ 71.731 673.31 null] +>> endobj +4768 0 obj << +/D [4762 0 R /XYZ 71.731 658.366 null] +>> endobj +4769 0 obj << +/D [4762 0 R /XYZ 71.731 647.472 null] +>> endobj +4770 0 obj << +/D [4762 0 R /XYZ 139.477 629.639 null] +>> endobj +4771 0 obj << +/D [4762 0 R /XYZ 71.731 617.519 null] +>> endobj +4772 0 obj << +/D [4762 0 R /XYZ 71.731 606.625 null] +>> endobj +4773 0 obj << +/D [4762 0 R /XYZ 139.477 588.792 null] +>> endobj +4774 0 obj << +/D [4762 0 R /XYZ 275.585 588.792 null] +>> endobj +4775 0 obj << +/D [4762 0 R /XYZ 249.593 575.841 null] +>> endobj +4776 0 obj << +/D [4762 0 R /XYZ 71.731 563.721 null] +>> endobj +4777 0 obj << +/D [4762 0 R /XYZ 71.731 552.827 null] +>> endobj +4778 0 obj << +/D [4762 0 R /XYZ 139.477 534.994 null] +>> endobj +4779 0 obj << +/D [4762 0 R /XYZ 265.951 522.042 null] +>> endobj +4780 0 obj << +/D [4762 0 R /XYZ 440.634 522.042 null] +>> endobj +4781 0 obj << +/D [4762 0 R /XYZ 139.477 509.091 null] +>> endobj +4782 0 obj << +/D [4762 0 R /XYZ 164.373 509.091 null] +>> endobj +4783 0 obj << +/D [4762 0 R /XYZ 186.51 509.091 null] +>> endobj +4784 0 obj << +/D [4762 0 R /XYZ 211.984 509.091 null] +>> endobj +4785 0 obj << +/D [4762 0 R /XYZ 235.237 509.091 null] +>> endobj +4786 0 obj << +/D [4762 0 R /XYZ 272.029 509.091 null] +>> endobj +4787 0 obj << +/D [4762 0 R /XYZ 71.731 497.106 null] +>> endobj +4788 0 obj << +/D [4762 0 R /XYZ 71.731 486.077 null] +>> endobj +4789 0 obj << +/D [4762 0 R /XYZ 139.477 468.244 null] +>> endobj +4790 0 obj << +/D [4762 0 R /XYZ 391.37 468.244 null] +>> endobj +4791 0 obj << +/D [4762 0 R /XYZ 71.731 443.173 null] +>> endobj +4792 0 obj << +/D [4762 0 R /XYZ 71.731 432.279 null] +>> endobj +4793 0 obj << +/D [4762 0 R /XYZ 139.477 414.446 null] +>> endobj +4794 0 obj << +/D [4762 0 R /XYZ 139.477 401.494 null] +>> endobj +4795 0 obj << +/D [4762 0 R /XYZ 300.053 401.494 null] +>> endobj +4796 0 obj << +/D [4762 0 R /XYZ 354.877 388.543 null] +>> endobj +4797 0 obj << +/D [4762 0 R /XYZ 154.7 375.592 null] +>> endobj +4798 0 obj << +/D [4762 0 R /XYZ 314.788 375.592 null] +>> endobj +4799 0 obj << +/D [4762 0 R /XYZ 71.731 363.472 null] +>> endobj +4800 0 obj << +/D [4762 0 R /XYZ 71.731 352.578 null] +>> endobj +4801 0 obj << +/D [4762 0 R /XYZ 139.477 334.745 null] +>> endobj +4802 0 obj << +/D [4762 0 R /XYZ 314.13 334.745 null] +>> endobj +4803 0 obj << +/D [4762 0 R /XYZ 71.731 296.722 null] +>> endobj +4804 0 obj << +/D [4762 0 R /XYZ 71.731 285.828 null] +>> endobj +4805 0 obj << +/D [4762 0 R /XYZ 139.477 267.995 null] +>> endobj +4806 0 obj << +/D [4762 0 R /XYZ 378.189 267.995 null] +>> endobj +4807 0 obj << +/D [4762 0 R /XYZ 71.731 265.838 null] +>> endobj +598 0 obj << +/D [4762 0 R /XYZ 260.417 233.524 null] +>> endobj +4808 0 obj << +/D [4762 0 R /XYZ 71.731 211.124 null] +>> endobj +4809 0 obj << +/D [4762 0 R /XYZ 71.731 211.124 null] +>> endobj +4810 0 obj << +/D [4762 0 R /XYZ 71.731 165.988 null] +>> endobj +4811 0 obj << +/D [4762 0 R /XYZ 71.731 165.988 null] +>> endobj +4812 0 obj << +/D [4762 0 R /XYZ 71.731 132.737 null] +>> endobj +4813 0 obj << +/D [4762 0 R /XYZ 71.731 132.737 null] +>> endobj +4761 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R /F74 1733 0 R /F38 956 0 R /F25 852 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4816 0 obj << +/Length 1380 +/Filter /FlateDecode +>> +stream +xÚ­XێÛ6}߯öIV +)êŽzË +š +hû@KŽ-¬,ººÄ1ЏïP +ʲ¬uÜŽ/kQK‡gÎ9 +›:[‡:Ïß­ +ÞŒãÜÉH±³Ú8<Š„Š±“ð€€Qଠ+çw÷û8t²ñü ¢.£Ä<ü •:íeݙq§Ìgãñĕ{ÕI3Þ©¶kœ?W?=PÜöL'{úAHIÄCý@"ššM}¥×ŒyÇØd*lž€Š|ef\KHŽþ 4šäRœ€À íŽoâÀNýmŽâû•Úš _/D +ÆìsÙ¥_˜Ý +‡ Ž~9ȌܜLŠ¢6Ÿªï=V7ž7 +뾗m+¶²ÅâíN>zL¯® +3ܪËê¶]¡l\Õíds,[ItŠŽÏXHâ +>’YCäÆ +"w#s€ +ËŠ± GóTá5# +šRÇ×tMbdN±„)#Öêqäá  +ƒÉ\ˆ™ãŠC%Jd˜‹ÜO +–=ˆ +àãë +s aÀá‰ôîIêڜŒæ¥Ô%íÎŒ.ë~©°±$JLŽÕ®Dâæj¿5Âq,« +ùºSšÈG3‚ÀªÙ‹®Žt +ufì'Y±I +g9Úg!:±íÝ€Z}Õi\ŸP/Íl¡OôQç"ÊJ¬£èã +è2sœuY‹ædÓh;QUÖÐ"Ñêš@Ì`ad!æ! v1C” +iwÉÍX +4í +‰"ºŸow]šD˜Àđ¥wÂ|Â­³âM%Ž8iªÓ.RÏ7I^ñ/ŸÍ¿\¿ª$lõß ˜q†ÇŸî[+Xcöí[d)èÚʪÍ°X ãLD’‰ÃÁKBF‚l4 +s4#kÕöë¢lÀÙP-ŽÜ'{%i +$àV€åKoVëvÂYJÂl4QÑä»ÃËö™˜„“‰ÚmùÜm/B%„ÅÉ4ÒB”dpöì%¯ÍH +e +Ȕ¯(ÍgIFҔ/.ŸSp7Ù$€°öFn§AµÃ`ÐK5ts>ÞkÉÉmIJ;ü±®”(þUÆ.L8t†×”€'lÔ~æËEÙvM¹ÖÉög¯9Êu[vYýQ§-›ñ-­Ë?×ý‡ç%nËm-ºŸ‘s] ím +ûÒ¶\˄gAD2ߥÐ8{M¢xY¿k#ÿêaöU(ËÁ8zŸŒΞÝíž•ÝBJôÉtÌ\-ò9øCHÃË +¡:՟–âÁ·‚xôªræçÖ惗î· +cÌ]œ?Ó÷Œ©OIÊÁÕ¡“Â^òg°Xžƒ{QÙb(•œŽ7æS@&—oMdèØŠÕJÁ(G`oXV›ïIð$žpðu‰QOC»Ò›ÁQSN + +ŒzÌ4Š’cÔýx€ê„ÝŠí:XT|v^) +k3b¿3-˜Ž¯Åàù°Ç¥"t +çE_nªîÆUÒãÔý$ò®:á\óÅ +&—Žš¶{B +®¡÷ñ˜k4¢þávçvgrœéâ\CiÃ×% øÖš +ž +\ `3ÉjVG@tÞé£ +¶žHî99.³d`k +Œ>·óSá^P†Ãòáz>×&Ê(µg²(ø +¬8Ì‚‘Ø/ +Ÿ+ Re8y‹ôZ#|} +×°^ö¢ÿÈbãZMkqUºyÇÝÆ`xÌœB©šc-LºO÷A= +÷AކžÌҘþŒðˆÐêQÈ/CÆ/–üžzøé +ˆª +endstream +endobj +4815 0 obj << +/Type /Page +/Contents 4816 0 R +/Resources 4814 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4722 0 R +>> endobj +4817 0 obj << +/D [4815 0 R /XYZ 71.731 729.265 null] +>> endobj +4818 0 obj << +/D [4815 0 R /XYZ 71.731 718.306 null] +>> endobj +4819 0 obj << +/D [4815 0 R /XYZ 71.731 718.306 null] +>> endobj +4820 0 obj << +/D [4815 0 R /XYZ 71.731 673.31 null] +>> endobj +4821 0 obj << +/D [4815 0 R /XYZ 71.731 673.31 null] +>> endobj +4822 0 obj << +/D [4815 0 R /XYZ 71.731 636.199 null] +>> endobj +602 0 obj << +/D [4815 0 R /XYZ 262.94 598.984 null] +>> endobj +4823 0 obj << +/D [4815 0 R /XYZ 71.731 576.089 null] +>> endobj +4824 0 obj << +/D [4815 0 R /XYZ 71.731 550.999 null] +>> endobj +606 0 obj << +/D [4815 0 R /XYZ 261.745 518.685 null] +>> endobj +4825 0 obj << +/D [4815 0 R /XYZ 71.731 496.285 null] +>> endobj +4826 0 obj << +/D [4815 0 R /XYZ 71.731 496.285 null] +>> endobj +4827 0 obj << +/D [4815 0 R /XYZ 71.731 472.443 null] +>> endobj +610 0 obj << +/D [4815 0 R /XYZ 273.327 435.228 null] +>> endobj +4828 0 obj << +/D [4815 0 R /XYZ 71.731 412.333 null] +>> endobj +4829 0 obj << +/D [4815 0 R /XYZ 360.844 402.351 null] +>> endobj +4830 0 obj << +/D [4815 0 R /XYZ 218.051 389.4 null] +>> endobj +4831 0 obj << +/D [4815 0 R /XYZ 71.731 387.243 null] +>> endobj +614 0 obj << +/D [4815 0 R /XYZ 261.745 354.929 null] +>> endobj +4832 0 obj << +/D [4815 0 R /XYZ 71.731 332.529 null] +>> endobj +4833 0 obj << +/D [4815 0 R /XYZ 71.731 308.687 null] +>> endobj +618 0 obj << +/D [4815 0 R /XYZ 303.669 271.472 null] +>> endobj +4834 0 obj << +/D [4815 0 R /XYZ 71.731 248.577 null] +>> endobj +4835 0 obj << +/D [4815 0 R /XYZ 245.468 225.644 null] +>> endobj +4836 0 obj << +/D [4815 0 R /XYZ 473.55 225.644 null] +>> endobj +4837 0 obj << +/D [4815 0 R /XYZ 119.552 212.692 null] +>> endobj +4838 0 obj << +/D [4815 0 R /XYZ 71.731 210.536 null] +>> endobj +4839 0 obj << +/D [4815 0 R /XYZ 71.731 195.592 null] +>> endobj +4840 0 obj << +/D [4815 0 R /XYZ 422.425 162.78 null] +>> endobj +4841 0 obj << +/D [4815 0 R /XYZ 239.791 139.467 null] +>> endobj +4842 0 obj << +/D [4815 0 R /XYZ 76.712 121.534 null] +>> endobj +4814 0 obj << +/Font << /F33 859 0 R /F38 956 0 R /F11 2489 0 R /F31 858 0 R /F25 852 0 R /F50 1263 0 R /F74 1733 0 R /F48 1258 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4845 0 obj << +/Length 1701 +/Filter /FlateDecode +>> +stream +xÚÕXYÜD~ß_aíӌŽîmßvD€%‹LjLðÐc÷ŒÍzlãc7ï§Ê}øïxHÆím]UßWÕÕMƒAÛ‹/·×o +LjHäÛŸ±ÝŽO +}#plz¶±MŒ_W_¥¬jyœ6m®,JÄà +¯òòtäE+Æm)~뵬ø±l¹§eÓ6ëß·ß^P¹ìõÛ3,‹D +®°7LÛ¥Äs\| + +Ū°Eø0Ažz[ñ8ûR;ã²j³²èÁ‡pä5LŽ>ŽiÞ¯-ºâuó_‹ù–5šï:ÄŠ|ÖOÿl1 © #Ž0‡’0rÕÜÏ%Øxú–3¶)†ÉõÖS°ðÂ]•{ñ‡† +S–bÐ~“rm{«‡"/YBÄ|”ð=šÈºŒ/²FÌžŒ»ºŸ.Ç[€à +3² u|ÃŽl ËKAîÈj"|Ej]➟-¹ð€ÛÐqJFÐÚŠ«Ó:€+Ò€âuŒÆ§<Æ¿Ü55þÄ +aT,û*Žœ—`R\ +¬HÄà!Ësù ï€RS)ÍÛ¢Û܊Ç&;¬íj.Qúèãû²«c9œeõŽå¹œÑS"Ñzóq- +\âÓÐ~‚tIxÎÛGl¥¶­lœӞ‹’Œãæv3 +Ž€ +E)ÅŽãQõæódQWŠŽEškèiqíðU—åÉŠ +^ªšš3&}çǪ¬×. +ŠŠÉäzT$»tÍŒR‹W˜§™tˆ~Üòä, +µ|1é4u‡¯Ç|¥ŒæW‹f<²ÚŸ¬¬æ‰žºË +íV4-HAm +‹ïØA­Uó¶Î8– +aœŒŠsq㓠+ÓÞÈmI©¥Ôþ³œ>ÔðÐSÚeuœVw‡k11pGa7 ÓÝ`{’Ž‘²‚ƒŠ>GóaC󧶃ˆøÄyþ_͂‚’Á`#Š#?ßDê9šåžÍMq^læYðW*%œÅé +\ZØUÓ&`O˜Ä¹ªªCòš\ïiN^©¹ +eðŸõÁšZ iŠ}¹šOùýxóŸ9ÍØ>Ò­Y€ðÈó–h™ˆ +†×Aô”ì& +] +áß-„?. +dñ ‹¶ÚLõ +Ws(Êþ4KtÁ‡8–öØg¿ÄŽç ú±ŸŒðÅì ##†â†”žerˆíßÇuVÉJ}௙.âIWgÅažh³šá[Ä¢Î4‘^BšŽãÑd‹^,ñ¥3|†Î úD|>›mÁŸº°cPË"?é +všnýqCNãXß÷Å?îZ¶ƒÂº”¯yŠôŠ5ÍB”µÚXy«XÁ2ôPŽëLÓVƒ/9XŒŽÏÚ$ôùgóÅÛ·?ߘϲ÷¯Ëà¿ÊêSÁÐÚ0ŠBWypö‰<ÜlÖhEœˆ’ y‹ª=í +ß÷V5¯ Ž­ªÍÿAŽœðY›ö=\ÿÄçÝq?Ä.T< +qÑNªZ4!YÂg5ÿ³ƒ–B~ߖe +€Çþ¿§ÞÖN + + +ʊrbÄÚZ);˜Ð©tĄ£ïùºQ9è`8Tô+c»àđÝc«)ÇgŸAÏò3”vFzáëÓÄníÒ~ŸD/×&,R +å°Ýýe_éSGÙ ßlÌw¿štÇCX¿@íwÎàђGs4èî я~,t¿‹ŸÊVì§Í÷æŽ5*ºßAþ"+ïåÒYÓJLAµEc +ùÍ-Ô +²œ}5#_l +h®$ +ž¡Ï +H +„7pàl4g(eň +‘€5iÙ)nÿЪ’UªwáNâ†ï2VLŽ¥,I’ +=dù£Í‚ΝJÁ°²äåã[˜u)ìéŠK‰ƒhOÿé% +Ëz«£Ê°€TVJҝeoF™Ó‹Q~£ÔÂÄœÊöq“ã’ï}Œõ‰[í"œÄ—ttfòHTe1˜#»ÃÉŒ_K,^Uy34W’ÿfq:µ0+âŒKj6G +‹2žS'Ä»†/”Ê™¬®œkè|J³EœÈš•ø Ô€4WK¥vÕ#_õMPál§/úL3åyµPŸ¡Ì‡‘Þ7&ªMx˲|éÙMåPžÐqC“ìNnAþù=¯í +òÿzùŠ“Ú/¿/E˜‚ +ùÒÍ+Wüg.Kí¡[ÜŠ_—ÙóäZێzÐâø!4ŽžŒ”åNŸùz{ñ7­¬Ûz +endstream +endobj +4844 0 obj << +/Type /Page +/Contents 4845 0 R +/Resources 4843 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4722 0 R +>> endobj +4846 0 obj << +/D [4844 0 R /XYZ 71.731 729.265 null] +>> endobj +622 0 obj << +/D [4844 0 R /XYZ 261.745 708.344 null] +>> endobj +4847 0 obj << +/D [4844 0 R /XYZ 71.731 685.944 null] +>> endobj +4848 0 obj << +/D [4844 0 R /XYZ 71.731 685.944 null] +>> endobj +4849 0 obj << +/D [4844 0 R /XYZ 71.731 651.208 null] +>> endobj +626 0 obj << +/D [4844 0 R /XYZ 298.418 611.935 null] +>> endobj +4850 0 obj << +/D [4844 0 R /XYZ 71.731 589.04 null] +>> endobj +4851 0 obj << +/D [4844 0 R /XYZ 411.195 579.059 null] +>> endobj +4852 0 obj << +/D [4844 0 R /XYZ 71.731 576.902 null] +>> endobj +630 0 obj << +/D [4844 0 R /XYZ 261.745 544.588 null] +>> endobj +4853 0 obj << +/D [4844 0 R /XYZ 71.731 522.188 null] +>> endobj +4854 0 obj << +/D [4844 0 R /XYZ 71.731 522.188 null] +>> endobj +4855 0 obj << +/D [4844 0 R /XYZ 71.731 498.346 null] +>> endobj +634 0 obj << +/D [4844 0 R /XYZ 270.916 461.131 null] +>> endobj +4856 0 obj << +/D [4844 0 R /XYZ 71.731 438.236 null] +>> endobj +4857 0 obj << +/D [4844 0 R /XYZ 187.337 402.351 null] +>> endobj +4858 0 obj << +/D [4844 0 R /XYZ 71.731 367.318 null] +>> endobj +4859 0 obj << +/D [4844 0 R /XYZ 119.552 343.572 null] +>> endobj +4860 0 obj << +/D [4844 0 R /XYZ 122.869 330.62 null] +>> endobj +4861 0 obj << +/D [4844 0 R /XYZ 122.869 317.669 null] +>> endobj +4862 0 obj << +/D [4844 0 R /XYZ 182.326 304.717 null] +>> endobj +4863 0 obj << +/D [4844 0 R /XYZ 71.731 302.934 null] +>> endobj +4864 0 obj << +/D [4844 0 R /XYZ 71.731 287.99 null] +>> endobj +4865 0 obj << +/D [4844 0 R /XYZ 71.731 236.172 null] +>> endobj +4866 0 obj << +/D [4844 0 R /XYZ 230.018 214.854 null] +>> endobj +4867 0 obj << +/D [4844 0 R /XYZ 139.477 203.198 null] +>> endobj +4868 0 obj << +/D [4844 0 R /XYZ 76.712 185.265 null] +>> endobj +638 0 obj << +/D [4844 0 R /XYZ 261.745 149.798 null] +>> endobj +4869 0 obj << +/D [4844 0 R /XYZ 71.731 127.398 null] +>> endobj +4870 0 obj << +/D [4844 0 R /XYZ 71.731 127.398 null] +>> endobj +4843 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F38 956 0 R /F11 2489 0 R /F31 858 0 R /F50 1263 0 R /F74 1733 0 R /F48 1258 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4873 0 obj << +/Length 1694 +/Filter /FlateDecode +>> +stream +xÚµYÛnã6}ÏWy²˜¡š{±[`ïÛbXtœ@nQÐ6 +«k‹*)5É"ß¡xÑÅtìŽèS$™Μ3sfšàÉÍOÞ]Œ\\\¿ +ÃIŽò„$“Åf&á,™€!AYL&‹õä·é«-­j&fsãi€‘Ÿxͪ +¿ß³²Ö÷5×Å,L§lÏkŠï·\Öröûâç +l¶ +=³Þžsa‡‘º@1ÎôŠó9³ ›®¶ÏÕË×oƒ ïg+°Ö®}ŠW +¬Š(r»ÀšòX +rd™]ø£±4X ©ÅÖÄEÅj[ÔlU7‚ +XΞ6Ån­o7\Ìâxj`[l +©¯ìßF²õÐÀ +³˜ÚÍ.ÑõŠ—_1&7°Ý¥~È«ºà¥±²|ßœQLæI†’4Ì‚rË¥2±c:ÊO2ˆ2‰Ú(cD±QÂf›âF^ë +iÔ[ +wp<ó˜JQ€ +ôö’êǍ íBúŸ8DiîŒ2ì”#LeÍ +OÕeQRq¯¯+ºúFoÌEi_sk× +®9,?ôu +D)ʃÐ@ +t‘WßnŽb˜Â0;à ,uV§Jæi†² + +Wõ¹bJïïY€§LHH/_õû§gW_Ϛ¯”1xý‹³±5«ëacšŠû--ÌÃ{Þè‹[å +«•«USžiV,]. +ÊjÄ÷`Þ8'y#VŸ$€ J1Šˆl–]^%±—"<&g3#ñ”‹=­œÜ(Ì¢³¹Mù 2Õþa͖õò;‹Š×’ïš(ä +rا›Q¬œÎ耶Mëú1oE¥¬éng)P€µ`7phç%Ds9Wj^梊˝Ùå+Žñ—²žƒ¿§ú—Ô)²M­=ýÖ&±d»Q˜K€Ë¿Ùk¶,h90lßQðú_2‘«àðP²ßA‹å&]?esçµ,ªýØ°qá—OœoŽ,yçý§ù—_ŠdOcûþZz‰sÙµÀöâsc6ø¬×œ•ðj×ýµ7á Jâü섯š”­p±öYÃ(ÄçgõË®ÍÓ"í¬ŸgJ¥îZ©Z5mŽ;”<èö«]áƪ¿F˜6®•©ÝŠòÆ+íÆ@J2FÆ +ñܯÃqŸÂÑA£ÌššJºgGd(ŽÏWõüÆ +-•>ïR˜KŸàËÊ»#ž + +Òäl†y9–šát§ÆÛNUÖlÓ¶™fWËÑXÌy­ôÆOUB§¶m8qðz +É_{'`°„“ìlº”ÿôŠO˜~_T+}uF0ѐ³ù9æ +,qrŸ;SÚ§YNŠ/fALïí˜íŽŠ“ÿs(54‘ + +£„hžâ%8ŸÌc(–Ìè +ž },J³éZ +‹”œûY†§HnõcÓÌ<á!ëÝù`Å÷{'·Œ¬ +FíÙÊhNÍöÐàœJw#Å \³XŒÎfWv·Jeîýhx`ˊÙё˞9F­ËßÂ͎Eí‚ÉŠ—k²Á774ŒêùJ•uÙ9 m¿.öV<Ý9‰ÖÎO}ì98ŒŒ6„V‚™}¯ìô ëᓢï[_dß1éì +fʟê1ðkùƒÝ·¯ÍJ@^t3‰h +<£¥±“©Îgß )A$sE£]=R +ºõ˜(o·ÅÊ¿mltk®*ê¶<$¡ +óg^ re'’ÅFÏp†cP4:5µØ + +%v÷N=}žœìp³8ÏýÔ~Z +Ì0:š>gå«ŠÞƪŒŽÃê ÒGýD¬çëM€ŸþŽæf3 +àÝP;0çAÙ©OAî“M¯<w'xBK +F^SQŸ0šëIU×u~;„YG;2¬È’—sœJe U¥Í‰ +mR–Œ +t«Ãž’tøæ|iQÒÍÚÝpðÿôbe¿ »â»ÕRå¬=a7ä+“ëŒSæŽh˜¬VOÐøÓ|ÿß$‹P–¥“y£< +ÍŒăwÞ,.þ¡qG‰ +endstream +endobj +4872 0 obj << +/Type /Page +/Contents 4873 0 R +/Resources 4871 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4722 0 R +>> endobj +4874 0 obj << +/D [4872 0 R /XYZ 71.731 729.265 null] +>> endobj +4875 0 obj << +/D [4872 0 R /XYZ 71.731 718.306 null] +>> endobj +4876 0 obj << +/D [4872 0 R /XYZ 71.731 718.306 null] +>> endobj +4877 0 obj << +/D [4872 0 R /XYZ 134.774 695.392 null] +>> endobj +4878 0 obj << +/D [4872 0 R /XYZ 119.552 682.441 null] +>> endobj +4879 0 obj << +/D [4872 0 R /XYZ 71.731 661.135 null] +>> endobj +4880 0 obj << +/D [4872 0 R /XYZ 71.731 661.135 null] +>> endobj +4881 0 obj << +/D [4872 0 R /XYZ 442.254 649.564 null] +>> endobj +4882 0 obj << +/D [4872 0 R /XYZ 71.731 614.531 null] +>> endobj +4883 0 obj << +/D [4872 0 R /XYZ 71.731 614.531 null] +>> endobj +4884 0 obj << +/D [4872 0 R /XYZ 296.447 590.785 null] +>> endobj +4885 0 obj << +/D [4872 0 R /XYZ 71.731 542.8 null] +>> endobj +4886 0 obj << +/D [4872 0 R /XYZ 71.731 542.8 null] +>> endobj +4887 0 obj << +/D [4872 0 R /XYZ 71.731 509.923 null] +>> endobj +4888 0 obj << +/D [4872 0 R /XYZ 71.731 509.923 null] +>> endobj +4889 0 obj << +/D [4872 0 R /XYZ 71.731 477.046 null] +>> endobj +4890 0 obj << +/D [4872 0 R /XYZ 71.731 477.046 null] +>> endobj +4891 0 obj << +/D [4872 0 R /XYZ 71.731 452.887 null] +>> endobj +642 0 obj << +/D [4872 0 R /XYZ 286.367 415.671 null] +>> endobj +4892 0 obj << +/D [4872 0 R /XYZ 71.731 392.776 null] +>> endobj +4893 0 obj << +/D [4872 0 R /XYZ 71.731 334.81 null] +>> endobj +4894 0 obj << +/D [4872 0 R /XYZ 166.306 324.015 null] +>> endobj +4895 0 obj << +/D [4872 0 R /XYZ 71.731 288.981 null] +>> endobj +4896 0 obj << +/D [4872 0 R /XYZ 71.731 256.105 null] +>> endobj +4897 0 obj << +/D [4872 0 R /XYZ 165.758 245.31 null] +>> endobj +4898 0 obj << +/D [4872 0 R /XYZ 191.545 219.407 null] +>> endobj +4899 0 obj << +/D [4872 0 R /XYZ 71.731 184.374 null] +>> endobj +4900 0 obj << +/D [4872 0 R /XYZ 119.552 160.628 null] +>> endobj +4901 0 obj << +/D [4872 0 R /XYZ 71.731 125.594 null] +>> endobj +4902 0 obj << +/D [4872 0 R /XYZ 165.2 114.799 null] +>> endobj +4871 0 obj << +/Font << /F33 859 0 R /F38 956 0 R /F11 2489 0 R /F31 858 0 R /F50 1263 0 R /F74 1733 0 R /F25 852 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4905 0 obj << +/Length 1817 +/Filter /FlateDecode +>> +stream +xÚÕYَÛ6}Ÿ¯0æ%6qš] +šmÓ€)Z h&@Šh™¶‰h+Eef‚ùø^n²$Ó +'E‹ôŖdêèÞÃs7/v +ŒxyñÝõÅՋ0\ä(O‚dqœ]„ F8Ki ,כÅïËï÷€”¯Œ ÆK#}ðœ¶esWÑZèsÑèoŸ +Ó%­AõùŸéD·úãú§ +l + +ÏôGÏô‚£8ŒäŠqŠúÇø|ø• +Îè*ˆ—W~Œ4ØboÖ€£%«Íن"¯<Ö§EÓ®|ŒŒÓglfï€ÑQ®±ùÅ +1N +Ñpƒ M#Ê¥«1^dàIIO‚,GA +€“Ê +-+)ÒËÒhŒ,AYžÛUß8€Rä'©]P” +H~_“Š:Àâ +ùif×>Ó+&üJ°adô±\ŽðB°6Å@» Üî5©7–ðª‘l8éŽjN,!3~šz¶\{`šâ‘õ>˜ < $Ñ\«›ÒlÉûZ°ÊœMýã`×s"˜Â‡‹òJIŸhØ(Â|±?Püj;â'yªi‰Œ)‘^éUy¿å)öÕ^åsí•ÅIPœ¥cœÃFMÂ +¥ òéFFr¡, + +²%± +/ö Zõö +ÝXÉƘÕó;ŸQIG +nõwËéV>†rZTG­^QÅoXG]\û¡À%MujÒGSoÙÎI¶¢(þzåféÃW[K£ù­$BX7 +5Ü֍Ðî=žÝW4U¥ÓÞdóý„•®Ž)3@>øäE + ÑèÔµÊ o’ºk ×e`ö +•i7Û^" + +ɊŸ$Æèõ +®ô¬4Š4­Lu+¿8Gq0ˆ{șn}òÈóhMԊ’z €û§AiÄËGz +ëti°øӘ•žX!+œ;C65ÝÁ²bõàêÀ/ởøØòŠ:ڛܩÃn±'æÖYÅ)ŸUªwªá3ԁ +]îðԙaÃ!ÐÔf@$›®¯» +‘4暏ۖ7­%‚–wŠd+\DeÞ@F‡wÒΊ×'ÝŸéKã`šÌ6ÖldݶIùhêœ ù¶„øò„VŒ8ÏpiрÕ8LÏÑÖ ­&ö^Ýå±¢aðÅ#Óç͞A§Ð«üÙC +²®®Eó]·¡¹œf‚‘’}Rl˜^óߐhöDWŸ-#]’®è` +zVÇvKŒã€ëGÐÕ +YWúÚœµâÁ¬ +ËŽrÛQËÏËcÙ$BòËb”B—ëÅ! +s“û`,ð‘úЖŸiiÁ$eŔ/ݞf£öœ‘ÃFjœñfÞŒÖí’$Ø|«ðRõ* +Qœf’ñµñë»ùŒHKAìˆxC×v8¬»Š€³–v0nÆê²ÔA +v ü +ðù™u„æNÓY +}–Ì˗ŽÙÜjãÆ + +g%›©ìŸ­ÏRíŽlû›gùôÅȑuUokjžäda6Ñåló +%ø%º +Šä®_"*‰Oˆ0KÔDšE˜XêÊÄ+â¬î‘ڎÎÖ ïë{ÕɶÕý†®ïÅúSm#î!Î:xu¥º(õeŸ_·ÊôyF·µ +ÕÃÛ0·Ø¬ IAm]‚7—ÓôhÞ<¶ +‡ŽÕ–'Y'ßÖìöðZt¢dÙÙnŠíIE>š`íh¹5oC/.÷ÞÓ5#õØÞ#éußd<·mé(õŸ„úޘ°ü™Õý­™·Õ +ؘðëë_œwš]>qϏ¯œ·¿ +oÉAöØc{í.Œ„s9Ë +ozó€7zÍßÕîAðw}IßÓ[ZžôÍsçgëœ%âDáÓôl1¿–™J"¹ß€KƒÇ)M¥Œ¢W +tFzŽQ"_ßN«ò[Ÿv:åwòÕú}üžY +œOº ³æ ²Ïcþc\zØ> endobj +4906 0 obj << +/D [4904 0 R /XYZ 71.731 729.265 null] +>> endobj +4907 0 obj << +/D [4904 0 R /XYZ 71.731 718.306 null] +>> endobj +4908 0 obj << +/D [4904 0 R /XYZ 408.844 708.344 null] +>> endobj +4909 0 obj << +/D [4904 0 R /XYZ 71.731 693.235 null] +>> endobj +4910 0 obj << +/D [4904 0 R /XYZ 71.731 678.291 null] +>> endobj +4911 0 obj << +/D [4904 0 R /XYZ 278.974 668.792 null] +>> endobj +4912 0 obj << +/D [4904 0 R /XYZ 139.477 657.136 null] +>> endobj +4913 0 obj << +/D [4904 0 R /XYZ 139.477 645.479 null] +>> endobj +4914 0 obj << +/D [4904 0 R /XYZ 76.712 628.842 null] +>> endobj +4915 0 obj << +/D [4904 0 R /XYZ 71.731 608.917 null] +>> endobj +4916 0 obj << +/D [4904 0 R /XYZ 71.731 555.315 null] +>> endobj +4917 0 obj << +/D [4904 0 R /XYZ 154.433 522.341 null] +>> endobj +4918 0 obj << +/D [4904 0 R /XYZ 76.712 504.409 null] +>> endobj +646 0 obj << +/D [4904 0 R /XYZ 268.392 468.941 null] +>> endobj +4919 0 obj << +/D [4904 0 R /XYZ 71.731 446.542 null] +>> endobj +4920 0 obj << +/D [4904 0 R /XYZ 71.731 446.542 null] +>> endobj +4921 0 obj << +/D [4904 0 R /XYZ 71.731 415.75 null] +>> endobj +4922 0 obj << +/D [4904 0 R /XYZ 71.731 415.75 null] +>> endobj +4923 0 obj << +/D [4904 0 R /XYZ 146.67 390.237 null] +>> endobj +4924 0 obj << +/D [4904 0 R /XYZ 71.731 368.155 null] +>> endobj +4925 0 obj << +/D [4904 0 R /XYZ 71.731 368.155 null] +>> endobj +4926 0 obj << +/D [4904 0 R /XYZ 158.007 344.408 null] +>> endobj +4927 0 obj << +/D [4904 0 R /XYZ 71.731 322.326 null] +>> endobj +4928 0 obj << +/D [4904 0 R /XYZ 71.731 322.326 null] +>> endobj +4929 0 obj << +/D [4904 0 R /XYZ 219.157 298.58 null] +>> endobj +4930 0 obj << +/D [4904 0 R /XYZ 71.731 276.498 null] +>> endobj +4931 0 obj << +/D [4904 0 R /XYZ 71.731 276.498 null] +>> endobj +4932 0 obj << +/D [4904 0 R /XYZ 296.447 252.752 null] +>> endobj +4933 0 obj << +/D [4904 0 R /XYZ 71.731 204.767 null] +>> endobj +4934 0 obj << +/D [4904 0 R /XYZ 71.731 204.767 null] +>> endobj +4935 0 obj << +/D [4904 0 R /XYZ 71.731 171.891 null] +>> endobj +4936 0 obj << +/D [4904 0 R /XYZ 71.731 171.891 null] +>> endobj +4937 0 obj << +/D [4904 0 R /XYZ 71.731 139.014 null] +>> endobj +4938 0 obj << +/D [4904 0 R /XYZ 71.731 139.014 null] +>> endobj +4903 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R /F74 1733 0 R /F25 852 0 R /F48 1258 0 R /F94 1739 0 R /F38 956 0 R /F11 2489 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4942 0 obj << +/Length 1629 +/Filter /FlateDecode +>> +stream +xÚ­XmoÛ6þž_áb5CR/”Šm@³® +ÛPûÐ#Ó6Yrõ’ÔE~üîÄ£,Ùj3`ûS”xä=÷ÜsÇðÙvÆg?\Ý®®nÞÁ,ei,ãÙj3 +bÎxÏT YÉÙj={7ÿn§©Kñ¹àÌ +^›C^ +÷ŠhÜsSºßjš¹Ù—qÏ»²nêÅûÕOWœ¶ +=“ÁžKr!XÄ·érY”K[Ø— +1<¥bA”‚­îË׎qQÒIp•Õ¹ýD'hv4ø“s™Óž¶ÛB7mÕ¿Šø®Mn +cáf׺Ñ8{úFk÷•Em>Žà>l•q4A‹ÎÏSR:3èÈlIg_ +ÉR0 +°ó2ⳌŒCôR„,Ž#ïåÆ憹¯T8øJÆ,I{,Ÿž°£˜ˆ•ÿ£1eE°HôVŸÀÚ̜V?Úfw¶*׎b³e +؄^5„;žî²f۞$ž6gZ|ôªê暂çÅë‰Uаõõ +ŸDõÁd]ÈhîŽêDÔþ3÷ú‚ +C†€QÜu{)¹CœµC +äcQŒ3›Ò«³Wæ)Uöj_ìúß3 +#ö/?.>gõÎM·bg>VˆÕ®‹Gš†9˜Ì +Ð0]Asu,usÚ}TëýNۂ–ûÀÁžÙé†ì,D‰núAFŸÛ²­]&+ÏRCûÞÑt[Ûb;¿@@A÷°uîÊ»~²7áx¬X*ÕâøâiÊ$@³ +B*1†Üƒþ2×bŠeîÙIÙÛø¹#“&ÅúÀÓٞ㞐jÌÁ›ø95>ÞÕnÐ8ŽÓùqg;Š®'Ö4aÈ @풯’ ûœÖHP+økÜ +Eã:ÖïWW®œŒÏôiȐ „_h_²ýŸ$@¥`[–ŠÁ¬2³ÍÕo«d +0¡ü"÷±J˜ä±_ÓuããóË4èÂH”Н¿S +]= +Ãd  >1tà2ð2Jˆ0¿D”2‡ª±„Œ +®c +i'“0øu! u_uW?º9S`:?ت,šÒÀ䊍7¥ïð‹œl”Å™ÑÊ_`L1 +QWòvŠ¢G4Q¶œ„ +p‚HÚYomŸ&ûÕPiP*©0·×݄{ØÚªöeeµFàÜ K÷{cšìfm6žV·ysS·Œ'ܹéÖãA©•]ÛMgœò8mªrïMéf쪛Fö•­wÎàúXˆO(! +éõSVK +‹o5ܺwˆ»än­wYÿ< +§˜ +ù}ܗøÞsW1)"×, +Š Í%„äIž|âýlš]InÝŸt¿+Ož™Ùt†žÝ_æ)‡ád5ÕõBœ’b|ãxÛ ЏCåj‰]ßÖУë£íýQº“UF7þ®2ŒAcgžŠ}w™AOÑQ;[èŠlžy +篧î + ;µÄÔ!ûêÔ±õŠïõ–®›R VrÜZ!p[ß»•÷{,[?s0Ø-š +«ucöÔóÜêÚfgÞfç;(Çæêž +s{ßyörp—âqªšÁU)†«’Kr]ÏÄà39ûÚÀn {ÙØmwm9Ÿ¿s§Æ!Ôò©*L|€ø~bë% +%ï¿;À^ßÓÎÕaÿŽ6wOÍÝ' ƒC œª«­—‡ûíùÿ;ÆÿcÁf +J:„FqŸBÖ@öþ{{À +endstream +endobj +4941 0 obj << +/Type /Page +/Contents 4942 0 R +/Resources 4940 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4939 0 R +>> endobj +4943 0 obj << +/D [4941 0 R /XYZ 71.731 729.265 null] +>> endobj +4944 0 obj << +/D [4941 0 R /XYZ 71.731 718.306 null] +>> endobj +4945 0 obj << +/D [4941 0 R /XYZ 71.731 718.306 null] +>> endobj +4946 0 obj << +/D [4941 0 R /XYZ 134.217 695.392 null] +>> endobj +4947 0 obj << +/D [4941 0 R /XYZ 71.731 675.01 null] +>> endobj +4948 0 obj << +/D [4941 0 R /XYZ 71.731 675.01 null] +>> endobj +4949 0 obj << +/D [4941 0 R /XYZ 239.72 662.516 null] +>> endobj +4950 0 obj << +/D [4941 0 R /XYZ 71.731 640.433 null] +>> endobj +4951 0 obj << +/D [4941 0 R /XYZ 71.731 640.433 null] +>> endobj +4952 0 obj << +/D [4941 0 R /XYZ 71.731 607.557 null] +>> endobj +4953 0 obj << +/D [4941 0 R /XYZ 71.731 607.557 null] +>> endobj +4954 0 obj << +/D [4941 0 R /XYZ 156.622 557.908 null] +>> endobj +4955 0 obj << +/D [4941 0 R /XYZ 201.175 557.908 null] +>> endobj +4956 0 obj << +/D [4941 0 R /XYZ 246.74 557.908 null] +>> endobj +4957 0 obj << +/D [4941 0 R /XYZ 270.875 557.908 null] +>> endobj +4958 0 obj << +/D [4941 0 R /XYZ 311.509 557.908 null] +>> endobj +4959 0 obj << +/D [4941 0 R /XYZ 362.418 557.908 null] +>> endobj +4960 0 obj << +/D [4941 0 R /XYZ 71.731 544.458 null] +>> endobj +650 0 obj << +/D [4941 0 R /XYZ 303.898 507.328 null] +>> endobj +4961 0 obj << +/D [4941 0 R /XYZ 71.731 484.433 null] +>> endobj +4962 0 obj << +/D [4941 0 R /XYZ 450.902 474.451 null] +>> endobj +4963 0 obj << +/D [4941 0 R /XYZ 71.731 472.294 null] +>> endobj +654 0 obj << +/D [4941 0 R /XYZ 268.392 439.98 null] +>> endobj +4964 0 obj << +/D [4941 0 R /XYZ 71.731 417.58 null] +>> endobj +4965 0 obj << +/D [4941 0 R /XYZ 71.731 417.58 null] +>> endobj +4966 0 obj << +/D [4941 0 R /XYZ 71.731 395.506 null] +>> endobj +658 0 obj << +/D [4941 0 R /XYZ 260.688 356.523 null] +>> endobj +4967 0 obj << +/D [4941 0 R /XYZ 71.731 353.331 null] +>> endobj +4968 0 obj << +/D [4941 0 R /XYZ 166.376 299.823 null] +>> endobj +1139 0 obj << +/D [4941 0 R /XYZ 71.731 240.007 null] +>> endobj +662 0 obj << +/D [4941 0 R /XYZ 438.76 201.621 null] +>> endobj +4969 0 obj << +/D [4941 0 R /XYZ 71.731 177.866 null] +>> endobj +4970 0 obj << +/D [4941 0 R /XYZ 71.731 177.866 null] +>> endobj +4971 0 obj << +/D [4941 0 R /XYZ 294.544 168.745 null] +>> endobj +4972 0 obj << +/D [4941 0 R /XYZ 71.731 143.674 null] +>> endobj +4973 0 obj << +/D [4941 0 R /XYZ 71.731 143.674 null] +>> endobj +4974 0 obj << +/D [4941 0 R /XYZ 143.761 134.174 null] +>> endobj +4975 0 obj << +/D [4941 0 R /XYZ 71.731 133.081 null] +>> endobj +4976 0 obj << +/D [4941 0 R /XYZ 143.761 122.518 null] +>> endobj +4940 0 obj << +/Font << /F33 859 0 R /F38 956 0 R /F31 858 0 R /F50 1263 0 R /F74 1733 0 R /F11 2489 0 R /F60 1440 0 R /F25 852 0 R /F48 1258 0 R /F51 1265 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +4980 0 obj << +/Length 1797 +/Filter /FlateDecode +>> +stream +xڕXË®Û6Ýç+Œ(ž¢IêÝEy6EÛ¹7@‹€ +Y¢mõÚ¢ QIœ¯ïP +RË º2%“ó<3g(º:¬èêõ“gO¶¯|•’4âÑêa¿ò#Jh­bŸ“$䫇bõqýü˜ÕJ4‡tÍ(1‹¢>ÉËYTÊ<+i~›¯ÅY*až²Uí柇ߞPT +:ÙH§ÇJB?Ð +ÒÄ(}C*RG”Ž+«¬¹˜uåÙÿøRžNžÅnÝpºîʓ²Ôq&,—çº<წU)«ÿ‹EeÖe5;V7"EY +ŽGàH2^ÀHKj< Û\VŸ(凮ٰd-ðÈÄw{Æcœ€6à`Û9« +ôÿŸ«kÙ(Q,xŸ—Í9ShxֈŸQÇ8§,ö KSkVSŸ +a »å +© Ôÿ^ÇLÝYcî_â’Ù݂Ê4"0tÌ&‚¬šç}û› ˜°€>skŒÑ{³7ô{éÛŽ +M»jal +8ñ}öŠ6`ã€; +¥ÀÚRÊe™.ŠÇÜühVÈ[KºÆìc +܌Y&ýÉk³¢˜ÐÀ +×CqÍÀ‘=?^kôx +ô§óèX/)«Õ %šØm +Š¿7Œ!GjíÙ'\骹ÎG + +9YçìÑö˜þrëÅ6€‘3q³·œŒ—¯Óbˆdv§Pµ˜"@ýµa,„1„ +˖µ·Móü“8 +§“ç’‰ÿÄ¿&0Ø6Ñ= +ÏlfíÑIæCòm§`ÓÖQçÞ¶k›mÛä[͔}ã)wf3ØíË\³ÖTÞoK?‰–&chàièÏ`ñÆ43ÓÐU3žûšÌ“i˜Š.-\ +ôýÉ©0܎挥ú +t„ÃìéBí‘Éðié­L“ØN‡^yÑ +Û÷#jyÂ+ZÑ5¿'—ÕÂvƒ:|f{wó +OcxµÎZ—dÐ{èªÑ¥cÀRî²n1wKõЭ,º€³©¶-܁¡ +ƒ`¹Dºj©àñéSó{c“§£Å{cJXrªýÌ¡!²™ŽÝ + +WÚ_3ŒN{i•8ßÍ#šÆôèˆÆ +Oaym‹#Ȁܔ°+Ç:_Že~œ4zŒÇ«c{ã+Ã5A¢ö@.*r‹F#3>¡QŽ4z‘9 O–ù +Æ7(ŽŸ ²ù7Ÿq³mÞî<íȀþÅçþ.Ðßa°û¢ÖaªÁo8²S“B×X•^᝻Áú1 1‡Ž‘†RqÂä² +ç8Lev +‡ +qü ·±Ñ6ž(¿Ñw–©¬ÊÌ}òÌùˆ®b`; xl +JbGàŸ1$׊|`Û¡Qž]Ã·%âaƒÙfÖ¬ä +mp~çªÒ܋€µ“Ü»³_֖‘:t#Üåfüpò™%‰HÂá^ +3 I;ü±dræåÓÿ[ÓZ¡ +endstream +endobj +4979 0 obj << +/Type /Page +/Contents 4980 0 R +/Resources 4978 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4939 0 R +/Annots [ 4977 0 R ] +>> endobj +4977 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [264.008 533.206 315.844 543.681] +/Subtype /Link +/A << /S /GoTo /D (0:KEYPAD) >> +>> endobj +4981 0 obj << +/D [4979 0 R /XYZ 71.731 729.265 null] +>> endobj +4982 0 obj << +/D [4979 0 R /XYZ 71.731 718.306 null] +>> endobj +4983 0 obj << +/D [4979 0 R /XYZ 461.078 708.344 null] +>> endobj +4984 0 obj << +/D [4979 0 R /XYZ 292.751 695.392 null] +>> endobj +4985 0 obj << +/D [4979 0 R /XYZ 407.589 695.392 null] +>> endobj +4986 0 obj << +/D [4979 0 R /XYZ 464.854 695.392 null] +>> endobj +4987 0 obj << +/D [4979 0 R /XYZ 151.651 682.441 null] +>> endobj +4988 0 obj << +/D [4979 0 R /XYZ 235.387 682.441 null] +>> endobj +4989 0 obj << +/D [4979 0 R /XYZ 71.731 680.404 null] +>> endobj +4990 0 obj << +/D [4979 0 R /XYZ 71.731 665.46 null] +>> endobj +4991 0 obj << +/D [4979 0 R /XYZ 334.897 655.841 null] +>> endobj +4992 0 obj << +/D [4979 0 R /XYZ 76.712 627.547 null] +>> endobj +4993 0 obj << +/D [4979 0 R /XYZ 71.731 607.621 null] +>> endobj +4994 0 obj << +/D [4979 0 R /XYZ 76.712 567.671 null] +>> endobj +4995 0 obj << +/D [4979 0 R /XYZ 71.731 547.746 null] +>> endobj +4996 0 obj << +/D [4979 0 R /XYZ 213.681 512.777 null] +>> endobj +4997 0 obj << +/D [4979 0 R /XYZ 76.712 494.844 null] +>> endobj +666 0 obj << +/D [4979 0 R /XYZ 281.389 455.472 null] +>> endobj +4998 0 obj << +/D [4979 0 R /XYZ 71.731 452.28 null] +>> endobj +670 0 obj << +/D [4979 0 R /XYZ 243.788 421.001 null] +>> endobj +4999 0 obj << +/D [4979 0 R /XYZ 71.731 400.927 null] +>> endobj +5000 0 obj << +/D [4979 0 R /XYZ 161.883 388.125 null] +>> endobj +5001 0 obj << +/D [4979 0 R /XYZ 345.333 388.125 null] +>> endobj +5002 0 obj << +/D [4979 0 R /XYZ 119.552 375.173 null] +>> endobj +5003 0 obj << +/D [4979 0 R /XYZ 275.516 375.173 null] +>> endobj +5004 0 obj << +/D [4979 0 R /XYZ 472.317 375.173 null] +>> endobj +5005 0 obj << +/D [4979 0 R /XYZ 71.731 340.14 null] +>> endobj +5006 0 obj << +/D [4979 0 R /XYZ 232.457 329.345 null] +>> endobj +5007 0 obj << +/D [4979 0 R /XYZ 161.075 316.394 null] +>> endobj +5008 0 obj << +/D [4979 0 R /XYZ 71.731 294.311 null] +>> endobj +5009 0 obj << +/D [4979 0 R /XYZ 155.796 270.565 null] +>> endobj +5010 0 obj << +/D [4979 0 R /XYZ 71.731 254.212 null] +>> endobj +674 0 obj << +/D [4979 0 R /XYZ 234.499 220.902 null] +>> endobj +5011 0 obj << +/D [4979 0 R /XYZ 71.731 198.316 null] +>> endobj +5012 0 obj << +/D [4979 0 R /XYZ 71.731 162.954 null] +>> endobj +5013 0 obj << +/D [4979 0 R /XYZ 71.731 162.954 null] +>> endobj +5014 0 obj << +/D [4979 0 R /XYZ 148.603 153.455 null] +>> endobj +5015 0 obj << +/D [4979 0 R /XYZ 250.281 153.455 null] +>> endobj +5016 0 obj << +/D [4979 0 R /XYZ 71.731 132.436 null] +>> endobj +4978 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F38 956 0 R /F25 852 0 R /F48 1258 0 R /F50 1263 0 R /F51 1265 0 R /F60 1440 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5019 0 obj << +/Length 1492 +/Filter /FlateDecode +>> +stream +xÚåXˎÛ6ÝÏWhiMR"%è¢Iš4E›‰H² %z¬Ž,ztâ|}/EÒ2=ô䁠 +Z +0"%’÷yî=4® +<»zŽºZ>ã G9§È +:1î1àpЇŒÅPýR6 +>m”)˵±ÎŒíڝWÙ²ü>ÀŽ­ +ÿ +ïþÕ +øâ÷0”ôa!E,áŸpì™`Ån}ÞÃ1büXv7­‰ŽÀŠ]ió|ØöŠý~d ÉÏ?Ö©–1Êræç/gž¢àåWèÀyb€Æç¹ÛµÏx†G^Êe©s[Ø·ÝÇ,ÍqýòG/ËP¬(ŸST¥Ý û›’ežŽMÛVAâVOŽ°=/7kY +tÝrÀBšÄ®¥SOi»›)|SA9Çñ±è]5lG£dÑÉùRuí#š&_AwÈ +ºsÁÑxÝ·Ã + +*÷æMD1PÎ\œ^Êè,s×qŒ¢pUY +å%iþ=€á( +îŸÌM'¯ŽqwRè +š÷$ïØžotÿ9(‘íš'ÆM‡p;3Lï²d~šŽsBgÞª·æSò·{ '†ym¥Y w +³ìÌì¹o +›ãuH +¢ØZiÓq3飆ô¥¶ì[ ìœÒéÇÞÂj0öÒ*e@wŠÛz<ôÏW +(­f‹Ü. ÉéâN€b€N +‰Í`ÝahqӘšr&•1”'¹¯ïøaËb§©)gm¬ic×K7¡NIN +ŠšŸFàîDù)Éa÷‘œ'r]Yþ~YøvÅG ü\„`ÜZŸ$#@{0bpqªÈ7 %ÿ<')åÚ>þù”dŸTøÏ£ šï¹NGÑ÷ØùÂÓEO;lÊQœ-J!è$w6üŽºú™m’Ü +endstream +endobj +5018 0 obj << +/Type /Page +/Contents 5019 0 R +/Resources 5017 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4939 0 R +>> endobj +5020 0 obj << +/D [5018 0 R /XYZ 71.731 729.265 null] +>> endobj +5021 0 obj << +/D [5018 0 R /XYZ 71.731 741.22 null] +>> endobj +5022 0 obj << +/D [5018 0 R /XYZ 71.731 718.306 null] +>> endobj +5023 0 obj << +/D [5018 0 R /XYZ 232.457 708.344 null] +>> endobj +5024 0 obj << +/D [5018 0 R /XYZ 161.075 695.392 null] +>> endobj +5025 0 obj << +/D [5018 0 R /XYZ 71.731 682.027 null] +>> endobj +678 0 obj << +/D [5018 0 R /XYZ 355.257 644.812 null] +>> endobj +5026 0 obj << +/D [5018 0 R /XYZ 71.731 621.695 null] +>> endobj +5027 0 obj << +/D [5018 0 R /XYZ 156.084 611.935 null] +>> endobj +5028 0 obj << +/D [5018 0 R /XYZ 448.645 611.935 null] +>> endobj +5029 0 obj << +/D [5018 0 R /XYZ 256.228 598.984 null] +>> endobj +5030 0 obj << +/D [5018 0 R /XYZ 433.253 598.984 null] +>> endobj +5031 0 obj << +/D [5018 0 R /XYZ 187.337 586.032 null] +>> endobj +5032 0 obj << +/D [5018 0 R /XYZ 71.731 582.63 null] +>> endobj +682 0 obj << +/D [5018 0 R /XYZ 349.704 545.415 null] +>> endobj +5033 0 obj << +/D [5018 0 R /XYZ 71.731 542.223 null] +>> endobj +5034 0 obj << +/D [5018 0 R /XYZ 71.731 527.279 null] +>> endobj +5035 0 obj << +/D [5018 0 R /XYZ 71.731 469.3 null] +>> endobj +5036 0 obj << +/D [5018 0 R /XYZ 156.084 456.349 null] +>> endobj +5037 0 obj << +/D [5018 0 R /XYZ 448.645 456.349 null] +>> endobj +5038 0 obj << +/D [5018 0 R /XYZ 326.245 443.397 null] +>> endobj +5039 0 obj << +/D [5018 0 R /XYZ 71.731 439.995 null] +>> endobj +686 0 obj << +/D [5018 0 R /XYZ 394.178 402.78 null] +>> endobj +5040 0 obj << +/D [5018 0 R /XYZ 71.731 379.662 null] +>> endobj +5041 0 obj << +/D [5018 0 R /XYZ 156.084 369.903 null] +>> endobj +5042 0 obj << +/D [5018 0 R /XYZ 461.038 369.903 null] +>> endobj +5043 0 obj << +/D [5018 0 R /XYZ 204.064 356.951 null] +>> endobj +5044 0 obj << +/D [5018 0 R /XYZ 426.319 356.951 null] +>> endobj +5045 0 obj << +/D [5018 0 R /XYZ 493.178 356.951 null] +>> endobj +5046 0 obj << +/D [5018 0 R /XYZ 194.809 344 null] +>> endobj +5047 0 obj << +/D [5018 0 R /XYZ 71.731 309.34 null] +>> endobj +5048 0 obj << +/D [5018 0 R /XYZ 272.825 298.172 null] +>> endobj +5049 0 obj << +/D [5018 0 R /XYZ 119.552 285.22 null] +>> endobj +5050 0 obj << +/D [5018 0 R /XYZ 239.421 285.22 null] +>> endobj +5051 0 obj << +/D [5018 0 R /XYZ 71.731 270.112 null] +>> endobj +5052 0 obj << +/D [5018 0 R /XYZ 71.731 255.168 null] +>> endobj +5053 0 obj << +/D [5018 0 R /XYZ 290.164 234.012 null] +>> endobj +5054 0 obj << +/D [5018 0 R /XYZ 405.873 234.012 null] +>> endobj +5055 0 obj << +/D [5018 0 R /XYZ 71.731 206.117 null] +>> endobj +690 0 obj << +/D [5018 0 R /XYZ 349.69 166.745 null] +>> endobj +5056 0 obj << +/D [5018 0 R /XYZ 71.731 143.628 null] +>> endobj +5057 0 obj << +/D [5018 0 R /XYZ 156.084 133.868 null] +>> endobj +5058 0 obj << +/D [5018 0 R /XYZ 355.674 133.868 null] +>> endobj +5059 0 obj << +/D [5018 0 R /XYZ 119.552 120.917 null] +>> endobj +5060 0 obj << +/D [5018 0 R /XYZ 341.806 120.917 null] +>> endobj +5061 0 obj << +/D [5018 0 R /XYZ 405.905 120.917 null] +>> endobj +5017 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R /F25 852 0 R /F38 956 0 R /F48 1258 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5064 0 obj << +/Length 687 +/Filter /FlateDecode +>> +stream +xڝUˎ›0Ýç+Œ+HÇ6L—}LÕ®³©:]p:#l:J¿ŸlIUí?ð=çú>Ž : ‚>oÞï6Q„2œ%,A»=Š‚‰HP1,8C»}> +ekUn'%ØM>ª¶Öç“j¬[[íÆ.ŒÒ@ŽUn}ÔƚðÇîë†xZà€ +Î-‹ æQîR!%îž +R<ÂŽ +2™&à[H‡#=œã)0k”*‡Yäï[{]×Î7‡[²,+[éFz+ïîhç]3îÏLuWŽuÓ±<`œÝvvò*ž¡Þù„Še}Š‹lÊ(”åö ¬ +˜ÿu°œ| +b>PhmWJ$â8¹ÔÑÛÎg‚ÞRº\«üäVÁB£ÿF>ªºÇWp3ñ7\ö +îXÄŠèªÖuå-8ÇÑ2 +®ö›r + +AŒ¹X¥)ÚJ¯€óA\fÇ°Ï[ +AÂR_š©û·›Zk. +˜_•¿=öŸ™ŠNI;ÖïÔ؎y©k”3œR>Q7ÚN]-ëê÷ZÁ†g³»aVæÒø•ì­>I[²®}Ï÷ ZŒ±°/‡®ñ²ùŗ+#i’úz¥Žã^–j]\.·Ôšû;Š>§®•Nˆ'y]×N›î/›$8MçÎÒû•8i߄œw7#Œê$Ï7»Ëü^€aŒÐ3ñ뙳±êôšÞ-Ÿ˜«g +b#Œ0<Š°éŸÊȕѧÝæ”õÔÖ +endstream +endobj +5063 0 obj << +/Type /Page +/Contents 5064 0 R +/Resources 5062 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 4939 0 R +>> endobj +5065 0 obj << +/D [5063 0 R /XYZ 71.731 729.265 null] +>> endobj +5066 0 obj << +/D [5063 0 R /XYZ 179.038 708.344 null] +>> endobj +5067 0 obj << +/D [5063 0 R /XYZ 160.219 649.564 null] +>> endobj +5068 0 obj << +/D [5063 0 R /XYZ 236.213 649.564 null] +>> endobj +5069 0 obj << +/D [5063 0 R /XYZ 316.183 649.564 null] +>> endobj +5070 0 obj << +/D [5063 0 R /XYZ 413.427 649.564 null] +>> endobj +5071 0 obj << +/D [5063 0 R /XYZ 71.731 627.616 null] +>> endobj +5072 0 obj << +/D [5063 0 R /XYZ 272.267 616.687 null] +>> endobj +5073 0 obj << +/D [5063 0 R /XYZ 205.608 603.736 null] +>> endobj +5062 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R /F38 956 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5076 0 obj << +/Length 1711 +/Filter /FlateDecode +>> +stream +xÚ¥XYÛ6~ϯðS×VŽH‰:HÓ4iŠ¢ +÷¡hŠ€¶i›]Ytì®ûë; +æ.Ú䌚ápŽoŸ9\ +áâý‹Ð\ßl^¬ßº !JhF›Ã"Å(ð" +#D¢d±Ù/þ\þpbUËëU@Òl‰1Ò7Ÿø®«E{ÑOoy#Žåê¯ÍÏœFœ"‚i¬4†‹€‚R¬uÁv«à÷†­pž<®øåz+ +£BçâÑȄþ^ôÂpR% +®ÏaúÒŽ¬;}¿%«/ +Gò +YbÕ|iXJãG!Ê; +Á|£÷Äj»VˆmÍjÁ؉oõZ׈òh¶œŒI;Y~Crìj³ «VH“”(D €Q”Z‹‚€—l[ðÀxsíä A1‰&(§&™â Ï©dӈ­ÌÄ¿é+0Š¿~’8dR9H­'vÍ^™GŸª%(<›@ž“Øä­9ÏØ°ó‰‰RÅï9p:Ý 7ü„4m-ªYVžDEÁ)cPØèˆ(KôÝ/¢ì +×ïjÎß|zk +fE#-øì,p~ +éò^šržN;Î1@;kµ¹×–A®IîĺVPç/}8ÊQ˜zœ7ñÖß}§v„0ÐLDŠj<»<¡"ˆ€ãê9¶l +b +DQè»/¬Byæ+B—'fAr\Ñ%œÑX)ÛºÛ󺱁Ž‚m}™dÝÙì‰8§ž@oÏ·+/ŽGû!ä(1o’žƒª.³aØ_eË_jV<³;®ï”• +œêÄÙHAš#@¥ +‡ñ +v°âA¥Ÿ­¢pyiôÄ–.û Ã³Æ +Üp%õžëZÖ[]ðFí5ÜŒYaXƒJ“fµWúu²£N6ÜöºLO8±roêMÒ;Yëí]Õjdh 5D?³Sýð‘±ÚÖçj°™e4Ÿ +¥é×Ðœ+/ÕÙ,ï˜ÀŸ +ȶyOŽ†þB¢‚ybLSDÁ$§ÿ[( +‡ Êp>PøƒhOÁ±:ŸúžJãå÷«œ.7?}DfËߟŒÿøÞgQÙ9|kD¢ ñg ÂpŽ®Z¢%Ub=êR”†±·[Z.pŽ*/Kš“ª†œ’µ“Qqw!Ò]RÅú2Ž_\²¥É<.‡ê•«Å‰Í4ìÑ1b–çA¥˜ÇŠE¯@Uˌ'cæ(€Œ3 +í<-gE{£Á‹­£|~`Hñä2p³¢tÙ +3›êLæ*·^Ÿñ‚è!YŸ^†s”ÄŽ gÝû^e[BÝ2SJЀØí”SwŒnJôí4F˜Ì°§èÝN 1¬œ²¹)UɛٌpWÊŸØèØhïù—¿ÈÎtŠÈF›?ÅqU° +×Fš™€” +†f> +fŠ +•0O„c`¿Ø±yU¯¢tÉMõøʌ„‡ÁaÒjûúxìíí¹r<’qt4MóPËó$AfDÑ¡ª#ëFŠÀ6š9óP³;QcŸ G!F1”â$Y04ßµB +}Èqªv²+ +*8kDá€Ù:ט•¬Tù\ž Œ§ ;QÊË?| +;wÆþ^ÙÉÊ +÷ÏÊÑp:ÀèÉÙN +õú$ÎÓÁáÈK^³Öˆ +”õS +èö + +L³x-kŸ +f +åßø+9LЫa”ï`nž¡Î“£yƑ꿻̄òNÅôú”Ò%ËY;&³ÿÈFžÆŠíMšÎÒ6À+Þ?C jÁ +‡#鞟ÀÃUbEã +Š,¹MŒeßQ—>Ÿ!?Ÿ‰x¶Iuøh‡.¯ôæ$ +ÍuE¡»ïøåõºbíiÝÊ5txö|œé}“ïdß` +ÉÚ{Ú°ÕI'Š@/w=뿙CÕ“aš˜ŠÔ9Îè5Òa:AËöão~‡ñì@èy»“ýˆ +xÅõ±®Xåæõé8”f$ŠØsËwL³xl€ +cè^`ú¢šN# +Μ©éåV‹6 + +ŠÄ~œ‰ç°Ž +)ƒš +¶e]x¡¿èt +}€.ml€Ò6ÏŽŽºÿð¹²k +#ÔðVßlP_Æ +J3ðŸQ§=|œË’úéžð®ª²;6Œ²¬‘ðKógІd×zóªdòNJ@¶Â‡ºµ»¡B`J"ºËªªÿÿhôYùÇ +C@m÷ +Ãü)}è["âoeÒ +é˜hêŸóý +bmÚÑgV5ógŠÜ +ŸàÃLÿsGŠ£ñ›ÿWÃ> endobj +5077 0 obj << +/D [5075 0 R /XYZ 71.731 729.265 null] +>> endobj +1140 0 obj << +/D [5075 0 R /XYZ 71.731 718.306 null] +>> endobj +694 0 obj << +/D [5075 0 R /XYZ 346.114 703.236 null] +>> endobj +1141 0 obj << +/D [5075 0 R /XYZ 71.731 692.184 null] +>> endobj +698 0 obj << +/D [5075 0 R /XYZ 166.466 651.526 null] +>> endobj +5078 0 obj << +/D [5075 0 R /XYZ 71.731 627.77 null] +>> endobj +5079 0 obj << +/D [5075 0 R /XYZ 71.731 598.624 null] +>> endobj +5080 0 obj << +/D [5075 0 R /XYZ 71.731 598.624 null] +>> endobj +5081 0 obj << +/D [5075 0 R /XYZ 71.731 597.379 null] +>> endobj +5082 0 obj << +/D [5075 0 R /XYZ 129.514 578.3 null] +>> endobj +5083 0 obj << +/D [5075 0 R /XYZ 129.514 578.3 null] +>> endobj +5084 0 obj << +/D [5075 0 R /XYZ 455.937 578.3 null] +>> endobj +5085 0 obj << +/D [5075 0 R /XYZ 451.912 565.349 null] +>> endobj +5086 0 obj << +/D [5075 0 R /XYZ 71.731 563.192 null] +>> endobj +5087 0 obj << +/D [5075 0 R /XYZ 129.514 547.416 null] +>> endobj +5088 0 obj << +/D [5075 0 R /XYZ 129.514 547.416 null] +>> endobj +5089 0 obj << +/D [5075 0 R /XYZ 384.785 547.416 null] +>> endobj +5090 0 obj << +/D [5075 0 R /XYZ 440.146 547.416 null] +>> endobj +5091 0 obj << +/D [5075 0 R /XYZ 71.731 532.308 null] +>> endobj +5092 0 obj << +/D [5075 0 R /XYZ 71.731 517.364 null] +>> endobj +5093 0 obj << +/D [5075 0 R /XYZ 174.841 507.865 null] +>> endobj +5094 0 obj << +/D [5075 0 R /XYZ 124.533 455.362 null] +>> endobj +5095 0 obj << +/D [5075 0 R /XYZ 129.514 437.429 null] +>> endobj +5096 0 obj << +/D [5075 0 R /XYZ 129.514 437.429 null] +>> endobj +5097 0 obj << +/D [5075 0 R /XYZ 393.921 437.429 null] +>> endobj +5098 0 obj << +/D [5075 0 R /XYZ 129.514 424.477 null] +>> endobj +5099 0 obj << +/D [5075 0 R /XYZ 328.496 424.477 null] +>> endobj +5100 0 obj << +/D [5075 0 R /XYZ 71.731 422.321 null] +>> endobj +5101 0 obj << +/D [5075 0 R /XYZ 129.514 406.545 null] +>> endobj +5102 0 obj << +/D [5075 0 R /XYZ 129.514 406.545 null] +>> endobj +5103 0 obj << +/D [5075 0 R /XYZ 383.997 406.545 null] +>> endobj +5104 0 obj << +/D [5075 0 R /XYZ 71.731 355.735 null] +>> endobj +5105 0 obj << +/D [5075 0 R /XYZ 168.797 342.784 null] +>> endobj +5106 0 obj << +/D [5075 0 R /XYZ 220.99 342.784 null] +>> endobj +5107 0 obj << +/D [5075 0 R /XYZ 71.731 283.905 null] +>> endobj +5108 0 obj << +/D [5075 0 R /XYZ 71.731 238.076 null] +>> endobj +5109 0 obj << +/D [5075 0 R /XYZ 71.731 238.076 null] +>> endobj +5110 0 obj << +/D [5075 0 R /XYZ 204.562 225.225 null] +>> endobj +5111 0 obj << +/D [5075 0 R /XYZ 71.731 203.277 null] +>> endobj +5112 0 obj << +/D [5075 0 R /XYZ 207.272 192.348 null] +>> endobj +5113 0 obj << +/D [5075 0 R /XYZ 362.639 192.348 null] +>> endobj +5114 0 obj << +/D [5075 0 R /XYZ 324.611 166.445 null] +>> endobj +1142 0 obj << +/D [5075 0 R /XYZ 71.731 137.514 null] +>> endobj +5074 0 obj << +/Font << /F25 852 0 R /F31 858 0 R /F33 859 0 R /F38 956 0 R /F48 1258 0 R /F60 1440 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5117 0 obj << +/Length 1758 +/Filter /FlateDecode +>> +stream +xÚ­XM“›FœûWèf©J ’\•*ï&v>.9DU9Ä9Œ`$&F€‡a×ʯO3=À€Ö몜±óÑÝïõën‚Åe,~~óx|³ùžÝ.þ! “ÅñŒˆ‚¿Ov‹Ý6ô÷qž8f‹¿–?掖L¬Œ0–„øúá–¶‚Ë›þõkø¥\ý}üíM`Nß| +ãÙù!‰#u¶·Ý&>Ù& +/Üù$ˆôáp^šNÜ헿–’]̑ð³:ë¿2gú­HŒüº"Á®–ô€ž +Šî/ÈÐ +p"$p!8±Ûé{>Ð4׊6ôšS^êxflÎ,˜~ŸV¥„EþEñåµæË<Üý¹3Fퟭ’x¹ÖoeN¥~âfÛ°L?=ç¬ÄUæ*8*[ÁÌâÎoeڕò¢QîA8=ú‡˜h_h™m*ƒGQ]>Aˆv³R +Ž'QaÞ>u +®V²Ìøh ËØY¹AÛB®ÇîŠ[-«‹ uÎSZf}#EU^ô³Sªë4#ï/¬d‚J +Áé6òɐL +C#¹ I"?IbXÛ­P”—V¬ˆ¢Ã +ò¡O‚ë›TðÚ@ + +üÊL4ŽyÛ÷™¥ÊixŒÈ +8Kþ¥e¬2spœÆ<¥’W÷g^úI‡›_üÜ +ŋ oân‚5aŒ<30¿l!n=dxÊ0üìðïEVk“;CÍÑ +3ÉÊMŽ+úø€Ì€Ekn8#YO•t#ÛøȆa¶ +W{HçBj}j·—1Ûyu/"‚Á¡ÆʪîP™²Î1ÆßžÄë¶{ ++•`x'Ú°ô1I°ØÃ1I'x$8øqŽG6>’õc8ÃY×éKœú¹·[oԱȫ±>!‰;xL°8hš +Á +‰ß8xCÎ^Ìcàû ÏÑ.ÚoÍY$pۄ³iíDr¿÷A¹¿3C\€ÕB¹•Ýñ§?µKû·«8^¢€¶²n¥Éô_ +qLQ—•ÞÐéw—‹døQ4ª[Õb +Q,ÔiŽñÌI°¬J{ÍõÒIŽs+Y_ÎÎ?¡Œ0•dFeô&kš·qŽ¢oNð,_úRn돧 +~ٗý0StÖnŸ­,Óù)ˆ°zŠB ߯•ºf©Ö×w÷jê7îeeWäluæšOFkª’yªH +Òl–úg5ÐpeMC/l®zsÙ°âìÐâUj +±Áîëaܙ@óЗoTø{œÍãœØÿl™®é«ÕíeË +ÖF†=é~G +¬&(¢`hÂÓËUVUØ©Ò’À³=õ{Š¢Ó§=8Pšðf&˜eeœ¿R™æ:›œ0ˆü9Œ‰qìKr~ŠQš³ôóëáy‹'µ­ +å—\‚é/²aÅ¿õ)9žn¬ +x žiÅ+¯¹ž£~Ûpì +ï·4÷[r +‰›ª}ÒÓ+»“33 +í÷“úÿ¯ÚŠ7 +ˆBNã‰DN¢Ò·”ë¡b˱ž +ö¥å¶³Ç3'Ñf-D4ã +mv‡7õ©Š[3‰EKZÜþeNtüx#m¬¿1ñ¬±/è„X¢’^kìü« +š:õk¢™µ`cš`^ø‡–³uì—J¡ÿ<*eÜŽÙºf‹'Ó‰ƒO";+ÔbµÝ-{KŠ +C¯qˆì¬ðš©Peó/Ÿ+ûÆó/)V^@Š¢!W-JLÖã$TmMÊk=²ñ·Ûƒ1.­T±“ŒÔ +•ÒŸ;dŽáˆ[u’ÔÉüŽª{ +•p84 +€¹õ +öŽLeÚOW|v’íeZ÷ÒF?˜Øäü:N¬¹ÃÙÉ也ŽÍÐ¥j +͹~V +A‡ìtz±^j*$OۂŠÆ3Ùè">Kø*ŠÓ[ÀU¡’p§A­«Šá68Ù` dYæöJ“ÊÔMZX +UαC6Où0­ + +tPw[õ݀ϻF°d&;=üóŽC·¹Ákûýð™ÝÞojж¬6ì«åóÌ Š÷9ãú×SÀr»6Ó +wgÆ#SvþÎÎ3¯3ƒ! +e¶5Y;Ê¹lª†ñÖ'qœvص£•ÃĹð9çö‹Ù`êŽíŒùB6Ê¥·ïߚþ&Žû1”zžXJµŠG†èYæÝ· +H™ŸŸcf€:iZB%[ë¥ +ƒ„€ŠŽE.­#+Ê°TU7R2±5æ$c€~¿O‹ðÔ²NqM— ­ëŸGDŠ› +‹ä +q3ôv¿áåC,õ0÷> endobj +5118 0 obj << +/D [5116 0 R /XYZ 71.731 729.265 null] +>> endobj +702 0 obj << +/D [5116 0 R /XYZ 327.532 705.748 null] +>> endobj +5119 0 obj << +/D [5116 0 R /XYZ 71.731 681.992 null] +>> endobj +5120 0 obj << +/D [5116 0 R /XYZ 134.217 646.968 null] +>> endobj +5121 0 obj << +/D [5116 0 R /XYZ 71.731 611.935 null] +>> endobj +5122 0 obj << +/D [5116 0 R /XYZ 71.731 579.058 null] +>> endobj +5123 0 obj << +/D [5116 0 R /XYZ 71.731 579.058 null] +>> endobj +5124 0 obj << +/D [5116 0 R /XYZ 229.1 568.263 null] +>> endobj +5125 0 obj << +/D [5116 0 R /XYZ 71.731 546.316 null] +>> endobj +5126 0 obj << +/D [5116 0 R /XYZ 71.731 513.304 null] +>> endobj +5127 0 obj << +/D [5116 0 R /XYZ 207.83 502.51 null] +>> endobj +5128 0 obj << +/D [5116 0 R /XYZ 71.731 467.476 null] +>> endobj +5129 0 obj << +/D [5116 0 R /XYZ 207.511 417.827 null] +>> endobj +5130 0 obj << +/D [5116 0 R /XYZ 71.731 369.842 null] +>> endobj +5131 0 obj << +/D [5116 0 R /XYZ 201.025 346.096 null] +>> endobj +5132 0 obj << +/D [5116 0 R /XYZ 71.731 324.014 null] +>> endobj +5133 0 obj << +/D [5116 0 R /XYZ 208.697 313.22 null] +>> endobj +5134 0 obj << +/D [5116 0 R /XYZ 260.891 313.22 null] +>> endobj +5135 0 obj << +/D [5116 0 R /XYZ 71.731 254.341 null] +>> endobj +5136 0 obj << +/D [5116 0 R /XYZ 71.731 208.512 null] +>> endobj +5137 0 obj << +/D [5116 0 R /XYZ 71.731 208.512 null] +>> endobj +5138 0 obj << +/D [5116 0 R /XYZ 204.562 195.661 null] +>> endobj +5139 0 obj << +/D [5116 0 R /XYZ 71.731 173.713 null] +>> endobj +5140 0 obj << +/D [5116 0 R /XYZ 207.272 162.784 null] +>> endobj +5141 0 obj << +/D [5116 0 R /XYZ 362.639 162.784 null] +>> endobj +5142 0 obj << +/D [5116 0 R /XYZ 324.611 136.881 null] +>> endobj +5143 0 obj << +/D [5116 0 R /XYZ 71.731 121.773 null] +>> endobj +5115 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5147 0 obj << +/Length 1562 +/Filter /FlateDecode +>> +stream +xڝXM“£6œûWp‹]5ÃæÃÎ-Ùd§6‡M%ñÖ +²9È ՀD$X¯ÿ}ZH-0à™­\l +R«ûõë׍ïìÞóêçÃêéývëíý}¥ÞáäÅAæïÒÌ˶‘¿K"ïPx¯ß•€i©Üñ²0õ·aìåõJ?ØFd‰úûý֓Ô;­þXؕÆ{?KÝ.³:Mý$Á=}(ŠýmœF:–h—ú» ôÒ=ĔíL,Ÿ7i°þéϏ>>kgŸÞÇ;oáƒqØò‚?1˜y܆~² +͞OŠñ3„™íÖÄ|5’æ¢nXE +sC‘º$Œ›t³ +Ößô@Ԓã& +Ö5ÏNRÔ7ŠŽŒ€_­m’ë +/äl·Lµ°"LÖ¬7ÕµLؓ˜ÒA"–4Ɍ¿\ŽæqïeMynvŒ¢J™ë«¶%:ëLaW` +/ú)ÕÖ­šôÐ^Ên²– +ªrtO"G±_7QfàÊï¹qÉ8Ûûq–}Gv—‘ùYœÊ#lj̏€OpúÙ6ô’ýΑÝÖ7^¿«å-fŒþ¶ ]Ã!‹Œ·ôܓ¿çX +•°- +APA™Íȇ“©’k7\tŠš‹8ð¿‰ùÊ{ož•_µ/XŠ¶]ó`®Û’Ž×škNi¡ìsa-v°’·,‡,Þ>qŠÇt–õœ?ȲÈß'¶*¢ÔEƒ"dŠˆõ€Ùã+¡Ž/¬-1ÂE¿ñÄ"^Q%šÜî'ôYó˺ÝÓn6B)v¬ìÒŠ"9µî| ’àRRI'ƁY¹ë9K*VŒ +˜Ë“.öª!Pí*b› +eUq +D^ +Eùm4’ð¢ƒÑ=«*Ö?VSpI䰛gŠ<,Çh“G*šfNZ6à7‡‹ P_‚ ªªq +çXÔ:ª|s€•)-;6Q¬µÜüª;e— +±êÊiñðFO +âÔ,’`dÈÚÂ3ä#| +Œ1 +ÁВFGˆ(ØfP(]æXœÓ|šF1íð–;Jx'Ê +%ÁÉKí¬ƒÇ¹Kò¶#NBJ¢nÇ'Á5JçQs`Ï[OÒd¿WÄPÑê4žXn ZSÂÇòœ@;7ð‚ÿ° wëY +áù9ä% +UUBóµ+*v”DºN}aÚ- +>V‘ž–Œ¯L +“kæ‡ôu,£±TŽ[ìŽÿ#’œz]ŽóJûäH/†ƒZA@᎚dn°8r“"ìÉ'‹{È±æÇ¡°þŸ–]`”§ϧ +Óá\0x£j +ŽI’ãÑäMjöm<\280/§„}épþÄ +º05™û +:®bhÈå +͘\MŠ' +\ÔXLÃôÓ)lžK#§«ÚêFÏRt(I”s/Üt¶ ‹ŽÞ¯õËÄuËÄvËg[=ŸÑ S³ñ÷cÿ*ËD§@kÒ +‚ÞŒÿ! +LuãñD•C: +÷ÆØo­”Â%þVˆîŽÖahÔrKøbc ªúÞ(·G¯R•hjGg÷®5~SuZ{€”ϲ3ŽDÌÞZ€8KR/õ¹t¯>xØøÿ€É_U[ý÷N{ €,±© +£íô?šÿ"7 +s +endstream +endobj +5146 0 obj << +/Type /Page +/Contents 5147 0 R +/Resources 5145 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5144 0 R +>> endobj +5148 0 obj << +/D [5146 0 R /XYZ 71.731 729.265 null] +>> endobj +5149 0 obj << +/D [5146 0 R /XYZ 166.376 677.774 null] +>> endobj +1143 0 obj << +/D [5146 0 R /XYZ 71.731 636.564 null] +>> endobj +706 0 obj << +/D [5146 0 R /XYZ 328.496 598.178 null] +>> endobj +5150 0 obj << +/D [5146 0 R /XYZ 71.731 574.422 null] +>> endobj +5151 0 obj << +/D [5146 0 R /XYZ 161.883 565.301 null] +>> endobj +5152 0 obj << +/D [5146 0 R /XYZ 71.731 504.365 null] +>> endobj +5153 0 obj << +/D [5146 0 R /XYZ 71.731 458.537 null] +>> endobj +1144 0 obj << +/D [5146 0 R /XYZ 71.731 418.437 null] +>> endobj +710 0 obj << +/D [5146 0 R /XYZ 202.05 375.34 null] +>> endobj +5154 0 obj << +/D [5146 0 R /XYZ 71.731 355.199 null] +>> endobj +5155 0 obj << +/D [5146 0 R /XYZ 71.731 294.478 null] +>> endobj +5156 0 obj << +/D [5146 0 R /XYZ 71.731 248.65 null] +>> endobj +1145 0 obj << +/D [5146 0 R /XYZ 71.731 195.599 null] +>> endobj +714 0 obj << +/D [5146 0 R /XYZ 178.913 152.501 null] +>> endobj +5157 0 obj << +/D [5146 0 R /XYZ 71.731 132.361 null] +>> endobj +5158 0 obj << +/D [5146 0 R /XYZ 236.193 106.673 null] +>> endobj +5159 0 obj << +/D [5146 0 R /XYZ 471.1 106.673 null] +>> endobj +5145 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F48 1258 0 R /F31 858 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5162 0 obj << +/Length 1721 +/Filter /FlateDecode +>> +stream +xڍXˎÛ6ÝÏWxi3K–liÙŠMÐ.Ò 5ÐEÓŽDÛÄH€ÂÇLœ¯ï¥øDÑm63m^Þǹç +z»º¬¶«? +žßïv«*©öÙ~u<¯òí!)÷‡Õa—%e‘­ŽÍê¯õ»+ê%曧¬Ø®Ó41àZq"oæí',È +nþ>þú°µÖÁt:1ý”•e²K +xȓb[Û5ë°0&ވŒš'ÊìÊ&Ý®爺c>o‹­À،ȫ}hI©ÀðaúhV:U[[øŒÉŠõ™qiÞ¯È +w˜š'B7ùvýºI‹57Öºu‚4˜Jr¶5D +Q>¥YR¹<õœZÜYûˆZCh“iëð‡‘Æ{Þ%΄NõaoLü ‚Ðê–Àñæ™ã/Šp—.Θ]ï9Ñ1Ÿ’ë.XØ,Œ]õÒÜ ÀÜDjëÙ0g2ù=]™såaœË `õ‹®–>w‘üŽ²kw0 +E± +ÊÍø‹Ø;5ý¢Àö¶Ùkë +jÛ©sÏa@5£גÀn»cWg" ò>Ý¢ÑÎër0®7%žv·ž'ýŠ +ҜL;e=ûŒÝî˜þô͕†ÑvŠ(W +É œžtÓŠõogE£1)âµ% +‘AdšcÊ¡ˆmá‘D³*¥®#{âl*}Ðwu_!FŸáùYþ#@o¯‹3àuÈÍ}»º×m±°1»šˆ}¡&¥cO›WœŒhí¡Â|܋ý8pAÅ2&Á«y'Ššß\{HÄ¥êÃî’€ÃßÅó°„Å—NNór‰óÎ"œÑ΄ œ4ELzsøÿ +ó1,ŽÑYS|Q¬ +œ£6ÖÆ01wHÖQøïšÎŸãž¬kìZjFâ%ð +PehalKæŸ×š®!æÓ‹ÏÆòËyR‡m`³„;FCª™FÓ`QsÒKÆÃ×-˒ù8Ž.<9 +› +£.4ŠÉuÒÚàêóûb»*ažîs=Owé>)Ò + +nðë3UmkŸ:œy™äiéŸi úŽÛçIµ;Ìë25 +’¯€;dØ +/Ý +ùG·+ Y + ÉY¯yݲÝe +Ç5€m²È9`–IYŠ³A +4¬‹„žO“ýއHƑ6çl8œŽº=&ZA; +ÑÞÆȆüdå!)òj'4ù›‰g£o`0ײÈ-g˜’.MžÉGšŒâ¶ø1êÿ•³rì!i!²Æ +hBýΣ(ChÇNQñҀPÒjKµ2œP +Â2„7,} +µGã{~ÐMš +Ó z?ƒñÙww +í¶ÌÒ]$Fõӟ:fŸ;m=çôÌlz˜c–@F赋âw=Žƒã„©Œe—©°RþÌ„Ò€äŽQ]û1'PwE„ÆjT_qý²Pˆ¬ë[,ñˆ‹ +fçèèUŒ<ÇÉ\²š +7@œ»Úž*Eô³DŠè<ѝÄQãšƒ6d"o]òîÔw烁,Ÿ/öL- + +Éï €vP"²ÔM +LhݪÆÃPÀ‘~r™(®5þ (,æ];s`ª%ž|]tá”ôG™âªÎROƇ^Î5OC‹ßº_‰»õèâÏqÜØ¡‰pÊÞ¡Zƒ€Ñï“q˜Ø„ê{žSy01! +ãÕ +bnp· +€‹€{?ùŒvþF7)Ú<" ÓA€ + +±­ +#†ˆ³hœsŠBz"êpCTçïPØßìƎ\®Ò5A¬HªƒsGE +†ñ2ï¶P7“ÎŒ1՝ðBn\@ ðñ:3ÂÍÅ+°jØ_šmgµýé÷tïŒH aWö‘À³Êr4‡j©€ÓosŸéÈ×%Ëàìݬ +™ˆ$BAŒ€w.Îu@¿o::À†Œ\M"hÔöB‰›»¹ +Ç\P +Í#˜â5^öÙB”<ÆTÐîìaŒ}¿ +ªB€FUŠ[á'–³R>eU•ìòb^QßóùnÈ +4©õÆ<3öaœgÌð<F„(³¹Â˜W +&Ø +Ì̑«yrW[W>X2åƒ[†Éa +?ùJèÍŠð$ݞiþ#•Vù_Vñ¢Z7KؘҎQà/k ì"×>+B>úvÍ«Y—æ¥÷·2y(}„ÌXj +NØ|Ô“‘ZšâÁú€øo#-§à†enø€Í¿YùSÊð”JÓ)æpRKÖÿüî¡y?”BßÕqŸgç=v%Mãd„ã + +”ÿ&ŒQYlM~6IÂ_&§?zîÊ}Rf9DŸß%»Òpšå³M?þ#º³ +endstream +endobj +5161 0 obj << +/Type /Page +/Contents 5162 0 R +/Resources 5160 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5144 0 R +>> endobj +5163 0 obj << +/D [5161 0 R /XYZ 71.731 729.265 null] +>> endobj +5164 0 obj << +/D [5161 0 R /XYZ 71.731 673.31 null] +>> endobj +5165 0 obj << +/D [5161 0 R /XYZ 71.731 627.482 null] +>> endobj +5166 0 obj << +/D [5161 0 R /XYZ 71.731 569.076 null] +>> endobj +5167 0 obj << +/D [5161 0 R /XYZ 436.071 532.005 null] +>> endobj +5168 0 obj << +/D [5161 0 R /XYZ 71.731 509.923 null] +>> endobj +5169 0 obj << +/D [5161 0 R /XYZ 345.433 499.128 null] +>> endobj +5170 0 obj << +/D [5161 0 R /XYZ 71.731 451.143 null] +>> endobj +5171 0 obj << +/D [5161 0 R /XYZ 475.852 440.349 null] +>> endobj +5172 0 obj << +/D [5161 0 R /XYZ 71.731 392.364 null] +>> endobj +5173 0 obj << +/D [5161 0 R /XYZ 71.731 322.69 null] +>> endobj +5174 0 obj << +/D [5161 0 R /XYZ 357.228 283.935 null] +>> endobj +5175 0 obj << +/D [5161 0 R /XYZ 71.731 235.95 null] +>> endobj +5160 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5179 0 obj << +/Length 1325 +/Filter /FlateDecode +>> +stream +xÚœWÛnã6}ÏWømm ¢%ÊôåÁ@SØISl4qŠÝ" %Ú&"‰*Eoý÷ER·h“t{y %‡œž9sfäöpqâÛõÛÍÉø +“öєÌÉ`³Ì4 +ƒÁ̧ƒM<øux–ç,‹ùÓÈóùð +™õ#/”y;»æŠ‹¬0/»ö‡Bšu`æ#‘}ò}Œ?J6úmó=Äáá)š뫈$ϕþOY0C8  +l$\`cBã‚eLÒÄ +Ðh1ÅS}b2Cs +€}XÖŸç=ruðd/Ù( Ã}<ŽÙ“áçñ1ãOð²þ +“2ˆ +*·°yÙ" +ÑMy=âYŠ€ÈµgóÃ~D†n/™4?(aÖcÁyú`ãø`^ya7:›ë®Í‹Ò ÏöæuEY*2óüÉ'þúbKpj­àœaíÁ`Ž Ð +I³X€îžåK‘muŠÄnM”If¬ú†à\š„a³õ–EZ>LxgˆŽÏ”Š‚W±fÝ&Ìã1DÇÕóòîv}ó|q_HŒÌhÊ^Ô«åہÙc€ ¯ÊP +a¡Í%/YÆ“xVԄïÈ +€6ÀÃM@©,x™ØŠždŒ@p®†Øá‚ç +4#†ŽHX€„3¹Œ]_­þXJÉoRϘïÔóRÊ[YîGj–H€yÂkîŽâX²¢°ÌœŽžD–<· +Žꈚ~o2¡ÓÀ²Ó>ħh† +’›oþ8ÿquu/v÷%ÿï¢Pö1}"ŸT‡K +2²X#wéÂEÈð­m +@ª1$ØúŒô¿Œ- +™T¡Yv„3 +ìêU(É"žsš›åÙjuó¢Xi ,xMÉךP° +Z¶rðlŸ]iqŊœF¬.˜”>Y„æ†èåó/£ÀGK%šUÌé„cKÏõ'_¯šfZKþ%amÝdIò¶Þ+y,àrË»ËÕ߀Rws°æwC9Òc¡Úüª +)¥PÞ9m@šp·ÛUjvLahBÛN}¹*€^WÕ%ÙïG. +ŸûgÀœŒÚí¢Ýnö(!ûZÁÛ€zfš&šõÊ&FAÅv9š¡ãŸæaÕÞªVo/×±ZÖPUjºŒ]• + +R +øRfbÈzîßôc‹å +˵Œ+jF(×ÔAR`²ˆÜØ~%\ïVªŸæS‹=×­ÎM±@#u:xSðr!-\ál¬¢ŒÖRžî+o‹MÔÿC­J|¥²jŽÜúVzP>6îÒËǺ`^ +ð@"Á×aùóõÍýO£@Ò߯uVkŒµd¥JĬûPQ·é +œüéKbC_M©k{/ØŸ!{ûà™yð<³bBNûj£ŠíµÃÕ­ØîŽED +SPXé:@¡ô7dZÐu5p +Ÿæ +˜f +û +àölŸÞœüo:9 +endstream +endobj +5178 0 obj << +/Type /Page +/Contents 5179 0 R +/Resources 5177 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5144 0 R +/Annots [ 5176 0 R ] +>> endobj +5176 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [138.481 496.361 187.516 506.891] +/Subtype /Link +/A << /S /GoTo /D (0:PATHS) >> +>> endobj +5180 0 obj << +/D [5178 0 R /XYZ 71.731 729.265 null] +>> endobj +1208 0 obj << +/D [5178 0 R /XYZ 71.731 718.306 null] +>> endobj +718 0 obj << +/D [5178 0 R /XYZ 127.983 676.38 null] +>> endobj +1209 0 obj << +/D [5178 0 R /XYZ 71.731 665.648 null] +>> endobj +722 0 obj << +/D [5178 0 R /XYZ 172.199 624.67 null] +>> endobj +5181 0 obj << +/D [5178 0 R /XYZ 71.731 624.455 null] +>> endobj +5182 0 obj << +/D [5178 0 R /XYZ 71.731 609.511 null] +>> endobj +5183 0 obj << +/D [5178 0 R /XYZ 71.731 594.617 null] +>> endobj +5184 0 obj << +/D [5178 0 R /XYZ 139.477 578.841 null] +>> endobj +5185 0 obj << +/D [5178 0 R /XYZ 71.731 541.536 null] +>> endobj +5186 0 obj << +/D [5178 0 R /XYZ 71.731 527.868 null] +>> endobj +5187 0 obj << +/D [5178 0 R /XYZ 139.477 512.092 null] +>> endobj +5188 0 obj << +/D [5178 0 R /XYZ 296.716 512.092 null] +>> endobj +5189 0 obj << +/D [5178 0 R /XYZ 71.731 487.394 null] +>> endobj +5190 0 obj << +/D [5178 0 R /XYZ 71.731 474.069 null] +>> endobj +5191 0 obj << +/D [5178 0 R /XYZ 139.477 458.294 null] +>> endobj +5192 0 obj << +/D [5178 0 R /XYZ 379.973 458.294 null] +>> endobj +5193 0 obj << +/D [5178 0 R /XYZ 71.731 446.174 null] +>> endobj +5194 0 obj << +/D [5178 0 R /XYZ 71.731 435.28 null] +>> endobj +5195 0 obj << +/D [5178 0 R /XYZ 139.477 417.447 null] +>> endobj +5196 0 obj << +/D [5178 0 R /XYZ 166.197 404.495 null] +>> endobj +5197 0 obj << +/D [5178 0 R /XYZ 460.5 404.495 null] +>> endobj +5198 0 obj << +/D [5178 0 R /XYZ 71.731 392.376 null] +>> endobj +5199 0 obj << +/D [5178 0 R /XYZ 71.731 379.424 null] +>> endobj +5200 0 obj << +/D [5178 0 R /XYZ 139.477 363.648 null] +>> endobj +5201 0 obj << +/D [5178 0 R /XYZ 71.731 338.578 null] +>> endobj +5202 0 obj << +/D [5178 0 R /XYZ 71.731 327.683 null] +>> endobj +5203 0 obj << +/D [5178 0 R /XYZ 139.477 309.85 null] +>> endobj +5204 0 obj << +/D [5178 0 R /XYZ 381.597 296.899 null] +>> endobj +5205 0 obj << +/D [5178 0 R /XYZ 431.967 296.899 null] +>> endobj +5206 0 obj << +/D [5178 0 R /XYZ 71.731 284.779 null] +>> endobj +5207 0 obj << +/D [5178 0 R /XYZ 71.731 273.885 null] +>> endobj +5208 0 obj << +/D [5178 0 R /XYZ 139.477 256.052 null] +>> endobj +5209 0 obj << +/D [5178 0 R /XYZ 71.731 218.03 null] +>> endobj +5210 0 obj << +/D [5178 0 R /XYZ 71.731 207.135 null] +>> endobj +5211 0 obj << +/D [5178 0 R /XYZ 139.477 189.302 null] +>> endobj +5212 0 obj << +/D [5178 0 R /XYZ 71.731 177.183 null] +>> endobj +5213 0 obj << +/D [5178 0 R /XYZ 71.731 165.208 null] +>> endobj +5214 0 obj << +/D [5178 0 R /XYZ 139.477 148.455 null] +>> endobj +5215 0 obj << +/D [5178 0 R /XYZ 71.731 48.817 null] +>> endobj +5177 0 obj << +/Font << /F25 852 0 R /F31 858 0 R /F50 1263 0 R /F33 859 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5219 0 obj << +/Length 1624 +/Filter /FlateDecode +>> +stream +xÚ­XMsÛ6œûWpr±8cR$%RÒA±c'uG¶ÕHi’I3ˆ„%Ô$Àdmýû.„~ˆNtèI +,vߟ}»Žgm-Ïzvµ>Ÿ¬™;‹‚ÈZ?Z#äÎBk2 +ÜiXëÄú:žÌsLòb;Aè +.]ù» Œ”+öš~ó’0ÊåÃ#+ä¢Üa¹p‡1£{^°­ +{4š×<.H^ÚßÖœyÊ-ðÉoøäø³±;šM-'»¡7•^9Šh“b'#qÁ +^b”–»ùç‡ßÿ²ýQ8ž\ŽŒê_ËËAV'î +b—!r±î6î(Âp‡Ô}Ï€Üé{ÔöŠ›aäÎ:µýBF·±oP) „ŠÀí‡ƒ­ +eÛå;Ë?íH’`*×5fH +_Š7)v +–3óÜñdàîÌwÀ¡,NçËO§#ñ–e¢‰Œ'%Te)G't+ˆÊqBžž$é‹5–vœÚ*l:ØVŠ%׀€©:«6©» +–ÉÕj}}{¯n~<ÄìÏmèKŸ +Å.o{Ѝ€éF; +€i +\ý0óF[ +=œåå^'®$à¥ß +BáñÚõMÏUiµ` +yŠKœîí(Ô~¬wÚ=Y^r¡}·ŠcuRÛQ’ú@Éä¯&†ˆIVŽÄ°ºµ7/° +„ƒMX=ÈZâÅ%©7ʳ˜‚ÄžY‹„—–HƒՐW¥"²Šc/‘ åp,u(ÊðüÞõ}ws:­?æ eèPMštªrŒŽ€Ø7«­ÁÊC퇞5 +ڏÆ©ˆ&.ìÒÅÏQ¶C„öˆÄØsý±Ñ‘ÐÉ +{c×÷&zÛŸJq-PCÏ×{Žõ–ãBÅQsR{|Y4;ÆМµ{™ï†Ÿq\“ÓžB +Y +Bw"ĺɓšž€Öµ*× +âš9zPZŽÔvá¿bè)TyýÄó՗ÕúæîûÝåòt–ˆ+„VªÕ1šîkìDy̓'Û®«ÒÏXIâí~šbÔ!¹Ä»!BÁÑDë*ÆÏ +¢©JåNcm(‘#àay¥ÈàG +ªÒò¢Ï­>çvj^Ÿ÷Žø +qˆSå?7i‚RŠX‘’×õgdò\0ýüµ¢&ŽðEÅÑH³LD¥õ_Kc+úv‚”ãz脱Ú÷27CyÓŠz®•"fE9ÈNbŸym‡EŠ×0|–Œ;ß ŽçWþÅUp£]Vžl±7q4)äÝÏ}pœ!’v2“²m38N¶•UÑN)[⃲ªì<Üß4›fMoª à9ŠqÍÚ +éŠa}ì_^?4:¬Ã14QTÖú¢æ*`X[q +ê¢[µôŽâÈ_À~2žŽ¢ñD³ +ãÖÖWõº!\ŸïMƒß:&žLu#§ýCL»ÑŸ¢tÉÆ)pÊ`d:Y⟟]ÜÞܯuz€§7øòM>ßÐz~Q†[Í»I•H0ÒÄ$‘¹}ÿûÇegšτã‹ZR;éÐnëŠ +€~6,¢ÃMš`Ò)Àœd©”> +¶&2Ÿï&œ*_“+aÿxZïwëÐð4¢ólπÜñr +K3VŠ‡,Ùħ»Œªòœ¥qf{€CÈdúP³(íˬÈâÝ~õçBep)ݪ_< +œSéU T”Œ<\_œ•ùhnëI¬}JêÊ(eã*5ìÁ Êɯ1 +6­ü¢fŒT¶·×+¥h²]ȇøGE +3jMÞ< +Ï*ÔØÿ«êÃ":A®—ùòÝçÓC\ªSjP€}Å-Â[#³À»óMr\“õ€§ñâñ®çû:!8Ï4ÏÃíâÛLÆfdážéNÆî4˜êsM}?næÎ(˜ž“Ñ€M9Àkž!tØ7¡‡n§È^\²Vn¢Ð +‡¯5éËÏàíé=º©-æžà‚û“=† +h yÊÄ'ʳÚ/ +pŠ_è¬Å Üh%g|‘é,¡-îN_æ£2ÅèIېG:=+Ð=KËß±*MÚTF®wàæ +ސ’*ËÕS“ +ë©°1z~ß ø©)Ñ»Ž»;ÓrQçî'm—ËiÁ +ÁÊÁkÖўJ©/Ì +ùc@Ì©ñÍcµþµEn4³ +PÄ©ÉÛý j +¹YŸý=K'« +endstream +endobj +5218 0 obj << +/Type /Page +/Contents 5219 0 R +/Resources 5217 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5144 0 R +/Annots [ 5216 0 R ] +>> endobj +5216 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [407.988 420.259 459.793 431.163] +/Subtype /Link +/A << /S /GoTo /D (0:KEYPAD) >> +>> endobj +5220 0 obj << +/D [5218 0 R /XYZ 71.731 729.265 null] +>> endobj +5221 0 obj << +/D [5218 0 R /XYZ 71.731 718.306 null] +>> endobj +5222 0 obj << +/D [5218 0 R /XYZ 71.731 707.163 null] +>> endobj +5223 0 obj << +/D [5218 0 R /XYZ 139.477 690.411 null] +>> endobj +5224 0 obj << +/D [5218 0 R /XYZ 153.036 690.411 null] +>> endobj +5225 0 obj << +/D [5218 0 R /XYZ 71.731 667.397 null] +>> endobj +5226 0 obj << +/D [5218 0 R /XYZ 139.477 649.564 null] +>> endobj +5227 0 obj << +/D [5218 0 R /XYZ 71.731 598.59 null] +>> endobj +5228 0 obj << +/D [5218 0 R /XYZ 71.731 587.696 null] +>> endobj +5229 0 obj << +/D [5218 0 R /XYZ 139.477 569.863 null] +>> endobj +5230 0 obj << +/D [5218 0 R /XYZ 306.479 569.863 null] +>> endobj +5231 0 obj << +/D [5218 0 R /XYZ 360.735 569.863 null] +>> endobj +5232 0 obj << +/D [5218 0 R /XYZ 453.756 569.863 null] +>> endobj +5233 0 obj << +/D [5218 0 R /XYZ 71.731 544.792 null] +>> endobj +5234 0 obj << +/D [5218 0 R /XYZ 71.731 532.817 null] +>> endobj +5235 0 obj << +/D [5218 0 R /XYZ 139.477 516.065 null] +>> endobj +5236 0 obj << +/D [5218 0 R /XYZ 139.477 477.21 null] +>> endobj +5237 0 obj << +/D [5218 0 R /XYZ 71.731 465.091 null] +>> endobj +5238 0 obj << +/D [5218 0 R /XYZ 71.731 452.857 null] +>> endobj +5239 0 obj << +/D [5218 0 R /XYZ 139.477 436.364 null] +>> endobj +5240 0 obj << +/D [5218 0 R /XYZ 71.731 398.341 null] +>> endobj +5241 0 obj << +/D [5218 0 R /XYZ 71.731 387.447 null] +>> endobj +5242 0 obj << +/D [5218 0 R /XYZ 139.477 369.614 null] +>> endobj +5243 0 obj << +/D [5218 0 R /XYZ 71.731 344.543 null] +>> endobj +5244 0 obj << +/D [5218 0 R /XYZ 71.731 331.592 null] +>> endobj +5245 0 obj << +/D [5218 0 R /XYZ 139.477 315.816 null] +>> endobj +5246 0 obj << +/D [5218 0 R /XYZ 71.731 303.696 null] +>> endobj +5247 0 obj << +/D [5218 0 R /XYZ 71.731 290.745 null] +>> endobj +5248 0 obj << +/D [5218 0 R /XYZ 139.477 274.969 null] +>> endobj +5249 0 obj << +/D [5218 0 R /XYZ 71.731 249.898 null] +>> endobj +5250 0 obj << +/D [5218 0 R /XYZ 71.731 236.947 null] +>> endobj +5251 0 obj << +/D [5218 0 R /XYZ 139.477 221.171 null] +>> endobj +5252 0 obj << +/D [5218 0 R /XYZ 71.731 209.051 null] +>> endobj +5253 0 obj << +/D [5218 0 R /XYZ 71.731 196.1 null] +>> endobj +5254 0 obj << +/D [5218 0 R /XYZ 139.477 180.324 null] +>> endobj +5255 0 obj << +/D [5218 0 R /XYZ 392.386 180.324 null] +>> endobj +5256 0 obj << +/D [5218 0 R /XYZ 139.477 167.372 null] +>> endobj +5257 0 obj << +/D [5218 0 R /XYZ 71.731 155.253 null] +>> endobj +5258 0 obj << +/D [5218 0 R /XYZ 71.731 142.301 null] +>> endobj +5259 0 obj << +/D [5218 0 R /XYZ 139.477 126.526 null] +>> endobj +5217 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F38 956 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5262 0 obj << +/Length 1250 +/Filter /FlateDecode +>> +stream +xÚÍWKoã6ŸçWèЃ +¬=-û°’Ínš"݈{(¶{ %Ú&"‘‚Hm6ÿŸCñ¡G„ÔE +ŽK”Å™ofŸo8 +œ£z·×»‹ËOIâmÑv +¯œÝÁK¢m3/ObŽÉboWz_ü«Š!¬€ßWAœ +þÒ×{*€Ÿãsm$åLèŁ·úFžˆŸA—g„a|ìÚU’ûæ±(ZÚÈÕ×ÝÏ¡˜¢Š ÚŠ(ÙnŒ NQn4ª +ï+4²Å™°W/+qrŽ +8û¿’–ò’žª^4„âDŠ'}û|"Ø@ÇúR’ý*ýîxŽP$–ÃæòY²ÒÜìyk’CMr^ˆ0‰{`Ö¯ÄO«(ô‰±F«8ó€¶BPŒÍ(!C‰¢Y +H³gœÀu†¶i +[û-<ãÆO'Hù’˜p8³%gÝw€ +xÁ&C›u%0QfÁä5–c‰:qh +:™IŠâm2•ƒxÖÖ?Æ•oÁšš+›óóŸ;Yô“ΧM Ëǒ̙ÙTXC>²(œìÛP("hFpˆ°âÇa›ùwêÄüMÒ~[E™o›VYŸÛAŒâZRª~ùµ—–ŒÒxhym×\š×O\È›l±°iJˆ[§Q{ +؂ÛÜ8g‰æýÔa‹õt +5žà‡I„†.#ÎÌAµ]\Ð +€l+eèb!íIëŠÌ€ùn á€ß˜r±·4(.ïfÛ +€•i$ŒŒ²± +Š•%óÔ¡‹°í˜€õ«‰ +FŸæhG^ ŠÂ<·µ&¶NÙؒ¹š(a2ànœ0|°¹ÿ«^Ur2ŸRT$:Š¹êûñm¡ý8•=÷ì`rZLÐʒÎÆÖø\_®ƒÌ«8÷DÑÎåx²Ôir>\ûgRUúL58cšÃv=;³eŽQ§óÕúåÃýÝÇÏ;3ù}Ÿ +¡ÿûWœþ°ÔØ\ +4׊Á +f³‡Âw ¿Œ3¡Ž$Æ€8ç\®946èAýìaò_pô™à‚+xÛºœG9áûY3pÉdÿUí–B› +‰ÖŠkoϙ’ªðaîEèF5/uÚ˓°³DGÔ|±à~øéᗏ3p®Ó(@bÉÛ© +-ÿ7 +šÌÄ£¹ÕÅøøÛÝÍåãíݍ99(}hžŸH§ºálÄï±Ð'þø +{òÕ¿^£ +:~°Þ¢$2 +&Šóɞ»‹?.5?œ +endstream +endobj +5261 0 obj << +/Type /Page +/Contents 5262 0 R +/Resources 5260 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5144 0 R +>> endobj +5263 0 obj << +/D [5261 0 R /XYZ 71.731 729.265 null] +>> endobj +5264 0 obj << +/D [5261 0 R /XYZ 71.731 718.306 null] +>> endobj +5265 0 obj << +/D [5261 0 R /XYZ 71.731 706.187 null] +>> endobj +5266 0 obj << +/D [5261 0 R /XYZ 139.477 690.411 null] +>> endobj +5267 0 obj << +/D [5261 0 R /XYZ 139.477 677.46 null] +>> endobj +5268 0 obj << +/D [5261 0 R /XYZ 71.731 665.34 null] +>> endobj +5269 0 obj << +/D [5261 0 R /XYZ 71.731 652.389 null] +>> endobj +5270 0 obj << +/D [5261 0 R /XYZ 139.477 636.613 null] +>> endobj +5271 0 obj << +/D [5261 0 R /XYZ 71.731 624.493 null] +>> endobj +5272 0 obj << +/D [5261 0 R /XYZ 71.731 613.599 null] +>> endobj +5273 0 obj << +/D [5261 0 R /XYZ 139.477 595.766 null] +>> endobj +5274 0 obj << +/D [5261 0 R /XYZ 71.731 585.704 null] +>> endobj +5275 0 obj << +/D [5261 0 R /XYZ 71.731 570.695 null] +>> endobj +5276 0 obj << +/D [5261 0 R /XYZ 139.477 554.919 null] +>> endobj +5277 0 obj << +/D [5261 0 R /XYZ 71.731 529.848 null] +>> endobj +5278 0 obj << +/D [5261 0 R /XYZ 71.731 516.897 null] +>> endobj +5279 0 obj << +/D [5261 0 R /XYZ 139.477 501.121 null] +>> endobj +5280 0 obj << +/D [5261 0 R /XYZ 71.731 450.147 null] +>> endobj +5281 0 obj << +/D [5261 0 R /XYZ 71.731 439.253 null] +>> endobj +5282 0 obj << +/D [5261 0 R /XYZ 139.477 421.42 null] +>> endobj +1210 0 obj << +/D [5261 0 R /XYZ 71.731 401.33 null] +>> endobj +726 0 obj << +/D [5261 0 R /XYZ 492.575 358.233 null] +>> endobj +5283 0 obj << +/D [5261 0 R /XYZ 71.731 334.744 null] +>> endobj +5284 0 obj << +/D [5261 0 R /XYZ 71.731 310.248 null] +>> endobj +5285 0 obj << +/D [5261 0 R /XYZ 71.731 295.304 null] +>> endobj +5286 0 obj << +/D [5261 0 R /XYZ 71.731 282.352 null] +>> endobj +5287 0 obj << +/D [5261 0 R /XYZ 139.477 266.576 null] +>> endobj +5288 0 obj << +/D [5261 0 R /XYZ 71.731 254.457 null] +>> endobj +5289 0 obj << +/D [5261 0 R /XYZ 71.731 243.563 null] +>> endobj +5290 0 obj << +/D [5261 0 R /XYZ 139.477 225.73 null] +>> endobj +5291 0 obj << +/D [5261 0 R /XYZ 71.731 213.61 null] +>> endobj +5292 0 obj << +/D [5261 0 R /XYZ 71.731 202.716 null] +>> endobj +5293 0 obj << +/D [5261 0 R /XYZ 139.477 184.883 null] +>> endobj +5294 0 obj << +/D [5261 0 R /XYZ 71.731 159.812 null] +>> endobj +5295 0 obj << +/D [5261 0 R /XYZ 71.731 148.918 null] +>> endobj +5296 0 obj << +/D [5261 0 R /XYZ 139.477 131.084 null] +>> endobj +5260 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F38 956 0 R /F11 2489 0 R /F25 852 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5299 0 obj << +/Length 1430 +/Filter /FlateDecode +>> +stream +xÚ­WMoÛ8œçWèh-êËò!‡$MÒì&­Q»‡¢-²LۄeJ ¥$îaûER_–Û`wO²di8óæœ7€cm-Ǻ¿ž^^Lî<Ϛ¡Yè†ÖrcyØC³Àšz.Š×Z®­o£«<'lM_Ƕ8£+€®TêW¶Ñ׌ êf“qõ£ØõM’Œ}w +w[ò±7 +éÇ"á4/Æ?–\8:-È ·r²ñÌGÞ,²l×G©¬lû +;{ŸìH²¿\|],oŸþzºšw"™« +!œ@š)šAÁU„o7·—*OÇØqF_šûïNàVÙñ’ô ?ÛCn#ÂIëTB™Ä-ÈeÊmu’4[­'ëáâ(’8MES„ImM +’ý¯lšÀ +FÏc +ŒL +žeŞuò׬iuD¥\Ÿ¬H <.vÝ +ä_sr8VD}I +bäù +¬€V8Š‚ +Ð!ÎÕ» +Ò!r£™yUbeZdœ‘g@i¶=]¶W7R±;@ +U"¶ț#¹^šu‚<‰ý4IªÌïçêfA·,.JXSÝgL]oj5TMœŒ‹x +bÀt]äi®ß¹Ä@‘þE.†Wá +ªmëb›o/çã™;ºcŒGËo×Å¡QžgåüŸ‹ê?§›£&‹Nº¥íªÃH »&ä²nw¹JiÒZ=vÍ€nÙHÞm€’Ž! ú«„}gôÎܖÀè㠘€©ï•€DOÙ偹Ԅù{‚¶¬Ì·H–Oà9ÐìLᣰ¡™Ó +MÓ.Û!ÙµŠCASªÏ°ßé[e +¢<\Þ|žœùsñåéí}t¡åÃýíç–ç@èS UaQ»0?DaǙêañ™kÞYQóã8 +Fºáu¿ÓÿŠ4`¥”égYYä¥ùàhpó!)Üm­ˆ»ØT«¬ŽW +”âGÁJ©åeG˜1‹€Ñ +IÙ`©;ùÈwŒÁ†nòË»‡Ð„ùç6ÿ­›õúRYlKxä,Î(çD[’‚]9 +ðŠ~e=[2 +PôʉûnhtzÓH¢o"ÃUiœ®Æ.¬ kE +„“<ãŠô~M¥çÌŠ¢éµ‡S4õCíìqv_;ûMJ +& +0 +‚=Ë«6s&-ê™ÇßuhøAXŒJ‰ÍHñ"3Ëøþ2QñÁØ4Ho Œ;@˜ØldžZ +Ã&vãÐì +©wl1ëDEÌÖqšmêÏÐÃ8šÎ§â=ˆÖTT–ðco÷ËRÞ«õP_×C¥ÞYžbe${(U[£¡üü +þzKü/Fd + +õÿ/IWÏmõ`¡Wc‡-eBôŸ/fC#0hcbdp’§ +ƒ'Ýf€žÉ™Ä›BuÖ×fgƒH +—©Qr +ªƒêBVq²¯”óõH3€ g:"EƊš&y³> Ä؏Ùd®2óë\÷$89'vzƒ šàÌwn£Þ~X÷㺀éútô±hÒ¬_ j댥§k¬ÌMt᠇<‚®NŽ-t€n’xS¥gäeä/xþveu€ßöó3ŽüIxfïY&÷†/)YoõóÅg}îÈyVdI–vˆKˆ¬†æŸ4ÛþÂ'k +ÔÅC͖Rô‡#JûûÎ4ƒMœ0k%p@h˜–ì`'K`Úêšb3ÅèÑÕ9º»ØAa™=Ìrgduºó€8sð‰mœ-NKÒ=¡Úf‰N­íSÃ#ÁƒÂåѣѪDSë•ÐfÞhž¬ò·qÍëõw¬žS†,RðšCAË +C˜Ä3ع9pʚªJ°uÞº]^üâ +‹# +endstream +endobj +5298 0 obj << +/Type /Page +/Contents 5299 0 R +/Resources 5297 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5333 0 R +>> endobj +5300 0 obj << +/D [5298 0 R /XYZ 71.731 729.265 null] +>> endobj +5301 0 obj << +/D [5298 0 R /XYZ 71.731 718.306 null] +>> endobj +5302 0 obj << +/D [5298 0 R /XYZ 71.731 707.163 null] +>> endobj +5303 0 obj << +/D [5298 0 R /XYZ 139.477 690.411 null] +>> endobj +5304 0 obj << +/D [5298 0 R /XYZ 300.82 664.508 null] +>> endobj +1211 0 obj << +/D [5298 0 R /XYZ 71.731 657.37 null] +>> endobj +730 0 obj << +/D [5298 0 R /XYZ 110.964 591.892 null] +>> endobj +5305 0 obj << +/D [5298 0 R /XYZ 71.731 591.677 null] +>> endobj +5306 0 obj << +/D [5298 0 R /XYZ 71.731 576.733 null] +>> endobj +5307 0 obj << +/D [5298 0 R /XYZ 71.731 561.84 null] +>> endobj +5308 0 obj << +/D [5298 0 R /XYZ 139.477 546.064 null] +>> endobj +5309 0 obj << +/D [5298 0 R /XYZ 174.067 533.113 null] +>> endobj +5310 0 obj << +/D [5298 0 R /XYZ 71.731 521.367 null] +>> endobj +5311 0 obj << +/D [5298 0 R /XYZ 71.731 510.099 null] +>> endobj +5312 0 obj << +/D [5298 0 R /XYZ 139.477 492.266 null] +>> endobj +5313 0 obj << +/D [5298 0 R /XYZ 286.136 492.266 null] +>> endobj +5314 0 obj << +/D [5298 0 R /XYZ 139.477 479.315 null] +>> endobj +5315 0 obj << +/D [5298 0 R /XYZ 185.962 479.315 null] +>> endobj +5316 0 obj << +/D [5298 0 R /XYZ 71.731 467.195 null] +>> endobj +5317 0 obj << +/D [5298 0 R /XYZ 71.731 454.244 null] +>> endobj +5318 0 obj << +/D [5298 0 R /XYZ 139.477 438.468 null] +>> endobj +1212 0 obj << +/D [5298 0 R /XYZ 71.731 418.378 null] +>> endobj +734 0 obj << +/D [5298 0 R /XYZ 322.556 375.281 null] +>> endobj +5319 0 obj << +/D [5298 0 R /XYZ 71.731 371.717 null] +>> endobj +5320 0 obj << +/D [5298 0 R /XYZ 71.731 356.773 null] +>> endobj +5321 0 obj << +/D [5298 0 R /XYZ 71.731 347.286 null] +>> endobj +5322 0 obj << +/D [5298 0 R /XYZ 139.477 329.453 null] +>> endobj +5323 0 obj << +/D [5298 0 R /XYZ 71.731 317.333 null] +>> endobj +5324 0 obj << +/D [5298 0 R /XYZ 71.731 304.382 null] +>> endobj +5325 0 obj << +/D [5298 0 R /XYZ 139.477 288.606 null] +>> endobj +5326 0 obj << +/D [5298 0 R /XYZ 71.731 276.486 null] +>> endobj +5327 0 obj << +/D [5298 0 R /XYZ 71.731 263.535 null] +>> endobj +5328 0 obj << +/D [5298 0 R /XYZ 139.477 247.759 null] +>> endobj +5329 0 obj << +/D [5298 0 R /XYZ 71.731 185.891 null] +>> endobj +5330 0 obj << +/D [5298 0 R /XYZ 71.731 170.882 null] +>> endobj +5331 0 obj << +/D [5298 0 R /XYZ 139.477 155.106 null] +>> endobj +5332 0 obj << +/D [5298 0 R /XYZ 350.145 142.155 null] +>> endobj +5297 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R /F25 852 0 R /F38 956 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5338 0 obj << +/Length 1716 +/Filter /FlateDecode +>> +stream +xÚÅXYoÛF~ϯò°VÜ%—Gp +»q‘Ú†­€)œ  Ä•µ0E²<âèßwöâ%:ŽûÒ'-—ÜÙ9ŸùfFÎì~æÌ~{õvùjqE>ñgËÍÌÅ.Šè,p +)™-“ٝuR,Køw{Nšc õûWµZåý[Ô<Ï*õ°ÉKµš·L-Ðbg_ +‡Ü7¥í–Þ®Ö%/jûëò÷WŽV +tÂ=æ8ò +³9ñuB¥Õ|þÈëí<å«Ç2.íˆX'6ÆØZŸÿ:g~g„ +ÙRÎÝíٍ +:Ö'ø‘ +]]~°±ãX}UÏož&#[*V~³1µ˜6Rš¢ß4E‘—õÈ ZKõðšΟ¶çXœÕ•øI*Î2¶‹ßؔZڋËÓk}œ.XY »À–9&&¬,áe\îA,Ö±¹ÈÄw‹sêÌBp£ï 7zù^‡å¡«×‹m^ÕŠÓ4T~CDýö@œ% +0çP.gztBn²ý”XùQ`Ÿ?R7ÆoöMÊÞh@!”Å;œJ˜@RÆé†Àkšý¢qÛe>gYŒJٜgU +æÎ + ãKÛ¥ÖÉgO¶»Í Œ}•Äl—gH]nPEànì +Ð) p|}ucû˟ÇäÒÜÓA)Ï4¶|œ}ijpWÕ,ë`—° +`ۊ›T‹åh^@ÐÑÈõùÓ×®Sβz|%$yÆÖõÑRKVðŽÛ„ZJãtoûÔB&}&¢9g`²ÜMwáUk~=T¶sLÁoqÚ°Q ûúº;_‚E6¢ ðâ"ØÐZ]e ¿Â +c Ó"x‹£sF^iÀ¹¡7lœ–,N„DÏ!äyÄZé*—ÖÀ* +Kõh!åëX0/R/¯Õe°ÊšÝJp†|X±4~Tç°C<õ¢dÿ4Œd! ðµ¥íQ+Ïë ·àŽÍé¢Tæ)AŸgZåyž\HºÁÅÀìÄ +¢€gª±ñÃ$KóûîÈñû«ÛdÚÝ釋³Ëå4ó·i(øLã$IÄÕŽš +d€4A‹3xXÇÙæÙ8Éښ)clRÙ!)ÓbOŠ2mï +p27Š=ò¿#ïóF§·dl”gàúíÏë«•ùnÂm}È4”µ“öd/Õ¢ã«:~ÆÂ-Ù29[³çq§õÿ=$Ð +•Yܧ֎õWñú¡)»?S™Ø 'šI0•Õ}î(ðüٜ:ˆžTw„ˆŠp¡um»pyœ­&HÁ +PH0$9Ôæ P'OÇž,äaÅìñ~˜qeôÍî‡;„R +èm\VŠë饣Ò&ì“öÁ÷mAÑ1„ò®ÛNhO#ä +-÷©Þv˜=‚¡ÆPæ;>*­˜†ó}ä‘Qžöôïª~瓃’–ÄuŒŠ+v4 +¥÷Ñššÿ‡>_Ï%m +’â4-Œ{ªgÏòì á +Žû {~©öÀtºîŸç +æEšÜÔ҄{[ƒ€žÔ2"šk #X×y¹Ÿœ:cèêõ¶ +Ø°aãê·ËšµäÙ®@±®j•{h› M–!‹Š*vãŽ7¥ŽSc/݇Z·Û1ùŒjÀBa瀆FsCÂ꘧Õ„jÅ3pßñ»‹›Ÿ€ÁÃ@?§žÃ¹ +;†‘Ûæ­_B¹gsÙ.šº>ÅÆDjL”²¶5“†^Ÿ~©¥^dÉój)(M¯z&ã ­z:tlN;À÷GÛamñ-.§&: +ÆE}«‘’ù®ÕG7‹°Zi]K^«Á +$µ‰à‚EÊW‹‰Q +{ENÛNè|ÿ[ÚDŽ£ñŸc Tä"è4Ô L¢Á™³å«ô +'‚ +endstream +endobj +5337 0 obj << +/Type /Page +/Contents 5338 0 R +/Resources 5336 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5333 0 R +/Annots [ 5334 0 R 5335 0 R ] +>> endobj +5334 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [137.086 365.416 185.573 375.946] +/Subtype /Link +/A << /S /GoTo /D (0:CONFIGFILE) >> +>> endobj +5335 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [138.481 222.542 190.286 231.388] +/Subtype /Link +/A << /S /GoTo /D (0:LAYOUT) >> +>> endobj +5339 0 obj << +/D [5337 0 R /XYZ 71.731 729.265 null] +>> endobj +5340 0 obj << +/D [5337 0 R /XYZ 71.731 741.22 null] +>> endobj +5341 0 obj << +/D [5337 0 R /XYZ 71.731 718.306 null] +>> endobj +5342 0 obj << +/D [5337 0 R /XYZ 71.731 706.187 null] +>> endobj +5343 0 obj << +/D [5337 0 R /XYZ 139.477 690.411 null] +>> endobj +5344 0 obj << +/D [5337 0 R /XYZ 185.125 677.46 null] +>> endobj +5345 0 obj << +/D [5337 0 R /XYZ 301.638 677.46 null] +>> endobj +5346 0 obj << +/D [5337 0 R /XYZ 71.731 654.446 null] +>> endobj +5347 0 obj << +/D [5337 0 R /XYZ 71.731 639.437 null] +>> endobj +5348 0 obj << +/D [5337 0 R /XYZ 139.477 623.661 null] +>> endobj +5349 0 obj << +/D [5337 0 R /XYZ 191.551 610.71 null] +>> endobj +5350 0 obj << +/D [5337 0 R /XYZ 435.043 597.758 null] +>> endobj +5351 0 obj << +/D [5337 0 R /XYZ 71.731 574.745 null] +>> endobj +5352 0 obj << +/D [5337 0 R /XYZ 71.731 559.736 null] +>> endobj +5353 0 obj << +/D [5337 0 R /XYZ 139.477 543.96 null] +>> endobj +5354 0 obj << +/D [5337 0 R /XYZ 71.731 505.938 null] +>> endobj +5355 0 obj << +/D [5337 0 R /XYZ 71.731 492.986 null] +>> endobj +5356 0 obj << +/D [5337 0 R /XYZ 139.477 477.21 null] +>> endobj +1213 0 obj << +/D [5337 0 R /XYZ 71.731 470.072 null] +>> endobj +738 0 obj << +/D [5337 0 R /XYZ 154.45 426.975 null] +>> endobj +5357 0 obj << +/D [5337 0 R /XYZ 71.731 406.834 null] +>> endobj +5358 0 obj << +/D [5337 0 R /XYZ 336.486 394.098 null] +>> endobj +5359 0 obj << +/D [5337 0 R /XYZ 71.731 366.412 null] +>> endobj +5360 0 obj << +/D [5337 0 R /XYZ 71.731 351.468 null] +>> endobj +5361 0 obj << +/D [5337 0 R /XYZ 76.712 300.35 null] +>> endobj +5362 0 obj << +/D [5337 0 R /XYZ 71.731 280.424 null] +>> endobj +5363 0 obj << +/D [5337 0 R /XYZ 71.731 265.316 null] +>> endobj +5364 0 obj << +/D [5337 0 R /XYZ 139.477 249.54 null] +>> endobj +5365 0 obj << +/D [5337 0 R /XYZ 71.731 213.575 null] +>> endobj +5366 0 obj << +/D [5337 0 R /XYZ 71.731 200.624 null] +>> endobj +5367 0 obj << +/D [5337 0 R /XYZ 139.477 182.791 null] +>> endobj +5368 0 obj << +/D [5337 0 R /XYZ 266.37 182.791 null] +>> endobj +5369 0 obj << +/D [5337 0 R /XYZ 71.731 170.671 null] +>> endobj +5370 0 obj << +/D [5337 0 R /XYZ 71.731 159.777 null] +>> endobj +5371 0 obj << +/D [5337 0 R /XYZ 139.477 141.944 null] +>> endobj +5372 0 obj << +/D [5337 0 R /XYZ 303.928 141.944 null] +>> endobj +5373 0 obj << +/D [5337 0 R /XYZ 467.353 141.944 null] +>> endobj +5336 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R /F25 852 0 R /F38 956 0 R /F48 1258 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5376 0 obj << +/Length 998 +/Filter /FlateDecode +>> +stream +xÚµ—ËnÛ8†÷y +-% ¢x1uYt‘Aìƃdbd„AmQÐ + +%¢âäíKJ€m9êÀq§+Q¶y.ßùyx +':Ÿ®þH¯‚!N’‡Nºv" ¡ND0ˆ)vÒÌùâ^×5/³üÅó1 +î5èŸwy#ûUµ6ÏZæUÙô/ëJô +¹áý«ªü +!~j +G"×|ܬD^Kï[úç4a©˜ÐQL>J&€$±ãã  0î£òý].7~#™ä~–‹7óǁût2 +©2D%ÛíNmTÝþ~™1ÉÌ*|%+ñÚ¿~ +f|í!貶0YçöÌ(tbj8Ñ¡"ƒ(Ž•ßÎËÍbö9(òe—ÊOQ|/ٖ÷Û"„A +v›ò‡ +å›}L»Œ(úÕÒÄ»¹”Œ4˜+‹»LÁRF"–¯Sԛ>dRô?Ž|°ú +¢–î–•šêýâq:›>ƒ,>!« +ŒÒ{°€0Q— +%Å +ùû`1{ +Ù;°uϲ*ùw˹ ëÆ+uñ^µ²nå˜àã&+tp».ÂWãÿ©NËÊæ=0Ÿq=—<ç+Þ +²]zº­ŽÊýqeò +ûáš* +¡mì¹TÇ¿ +dcîoÕ +ËŒ4WkìŒÏ·úŠ6ÇéøïÇà/Q‚8Iôiƒ†Æ""p°iš^ý³ºg +endstream +endobj +5375 0 obj << +/Type /Page +/Contents 5376 0 R +/Resources 5374 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5333 0 R +>> endobj +5377 0 obj << +/D [5375 0 R /XYZ 71.731 729.265 null] +>> endobj +5378 0 obj << +/D [5375 0 R /XYZ 71.731 718.306 null] +>> endobj +5379 0 obj << +/D [5375 0 R /XYZ 71.731 708.244 null] +>> endobj +5380 0 obj << +/D [5375 0 R /XYZ 139.477 690.411 null] +>> endobj +5381 0 obj << +/D [5375 0 R /XYZ 278.265 690.411 null] +>> endobj +5382 0 obj << +/D [5375 0 R /XYZ 71.731 654.446 null] +>> endobj +5383 0 obj << +/D [5375 0 R /XYZ 139.477 636.613 null] +>> endobj +5384 0 obj << +/D [5375 0 R /XYZ 322.26 636.613 null] +>> endobj +5385 0 obj << +/D [5375 0 R /XYZ 71.731 624.493 null] +>> endobj +5386 0 obj << +/D [5375 0 R /XYZ 71.731 611.542 null] +>> endobj +5387 0 obj << +/D [5375 0 R /XYZ 139.477 595.766 null] +>> endobj +5388 0 obj << +/D [5375 0 R /XYZ 351.609 582.814 null] +>> endobj +5389 0 obj << +/D [5375 0 R /XYZ 71.731 570.695 null] +>> endobj +5390 0 obj << +/D [5375 0 R /XYZ 71.731 557.744 null] +>> endobj +5391 0 obj << +/D [5375 0 R /XYZ 139.477 541.968 null] +>> endobj +5392 0 obj << +/D [5375 0 R /XYZ 332.242 541.968 null] +>> endobj +5393 0 obj << +/D [5375 0 R /XYZ 71.731 529.848 null] +>> endobj +5394 0 obj << +/D [5375 0 R /XYZ 71.731 516.897 null] +>> endobj +5395 0 obj << +/D [5375 0 R /XYZ 139.477 501.121 null] +>> endobj +5396 0 obj << +/D [5375 0 R /XYZ 275.515 501.121 null] +>> endobj +5397 0 obj << +/D [5375 0 R /XYZ 71.731 489.001 null] +>> endobj +5398 0 obj << +/D [5375 0 R /XYZ 71.731 476.05 null] +>> endobj +5399 0 obj << +/D [5375 0 R /XYZ 139.477 460.274 null] +>> endobj +5400 0 obj << +/D [5375 0 R /XYZ 278.833 460.274 null] +>> endobj +5401 0 obj << +/D [5375 0 R /XYZ 71.731 448.155 null] +>> endobj +5402 0 obj << +/D [5375 0 R /XYZ 71.731 437.26 null] +>> endobj +5403 0 obj << +/D [5375 0 R /XYZ 139.477 419.427 null] +>> endobj +5404 0 obj << +/D [5375 0 R /XYZ 222.664 406.476 null] +>> endobj +5405 0 obj << +/D [5375 0 R /XYZ 71.731 394.356 null] +>> endobj +5406 0 obj << +/D [5375 0 R /XYZ 71.731 383.462 null] +>> endobj +5407 0 obj << +/D [5375 0 R /XYZ 139.477 365.629 null] +>> endobj +5408 0 obj << +/D [5375 0 R /XYZ 277.996 365.629 null] +>> endobj +5409 0 obj << +/D [5375 0 R /XYZ 71.731 353.509 null] +>> endobj +5410 0 obj << +/D [5375 0 R /XYZ 71.731 342.615 null] +>> endobj +5411 0 obj << +/D [5375 0 R /XYZ 139.477 324.782 null] +>> endobj +5374 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5415 0 obj << +/Length 1974 +/Filter /FlateDecode +>> +stream +xÚÝZKsÛ6ŸçWèi&„ à£Óf7MêŽ3ñÄn.I°ILøÐðQÛÿŸ + E +Š¥$¶ãœH‘Àbû}»‹¥ÜÉrâN^?qõõøâÉÑ+Â&ÄE> +Ùäb1 0 +<< \ϟ\ēÓëµÈãäzæ œ +#u=MªZÝ +uYÆóXýH“\è×ë:)òjöïÅßíj8@3*Ws'ƒ±Zça-ûµÈEÉS9¥Söèè¡È'ŸœÊ +"§u˜úUŒ)48GfÀəó¢h‘è§Ì3ß[6»‡ÔŒø§’  БH?ŒNÎÔ©¹\€}øÑen‚R¯’Œeë9>ð +«ÇÒ{í袩—E’/Õãy‘çb®8ß hÙî%ì/ u%EJLS¿Ð®ÊšŽNœÁzúŸ¯ ¢Trõ±ã”Žc‡8®¥D®‹²¶ùììí7)Fc®É. +°‡ž‹óè-ž#^'òµ«šÛ +áx¢ÙÚ¯XŒù/ÍÓ,iKwÌÓDäµS%± +€‚tÇ-ã*†˜K‡®2SGR{¯ïé"ÿÙ !¿Çõ­ +á-‰–9ØCԏƎØ)š‹]•€Mž©ÒBât ?uKê‚" +ú²Ûô +÷Ó7Ø7ç¢ÞÂÃFàmÍk`ÿªHã +jŽ4Qqw€/Šò)³j Œm¡3^C|–€«~±l²¬4ün—û¯$Y·§ ž0ñ¶ý–š}°žHEË8p±CpñÆFf + xžŸ–Ž[²÷cýL ûw‡qugæ +ƬMLŽcÖËU +Ë -Uŗ¢êo—µs8¬’5(ê”D +˜’ŒjÜnŒÔSƒ®žŸ5°ù‡€íœ=K†{Àº‘DZóY’UÌ> endobj +5412 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [440.397 179.22 492.203 190.124] +/Subtype /Link +/A << /S /GoTo /D (0:KEYPAD) >> +>> endobj +5416 0 obj << +/D [5414 0 R /XYZ 71.731 729.265 null] +>> endobj +1214 0 obj << +/D [5414 0 R /XYZ 71.731 718.306 null] +>> endobj +742 0 obj << +/D [5414 0 R /XYZ 484.959 703.236 null] +>> endobj +1215 0 obj << +/D [5414 0 R /XYZ 71.731 692.504 null] +>> endobj +746 0 obj << +/D [5414 0 R /XYZ 172.199 651.526 null] +>> endobj +5417 0 obj << +/D [5414 0 R /XYZ 71.731 631.386 null] +>> endobj +5418 0 obj << +/D [5414 0 R /XYZ 71.731 631.386 null] +>> endobj +5419 0 obj << +/D [5414 0 R /XYZ 71.731 627.942 null] +>> endobj +5420 0 obj << +/D [5414 0 R /XYZ 137.484 606.782 null] +>> endobj +5421 0 obj << +/D [5414 0 R /XYZ 137.484 606.782 null] +>> endobj +5422 0 obj << +/D [5414 0 R /XYZ 71.731 605.487 null] +>> endobj +5423 0 obj << +/D [5414 0 R /XYZ 137.484 588.849 null] +>> endobj +5424 0 obj << +/D [5414 0 R /XYZ 137.484 588.849 null] +>> endobj +5425 0 obj << +/D [5414 0 R /XYZ 71.731 586.692 null] +>> endobj +5426 0 obj << +/D [5414 0 R /XYZ 137.484 570.916 null] +>> endobj +5427 0 obj << +/D [5414 0 R /XYZ 137.484 570.916 null] +>> endobj +5428 0 obj << +/D [5414 0 R /XYZ 71.731 568.759 null] +>> endobj +5429 0 obj << +/D [5414 0 R /XYZ 137.484 552.983 null] +>> endobj +5430 0 obj << +/D [5414 0 R /XYZ 137.484 552.983 null] +>> endobj +5431 0 obj << +/D [5414 0 R /XYZ 71.731 538.249 null] +>> endobj +5432 0 obj << +/D [5414 0 R /XYZ 137.484 522.099 null] +>> endobj +5433 0 obj << +/D [5414 0 R /XYZ 137.484 522.099 null] +>> endobj +5434 0 obj << +/D [5414 0 R /XYZ 71.731 507.365 null] +>> endobj +5435 0 obj << +/D [5414 0 R /XYZ 137.484 491.215 null] +>> endobj +5436 0 obj << +/D [5414 0 R /XYZ 137.484 491.215 null] +>> endobj +5437 0 obj << +/D [5414 0 R /XYZ 446.922 491.215 null] +>> endobj +5438 0 obj << +/D [5414 0 R /XYZ 137.484 478.264 null] +>> endobj +5439 0 obj << +/D [5414 0 R /XYZ 71.731 476.241 null] +>> endobj +5440 0 obj << +/D [5414 0 R /XYZ 137.484 460.331 null] +>> endobj +5441 0 obj << +/D [5414 0 R /XYZ 137.484 460.331 null] +>> endobj +5442 0 obj << +/D [5414 0 R /XYZ 433.642 460.331 null] +>> endobj +5443 0 obj << +/D [5414 0 R /XYZ 137.484 447.379 null] +>> endobj +5444 0 obj << +/D [5414 0 R /XYZ 71.731 445.357 null] +>> endobj +5445 0 obj << +/D [5414 0 R /XYZ 137.484 429.447 null] +>> endobj +5446 0 obj << +/D [5414 0 R /XYZ 137.484 429.447 null] +>> endobj +5447 0 obj << +/D [5414 0 R /XYZ 443.136 429.447 null] +>> endobj +5448 0 obj << +/D [5414 0 R /XYZ 137.484 416.495 null] +>> endobj +5449 0 obj << +/D [5414 0 R /XYZ 71.731 414.473 null] +>> endobj +5450 0 obj << +/D [5414 0 R /XYZ 137.484 398.563 null] +>> endobj +5451 0 obj << +/D [5414 0 R /XYZ 137.484 398.563 null] +>> endobj +5452 0 obj << +/D [5414 0 R /XYZ 473.965 398.563 null] +>> endobj +5453 0 obj << +/D [5414 0 R /XYZ 165.151 385.611 null] +>> endobj +5454 0 obj << +/D [5414 0 R /XYZ 71.731 383.589 null] +>> endobj +5455 0 obj << +/D [5414 0 R /XYZ 137.484 367.678 null] +>> endobj +5456 0 obj << +/D [5414 0 R /XYZ 137.484 367.678 null] +>> endobj +5457 0 obj << +/D [5414 0 R /XYZ 137.484 354.727 null] +>> endobj +5458 0 obj << +/D [5414 0 R /XYZ 212.652 354.727 null] +>> endobj +5459 0 obj << +/D [5414 0 R /XYZ 71.731 352.57 null] +>> endobj +5460 0 obj << +/D [5414 0 R /XYZ 137.484 336.794 null] +>> endobj +5461 0 obj << +/D [5414 0 R /XYZ 137.484 336.794 null] +>> endobj +5462 0 obj << +/D [5414 0 R /XYZ 483.544 336.794 null] +>> endobj +5463 0 obj << +/D [5414 0 R /XYZ 177.046 323.843 null] +>> endobj +5464 0 obj << +/D [5414 0 R /XYZ 71.731 321.82 null] +>> endobj +5465 0 obj << +/D [5414 0 R /XYZ 137.484 305.91 null] +>> endobj +5466 0 obj << +/D [5414 0 R /XYZ 137.484 305.91 null] +>> endobj +5467 0 obj << +/D [5414 0 R /XYZ 500.59 305.91 null] +>> endobj +5468 0 obj << +/D [5414 0 R /XYZ 196.692 292.959 null] +>> endobj +5469 0 obj << +/D [5414 0 R /XYZ 71.731 290.802 null] +>> endobj +5470 0 obj << +/D [5414 0 R /XYZ 137.484 275.026 null] +>> endobj +5471 0 obj << +/D [5414 0 R /XYZ 137.484 275.026 null] +>> endobj +5472 0 obj << +/D [5414 0 R /XYZ 484.232 275.026 null] +>> endobj +5473 0 obj << +/D [5414 0 R /XYZ 71.731 259.918 null] +>> endobj +5474 0 obj << +/D [5414 0 R /XYZ 137.484 244.142 null] +>> endobj +5475 0 obj << +/D [5414 0 R /XYZ 137.484 244.142 null] +>> endobj +5476 0 obj << +/D [5414 0 R /XYZ 288.487 231.19 null] +>> endobj +5477 0 obj << +/D [5414 0 R /XYZ 71.731 229.033 null] +>> endobj +5478 0 obj << +/D [5414 0 R /XYZ 137.484 213.257 null] +>> endobj +5479 0 obj << +/D [5414 0 R /XYZ 137.484 213.257 null] +>> endobj +5480 0 obj << +/D [5414 0 R /XYZ 443.804 213.257 null] +>> endobj +5481 0 obj << +/D [5414 0 R /XYZ 71.731 198.523 null] +>> endobj +5482 0 obj << +/D [5414 0 R /XYZ 137.484 182.373 null] +>> endobj +5483 0 obj << +/D [5414 0 R /XYZ 137.484 182.373 null] +>> endobj +5484 0 obj << +/D [5414 0 R /XYZ 505.124 182.373 null] +>> endobj +5485 0 obj << +/D [5414 0 R /XYZ 218.56 169.422 null] +>> endobj +5486 0 obj << +/D [5414 0 R /XYZ 137.484 156.47 null] +>> endobj +5487 0 obj << +/D [5414 0 R /XYZ 71.731 155.09 null] +>> endobj +5488 0 obj << +/D [5414 0 R /XYZ 137.484 138.538 null] +>> endobj +5489 0 obj << +/D [5414 0 R /XYZ 137.484 138.538 null] +>> endobj +5490 0 obj << +/D [5414 0 R /XYZ 137.484 125.586 null] +>> endobj +5491 0 obj << +/D [5414 0 R /XYZ 71.731 110.478 null] +>> endobj +5413 0 obj << +/Font << /F25 852 0 R /F31 858 0 R /F33 859 0 R /F11 2489 0 R /F38 956 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5494 0 obj << +/Length 2126 +/Filter /FlateDecode +>> +stream +xÚÍZ]äŽ}ß_яÓbÚØNì$Xݝ+„à>d:žnkÓIoâÌîðë)Ç_IÚ3=.Ì>%éq\U®SU§*ƒW»^}÷êõÍ«O¿M’U +Nùêæn•°¥i¶ÊŠrFW7Õê÷«¯ŽGÑTòÃzCŸzÌõGÙ+s×ޙë¶= +ÊŠ2µl„ýóQɶé×ÿ»ùᶒÝē‰ø +M*p7)b87òIŽf//t&)*Òþ2.Þü©×~ú-™î[ žûŸ›³=2”¥ +[Pvë$»ÚEö! J¹_÷幍®Íl6ª[vUnE-ôÍœš¿ˆìÎ2”ÐNÍÙ +Œ‚€ïƒÿŽ²ցï¥Ú;ýESÞÖbS‰Û5ÅWÃî3óЀäq +ÒÑ⬠+‰_ÍŽª5× +€o­ø¶1W/]oÉ9*2²ÚŠ +ÕvPÇAY„>Û.ՁkÎ۔ÐXr±M‡òƒUŒOÁû¢6?ݵU²¬íOZÙìæ˜{1F$a`o†ŠÄÚKŠó¡á5ÞȈU9bYþ‚¡qÏôªmD4"8b4ûˆ#bŠœñÞzµkÖùÎŒ9º +ØG$Êàjd»ð²Àòlƒ/¬6äúD@Ó@6Oü$F +ŗ€Ö*v²eÅ +⧆2Ž©JUޖ}CŒ@9y + +úšöÖ)NMóôÆ2©>yŠ8$¶˜Bsq +nݲ?0ÃߚҀwk@jé"Ýx +Ä7²±y5%ˆsGbv?–jȳ0E.Á”q 9‹˜û@œðg»O+ÍÝ(#€îŸÚJÞ=XŒUóÚTŸ:¶–JteíNŽQ¢Yp£rês +^y綑œ¹Û—öæV[õ yt¢B»)Ï +Žæç'•èŒ“46Aæn<” +Õ°è?‹œAy( *šuœÅ€á4, wBK\0ŒØôX”>Àæ¡JYGTæ +›_æ6œ££zÛÞù†áf8ˆNn­Ùmå\ÕêÂýŸ³K±Ë=»® +Ž×>Ý:_vžŠ’Hýåá؏XUgÑ2·z¡Ýç0¹/õœ:÷ìšuˆÝœØŸí‡C + +ÐÁóSpXJò$8E˜ÿ_p@ +3ç@HžB†R 9>?T¢–ˆ¯*¢hÊQšùµoJ§” +£zì1©&%=rxÃX zccó€"Ž-Ž¹SQWýÉih†_ÐÅq€—ÄÅÖÇŶ=>tr·W1B2#þ¥_:Ùx¿ +µ×í‹& +5à@„t<ÛãlìU>Hµ4#cˆ°|a»ÄŠûu–†~o¡š58µRI’újøfoBÑŒkšt×{Ý7fZçŠméÒ8ÎÍ,›òKŒÛ{Ãö¢>ÆÒl§ïØ"ÑïÛÎþ2î0ë‚Î4ÙÏó ÓÝ5_x0»šlû–ÖRá˜ç +š@ÙãvNèj{·HmFóÑœÛ!ž"+±àìê˜)¢cG85+ÿ›fÕ­åîqfù<Çù¿F,9ùïY™$ˆb~!ƒô +²Ý-œ1:ÊÊt†ŠÊû8°Á9"@B6< +Žmãå5¢ºmÉò«Ÿ<ìKÃ,›ù0 +'>9)l[û€ÏÆ;ï2õ6µœP›­h]nt‘Þ(`1 +å9¢ì%pôFšŽ§Í¬E]ªS Š +²‘±4Wæ:² +D^îóúp„æ(–D -‘@ð + +ëbE€ÚŠÙñÇö¥( +Ø·]¶Ž¬ÑÂÆÏÚ»%CÂ!Ÿ˜Qm;¡M·†±ƒÊu5/ΟTxÈG.šírS +ՄJžÊá +=?ퟓÜ1¢g +*W‘vkȪ²yŽ%Ù%Ü$’ +Ëô443‚näÑ2Ö4Ÿ,%pJÍok4 +dƒ ×&Ie¯œ¹6Š&\›ÔŸŽneS +r:%‚Ó³ŸÉO0"ؗUŸÕÇ&¬¬ƒ.$Ã8ÎÔO†.k‘ò Œð&"œ@Œ&ŒŸ"on;E”OüD®ÝÐ> endobj +5495 0 obj << +/D [5493 0 R /XYZ 71.731 729.265 null] +>> endobj +5496 0 obj << +/D [5493 0 R /XYZ 137.484 708.344 null] +>> endobj +5497 0 obj << +/D [5493 0 R /XYZ 137.484 708.344 null] +>> endobj +5498 0 obj << +/D [5493 0 R /XYZ 71.731 693.235 null] +>> endobj +5499 0 obj << +/D [5493 0 R /XYZ 137.484 677.46 null] +>> endobj +5500 0 obj << +/D [5493 0 R /XYZ 137.484 677.46 null] +>> endobj +5501 0 obj << +/D [5493 0 R /XYZ 71.731 662.351 null] +>> endobj +5502 0 obj << +/D [5493 0 R /XYZ 137.484 646.575 null] +>> endobj +5503 0 obj << +/D [5493 0 R /XYZ 137.484 646.575 null] +>> endobj +5504 0 obj << +/D [5493 0 R /XYZ 363.187 646.575 null] +>> endobj +5505 0 obj << +/D [5493 0 R /XYZ 71.731 631.467 null] +>> endobj +5506 0 obj << +/D [5493 0 R /XYZ 137.484 615.691 null] +>> endobj +5507 0 obj << +/D [5493 0 R /XYZ 137.484 615.691 null] +>> endobj +5508 0 obj << +/D [5493 0 R /XYZ 481.805 615.691 null] +>> endobj +5509 0 obj << +/D [5493 0 R /XYZ 71.731 602.62 null] +>> endobj +5510 0 obj << +/D [5493 0 R /XYZ 137.484 584.807 null] +>> endobj +5511 0 obj << +/D [5493 0 R /XYZ 137.484 584.807 null] +>> endobj +5512 0 obj << +/D [5493 0 R /XYZ 305.164 571.856 null] +>> endobj +5513 0 obj << +/D [5493 0 R /XYZ 71.731 570.072 null] +>> endobj +5514 0 obj << +/D [5493 0 R /XYZ 137.484 553.923 null] +>> endobj +5515 0 obj << +/D [5493 0 R /XYZ 137.484 553.923 null] +>> endobj +5516 0 obj << +/D [5493 0 R /XYZ 308.003 553.923 null] +>> endobj +5517 0 obj << +/D [5493 0 R /XYZ 71.731 552.483 null] +>> endobj +5518 0 obj << +/D [5493 0 R /XYZ 137.484 535.99 null] +>> endobj +5519 0 obj << +/D [5493 0 R /XYZ 137.484 535.99 null] +>> endobj +5520 0 obj << +/D [5493 0 R /XYZ 71.731 533.833 null] +>> endobj +5521 0 obj << +/D [5493 0 R /XYZ 137.484 518.057 null] +>> endobj +5522 0 obj << +/D [5493 0 R /XYZ 137.484 518.057 null] +>> endobj +5523 0 obj << +/D [5493 0 R /XYZ 71.731 515.9 null] +>> endobj +5524 0 obj << +/D [5493 0 R /XYZ 137.484 500.125 null] +>> endobj +5525 0 obj << +/D [5493 0 R /XYZ 137.484 500.125 null] +>> endobj +5526 0 obj << +/D [5493 0 R /XYZ 71.731 497.968 null] +>> endobj +5527 0 obj << +/D [5493 0 R /XYZ 137.484 482.192 null] +>> endobj +5528 0 obj << +/D [5493 0 R /XYZ 137.484 482.192 null] +>> endobj +5529 0 obj << +/D [5493 0 R /XYZ 71.731 482.072 null] +>> endobj +5530 0 obj << +/D [5493 0 R /XYZ 137.484 464.259 null] +>> endobj +5531 0 obj << +/D [5493 0 R /XYZ 137.484 464.259 null] +>> endobj +5532 0 obj << +/D [5493 0 R /XYZ 263.955 464.259 null] +>> endobj +1216 0 obj << +/D [5493 0 R /XYZ 71.731 445.081 null] +>> endobj +750 0 obj << +/D [5493 0 R /XYZ 177.932 399.827 null] +>> endobj +5533 0 obj << +/D [5493 0 R /XYZ 71.731 399.612 null] +>> endobj +5534 0 obj << +/D [5493 0 R /XYZ 71.731 396.168 null] +>> endobj +5535 0 obj << +/D [5493 0 R /XYZ 137.484 375.008 null] +>> endobj +5536 0 obj << +/D [5493 0 R /XYZ 137.484 375.008 null] +>> endobj +5537 0 obj << +/D [5493 0 R /XYZ 373.887 375.008 null] +>> endobj +5538 0 obj << +/D [5493 0 R /XYZ 392.337 375.008 null] +>> endobj +5539 0 obj << +/D [5493 0 R /XYZ 435.226 375.008 null] +>> endobj +5540 0 obj << +/D [5493 0 R /XYZ 480.685 375.008 null] +>> endobj +5541 0 obj << +/D [5493 0 R /XYZ 217.703 362.056 null] +>> endobj +5542 0 obj << +/D [5493 0 R /XYZ 314.001 362.056 null] +>> endobj +5543 0 obj << +/D [5493 0 R /XYZ 71.731 359.899 null] +>> endobj +5544 0 obj << +/D [5493 0 R /XYZ 71.731 344.956 null] +>> endobj +5545 0 obj << +/D [5493 0 R /XYZ 258.89 335.456 null] +>> endobj +5546 0 obj << +/D [5493 0 R /XYZ 399.35 335.456 null] +>> endobj +5547 0 obj << +/D [5493 0 R /XYZ 76.712 294.609 null] +>> endobj +5548 0 obj << +/D [5493 0 R /XYZ 137.484 276.676 null] +>> endobj +5549 0 obj << +/D [5493 0 R /XYZ 137.484 276.676 null] +>> endobj +5550 0 obj << +/D [5493 0 R /XYZ 300.999 276.676 null] +>> endobj +5551 0 obj << +/D [5493 0 R /XYZ 71.731 274.52 null] +>> endobj +5552 0 obj << +/D [5493 0 R /XYZ 137.484 258.744 null] +>> endobj +5553 0 obj << +/D [5493 0 R /XYZ 137.484 258.744 null] +>> endobj +5554 0 obj << +/D [5493 0 R /XYZ 195.995 245.792 null] +>> endobj +5555 0 obj << +/D [5493 0 R /XYZ 271.162 245.792 null] +>> endobj +5556 0 obj << +/D [5493 0 R /XYZ 71.731 243.635 null] +>> endobj +5557 0 obj << +/D [5493 0 R /XYZ 137.484 227.86 null] +>> endobj +5558 0 obj << +/D [5493 0 R /XYZ 137.484 227.86 null] +>> endobj +5559 0 obj << +/D [5493 0 R /XYZ 71.731 225.822 null] +>> endobj +5560 0 obj << +/D [5493 0 R /XYZ 137.484 209.927 null] +>> endobj +5561 0 obj << +/D [5493 0 R /XYZ 137.484 209.927 null] +>> endobj +1217 0 obj << +/D [5493 0 R /XYZ 71.731 202.789 null] +>> endobj +754 0 obj << +/D [5493 0 R /XYZ 142.537 159.691 null] +>> endobj +5562 0 obj << +/D [5493 0 R /XYZ 71.731 156.128 null] +>> endobj +5563 0 obj << +/D [5493 0 R /XYZ 71.731 152.685 null] +>> endobj +5564 0 obj << +/D [5493 0 R /XYZ 137.484 134.872 null] +>> endobj +5565 0 obj << +/D [5493 0 R /XYZ 137.484 134.872 null] +>> endobj +5566 0 obj << +/D [5493 0 R /XYZ 71.731 132.715 null] +>> endobj +5567 0 obj << +/D [5493 0 R /XYZ 137.484 116.939 null] +>> endobj +5568 0 obj << +/D [5493 0 R /XYZ 137.484 116.939 null] +>> endobj +5569 0 obj << +/D [5493 0 R /XYZ 71.731 114.783 null] +>> endobj +5570 0 obj << +/D [5493 0 R /XYZ 137.484 99.007 null] +>> endobj +5571 0 obj << +/D [5493 0 R /XYZ 137.484 99.007 null] +>> endobj +5572 0 obj << +/D [5493 0 R /XYZ 313.977 99.007 null] +>> endobj +5573 0 obj << +/D [5493 0 R /XYZ 71.731 96.85 null] +>> endobj +5492 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F11 2489 0 R /F25 852 0 R /F48 1258 0 R /F55 1386 0 R /F38 956 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5576 0 obj << +/Length 440 +/Filter /FlateDecode +>> +stream +xÚ¥TM›0œçWøR=õ¶±Ô]©»ÚFªzè[Û +„µÑnÿ} +l²€µUO3Ø3ï=Þ +T!‚ö»‡l÷þçHƒ–L¢ìˆžH IRœA*Ê +ô-úØu¥-ÌkŒ™ ÑøøÅ +£ÏÚ£‡¶ir[ø‡ÚØ2\w£iíÿÈ>ïH`ž££§ +z̘̈́K$õü ¬z7’§Ì]L¥xÿΓb\ŔD¥Å]> +/msgœ +eJ€Ótîߗ¶ìó1(Ï}èÝKµÏ'Ž3rۇ +NfÌÖ¡å蘊ä4„c} +Ÿ/%uÝÆLD/ÆVK‹|þBåY)ÂA +Š +ô< +CEôšåÁ4yí› +S™qp­tíÂÞ +Lh +Ä?øùÕ[F—–Q +©–sɇ`êCJô\OÞW׀8$òRwÿ' Ëh—#œ»‚+$Ð7Ü[Ó¿š¶úV¿0=¶MwÚ,Ï¡6¥ +J?®rNÿ˟ž+—JÁ‘”¥@oÈ\«ð63löíðÜ¥œµŸËucŠÐê?ömû;‘©[·~ÒI”šzDÊùªé)ÛýEo +r +endstream +endobj +5575 0 obj << +/Type /Page +/Contents 5576 0 R +/Resources 5574 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5333 0 R +>> endobj +5577 0 obj << +/D [5575 0 R /XYZ 71.731 729.265 null] +>> endobj +5578 0 obj << +/D [5575 0 R /XYZ 137.484 708.344 null] +>> endobj +5579 0 obj << +/D [5575 0 R /XYZ 137.484 708.344 null] +>> endobj +5580 0 obj << +/D [5575 0 R /XYZ 71.731 693.235 null] +>> endobj +5581 0 obj << +/D [5575 0 R /XYZ 137.484 677.46 null] +>> endobj +5582 0 obj << +/D [5575 0 R /XYZ 137.484 677.46 null] +>> endobj +5583 0 obj << +/D [5575 0 R /XYZ 394.121 677.46 null] +>> endobj +5574 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F11 2489 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5589 0 obj << +/Length 1573 +/Filter /FlateDecode +>> +stream +xÚµXMÛ6œçWÈam`Í苒 +` +lÒMÐ6Ht/Å6Z¢mveI!©$î¯ïP +RU6¹ô°+™&9o†oÞ + +Ç +Þ> +ñùêþً71 +âdtKƒûCG$O¢ 'Yp_«Û¶åu)Ÿ®7qŸ]œ&öùN(mߚƒ}MýWÆÇN2-šÚš‘ŠãÄ֌«õÇû_{»QN∊Ænl(˜Ž¬Å×$B+oyÍ%«ì¶#»,Î̊4'Û8 +6IL¶yn×ݟŒ%.@AލŽ/ŠOLà +¡ì³fg^Z›4 +¶`3ëQFyF¶Žœ9\+‹x4$»pçfî/vã’ÖQžb]¥‰ +¹­Tcßæ\#,= +×V¬|v¬^À¹‰ãœäql¢˜ì(Fõ×KHãˆÐÈ#%.V4|Q°ŸXÖªŠÔáE{ïÌŽûîÜ +7šÅ™ÃÎñÇU—€Ø¯ãpÕ +Û·¬xdG¢gŽæŸ}B#Æ +ðÖz`­0ÿÌkíÂGÕVß'é7 +‘U™c•sTñbä}­eSv +ƒ¥7Gä¬]¢eWèNâw}®Œ'? Šÿð3×LThd0^ŠuLWŸEÙ9S஍å +qe +•1‹09 +NÑ)5%œ×à¡ýc +JÒٜÕO­ŸœDqZ0š1ÎM-t# +O®¿k*%ѓŠ€†ã0`&šSÓUèϞ;jŒÄŒa4ã¢>¢lô™YˆJhé¥Í:å·ò¹sj́}ñç¯ø·÷ôÁoeÓrY]–s8C^Úhyƒß?¡è©žáx·!¢~ÿ›Ӛ÷ä[GÔ°Nٜ^Ld˜4¯}¢ +ûòŸŒT +êèÿÖK±õN-èà w^ß®‡ü)s€Þ_LЌ€©·p⬄€,Zؒ4óUÁ)ònHâ4òh?uL®“| +Îï¥ñ”F + +ž^²“Å„ŠtŠÔw +˜ÚË`!13'$™H֙] + +cÿáóÎUÄsä³Æ·câvMu +órcgfãêí7ñ3«:ŸTvv$œ3-R¡G¿™³ç&"—y:ԍ++Ì¥âµ‚Ìø2Ï;uÄ%ÙtnØHa¶(ÇÂxªW7WÓǪÊæ//櫊Տ˜¢ö™ëKå0Š4“Ú'ÓPŸ®ž_Íüêå"q‡pÑ'¿|ύ›îåÜd’TzI%&ðèØAséÆN{ +| +²ëáî÷7—Ï0š +*q¬a9*òÿÝßP9¡?Ž¿GMèŠ9lƪqfÒQNOËvš¬š7ãµúÔ)'oÍ£ÂV"ŒÈn;åB%¬—K +aHrºë[ +Z~þóõ& +ÍþysOfxÈþ°`)Eœ|ð*m&¢ä|œÌÄV÷‘_¢Ÿ[ó}àÛxú-do!% +n!N&fÆ +ä[V’'­€7ßÊï +ÍžAcøì„fß4gÈÌÏ&¹ÌVónêОÌó)àÓ +ê0ñûÅ&šŸ† +Ø@A™Ëƒ©U/‘넮dçãO8eØS]OõÐu«ï‹r«œŽÌZŒÿvDVyï›âpZ‹1ö¿ÔN˜”v>Σ^žãØ{um™œÔÉAS]Ø~ +2ÃpŠˆ¿èò›8#®E-&ÔÚÑDx +š/rý +p3øpfë$\]ðvYÄqsPp­»zš›‡2q[µAc›t +RÌâ÷æKÀbènC_Ɂ3)øÝá +˜!0np}m+QÍ+È{ñ5`N|~cî{Àå[3Ö +xsJ=‡¿)Â†›ëЊ9[ÌNÚÂ@ʂ¹Ÿ>âõ̹ÐK-Œ §œtKh˜MõÃÖk˜% +ç¥mŠácWCÛ¯|4$÷{Y,ÍGþîúkÌscÿbþ5C ™^`„õÐ)> +6ž§@ó€žøÛ­}|x»ŽVÐ0Ô.ÖßÖä®l8vetrP1Oãñ›)É3ßA÷W‰‚eèó•qõ +〿š +?NŒ‚ƒ7j‚Æ>ûL6’ +÷{{ß¿\ +øÎÖš&PsãùΡ«E×£dz£»»ö/ÅÛ +endstream +endobj +5588 0 obj << +/Type /Page +/Contents 5589 0 R +/Resources 5587 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5615 0 R +/Annots [ 5584 0 R 5585 0 R 5586 0 R ] +>> endobj +5584 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [273.513 543.765 320.337 554.669] +/Subtype /Link +/A << /S /GoTo /D (0:FILEDEF) >> +>> endobj +5585 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [425.8 543.765 472.624 554.669] +/Subtype /Link +/A << /S /GoTo /D (0:LOGDEF) >> +>> endobj +5586 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [186.341 517.862 238.146 528.766] +/Subtype /Link +/A << /S /GoTo /D (0:MONDEF) >> +>> endobj +5590 0 obj << +/D [5588 0 R /XYZ 71.731 729.265 null] +>> endobj +1218 0 obj << +/D [5588 0 R /XYZ 71.731 718.306 null] +>> endobj +758 0 obj << +/D [5588 0 R /XYZ 513.633 703.236 null] +>> endobj +1219 0 obj << +/D [5588 0 R /XYZ 71.731 692.184 null] +>> endobj +762 0 obj << +/D [5588 0 R /XYZ 172.199 651.526 null] +>> endobj +5591 0 obj << +/D [5588 0 R /XYZ 71.731 631.386 null] +>> endobj +5592 0 obj << +/D [5588 0 R /XYZ 222.485 618.649 null] +>> endobj +5593 0 obj << +/D [5588 0 R /XYZ 296.367 618.649 null] +>> endobj +5594 0 obj << +/D [5588 0 R /XYZ 119.552 605.698 null] +>> endobj +5595 0 obj << +/D [5588 0 R /XYZ 71.731 570.664 null] +>> endobj +5596 0 obj << +/D [5588 0 R /XYZ 71.731 498.933 null] +>> endobj +5597 0 obj << +/D [5588 0 R /XYZ 274.38 488.139 null] +>> endobj +5598 0 obj << +/D [5588 0 R /XYZ 362.926 488.139 null] +>> endobj +5599 0 obj << +/D [5588 0 R /XYZ 411.633 488.139 null] +>> endobj +5600 0 obj << +/D [5588 0 R /XYZ 243.506 475.187 null] +>> endobj +5601 0 obj << +/D [5588 0 R /XYZ 264.029 475.187 null] +>> endobj +5602 0 obj << +/D [5588 0 R /XYZ 199.78 449.284 null] +>> endobj +5603 0 obj << +/D [5588 0 R /XYZ 291.924 449.284 null] +>> endobj +5604 0 obj << +/D [5588 0 R /XYZ 71.731 426.271 null] +>> endobj +5605 0 obj << +/D [5588 0 R /XYZ 71.731 311.814 null] +>> endobj +5606 0 obj << +/D [5588 0 R /XYZ 71.731 265.21 null] +>> endobj +5607 0 obj << +/D [5588 0 R /XYZ 71.731 252.258 null] +>> endobj +5608 0 obj << +/D [5588 0 R /XYZ 71.731 237.314 null] +>> endobj +5609 0 obj << +/D [5588 0 R /XYZ 76.712 211.177 null] +>> endobj +5610 0 obj << +/D [5588 0 R /XYZ 71.731 191.252 null] +>> endobj +5611 0 obj << +/D [5588 0 R /XYZ 371.084 179.596 null] +>> endobj +5612 0 obj << +/D [5588 0 R /XYZ 161.408 156.283 null] +>> endobj +5613 0 obj << +/D [5588 0 R /XYZ 247.43 156.283 null] +>> endobj +5614 0 obj << +/D [5588 0 R /XYZ 76.712 138.35 null] +>> endobj +5587 0 obj << +/Font << /F25 852 0 R /F31 858 0 R /F50 1263 0 R /F33 859 0 R /F38 956 0 R /F60 1440 0 R /F48 1258 0 R /F55 1386 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5621 0 obj << +/Length 1270 +/Filter /FlateDecode +>> +stream +xÚ­XÙnã6}ÏWhб1CR¢–-’“ÁA;hÓ§$ŽÌØBŽAËxò÷œK²œñ€A€ˆ’©Ãsž{)ì¬ +ì|>ùýîäüÆuE>õ»'Çõ +s—•:w+ç~vU–"_%ßç +Êðì©ëmR7jT<©k\äÓu[Í ›ñ&)rõƒ|š +=¹”ÏëùãÝ'Xó8¿¡Ì! +r=ŸJ +J)r± +†0!ŠÆ5"ð(A8».€âifžØYH‚@¿¹›­H$yœ¶µåg +yS%¢V7OE¥u‘in +0Ã5ü#IϮ۲,ªF¬Ôí·„«Ï¥/^ÔMÞfKQ +׌” 9ÏÄù%8YÚ"ÙŠ"Ší^%•ˆ›dNÙì›5œj–Ò‹w@Ý(kMŒ7jŽ4ÐÆ×¢äoôÓ4É-þ­ +‡™—›­úf›€©ÁJ_†è•àCct.%O:\ý¬ +ƒPa5õV#?ÍD‰í&1ve|D&Òië6åÚóÝý÷²µÌ€](3ÞÄcp³1)b“5’êŒZx¢°MT–ùŠÏmò<' +µMjñÑOŸ%¯M*Ù8œÔÈ4»—Rüÿü›Ï)¬"Q‰T‡‹ +òÒàüÔæÔT: +"¡gbeaçn0ÛAË÷%üD¬ öPúÀîÆCÑÎæ6QU h! +Œ6”hD•Á²Ú"FŸ +¡ÇE–qµXØ'Fº‘!Öî6ࢮ² K˜ÛÏZ»Kߘ¯:IH#ÁPç®&èFÈ]³øه³)WSäy6Tf«?UE>xéýX€Û-qyv~ö@\ïtj)—!æÙ îõ°Î§J¯š4:·3ÁsˆV¥ôO{dËÔÜ +u%L§ØepjR˜aТÈ÷œ® +Éô|ð1%È'‘â|ÙקnûÀLKÀ/ó + +ÊQ'ƒÝ„¯»î4[ÞY͑7:£Í¬Á:ƒÑ[øÃ1Žò¢ygVþVYwbò!‰y£?¡œÉœ§‡ÜûÒ¯xû8΄ +ç}CZuQ¢„©üePWCgá3PbÓBQÝ@Ý$iWk`Øí +žÆ²zmD<§xöN`z( +í„ûÛbݹu +ËsñÃã±>C +Î +’-žð5è#FƒAS +ýe +º€è=NÚ#ä-€¹˜ô€Bâoýߐ8ÁŠŸd–{<Ö¿µšð +Ô¥¯-Ü0‚sˆ?ì‘:Dr±ç8ۖïCSyÎ +$éûCºÇØýsÞû²üªŽ +ÏSÀPz]è.F}ÎהǶe3 +ŸìŸuÐæ+Ûææb¯‡©Å”<횑d9nF +!Ž_å°ïUÏË"Mâ^ÝkTy³ÇlRGçœ#ÄPŠn‡>õ +=Ã-qŸ,$œ>çWDzwb\î;ÎZ˜œ&°=¶þªfùý®Š„ .6üêk€©pp>Ub + +œ3ÚJ +”äíJ”Íæ±äÍfj«*܁īÏ?$a{Ÿ#†ßD|9Ûs]ª+)qÙàOw'ÿÓ!}ö +endstream +endobj +5620 0 obj << +/Type /Page +/Contents 5621 0 R +/Resources 5619 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5615 0 R +/Annots [ 5616 0 R 5617 0 R ] +>> endobj +5616 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [242.26 294.701 296.556 305.605] +/Subtype /Link +/A << /S /GoTo /D (0:POLICY) >> +>> endobj +5617 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [118.555 203.045 172.851 213.949] +/Subtype /Link +/A << /S /GoTo /D (0:POLICY) >> +>> endobj +5622 0 obj << +/D [5620 0 R /XYZ 71.731 729.265 null] +>> endobj +5623 0 obj << +/D [5620 0 R /XYZ 71.731 741.22 null] +>> endobj +766 0 obj << +/D [5620 0 R /XYZ 248.694 707.841 null] +>> endobj +5624 0 obj << +/D [5620 0 R /XYZ 71.731 687.736 null] +>> endobj +5625 0 obj << +/D [5620 0 R /XYZ 128.129 649.061 null] +>> endobj +5626 0 obj << +/D [5620 0 R /XYZ 71.731 626.979 null] +>> endobj +5627 0 obj << +/D [5620 0 R /XYZ 293.736 603.233 null] +>> endobj +5628 0 obj << +/D [5620 0 R /XYZ 247.391 590.282 null] +>> endobj +5629 0 obj << +/D [5620 0 R /XYZ 71.731 568.2 null] +>> endobj +5630 0 obj << +/D [5620 0 R /XYZ 129.235 557.405 null] +>> endobj +5631 0 obj << +/D [5620 0 R /XYZ 199.232 557.405 null] +>> endobj +5632 0 obj << +/D [5620 0 R /XYZ 71.731 545.285 null] +>> endobj +1220 0 obj << +/D [5620 0 R /XYZ 71.731 374.806 null] +>> endobj +770 0 obj << +/D [5620 0 R /XYZ 221.434 330.731 null] +>> endobj +5633 0 obj << +/D [5620 0 R /XYZ 71.731 310.591 null] +>> endobj +5634 0 obj << +/D [5620 0 R /XYZ 71.731 275.772 null] +>> endobj +5635 0 obj << +/D [5620 0 R /XYZ 71.731 275.772 null] +>> endobj +5636 0 obj << +/D [5620 0 R /XYZ 174.684 264.978 null] +>> endobj +5637 0 obj << +/D [5620 0 R /XYZ 222.833 264.978 null] +>> endobj +5638 0 obj << +/D [5620 0 R /XYZ 308.342 264.978 null] +>> endobj +5639 0 obj << +/D [5620 0 R /XYZ 360.735 264.978 null] +>> endobj +5640 0 obj << +/D [5620 0 R /XYZ 422.532 264.978 null] +>> endobj +5641 0 obj << +/D [5620 0 R /XYZ 477.326 264.978 null] +>> endobj +5642 0 obj << +/D [5620 0 R /XYZ 119.552 252.026 null] +>> endobj +5643 0 obj << +/D [5620 0 R /XYZ 172.941 252.026 null] +>> endobj +5644 0 obj << +/D [5620 0 R /XYZ 226.33 252.026 null] +>> endobj +5645 0 obj << +/D [5620 0 R /XYZ 279.72 252.026 null] +>> endobj +5646 0 obj << +/D [5620 0 R /XYZ 333.109 252.026 null] +>> endobj +5647 0 obj << +/D [5620 0 R /XYZ 71.731 230.616 null] +>> endobj +5648 0 obj << +/D [5620 0 R /XYZ 71.731 184.116 null] +>> endobj +5649 0 obj << +/D [5620 0 R /XYZ 71.731 184.116 null] +>> endobj +5650 0 obj << +/D [5620 0 R /XYZ 137.962 173.321 null] +>> endobj +5651 0 obj << +/D [5620 0 R /XYZ 71.731 152.181 null] +>> endobj +5652 0 obj << +/D [5620 0 R /XYZ 71.731 152.181 null] +>> endobj +5653 0 obj << +/D [5620 0 R /XYZ 137.962 140.445 null] +>> endobj +1221 0 obj << +/D [5620 0 R /XYZ 71.731 137.984 null] +>> endobj +5619 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F38 956 0 R /F50 1263 0 R /F60 1440 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5656 0 obj << +/Length 532 +/Filter /FlateDecode +>> +stream +xÚœ–OoÛ Æïù +íC( +&•6)ë’jSÕMkzÊzÈ⡹8²ÝnýöCÕ8£ˆÃÖž—ßûð@à|òa59YR +fpÆ « + †‚1PRbZV[°ÎæûœÔ[õ'Ÿ†²3èÚ +Õõ®×ì\{Ûèï‘êŸÍ1Ë6œjŽ›°£µô✠+ïò›Õç òyœ, ž„³Âf1%%‚˜¶1*\gZt)²+i²Uý£R0­ŸÐý0æð¹¢„‚`0µÞÊÒ-z%o_òü)7[¥«ç€ê€ +% +ÖÃÔ(š€â#UöÞÍíšÖuîšÖûßÊ~£ê܎O}Žâ G4NoœxÈ1ʌ!ïyø²ŸoŸƒ¹ +^èŸU²KÀ +/þÍlÄ]?Ÿs¡ +aBùP +AaÁ¹Yaˆì€/Ãߌ©WFIMµTµìB€’õJ ye”tnN¥9(öû·)²¡31M‚zåhˏ¡Ÿ*Ý +\yÙhä!X”IžAµøB›×u°v"Βjç”QÜŒ7çëGNPv߇+hN€@,ñ¬Xet3¯;Ù¢†3ˆEÆ+£¶,¿ +†Œ +†þCL€6ÅÿwóÕ +ïZé_ÁÃŽ«É £šW¯%ŽÌCE“ +9etã>ª6Ha²€msš•ËÍÝ+VfæW +‚ +<Íãÿæ•fg‹Å\ +Š|²XMžk<#â +endstream +endobj +5655 0 obj << +/Type /Page +/Contents 5656 0 R +/Resources 5654 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5615 0 R +/Annots [ 5618 0 R ] +>> endobj +5618 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [203.496 669.718 257.792 680.622] +/Subtype /Link +/A << /S /GoTo /D (0:SEVERITYDEF) >> +>> endobj +5657 0 obj << +/D [5655 0 R /XYZ 71.731 729.265 null] +>> endobj +1222 0 obj << +/D [5655 0 R /XYZ 71.731 741.22 null] +>> endobj +774 0 obj << +/D [5655 0 R /XYZ 254.918 705.748 null] +>> endobj +5658 0 obj << +/D [5655 0 R /XYZ 71.731 682.259 null] +>> endobj +5659 0 obj << +/D [5655 0 R /XYZ 71.731 618.047 null] +>> endobj +5660 0 obj << +/D [5655 0 R /XYZ 71.731 587.093 null] +>> endobj +5661 0 obj << +/D [5655 0 R /XYZ 71.731 587.093 null] +>> endobj +5662 0 obj << +/D [5655 0 R /XYZ 203.018 574.241 null] +>> endobj +5663 0 obj << +/D [5655 0 R /XYZ 71.731 552.293 null] +>> endobj +5664 0 obj << +/D [5655 0 R /XYZ 71.731 552.293 null] +>> endobj +5665 0 obj << +/D [5655 0 R /XYZ 196.373 541.364 null] +>> endobj +5666 0 obj << +/D [5655 0 R /XYZ 71.731 519.416 null] +>> endobj +5667 0 obj << +/D [5655 0 R /XYZ 71.731 519.416 null] +>> endobj +5668 0 obj << +/D [5655 0 R /XYZ 217.683 508.487 null] +>> endobj +5669 0 obj << +/D [5655 0 R /XYZ 71.731 486.54 null] +>> endobj +5670 0 obj << +/D [5655 0 R /XYZ 71.731 486.54 null] +>> endobj +5671 0 obj << +/D [5655 0 R /XYZ 210.022 475.611 null] +>> endobj +5672 0 obj << +/D [5655 0 R /XYZ 71.731 453.663 null] +>> endobj +5673 0 obj << +/D [5655 0 R /XYZ 71.731 453.663 null] +>> endobj +5674 0 obj << +/D [5655 0 R /XYZ 200.617 442.734 null] +>> endobj +5675 0 obj << +/D [5655 0 R /XYZ 71.731 420.786 null] +>> endobj +5676 0 obj << +/D [5655 0 R /XYZ 71.731 420.786 null] +>> endobj +5677 0 obj << +/D [5655 0 R /XYZ 203.356 409.857 null] +>> endobj +5678 0 obj << +/D [5655 0 R /XYZ 71.731 387.91 null] +>> endobj +5679 0 obj << +/D [5655 0 R /XYZ 71.731 387.91 null] +>> endobj +5680 0 obj << +/D [5655 0 R /XYZ 184.737 376.981 null] +>> endobj +5681 0 obj << +/D [5655 0 R /XYZ 71.731 355.033 null] +>> endobj +5682 0 obj << +/D [5655 0 R /XYZ 71.731 355.033 null] +>> endobj +5683 0 obj << +/D [5655 0 R /XYZ 184.737 344.104 null] +>> endobj +5684 0 obj << +/D [5655 0 R /XYZ 71.731 322.156 null] +>> endobj +5685 0 obj << +/D [5655 0 R /XYZ 71.731 322.156 null] +>> endobj +5686 0 obj << +/D [5655 0 R /XYZ 184.737 311.227 null] +>> endobj +5687 0 obj << +/D [5655 0 R /XYZ 71.731 289.28 null] +>> endobj +5688 0 obj << +/D [5655 0 R /XYZ 71.731 289.28 null] +>> endobj +5689 0 obj << +/D [5655 0 R /XYZ 184.737 278.35 null] +>> endobj +5690 0 obj << +/D [5655 0 R /XYZ 71.731 256.403 null] +>> endobj +5691 0 obj << +/D [5655 0 R /XYZ 71.731 256.403 null] +>> endobj +5692 0 obj << +/D [5655 0 R /XYZ 184.737 245.474 null] +>> endobj +5693 0 obj << +/D [5655 0 R /XYZ 71.731 223.526 null] +>> endobj +5694 0 obj << +/D [5655 0 R /XYZ 71.731 223.526 null] +>> endobj +5695 0 obj << +/D [5655 0 R /XYZ 191.212 212.597 null] +>> endobj +5696 0 obj << +/D [5655 0 R /XYZ 71.731 190.649 null] +>> endobj +5697 0 obj << +/D [5655 0 R /XYZ 71.731 190.649 null] +>> endobj +5698 0 obj << +/D [5655 0 R /XYZ 179.765 179.72 null] +>> endobj +5699 0 obj << +/D [5655 0 R /XYZ 71.731 157.773 null] +>> endobj +5700 0 obj << +/D [5655 0 R /XYZ 71.731 157.773 null] +>> endobj +5701 0 obj << +/D [5655 0 R /XYZ 178.101 146.844 null] +>> endobj +5702 0 obj << +/D [5655 0 R /XYZ 71.731 124.896 null] +>> endobj +5703 0 obj << +/D [5655 0 R /XYZ 71.731 124.896 null] +>> endobj +5704 0 obj << +/D [5655 0 R /XYZ 188.612 113.967 null] +>> endobj +5654 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5708 0 obj << +/Length 876 +/Filter /FlateDecode +>> +stream +xÚÝWÝoÚ0ç¯HŸ’LŵïNŽulÒÔI•ŠŽÖ +D +1sÒþûc›bÄ*€ñŽb;w¿ûÝG|ö +öŸ>W_¢È+P‘ÒÔÏœ(&(O/‹(<©7žy“àãz͛Yµ ‡4ÁÁ-ÒÏ»ªíôJÌõ³ÍOŒéâI†$ XW‰F¿P§57ÂkuކãolxxCJ)Šp‹%8×v[®pž¹¬º­’®dŸk„"@/Œb[m`j +5|GO+ç{ÊI(Ø1Ê +_j韆O +³¯šyH“@˜m#ºªŽ²/¬÷Ž1Û“¿Ì’K40»<0KVsÙ +q†RŒbL,!€Eh①+Q’ÄJf¥e° +Æ)JŽà-ŠU>²<ž‹à`Q5 +}Ð-%o—¢žµGìÅÊ)HÈs–i¬^ŸælÉÙLCõ Lp˹›ŽIÿÊQŠQt |ÐoæBš Ém€;VÕ-`“ë#†\ªÉMÀ¿Ç#Ž`ׇQÓɊ·oÉï`üAW˜Š[_e7Z-Å^jiuˆ9%‘MLÝW}ŠuÕ«çDW4«õ¶]ó²šW\>îâ„ËР:.Þ˪éN¢DQ +¥qnJÕ ýBIŠò"=7!ƒêÖ趭Oã”f(&gçdP +N÷p +䯟fübÜ[$>71ƒêÔh³ò€ŠÊ0"ÙكePÝtÓq}k²“>¿ +î?zvb=šÃë3ëؔµ§e°@INÎ@*rHiT'ƒ FYà(9×8F˜ÿq„p¥ÀÛÉÖxéŒ*Òj×GZMÜv›·"Ò?ýwŸ¡å_ؕíUþ=yYVåÒ°·ý +.k.גw|fÞŽFÕõŽ/§M —tS{ʚ>™ª%Š +;hù¢©·V*e­z«Šü³áõ6L“ÀŒ_£ +[­kÕé^=Ÿow +Ü2, +)þûÉF©ŽŽQ÷ï¿ÿ +ìÅÛžûN3Å +BšB³ø>”–žŒè+âž³)–¬Y˜å\ŠÕž¢ïú㫳È*Äû&nTe +˜Po€ÙT˜ï~yÌ +!3ú:Ù5özCÇ8;uíÏo‰™ß~„1˜ïJuó,wC +4»ª¹‚_ћ„37Ý¿Œu×Θvø' OQœ€}³‹ŠB£(stFãÁ¯6 +endstream +endobj +5707 0 obj << +/Type /Page +/Contents 5708 0 R +/Resources 5706 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5615 0 R +/Annots [ 5705 0 R ] +>> endobj +5705 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [203.496 625.814 250.32 636.718] +/Subtype /Link +/A << /S /GoTo /D (0:THRESHOLDS) >> +>> endobj +5709 0 obj << +/D [5707 0 R /XYZ 71.731 729.265 null] +>> endobj +5710 0 obj << +/D [5707 0 R /XYZ 71.731 741.22 null] +>> endobj +5711 0 obj << +/D [5707 0 R /XYZ 71.731 718.306 null] +>> endobj +5712 0 obj << +/D [5707 0 R /XYZ 71.731 718.306 null] +>> endobj +5713 0 obj << +/D [5707 0 R /XYZ 212.084 708.344 null] +>> endobj +778 0 obj << +/D [5707 0 R /XYZ 268.605 661.844 null] +>> endobj +5714 0 obj << +/D [5707 0 R /XYZ 71.731 638.089 null] +>> endobj +5715 0 obj << +/D [5707 0 R /XYZ 71.731 606.885 null] +>> endobj +5716 0 obj << +/D [5707 0 R /XYZ 71.731 606.885 null] +>> endobj +5717 0 obj << +/D [5707 0 R /XYZ 71.731 574.143 null] +>> endobj +5718 0 obj << +/D [5707 0 R /XYZ 71.731 543.189 null] +>> endobj +5719 0 obj << +/D [5707 0 R /XYZ 71.731 543.189 null] +>> endobj +5720 0 obj << +/D [5707 0 R /XYZ 179.765 530.337 null] +>> endobj +5721 0 obj << +/D [5707 0 R /XYZ 71.731 508.39 null] +>> endobj +5722 0 obj << +/D [5707 0 R /XYZ 71.731 508.39 null] +>> endobj +5723 0 obj << +/D [5707 0 R /XYZ 181.977 497.461 null] +>> endobj +5724 0 obj << +/D [5707 0 R /XYZ 71.731 475.513 null] +>> endobj +5725 0 obj << +/D [5707 0 R /XYZ 71.731 475.513 null] +>> endobj +5726 0 obj << +/D [5707 0 R /XYZ 176.448 464.584 null] +>> endobj +5727 0 obj << +/D [5707 0 R /XYZ 71.731 442.636 null] +>> endobj +5728 0 obj << +/D [5707 0 R /XYZ 71.731 442.636 null] +>> endobj +5729 0 obj << +/D [5707 0 R /XYZ 186.968 431.707 null] +>> endobj +5730 0 obj << +/D [5707 0 R /XYZ 71.731 409.759 null] +>> endobj +5731 0 obj << +/D [5707 0 R /XYZ 71.731 409.759 null] +>> endobj +5732 0 obj << +/D [5707 0 R /XYZ 192.866 398.83 null] +>> endobj +5733 0 obj << +/D [5707 0 R /XYZ 71.731 376.883 null] +>> endobj +5734 0 obj << +/D [5707 0 R /XYZ 71.731 376.883 null] +>> endobj +5735 0 obj << +/D [5707 0 R /XYZ 189.728 365.954 null] +>> endobj +5736 0 obj << +/D [5707 0 R /XYZ 71.731 344.006 null] +>> endobj +5737 0 obj << +/D [5707 0 R /XYZ 71.731 344.006 null] +>> endobj +5738 0 obj << +/D [5707 0 R /XYZ 196.771 333.077 null] +>> endobj +5739 0 obj << +/D [5707 0 R /XYZ 71.731 311.129 null] +>> endobj +5740 0 obj << +/D [5707 0 R /XYZ 71.731 311.129 null] +>> endobj +5741 0 obj << +/D [5707 0 R /XYZ 199.133 300.2 null] +>> endobj +5742 0 obj << +/D [5707 0 R /XYZ 71.731 278.253 null] +>> endobj +5743 0 obj << +/D [5707 0 R /XYZ 71.731 278.253 null] +>> endobj +5744 0 obj << +/D [5707 0 R /XYZ 218.789 267.324 null] +>> endobj +5745 0 obj << +/D [5707 0 R /XYZ 71.731 245.241 null] +>> endobj +1223 0 obj << +/D [5707 0 R /XYZ 71.731 192.19 null] +>> endobj +782 0 obj << +/D [5707 0 R /XYZ 347.055 149.093 null] +>> endobj +5746 0 obj << +/D [5707 0 R /XYZ 71.731 125.337 null] +>> endobj +5706 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F38 956 0 R /F25 852 0 R /F60 1440 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5749 0 obj << +/Length 840 +/Filter /FlateDecode +>> +stream +xÚÅW]o›0}ϯàaR@Z<Û`“öХݎ­“Š5{j«Š‚“ @àŽë¿ß5&)ÉL’vŠö;æÚ÷œûq +ؚYØú<ø8ŒûäºVˆBN¹5™Z®GPÀ˜å»FjMëÚ>+K‘'éogD¶ÇH—i-õ¬˜ê1.òŒélU9„Ù‘L‹\?P«™hKµ^;·“¯ÜâAĈRŠ\ìÂÄC +Åõ/¹,oÕ>0' +slZß×v¹¬RQ¿o-ƒ~ËËb–æ㹈g±L +‚íõ#>è­ +[låžÚxˆS'4;ï‹"QnãaD}¶¶»¡Ô׎‡dš'²Ðcý˜ÊxÞÆ$ÛZá}VS‡2{Š +ÄF"„ŒåÇwù}É¥š6£ÌÄ0„ÌSoŒÍ€îaHèß + +b”é•{! +hk V8j3x]Ÿœ+¡ŠH'€JåSCƄ›3D1{ÆýИ›€säúàà‰6ž˜ö€W§E¥'™r¬§ +Ã\öp!1àp˜Ë÷U&Sc© +Ÿ’ÐR9.×ýØЫۄµŠuŽlŸ®jšÆ잌1p˜k±’&ž>FŸë4qàyOæ(³ˆÅÌJK +Üðÿh)G˜ +Áâ|bìÉyÞ?\sÍÙmüç¢CŠZ•m+ž‹:®ÒR®ÛtâÆûµ +Ý`†¡“ B՞EHä†È';wß® +m‡Àx„‹ðtrtÔåÁ +÷&ï꩖b9Ž²¶.Œ}ç#£«Q’T¢~Iñm·Þºõ’W7îâ +•°Y%ʞÇ0ZF¥J ¹ñ|»æ~ÖêĉÒN©;v“sò +µ;¹]°Ïü‡&á ßsXà)Æ@˜Ž +z(>{•øG¥4²ˆ +ÓèêàT!)«"Ÿ«6îÑØØŒöE÷[ ûAB9G ù +Â^û)@Ü`kÏÅdðy—Fm +endstream +endobj +5748 0 obj << +/Type /Page +/Contents 5749 0 R +/Resources 5747 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5615 0 R +>> endobj +5750 0 obj << +/D [5748 0 R /XYZ 71.731 729.265 null] +>> endobj +5751 0 obj << +/D [5748 0 R /XYZ 71.731 718.306 null] +>> endobj +5752 0 obj << +/D [5748 0 R /XYZ 71.731 718.306 null] +>> endobj +5753 0 obj << +/D [5748 0 R /XYZ 71.731 655.442 null] +>> endobj +5754 0 obj << +/D [5748 0 R /XYZ 71.731 655.442 null] +>> endobj +5755 0 obj << +/D [5748 0 R /XYZ 204.173 642.59 null] +>> endobj +5756 0 obj << +/D [5748 0 R /XYZ 71.731 620.643 null] +>> endobj +5757 0 obj << +/D [5748 0 R /XYZ 71.731 620.643 null] +>> endobj +5758 0 obj << +/D [5748 0 R /XYZ 211.376 609.714 null] +>> endobj +5759 0 obj << +/D [5748 0 R /XYZ 71.731 587.766 null] +>> endobj +5760 0 obj << +/D [5748 0 R /XYZ 71.731 587.766 null] +>> endobj +5761 0 obj << +/D [5748 0 R /XYZ 184.757 576.837 null] +>> endobj +5762 0 obj << +/D [5748 0 R /XYZ 71.731 554.755 null] +>> endobj +5763 0 obj << +/D [5748 0 R /XYZ 71.731 554.755 null] +>> endobj +5764 0 obj << +/D [5748 0 R /XYZ 208.557 543.96 null] +>> endobj +5765 0 obj << +/D [5748 0 R /XYZ 71.731 521.878 null] +>> endobj +5766 0 obj << +/D [5748 0 R /XYZ 71.731 521.878 null] +>> endobj +5767 0 obj << +/D [5748 0 R /XYZ 190.286 511.083 null] +>> endobj +1224 0 obj << +/D [5748 0 R /XYZ 71.731 507.681 null] +>> endobj +786 0 obj << +/D [5748 0 R /XYZ 401.695 464.584 null] +>> endobj +5768 0 obj << +/D [5748 0 R /XYZ 71.731 440.828 null] +>> endobj +5769 0 obj << +/D [5748 0 R /XYZ 71.731 409.625 null] +>> endobj +5770 0 obj << +/D [5748 0 R /XYZ 71.731 409.625 null] +>> endobj +5771 0 obj << +/D [5748 0 R /XYZ 71.731 377.421 null] +>> endobj +5772 0 obj << +/D [5748 0 R /XYZ 71.731 345.929 null] +>> endobj +5773 0 obj << +/D [5748 0 R /XYZ 71.731 345.929 null] +>> endobj +5774 0 obj << +/D [5748 0 R /XYZ 208.188 333.077 null] +>> endobj +5775 0 obj << +/D [5748 0 R /XYZ 71.731 311.712 null] +>> endobj +5776 0 obj << +/D [5748 0 R /XYZ 71.731 311.712 null] +>> endobj +5777 0 obj << +/D [5748 0 R /XYZ 215.391 300.2 null] +>> endobj +5778 0 obj << +/D [5748 0 R /XYZ 71.731 280.096 null] +>> endobj +5779 0 obj << +/D [5748 0 R /XYZ 71.731 280.096 null] +>> endobj +5780 0 obj << +/D [5748 0 R /XYZ 198.993 267.324 null] +>> endobj +5781 0 obj << +/D [5748 0 R /XYZ 71.731 245.241 null] +>> endobj +5782 0 obj << +/D [5748 0 R /XYZ 71.731 245.241 null] +>> endobj +5783 0 obj << +/D [5748 0 R /XYZ 188.771 234.447 null] +>> endobj +5784 0 obj << +/D [5748 0 R /XYZ 71.731 212.365 null] +>> endobj +5785 0 obj << +/D [5748 0 R /XYZ 71.731 212.365 null] +>> endobj +5786 0 obj << +/D [5748 0 R /XYZ 207.292 201.57 null] +>> endobj +5787 0 obj << +/D [5748 0 R /XYZ 71.731 179.488 null] +>> endobj +5788 0 obj << +/D [5748 0 R /XYZ 71.731 179.488 null] +>> endobj +5789 0 obj << +/D [5748 0 R /XYZ 211.924 168.693 null] +>> endobj +5790 0 obj << +/D [5748 0 R /XYZ 71.731 133.66 null] +>> endobj +5791 0 obj << +/D [5748 0 R /XYZ 71.731 133.66 null] +>> endobj +5792 0 obj << +/D [5748 0 R /XYZ 199.352 122.865 null] +>> endobj +5747 0 obj << +/Font << /F33 859 0 R /F38 956 0 R /F31 858 0 R /F60 1440 0 R /F25 852 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5795 0 obj << +/Length 1080 +/Filter /FlateDecode +>> +stream +xÚµW[oÛ6}ϯÐ[e fx)©@ +²\ŠléÖÎöЁ"Ñ6›Ôtik ?Ÿ€HٖBÇX°œ˜ºßwÎù?Ê0X0xwòËýÉÙ +!A +R†Yp?H„@Bi¬G +ÜÁ§ð¢,¹,Ä÷ÉS^;މº±WjnÇ\ÉÏâE[M +³F(i_˜§+î&—æy=ùrÿë t84ˆdÄc +$ú"&ÅoLCÞ +–|õA_$¡ÊÿTª¹UemƒŸ›°g7 +‰ŽÆ"-MŒ‘ÎÓEɊ¢âum玗5‚#ÜÏûŒqlc6K‡Œ_:à\V*š4ˆ!UÁTÉ«Ì2tÔ)\TŒ4 ƒ)" À‰&†0H{y +˜mꆯÁ:+u0äï냩)W̎ u§ÔS[ +– +! Šÿ¿V«= [ +üs¬n”Lâ¡n>]4xklŽã3b`€G¢4µË.Al + +'áå’ç +Ã'!öÉÜܪÊÞÌþºœ:›œ»œ²·ÖÄ^5\–®±Çóÿ—<+tŽ·/ÔÎ-û4kEap=}ñ$MŸ–M%xýöž%¶Q/4ª ‚áWóÃ} +ˆSÓmi•ZñL +°@LŸ[à +z㌠ìXMŸtN§n|iÖÜ8x<ŒŠ¥€°x$vOïú{Ÿj +/¯„éVõxˬYzHé~ƒ{Nê +štYUµÙ97“ +œs{Ý>öótq:k˜r³1-Nû`^©õhû䆌ë³ÈÕÆí&c7²•ä^lyæŒ÷èÞ×%Ï +ñ0/údÂ!þf̐m&Œ†àžE·bÏ4Ê¢]yÕN!Ð1œŽµ›ès”y\tY)ÙdÓ•xêœê8ô¬nÝFíÕªýv!€ +ïMS»*Ñl¶Œø&Nɖ +ÿÚ-ñQa€Äžžš³á.µÙFà÷ÞÊæ £ÊpSÖ>Ü,,Ù*;/} +%€íží ߉µhöng}0¹Bp}ÖõˆŠi˜ÿzž$F¥ä@wú]ÕúÒ[ +`‚^ߕºðFÝáá¬U+›~_dî¡ìÀžMxÅçÝ&iWý6ï·³T¿h憲EûØfU&!ùÐ`Œ‡1FZ*òzÎ/¹n(Õî?ÛÄ5^O“!ݓ’£4ßk,Ê[ZD"Àè–'ü~`_kÖ}Ÿ¢ˈ +÷ éûu—؛+Ÿâ{qntjNJ¯•kŽë/Q +š‚ŸÕ +QØ)Z’-ê~¹íÁ,Žš0:í}4ˆø‚ì£n}n|Ž +hwò<#Н=;¶ž†€9ƒþMcßIjõó»3išüÇî,úzéký +Œ{¿ì³Šjež5Ü).ܧ¥­ºœ†}¥ô·vL†•2ÂÙ$»ƒ¹?󥪹|^‚ᬠ+ÿƒüÒm.ÁK ˜8›t°èúþä'ßۇ‰ +endstream +endobj +5794 0 obj << +/Type /Page +/Contents 5795 0 R +/Resources 5793 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5615 0 R +>> endobj +5796 0 obj << +/D [5794 0 R /XYZ 71.731 729.265 null] +>> endobj +5797 0 obj << +/D [5794 0 R /XYZ 71.731 741.22 null] +>> endobj +5798 0 obj << +/D [5794 0 R /XYZ 71.731 718.306 null] +>> endobj +5799 0 obj << +/D [5794 0 R /XYZ 71.731 718.306 null] +>> endobj +5800 0 obj << +/D [5794 0 R /XYZ 217.623 708.344 null] +>> endobj +5801 0 obj << +/D [5794 0 R /XYZ 71.731 673.31 null] +>> endobj +5802 0 obj << +/D [5794 0 R /XYZ 71.731 673.31 null] +>> endobj +5803 0 obj << +/D [5794 0 R /XYZ 232.577 662.516 null] +>> endobj +1225 0 obj << +/D [5794 0 R /XYZ 71.731 646.162 null] +>> endobj +790 0 obj << +/D [5794 0 R /XYZ 344.644 603.064 null] +>> endobj +5804 0 obj << +/D [5794 0 R /XYZ 71.731 579.309 null] +>> endobj +5805 0 obj << +/D [5794 0 R /XYZ 71.731 548.106 null] +>> endobj +5806 0 obj << +/D [5794 0 R /XYZ 71.731 548.106 null] +>> endobj +5807 0 obj << +/D [5794 0 R /XYZ 71.731 515.901 null] +>> endobj +5808 0 obj << +/D [5794 0 R /XYZ 71.731 484.41 null] +>> endobj +5809 0 obj << +/D [5794 0 R /XYZ 71.731 484.41 null] +>> endobj +5810 0 obj << +/D [5794 0 R /XYZ 198.644 471.558 null] +>> endobj +5811 0 obj << +/D [5794 0 R /XYZ 71.731 450.193 null] +>> endobj +5812 0 obj << +/D [5794 0 R /XYZ 71.731 450.193 null] +>> endobj +5813 0 obj << +/D [5794 0 R /XYZ 206.056 438.681 null] +>> endobj +5814 0 obj << +/D [5794 0 R /XYZ 71.731 403.647 null] +>> endobj +5815 0 obj << +/D [5794 0 R /XYZ 71.731 403.647 null] +>> endobj +5816 0 obj << +/D [5794 0 R /XYZ 209.932 392.853 null] +>> endobj +5817 0 obj << +/D [5794 0 R /XYZ 71.731 372.748 null] +>> endobj +5818 0 obj << +/D [5794 0 R /XYZ 71.731 372.748 null] +>> endobj +5819 0 obj << +/D [5794 0 R /XYZ 206.345 359.976 null] +>> endobj +5820 0 obj << +/D [5794 0 R /XYZ 71.731 337.894 null] +>> endobj +5821 0 obj << +/D [5794 0 R /XYZ 71.731 337.894 null] +>> endobj +5822 0 obj << +/D [5794 0 R /XYZ 187.237 327.099 null] +>> endobj +5823 0 obj << +/D [5794 0 R /XYZ 71.731 305.017 null] +>> endobj +5824 0 obj << +/D [5794 0 R /XYZ 71.731 305.017 null] +>> endobj +5825 0 obj << +/D [5794 0 R /XYZ 201.633 294.223 null] +>> endobj +5826 0 obj << +/D [5794 0 R /XYZ 71.731 272.141 null] +>> endobj +5827 0 obj << +/D [5794 0 R /XYZ 71.731 272.141 null] +>> endobj +5828 0 obj << +/D [5794 0 R /XYZ 240.925 261.346 null] +>> endobj +5829 0 obj << +/D [5794 0 R /XYZ 71.731 239.264 null] +>> endobj +5830 0 obj << +/D [5794 0 R /XYZ 71.731 239.264 null] +>> endobj +5831 0 obj << +/D [5794 0 R /XYZ 254.205 228.469 null] +>> endobj +5832 0 obj << +/D [5794 0 R /XYZ 71.731 193.436 null] +>> endobj +5833 0 obj << +/D [5794 0 R /XYZ 71.731 193.436 null] +>> endobj +5834 0 obj << +/D [5794 0 R /XYZ 247.55 182.641 null] +>> endobj +1226 0 obj << +/D [5794 0 R /XYZ 71.731 166.661 null] +>> endobj +5793 0 obj << +/Font << /F33 859 0 R /F38 956 0 R /F60 1440 0 R /F31 858 0 R /F25 852 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5837 0 obj << +/Length 997 +/Filter /FlateDecode +>> +stream +xÚœWMoã6œçWèP 2°fHJ©zHÓ€MÑt]ç”ÝmÑ2™2ôoþ}ùi[¶œMÝK49ó8ož•Œþžømvqu—$Qò +gÑl%)Œˆ&X?q4+¢§øz³ªß'SL`|ÜóoÙvΪ—î¹šÕWqÙ7DbÞÉZ¹Œ·>xcüíäÛì¯ +è랺Ã$B`DRSÅSNL]7€™Ô”Å7+±˜`?KU:ÏҌ֍{YלêœyM#EHS +FÑÔ¥Ôeø"û¢W‚zÿ~-;X +‡Ëž +LÂöÛH–™¹È[Õ5RŽïØÓnip>_ëš&Æ/æøÕ-Í`ÄôÒÌ +c eTï`WÎëº\A†SâŸbL +ÒKt錮vÏv+»ÅÊ÷K}ðQð­(Ý/Á°) +Ð +ŸÃw¯:Ñìòj +aN@–‡Â[¡‰VŽg"| +Њx1òÊyæ¢Û +á;œ0eŽãµ'äÓÄðÛõ£‘Ý«Åò ÛVÓe¬z1ÀŒìë±ËÆd ¡#tFl3—Ñy—–ðÚX»ÜþŒq +MÊ@F萓Çh>ّyNRˆ~&œtœ–J“a£,¿lwÆpdÊBuWÞi2gÆO>§±}αÙFˆ€4£§ð +ö%ojÌ06–mà$2(•Ým{Ù,åþÈìlkȔ˜3` 'ÈUÁÛ Åë5Ÿ¶bÃމÂ9+-Ù~š~™û +pÿZqõì»ÒÔk`åkÙ4b!Š±YžŸ?G’ +ôVs‚=Ïߧç}+Œå>$ÿ—œûxzÔùî€Îó–¢ÓÿªèfW_ÿ%=ËBïTôôç+:ÌAÂÒ³øþáëqTš°ùn`–úˆ•Žtƒ¶©+¹–˜ SŒ¶C#£u$&œ*„7à~ùóÓíŸÁ몪 +Ôm˜ÿ¡èÃîf+7pé[ Ü¥-ÜÌå«?MވÞª*YªºþÀy§É27Ôî;ÑzgU—þØöŽ²q%M2{¯ªÝVáFE`!–ö‹ÙW~E>®Ñ<¯Uõz°ÔÌ<°Ñ?XlЃò7>óKŠVÅ><?žŸ"X~”E{æڒåYhl/ +G#RcT'€àü”×{iÞFï÷ +Ü®D8·mxړ{KšgAíŽÙ9d»ë.ðÄHR€1žág®Ê@!Ó.J¿5‚pJ 4MÛ1f·e࢏œ_îÄ7íò«ðå™Æ€<“NH"»sߙŠTG²oŽ +Ýۇÿ<°L‹°– +œ$ÌJá`Ííìâ_f¿4` +endstream +endobj +5836 0 obj << +/Type /Page +/Contents 5837 0 R +/Resources 5835 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5870 0 R +>> endobj +5838 0 obj << +/D [5836 0 R /XYZ 71.731 729.265 null] +>> endobj +5839 0 obj << +/D [5836 0 R /XYZ 71.731 741.22 null] +>> endobj +794 0 obj << +/D [5836 0 R /XYZ 336.949 705.748 null] +>> endobj +5840 0 obj << +/D [5836 0 R /XYZ 71.731 681.992 null] +>> endobj +5841 0 obj << +/D [5836 0 R /XYZ 71.731 618.585 null] +>> endobj +5842 0 obj << +/D [5836 0 R /XYZ 71.731 587.093 null] +>> endobj +5843 0 obj << +/D [5836 0 R /XYZ 71.731 587.093 null] +>> endobj +5844 0 obj << +/D [5836 0 R /XYZ 208.039 574.241 null] +>> endobj +5845 0 obj << +/D [5836 0 R /XYZ 71.731 552.876 null] +>> endobj +5846 0 obj << +/D [5836 0 R /XYZ 71.731 552.876 null] +>> endobj +5847 0 obj << +/D [5836 0 R /XYZ 215.242 541.364 null] +>> endobj +5848 0 obj << +/D [5836 0 R /XYZ 71.731 521.26 null] +>> endobj +5849 0 obj << +/D [5836 0 R /XYZ 71.731 521.26 null] +>> endobj +5850 0 obj << +/D [5836 0 R /XYZ 221.837 508.487 null] +>> endobj +5851 0 obj << +/D [5836 0 R /XYZ 71.731 486.405 null] +>> endobj +5852 0 obj << +/D [5836 0 R /XYZ 71.731 486.405 null] +>> endobj +5853 0 obj << +/D [5836 0 R /XYZ 222.953 475.611 null] +>> endobj +5854 0 obj << +/D [5836 0 R /XYZ 71.731 453.529 null] +>> endobj +5855 0 obj << +/D [5836 0 R /XYZ 71.731 453.529 null] +>> endobj +5856 0 obj << +/D [5836 0 R /XYZ 181.13 442.734 null] +>> endobj +1227 0 obj << +/D [5836 0 R /XYZ 71.731 426.38 null] +>> endobj +798 0 obj << +/D [5836 0 R /XYZ 292.998 383.283 null] +>> endobj +5857 0 obj << +/D [5836 0 R /XYZ 71.731 359.527 null] +>> endobj +5858 0 obj << +/D [5836 0 R /XYZ 71.731 328.324 null] +>> endobj +5859 0 obj << +/D [5836 0 R /XYZ 71.731 328.324 null] +>> endobj +5860 0 obj << +/D [5836 0 R /XYZ 71.731 296.12 null] +>> endobj +5861 0 obj << +/D [5836 0 R /XYZ 71.731 264.628 null] +>> endobj +5862 0 obj << +/D [5836 0 R /XYZ 71.731 264.628 null] +>> endobj +5863 0 obj << +/D [5836 0 R /XYZ 188.662 251.776 null] +>> endobj +5864 0 obj << +/D [5836 0 R /XYZ 71.731 230.411 null] +>> endobj +5865 0 obj << +/D [5836 0 R /XYZ 71.731 230.411 null] +>> endobj +5866 0 obj << +/D [5836 0 R /XYZ 186.649 218.899 null] +>> endobj +5867 0 obj << +/D [5836 0 R /XYZ 71.731 171.632 null] +>> endobj +5868 0 obj << +/D [5836 0 R /XYZ 71.731 171.632 null] +>> endobj +5869 0 obj << +/D [5836 0 R /XYZ 208.248 160.12 null] +>> endobj +1228 0 obj << +/D [5836 0 R /XYZ 71.731 143.766 null] +>> endobj +5835 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5873 0 obj << +/Length 977 +/Filter /FlateDecode +>> +stream +xÚÍWIoã6ŸçWèf3$µ0‡4Í):­øP`f²D[DŽ•€Ï¿ï£H)–-;z1ñ-ßۍƒß®~Y_]v]'Fq@gœu\ È÷Ð¥°Rg9_ç7MêŒïKêãù-2ë\*³«·fMëêÆt׊ñç‰âue>èۂÙǍŸ—‹ïë߯°Õãú3õ +"J|Ok±€!F„zzƒöŒ·°Õ²Ãh~›³tAñü‘W;s³ÕÇZ˜CγÁóŒU×Ûä‘] +öOËËÌ×FtoS&%ëôx!Š(q–Úahd?°ôNΒ +ŽŽÑ- +“}])"#Këüø}B^Oš»J Îäž3¿ +5î'ýÃ>v"`t† +ˆ|:úM],©ŠL€ +‡wß( + +ò™šDËfæ¬j³Êg®ÒÜ:žú`oµ +I!/ŸÇùó-š@»$.c|ì +[¡àêDZ +&QÇÈ%AF²§Žr +v€ÜžÂ¡Žê¡ævÛ +lŸVJö!ï㌠+Ž +Mn?ŠÀ +iԞ‚(ºìê/ŒZÝÿz¬ÿâ:^)¶cbÚŁëbÎŒlKso€ƒ/`@Âñ8ÀO°$û3X&ˆÒø?€Iö? +Æ¥a^!ž—szŠ!“bÒMŠHô“P;3y&ÉDHv2žtà% +¹Ù0õ̘-Q©ÖCžÉªáWÜí¡žËIœ¡0‡œ:«¿ +îÿ^,Œç‚íÚ"æÀöVº`ž"ÒY +íåҍYÑéaKFž +ù砖”ÑV¶-}i¡-Tè +” S@LQì#®L†Ò“ØjÔn$TÜ®‘h9ÕèkÁ+6îr*·³FÚÂV·ªiúùŠœzXu!¢òI[ˆøCŒ4ðjœÔCÄ +N­¹îÕìèFÆjŠkÔG +ŒUuÆ4ŒÞÈœ +ÒºlxßÇ/Ùù4¡¶±÷ø›.Kv“؁pŸ»{҉ܵ%æwµAwü³V̄ +!F2œ—X +BHFB¬‹¶ŽÑW¶ýí† +Ñ@ûÐ÷ +h9û”5ý +Võ“YÕîí›çœ‰cОÊ^•ÙP† +Bhêf?J<#­16Ñ(ñž¶€lžµ×§^Š€aÉ2ÊŽ­¬^‰å*óZ±g«úæǐ[f³dë™ +±£±Ó iûÀHÞ6 ÖMW(õ0Ø]¢ï> ùê +ÆÀCίπaÓÐÿv<øO0úcBƒQhñKPߣÖFЍG4wë«?íET +endstream +endobj +5872 0 obj << +/Type /Page +/Contents 5873 0 R +/Resources 5871 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5870 0 R +>> endobj +5874 0 obj << +/D [5872 0 R /XYZ 71.731 729.265 null] +>> endobj +5875 0 obj << +/D [5872 0 R /XYZ 71.731 741.22 null] +>> endobj +802 0 obj << +/D [5872 0 R /XYZ 485.741 705.748 null] +>> endobj +5876 0 obj << +/D [5872 0 R /XYZ 71.731 681.992 null] +>> endobj +5877 0 obj << +/D [5872 0 R /XYZ 71.731 618.585 null] +>> endobj +5878 0 obj << +/D [5872 0 R /XYZ 71.731 587.093 null] +>> endobj +5879 0 obj << +/D [5872 0 R /XYZ 71.731 587.093 null] +>> endobj +5880 0 obj << +/D [5872 0 R /XYZ 211.167 574.241 null] +>> endobj +5881 0 obj << +/D [5872 0 R /XYZ 71.731 552.876 null] +>> endobj +5882 0 obj << +/D [5872 0 R /XYZ 71.731 552.876 null] +>> endobj +5883 0 obj << +/D [5872 0 R /XYZ 218.868 541.364 null] +>> endobj +5884 0 obj << +/D [5872 0 R /XYZ 71.731 519.282 null] +>> endobj +5885 0 obj << +/D [5872 0 R /XYZ 71.731 519.282 null] +>> endobj +5886 0 obj << +/D [5872 0 R /XYZ 219.127 508.487 null] +>> endobj +5887 0 obj << +/D [5872 0 R /XYZ 71.731 486.779 null] +>> endobj +5888 0 obj << +/D [5872 0 R /XYZ 71.731 486.779 null] +>> endobj +5889 0 obj << +/D [5872 0 R /XYZ 220.781 475.611 null] +>> endobj +5890 0 obj << +/D [5872 0 R /XYZ 71.731 453.902 null] +>> endobj +5891 0 obj << +/D [5872 0 R /XYZ 71.731 453.902 null] +>> endobj +5892 0 obj << +/D [5872 0 R /XYZ 218.37 442.734 null] +>> endobj +5893 0 obj << +/D [5872 0 R /XYZ 71.731 422.629 null] +>> endobj +5894 0 obj << +/D [5872 0 R /XYZ 71.731 422.629 null] +>> endobj +5895 0 obj << +/D [5872 0 R /XYZ 209.722 409.857 null] +>> endobj +5896 0 obj << +/D [5872 0 R /XYZ 71.731 374.824 null] +>> endobj +5897 0 obj << +/D [5872 0 R /XYZ 71.731 374.824 null] +>> endobj +5898 0 obj << +/D [5872 0 R /XYZ 215.71 364.029 null] +>> endobj +5899 0 obj << +/D [5872 0 R /XYZ 71.731 341.947 null] +>> endobj +5900 0 obj << +/D [5872 0 R /XYZ 71.731 341.947 null] +>> endobj +5901 0 obj << +/D [5872 0 R /XYZ 212.383 331.152 null] +>> endobj +1229 0 obj << +/D [5872 0 R /XYZ 71.731 301.847 null] +>> endobj +806 0 obj << +/D [5872 0 R /XYZ 316.274 258.75 null] +>> endobj +5902 0 obj << +/D [5872 0 R /XYZ 71.731 234.994 null] +>> endobj +5903 0 obj << +/D [5872 0 R /XYZ 71.731 203.791 null] +>> endobj +5904 0 obj << +/D [5872 0 R /XYZ 71.731 203.791 null] +>> endobj +5905 0 obj << +/D [5872 0 R /XYZ 71.731 171.587 null] +>> endobj +5906 0 obj << +/D [5872 0 R /XYZ 71.731 140.095 null] +>> endobj +5907 0 obj << +/D [5872 0 R /XYZ 71.731 140.095 null] +>> endobj +5908 0 obj << +/D [5872 0 R /XYZ 197.867 127.243 null] +>> endobj +5871 0 obj << +/Font << /F33 859 0 R /F25 852 0 R /F31 858 0 R /F38 956 0 R /F60 1440 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5911 0 obj << +/Length 1137 +/Filter /FlateDecode +>> +stream +xÚÅW[oœ8~ϯà­3RâØci²i²ÍªRÓfVÕ*Íπ–` +&iü +cà +‰gšv+õ‰‹ÍñùŸó +Ø[{Øûãà÷åÁñ¹ï{1ŠCz˕çEŒyܧp¥Þ2ó®g'u-ª¬xœQ†g§È\ß­2wre®©¬Ÿ`L×]3'l–šBVfA¿- +Ý\ë÷íüfùç¶~€іG”RäcnÄpdŒžÚêýœà™h +õt9§`­Q§¹HÿùMÛ;>±™0Ðf¢aÂýç­žï?3}²u^"ŸÓaãJ¹qN€ý‰ÌœhÞ®dcn¶V+ÕHÎÄJ;™t¥å§°‹) +Y&˜ 0îG‘w€™çÜø2ÁøI|í + 6š‰Ì +7&ÇFQ)Ѭ’T,j0Pê`œD +Çȧ‘ +ys_€b +” ˜'m®Õ0Ì£Ê +3ilˆ›ÞQ‘¹qƘíÁù¡WHR:c# +òünŒügc”ÖÉÍ×IYJ­ˆ‘ +j7jAH)ÜP3b +žÕP;k®’jJÙ.yà=|]¬+idábŒÇ(€³™*Ú\vefîo-y +öXd;•ŽŒñq +OkDoüYö©|H+œúCŒ +\8“ #⏎]\ΏB +áÏѶÊF±«„œdY±-Ã_ +RK†’–š4©6Œtõt•0‡vw5:Ntݏ^Ûé+êŽlcˆ‘hSA¡Àg.ôF”8Ð÷gÜë€ðß +õ ̀ڏ} +ÓÇx7Bʆ€œœtæ4žÒ­”¥Úݐ8{ és.T.š]¡ƒC·òÁÖ +{}e¹ìÓ$œ”y„«,0hž0 W1ãÓ)‚$Oy4{/×c‹ +Ç;YJ6Eµ>NŽò C=µ +3p +E”LUr%ÒMçÎE’Å·S뜀ƒoúDÆÓž˜¥°; +Ιta +;øñàŒÑUP5xó,> +Js[ž«C»Ùð_¶{w¯ŽzWnâÑ(žÒ` Ÿ&¹8ƒðò_—\dOn†êDöy +êÑ.ÍwÄ/ŒFW—_ž-êDå× +šÚw‰ºùŽî|^”Ïê£Uõœ±™Ûi­ + +»”÷®ÈÄåÅ[g áÿCrW]]÷=¡‚C†2mµôԖrmÀ¶d-Úß$VÓ1 LDdè˜v`w)xè–C¥2Ì·óÚ0ø±Ý®”åÑØ'ËäV”‹ëŸIÝ'åÍB+¯íîþ5=\ +n±g§˜# +:Ԑ ]ߪaôxö8BêTÝ)à +åP(ƒh:I|Õ(Ðk1¿“­rB†9Û}€µhJ +­kñè€RDcªÓ€k +ÐT†g˜#¡îÚá°+Çmr:I%u]Ã$%«òiº +~LšB8G'£ +ê÷é7a)Ü}Ü^9T¶ÎªLæ€ +Ž +áKøgà{Z(1x-t4°lmD*²‘‡MX¬ +`bÖ=eü +CÏÿ*'¿¶„ Ê@Œ!Èã + è䛳åÁs‘í¡ +endstream +endobj +5910 0 obj << +/Type /Page +/Contents 5911 0 R +/Resources 5909 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5870 0 R +>> endobj +5912 0 obj << +/D [5910 0 R /XYZ 71.731 729.265 null] +>> endobj +5913 0 obj << +/D [5910 0 R /XYZ 71.731 718.306 null] +>> endobj +5914 0 obj << +/D [5910 0 R /XYZ 71.731 718.306 null] +>> endobj +5915 0 obj << +/D [5910 0 R /XYZ 205.568 708.344 null] +>> endobj +5916 0 obj << +/D [5910 0 R /XYZ 71.731 653.385 null] +>> endobj +5917 0 obj << +/D [5910 0 R /XYZ 71.731 653.385 null] +>> endobj +5918 0 obj << +/D [5910 0 R /XYZ 208.607 642.59 null] +>> endobj +5919 0 obj << +/D [5910 0 R /XYZ 71.731 607.557 null] +>> endobj +5920 0 obj << +/D [5910 0 R /XYZ 71.731 607.557 null] +>> endobj +5921 0 obj << +/D [5910 0 R /XYZ 199.003 596.762 null] +>> endobj +5922 0 obj << +/D [5910 0 R /XYZ 71.731 561.729 null] +>> endobj +5923 0 obj << +/D [5910 0 R /XYZ 71.731 561.729 null] +>> endobj +5924 0 obj << +/D [5910 0 R /XYZ 209.683 550.934 null] +>> endobj +5925 0 obj << +/D [5910 0 R /XYZ 71.731 528.852 null] +>> endobj +5926 0 obj << +/D [5910 0 R /XYZ 71.731 528.852 null] +>> endobj +5927 0 obj << +/D [5910 0 R /XYZ 205.07 518.057 null] +>> endobj +5928 0 obj << +/D [5910 0 R /XYZ 71.731 496.349 null] +>> endobj +5929 0 obj << +/D [5910 0 R /XYZ 71.731 496.349 null] +>> endobj +5930 0 obj << +/D [5910 0 R /XYZ 191.432 485.181 null] +>> endobj +1230 0 obj << +/D [5910 0 R /XYZ 71.731 481.778 null] +>> endobj +810 0 obj << +/D [5910 0 R /XYZ 341.253 438.681 null] +>> endobj +5931 0 obj << +/D [5910 0 R /XYZ 71.731 414.925 null] +>> endobj +5932 0 obj << +/D [5910 0 R /XYZ 71.731 383.722 null] +>> endobj +5933 0 obj << +/D [5910 0 R /XYZ 71.731 383.722 null] +>> endobj +5934 0 obj << +/D [5910 0 R /XYZ 71.731 350.98 null] +>> endobj +5935 0 obj << +/D [5910 0 R /XYZ 71.731 350.98 null] +>> endobj +5936 0 obj << +/D [5910 0 R /XYZ 187.566 340.051 null] +>> endobj +5937 0 obj << +/D [5910 0 R /XYZ 71.731 318.103 null] +>> endobj +5938 0 obj << +/D [5910 0 R /XYZ 71.731 318.103 null] +>> endobj +5939 0 obj << +/D [5910 0 R /XYZ 194.769 307.174 null] +>> endobj +5940 0 obj << +/D [5910 0 R /XYZ 71.731 285.226 null] +>> endobj +5941 0 obj << +/D [5910 0 R /XYZ 71.731 285.226 null] +>> endobj +5942 0 obj << +/D [5910 0 R /XYZ 188.234 274.297 null] +>> endobj +5943 0 obj << +/D [5910 0 R /XYZ 71.731 252.35 null] +>> endobj +5944 0 obj << +/D [5910 0 R /XYZ 71.731 252.35 null] +>> endobj +5945 0 obj << +/D [5910 0 R /XYZ 198.296 241.421 null] +>> endobj +5946 0 obj << +/D [5910 0 R /XYZ 71.731 206.387 null] +>> endobj +5947 0 obj << +/D [5910 0 R /XYZ 71.731 206.387 null] +>> endobj +5948 0 obj << +/D [5910 0 R /XYZ 188.333 195.593 null] +>> endobj +5949 0 obj << +/D [5910 0 R /XYZ 71.731 160.559 null] +>> endobj +5950 0 obj << +/D [5910 0 R /XYZ 71.731 160.559 null] +>> endobj +5951 0 obj << +/D [5910 0 R /XYZ 180.582 149.764 null] +>> endobj +5952 0 obj << +/D [5910 0 R /XYZ 71.731 115.104 null] +>> endobj +5953 0 obj << +/D [5910 0 R /XYZ 71.731 115.104 null] +>> endobj +5909 0 obj << +/Font << /F33 859 0 R /F38 956 0 R /F60 1440 0 R /F31 858 0 R /F25 852 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5956 0 obj << +/Length 1076 +/Filter /FlateDecode +>> +stream +xÚ¥WËnÛ8Ýç+ŽŽfùõÐEÓ€€ƒÌØ]µEA[Ž,@&5¢”€?—&¥ÊãíÆd +òòžsÏ}Ge„£W«‹7‹r”'4‰VۈÅeœG)£°ÒhUD_fïšFª¢zœ/(dz÷È­·•éÜNoݺÑê+ÆŽìÛ9á3ÑUZ¹Øoké7ö{3ÿ¶úë{?À‰lâĂRŠf°‰ǙóâV—{­>‚ílŠûæ­µðæC‚£ +.&±œ˜äˆ$`ñpþ+æž‘m ++ie)ÝF&/%Ñüç +JSQôF·ïvÞó­®k=§|öP©Ò}ÕöõxL»uíO‹Š©+YxЪþávÕöÄjÙoMZÞÊÃçÁÛhAA1O`CQ>Äc/ºÍNäM©ÃÑÂF.MŠœÝšb€-@BÆP’ó§$Ü<‚MÕÉÁw+ÜÒŽr#‹‘!B# ¢‚]e9»· dÈå +ß9žN +ÿè +ƙ P‡wø¿^öò{-Ö²Ÿ|MÌ M@ÚñSŒžÖ#„µ.§â•ªk=¢œƒÆ+5$ÁЊÕë}U@ô]³eY| +D쟭·};Pj +$ˆgŠòˆ€ˆ~ÀœˆÁ%°&(Îsgè="ÌŠdšÍ®E'ÖÂÈêáæ”ä¥ +ΐ£;)l$/ψÊ_û2<ó-ðΉo€°JšWX]ÊîúêmºPÀ9E)xïCV¬¿ïà`%F$ dkÖí +v²•'»Ÿr«‘­Si;$·2Cý➐Û9°÷uw9hc#jëˆU›/ŠËîëâžš~/ÛjãþøóÎi"·Ð‰—q‹¢°Ñªwã^([¹ü眒ſÅ>˜6< +Dc +|†Å,@£µ{\ñG‹Aygø2b¿ƒ„qlê@M³žÕ<§3±×ž +v~‚êìÉ*Žxò;šœá³‚(ŸG04VÛҞ ³F>ƒöžÑ}Bè +Ž¥6 +±„±@ÓJA’ûŠ56ŽÊïÖ~'b +јgüÓÝÁ1vÕm–2ÄùTœ‡Ã}'|ŸÇ،˜šÉ³ç°)­äóÑb +ˆOÑZc`èÞ~Ève:±Ž"@MœŒ²\k]K¡Â‘£i@•ÐÃU©«öòðêI™ØÀŽ¡|€á„¥<[œº¶?‡Ÿ¡4>Q+}7§¶Ñ + +¶f†0e¯Ä +Ÿ‰è0bŒ¯3Šš¶­_‡A¶yz,ÛwEq(3š0» `!ÉâÑåm%ëTiŽÒ, + +8vZ11•CãFɱy2iûãcB‹!Ňæ™]œ€e9Žj£išY~HÁÅ4; +R6c=TÝοâ¹ÿtÍý쌜8°ðq\‰ýžò©2Y×BIݛ—f–ä +™eúcâèMã + +á‹Ç(Žýo ³£;7«‹ÿJ_] +endstream +endobj +5955 0 obj << +/Type /Page +/Contents 5956 0 R +/Resources 5954 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5870 0 R +>> endobj +5957 0 obj << +/D [5955 0 R /XYZ 71.731 729.265 null] +>> endobj +5958 0 obj << +/D [5955 0 R /XYZ 71.731 741.22 null] +>> endobj +5959 0 obj << +/D [5955 0 R /XYZ 71.731 718.306 null] +>> endobj +5960 0 obj << +/D [5955 0 R /XYZ 71.731 718.306 null] +>> endobj +5961 0 obj << +/D [5955 0 R /XYZ 188.712 708.344 null] +>> endobj +5962 0 obj << +/D [5955 0 R /XYZ 71.731 675.367 null] +>> endobj +5963 0 obj << +/D [5955 0 R /XYZ 71.731 675.367 null] +>> endobj +5964 0 obj << +/D [5955 0 R /XYZ 71.731 640.433 null] +>> endobj +5965 0 obj << +/D [5955 0 R /XYZ 71.731 640.433 null] +>> endobj +5966 0 obj << +/D [5955 0 R /XYZ 180.582 629.639 null] +>> endobj +1231 0 obj << +/D [5955 0 R /XYZ 71.731 613.285 null] +>> endobj +814 0 obj << +/D [5955 0 R /XYZ 194.2 570.188 null] +>> endobj +5967 0 obj << +/D [5955 0 R /XYZ 71.731 550.047 null] +>> endobj +5968 0 obj << +/D [5955 0 R /XYZ 71.731 515.229 null] +>> endobj +5969 0 obj << +/D [5955 0 R /XYZ 71.731 515.229 null] +>> endobj +5970 0 obj << +/D [5955 0 R /XYZ 71.731 483.025 null] +>> endobj +5971 0 obj << +/D [5955 0 R /XYZ 71.731 451.533 null] +>> endobj +5972 0 obj << +/D [5955 0 R /XYZ 71.731 451.533 null] +>> endobj +5973 0 obj << +/D [5955 0 R /XYZ 172.273 438.681 null] +>> endobj +5974 0 obj << +/D [5955 0 R /XYZ 71.731 403.647 null] +>> endobj +5975 0 obj << +/D [5955 0 R /XYZ 71.731 403.647 null] +>> endobj +5976 0 obj << +/D [5955 0 R /XYZ 177.245 392.853 null] +>> endobj +5977 0 obj << +/D [5955 0 R /XYZ 71.731 371.144 null] +>> endobj +5978 0 obj << +/D [5955 0 R /XYZ 71.731 371.144 null] +>> endobj +5979 0 obj << +/D [5955 0 R /XYZ 175.79 359.976 null] +>> endobj +5980 0 obj << +/D [5955 0 R /XYZ 71.731 337.894 null] +>> endobj +5981 0 obj << +/D [5955 0 R /XYZ 71.731 337.894 null] +>> endobj +5982 0 obj << +/D [5955 0 R /XYZ 172.164 327.099 null] +>> endobj +5983 0 obj << +/D [5955 0 R /XYZ 71.731 305.391 null] +>> endobj +5984 0 obj << +/D [5955 0 R /XYZ 71.731 305.391 null] +>> endobj +5985 0 obj << +/D [5955 0 R /XYZ 193.105 294.223 null] +>> endobj +5986 0 obj << +/D [5955 0 R /XYZ 71.731 272.141 null] +>> endobj +5987 0 obj << +/D [5955 0 R /XYZ 71.731 272.141 null] +>> endobj +5988 0 obj << +/D [5955 0 R /XYZ 213.02 261.346 null] +>> endobj +5989 0 obj << +/D [5955 0 R /XYZ 71.731 239.264 null] +>> endobj +5990 0 obj << +/D [5955 0 R /XYZ 71.731 239.264 null] +>> endobj +5991 0 obj << +/D [5955 0 R /XYZ 182.574 228.469 null] +>> endobj +5992 0 obj << +/D [5955 0 R /XYZ 71.731 206.387 null] +>> endobj +5993 0 obj << +/D [5955 0 R /XYZ 71.731 206.387 null] +>> endobj +5994 0 obj << +/D [5955 0 R /XYZ 190.196 195.593 null] +>> endobj +1232 0 obj << +/D [5955 0 R /XYZ 71.731 181.296 null] +>> endobj +818 0 obj << +/D [5955 0 R /XYZ 235.344 136.141 null] +>> endobj +5995 0 obj << +/D [5955 0 R /XYZ 71.731 116.001 null] +>> endobj +5954 0 obj << +/Font << /F33 859 0 R /F38 956 0 R /F60 1440 0 R /F31 858 0 R /F25 852 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +5998 0 obj << +/Length 1269 +/Filter /FlateDecode +>> +stream +xÚÕXßOã8~篈V:ÑJWã8¿Wº® +”Õ²å +–Õ)M\‘ƹ8úßß8¶CRÜ +ڧݧ8fâ™ùüÍ7S°õ`aëâèÏøèäÜq¬E>ñ­xi9®Bϳ‡À“Xqf}V-³üe²6 +’‡3º +Ûð×MÑ|”»%ƒ}ېË$Ž‘š„|Àœrž<ÐM2Z›ò + +d‡®Ž÷Üힿݎ'>÷b +÷ÖçœõUo=ý`¶=äúÁ[$n+šæË­"Ȇ7l-×KV¯“Š[ËÅZ& _VmcÏ!Sþv"ß³‡Wzðá­9pìxP>˜`ð]äz]°Œµ3$å@NÄ5äDUÜO‚çҙÜPG +®=/Ób“Qýò¶"xþP&ÍŠŠšM²H8}eER0}èsÞ¬D€Ö$ŠPBö6A‘.ÔãM™t ++³îD*X„”„b€vCEVO‚‡œbìqS™P +=äá;‹Ä㥒 +Iù‚Óß +y%W ñ:”UZEWx¬hىOIÓæ +üªÒ4rõX2qê³ún±•xÚÄk +ú +fô +z•š/¯•“,«ºïx–g@6#êažÐO¬< +ÛášÑ@)(DÜ,Õ'»lŽÔ¶ +©“6a„Q¹ÃŒÝrp}.@NҌțížô=_'qõù⟗—s²A +(BÞºëSI:5ªªªB•¡ðz*æk<»Ÿ¹ŒÛW$ƒ@£ +ä9o?ÆãÀ +m+jì#ïèàg§·³I|yqvs2›ŸNår˜úvt çü +/t œÉÈZ6yÚëÁ)Ëz’þÇ.ôr™q»=qV¥à{ȉt)؊ŽZÁ2yr1$IZä°¿#<œÖªx÷©øNG†AoªX°8_!õ +„ýR=µÌøž"±‰AuÊFD%ÈYèŸÜ +–;õ|] +ÚQѬç p0"#vY.ZÌØÿ|ž”Ž‰E;‹)I”€xòdœJDÃo_è­óSSÁ»& +CÁÇúZy¿Êct+Ò2žb›"ӌV %0¹g]?l‹›g§Ïåë*I£+¥£Çy¹dÇÃ!ŠªéëdSÓŠÕ +?<˖Ž'8ñJë°üM0ÔfV[ÝÁ‰`™šØŒHšÜí($]ŸÐ¡ˆñPž0ŠÞ¡<ŠË¿b"gã݇{Ñ/w÷FnñyÇÝ + +95ýZ ¿Ÿsšå›µ‰b$pl÷'¥€Œn7@ë +±Øá +üÿ)°nøYnßPæF.ŽïúöûÿnüÏC9üΛ„ù‘<ÍvÝÁ'gñÑÇKs= +endstream +endobj +5997 0 obj << +/Type /Page +/Contents 5998 0 R +/Resources 5996 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5870 0 R +>> endobj +5999 0 obj << +/D [5997 0 R /XYZ 71.731 729.265 null] +>> endobj +6000 0 obj << +/D [5997 0 R /XYZ 71.731 718.306 null] +>> endobj +6001 0 obj << +/D [5997 0 R /XYZ 71.731 718.306 null] +>> endobj +6002 0 obj << +/D [5997 0 R /XYZ 71.731 655.442 null] +>> endobj +6003 0 obj << +/D [5997 0 R /XYZ 71.731 655.442 null] +>> endobj +6004 0 obj << +/D [5997 0 R /XYZ 160.647 642.59 null] +>> endobj +6005 0 obj << +/D [5997 0 R /XYZ 71.731 620.882 null] +>> endobj +6006 0 obj << +/D [5997 0 R /XYZ 71.731 620.882 null] +>> endobj +6007 0 obj << +/D [5997 0 R /XYZ 192.736 609.714 null] +>> endobj +6008 0 obj << +/D [5997 0 R /XYZ 71.731 587.631 null] +>> endobj +6009 0 obj << +/D [5997 0 R /XYZ 71.731 587.631 null] +>> endobj +6010 0 obj << +/D [5997 0 R /XYZ 184.009 576.837 null] +>> endobj +6011 0 obj << +/D [5997 0 R /XYZ 71.731 542.177 null] +>> endobj +6012 0 obj << +/D [5997 0 R /XYZ 71.731 542.177 null] +>> endobj +6013 0 obj << +/D [5997 0 R /XYZ 205.23 531.009 null] +>> endobj +6014 0 obj << +/D [5997 0 R /XYZ 71.731 498.032 null] +>> endobj +6015 0 obj << +/D [5997 0 R /XYZ 71.731 498.032 null] +>> endobj +6016 0 obj << +/D [5997 0 R /XYZ 170.072 485.181 null] +>> endobj +6017 0 obj << +/D [5997 0 R /XYZ 71.731 463.098 null] +>> endobj +6018 0 obj << +/D [5997 0 R /XYZ 71.731 463.098 null] +>> endobj +6019 0 obj << +/D [5997 0 R /XYZ 184.208 452.304 null] +>> endobj +6020 0 obj << +/D [5997 0 R /XYZ 71.731 430.222 null] +>> endobj +6021 0 obj << +/D [5997 0 R /XYZ 71.731 430.222 null] +>> endobj +6022 0 obj << +/D [5997 0 R /XYZ 169.325 419.427 null] +>> endobj +6023 0 obj << +/D [5997 0 R /XYZ 71.731 386.451 null] +>> endobj +6024 0 obj << +/D [5997 0 R /XYZ 71.731 386.451 null] +>> endobj +6025 0 obj << +/D [5997 0 R /XYZ 182.615 373.599 null] +>> endobj +6026 0 obj << +/D [5997 0 R /XYZ 71.731 351.517 null] +>> endobj +6027 0 obj << +/D [5997 0 R /XYZ 71.731 351.517 null] +>> endobj +6028 0 obj << +/D [5997 0 R /XYZ 172.273 340.722 null] +>> endobj +6029 0 obj << +/D [5997 0 R /XYZ 71.731 319.014 null] +>> endobj +6030 0 obj << +/D [5997 0 R /XYZ 71.731 319.014 null] +>> endobj +6031 0 obj << +/D [5997 0 R /XYZ 215.78 307.846 null] +>> endobj +6032 0 obj << +/D [5997 0 R /XYZ 71.731 285.763 null] +>> endobj +6033 0 obj << +/D [5997 0 R /XYZ 71.731 285.763 null] +>> endobj +6034 0 obj << +/D [5997 0 R /XYZ 206.355 274.969 null] +>> endobj +6035 0 obj << +/D [5997 0 R /XYZ 71.731 228.922 null] +>> endobj +6036 0 obj << +/D [5997 0 R /XYZ 71.731 228.922 null] +>> endobj +6037 0 obj << +/D [5997 0 R /XYZ 207.611 216.189 null] +>> endobj +6038 0 obj << +/D [5997 0 R /XYZ 71.731 170.142 null] +>> endobj +6039 0 obj << +/D [5997 0 R /XYZ 71.731 170.142 null] +>> endobj +6040 0 obj << +/D [5997 0 R /XYZ 224.866 157.41 null] +>> endobj +5996 0 obj << +/Font << /F33 859 0 R /F38 956 0 R /F31 858 0 R /F60 1440 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +6043 0 obj << +/Length 1464 +/Filter /FlateDecode +>> +stream +xÚœXIsÛ6ŸûWè&i&‚à’NNRw™,žZ95=Ð",¡å¢`ìüû>’Óõ"€ðøŸï­ ^ìxñýÅ«íÅåu,R”F4ZlïAHPÂØ"(Œt±Í¿¬®ŽG^åâqœ¡ +¯^#3ŸR™Y}oÆ]]}˜îÛfMØ*S¢®ÌzµàvóQ¯Ëõ¯ÛŸ.°Õ”HFJl(¥(ÀLBÄpbŽž©ÉŠmÎßeÇí:¥«ú±?|«E]^Gx‘€„(ÔRŒ@"6‹NÑEõ(³ò‰Ê>ðÏŒJpid€ + ) +iêD}¢460¶‹Gò5e«Ï±Ó­«Cf鑇º-r3¿³§Ê +8Íõ +€æ§‹ +¡(uœ«Úlå1Û)ï«Ÿ˜ÕåHXÚݖðcÓñd +~¬%)ÎùýšàUÖê¥Y­êŠÃ?9pBŽ­e +»µª°¯ÎÖƒ> T&ŠìΙøAšC +[LÄân¢F)²œÍ§4#q<³»™ÖƝ|v"‡œµŽM}/@©¹YCŒHÂæVœåÊY;&ë±÷jú$¯dÝXâ²²#Î<Ý»åVŽ©˜JŒSðã›ÛSœwŸAp„Ò œòø× +ÑÍŒÔw³7ƒ3LÍŒ\3æ"e9 *f@ïÀ/oŸ;”_{Öô`Žwh«­.J¿ÅAZHœ%%‡ +”K¿Å)¡s‹¿Ë +EٖÖFðHŠ7†ÐÂE®zàŒrá+ìrÉ¥Ìö|]Ibìvw +)X– Ì/à÷méÃÊà8 +lÒ×fcFˆ<°Šiü +ìª-ïx3Íå]ƯöÜÞçFUŽœ?Zގ"„à3°ŠÀ`v4}•ç&Ö¥ôÁÄâÀaiøŽ¯”5¿Äž€ +/pñb3£“Ñ=òÍ`× +t=Leöh#&9 +êU˜P¯MæEöÅëÁ‚ +à”ýñƘӜß.B£g*Ò¢Ñï + ôé Œ +ž}/ + +ùÆLÏd’"–„SÈïm{÷ß)¯Ç(Æœ!¥jŽ£Í +Jo8úº•ª.ûŒ[º:ÛÃëS-šFŒ³šÒA +Äî`Še뎂yÝ¢kSî +{(j +DWpáQ(W8C€ÏŠMՃ( +çÓêiCB~®&ùšüàu„^ +&Ï1"Læ^0frHTÅ¬× +˜Ô»ìŸÏú}Ÿ +päj¬­ÛåÈ +Þԓ۱˜&p +HŠ$Ž × +@¹^ãp{ž}_{“Gœ Eÿ#¹Õ9*ÇœýsdL7šôrÿ%›Š +»éÒ¹:œš=dš%ÇÌôís2I)8ݹ CãöyחQQÞ€•Äˆ&É,Ð^‰*®)å†þï+«'9F‹ð6q4ê}L•Üñi[TBÙφ»úqè”Ý宿&è|o|$À(L铈kÕŸî›1èp+šdÝ%ºWŽ£=71_ß`»æújїø9YßÒà߀zh·¥n¶»k­ŸtX$øÓ»tïX.ÆÔŽ°å MìFýšŸÿš§ ŸT»cg Ã7eàyÔ¿ó|Mœm×qžj §òü£ôSÇ‘Ÿ!¹œ8âîáBN­§ß HDöhÙøœˆ›í ®=WF» +U#ý­C +—ÍxÞ:Œ­÷æ|6•@^ +ښ«Ûö›KcÆËÙ%Š(ŒãyKqcŸ!u¥?0£[Šzo&ý¥ +þÔ<^iÇùØ9ó³Ã +QÙîw³ïPK¥©¶CeÆ]] +uFÝtO`›VŽŸñ7ª`’#D)\ß"ŠâˆíIÈ&gŸÛ^ü ²_ÿê +endstream +endobj +6042 0 obj << +/Type /Page +/Contents 6043 0 R +/Resources 6041 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 5870 0 R +>> endobj +6044 0 obj << +/D [6042 0 R /XYZ 71.731 729.265 null] +>> endobj +6045 0 obj << +/D [6042 0 R /XYZ 71.731 718.306 null] +>> endobj +6046 0 obj << +/D [6042 0 R /XYZ 71.731 718.306 null] +>> endobj +6047 0 obj << +/D [6042 0 R /XYZ 209.932 708.344 null] +>> endobj +6048 0 obj << +/D [6042 0 R /XYZ 71.731 660.359 null] +>> endobj +6049 0 obj << +/D [6042 0 R /XYZ 71.731 660.359 null] +>> endobj +6050 0 obj << +/D [6042 0 R /XYZ 186.301 649.564 null] +>> endobj +6051 0 obj << +/D [6042 0 R /XYZ 71.731 614.531 null] +>> endobj +6052 0 obj << +/D [6042 0 R /XYZ 71.731 614.531 null] +>> endobj +6053 0 obj << +/D [6042 0 R /XYZ 180.393 603.736 null] +>> endobj +6054 0 obj << +/D [6042 0 R /XYZ 71.731 581.654 null] +>> endobj +6055 0 obj << +/D [6042 0 R /XYZ 71.731 581.654 null] +>> endobj +6056 0 obj << +/D [6042 0 R /XYZ 179.466 570.859 null] +>> endobj +6057 0 obj << +/D [6042 0 R /XYZ 71.731 548.777 null] +>> endobj +6058 0 obj << +/D [6042 0 R /XYZ 71.731 548.777 null] +>> endobj +6059 0 obj << +/D [6042 0 R /XYZ 193.125 537.983 null] +>> endobj +6060 0 obj << +/D [6042 0 R /XYZ 71.731 515.9 null] +>> endobj +6061 0 obj << +/D [6042 0 R /XYZ 71.731 515.9 null] +>> endobj +6062 0 obj << +/D [6042 0 R /XYZ 182.784 505.106 null] +>> endobj +6063 0 obj << +/D [6042 0 R /XYZ 71.731 483.024 null] +>> endobj +6064 0 obj << +/D [6042 0 R /XYZ 71.731 483.024 null] +>> endobj +6065 0 obj << +/D [6042 0 R /XYZ 177.255 472.229 null] +>> endobj +6066 0 obj << +/D [6042 0 R /XYZ 71.731 450.147 null] +>> endobj +6067 0 obj << +/D [6042 0 R /XYZ 71.731 450.147 null] +>> endobj +6068 0 obj << +/D [6042 0 R /XYZ 188.323 439.352 null] +>> endobj +6069 0 obj << +/D [6042 0 R /XYZ 71.731 418.212 null] +>> endobj +6070 0 obj << +/D [6042 0 R /XYZ 71.731 418.212 null] +>> endobj +6071 0 obj << +/D [6042 0 R /XYZ 200.497 406.476 null] +>> endobj +6072 0 obj << +/D [6042 0 R /XYZ 71.731 373.499 null] +>> endobj +6073 0 obj << +/D [6042 0 R /XYZ 71.731 373.499 null] +>> endobj +6074 0 obj << +/D [6042 0 R /XYZ 194.4 360.648 null] +>> endobj +6075 0 obj << +/D [6042 0 R /XYZ 71.731 327.671 null] +>> endobj +6076 0 obj << +/D [6042 0 R /XYZ 71.731 327.671 null] +>> endobj +6077 0 obj << +/D [6042 0 R /XYZ 197.718 314.819 null] +>> endobj +6078 0 obj << +/D [6042 0 R /XYZ 71.731 281.843 null] +>> endobj +6079 0 obj << +/D [6042 0 R /XYZ 71.731 281.843 null] +>> endobj +6080 0 obj << +/D [6042 0 R /XYZ 182.704 268.991 null] +>> endobj +6081 0 obj << +/D [6042 0 R /XYZ 71.731 246.909 null] +>> endobj +6082 0 obj << +/D [6042 0 R /XYZ 71.731 246.909 null] +>> endobj +6083 0 obj << +/D [6042 0 R /XYZ 193.693 236.115 null] +>> endobj +6084 0 obj << +/D [6042 0 R /XYZ 71.731 201.081 null] +>> endobj +6085 0 obj << +/D [6042 0 R /XYZ 71.731 201.081 null] +>> endobj +6086 0 obj << +/D [6042 0 R /XYZ 188.482 190.286 null] +>> endobj +6087 0 obj << +/D [6042 0 R /XYZ 71.731 157.31 null] +>> endobj +6088 0 obj << +/D [6042 0 R /XYZ 71.731 157.31 null] +>> endobj +6089 0 obj << +/D [6042 0 R /XYZ 178.171 144.458 null] +>> endobj +6090 0 obj << +/D [6042 0 R /XYZ 71.731 123.578 null] +>> endobj +6091 0 obj << +/D [6042 0 R /XYZ 71.731 123.578 null] +>> endobj +6092 0 obj << +/D [6042 0 R /XYZ 187.676 111.582 null] +>> endobj +6041 0 obj << +/Font << /F33 859 0 R /F38 956 0 R /F60 1440 0 R /F31 858 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +6095 0 obj << +/Length 1496 +/Filter /FlateDecode +>> +stream +xÚÅXMoÛ8œçWøšiRß*°‡4mºÙMíb뜶‹ +,Ñ1ZDªIö×ïP$eÉŠ›bQ`/–,ñcޛ™7CáÉÃO>^Œ[_,n|’¢4ò¢Éz;ñ‚’0œÄŸWo².&N¯êš–{žÍœO¯‘ŸÞ1!õ]µÕ׌*¿bì=ŽÍŒ„ÓL²ªÔ/ÔSNÍàZ=³¿Ö¿]`c‘ +Œ˜{ž‡|ìÃM€Bœh+ŸPyWåz­Ï3‚a‡Ý/jÅM„' L5=öÁ!,¬¿_¯fóÃ΍Ÿ.j˜šçùd°mŒŽ|;ï«çÅÚâÏÍNÿ“•Ÿr°åÝW +â«YNï×3’LWã92³sv•e¶·œ”–À}Í8-æ¬TöMæ$,Q7 +J­;”ù°AÝ<™+_ő~¹Þ™5·çÕÌ +§O¬|Sßýɚ~sþ¢ï +0`Æ7õ“•Ò.Ôè!³²ÈxUډæy僩âêYýÐŒ•Ù†SñÖP=ô°5:î]»d9œëfS®¥ÜåÙ£8"ÖCs’"DR‡'ŒHxêHØÆ ÉwŽhyOLÝ°ªaÒÐPŽMÿfè[˜”?šà?,ª<.šr¹ÏŒ+KÀsÙ{é8À Æ(%ä„ +ÛÕ +Û3é +ÈOzP›Z8p“E©ÿ +à·& ¹ÚE +<2^m^$5jj]N!§ +ã( +Œ8`B&â89Ay1ÞMêr„í© +oBO‹E"ÜŸöˆwŠù¶”ŽÑ‘Ìõ“ +•O”–g +ؑ8ï9 îGI§]«EŸèÀ¢«Ò‰‰àÅaԃ2£]šsÁ)ªëŠ*!­æœ=vi2Šgúš“„R£Ä{é^Ð_³Š€yì€9=£ +ÊŠª8ÍJ?FqâBZ×kPÙî76æl5ٙýÅXC]CE»)XCs YlcX± 5Ô +!s£¡DÛ1Ž^×'KÅj»ԙP;ÒŽÂ¥cÉ +~lŒu,áCŒ÷ÎÕ(/E!‰NÙüðœÓzXpCÜ +CîŸå’Õ6$ä›8 +”ñ­áf=¡3¡{±Ô&zö!»#†h‚‘yãb¥,ÉrÙÚ$œ÷šÁŽ8r÷Xm: +ÂQùCu?KT„R;Æ +õaŒ KåñUQ¬~¿K„³ú„(ˆúH^’7ºXzæ!‡ +a„Œàž‘íž‚P1<ÉrE¹*™úvsŽzœbRiŽ~k”­¥]ýQœÞ`€ö+ +’»~-Úu +×O”5 +M‚bœ +{N©‡jR„õ¿‰®}öbÕøΔý>ö@ +ŠŸ†^âçË·ú?/—ÊÎ7&‚riãâdÖ?Ž©ì¬åx–‰Ú‚ælŸqcÜœ +÷ˌóKÛ +sŸwðI¯DœCÕš2Eï×7‰SSÿu!T +*vt%·VÄš4E¶ße̐ýÄ8HøQæšÛ``&•ÀÒybò¬Ì«§Ð¿ˆcŠ’$5ðŒ]将µËìÌÛ +jŒØ ÷ö¡¬4±uŽp& +›zIT‰þwCè³+Íx]ìv1æ1CŽÜ11, +[ +^Æú–)»yC3)·†J‹Ø'&ðæ„òký_ÐöÚ²E +ÿYp +>X;RÈ?h]5rG†U™;{œ8A±ü÷tÐ; +M*Øm|VÊ +o +Ֆ‘ãÃØ +ç{98@`%{C÷éýoZÎßS™1~#‰£ŸƒÑæÓ¶µy^tûŽÑºazÖ²úÌ!9iðà4ñïµà*HœäçÀ +ú¥kAd¶¯Å˜® +: +1‡RÈ +Ûïɝ=^}üŽ>ÅÞ=xoûÄÊì¬ú ­u8Fžúª0ÔºCÆ<1{ÄG9 +uéˆX׋v¿ž¥Þ09YŒ»/*†ŽÏ +V2¹hë„e¡UÝq–ƒôó<Ça®?átÛ}æÍ€D>îOXšÊˆ>\†_a†Ÿ‚Hw-ë<QLLþ“ Íù°Ÿø_°ža +endstream +endobj +6094 0 obj << +/Type /Page +/Contents 6095 0 R +/Resources 6093 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 6146 0 R +>> endobj +6096 0 obj << +/D [6094 0 R /XYZ 71.731 729.265 null] +>> endobj +6097 0 obj << +/D [6094 0 R /XYZ 71.731 741.22 null] +>> endobj +6098 0 obj << +/D [6094 0 R /XYZ 71.731 718.306 null] +>> endobj +6099 0 obj << +/D [6094 0 R /XYZ 71.731 718.306 null] +>> endobj +6100 0 obj << +/D [6094 0 R /XYZ 192.657 708.344 null] +>> endobj +6101 0 obj << +/D [6094 0 R /XYZ 71.731 673.31 null] +>> endobj +6102 0 obj << +/D [6094 0 R /XYZ 71.731 640.433 null] +>> endobj +6103 0 obj << +/D [6094 0 R /XYZ 71.731 640.433 null] +>> endobj +6104 0 obj << +/D [6094 0 R /XYZ 180.313 629.639 null] +>> endobj +6105 0 obj << +/D [6094 0 R /XYZ 71.731 607.557 null] +>> endobj +6106 0 obj << +/D [6094 0 R /XYZ 71.731 607.557 null] +>> endobj +6107 0 obj << +/D [6094 0 R /XYZ 173.937 596.762 null] +>> endobj +6108 0 obj << +/D [6094 0 R /XYZ 71.731 574.68 null] +>> endobj +6109 0 obj << +/D [6094 0 R /XYZ 71.731 574.68 null] +>> endobj +6110 0 obj << +/D [6094 0 R /XYZ 200.866 563.885 null] +>> endobj +6111 0 obj << +/D [6094 0 R /XYZ 71.731 542.177 null] +>> endobj +6112 0 obj << +/D [6094 0 R /XYZ 71.731 542.177 null] +>> endobj +6113 0 obj << +/D [6094 0 R /XYZ 224.307 531.009 null] +>> endobj +6114 0 obj << +/D [6094 0 R /XYZ 71.731 510.904 null] +>> endobj +6115 0 obj << +/D [6094 0 R /XYZ 71.731 510.904 null] +>> endobj +6116 0 obj << +/D [6094 0 R /XYZ 207.152 498.132 null] +>> endobj +6117 0 obj << +/D [6094 0 R /XYZ 71.731 465.156 null] +>> endobj +6118 0 obj << +/D [6094 0 R /XYZ 71.731 465.156 null] +>> endobj +6119 0 obj << +/D [6094 0 R /XYZ 190.544 452.304 null] +>> endobj +6120 0 obj << +/D [6094 0 R /XYZ 200.398 452.304 null] +>> endobj +6121 0 obj << +/D [6094 0 R /XYZ 249.702 439.352 null] +>> endobj +6122 0 obj << +/D [6094 0 R /XYZ 71.731 417.27 null] +>> endobj +6123 0 obj << +/D [6094 0 R /XYZ 71.731 417.27 null] +>> endobj +6124 0 obj << +/D [6094 0 R /XYZ 185.015 406.476 null] +>> endobj +6125 0 obj << +/D [6094 0 R /XYZ 71.731 360.548 null] +>> endobj +6126 0 obj << +/D [6094 0 R /XYZ 71.731 360.548 null] +>> endobj +6127 0 obj << +/D [6094 0 R /XYZ 209.165 347.696 null] +>> endobj +6128 0 obj << +/D [6094 0 R /XYZ 71.731 312.663 null] +>> endobj +6129 0 obj << +/D [6094 0 R /XYZ 71.731 312.663 null] +>> endobj +6130 0 obj << +/D [6094 0 R /XYZ 181.509 301.868 null] +>> endobj +6131 0 obj << +/D [6094 0 R /XYZ 71.731 279.786 null] +>> endobj +6132 0 obj << +/D [6094 0 R /XYZ 71.731 279.786 null] +>> endobj +6133 0 obj << +/D [6094 0 R /XYZ 186.49 268.991 null] +>> endobj +6134 0 obj << +/D [6094 0 R /XYZ 71.731 246.909 null] +>> endobj +6135 0 obj << +/D [6094 0 R /XYZ 71.731 246.909 null] +>> endobj +6136 0 obj << +/D [6094 0 R /XYZ 198.286 236.115 null] +>> endobj +6137 0 obj << +/D [6094 0 R /XYZ 71.731 214.032 null] +>> endobj +6138 0 obj << +/D [6094 0 R /XYZ 71.731 214.032 null] +>> endobj +6139 0 obj << +/D [6094 0 R /XYZ 197.728 203.238 null] +>> endobj +6140 0 obj << +/D [6094 0 R /XYZ 71.731 181.156 null] +>> endobj +6141 0 obj << +/D [6094 0 R /XYZ 71.731 181.156 null] +>> endobj +6142 0 obj << +/D [6094 0 R /XYZ 186.48 170.361 null] +>> endobj +6143 0 obj << +/D [6094 0 R /XYZ 71.731 137.385 null] +>> endobj +6144 0 obj << +/D [6094 0 R /XYZ 71.731 137.385 null] +>> endobj +6145 0 obj << +/D [6094 0 R /XYZ 187.406 124.533 null] +>> endobj +6093 0 obj << +/Font << /F33 859 0 R /F38 956 0 R /F60 1440 0 R /F31 858 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +6149 0 obj << +/Length 1045 +/Filter /FlateDecode +>> +stream +xÚÕX]sâ6}ϯð#L‹Ð‡%ٝéM6i:iÃ$d&3Ý>,À³Æfl³Û}ÙߟW&M¶Ûiò‚„‘®Î=:÷X‹Wg¿LΆ—Œ1ŠÁd +° ˆó@2 +- +&iðgoŽ^«"Íþî(Çœsdۛ¬nl¯œÛvVï1Š‹MÕ'Œ—4YYØôÓ\¹ÁkýŒîÿ5ùí +; +"Ú1 ”"†tBÄqdQÜ«f +£žÊ³âÞO0,±üY^ + +D0_„zŸÄˆp‘ÍŒ5Œ²ƒÙYBÆÛAï)•ßd通yŠ×”®ÝþT +öË4+’ês›(Ç©šl›ÜѓÕvyŸ‹‘H £výኮ†5„¶±Ç +\ncNÕ! ‚b, [(¥Œó¥š}š7+y1GDÐv•™éróøÛ¹ +‘œ$Qðž7'²$” +ätS.îU¥éþš?TåËH0Ä#Òœ +÷Ãþ€i¥êړˆqr"±Œ\ØN­ªZêCNà +£¹Ø"ï +÷)0T5^ø +à³­ša”M Ø¬Šä¿  ,vJÙ&†Ù”boS|©ù”]©ŒY¹Zg¹JYñŽÖ$PA%’Lè(Çy˧e6[nëÄŽa,¥ƒŒ)rœGŠ_©Ti#)Tj$MgM‡$[©c¥ôs‘4É4©ÕI7‰–[7=Ln-ÿeeÛჳ +ckŽ{ޒ:$OlŽŠ +&ºho÷ØNf®l–eÝÉJuwsw,óaf;æɓ/>“©‹l¡êf”/JA +ô=—èý¯#Ò%è÷ +îS©~ÑÈCz +Zl “—Ó d•RԍJÒ#Æ2¹Ÿzwç³ = +ÿäÈ!!ÂÚ[vÉ11HLŸIÐ +hs~n‹ü³WD +IŸuÕ +» + +ôIE¡‡€Qšv©©7ÓŠJf®"ÕŸšÍBº3¯ÊÕ +O-Þ¶PólŠ¥yÚ +y +{R5M•Mµ‰m`m/@rLŸñÐEý"b&»–nh€×Ñ%ž—È„`ùºÐâ}~ê,„ = +ž2§‹R×Ö§¬Xœb‚à +b›Óà€Š/ÿƒ®ª²Oy»³ gQÂöŒó©òÄõ¢(í!l”çÞ"!»'×¡Z~HbDâè$” +ò1aðIñЈ_`úÌðz«°÷-ÊQ(_ÙÞ°ÏOš2š”Èã‹:yKI“oLz§é[Jš~§€Ù[Jš}'y‡o)éðßí4„0NÎoÌE‚÷Ž!ù”ùŽ,s•ŸKŒšôܘÀ.ë~ßov gí‰e^V»L5Ú¿UڜڢR¢Žù`Íq™PvŠŒ›œ} +@Ìæ +endstream +endobj +6148 0 obj << +/Type /Page +/Contents 6149 0 R +/Resources 6147 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 6146 0 R +>> endobj +6150 0 obj << +/D [6148 0 R /XYZ 71.731 729.265 null] +>> endobj +6151 0 obj << +/D [6148 0 R /XYZ 71.731 741.22 null] +>> endobj +6152 0 obj << +/D [6148 0 R /XYZ 71.731 718.306 null] +>> endobj +6153 0 obj << +/D [6148 0 R /XYZ 71.731 718.306 null] +>> endobj +6154 0 obj << +/D [6148 0 R /XYZ 189.708 708.344 null] +>> endobj +6155 0 obj << +/D [6148 0 R /XYZ 390.001 708.344 null] +>> endobj +6156 0 obj << +/D [6148 0 R /XYZ 71.731 653.385 null] +>> endobj +6157 0 obj << +/D [6148 0 R /XYZ 71.731 653.385 null] +>> endobj +6158 0 obj << +/D [6148 0 R /XYZ 183.133 642.59 null] +>> endobj +6159 0 obj << +/D [6148 0 R /XYZ 71.731 620.508 null] +>> endobj +6160 0 obj << +/D [6148 0 R /XYZ 71.731 620.508 null] +>> endobj +6161 0 obj << +/D [6148 0 R /XYZ 185.135 609.714 null] +>> endobj +6162 0 obj << +/D [6148 0 R /XYZ 71.731 574.68 null] +>> endobj +6163 0 obj << +/D [6148 0 R /XYZ 71.731 574.68 null] +>> endobj +6164 0 obj << +/D [6148 0 R /XYZ 197.628 563.885 null] +>> endobj +6165 0 obj << +/D [6148 0 R /XYZ 71.731 528.852 null] +>> endobj +6166 0 obj << +/D [6148 0 R /XYZ 71.731 528.852 null] +>> endobj +6167 0 obj << +/D [6148 0 R /XYZ 171.716 518.057 null] +>> endobj +6168 0 obj << +/D [6148 0 R /XYZ 71.731 483.397 null] +>> endobj +6169 0 obj << +/D [6148 0 R /XYZ 71.731 483.397 null] +>> endobj +6170 0 obj << +/D [6148 0 R /XYZ 193.304 472.229 null] +>> endobj +6171 0 obj << +/D [6148 0 R /XYZ 71.731 450.147 null] +>> endobj +6172 0 obj << +/D [6148 0 R /XYZ 71.731 450.147 null] +>> endobj +6173 0 obj << +/D [6148 0 R /XYZ 193.643 439.352 null] +>> endobj +6174 0 obj << +/D [6148 0 R /XYZ 71.731 417.27 null] +>> endobj +6175 0 obj << +/D [6148 0 R /XYZ 71.731 417.27 null] +>> endobj +6176 0 obj << +/D [6148 0 R /XYZ 186.659 406.476 null] +>> endobj +6177 0 obj << +/D [6148 0 R /XYZ 71.731 384.394 null] +>> endobj +6178 0 obj << +/D [6148 0 R /XYZ 71.731 384.394 null] +>> endobj +6179 0 obj << +/D [6148 0 R /XYZ 224.019 373.599 null] +>> endobj +6180 0 obj << +/D [6148 0 R /XYZ 71.731 338.565 null] +>> endobj +6181 0 obj << +/D [6148 0 R /XYZ 71.731 338.565 null] +>> endobj +6182 0 obj << +/D [6148 0 R /XYZ 190.903 327.771 null] +>> endobj +6183 0 obj << +/D [6148 0 R /XYZ 71.731 305.689 null] +>> endobj +6184 0 obj << +/D [6148 0 R /XYZ 71.731 305.689 null] +>> endobj +6185 0 obj << +/D [6148 0 R /XYZ 200.308 294.894 null] +>> endobj +6186 0 obj << +/D [6148 0 R /XYZ 71.731 272.812 null] +>> endobj +6187 0 obj << +/D [6148 0 R /XYZ 71.731 272.812 null] +>> endobj +6188 0 obj << +/D [6148 0 R /XYZ 175.023 262.017 null] +>> endobj +6189 0 obj << +/D [6148 0 R /XYZ 71.731 239.935 null] +>> endobj +6190 0 obj << +/D [6148 0 R /XYZ 71.731 239.935 null] +>> endobj +6191 0 obj << +/D [6148 0 R /XYZ 175.023 229.141 null] +>> endobj +6192 0 obj << +/D [6148 0 R /XYZ 71.731 207.059 null] +>> endobj +6193 0 obj << +/D [6148 0 R /XYZ 71.731 207.059 null] +>> endobj +6194 0 obj << +/D [6148 0 R /XYZ 175.023 196.264 null] +>> endobj +6195 0 obj << +/D [6148 0 R /XYZ 71.731 174.182 null] +>> endobj +6196 0 obj << +/D [6148 0 R /XYZ 71.731 174.182 null] +>> endobj +6197 0 obj << +/D [6148 0 R /XYZ 175.023 163.387 null] +>> endobj +6198 0 obj << +/D [6148 0 R /XYZ 71.731 141.305 null] +>> endobj +6199 0 obj << +/D [6148 0 R /XYZ 71.731 141.305 null] +>> endobj +6200 0 obj << +/D [6148 0 R /XYZ 175.023 130.511 null] +>> endobj +6201 0 obj << +/D [6148 0 R /XYZ 71.731 108.428 null] +>> endobj +6202 0 obj << +/D [6148 0 R /XYZ 71.731 108.428 null] +>> endobj +6203 0 obj << +/D [6148 0 R /XYZ 188.323 97.634 null] +>> endobj +6147 0 obj << +/Font << /F33 859 0 R /F38 956 0 R /F60 1440 0 R /F31 858 0 R /F50 1263 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +6206 0 obj << +/Length 1638 +/Filter /FlateDecode +>> +stream +xÚ­XÛnÜ6}÷Wì›×@Ìè~IQ ®. +ךm€ESŽÄ]ъ)ÙÞ¿ïP$EÝìl./+.%’3gΜÉYmWÎê·£_ïŽÞ~ðýUŠÒȋVw›•ž( ÃUì{põVwùêŸõY]“*§Ï'§^è¬Ï‘º^QÑšÛškƪOŽãm[~â†kÜPV©r¶$úáZ΋“ï~?rŽ +`D20âÔó<ä;> +:‰²â^[RÒª}>/Höùg¹ÃÛ‘³J`aÈ +qŠ’ +-»Œ•Wê9ß + +8ȋCóÜ'ϋµkrc5Œ}uy}ÿ—úƒ›†Ó‡ÏY· +jnÃøÐ9ä9«S×së«S ` +«î +b•%;ñÂõ­¶c<ÔAÜ T•{5␃òWÍäôÆl-”°þN{<„ÔtK 'o]gMš%0# +qðí`^jVŽ• Í5ΙºVÌP˜5q$c» +®ríUo¢;t¬§+˜w5/ï +*f‹Ul +¯ã ¥¡« +Æ&"rQ¬ib®qþHQceÜ + +-o0œˆãJìh£fµ“ +³’’ªÑ“XšIÁº +ÌÈ³à„œš +”ªHÖ +O{Ŝª[ú¬ÜuŽŸ:‰º#èfD=3,-Î$60zº§ùE’ù©kBy±@7ENOèá‡ëÍ +5lE瀭3\©)ë7üéü–×ÎoùXO˜µQFjBe +r²‘7p[ê:bÀzGý•dâŒ5ŠÌÇ> yä$úyg&(g»)±:éTらŠÂ;}ç©0õ£dÛ­$†â° +CŽY0ÜeG„À[Cµ—ÐüI[gu䝚ٓ/Éb|ޝûA±iw–e€^,žiŒRÇ;íàeJ5Œ%šS­X@ç9÷õ}ý\©*XM 8Èí¶2ù¯ +"A.ø9¹Ä{@0 +×Z—Þ—Æ òI«H‹FÚ +³C Óêò°_€ÈƒÀ~솎,ÝèyŒ=E¥•é`ûmFØXL†š¢ñ +)Nv`ÎZÛՋ#îH`qy¢M¡ïh^w0ñª—:MX‹šn +¥_ÕTSh(°i)P<èQo»&â±ÓKN›ýbIsQœzßß +2ŒcȬãŸY¬ŽeÎڂðo«J¢&ˆ¿ÙË""í¶è֜29cÁ3ÇiÆéÎÝCN£ltâk> endobj +6207 0 obj << +/D [6205 0 R /XYZ 71.731 729.265 null] +>> endobj +6208 0 obj << +/D [6205 0 R /XYZ 71.731 741.22 null] +>> endobj +6209 0 obj << +/D [6205 0 R /XYZ 71.731 718.306 null] +>> endobj +6210 0 obj << +/D [6205 0 R /XYZ 71.731 718.306 null] +>> endobj +6211 0 obj << +/D [6205 0 R /XYZ 199.401 708.344 null] +>> endobj +6212 0 obj << +/D [6205 0 R /XYZ 71.731 653.385 null] +>> endobj +6213 0 obj << +/D [6205 0 R /XYZ 71.731 653.385 null] +>> endobj +6214 0 obj << +/D [6205 0 R /XYZ 182.126 642.59 null] +>> endobj +6215 0 obj << +/D [6205 0 R /XYZ 71.731 596.663 null] +>> endobj +6216 0 obj << +/D [6205 0 R /XYZ 71.731 596.663 null] +>> endobj +6217 0 obj << +/D [6205 0 R /XYZ 206.943 583.811 null] +>> endobj +6218 0 obj << +/D [6205 0 R /XYZ 71.731 562.102 null] +>> endobj +6219 0 obj << +/D [6205 0 R /XYZ 71.731 562.102 null] +>> endobj +6220 0 obj << +/D [6205 0 R /XYZ 207.391 550.934 null] +>> endobj +6221 0 obj << +/D [6205 0 R /XYZ 71.731 503.323 null] +>> endobj +6222 0 obj << +/D [6205 0 R /XYZ 71.731 503.323 null] +>> endobj +6223 0 obj << +/D [6205 0 R /XYZ 183.153 492.154 null] +>> endobj +6224 0 obj << +/D [6205 0 R /XYZ 71.731 470.072 null] +>> endobj +6225 0 obj << +/D [6205 0 R /XYZ 71.731 470.072 null] +>> endobj +6226 0 obj << +/D [6205 0 R /XYZ 193.862 459.278 null] +>> endobj +6227 0 obj << +/D [6205 0 R /XYZ 71.731 424.244 null] +>> endobj +6228 0 obj << +/D [6205 0 R /XYZ 71.731 424.244 null] +>> endobj +6229 0 obj << +/D [6205 0 R /XYZ 217.454 413.45 null] +>> endobj +6230 0 obj << +/D [6205 0 R /XYZ 71.731 365.465 null] +>> endobj +6231 0 obj << +/D [6205 0 R /XYZ 71.731 365.465 null] +>> endobj +6232 0 obj << +/D [6205 0 R /XYZ 201.344 354.67 null] +>> endobj +6233 0 obj << +/D [6205 0 R /XYZ 71.731 319.636 null] +>> endobj +6234 0 obj << +/D [6205 0 R /XYZ 71.731 319.636 null] +>> endobj +6235 0 obj << +/D [6205 0 R /XYZ 189.429 308.842 null] +>> endobj +6236 0 obj << +/D [6205 0 R /XYZ 71.731 286.76 null] +>> endobj +6237 0 obj << +/D [6205 0 R /XYZ 71.731 286.76 null] +>> endobj +6238 0 obj << +/D [6205 0 R /XYZ 185.135 275.965 null] +>> endobj +6239 0 obj << +/D [6205 0 R /XYZ 71.731 253.883 null] +>> endobj +6240 0 obj << +/D [6205 0 R /XYZ 71.731 253.883 null] +>> endobj +6241 0 obj << +/D [6205 0 R /XYZ 205.249 243.088 null] +>> endobj +6242 0 obj << +/D [6205 0 R /XYZ 71.731 208.055 null] +>> endobj +6243 0 obj << +/D [6205 0 R /XYZ 71.731 208.055 null] +>> endobj +6244 0 obj << +/D [6205 0 R /XYZ 193.065 197.26 null] +>> endobj +6245 0 obj << +/D [6205 0 R /XYZ 71.731 162.227 null] +>> endobj +6246 0 obj << +/D [6205 0 R /XYZ 71.731 162.227 null] +>> endobj +6247 0 obj << +/D [6205 0 R /XYZ 198.834 151.432 null] +>> endobj +6204 0 obj << +/Font << /F33 859 0 R /F38 956 0 R /F60 1440 0 R /F31 858 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +6251 0 obj << +/Length 1262 +/Filter /FlateDecode +>> +stream +xÚµW[oÛ6~ϯУ54E‰ºè€Ìq‹®Á:4.†!íƒ,36‰ò()‰ÿýER–lHƒíź˜<üŸsŸsö6 +ö>^ü¶Œ˜}/EiD"oùࡏJœ8 p%ÞríÝO®w;&ÖüezI(žÌ‘ŸÞòºÑwՃŸæ•øŽ1ÙŽrêÓIÖðJè?Ôۂ™Å;õŸžþXþ~ +‘ +@\BP€ž ʼnFqǚyÁ™h–S?™ð’Ýò’7ه{ ìBµ?Å(& XîöÕ +p­kœ.ðç„ŸØuß ‰5Äå4 êýTšcôm+^è[ÁÇóGÞÓ÷%«ëlÃ,sŠk&ŸÔb&§O.+Qìᵏ +¢s?À( +œKåþ8ùs‡“ëŒáSOžÔsQ(ŠÀq†Òªª +–‰3ÔczJ}ßÚ8ù üruˆ53ÁŽA¥~8k×»Ï}]TM­{yà +Ь-cG?5ëÈ]Lg2æû••™|¬¯–¹2êp%ˆÆ}¥ÒEU5º#ì÷t3±Ö¶›­! +@ <0å_žÑá21‡ðé»LšWY¡h×ýMžPҁàóâï÷OYÑ2RªÆ‹Ð¥$sF%Ê~’yRšÊ$ÏVÅ`œÉmyZ™—’íXœïüPƒCDðéT37Å×9È@îŠçòÓÇÅ×ée„ە% "ArÊÍ +óÍø!A˜$§¢ébÁÖà*㌓@‚pÐ{ZM"+]! ©;¹¿õƒÇó¶W|.ûCM®n³AË +tx?@×q +>ð +ô•s˜ŠàÕÐ[ü¥²¶’}‘ª;@UW¯lçb4;»ó— Bý3à¯Ý + ò!|ÿ vÉþi¹ŽxU +\ßÞ +&§W H}Ó8ñ‘N߇(%Áÿ„ߎNð +ÐÈ ös” åÒ 8I˜ +ԈëäÛ1}ûǙµm5ß<3ûeŠÀ^{:ÃÃŽ\Ôèø“søÝK’Åæh¥˜ÔDÇÓўÅòâ_‰êš +endstream +endobj +6250 0 obj << +/Type /Page +/Contents 6251 0 R +/Resources 6249 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 6146 0 R +/Annots [ 6248 0 R ] +>> endobj +6248 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [386.508 534.158 427.514 545.062] +/Subtype /Link +/A << /S /GoTo /D (0:EXTERN) >> +>> endobj +6252 0 obj << +/D [6250 0 R /XYZ 71.731 729.265 null] +>> endobj +6253 0 obj << +/D [6250 0 R /XYZ 71.731 718.306 null] +>> endobj +6254 0 obj << +/D [6250 0 R /XYZ 71.731 718.306 null] +>> endobj +6255 0 obj << +/D [6250 0 R /XYZ 210.28 708.344 null] +>> endobj +6256 0 obj << +/D [6250 0 R /XYZ 71.731 653.385 null] +>> endobj +6257 0 obj << +/D [6250 0 R /XYZ 172.124 642.59 null] +>> endobj +1233 0 obj << +/D [6250 0 R /XYZ 71.731 613.285 null] +>> endobj +822 0 obj << +/D [6250 0 R /XYZ 185.592 570.188 null] +>> endobj +6258 0 obj << +/D [6250 0 R /XYZ 71.731 550.047 null] +>> endobj +6259 0 obj << +/D [6250 0 R /XYZ 71.731 515.229 null] +>> endobj +6260 0 obj << +/D [6250 0 R /XYZ 71.731 515.229 null] +>> endobj +6261 0 obj << +/D [6250 0 R /XYZ 71.731 483.025 null] +>> endobj +6262 0 obj << +/D [6250 0 R /XYZ 71.731 451.533 null] +>> endobj +6263 0 obj << +/D [6250 0 R /XYZ 71.731 451.533 null] +>> endobj +6264 0 obj << +/D [6250 0 R /XYZ 193.314 438.681 null] +>> endobj +6265 0 obj << +/D [6250 0 R /XYZ 71.731 416.733 null] +>> endobj +6266 0 obj << +/D [6250 0 R /XYZ 71.731 416.733 null] +>> endobj +6267 0 obj << +/D [6250 0 R /XYZ 71.731 383.722 null] +>> endobj +6268 0 obj << +/D [6250 0 R /XYZ 71.731 383.722 null] +>> endobj +6269 0 obj << +/D [6250 0 R /XYZ 159.362 372.928 null] +>> endobj +6270 0 obj << +/D [6250 0 R /XYZ 71.731 350.845 null] +>> endobj +6271 0 obj << +/D [6250 0 R /XYZ 71.731 350.845 null] +>> endobj +6272 0 obj << +/D [6250 0 R /XYZ 198.844 340.051 null] +>> endobj +6273 0 obj << +/D [6250 0 R /XYZ 71.731 319.946 null] +>> endobj +6274 0 obj << +/D [6250 0 R /XYZ 71.731 319.946 null] +>> endobj +6275 0 obj << +/D [6250 0 R /XYZ 172.812 307.174 null] +>> endobj +6276 0 obj << +/D [6250 0 R /XYZ 71.731 285.092 null] +>> endobj +6277 0 obj << +/D [6250 0 R /XYZ 71.731 285.092 null] +>> endobj +6278 0 obj << +/D [6250 0 R /XYZ 183.342 274.297 null] +>> endobj +6279 0 obj << +/D [6250 0 R /XYZ 71.731 252.215 null] +>> endobj +6280 0 obj << +/D [6250 0 R /XYZ 71.731 252.215 null] +>> endobj +6281 0 obj << +/D [6250 0 R /XYZ 187.586 241.421 null] +>> endobj +6282 0 obj << +/D [6250 0 R /XYZ 71.731 221.316 null] +>> endobj +6283 0 obj << +/D [6250 0 R /XYZ 71.731 221.316 null] +>> endobj +6284 0 obj << +/D [6250 0 R /XYZ 177.793 208.544 null] +>> endobj +6285 0 obj << +/D [6250 0 R /XYZ 71.731 186.462 null] +>> endobj +6286 0 obj << +/D [6250 0 R /XYZ 71.731 186.462 null] +>> endobj +6287 0 obj << +/D [6250 0 R /XYZ 180.572 175.667 null] +>> endobj +6288 0 obj << +/D [6250 0 R /XYZ 71.731 153.585 null] +>> endobj +6289 0 obj << +/D [6250 0 R /XYZ 71.731 153.585 null] +>> endobj +6290 0 obj << +/D [6250 0 R /XYZ 174.475 142.791 null] +>> endobj +6291 0 obj << +/D [6250 0 R /XYZ 71.731 120.708 null] +>> endobj +6292 0 obj << +/D [6250 0 R /XYZ 71.731 120.708 null] +>> endobj +6293 0 obj << +/D [6250 0 R /XYZ 179.456 109.914 null] +>> endobj +6249 0 obj << +/Font << /F33 859 0 R /F38 956 0 R /F60 1440 0 R /F31 858 0 R /F25 852 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +6297 0 obj << +/Length 1459 +/Filter /FlateDecode +>> +stream +xڍWK“›8ŸûWp[\5#KŒIU¶2;™ììVöUñî%ÉÙP’ƒ ÿûmI-lIåb P·º¿þúaê +=êýºúe»ÚŒ C/'y$Þöà +#Y +{iÀxÛÒ{ïߝN\”õ—õmSÿžØõm­z»“»î¥ø@ip +º5‹ý¢¯¥°ôۆãá“~¯Ö·¿¯(ÚFdWFÜA@BÂ&"1ͬïxÿšŠ¡é_já͛„zÈ$‘–‰)‰A—9¹“²á +°§Bv¥9¢$HÇs‚ µFn»)ùaÍš¯o±/žXGÔÿ\wRŽ\ôϘ>þõǃ}:t²µ» +ï÷›S¡ÔsyƒŠÞŸ}¹ÙÕb£ªm‘w›S’‚·, ¹ƒøïu +øwkƘ¿}|¹Q ðb3šwã#làrF¬oA챔,6ÜF)ÉkB¢<·Šï KtÀÒÌ¿ojð@-Á‚‚:èij·U­¬Šï/¡t/; +bÿ³þ) +0ÙÙÍyã-šó:‰}␟RVñ¢¬ÅñštÍ:µæ=ÿqÁzw4±GDßÕ +ÍlGÒ +Ÿ’µ¯øhsûX–š2’äŽS•Tœ(ZþJMÿê3ïêCÍ»«o­ØäŽwœOòÂ{ÿ5f ggüŸ +҈ªÔ1yF7¥ËÍö4ôèra»Š. +ÕûC¥yJç|àNœõð[ÀªñÐåx_ýìØÞëX¥cgy%ÄEñ’aýµS·Ÿ«z_!IºAšÑ“nÌ:ó¯ŠÆòòÆ)vÌ~®›fêÂuŽˆÙ~ñZW5^NAAmQC + +Øš°(ˎ+ +©ðhãtån§kÍhïø4çœÖ–÷•,—üºÀ{ +ŠҒ; +Î5oÊyü€c—ÂçÀœXåJåÅ13¢œG¿˜G±*” +'ÞEKÝèg0#£©.6lŠnŸ§Þ>‰ë\«“æÐ:åÁpZ€)§èÑŸâû'Ç?®c6“B,×Ïà +.»ór0]"ñÎñÚW[ UqÄÓMý€¡à +%A_¥sµê~f[Ñ÷Œ=¹RM<ó]Þ +Â<ò#4}n·WY(Š,KHΫâRï‰IœŒ-ù71gÊŸPüåÂIýŒC’ +ɔß»ˆ’Š^4fûxÑYw%—##CÀÕÃvõi¥‘£ +óXÂH˜Ç^˜$MBoß®ô‡0 „Bgg$ÏC¯ãÞaõςL +$ƒþŒRö4‹"’t(e&3ÝÞ#FI íòzyè +1Œ +p(º¿[gÔÿïánSkœŽ²«8: I³Ôô›8sãF'wëžÂ[e‡ËhØȲ¬{Û?ቋœ + ƒ;ŽŸkaW›¥9b+1ü„oDà 芡hF^IŽ„‡.cçF£€)úÆ!˜G/%!LOc`  ¶àz˜’0ó³mÁàg3¯šìò +$“ +z» +„.%pêYl ž’Õ€°œ8èŠuñ6# +£ +b• {ØAa8ԕ?Å +_ð +º-ŒrÎÞ¢±V­ÁسZp/ÈI’Œ¹¬q6Lõ0ü*Ü*i׃VStº ÚåÀíŠÇ5Dºë  +ØÇëYžŽ³|’ÚùIËUšàõŸïìÆTWübPŸë©lc3"ë, +ùaþ°ë©Ckà +Fm°Q;ÁGkA2 +Ÿ5EwDj mëÐî\\­°^ÝWtî¬ì]”m&Ø'¬%ïm¹õÛZžon §³ÄbG9‰ÖÀÍâ)TÕHùdz¶ÄLŽÿR|ãV”³S +ö„÷ŠùI +ÎŽû¯¥ø ]ÜIәR®POåWtWƒ¥4±¿ªø¯ c÷ÅnÏúŒ +ÐSM x^šœQš“Ò÷GjàRåŒINÓïÖ[úÍÿ¶1 +Ùøe$c.ÓÉ4 +Æþg°ã +endstream +endobj +6296 0 obj << +/Type /Page +/Contents 6297 0 R +/Resources 6295 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 6146 0 R +/Annots [ 6294 0 R ] +>> endobj +6294 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [135.432 481.356 182.256 492.26] +/Subtype /Link +/A << /S /GoTo /D (0:CLIENTS) >> +>> endobj +6298 0 obj << +/D [6296 0 R /XYZ 71.731 729.265 null] +>> endobj +6299 0 obj << +/D [6296 0 R /XYZ 71.731 718.306 null] +>> endobj +6300 0 obj << +/D [6296 0 R /XYZ 71.731 718.306 null] +>> endobj +6301 0 obj << +/D [6296 0 R /XYZ 170.052 708.344 null] +>> endobj +1234 0 obj << +/D [6296 0 R /XYZ 71.731 692.364 null] +>> endobj +826 0 obj << +/D [6296 0 R /XYZ 175.057 648.893 null] +>> endobj +6302 0 obj << +/D [6296 0 R /XYZ 71.731 628.752 null] +>> endobj +6303 0 obj << +/D [6296 0 R /XYZ 227.794 616.016 null] +>> endobj +6304 0 obj << +/D [6296 0 R /XYZ 71.731 593.934 null] +>> endobj +6305 0 obj << +/D [6296 0 R /XYZ 71.731 593.934 null] +>> endobj +6306 0 obj << +/D [6296 0 R /XYZ 71.731 561.73 null] +>> endobj +6307 0 obj << +/D [6296 0 R /XYZ 71.731 530.238 null] +>> endobj +6308 0 obj << +/D [6296 0 R /XYZ 71.731 530.238 null] +>> endobj +6309 0 obj << +/D [6296 0 R /XYZ 151.242 517.386 null] +>> endobj +6310 0 obj << +/D [6296 0 R /XYZ 71.731 497.281 null] +>> endobj +6311 0 obj << +/D [6296 0 R /XYZ 71.731 462.427 null] +>> endobj +6312 0 obj << +/D [6296 0 R /XYZ 241.593 399.827 null] +>> endobj +6313 0 obj << +/D [6296 0 R /XYZ 427.823 399.827 null] +>> endobj +6314 0 obj << +/D [6296 0 R /XYZ 119.552 386.875 null] +>> endobj +6315 0 obj << +/D [6296 0 R /XYZ 71.731 384.718 null] +>> endobj +6316 0 obj << +/D [6296 0 R /XYZ 166.376 334.223 null] +>> endobj +6317 0 obj << +/D [6296 0 R /XYZ 230.153 311.09 null] +>> endobj +6318 0 obj << +/D [6296 0 R /XYZ 198.591 299.433 null] +>> endobj +6319 0 obj << +/D [6296 0 R /XYZ 166.376 267.668 null] +>> endobj +6295 0 obj << +/Font << /F33 859 0 R /F38 956 0 R /F60 1440 0 R /F31 858 0 R /F25 852 0 R /F48 1258 0 R /F55 1386 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +6322 0 obj << +/Length 1202 +/Filter /FlateDecode +>> +stream +xÚ¥WMsÛ6œûWð(ÍX4ŠÙ[23ÓqÓ +䩧IÇ‹„1 °Gýõ]ü-+íE%,öíÛ·‹Uí£$úx•žçûÍÕÍ-Î"œÄ«,Ï¢Í.Z£x¢h€1NWÑŠŒ>ÏÞ5 +å%û6_àu>ûyž&³Ø®ï˜Òv%vöYMžˆ¢öíK’`Z•jþ×旛[8·ˆ‹^GËuœc-Ò"NSl +mÆ.Kú§À[MŽvqUiW_’,aðì+ãšJN*·Ÿ*EöÎx'EmWǶ¢×v©œ£JìíBQùuŽ²•óe2sÛï»ëùÛVŒr=ðŠbûjb€hßÂq‘¹Ð*¢¢Ý"©j+í‘;nÒ +7pœ$ÖT¿ˆ þÐ*Îó•ß#Å +g³õ“=Upœ£ˆ' £=cÝ£é{ª%Ý +Y2ŸïŒ +‹õ2^£Üñ,`"%3¿šŸž“ˆ.¶ÉöŒ +ÜJZ +Mœ`” +G,5ƒ#5©›^æ¬úØΠÚQ9v>•Y}lšrp ·‹§ +#{Îþ¡Î÷Óq@Í(ígq’ù”VbŽ’ÙþQÎÓõŒî&$âg¹ßïj­¬¢Ô£©¬<Œ€c›KH + +’¯]¡ÿ +ø!¹Ç©" +¥ÜKµÛG5a•ŠÐl¯szԑ\jIžªNðœ‘~¡”q2ÕÕÒB5tkãEã'•S™{×Â>*!9®· +šŠªWÊÝŠÆ +ÍöPÕ­œ¬9/͓°:Î|$¯¶+ÅJê€ÿ›ä”Ž§\n¡p} ÍWÙ̝ðž(¶ +šæ;G|-”>\çEµM–y!eÉLR|SdÜÐ×˓éÊÍ#Éâ"GãîQ«ýt!¡lé÷²QE»žÌul-a@@ë0]  +ÎÉVÑb™AûÉìv(@n,øH9•€ÿõ[óÈ<Ôý#ã%5‰úflÂ|âŸÐ&â`,GQŸÌî9û»õ̧¹\SF4d5‘®Ñ=ªNöÇ~‡t>1ä-;šÒöâË@þI¥Ý¥ÃYå• +Õ·‹O÷ww#{¿#4bê.RsJ9 +zHÿ"œžÒۀ~ÍÝûèütÕŒ1‡‹tÈþÄåýµŠÅ\Îmž¯¡è^ Šé¹ÜûiÁŒkg¡˜˜þ”Wšƒyùreø¶ÿñàì-OÙaúxBfñ¿ðž&òƒ\ +ˆgZÑj÷Vþ‰:\î蝓فnŸUëô.LèCuz<--Ôów€œãd¶(©iϜ’§jÔ®Ï@uË㣙UZu9ìOþՓCì‹9” +÷jjtŽ×­4áÝ¿ +h+aÄu=®øíóøJŽp4KÅÐý úÝ€ø9bä¬כ®¥ËûâBæ[ +Læ£!cphhâÞè®LW0HEŽX0ÙY°Ú\ßäÃæê_ýoöm +endstream +endobj +6321 0 obj << +/Type /Page +/Contents 6322 0 R +/Resources 6320 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 6146 0 R +>> endobj +6323 0 obj << +/D [6321 0 R /XYZ 71.731 729.265 null] +>> endobj +1235 0 obj << +/D [6321 0 R /XYZ 71.731 718.306 null] +>> endobj +830 0 obj << +/D [6321 0 R /XYZ 414.349 703.236 null] +>> endobj +6324 0 obj << +/D [6321 0 R /XYZ 71.731 672.579 null] +>> endobj +6325 0 obj << +/D [6321 0 R /XYZ 317.099 663.903 null] +>> endobj +6326 0 obj << +/D [6321 0 R /XYZ 177.384 650.952 null] +>> endobj +6327 0 obj << +/D [6321 0 R /XYZ 244.602 625.049 null] +>> endobj +6328 0 obj << +/D [6321 0 R /XYZ 71.731 602.967 null] +>> endobj +6329 0 obj << +/D [6321 0 R /XYZ 310.862 592.172 null] +>> endobj +6330 0 obj << +/D [6321 0 R /XYZ 225.533 540.367 null] +>> endobj +1236 0 obj << +/D [6321 0 R /XYZ 71.731 538.329 null] +>> endobj +834 0 obj << +/D [6321 0 R /XYZ 171.682 495.112 null] +>> endobj +6331 0 obj << +/D [6321 0 R /XYZ 71.731 494.897 null] +>> endobj +6332 0 obj << +/D [6321 0 R /XYZ 71.731 479.953 null] +>> endobj +6333 0 obj << +/D [6321 0 R /XYZ 71.731 465.06 null] +>> endobj +6334 0 obj << +/D [6321 0 R /XYZ 139.477 449.284 null] +>> endobj +6335 0 obj << +/D [6321 0 R /XYZ 71.731 437.165 null] +>> endobj +6336 0 obj << +/D [6321 0 R /XYZ 71.731 424.213 null] +>> endobj +6337 0 obj << +/D [6321 0 R /XYZ 139.477 408.437 null] +>> endobj +6338 0 obj << +/D [6321 0 R /XYZ 71.731 383.367 null] +>> endobj +6339 0 obj << +/D [6321 0 R /XYZ 71.731 370.415 null] +>> endobj +6340 0 obj << +/D [6321 0 R /XYZ 139.477 354.639 null] +>> endobj +6341 0 obj << +/D [6321 0 R /XYZ 71.731 342.52 null] +>> endobj +6342 0 obj << +/D [6321 0 R /XYZ 71.731 329.568 null] +>> endobj +6343 0 obj << +/D [6321 0 R /XYZ 139.477 313.792 null] +>> endobj +6344 0 obj << +/D [6321 0 R /XYZ 71.731 301.673 null] +>> endobj +6345 0 obj << +/D [6321 0 R /XYZ 71.731 288.721 null] +>> endobj +6346 0 obj << +/D [6321 0 R /XYZ 139.477 272.946 null] +>> endobj +6347 0 obj << +/D [6321 0 R /XYZ 71.731 260.826 null] +>> endobj +6348 0 obj << +/D [6321 0 R /XYZ 71.731 247.875 null] +>> endobj +6349 0 obj << +/D [6321 0 R /XYZ 139.477 232.099 null] +>> endobj +6350 0 obj << +/D [6321 0 R /XYZ 71.731 219.979 null] +>> endobj +6351 0 obj << +/D [6321 0 R /XYZ 71.731 207.028 null] +>> endobj +6352 0 obj << +/D [6321 0 R /XYZ 139.477 191.252 null] +>> endobj +6353 0 obj << +/D [6321 0 R /XYZ 71.731 181.19 null] +>> endobj +6354 0 obj << +/D [6321 0 R /XYZ 71.731 166.181 null] +>> endobj +6355 0 obj << +/D [6321 0 R /XYZ 139.477 150.405 null] +>> endobj +6356 0 obj << +/D [6321 0 R /XYZ 279.222 150.405 null] +>> endobj +6357 0 obj << +/D [6321 0 R /XYZ 71.731 138.286 null] +>> endobj +6358 0 obj << +/D [6321 0 R /XYZ 71.731 125.334 null] +>> endobj +6359 0 obj << +/D [6321 0 R /XYZ 139.477 109.558 null] +>> endobj +6360 0 obj << +/D [6321 0 R /XYZ 71.731 48.817 null] +>> endobj +6320 0 obj << +/Font << /F25 852 0 R /F31 858 0 R /F33 859 0 R /F38 956 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +6363 0 obj << +/Length 807 +/Filter /FlateDecode +>> +stream +xÚœW[o›0}ϯà1‘NÈå±[»šÓŽUZöŽN‘Áxƒl³µÿ~6¶¹äB©Zí¥ÆÄ|ß9绹ž;ž³ +}؍fŸæsgãn–`éìÎ|í»ëÅÂÝ»€³CÎÏñuQ`ŠÈÓd +o|ãêõ +áB?åœ"(`9Ö»Ï8E|òk÷yäÒßr7Kà‚ + +7ðÖÚ_É1#šó] +_~ +gê¯ÜD^ÿqwÓ"ƒ!*ÃÔÀTfõ1çNñã?êŽç +ŒÀÃnìvÏÂ(œû¹y×0MÇÃėïIÊ¥ßU +$Vƒwã/4æ˜à ~ +î24žc–—Eƒú‚™„ +cÌ-Í"g‚ÐXo +–‡)Î̏‰H:6·w7Wú©ÂRKölt¡zaÍ* +/0–nc³·°>Wiž ’ +ȄÕÅHñ8^†’‚ÔÀ.F +ZmfŠzײ]CŽêõÊæRÉÎG¿1|‰]`Ø (J>œÙí1ښ/«g]%iy†Ã,„öˆ›@ž +ûÇGŒÌº^¢œª2‹KÉéiáUªšÃqÛŒmji‘ªí÷3җºP${ÕÝLa(BÕ~8«û‰/Å«K"Cë,ÙÊôeøšR ++ŒÏû’ óýöU +¹îŽ¶3ׄ[&M­ .÷íýöÂIÅ°Û9‰éqgžœ'ï¢Ì+Ã~ªÄ;ñŒœ"Hæˆ,Ôn:dË +©åzRœÕ«ŽÖ‰%“')J_SŒ`iGŸmñÚH({Ù¥Œ›ä\ô8ÎÃßÃýn1•——šsê3ÉíˆQ¢ÛAAš +KVÅÁhö-Š ¯N€­äèÁZM +-nô¶QŠ—”„ +ڑo†Í¬ë€¹31v|ÿxa.!ÂÞ£Ž"£™K”Ë`|ÕÃë‘.%T× Ú«~?<äwŽ=œyý¥°EDãŽN6þœ)OŒ/Ó¥™WLuZς2 +m»i_2.³uSó[Á&hí[{矄åÒ]o6Î4Xº«õJÃðÐùæv7úÞÓ- +endstream +endobj +6362 0 obj << +/Type /Page +/Contents 6363 0 R +/Resources 6361 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 6409 0 R +>> endobj +6364 0 obj << +/D [6362 0 R /XYZ 71.731 729.265 null] +>> endobj +1237 0 obj << +/D [6362 0 R /XYZ 71.731 741.22 null] +>> endobj +6365 0 obj << +/D [6362 0 R /XYZ 71.731 718.306 null] +>> endobj +6366 0 obj << +/D [6362 0 R /XYZ 71.731 708.244 null] +>> endobj +6367 0 obj << +/D [6362 0 R /XYZ 139.477 690.411 null] +>> endobj +6368 0 obj << +/D [6362 0 R /XYZ 71.731 665.34 null] +>> endobj +6369 0 obj << +/D [6362 0 R /XYZ 139.477 649.564 null] +>> endobj +6370 0 obj << +/D [6362 0 R /XYZ 71.731 637.445 null] +>> endobj +6371 0 obj << +/D [6362 0 R /XYZ 71.731 624.493 null] +>> endobj +6372 0 obj << +/D [6362 0 R /XYZ 139.477 608.717 null] +>> endobj +6373 0 obj << +/D [6362 0 R /XYZ 71.731 596.598 null] +>> endobj +6374 0 obj << +/D [6362 0 R /XYZ 71.731 585.704 null] +>> endobj +6375 0 obj << +/D [6362 0 R /XYZ 139.477 567.87 null] +>> endobj +6376 0 obj << +/D [6362 0 R /XYZ 71.731 555.751 null] +>> endobj +6377 0 obj << +/D [6362 0 R /XYZ 71.731 544.857 null] +>> endobj +6378 0 obj << +/D [6362 0 R /XYZ 139.477 527.024 null] +>> endobj +6379 0 obj << +/D [6362 0 R /XYZ 71.731 516.961 null] +>> endobj +6380 0 obj << +/D [6362 0 R /XYZ 71.731 504.01 null] +>> endobj +6381 0 obj << +/D [6362 0 R /XYZ 139.477 486.177 null] +>> endobj +6382 0 obj << +/D [6362 0 R /XYZ 71.731 474.057 null] +>> endobj +6383 0 obj << +/D [6362 0 R /XYZ 71.731 461.106 null] +>> endobj +6384 0 obj << +/D [6362 0 R /XYZ 139.477 445.33 null] +>> endobj +6385 0 obj << +/D [6362 0 R /XYZ 71.731 433.211 null] +>> endobj +6386 0 obj << +/D [6362 0 R /XYZ 71.731 420.259 null] +>> endobj +6387 0 obj << +/D [6362 0 R /XYZ 139.477 404.483 null] +>> endobj +6388 0 obj << +/D [6362 0 R /XYZ 71.731 392.364 null] +>> endobj +6389 0 obj << +/D [6362 0 R /XYZ 71.731 379.412 null] +>> endobj +6390 0 obj << +/D [6362 0 R /XYZ 139.477 363.636 null] +>> endobj +6391 0 obj << +/D [6362 0 R /XYZ 71.731 338.565 null] +>> endobj +6392 0 obj << +/D [6362 0 R /XYZ 71.731 325.614 null] +>> endobj +6393 0 obj << +/D [6362 0 R /XYZ 139.477 309.838 null] +>> endobj +6394 0 obj << +/D [6362 0 R /XYZ 71.731 297.719 null] +>> endobj +6395 0 obj << +/D [6362 0 R /XYZ 71.731 284.767 null] +>> endobj +6396 0 obj << +/D [6362 0 R /XYZ 139.477 268.991 null] +>> endobj +6397 0 obj << +/D [6362 0 R /XYZ 71.731 256.872 null] +>> endobj +6398 0 obj << +/D [6362 0 R /XYZ 71.731 245.978 null] +>> endobj +6399 0 obj << +/D [6362 0 R /XYZ 139.477 228.144 null] +>> endobj +6400 0 obj << +/D [6362 0 R /XYZ 71.731 216.025 null] +>> endobj +6401 0 obj << +/D [6362 0 R /XYZ 71.731 205.131 null] +>> endobj +6402 0 obj << +/D [6362 0 R /XYZ 139.477 187.298 null] +>> endobj +6403 0 obj << +/D [6362 0 R /XYZ 71.731 175.178 null] +>> endobj +6404 0 obj << +/D [6362 0 R /XYZ 71.731 162.227 null] +>> endobj +6405 0 obj << +/D [6362 0 R /XYZ 139.477 146.451 null] +>> endobj +6406 0 obj << +/D [6362 0 R /XYZ 71.731 134.331 null] +>> endobj +6407 0 obj << +/D [6362 0 R /XYZ 71.731 121.38 null] +>> endobj +6408 0 obj << +/D [6362 0 R /XYZ 139.477 105.604 null] +>> endobj +6361 0 obj << +/Font << /F33 859 0 R /F31 858 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +6412 0 obj << +/Length 723 +/Filter /FlateDecode +>> +stream +xÚµVËr›0Ýû+XÂÂ2/³L'M_i§Óž«¶“‘AMòHrÒôë#xž8c’¶›b]ÝsÎœ÷ß) +ßy³xµY¬®‚ÀIA£ØÙìœ` +Á: +$@` +!g“;ß܋ýžÔ9ýå-Q仗À¬×T*óÄwfͱÂ[,‰yûîûˆ°\z?6ïŸÍšÓÁQº%Š@)Ò!ˆüµÉ'‰ž£9 +ìVêh9K˜€TCo®yQк0yw +ô]œQFՃÅ'Ì*HŕE×å°P#߄Qv€ÛœçBIý +”Õ•N«³" +-ö8I;ËÈ(ˆ +’K/ð]€‰’µû‘çF€‰>" +&` Š­×42±U»{>ëOž"ÇÀ–®JLkóbOíyPت’L·(nÖûV••æ•q-ðJÿå[tâ¡Èœó`䒺S©ýá«$¹yÒ4M` H#h`Ӛ*ŠýåõŠ1Ô§Uܖ±û/ +ƒl+¡Ï³r }. +͹‚šƒšo3ž?CÃ/mÉÐFšÜ‚W'“O ÚõÿP’2Ìͧóîòž!¶Ø"µ'YšÚQf™—$ûÙÐYXtÿ +DŸ-å<DÊÎ;&íÔ÷›ÝqÁ€íÄÃDnA2B‡ö(ê- +Dm/‰­í–0ÞÄÞ÷ƒ}š€Òîqž¥uȍ—艭1PÏ!;ÍoÝ@ъÌ0ÍÑÄÏÐRòÞDŽˆ§ä¹­þ°ŠŒW{FÔÈö;3iûêŒÎͬ•\_%³[ê-ï.žaNïKÚY•æhiPٛW1ðžY•gØ}`íþÆtà<·Éuc=ŸÈÊ^ócaÝhF[ôw{ZŠÓ÷K3h'\oyƒÊ@;×ã|¶H7#¢Óo€ÝàȳUzà^P.^ +®þ÷ÀÌîÛJ/ƒfÿ¯¿õŽ>-ãXwª(ih} +FÁQÌëÍâ2Œ÷ +endstream +endobj +6411 0 obj << +/Type /Page +/Contents 6412 0 R +/Resources 6410 0 R +/MediaBox [0 0 593.051 789.041] +/Parent 6409 0 R +>> endobj +6413 0 obj << +/D [6411 0 R /XYZ 71.731 729.265 null] +>> endobj +6414 0 obj << +/D [6411 0 R /XYZ 71.731 718.306 null] +>> endobj +6415 0 obj << +/D [6411 0 R /XYZ 71.731 708.244 null] +>> endobj +6416 0 obj << +/D [6411 0 R /XYZ 139.477 690.411 null] +>> endobj +838 0 obj << +/D [6411 0 R /XYZ 177.398 640.175 null] +>> endobj +6417 0 obj << +/D [6411 0 R /XYZ 71.731 639.96 null] +>> endobj +6418 0 obj << +/D [6411 0 R /XYZ 71.731 625.016 null] +>> endobj +6419 0 obj << +/D [6411 0 R /XYZ 71.731 612.18 null] +>> endobj +6420 0 obj << +/D [6411 0 R /XYZ 139.477 594.347 null] +>> endobj +6421 0 obj << +/D [6411 0 R /XYZ 71.731 569.276 null] +>> endobj +6422 0 obj << +/D [6411 0 R /XYZ 71.731 557.301 null] +>> endobj +6423 0 obj << +/D [6411 0 R /XYZ 139.477 540.549 null] +>> endobj +6424 0 obj << +/D [6411 0 R /XYZ 71.731 528.429 null] +>> endobj +6425 0 obj << +/D [6411 0 R /XYZ 71.731 515.478 null] +>> endobj +6426 0 obj << +/D [6411 0 R /XYZ 139.477 499.702 null] +>> endobj +6427 0 obj << +/D [6411 0 R /XYZ 71.731 487.583 null] +>> endobj +6428 0 obj << +/D [6411 0 R /XYZ 71.731 474.631 null] +>> endobj +6429 0 obj << +/D [6411 0 R /XYZ 139.477 458.855 null] +>> endobj +6430 0 obj << +/D [6411 0 R /XYZ 71.731 446.736 null] +>> endobj +6431 0 obj << +/D [6411 0 R /XYZ 71.731 433.784 null] +>> endobj +6432 0 obj << +/D [6411 0 R /XYZ 139.477 418.008 null] +>> endobj +6433 0 obj << +/D [6411 0 R /XYZ 71.731 405.889 null] +>> endobj +6434 0 obj << +/D [6411 0 R /XYZ 71.731 394.995 null] +>> endobj +6435 0 obj << +/D [6411 0 R /XYZ 139.477 377.162 null] +>> endobj +6436 0 obj << +/D [6411 0 R /XYZ 71.731 365.042 null] +>> endobj +6437 0 obj << +/D [6411 0 R /XYZ 71.731 354.148 null] +>> endobj +6438 0 obj << +/D [6411 0 R /XYZ 139.477 336.315 null] +>> endobj +1238 0 obj << +/D [6411 0 R /XYZ 71.731 329.177 null] +>> endobj +842 0 obj << +/D [6411 0 R /XYZ 164.022 286.079 null] +>> endobj +6439 0 obj << +/D [6411 0 R /XYZ 71.731 282.249 null] +>> endobj +6440 0 obj << +/D [6411 0 R /XYZ 71.731 267.305 null] +>> endobj +6441 0 obj << +/D [6411 0 R /XYZ 71.731 256.027 null] +>> endobj +6442 0 obj << +/D [6411 0 R /XYZ 139.477 240.251 null] +>> endobj +6443 0 obj << +/D [6411 0 R /XYZ 71.731 215.554 null] +>> endobj +6444 0 obj << +/D [6411 0 R /XYZ 71.731 202.229 null] +>> endobj +6445 0 obj << +/D [6411 0 R /XYZ 139.477 186.453 null] +>> endobj +6446 0 obj << +/D [6411 0 R /XYZ 71.731 174.333 null] +>> endobj +6447 0 obj << +/D [6411 0 R /XYZ 71.731 161.382 null] +>> endobj +6448 0 obj << +/D [6411 0 R /XYZ 139.477 145.606 null] +>> endobj +6449 0 obj << +/D [6411 0 R /XYZ 71.731 133.486 null] +>> endobj +6450 0 obj << +/D [6411 0 R /XYZ 71.731 120.535 null] +>> endobj +6451 0 obj << +/D [6411 0 R /XYZ 139.477 104.759 null] +>> endobj +6410 0 obj << +/Font << /F33 859 0 R /F31 858 0 R /F25 852 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +6452 0 obj +[777.8 500 777.8] +endobj +6453 0 obj +[826.4 531.3 826.4] +endobj +6454 0 obj +[799.4 513.9 799.4] +endobj +6456 0 obj +[600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600] +endobj +6457 0 obj +[600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600] +endobj +6458 0 obj +[500 500 167 333 556 222 333 333 0 333 584 0 611 500 333 278 0 0 0 0 0 0 0 0 0 0 0 0 333 191 278 278 355 556 556 889 667 222 333 333 389 584 278 333 278 278 556 556 556 556 556 556 556 556 556 556 278 278 584 584 584 556 1015 667 667 722 722 667 611 778 722 278 500 667 556 833 722 778 667 778 722 667 611 722 667 944 667 667 611 278 278 278 469 556 222 556 556 500 556 556 278 556 556 222 222 500 222 833 556 556 556 556 333 500 278 556 500 722 500 500 500] +endobj +6459 0 obj +[600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600] +endobj +6460 0 obj +[600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600] +endobj +6461 0 obj +[500 500 167 333 556 222 333 333 0 333 584 0 611 500 333 278 0 0 0 0 0 0 0 0 0 0 0 0 333 191 278 278 355 556 556 889 667 222 333 333 389 584 278 333 278 278 556 556 556 556 556 556 556 556 556 556 278 278 584 584 584 556 1015 667 667 722 722 667 611 778 722 278 500 667 556 833 722 778 667 778 722 667 611 722 667 944 667 667 611 278 278 278 469 556 222 556 556 500 556 556 278 556 556 222 222 500 222 833 556 556 556 556 333 500 278 556 500 722 500 500 500 334 260 334 584 0 0 0 222 556 333 1000 556 556 333 1000 667 333 1000 0 0 0 0 0 0 333 333 350 556 1000] +endobj +6462 0 obj +[556 556 167 333 667 278 333 333 0 333 570 0 667 444 333 278 0 0 0 0 0 0 0 0 0 0 0 0 333 278 250 333 555 500 500 1000 833 333 333 333 500 570 250 333 250 278 500 500 500 500 500 500 500 500 500 500 333 333 570 570 570 500 930 722 667 722 722 667 611 778 778 389 500 778 667 944 722 778 611 778 722 556 667 722 722 1000 722 722 667 333 278 333 581 500 333 500 556 444 556 444 333 500 556 278 333 556 278 833 556 500 556 556 444 389 333 556 500 722 500 500 444 394 220 394 520 0 0 0 333 500 500 1000 500 500 333 1000 556 333 1000 0 0 0 0 0 0 500 500 350 500 1000] +endobj +6463 0 obj +[500 500 167 333 556 278 333 333 0 333 675 0 556 389 333 278 0 0 0 0 0 0 0 0 0 0 0 0 333 214 250 333 420 500 500 833 778 333 333 333 500 675 250 333 250 278 500 500 500 500 500 500 500 500 500 500 333 333 675 675 675 500 920 611 611 667 722 611 611 722 722 333 444 667 556 833 667 722 611 722 611 500 556 722 611 833 611 556 556 389 278 389 422 500 333 500 500 444 500 444 278 500 500 278 278 444 278 722 500 500 500 500 389 389 278 500 444 667 444 444 389 400 275 400 541 0 0 0 333 500 556 889 500 500 333 1000 500 333 944 0 0 0 0 0 0 556 556 350 500 889] +endobj +6464 0 obj +[556 556 167 333 611 278 333 333 0 333 564 0 611 444 333 278 0 0 0 0 0 0 0 0 0 0 0 0 333 180 250 333 408 500 500 833 778 333 333 333 500 564 250 333 250 278 500 500 500 500 500 500 500 500 500 500 278 278 564 564 564 444 921 722 667 667 722 611 556 722 722 333 389 722 611 889 722 722 556 722 667 556 611 722 722 944 722 722 611 333 278 333 469 500 333 444 500 444 500 444 333 500 500 278 278 500 278 778 500 500 500 500 333 389 278 500 500 722 500 500 444 480 200 480 541 0 0 0 333 500 444 1000 500 500 333 1000 556 333 889 0 0 0 0 0 0 444 444 350 500 1000 333 980 389 333 722 0 0 722 0 333 500 500 500 500 200 500 333 760] +endobj +6465 0 obj +[611 611 167 333 611 278 333 333 0 333 584 0 611 500 333 278 0 0 0 0 0 0 0 0 0 0 0 0 333 238 278 333 474 556 556 889 722 278 333 333 389 584 278 333 278 278 556 556 556 556 556 556 556 556 556 556 333 333 584 584 584 611 975 722 722 722 722 667 611 778 722 278 556 722 611 833 722 778 667 778 722 667 611 722 667 944 667 667 611 333 278 333 584 556 278 556 611 556 611 556 333 611 611 278 278 556 278 889 611 611 611 611 389 556 333 611 556 778 556 556 500 389 280 389 584 0 0 0 278 556 500 1000 556 556 333 1000 667 333 1000 0 0 0 0 0 0 500 500 350 556 1000] +endobj +6466 0 obj << +/Length1 771 +/Length2 1151 +/Length3 0 +/Length 1689 +/Filter /FlateDecode +>> +stream +xÚ­RkTבª¡¬òRIÕzX%róÔ + ˆ±h €<$f&dJ2C‡ $ + âƒJª²,b£Kž¢¢TXU꥖X +[ÀiáËëEªVEÀ× +°®®KÿÞ5η÷>ß·gŸæ%gˆ l,ÁP‚Áar„ T&“r؀<³Ù-‡•‚¡aJŽ@àV뵀»°ùBÞ +!O¡P,݈#©ø„Ò'E| ÒÁ8¢R¢@Š$4°Žì¡Rj +S!0ad‘V +ÖOÞÈëá +τ!& +â"À&8A)¬IORTþ;Ò§¿§2a<ƒ4|ŠlÒiÂP­@°šÂZ‹‘Ó`ÒËÿÃÖôæœV»V©›l?•Ôßx¥ÑÿT`ºt=ã@†A0ŽN—ÆÂïÌÉ`Ñ늳RB©ET"4U +g%“œò +ŽdH +E!„JÔJm< +Ã(4Ý ™ß”–<^¢ðýói§È(%‚ÑÆt°ÿRO՜¿j2$ +1€6“ÍæBò{Jš6LŒª0AS—ç”8®4RÈ%"+ +0q‚B°ÀÒ1‹‰byÉä5†S&ßՏ +X©“«F†Eï06`iጌ)àï¿‚LŒ\ÀàòÈQì•þ€ÏcçüP¥Çq%ŠÖ‡ +è}­FÈLaØ«(¶[˜*`ÛçûÏìšÉWu +w€g,Ž +ÝÖ~aûiKsž7ÀíÞøK4üÉ®Û]?GNž”ŒD~Ç‚ÔŒ>êQ¶Õ$gmïqµ:{Ð+Èg=R +'&ÏžRÖÖú‘îÐÎû¶ÅƒéŸ~õ~~/ó‚cݚ +~%u€pfÍí[¯ŸæŠmîè³9} +y•P’ÊήÙ+þ}¯èÚÄÃp¬ +³U_™Ÿxà¹ûµõnwÚ +g‹À\&sži |5‡M7šû;(œƒi‹mq¥‚Õráì +~7å`÷q —%.š¹)Röûì.º`ÀËòa·4?§$"V3ºàx +›ªf60Œšj×·nhÑ¡— +ë×廥Õwr‹9éûhëSÆ_ÓþX²kæ³€—/{_Œ5S[ +©L^vž'gÄúú +Îôñ +Š·³©Ž×¿²zÅ+5ßÜ'DÁœN«Ìmº÷g7É@œàfžÇ­c_yÛž”ÂqÝþòÈ6ø~ßdݛ(6Ø â/£ŸöW>þÏåóAn²$4¡7å\ômß+µ +«ÂÜk +f&Y›$’ª%M³±žù^Aî +溈£f·íR·¡è¡æ|¶ob|Ñ ¡ß¡îWC¿”ÄXGŽú-Êu +Úº m7óaôr“ÿï"kSŒþµ§¬?Ï[¶ŠÎf¬ÛŸv¢&²f‡ÎøD0gßqAýcŽCyöùg¢ŠŸÔexšó‰Üü|9œ¶ñjíÂ¥(êee +>×ҊâèàÉqS&÷Ügy‰©oºƒŽ®?\mÚ³ùѓÛ+íÜH:õ÷ +šéâ/Krßní ×;¹Š›Úlèý㖻?÷!‚­ç»êœãŸ[ÔB­»ø¯±Uë\WuŽ‰­÷-ŽïŸ A͕ºZä1x%D™êcóŽÊÜ”>óD­Íéæ +‚väõ©ª+w°gÕi?/bÍX¥•/•žÑ.·›qwæØÓÏÁçø–C×#ø +廡à;QF+&ïuMèóܯŽvüvv +L-{› ߗ2_e4tÎËjê*]àRneøl;û™ékî7g̍[ìæák¥QÐöšö +7ܯE(œuœ­±÷űžŽ|‡s +WS©_ æ¥uc†u¥ƒ}Çv]ΊùžÀzÏGáY*.yc¯šj·/K<º5ªëÍ{/U;ªÐ†â¥Ñùª¶;É[WËêNîqÚÉ9¬É.îš[Дz_Ü‘ý"ø§  +ÃF—<=g),x9šé=ë_^, +ŸÚ)ºÝº—VÛ¥mª.-Ø+›[ã¶ñƒp—#íW +×]÷Ž·óŸh§.#^œI8œÜã{cJ'¬Ûü8ŒeM„ +mÁœ×ö6ºµ3óòD¥!]7wh’:n”åý†ÆÈšmUæpbòXAm³ðŇY>¹ÿå)Õü±‹â–€ë=_®ÛÅeKbѓŠJbU7ožmÓ³¬š#ùUÔÚþÿÍé'» +endstream +endobj +6467 0 obj << +/Type /FontDescriptor +/FontName /SYFPBV+CMMI10 +/Flags 4 +/FontBBox [-32 -250 1048 750] +/Ascent 694 +/CapHeight 683 +/Descent -194 +/ItalicAngle -14 +/StemV 72 +/XHeight 431 +/CharSet (/greater/less) +/FontFile 6466 0 R +>> endobj +6468 0 obj << +/Length1 768 +/Length2 1151 +/Length3 0 +/Length 1695 +/Filter /FlateDecode +>> +stream +xÚ­RkTSWU +Râ¥ÂÐփÁyAŽ&AB(’êÛKr “\žI0™€jµBy +Ò + +XšÊaFD@‡ +h(*ˆšžPFe +öãêúwÖùsŸœ÷ùŸ}ö9Ύá|–†Q¹ÒƒJ¢2‡Ç +öø–B!8;s0R"š<RÂL@õõe€m*) yŠ7“îÉ€{œ×`ˆ$V \9çEހ%ƒ1DÉRÆÂ2Œ‡’>*B`¥†XR)ˆ˜?¡°Æa1‰@¥1"R‚hX‚È äyKÁòx/ÂbUü[*Æž)àº`s#ÀMŠQ¹TÄp + +†âÓ`ÜËÿÃÖÒæ*©4 +’Í·Ÿê4$C€šÿ +PYŒJ c€‡ŠaLŸT /zãÁbD%[Ê+!)"bÉ%RxPœH¯E +Q"jX +Ž(E± ’*à +–‹—:Áã[ðAÞº#8Âmñažp‘+šxP~/ÔÔßk<" +QƒÝ +BÅ +øz»‹Z2k«\„Š¹Ðè +a€!PðV4: +h©‘‹a5€Õža2IŽ*ñ#&Ä aþU4@–Ì4<+œXÄ(€, +Šà7c³QµÖƒæpÀô^ +÷)Q!·;3­åR°ÏÛWºž»nš$ +ÖÝÒ> endobj +6470 0 obj << +/Length1 768 +/Length2 1151 +/Length3 0 +/Length 1697 +/Filter /FlateDecode +>> +stream +xÚ­R{<”i.lùDYC²‘́fŠa³;4Y™r(Çeïðjæ}59D*±N¥aíXmú$kuàûˆ/#§6_Õh+[v-ªÉaڒØÛoŸý÷û=ÿ<÷u]Ï}_Ïõן:ŒPk2­6W=êÞý“‘‚ž£dëö*¶L-#9$îđ‹v¯UCß +àj€§ÞÓތ|á[ØQ9`µäí”ÿ`pÇDè‰F5%ãí퇻€€yÜU`S鱔‘±²Ýò+ÂÀÉÇù¶·,ŠMõ +™ +«.j:•Žøßn­1E>‚Ëc‚<èÿÊ]T¥lxõugôÝKËXÆ%^ŒéÜŠ!K +œýå&›nŸá‹olM&¢|‰dµXŠË,ˆèêQ ¯Ö%àK* +fhlÅ+±×e4?pR]z÷¿L‹œÇ›ãŠ³-iҗ[xT +d‡Í|ŽÂô‡Z›ïG2÷Od[–Mæ•yo +Ú±xÄì÷ +Ã=©«r’Ïœnªk슇Œ¬WW{ðú;ß­ +~W%±ê±Kݖœ×Êï<ÉÌë›*}ºñF]g £œµ ­@ÕðlMU±Ÿt-"$$UÈύ±7®!„ä­ŽØú[vuá`gH°oþå¬5îO-üÃŽ>³œ> +pèÜÎPsªå +Ô/÷BmºñÍPöú M7(ñF¡Yœ”Z|ˆ»<œ+äR] +úÊi9]ªÏ.©ìJ +莆{”ÂяOÅ.3Ü·š†w¶5_qåù·âÚÃ}êÇôûuPQ’ùØÅwIQiŸ +Ù>3÷ÿ3ã˜ïð«ºÇ6M§^t—_Œº +˜^ÚϳÈ,Žüå*£'ÔJ^ˆ€4;Zš9Só–•ÇÑŸØ + NT_ª}ÚäÉ9Žôùù»¡‰5÷V])P®<“Ó†ôºF2Éá÷û¬yÖo<Þ¯p×3ê®S}z†í'>šÂõùq÷:ßH†³©wœaãÝžž‹ŸYFÚ&ÊP3f›ç–׶‰uÌ/ŸíHŸÆ&Kš5cþã,/ÎÔë‘ +§ÛìsԛMÅÞùgŒžÝ{UËè¿»2É&œ±Úk`“Ã矣M÷ŸWK†<Š§+ +®××4 +­ +šþœùÍö%þH‡ƒðë‹o‡czŸ{dtŽõôx5ÐÊ̍£V²ˆ蜌’ŠŸJ-ŸŽ +Ky9ܲZW÷xŸÌ^Ì55˜f +5WWÇz%ût+ÑҚ¬®œ\ŸþT¥ÄcO«yTå€D“Þ;î|pøf¶fgóíš{°cÔdÒIӖÔÊ8–/7³zG?Vån>uäÍ0ç@r÷íH{¯‰uâ3š‚øŒjƒŒܝÂWÝ-’îËçðŠ:{[C»«êŽŒg~±~—µUu¿ÉT1ƒ£gÈSÒcÆŽÇ-ù®Ý©–Ü°ašvy~ß÷cf +NfÑt] +/æÜI +Kº9øÚKúsɺö!Ö3êÕ ý²Ì€w†x¥1Ÿ5š›>ðlŒÖdi®Ì «ŽZ: +endstream +endobj +6471 0 obj << +/Type /FontDescriptor +/FontName /YJCLWH+CMMI9 +/Flags 4 +/FontBBox [-29 -250 1075 750] +/Ascent 694 +/CapHeight 683 +/Descent -194 +/ItalicAngle -14 +/StemV 74 +/XHeight 431 +/CharSet (/greater/less) +/FontFile 6470 0 R +>> endobj +6472 0 obj << +/Length1 1606 +/Length2 17103 +/Length3 0 +/Length 17930 +/Filter /FlateDecode +>> +stream +xÚ¬·ctg_³- +Ûv~±mÛ¶m§cÛî8 +§c»cÛ¶m›oÿŸçžsî8ïýtïù°ÇØ«ªÖ¬Y5k­±7‘¢ +©ƒ±™žƒœ + +=#7@ÞÊÎØÕYÎÁ^–NØÁÖð×ÈCF&âdfäbå`/jäbÆ +Ð03ˆš™˜™L\\\0dGO'+ +K¥š² + +íYþ {þ‡çïNg+ +{ùß73[G;3{—¿ÿ×UÌÌ.–fs+[3€ˆ‚¢–”Œ€RB^ + afoædd +Pt5¶µ2ÈZ™˜Ù;›QÌ +œ¶ÿ^L +ìM­þ)͙þ/–3Ààìhfbõw›™‡‰™ã?.Z€£™“•³óßw€•3ÀÂÉÈÞåo\ +Vö&¶®Šÿøk7wø!G'‡¿v}Á +œ]œMœ¬ +]³*ŠŠÿ›§‹¥‘Ë?¹­þºæ#M +L\ÿ)é_Ÿ¿0œ.FVöÎ3—r›L­œ +m<ÿæþ +æèdõ/®ÎVöÿŀàdfaädjkæìüæ/ö?Ýù¯:ÿ[õFŽŽ¶žÿÚíð¯šÿä`åâlfkNÃÄü7§‰ËßÜVö0 +ÿ +Š”œ¹€‰ñßvSWÇÿð¹™9ý«A”ÿÌ +Õ_FŠö¶žS3sy—¿)”ÿw*Óÿωü? ñÿˆÀÿ#òþ¿‰ûß5úßñÿëyþïÐ⮶¶òFvàß +àï +ãüsÇüÿbì¬l=ÿÑÿ=PÃìß +ÿO R.FÛ doñW +FzÆ­œÅ­<ÌL­\L,æF¶{ô/»šœ©™“­•œÙ_-ÿÕF +#ãó©ZZ™ØØÿÓt¶»ÌìMÿ;ó¿òü‹7ƒˆ¬¶Š˜&Í¿Mÿ¥øWuUOÇ¿ÄþW +rŠÿ¹øCXØÁàMÇÊ cæà°s289˜|ÿÙþÃô_k9#'+€Îߒ™þUøÿzþk¥÷ß`ÄìM +Lÿ™#{Ó¿ƒõŸ†Ü&®NNõü×Yÿ[ð¬ÿ5âff +f&0«K&3À[cA:áóÈKǀ3_ª +Š•r‹ŒÍî͋vé?~ŠåÝ)Ù +F– +c +ê +ºŽ”ÿÌJV?uT£ŽE“ãÿ˜3VBº­v#EòìêÍàªL¥‡-EeËB¯õqY< +‹#²8CΘÃ+ +òÙŒí +Ö Ç§÷ü*îPs| + ë8Œ}QÔ >jàQ1ôë:z1^V®>àšìžÓ +vÓAÕÔ32»•×Dßòœ (z׃¥!]quЮ(ìI ²ÍÁðØç«Õ°[ð®ñR,Üì­Õ1Õ]±ŽjpÓcýj+$ôá?†ü +ƒ$ØÒPσ÷æ¹)Àõá}@Jš4¿˜˜ ~P‘BO€ +:Jq©õ'5ßè  ˆ:ÉQヶN–.ϵòg“ÎçØN(Sõûê +_Ž +ÏÈð|¬ +ª)•_»B7õPÅ{0A +ôÀ€úäL֘Ž¬ÙA°ŸñdK«RãœÒX +žÉªmåd™±@P±€÷Ë°_òù2Ï(ÞÔb®¢ ~梧 / +¹>~°Å¢]”ŒãþL¿,|¯`ÒõO—[ +;a’GÌ(k +B\ëN¢Ò¶ŸŸ–Ê¡‹Se¥—üˆÍoÃúÔâèWnŒÑ–DÔÄ +—„E]Íš +SáÂCùñ«ÿ +¬tØ5èÈ•óu9d$œâøž^ˆwÚÎQÕä®pç3Õš`57xÛ=žzÚÜgJó$,7Z;Œ vÀˆŒáŸ +·Š¡ñ +”dgå6Ïj +&×Þ-Ž µeÊAµÚpBÄÅò&ÿ@è†/ÒõHьAÓ±ƒÌåvbxHÞ»±9©ûŠ#lô +%§y‚zå`t>}Ë' +kZïÔÓÜWÎÁlÐðE"°­~ŸŽPX©,3"@"ÌKÒg82`Ñ+#­Š£q'>äÉGÛV‡ +ôµ»&Eì‹ÕOžºí"ôWå¶n\‰Ÿ,Eÿ¿Æ} pÌ箥ß4 +ÕjŒ +óÈ~9NvŠC×Y–Óù[I[$ç +y‰ +0~îŠyŸ¬ŠÖ&”»å +hiRÉÕž]J¿N‹oAk÷jM†ÿcQ_ÛLÕnµ÷¯ž4Ó9ô,*HKàŸì~s¿ŽýÛåë +yœÛ_s}"Q +L¡ŸûpôiæûErÕö9Þµ®#ëe)1 +ËeSÆ +Òä +jP+ôvÅ4ôRŸ¡‡§á|€7¿å–¥QÒ, +3Mº +Å@ +¿nºìØÏNdÁ|MŒˆ‘§ÛøgËS¥9MO*¹dÛÂd rþl /iäâPÈŒß; +±ïÏ +ã%!ªàÂÇaèNŠF¬‡ˆšZBdh6£†S=ÌLy©“ÑòmÃëÔÎ>þ +.8C"F1_•x' þª©‡€“Y¹#›«1QpßιŽ +¯ +«wXxÀ³ï +œ¬hP̍žK|å~`€à˜-!þ¯b«?©ŒÒû+#Žù%û‚‹`ržD€†S åírQ©«0ú±e•ši(6«÷é7Ì|Ó·<Ö{jŒÏnÚ׺~%€"ê +‡ÉOþúà2™SL—ÏNÂ:)ÿ[1ÐÀ$mÿ ”»[Jžš?¢86„ñйŽÚkYŠ6âä‹"Ÿ–~sòÜŶv r>”ßþÀ%Â×?+ a8FÁ0Q52 +~׎ £ý‚þÑ £TÞÉ»×ÀJn¿óë–-ڗJÉ®¶>Ð÷Ì + +áÊëŽÃ%ÆðíÖâ-b«CU +g NRX» +؈ÀñRk0Ò§(—Mfîâ +ÎîWð/A + +֑qÿY&@±wŒ@ôòŸ”>±Èd8Û[Ó'}¬ +,Ãt’¶;ÒšEÑ1]„̓jî@J#e¢˜ŸfÄè¬Ïiù +˜¹4ru¡1ˆ;Ñë‡Λ§;ÞL! +è»Ív€]4ZaƉOW7ˆTÀÄa€Y‘ç +ûeûï?â'gF\ +O  Â}°·Ca<ê˜[á÷7w +þµÔÚ9Ÿ«U`ÖºXŽî+áð|OG~äœ+ŒVË]ûLv~žø"’Hsrƶºü‰Œv_F‰®oÅy–rè–õ&Æb9'V>|‘*eRù©Aƒ17oCTHLŠû6ÖMg>eêÕVY +Ó";øœùÝ j»¥P6 +àf@ÌÊD€Œº¡ñŒ4VŒ~©ö`܏\vÀ¥Š1ÿÐÃÇ~G ]Šìîm˜SÍdËÔ1ó*²Û‘†àÂø{ÄÏRº9)Côñ> +J +ŸÆÌPÀþiLçO:/mzCȃ”¯ +Hœ¯^ +ðÌ"º sû kþ” +ð_Nt’ôc˜bæ~M¿p²]Iȳ¬œKðÄc©W +b +ÝždW®íéc¥-²„ô"ƒP!»ŒAî‚nŸ`L +ÓÞÉZ\õ\­(¢fÏ}× +§„­›#}ø0< +`C ؈l7âIý涇î%ƒ• +ÏÈš•yžîûÀŽÞ©Á :=HgÇpkt*æ‰ê2ÁÐnCWU¿d'ªeÕ&€ŒÙsû`â³FÂJŸ-n‡YY4§œˆÒ=ÁâÆâpq;*[ñO +œ”Z±Ö®«º—Eq°òZœYϋN€û ÷ +–GOzïG»<ÐppÕ,”üP€ŽívCKg”ž^À;Çrª~îäLíç_õ4ýy +²ë¿šyâ?ÆoŸ§‹¡E{Ž‰žÏ\ËËþ¹ ¹>qKä~4iߝîÝŸœWñ~ÒBÆСsÈ\$}¢ùko +@b¿_&Ú +!é=Ã<æ{Ìá£Í' }ò+/Œlt+#» –~ +­`ù +A>{Û>:”ÝÆ"×ÿ:+ +®C]Ãê:µo +úGóö +–€€6ËCš³ˆGùóØV£¹Ü_‡çµ}tÀúw +¯ ¿ š +e‹|YÍDj»ÒbV²=8;N€.²©–”£­”u•ÞgÛ B>Ž®Œ4’I"²Uu§Ÿœ&rWUûVŒÕ¥?±}7€ŸN!;ú€,ìTå“8—uâPæ,_°QxVŠ²ÉçÛœ|Rô±ãšôxXcÓÉ7j +J»mÚjwûŸˆõ÷ˆ_‹œ5Qð–á'm¢€2'øDÀ#açºçýÜVô‘ïš?kŠøëUãèe87EžJ}ø +œ‡qzd‚áŽGUI*‘ˆ¿ãÀ”ï¯éd +Ä`J·#Ÿømn$Ç(?ŒTª#N“‰e + +þÈSß%NiH +lû=qþ\“/—ì#C˜M3ŒÒŸÁ(`c46ŒL‹‰F +ðÒðÙV’‹$ŠQH +™No1±®Eä4JÍ-©€,þŠ±p@ÞîÖ&$:ÄTÜKìXQ—ƒ#Žñ²uŇ'øA¯°+Ô"Ÿ>ahº<ë¢=Ü?sRŠ¯º»#¢<*ÀñšÖ"ž~iK¯ÞîOä pÅP­‚qJš +u'P’Yö¢âÑâJ +ä`ë­›¡†vÛÙ<ÖÙæÏ¢PKE_Q–XÚ8â~ž9|e + +u“ïB‚;cÜÛØšÄöCF[™xVj +íÂf‰:ÇȒê·únFXŸGãJ“ËÁ(ē"úWÕÂgÿ„ùh|PÎɄ>)àhKØzBLn£ý÷·†¹ŽjüûñGΧïða +ÕiEÒjLA +v¹ÀӋ!–ÝüTNZyó/n§.ÀÝÞ£€Àä”6¥vÌÍMs +Yý‡O™Ä‹I +X[¡4|°Uÿ/“¬üÎ8‚Úz¬Àµœp]?ä +E +?ï +4>ÌÏ +q$ñIC9Ï +&£>iŒŒ:Ì+wF„7ÏGІ,ÃìpÇaŠÀµŽ’¹€íŠhXî  +¢Oq +¡×j1ŒÌʃ"tŽ +ÎQœOœ’³ÚjüÖº4nßUåntæóð +gñO²5•‚KØu23Œ +Æ¢™hAËÛ]e¯U[š5Î +ÀÙÄüGÈÞѳKUN·É²C¿ìt +ʘ™{‘jÔîُ§q_ˆ4ŠôJ⫟cªëk€³¬içG,à¶NÜUVäžÁp¹ +Ô¢Lß5mo¿i—” œåx5AøÁü*D̕ý +Í$fùõÕ-•E6”)ºóƒ°Ÿ>á+ž@ìóÖ~³Q›Šy%•dš5kŸ6˜öŽ +üÄl + ‰4¹PYœÝê + +Z˜Õù¯-wïÄ©žŠš©ìKa +­Ïž*øӞ^{Í?è²ÜÏ +Sé+‘n¥ÔÀHʑRc‰Ê–áÍê=ôªÇia’<©8QD¿ +ÂcŠžÝõÍÇtê +՞þw/€™ÄÐðËd€X®y·|ÁŸ›h€/ +"U/{h€µÑ%¹ +&ê>øÉ?o²,÷‡0iœ +Ñ@ +¡xFÓÔ¯gc„o’IóÉrcýÑÝ +y +íý +7Ÿp×p.†UYhŽ˜ÊÌœ-‘D +žÆŒèŸޒ%fŸçõ›‘ +Ënc +p{Ù;»K +°N˜;¡bà){ŸôåÊ:f+.Â4ÖGÅ;JrÆ +“Ê +Yò²÷÷rH=ÁžÑI»‡pIÁ£€ g†P]µÍðÒn#Ö8{¢-ÜqA +LZÕ³õ—ñ9æÌRçC&úá +Ê}Œ5FÄxš +﯁¬V¶ŸHwˆZ¿U+†V_ê€Ýš#:.†™uèkî”ÂtsWÒµ§üLË×`ÄËî~„*ŸvÞW𳎕ANCˆu:RLˆÙ<è<ˆ)90ÎnO +à,Òï}ÚJ~µtdz=Zãòl€øÁ“Ó?†%ªdš +äŠLHŒhñ7¬*6o°\ªÛŽ +€y +þ»Æxu› +±úe͘ë0cžT’Ë õŸYLÇ£„l€Ë9‘Ò"Iè" \³}L:{)‚ÍHùëËoŒtŸ/µ`ãj%Ü#—u‡Î„¯ˆ¢ñ +”œ¿ßCçxrh› +;6ÑÎÇí'ˁfyϐtâ¬ü;ÿöYI5d¢FC§ÁvO¯`b¿ÅY¿“š›µ€I|¯ƒr©­s} ‚SB!îI“î}§„˜±üÐiʞ3ZhÂ{³ÖXcþïbkp q18E|ñ"WĚ6Œ{$<_u^‘ƒa{Ç.Ž‰MØûÆÜxÝö]ooáºz"ú¬ÅYŒÈâ +ê¬D:õ š¥ÞZž +؆’6D +_TYWXáàDî9Ò°šÛ‚“˜mÐjµ46Hú• + +HÑŒ‘ˆ&tö +Ê!„̹­ü€pNô·‘ǪY­S +Ö$§qÖ@àr¯ïÛønðçÀËNöãIèFV²}¢Å}Qµӆ&3-sƒ­L¶*wI +­:•ŠÙfíÂÓW} +f9.ŽU%Ž({ +<€ + +nNØå˜ ¥›ÁĶdýä"ŸqþŠ?ˆŠ˜Y[քaž{#ÇXzOöÎԚoΚ²áÞJÏ¥ (qbçžD‡~ªg a³ëÅö5Þe˜r/ʯW6li›™åéj8Ò +Š¡»IiƒaQ1ÿrŒý¹³ +>œƒjT\ÂËtUs’†Ì/QD“Êð5!?än!ez+ +6[Ø'Ù¯qã\Ÿ”3önËÖ¿£ +µßùŸ +”R‹),¡³ç„ç„Û⢔ÑӃזÄl)ÐTŸSˆQ«j²M`µöIf”ÉfޙXk©ðÜسI2°\˜b5P—:bÃÏmGo%@iœ!nd©ùãÎ/ÆÇÜJ¡“z÷©ìwëûô­OØï8ØÑ&2ŠãMhØ:=^ïYCb>p^Dð»KŽ©Ô¶ŽünV•x^bac£˜LñèÄɬ*}J“i0ûì™ +GBĞ )Øžàø_$Ê-ð‰Í#L#J`?Ù3±jžL:‘•«?úƒn•cM®_! +-ÚÁ,껙£ŽªÀ +6PÕUƒ˜fêÕñ&Aw•5UŠ +»Uz€(ë©ÖçÔ?Ë +©þàh„U©©Úáý(ŸÁ}±ù“ +ËaÑÕ#ÐÆGö#.vwŒZ䵆ñâ> +EϱãO +Í~ +Ò£×ZÐŒ‡lÐV`h8â÷.PUNCZC‘j[œ +}”•{ºŸý;ß\ +PdÞÜF€·uA9ÍÔc—Þöú† +Ž'ñ»ÎŽŠŠË3‚Ó˜Pk)=Ìù¥€œšMdpa¢ÓŠlñÔâ¢ñ + +1.Ÿ] +ŸàRíÙ>rô¬£?Y3²Ôõ†î²}QŽºÂVU‹ +ªoá埑‚¬Å’©@UÜašxg˜1ÎaѶ/©‰² +ˆéÖëƒv@`AšœDÖ Ôw@1M,­„7¶° +oIÐC±¶ŽŒîNœìÛ$·TÁÙÓuÌQˆ”Ä©åªAhVðè0¥6LÄ\–þžíî9b +Œg¯ÞA +å¹Ã£Tb±órñ‡ƒ +ê[ +Ž +5ymé_BWÁšhqp!‡RãM/,G9'Ӑh€CᩑL[y‡NY‰õE +_7[ÜXdæ|eýŒÇ×ß ÜßÑk„™\"ܟeäÜâÊY"X +mŸÉ1¬RÌñFybPFêŸÌÖâ¿cl€ÆoËìÅ ÖL +sQÆwɇrØ3ӉâºÄWºNFãºñݷ쏕¹;[`nÍ\lÄVípc×cÜ®E/ßÁ2/Í#Wé- +èÛ%«ß]«€D‚–j +š- qœ"Ø!ÂÎÖ +÷ÊQrlüX$k!’Ò +Jë8#àá»MÒZj9ý(nÂÏThlnû%Ì ‘ß9ª-qØà=I¬ÉÜXHFÇNº<õ‚YñÝä<šRŒ]÷éŏžF,-P©"i#PšÉ”K 7 LøŒIÇÑ̐x£óÞ»o›sIò!&nŒ•|Ž[ —v#~Bÿ(I€IÜœH‚ +£>˜õásAX“¶£µ +ž·Â#Vúç= œKgètCÂ?]oIܞjû囀à +ÙG +K:äõ–ÆÝ°—›lá1>w Ÿ0MiIá²Qöò®áøœIòÆKÎź](­ +:·•G©·ô·!(hiÂg–J)5WêrôE;øŸ¯È£ÂlçŠ>îÝ(h9B +P ¢k6”Oö,™_ +4㥣Šçܵ† +÷ÊQވðlT—¡lž=ù2 +ƒs +†œyÁ°þ˜þŸþ6>¯yMlŒûŽéŠšP{õ +ɓÄtè¿ûhEÀÔ× +î‰|òÜ霏 ?ÙH¥q®º] +èâq„(QG¹*i +mx×õ(BQ)'§@̉şþ@pÿÔÆ* +™Ñ¢CĒnø,‹ +þƒƒ9 ·UK®ËàBTr’q"òéñbÏaô¢‡š +Njv)êØÁ˜ pᡉ +üYˆM»Š#›E<î`¹vÐw©€N\zYs +Ê,ðNAMŸó¶XD— +¯KÓtt—”B Š7:@pŽ+®Î×:ÃÏŸ +oªÌÑNÍ!l$€6?WÂDªzVœn'Ôÿý9ô+"+Æ>õ¡[ê£ójjBÛÆÙÂi4Ž™z³)S‚—Ö?wäXƒèÿᕠ+¿€1ÀZÂHr95É]zŠx8üŸgˆ³ušC?AT€3Šˆše±ñÛÍ + øÜKÉI÷ +MÄtI•å©åjMSÍbÍE¢§HLpÒ;¡Èûë 4\ š5ŽWeær‡Š{҆Üš–N·F£·ÄœQ²p¢nLK¹ +'ÑÕgi;[±"E*äÈ +Š¬6Æ!6ÃîñÐ544À Ý2GÉ8gÒç„ÅÐé³&µµ§v±Ÿ`Ÿ±ˆàŸxDšË}Áœ±Ê +g¬±DÔbù\Åäá€8ᇬ› + +­Y +1G–vTӐ Sh®–Ï­øDçªNC(nï4îMîžch‚£ƒŸ€ +Š¡ë}¬‚`• +­B¡*tÓPñ +5'■+ +zéÉõåIጠ+«q÷¡:KþI +Ø÷>«Jk᫟ˆ”vìa²Çۆ5¡Zâˆø?¡×ï8ð>÷*©=šõÙòð‘ã¥Aiúè%ʀŠ+ûòd5Ôu»‹-d³VQ”øeSô—«°bzdê*>,¶ôª—®`|ƒŒ“Í› ++« +*«¿ß”ìóR8ùmaÖfHôŽMÙ@—û}Næh¹Ó~{-œðç£m38@7}ç +ÿúÝ +ûQ鉯%Y + +D“_ì?Èâ‚Ix`Æñ?úwÉȊ„'ó××_Ñ䫂*¿ ¿Œø}±ªzẀ5”XÄ'Ь/Ý5LU‰ˆCèÈÎÌü +Ÿ] 2ê€íñ‚®M0©4Mü¡é!}2T{žøA‘÷:× +ƒ¥ÝÁ"l@ +]5ŒC›ò±Ú†ÎG®OŽL6È-?å7ú³mÔ;F&ƒáZ‘P—øUÞ4‡‡CžR‡¯B×UQ™5nEê|A’ +qvôى‘RiXªcNm- +PžÂ°ÀMûŒÐ6lFDj’h%£ïÂ~y¯Â]–‚Ëñ٘hie„Bo†ç×ÞH£e8È=$¶Zl̗Ré$ +qFó€Mði.œÛ,™ISö¶É×ӌ臛˜*jƒq›Ò™~ãGv-Ë!WÐÑÅa{iµÑôձєŸEX“§ˆn!lGr€MQeèéZ[=ÓК†Ãô{‡­Ž¯‡¶ÄÝU*žjuŒ—_ù +Fˆd4L»)ÑG +Š%Cú_ŠÌÝzþ”Ÿ +ë0ÿ˜ÚP2—,¬¥>Ä:b}rã»zÌ­:&&ÂÓOŒbLîH©>ºí"‰Š|ñ +ö—Ö +°ZÒ¹ùâšq»J·ŸÐ1ÿÉ +šô3ïÁ'×»êó„<]Å +OD8XŸCãN—øw¥®×"k=œâëhÍÖQæëcŠâÙÚ.e|g$­EJaúK1Žüç%"Ô(÷÷ê8é;ežz,ŸÄ$.}ÓüŽŠ +Œ:®Àqa_Ô”^¡âÆõKVÚj +ômË{Kùia©‘wL,Ž™?jdv„ÿT³ØM+ +<¥|çbÐrF} +²A¢M +œEY'Iù;E +z‹å§–£ž sQ,£@ŸÙ/šOÑK8;éއýI*ºÁ,Ë[ž!ñ왰ºZª×â@ï +„?ÂîÍ +×BËSj Rî‹;Z-÷qbëªÏ\A­Å~|} +ü +äÊÔõ‰'>™c)ÔÙ<$u[3vÖ:‘ñùÃ.•ÈHeê[Eblj¹÷—c™èü*¬ ö¡’,2™‰T¢ù÷úM +/›cóäg‰WJˆ +ÞyÖÒȬrP4’lçlÕ +”%:BÇ{„WGm¬Y¹jõý9Ñù\éŠÁ&E’ªrÇFñ)‚%¿ñVÓ»k+ÕØ7¡·-Úu ƉÎyEF +Ë{{eÈ€jáØPN?(ú~ü)þ9 +Yºl“a›ãšUEJ +wškôÇ¢ +¹§2Ÿ +ôù%NÓՓ™gäì[‰R( +ÂØ>ˆ8Só·üéÖ5sfÁyçØêú!í£/dÇà W®s=„÷tòš¹ä,.0úŽ¬{¢çÈ1µ^’v +ìêKr¹4BqAÈɁ¹aóSlt§Këʙȑ0ØÃ&ҒÀ5rgTkŸ³™\œä-ãÐi‘Ù +&M`ìǜ]ú‰õœ[ÍóÃGò[% +[f]?}ßGU xcª·ö×qúµ‘ÆÎë^±%ôR‚&ÃYŒÊÑõpL@1ÞÌ°‘=˜èƒ?›Œ& +‡žxš€Íã·v3ÜAà +‘k:X(ón +»ŸQÊ»ˆMÕPåÃÎ×6Go‰]¹Œ5––ŸEa\³íÏ>‹\CÊ燶¬ºè4n"S +`Üâ¿ŽóÕ +P·Èí©ö/#.Ü/vôjŽ»`JGK›gxÉÓ`™3ݵýPwçMûÏ¢í9ð.ꞇ>ÚVÜózF·±À +‘uðg-& +[§±gNY¶&9ž§#àlwŠŒ.ïãï» +ƒÍª}‚j€Opßæ‹œ»| ÒÓ1"D›õœÔCï–ž +é67³o*ŠØ©Üpċu§høŒÆýË€ŠÁ^]Ûá­ò·Œ‡ç“InÈK?LqÅ\A?>»Ú($žÄA©‡š{lëÎsHªáæO +៕}€!D!àë +ˆÅd­³ÚïÀ—€|Š3Åbn¢>1{膖z֎qÏ,·È[l]Ëd]G +ؕÁ?˜õú¯æ³EŒâŒs~ +FÈE·Ûj.{Ø¥rûKÂŽþ,ÄÒÿüþ ÀMäÞýlîØê!áǛsº›yù=ñé ?eˆûºâ°Êo#Ĉ3‰ 5è5ZÄŸ«YyîͶåÿ6œ‚Œ2›JJª®‰‹Žñ"’±§xXø# +؂}NM +äBܔŽpM[Ï+ÆC­fþW ·éÜÄMÓ²œ–< *•Z +†ËPx”ŽäU +C‡>¿lC­NÌ*ŽÛÌ룣2՝—&šÏÏü +°(÷Â<ìö +hŒåƒöh–Ž'‘Ô +í0Àƒ9ŒŽZ s +÷ОZz +M¢æê‰@Øqœ§{G»Súu~'æûNﭖ”tyžÔ +›qô峄Œ1ç>ó¥-oXíþ¹J<œKù¶TpviÁî=ö‹È°ñ7{; +Ä6>víµóZ18)ŽqÀs¯aQŸ‹d|Œw+Û3›L +>?|O¢€DԐ”Üj}*Váb*ÞºÌy¢ÆËP; MIâ‹_'{i;Úîª +@j5`4Ìmt +-/€™ósQ-àèçqj +Oœ]OȧÒ2ŒÐb^›Ys^à +çumÙ­˜p®&~F¶µz)W +搡‘n‹Öq•ŠŽôÛ-üTJ +ësõ“Â0Ž¥4 9ª¥{àþŠIn2¹”Ò²pݢގ–ÈiÝ7µ íÆ,âá†(œÔ®w[ýà„Š:ÎPž^3¢øµuªô ŒÒË©&DŸÐ²r]Î¥oñ‹ +o%G‘œZX˜'Cs˜ÑF/ÂRRÒù]þéXà£}™i'É=–Vûç=qÓ÷d",Ÿ “t_TŸàí³Ê%ÉàÊ×c{ßc‰œP<‘êÝQ`jbi†Ê‡œã›=œ$T+“!(ü«;A +ÿBj +&Åw0:ž÷•s˂‡/]Žu»nÕ%à§xžÉ8AA:%^eûLžŸ^Tö”/8ÿÁ#Âdïô +ê†'Ⱥە +TŒUåë, +€‘y?ž3]0·ÁÖq«$E|Ȭž­²5iì=1áœaݺÌ<Á}·çÎ&Æ)`çV«Ñ<0Lb=éØb©ó’a~ ”ºzÐ㍉p<=UÑva2呙ÙÖvÏϺ8Ž¶2B£â3ž(ÜÑúÔ/Ú6ZÚ­íákùÍù7nè³î©ŠÂ¬q•zÚ® +xÍyJ--v‘{z +ËV­ bžzœSÜy²Ú¥‡.c~“hí_þž°XƱ˜Í“+ə;ëâÎOÐ +²É¢õ4Ž \¬ë©ÂHQ¿,ó¿ ó +¡c÷tû üÃ:p«×n„÷*‰_žÊ"²C>^tÏßRjŒÍç횧GaæžÙŸõQ°n‡3ò.mHþþã}Ð`Ž{òqýŠ +ŠJq‰ + Ç +Rb&s&êd:[÷ë_% /—ÌéÖÞZ6 +„b‹lÝa +P‚û$Ï +_ÿSí‹«¶è!ÊIygöÎŧ5D^g+:Ç +›rSÔÿ¡jÈú%àÈê–ÉŠ±Y«OÆ8w„`#Ñé×ô£9SÈå€ Ðh-²œÄƒš@Þ¥v܂Ö&P^3‘ýƒ)jnƒçÇCÏÌ€»žÒåp²®ˆ8Šh#O6-lÝ!6Á)ÏϏSr_È?Mý·ÕCß³˜Ül”LKfÕqXÊ{¯ñ-Ÿ„IJ+(¹}=ðT +ìjd·a'Ù«ha +ՌȂ—²ÜxhV«zq÷Œò]k­Ÿë#œÕ"Xˆó™žö+’ +žu=Á‘b +^iG§ÛŒÙ2îïÍœœ¿uŸáGnVbúÍA~ÔþRêö¡mÎ ã,hrõ‹š@~™—¬l6ŒŠžF)–Âô"K`ŸŽðVœ‚ƒÒý +UáÆd7¢°Æ#œ’jQÜw¹+ä +{nˆ +ïãn/ZKS#jv9õ·&3u[Š;²N +©Å  >-j)¿üÎMƒt +@מÏêИ³d2ѹŸG/"òU +Ñ÷§¹išX‰±Úž˜ÖV? +6¯š cé›Ã9Žî¢:©õJ|z£ 5±áIv7È¥Ú^e +ë!ÞYé€K 'býh%ÔåžAЃÍìʒDê¶_MÜø±ÛŠš¶±¬J×Sm^cS‰Ñ©£wïK5ò +}é9Å_ǶЧøTÖÄÞK®?ØÚÏ؆œã‹œ4u‚zšÅ1€à©J×»FTXDª_âT˜Çð$ė¿,ùB;ڏ7tE°øòJŠ¶rг)PüÀÚŒœœŒh‹Loã#]† ZÿL¢ÃQ0‰MŸß¥ð*}ÓŒ5Tª\ÉznÎä­ÜiA²÷íœ".}õ‹_‹ÜU[ÉJ +}á•À3ÓʆÄxõprÎþH?s;(-ÜÒîô‘ŒßÕDþéÍ{Ké#®ÂKúaÐäälÐê zÞÚÑ·Z!ŒÐ +/afÇœ*OH“% +Å·Ún ÆñzA™êöøÁÏÀž¬¬›º’RçÈ ç‹ïc.¥Ÿ9$qÀ1ih\% +ÕÛ +Eìóº!4¿‹hme²ŠåΜÅh6NÒkš4|• +1âuï‰.™Šé€Ç—<µÏߧtü›Ä{MÜ¢<=˜“59Ÿ®¬þ7;=yÙx5°Tõ*‡ƒ«oô™Â}®FÌ_§Ë¶ää”÷Eï“ +Åâsø€@ +[‘hJ +šŠ +ddÐ]’oõ­€Â³jöè¢MþlaBÈlÝƝšÜ¯tùJŸŽa4Æiå•o¹Òù_É\K]§³iº‰~‚DÉsÕLx.J&‡I+DfÉøø‚¹„/îPKEÃÙÀ‘¿ñ§<Yžžÿì:=žŠ÷jù[üTà®D‘ڌؚ˜.Bç‡gUX,=#ç +˜ +Ž&¹xB‚Ž­s}·)à–Ê +OU¿öݒzµ~I}­Í™F±))Êk`ǘëgś՜ÅqÜÔ?)üoäÚ +P‡ +q¿oŒ »$Uø@}u+‹ +iËN™<_$€ý]t€Õö„Žæü£#õCœ[Š«É±êGîQGÍï{dÊ;9ˆ‡ØŠª +• ÖÖdtź1œŽ'’\zÞß?cÈõŒÓ1œÐÚ€`ŸJëž-f²s>~.åúÛ£R¢ºî΀¬RÙ|ž1ÔEÒY\•\§%;ŽUJsñÁoYé0^:7~PŠÞuŒÖÐ{Ÿ³-à=ç« úL5wÐçc–ºí + vËŽ}}ßR·(ZÞB;ÀÍv§³Øó +3ŠÝ%Wۏ{øG..Æ=،᷉é:òŠw°ëŒ³bŒÐ*šñ§cÖäÏvÜÕïí©ÊnaWšO·Ã÷ìis¹ØûY« +Ô%Â1¡Š²acù¿9-Ξ­ñ|ƒ'!#`Ä®™ ++÷y‡ÄÎ9Ñ}X\çU$niÞª#k~†hÓëŸ4¶þ¥D%šFbÉ¢/ +ÆÚB,Ò¡ +»bÍ À•D)=IOàD֛4Éê·Ñ“'ßÆáJl»I 3ˆ‹‰|DD*ޚ¬œ +_¥¯>á}‰³ºhÏ÷¹Á‰öÙî÷a=à#Õª-R‡DnI×(ñlÒ3•uAƒJv„"+Ñ/$ÂSp|øÞ² +xŸ@ +¿eSïC= *驂å£ Fî­aÉØ2ž {U£€¯ÜÝåYáò‘§¢õ-ªƒnV1šw_¬¡FäÉÅ*:Õ`Z`=îy²¬qE +mM=w“ÈÍþ<„s㆔Î}ޓD±jõF,yBõLÂ$vTι9fZsƒpáUå |j¡RñQ.M"f3Æž§»‘”‰Èo"ùž›Ì7±{ÿc\kÒ/S˜°TßYS7x +dÅ,êÆ!ƒÀ1?àö +ӄ ×s4ë“‘¿äZ’ +ñr±¿ŒX¯óiˆ²ºÇƒŸüVZ +£œ[ÒuÛÍqžD2Ôr›Oîš#©K¬&R +#QÂtpÒ3Ë'” +‹¹ +͋‹agJO„Sàž+û +ü‹CDýx€`ŒŠú +ñÒÅÅSxï5Óúž^zúÐÏ€T2µqöÒ!ùr^ÖiÙÚ£?åÔ ˜­©@eEcÁ×âŸÑÕ²ÜêhX +&֙c(•"ªð-oµI¹ªŠwJÕÜâWLç{‡œ/[ +Ö8ÍÝ +2•ö®[!Žu# +lzgÛÉëôŽQôI¡ÛQÒüéüP#„f£Ügv6bÞÍYÐÐç—Že€d·È»këATÍ^DáJ +YåöüÒä +âË + ºzW)/wÃìT°#l†{‰í&S +¡+¥Ç«žˆ +x|¥†óEnAyšª_Òس?›ßñv,UlÊ4:g³¹4eS¶,†ÈŠU°FxÝÙøíф»62œü²5WEPEÀ&xÐy³8µ7ff¬,BÜòÏ’ëpâÓ@R3%c.z=E$ÄQ>˜Ï[ç7¶Á²’à7¶_ŒèlJIÎÖWŒ%ü$5Àõ‡ØùÁ‹WÂe¥ +er +©=7‚‹Œb‘Ù«¡­hARúLÞ +‹5GÈt*Á—ƉØÄòãQÓÀŸštÝR¢*ɐBšrì8Ž§£rÚ+üÀèû5„»;œîüL©@“òŠŒ$z†Æoj0è{£eÎú +0k™Êz¶ÖÛàœÕ*|ÈWQôŒqï†Ø ûHq +u]8,á”kˆémÑ‘*k’{.SmŸ—R‡sÿˆôÔTÉ@׶;2d¬SÚ-phPLj¿n°b=æ“~vpÂîbáX¶ŒZ±þÛJ¹>Ô8®Ú QD—×Cj$¿üçë°]hcÞ¢«ƒ›6ˆÝ>âQž2™Rœ&ûM‡F}ÎKvÂQì ÝvŠ=§ÛªzÉÄå°a#'/oé߀7ï?Œ—áZµsÉ+¿Ùk«æ2­»h}ºŽ*†8 +U1èUK$±[20\T7_(&µ¡Ë&ó,RœD0e -éÕçÀ–†¶À/{lYÐógÛÔÆÒ嚃‰È(òÞä'ÆZøÞIœ'2óš“4qNùw~<°ôOjå +„RWιPù¹²-$Ü^ÛEè6§BQPm‘K•.|QŽŠ¡_ÿ’[kmƒŠá¿ pQÃ$9¬–!d)üYéÖf)LWTã²×Í +žÏ. +ŒÕÅkW*Nm +ÛÛ]8¢tŸ"™YöÚ9Üî +L)1éèõ× +jœJ3³î§ +k-iôP~0Ôµ¢«!íVªm߄ޔÐŽÚfS€ÏþAK³É‰y÷íøA+Y] \ÇWø˜÷ïG/FðÂiªø +) +%F(g5BbßI}]¡}\¿pnñ^=šâz¶ú*Ë/,–'ŒÁã=ŒüŒÄ˜ +ŠinÅçÄrÚªãµý×<²Rä©££Ü’†¶Ü|AÄ +ö†¢ü­qÒ[%7 +ž HvXn2ýɐ§«ôUÛÝMºû7å’?²Žg”Ù=ºfèÆÍq˜œ(Q¥ïݛ‡ŠÌ‹‹ìeúHo6äøÃÜýãQTèhþúbNº +kå,šg@2Ãç’ +Ù%ø䩋BN +-‹»3 +_Ë¯1Çš<üSö?*³C€Ïó}¿“m)Š"Nd­ú +å<6våðéòɹO5È[ê7“˜#† +ÛD‰°b{ÔlÎ./©s£cÄ‘"O¢'÷E ÍrH]ó0â®FœáÁ¢¢\?b°öõžÊ+ÙÜ& + +ŠÕP*β®¹u,8«¹ÜH <51z‘37ߕ”‘ðýóžhŒ‡Iö +?hùõŒ§Q>þ`›-CÇþ +§%ïwå]Ž¯!“w¥ï +Öœe²7ç9a¿(€ÉJn4ŸYO:õÿ öúhþ4Gt†%äù^.šCÄv‡ä&-æô2ÿ¹=žµí +Øã(;8Ç€ï)8JZ«H:§.Ò°IÉÉêXl#c ¹mÁ1ä7jbY®%áCU’£ôºšnÝíßù­ŠÍËêwö©­Í±^gOä),Ÿ8·*,U +°<ò'ñtóÅ}r”Œ(ɱÒ6Ð+{=BðÆ£˜“2zšÖaÜÚ*$ך–¯K + +J!œÙ+¹à]œÅõًªÞså@ÿötM–0eñ„˜×õ4}2GJ +kœé\&b/ë +„¹Î +rÙ +îšÌËåX˜rƒœÈ +ŠRã­FÔ1ˆH€jYßÞÙÒªŸ:_(qÁ'*á׍±ÒÚåýšþ(› +ÃqùåªWº¡¯ž‘ÁdùԂÂs nܟAětÌW@SŽÂSŒ¹”±_ÒÒâÊÝ»«Ôñ<›ºÔ"ožh1g;øèÌcÇ­}í‰64Úô^l؉}ö’švšKŽÌƒ%ȹšVN¢âD +:öívÔီ™€\{F§”Ö÷y*1P·™»K8 +÷ƒ÷g•à3?Òp?փ|ë‰OÅJÑrՕvÑ°#USˆüŠÚK + +ìÆ؍ +—B8\_Û³5‹Š$E]“ÿ<ܱÎ}úB”ÝÊô嚃ñË2òJÞä\¯ˆ +a’ç1!’í¶ÅÓ +évXbºŸn®~õ~"[ÝB4Mø:ÔsšôàøÅ坞Ë!Ÿ²ŠšŽöŽ‚›bØ8κèJ֐kŠ‚–‡4ÿž=]šf‹;v‰1ÀñŸ&9ROâނ*ß*®ÒF+•Þ¶'i#|EýnŒñӚ(ݱÔÈþO‰Q}LSÖåò-KQs»ò©i»N§n¹ApƒuîX’ŵ +ÕEjÈaæŸ[mÚ"v*áemž±éCqû­èŸë>S"µ©|–5ôë^Ú7ÍF-Y>H®f~]åù’ +àÑR‰Œ ,ŠZjóÏGÊeöáR©ŒÑ¯Ž'wæžBkLilÞàKIšÙÎVu„µºØÞæÖ.‹°"$F. + +`Výoôéø¡:%`Ûֈ?»7:ŠðŒ­ÿÁZÏÓ$Úþ» + +ž¿r›KtgH"v« +s(bØ@ +Í·UîvS¹èCvN_y|šQ†ßðqäfTæKɲó’N°rOŒ˜¿ÏO÷Pûœ–Q;ܑîoü¬ + ŠvnÉì%_-£ŒXü +•ÀBâŠmà×S£o)@«{Pb +$¹uT²-×[ +~éÀ®€`‚ +ÝqК{“ªFo|÷Ä.to±§Þ:te2SY +endstream +endobj +6473 0 obj << +/Type /FontDescriptor +/FontName /CLZSEX+NimbusMonL-Bold +/Flags 4 +/FontBBox [-43 -278 681 871] +/Ascent 624 +/CapHeight 552 +/Descent -126 +/ItalicAngle 0 +/StemV 101 +/XHeight 439 +/CharSet (/A/B/C/D/E/F/H/I/M/N/O/P/R/S/T/U/W/X/Y/a/at/b/bar/bracketleft/bracketright/c/colon/comma/d/dollar/e/eight/equal/f/five/four/g/greater/h/hyphen/i/k/l/m/n/nine/o/one/p/percent/period/quotedbl/quoteleft/r/s/seven/six/slash/t/three/two/u/underscore/v/w/x/y/z/zero) +/FontFile 6472 0 R +>> endobj +6474 0 obj << +/Length1 1624 +/Length2 16914 +/Length3 0 +/Length 17767 +/Filter /FlateDecode +>> +stream +xÚ¬·cteí¶.ÛvflÛ¶­Š9cÛ¶TlÛNÅf%•TP±mÝúÖºûìÓÖ=¿ÎÝ?ælãíOïOçÛG$Êj +"f&æ’ö® +,ŒÌŒE ‰›‹‚ƒœ<ƒšƒ­™’‰-ðà€£ s67v:؋»šóŽÌÍâæŠVV + +@ÌÁÑËhiå + ÖPÕ¢¡££ÿoÉ?*¯ÿBþZº-í”ÜÍm + +íÌí]ÿRü_ª™›\­Ì@[s€˜’²ŽŒ¢€ZJQ enoîll +Pvû›Š)@ +hjnïbN°ppØþû0u°7þ“š +ã_.€1ÀÅÑÜø×ÌÜÓÔÜñˆ +àhîltqùû +º,í]ÿÖÀÕŽ7µu3û'€¿r +‡äèìðWÃî/ö—LÙÁÅÕÅÔèè +øëUY\òßqºZ»þãÛø8XüÕ4s0uû'¥aiþ¢®Æ@{€«¹§ë?ŸLÌf@G[c¯¿Ÿÿ’9:ÿ†› +ÐÞò¿# 8›[;›Ùš»žü¥ùËýOuþ;OÀÿ–œ±££­×¿¬ +þ¥õ¿bºº˜ÛZ0±°þõiêú×·%Ð +ŽéŸa‘±·p°0ÿ[nææø_˜»¹ó¿ +DýÏÌÐü +ÂØÌÁÞÖ +`fnÇ€èàú×%€úÿ®ËŒÿsMþhñÿHƒÿGÚûÿ¯¹ÿÙ£ÿíÿÿœÏÿI-éfk«hl÷wþœd·Œ@ +ðϞü³hœÜÌÿ?6Æv@[¯ÿƒÕ*j™ÿ;ÒÈþ“q5þ[{Ë¿-a`aedþ·è" ô47SºšZ,ŒmÿVë_r +{3sg[ œùß®þ« ˜™ÿS·šÚØÿS~ŽCæöfÿûßFý+r&-YUºÿÓný—ŠòßpU÷r4ü¿nŽ +Ìþ×á +QQO€' +€•‹ÀÍÎ +àæbñû?xü +ËŸŒ]ž=fFffÀßÿÿúý÷Iÿ?h$ìM +Ìþ™5Wc{³¿cö¿ÿÀŠnÎλû¯›ÿ7éÿ:ÿkàÍÍ=ÍMáÖW +LùB­3s²\°óG§Åõ†XÀGà +˛ÕKŠë +ú2#wxªÞëÃ[fy?;œVN +?öeiÆ°l©úÓÍ/ + üÈh‹PSvsÑ +3”#fiÅú\-ËoCèr2k +ìN«š”œCÎv³9Ã\=Ñ’¹b?:"ù›f4%`ö Ž€ 5ŸžQŠ +?=Rý˜ +鿁 +ÜǧËK€¥às‡@€Œ tÊÃÒÕšö‰"”˜˜B +ÿ–"2KºáƒèåÎJŒÁ®Rð€ºPId[—žœƒ-ˆòmR‰ºo\ÿ +„|ÅX7pÅW,"rÉíÌøsÿZ˜òEZ[8.æwsåU +M@:Б‘œÇyP§jG2ØOÎ.žýý¥ +Ș.ÀÆz ¬iXp8U +sØ +ùgñ;Â}JšÉ^±ôOƒ +6ꯀÆ0mROä†;†ø%üéï7Òß5otÁEÙ>ø+ÊÒ?æ‚ŸRµ‹X«\5ê9ý¿V¬÷ë±ñÄ]þ8áŸ|D¿f7‚wÕ +‡|ƒO€ +È¥ÁƧÃ&l ×{0>­,YÊê^šüÅ¥ +XÁ)D +3*QÇfœŽ/<NÜÔÝOˆs€e‡áÎꩃl„ѱq„)j¡þ-^\qY<¬j{Ž 2FfèÖ@Öòûe +WKWÍfHšz5LOx6# +ÁQ[3ÚÁOmÍçžG‹,ðáÜÔ€žÊÕJIMs³Kè˘ +÷š«WM_ÕԐ­)ۋPñÛã +ýf¢)Kå¬úŽ%#ïA]CC„UîÙ®îÞ:ÝH뛝ïiXï/W˜›,€â\9 +ÞfÙ’eHa˜b.Ì'Á"™hŽٔ)š±ÝG +Ýf˜  fxwéØ¿Ÿšüÿ$Òï<ôš÷"‡TÙߕVþ2/öUƒ@çššÈ +ÈÞqúÆFóÞ¿–ºàŒïòúi +¶cų¬@^1Ò¬F¥dû6HNqKÖ·cFñîõµ&s-¥¥‚MSÊïÀ4lÏÚ/,‡É )̔Š^ +p`Ã(J“QAPÓéÔ®¯ŒWñÙݍ&zÛ+›@*‹›i|­ é’Ú;|RQøloæ4Á[31f‰š|^è³GWßÁ/ [«hØ8X“ŽŠÆ[óô»ñ2QÔ-áœÇ1ñϧ$يØýg¬~øuDKÁ +rcbw镇ƋÿH’ —9›¶Ðm+à£ÛÙzÔd( +eŽÈLâprkdŒ˜/ +·3¥UénL„±'/"%Ǫ;Ü°óœÜÌ +›n`³»ö uðX䚟Éd +Ì«ƒ>gî +$ìUŸŒ‰4Fô&ò:†`Ì2j?K +› 2”†[}?éšX +aÑöñ=†Ž{>?Dړýžô[‹h)YÄ÷Š=šaÔ +ð׌Š­ŸG:Ã\èŠã=@¡Ë5G7f4Ž·ßê­êL晀 +ÆíÜä0¡·>h= §Ù(jÇ^ÿ°€[\+ 8ÇŸ}· +"hÈf}G’àùnƒŸ sÂô +€ŽŽ{iú‡SŠ.óX=)Œ°eÔ¢{áó^ +‚VôXž†4;v§+šäNð»Â6Å +0µÙ6Wyåþr•ú¬ +MãÈé#@T·cVQíÐK „í×Nw>3eŠVtT,QîUÙ;Ñð?µú•?cÝt±çšjÖ€¬ýÛùw‚ð³*úWLŒš˜"òܚ9¥]¹Î3#òÄ©xÅZË6×µË꣐Ø“‰?Ž^EùŠnޛó¥³ +ž€o;#ÏåRD4{X2°Ôç%Œ—·uŒû¥± +n3­sùPLŠ­åv?YrU*í³?£¯ú]Ž†v1]Gࡒ߈†BYҋmå +—ãµi¥Ëám9¢T6Xk±íBŠð)“È€áÔXÙjÈ +@.ŠÔžÃjVÍé04ŒäÖAç{ȭhÔS^êÞCWf(ø1— ]9“Á°ÑÇ5ãIæòlQÔÏ°.𡝠+õ\€ƒŒ°)`4¬ÝµöÙø]¿-!×ËßcK÷LÐ'Di† +S¥·Š:=@“d•{Jô×·á +päx-VÄN +× _ +u€”+Ò¡~ÇÒ~pXü›àÏÎ%Ëß +Àè;åÏ"‘þµ¬7ëip.9r +D˜§ÇcD·ƒ¢èó_M«PDZ_EÖ:<:ÊÈùk±·A 1¿)¢­Åwe÷ôö²Ÿ +gâȔŠvÜ:ߑNúí<5:BSY~)"bl¹x™8Æ|$ÀŒ +± +K‘œ‡ÑÜ£9ó„«VIì`^bœö³ÆSð‡ÁŌfƏnVžÑ3hO ŽÞ +/²Ì(ÔIÑdRG€­W†Ü’Ï$o9 +«€ž™ÌÏ8ùl(o}jD€-ÊQãу¹ +xŽ"`}¹>®Õï)‘ +‰5 +‚ì:B;ø‘ +7ô"8—ŽúÉU<€SùXz“ÇE· +ܱº¥æ|íº'ÈY̏DÀµq•Y|mS:e¢ŸuY¿Î +l;õÿv&Ì̖M +d‘Á¥ +ÖjZçöY +‰„aTß*0çŸ3Õ:f˜f„­3=ˆ«O?ßtsc;T|ò?i‰Š™ž¶:u-ƒhŸ +4ÃÕ>ÐCýÁ^W.‡F¯#²šÊãW + +Qä6>h€[š?XG×y§qX +Fï|–ýú*4ó€øYHò{?çããT]œfÚòã§:SšàrÒª çaBŒAM@†_ëCôÍ݁ÊNî˜wºÇåGÐ9 iápŒF»|\¶Ír.•Aƈ+3=8"Íçã‡õՐéP¥ÄܲŽzÑùG[ +p<²Š'É÷wGX8Ì÷Ì€3"BšÅ׌ù’có9Ч³çjF;œ㊑ÔüÙ¯Ï +BůýK) +·Q„irGÙÂ! +ÉýJc/ÃðfÀ:÷$c‚7SDõ1 +§âÝ^IíÎ&.Ÿ+\!Èߝޥ<ÄOàúãŒ}þ +Þ]¢€ïWé­c/ÄŠOÍh€§¶é“LG>¡ð;¿AnBÐk‚ð^ +k~[?¡š–èƒÜ.ßë'ÈÁ +¬žSÚ¬ÐpuÛi2.ðÇIÙÃm €kÁ'Sy>øVE†Œ‹žž#—oÏ¡}Ç~^èÛà˜9Kȵ,Báò¡1Šs2+o2: +՜NŽ‚œ~2«/ÚCÍöÙÅK‰Ç‡Ž396ÏÛWˆÑQõ݇ìê#`u”[ŠˆI +C~X8HY¡×‚*€=ëêš1 +õ6¢˜^DKž‰Mš»•2Ç,A˜„ņ¿EÓo"‹"Î +¿ÙRÓxÐÒêÏššÐJ“Îþñ£ +ÇœÿԄ`.æ*Ù +Jje|qQu¢²ÖïɈ ¹~9ž%“\U +˜S]±†šO¥kŽ˜$âVÛõ^k­ÄÏ;–¢~úDïÜÚ³—9 +Š$õÅÀŒ8_üœ¶Tà(·D‚Û`ùæœqîžyÿÐBhÒ§[!R€á{Ò§x~å= mµ¶}˜ÚžO÷—ŸšCH?®êÿ9).” +‰oãLŠy^ŽlœŠÓ[Š +œŒßמ©Ó¯áÙØ^>+ +?ãu4ÜA–K +›é\1×SúaÁã%Ü¡©ÊE= Ì#c Ä»9™”í7‚ó‡:Š=šþˆŽ2Ò!ôÓ1]å6<@¶ß쁘q&•b[ +Û,åi<Åo͓h÷àÓø9p†fäÄOÂьl)/ߺ‚í3G±ÎÐ+fÙ{’>Çí8Ãô5Ž¢Å|ÂF7DE„yŒ©“Ša- +bÕÞã]њњ}3­&jˆŠf]$)Æ\}ûšLøc=¹/BˍŠÏĞj6Ï£ö +Ic%šýðPŽ]>p¥÷jn®5qÐí V™x§>b +šÁ.œâUoƐM€äŽ%»^SžWžè0ÇÑzd°ØNQûŸµhý¬ +[ÊÞeΟx¬ +T>gùûüÖàŸ›êLüomX‚`4k8÷mfU^‹ÆeFWYcZ­3E˔æ +kÝH÷–èg­@õFåBCO²€zä +ì@ú¥·oa›Ü»ÛÑ«YG×ҏ„nL*‡Ñɓ¯åŽÆlŽz™ÔèdcgºÖø +ŠÚGÉÃ&×ÌEõ–ëžV†gnšï›ßœŠíŒ"±Rf ¡”ë|>øm\ºæÜwqœ8wƒT|xµŽkã÷›áßø+K–˜öQ +–×’êÆí7 ^€IõKÓ!Ê'ªHà·Ô%WãÛ¿³,å¬{ ‰È[äÅ*Í +8¶Û5ÍŒyŽã{þ +™œZGGNñc¯ój‡mZœŽK=øL¯@^Q÷ +ċ×LñÌÔ;û2Mázd{-³+tðº~»#Ýý˜ëÎÆ{àM²Ì®m÷ÆÕ,ó0j윌ŽµAVœÌ̑îw-ÍÓʑŠz +žÜË:Z~×[=ÎOÒÚlÓW_BÑì쁞ì +Ú±“ñ\ð?ƒ +¢Ì.yŸIYa R4Çì +ChÖß2+ +1σÈa†ø~e‚D +þ Ç<Õº@+Îú^ÔyÈ+YFçƒM̓xþמè-Ò_o;aKŸGÖ7!û鞃[rÄ2 +V +H$ÔVAŒÆaƒ¥öpº¿¶;>6E +ýsAΟ/òì™Çcݑ +Ç3êYš‰‹ü']JÄ.BO€`{³¥duÑÙחRÕm €[Ô62}°-µž` +‹šÃaGG¿,æ4Ï ˜€F°‡=D (ô•á%"~ÍÎfU‰ +~ +°BÿtۖÂÌØQ¬A‹^] +ÑŽÚNôè0L@ëtëé­Ž +g Œ¬àæÁM*ý2¹ +3ÀŽ(LJq9žµ%ú¥OHÞ +  âúóF>¹êio» +mÞôFÎ /Ü1yÄ.>/ò„ú"ÿ 1Þö$ÏÅô€‡£Ã2Ñôuü•‡%Vœœ¬P:ð"€n$ÿ +¯qé0›,ìæÚ®ûN6Z†Z#uÂÐ?V›4gŽ{†Ê(7*2šÙȯAtij\¥@e¡w?g_šh1*ëø’ŽÖ¬¬§ú"F§®GR‰Ï›Ÿï\³‚5u3b"Ÿ(À34ý•é’¡BQÀ86>ü„ËŒÈQQ'GzxýM0Œ8\!˹g +Î&‡cëί}­kp芿DJÖ *ž!_þ±ÔU%÷ +=Òc¶bå¹h;ÄÃâÑõ@+Ô}Z¢’³ý +KZÀøK<鍳=³„zWIsd£ðq×~k|4cË}1I‰= ›t5›Jœgá» Àû'VîC‡Û +£gœ"uW+„,çî®Z÷φ'-b©2#›wI v˜Ë’”3ÊÌ.Š'#f~Œ»! ºæ¢ŸSÏ'þ}”ëß#8ž€Ë)#º +ß¹üßkÁ( œõ!ÚdLª¢öŠ, +s úa͘9㬠+æ˚ñ4ì}àÛ+x~T)&қbo +{Ø`ÄÕà_m¡dR-}›Å0$ +èn®éKµÒĺÅ[‹C¿ +”ù®9~}”åbTØ +Î* ÃX\‡Bû%Ç·“K–ë·µmŸœzõzÌ_râUTËÿ +Gh”^Ís]ñÒ2à +—nÑÅòb×ëW¿=ª°$Ë8ø02æñµŒ®žûÓÇË°*÷"ÆÜ +ýdú*Ŷ_¿ãf@6¡ +ºâŸov#ofæ¥G/ÛoZJ<å{ŸØ«ýŒR‘¡Ç€îrôÈ» +œÀƔžFR–uÔ•ÓBôáw‹ÒJœï¶zŸ©ûŠS“L}Q–I±ÏèCê˓>œo- u‡t‰Ç—÷ŒE>Ì?W‘ˆ; +*§D‡ñ5*HžÛá×WÇÌoW%¢a÷=—í +:Ÿ†ÈÙLåxÕÌßÓ°6zÐÒÊzûÌK>çìQí‚ +=p˜Õ=¬—-–ð<\ܱ°š·3Ÿ›UW²à‘€˜» +2–lî 2‘NîOh¡L‡ö{Ô{JÓdèbf?ÕäNˆzsBʓÑøÏcš?#¬)ôoS¯eèۘ†@Hû‚Wáb{%.Ÿ Çñ¥ÔÁ?fOIŽ¬: + +ùøŸÅÿl•M¯Y7‹s€îî‰jõäbŸ¬ &sp[tÚíMœŒåËNc€ÌÜøË]u5’ÎV× +wÔ9òÁ€”šö“lĶ/Á +÷a0~ì +'7æÇÙ7rµÛ|°bdq +4±Ø’ÞÉí~ÓBÍ +JãxmÆ,VÀeÖŽë1ŽÅ#0[FV«amÌÅԕŠK.·ÖhBî +¿öšDkQ2Ty\‚6÷Ž‚ŒŠüd€C!Ãr€õõÜʺƒ­Eéa,q†ó +ºz”×0\ +³šá"`=O7€^šDÝ7ü£ƒ­€÷ÉzÇVr™_}’ց &ßHÎK„¯³OÄ+tÕçz­þÖæ*M:>/ØwAáUØÊ +> + §é†pQï'mÕuß\Ùû¢N˜i?öè@˜d9ù+ˆçƯÉó1s쀜ü„ C“E‚‘€¿w†ªŸ?D< +âü$ÏÎâd-ÃU +×Rg߃\=KgómøÔ +ÌF[uœ»‡oCáPW=Ÿ£ŽÒc‹w\éÄ +z-”\åJÐüšË*Ë/!ÒÑ£s­i•C6â.M~í^ů£šƒ·âðŒŠÙp +#oÂ` +µ*“µ6Þ£â +cêYJÀë˜ÏQ + +É5f>W‡wÄTÍŠvðãÞÜN+Æï›YIއEÝ +)ã!–S†,% +ŸLÅ +hÅ°%Ô:5«sœSoÏÍ!KB2ŎÏP“‰nÑÆ)©ºT +ÄžÇáLôe;a Œ89žQÖ;€1×jë³ÔØ.¬¬õ»Û’5Ê×=ß@W©oÉCÂP$R“z„TÅŸâ +«î‰·vPV®2`Ù /(nHj‡x®}àòûw­#vàøð3G^ ¹rÜ)ۊí +~¢Îž;žf˜JŽ”€YŠ]êtÏŽX›¯V?^ÝËò³$ÚÄæ +•°{_ãlâ”JJþT«3žL^[JˆbOw!‡% +ä–|§ÁÕr²ŸÃõ|~Ægգݓ$ØNéÕkLà‡/ù*¬MŸƒ'¹C *ô®Išu Á8†Ú芢ª] õ · +%HÅcãåûƒ×¥Jî6õ)öLو좇‡Ü.K$@ Ϻœxᝎ|–a¿‘šnª®ÃwtN0®c4SÓËtŠ{¯d¿@-NœÆÔÎsš$ŠŠ,ï'¿Ê9}LC7 +pe-?tr+—8•ú’˜CVŒÒw&$&xU~„rƒÁ`Yÿ¬¥ß‡ð­j‡As¯X* H¡Å¢gÖ`+A*xºB@©¬ygœŒ†ìCî\œú#ê?{0©<‹J,#]|hŸ‡xBl*B÷Áâ+ + .Ÿy +c@E +º!2ždO$­€@"µÚTCØÇZ³ÒŽì²Þ*\i&]¬ð¥âKÐ;-MO‘Ç¿ Ò^dÄ„ùöyöaŸØaï h"£FŸÏXz:ú¥æs÷ÿ€ 4Ûþ³£éußȵ³vTÅ÷ÌP‹ý;p[Õç$Œkpû0J\ +Ô6q +‹›? +ãvž9Ij7 +ö«æ2–£ŠB§Š +ù‡#³•Ñ›p;Õ^­,'Þ ÅŸè³–I­T‘WŒ +ß@Ê}BŸXšå";ÁsŸ¬/HÓE¶Þ‘KŽ}Ÿ_¹e×t°»Ä +w\eÉԋeå=ÒўJ'>º6Ž}‰ +ZÓª=Þv~õ#xÑ+×vïUU°U–[䜹Øòþsn{2¶ +ù—OσT +ôŽ“dЮƒÚ·o¢Ïüá¯97°»gQ‰GµÖŽ• +[à̲Êmê„ÑÝك^Õ<ášÞg{gšr“•v8ŸwPª#f—j€”sq X˜H©Uò<ÊíÝ*ç«NžŠ;4ž +ÛÀߜrš‡º™j5,gÅO%€Õ·çõ‰7·¥Úµ‚uõ5ÃêB,¯ÆÀŸ2äǗ8"ñ‡ùý +;ÇVºxüãrØ®~pV‚l + éÎy«t])Ô¿RÖ(ÞW,ª¢žHÝÍAäû„C ·ÐbÏ°chuk¥¡.®t³4ÂÕ6M¹1ex +fá ÁÕªå +6øY}~×1@ +5 +Ÿ²:¢H䔣{ß·œç2žˆÖiŸÎÈd +öÉ4C¶`áîÓ*ΞĶ·ŸqâhFóâåº +î[ӓ,¿Ä|° +Ø<"¹Æ>۝ãO<ñX·z xÙaoÏô +‹Yá¿ÌÓ۞óTÖшí¶û³@³XŒ„ê↯˜ãª‹C£ +äŒM¶¡òă֫9§#\M“&Axºæí6’#µœu1êÅÃÂé Z`–67¡À>cEŠ + +õ3Lžåñ~yHãÊUŸ€šöêÞ +Úõ®›º.éEî×hÁß8z€ÛÝ¿ÍUix¿ï¶zRx +«avHµ€tØ·„tLî +uÐ/UÿúSŽIÎ:µ9V ±š-lî6.Mçr”Î:Æ&Ÿ±92Ë6Pòi&CŸ[KÍaP?÷r¹Ò« +u +íQ25pîò[ЀŒ³) + ŸKf¹[6EåHÑ+s<™^±²,b@ZÏò€ªJÿ +0>w +`œÀ®UrTX€SbôåŸd>€h~Ž×D&Ã,o +‘2àv+HqŸøcçOŒ#&ùc°>v5ÍnÙC†ŠjoJ’÷Ï +žš +žlš¹ +X p +ŸM°e=«åñrSYcÏçj+þPd8-GzÆáwsE«jÙHòC$á +š“¢þìÁ·Ÿ>ÕêEb*Shk„ìêò.šVâ ++ô}ø—™Vgú¶èÒÝ)žÐ֟WÚÊåîؚ[¹¡sŠn +<1Å ©Ì¯00ÜØMÛàÇÅøœfT. +ò ã=ªk@Ž‡Qµ£Æ(›kðª>ßd£v|ä +e–nËëÈÅof_å‰w[ánFúԍ_öÚ«_²÷å¯.Í +EhjîÑö–œ7AW£ŠšnŠT³ÞêŒ +&âñ³ÁÉõøÆ 8dž;Í$SΪ +Þ¿“]ÀºÇü­­«q`ø±{C,ù2CžáŠiéÓÂkè`!‚@'zñ‡/#õ/Ööœ­$šC֏"0Iáˆ,™–ŠbÒŒ–ÒÖóO@4¿œî9ø«"ኟH2B³j=øÃÞòs²Ç“VòqÒ +.H7ñ ‹Lá˃q +z:䌍ŠD"ŠŽ|oi÷ +uzS߉=Qà6Ò/œ§ÅDÌLúÈ9áýK™„ä`(n؄ïÛPÂׄŠÙ=Ÿ{KÿÐÆ¥.™<:Jtk›?:ýíÒÍE>Ü7#*UÏ.³]¶ÐК[lQ$ëùF­Ä†Ýb14”ÃP +•TðœüÕ +p”xøG”q²²f¢×,îë·ÍŸhG_ +¿³ái¹š+_¹ßša—\íÊ +3FGhI·ÜûyòÀP“Czµ`:çäd=~ýùñ +(Þ$eU"O$Œ> +’ +Æ^\žî +^ +¶ª +(1GáQ¯Ï +T‹ôø)Ñ3ñ[=sȐ•¶,º:Ï£Ípø +‹(Ü7'‡~?É£0dsz +·I-ðˆŒ"·ÇËêQ§iõ +$° +Ç°=Ž +Qù–æðÊé̇»¯âICÑ]ÔÈoßÁÜ)¡zó6"'Éjí“õÕÇUã£cUp+ýòàƒ×l4%?cfQ|?i˜J™Ì§’õ~}#J—?ÄÆ·®E®Æ‹éô¯¥J^¡,Q·G-wèéÞ`-ÊÉÀ¥ˆûÝÞûGÞœ‡÷ÛœÜf[q3!øŽdÄS)†8*œƎÉ]ˆ%B÷¢©ªt2d§ïs—nEÝ;à +·8yâÚéñPÆ +Ç-"i™—‡NtJnÈHVÛfRwbq&Šü ÙdʀS²>»{~QÞåX>lsÇtsŒ@4i˜Mç“km±`ã%‚ËäùI#SåÖG±B[ïšÓ†™ +4ý«—øÀ×[iÞAìêad8ü +n°kSB* ÿññ|ßÎC(ÃŒ{¹ñzŽò×d+» +'ۗ­ÇlÆ +àUÑ< O'àsn7nÉÑq­tLT¬BõzJjV›ëÝ®Ú +€çÃάn÷3çì )| +•#ï‡U{ŸF–æJlŸ^l‚±ŽÓw- [€`=̧žA”õW¢Ã²ssÇÄùÊýÐ.ÖeÏ­à + +ÀÒùbY£§SõÚ,U€D-³š”V +VŠ_9È*1?Ql°ä=°uϒcVàÀsì +얎„aN©8¶°ðþóDH}NãÜG +Ñ·F’þNðÍ_é€þGVÈugÔQp϶‰aÌg§n‡hëŽþ҄ˆÙ ÇI¹dzéús˜ì>›ƒÐÙ|L‰'ôA0¥×;tjœ­4Üllr–®ÆXýhøý~ñmÅÃèÓØQŠÝy?Ê£¥ßšòÂxäœÞšðÏ$ö(rîR­ùo€iÝ5.59}«»ÝZ»l Ækm~ã +;³Љ¢Ì~Üø`}šÑMꎩRèÉܔ$ + +¶):B—87“Tך«w†— +&ᕮcÎZŒžn<)"T ‡}b׍SWr&߉WòC!ÍaüÅ«ˍɒ¢ÿPþ ¬“|QŠí䟊Õ%ׁÙõ=MÌ&¯¥¶ã¹ñëoÀªQ†}]Š†;šYÅIŽè|à՗Ž¢üS.#mrŒnÓ#ñ„—»•óz>ý[».•œ~txΫÒ÷EÓ`«s£ ÿX +ƒHK+ˆqìž1¥ÖíâL@X +`‚Orw'w2¯êi¿ŠÊmƒ^úÎ¥] 8 +x*ݳÛÊ +0¡4ÂÓÃ_õd0ü";]O +mOšHJåsŠKOÚ¹‡²³ÈL.MD·ñZ”ï%›’ +IÜöšýÀ’z”î!LSXà +9oŸÝ1¯›é +æœp +òPAìëäîü¶Ýžé.[û}(‚8â«n\֞yŠø)íæg + +CVjµ—ʶc€&Ïڇu +¬·Î€øî +¹ÆÖ enAVåŠÐ%Ü`óŽx¡Z%‹Ü·:MŠÝ(»q +Žš*‚ÕÔÃÜtüÕ ÜkŽ ©YãkèŽäöó­cí$]Ü\ZÀNÐxII|P úÓŒò7é«&Æ'(OäÀxŠ,ÚòG]ƒkü5·"mӗKxGá÷êÒÂäöšåTÂ?ÏçjfŒÕø:ƒEóh +ØŠøH +òô`²Žb÷T»ã + +Z+i|¥d{áö¶ST®ƒâ ¹QŽÔ9_lsì՚àú̲4îHüû”†Ó^UðC +Ä +PI{,$íñdEa÷ê᪠+žjB*è]@KÈj:وížRußùn]Êw‰³IYq +ªüt¯Ö‘TYY"Ÿ^Ž¡œŽ-x¯‘ϺéÍFømSҗ»å뚎¯$æmó±Û|9÷'†Tr1 +W«0I»Ž­ +ž\·wIɬŽ|\åáKt=ÝH$ˆÛ¹~ùm7< +»Ì€þ«œ}Âz3H« +ƒ ÒÏIÑ" +Fn÷~Ïa]Œ·£À— ²“£wùþԪȟdeŒnÙünxK­t·#eì÷ř„)§Î1Rq©¢Þå<åRÛ'Ñb•ÎɌ܈³{”ŽÎÛߐ?[¬~Á©¡ + +7Dµ>$+YdÁ¢Pí ßø.‹§óWN +ӟΎ(rT&èÛç{"]øñ]ŸÇ»`­Š_T$‡ÿ⫳}¹•a¬B?˜–p¶ùíE"`úmŸV7ÎÙ²^:Ϫš$g +É%›.—ée,ç§6— ‡LYî"؞upš³÷<×ɇ•*µI­â$šÍœœ€Qw5¶Ö9ŽërBZñù +tÕn +aúT€™‚\ž×Œ9\dšò +e1á˜"†ŠÅ.Ñk`5µÇ©u +!žB¯ð²ÃØœDöÍŽRñAXHtlf©0õt•8àØÃCò +–/«~'tyÛïñ( +›ŠN”ç!M•©¢óNÚbâ³ eÍ¿³h±ÔE[1§{Œ³4žV‘ +ÁYϖ™XÛMá‘Շí,¹B˜Æ͔+câiŒ’àB{ƚ:‚ái‡Ãž°w>2n€OMn +|²˜±]°f&†ð³Ä„žÎ3 +Äîa>• +31€<óÊ€1gÓðà_®Š,l@ÏÃGæô‘ŒŠÙdE+‚ÚŠMºüÒ_Ïý< òU$ XôÁðà| +-¹%Ó7"ãi> +õ‘Ÿ%&Øïleg‰2žÒø˜!% +C7äÞßǬŠB +J@òوReäñgQÿ.‡üEÌc%X`ú·Xsô’Ú_\Éž ÿm?ùQc͌éf›ÎW‰ÊZÕc|³ß°©;ÆÁ8®ßÏSöòPÖfá~â:UðR{·k1҈ƋÇZŸ¥L™­- ³Œ¶Í +¶wmÍ + +jµï@”r-Ç +4,# +NŸ\7àŽm,Y­À{|é›Ï +!0&„¬E 7Ät÷1œe]Ê"<§§!ÚLSóü¬,Dkiiw¯žÀ|ünÿJëgÌíõ6 +îÖ_¯ + +!¥°$ãc€Ý㪌ó"ˆ‘ŸYkPÔ·~ZÊò|1Š§Ü_žö‚ú[±ö'ûàÙ&ƒ`PêùC$'#ëí_L»\jöÏ¿»h +&Vïü¿HøŸbžvèdŠŽ—E +¡Þð•ê7Ê[<ì]ÁÜt*šC +ºÒû/@ø7y72(XÏÂSŠ’šCo ++¬š+êAêí8ýZ”14wynÁڀȝýŒ°œåN~Œ©‹ +ùôégŒ=ø­X&'Z­€záŽ2[#ŒâöùÉ?„˧ÇåhcU±æß«r%Èf?ב@+®ze\û‰Õñ +ßItYkM.{ÛPŸ§Ü\JÝ +^iPXõGüö>³fÏÓDò•a ¹É²Á‹JhdðŒ`œ';Ùyigf>¥hÅ5ç¯:·×@O +Ž1Ÿ}Ãi^ùû +‚6'Œ”¥ +ď{¹dDeîÑݝ]Pt9 +Lw +f(ˆvÚœI:¿•Éë×<R ‰ÚŸ)•Ñ)Åú¢]q4"'^ þk1ïãÃTwœ»Þˆ³˜7wš•ÜDmM. +ÂA*pÞyŸDMÈ—ûMtXgñd +Kœ±î€(œI.8(?f*)&š°IW&B‚–À +\ÿˆR‚qØËŠšdÞŸÏ8SOyívÁ%Ì©£ +hlŒ:ø[Yvän ô×Ø:òÃ;§WñgI]¬oîÔŠÎr@SÏ3‰(Û;ž’5äA +)îj +–†jX›‹ +¬ûP„ÏŠŸŽ°&Sçh†ªš~0T,ùÉÅÞãtœÈuî¥ï[žá«jòKŒ(ÒÇ£ +~[E[üòö0 +sŽ +sŠÛú¡Ò·\}¶š„µ.†ô¶á1úAq™/G­±ÜOYáŠ[ÉqŽ(VÔÙ%AÁo2É^%5ýbA™„&¢S2ûì +OêÒs<Œ{}³Î† +ÆӒÆ܂b_ +ð×.ç µv¿êÕSû'ÊŽP+<²-†¹(Í¥ßß6Ò8Ž’Ÿ +»7a[4T®Òޓ +?†™ +ÐåtùðTÓº5‹ù +m»ž{6ëهq“sú\ ”Ôoê@ò5wٝ3Š¶Èl—ÈfÐéÝ)²æ·J«±Ëžê]îKðôt¡‘4µRØÄdí)!i+2®ž À„cbÒ»èó>¢ +ê }^{ +ŒLä? +.(¯úVñ?‰º‹C J<˳»VÀ‹&œÌŽª¡ê1r¬Ã÷þìîÕûÉ>4L¶ùê$F‚MTp“ÜñËû÷ +}xeÿC +C¡û >Ä +­îXôLJt¶á·Ó}”X÷WÿŽ +Eé0[ìמDx„cu}nœ-¬•NkòUòŽx7¹`Ë,P%Ÿ"g +1œUÔv{JwÄ©`Ô¹5ÀL³”ê+¯0±`ÅÏŽÑ䭔 ` +¹ +Æ]kèAÕÆ{ãçïdÙùÃC‹“Ín!¢™AÇ9$œÃëclõ +'‚\ûÊ3 +I@P` ”-§Šá·Ê5¢0rá'òOA_µ5ý¡ñvÊ»âÞlS„õ`iQì 1tŽF +•4+•`ÝQfå^4OOÇgz̀ +_× +ÄD:ZóŠ°µ_ŒîXuaP™Û.˓ +íHsÛ6™Ÿà¶òÂ2ŠŸ€$pÄ5ÊäRð‚.$ŽIŠSoçÀý:µ¬u,# + +¿Š&ñ}!ƒ+AސᜱÙôKú–8ŒÙ6Ÿa[B`ÀW'Œ¥ 8Šš„ñ®4qrø÷9²ÒùSÞ$sŸçÑ¡ +˜€(ò<ÍÙb®­ÞzI$Ӎ³ìçÝ}Ùuêw†§$ŒX +ܐЀ‚ +ŠËÙú’$jŸÎsJŠ›+!•%†Xòä;Të9nš‡§d#(ûK4S˜ÓNùK§r»Íš|²‰Ž,/~Vvyßó~ÐÊêµÀ#—d¬Ìœ£q!.7LT©˜F%uF‡ž=Ó?H8ª5±ž›Bœæ>tþøEaŒvÏ +õÏåWÆœžrÊÝ}g#µ·XÉÁ2éèß:Ö|h» +3$2†Mm‡âƒHÜÖvo‰ÂÁìïÅØô»L#$2QE‰Š¬.^0iÇ}°ž¯,R­M +ß Oµ[ñ2¶YÀ“aÌ®ó¢áÇ+és—, +  +€BÍ\ù”ìXe~ +Ÿâgë8Û÷ž67;G8£«'=ñ +ìjz0•Ñ¿žÖnånèI/çÀÇe(E"­¶é$%‚MTšØtÍ­?o8nZÙpΆ@>­Yží:!‘åªNꟊþ&M +fRÝ°Ž» +ÿŸJÓ +ÒÓlõ‘(¿Ð sJv2êK%Ex%·v +­9~HL÷õëcË.Ð9PltÎ3~N%ÒHÙ§ +›¡E©¹Þ!;“Øí›9T +Ê€ÏÜ,ퟙª6V¯ØeäG3«$¯êzŠ<вž~­B­i8ƪHAy +<yQwÇ'/}”­n6Ê +Ûoß @Hæ6ü¶ÚÑ:VüvX:U_8lóœoŸâõóâ;ÇÑ +å5‡ªC ¬ 2žé;ÄÄO•Œ7,*®ÅÚ#")Ÿ +ÛuôZlÝ9:áqv£ + +7ùôÿ'f™û:åee«æ›¬<%œn Ÿ§‹S7š¢ãÑÖMŽ‡Ꭰ^j ];­Ž×S8žöïâǪ)UÈÓ3g"Š.åpqgÐQr6;‚‹þô +m3žÔæ|úø™Z +ž$8ïӓD}bD¶^EQ◐=Þ8†È†«ƒ}³òÏ)“©÷r0æ#v²²Ü˜_yéŸÚvš9ºªX–ŠØ¿Lqi×ãå + +‰œ8ýGº|áÙ(UžDT}÷Ù·ùêÊ;ݖó,F®ãkš¡Q˜ôGuàûÇŲës3 +˜ÔàîrzFp¥{ +ËøUŠz÷~q›B`òE,±ÏL™d‘c§–r͞üw)ÏcòB#xâzŸhÎzú/še>‘äœLÕÏ=(9pF}­D;ÁÀöüTj%$‰þà{ aÈw'=:Ó×&MòÛ®pÞ0Ñèþ˜2Âc_Ѳ%xéG¡j‡9# €á+ +On=ÏȪ(†CóæÀ1 +32÷ŒMYE¥ùö>˜Gú6œyâ,;L†¬šxá­Ï£Ö×+­~@þÑlþ +íÙç€üÈ(š|(ß#ÇÇ3„„ã +®Äÿ;¢ZE=Yۂúß0I’y_, +èÍî©Å%«{ÆgµÖªêó +‡7ÌløwÙ8ç±¹Ábáч›îÆ- ԋÓcÏk™D"žZrÊ +FÇFìzæwǶ™3 +;~ŽÛÕo#w<‹Ç.•ImlŒr3Nn6]©þ)zÜ«€çÆyÄxIj²n gfFŠYŸìzF0Ý +”íÒ4õŒšZTa +ÛÛ8©ÓL{ÙÑæE9Rij¡,! +h5¡/K|Mb)4© ‡{jٜÿhŽsbï§ Õ‰tH‹wˆqÑžt5l +³òÿÁ\íÑeŽVßËXy.4R>ÒåbLÐ[öµCËŽ2EPíb*îŽ3ED *Ž+ìiDð¯4|šxó$Îk4Âcíi'µÎ‹¥×Ý,Š|Ù`6ÂûT‰ûî¬CL-A‡’Ô†Ï9]ÄÎ~N1Ž€GÊ;vç­Xî©ÎžÜËÙMyÒl÷ŽÁ) +Žª³u’—ÿêƒËvŽ +s¶\m|uÖÖ}4яúٟò€-‡ÃW¢c<ÁžÀ7~˜ùôöHþO‰Ò^­‹«qMgš‚Ú±[å™`Öâç +/ÅðfžŽ`‚Ee ¯ÿ&w•ðË×"bømÙ!°iwkÜ×m# \€$ÆÁÝÅIÔ^ƒ< #H¬l6£ñÃB)s{NY +*¢œJËÈaߕ> +ËÓFáÒÆ%æÿó&­ÏönøB]8ªö. +‚c8¯Ü|Þâ·Z +&ÇÈÚý° +“AÓnÊp§ã·WšøWxé3üMŠÙ"é)t6÷Ø +NÃóã`m¶Œ j9ÝGôR>¹ßÔê0 +ŠSè8ñ +é!ƒ:ՋE:)?±‚záÛÅxÓ©Ç%¿áh”Z©žmø¶•5íÆ6ƒÔjuåòl;\—µÞä©­R +endstream +endobj +6475 0 obj << +/Type /FontDescriptor +/FontName /QWJIRQ+NimbusMonL-BoldObli +/Flags 4 +/FontBBox [-61 -278 840 871] +/Ascent 623 +/CapHeight 552 +/Descent -126 +/ItalicAngle -12 +/StemV 103 +/XHeight 439 +/CharSet (/A/B/C/D/E/F/G/H/I/K/L/M/N/O/P/R/S/T/U/X/Y/a/asciitilde/at/b/backslash/bar/bracketleft/bracketright/c/colon/comma/d/e/eight/equal/f/five/four/g/greater/h/hyphen/i/j/k/l/m/n/nine/o/one/p/parenleft/parenright/percent/period/plus/q/quotedbl/r/s/seven/six/slash/t/two/u/underscore/v/w/x/y/zero) +/FontFile 6474 0 R +>> endobj +6476 0 obj << +/Length1 1612 +/Length2 18904 +/Length3 0 +/Length 19746 +/Filter /FlateDecode +>> +stream +xÚ¬¶eT +ܶ%Š» +‚{p ÜÝ5x +Rž»»»\‚{pw‚»»[ð—ïœîŸ=Îë÷§ßýQcÔ^2×\k®œ«šÉ•Õ˜DÌìL’v '&6fV>2E ­‰3XÁ$Ï€ +°p&ûkäB¢Šs;í@âÆN>2-€™8À”ŒŒ——‰šLÌÎÞÝhaéDF§¡ªEÏÈøå¿,ÿ„™žÿOÏßL0ÐDFó÷‹ +ÀÆÎÞrú +ñš9YÈ́621%e +E)2:)E +2)àhlCŠìlb4%“š@`=™¹#™Í¿dŠv 3à?­™ÿb‰€ÉŒÉÀöSàß4€›)Àþ×2{€£- +þû +&³p49ý“ +djãlö¿vs»²wŽûaû×÷LÙì6uÚ;‘ý­ª,.ùožN–ÆNÿÔÿºÉìÌÿFšÙ™:ÿÓÒ¿|aþzŒ 0™ÀÍéŸZ&23 ØÞÆØýoí¿`öŽÀÑpAÿÅà +™#ÀÂØÑÌÿ +ù‹ýÏtþ«O²ÿ­{c{{÷eÛý+êq:6æÌHlìkš:ý­m!±ü³(2 s;26ÖÛ͜íÿ§Ïàø¯Ñý³3ôI›ÙlÜÉÌæH,ŠvNK’Ñýß©Ìüß'òƒÄÿ-ÿ·ÈûÿOÜÿÔè»ÄÿïóBK:ÛØ(Ûþ]€?0d_;2y²ÞcÇÿWž±-ÐÆýÿðŸZ€“üÿÀ‘q2þ; +Å_AX™Yÿm‚%n3e “©%™¹±ÍßIýË®28ÚA€¿Šþk˜dLl¬¬ÿáS·šZƒþ=׿]Ù’ÿ+Ò¿š³ÈkJhËš2þç›ú¯(å¿Ú;©»Ûÿ%ö?ZQ°3û_‡0DEíÜÈ<™þÞ@&vŽ¯dÜ +ò°±yÿªý +†í¿Î +ÆNŽ@72œ¿-³²ý«ñÿñù¯Ó÷ÿ€‘™Ú™ý³+jNÆ ³¿ëõ¿ +ÿžM + +ÿªú¯ÿ·áÿyþ×¢nS€å;Sþ «ŽÌt§ZŒÜÁqqœÞn6èÁ`û’zõ¢¿j»_Ÿia[ŒF¯5ÁÌ +“|ï­îó'öo{² +ûÃÝž6Ž¿RùÄޔô=˜ë4í_÷X +JPÓOµ¢É±ÄK¯ s +iuc.ÍŒgÒÌV³dbuŠÇ÷«àA‚µš q-KAr:ììOŽ +Ž”Û3† +®8)ŠjV +"&H÷·Š2›ìcg î>Þy-¶ª¬¢{’ý?ŸèvÊ?I`:Žw‘Å6X ÒC–æ80ºµ„Ž'2АQç3/­°™×bXRNÍpàØ +G+á¿8“Gô_»€X}³ùeù>ʔrÉĬk{UñežÇ§åOLŸžŽ{™‘Ó‚À­úœ‡ +1_¥$l©›F=Šª +ˆÃ/mK°k± +wÕ.fæ)eúàîøˆ§?Òì°YÍšUÓ1›‹Ÿ¹Ò˜ê¡sÿ۝dQËuNêû¡Eƒ Ös”œý"ÃÕûŽ Š—ô×%UdèXyæîž +ۆ +<*±!éž`':7»^îqEƒm0Wý×E,׬ˆI•õí·%Íça+Bhqûê \ +š².}댌™ã‹HÞÊڈöVöùƒ<¡dO/³£ÌÆ,ÙM”²!Á«¡;•Ë^š1þ~"•€;t€÷ +Ieë4byêå}„iÀ)-óE•ç†mÓT*œÕS ëάü2›Pbsiyäês@gÒg£WCßoÏ$] ++Zž‡Š +ƒ³Çdå +ú*õî_Ÿ6!6ⳭϞ㩐=É«ZØGŽå +iiX/°zfp78ê²nµÝ§ñÁèÓF +ŸÛIˌ™æ²\¹ÍŽÕñ] €ï%?%43”§=XGó·ìªÙÆkæ2Zšb +•Æ‹žOĉʳی*ºvG¶Å +5éxaø«Vä+•œ8m`2‹œV€Ÿ­g6¥-vÚ"–žá<äž|TRíŸúÅÍ÷EPgÃ7OXÛ/~ñåHš§Î@a¡ÝÓ_7ßQK\?%Ãß5L=ÛWTùÉ%†_Nu=¬ˆáœ›Wø²mýùbë;ƒˆÛ‘³p2†øýœxC“Q„;$4ç +Í_”È1òêt†]{üŠÂõ™IOšò‡þ5I”C†O¥NïOýfuM.ä*c±×›Àhhè5מŠ˜0ÀݶŽë€%|?A겡N`H†žÛûpÖÅȬªêé=ÜÕDrëÖ®÷SYÈpz)µŒNi^šîjÎô‡T÷4.ûhý€Õ˜ + 8xr1ƒ +ÿP«ŠÒ)ƒŸ¯ +þ¬¥î‹ÙRœÄšf +?HXuëî˜'CˆËeŠ-ºxÉpTBì8Bß»Á]ËCª»€€vº]îÓø„eˆÀA"?°æ•z +'ûa©P&8ááѳ`9bdš#}yj_~.‰bâ_¹ä,ÉI•Œ#øQAYiA,|Ùhš +Ÿ19Ã\!òô8¥3Æ!£JI£W‰ñªP*Î8Œ“òêÅ)%SýñRävíOMÉu–bJÆ{ +çß_˜â /_J +!2ýŒF|ã3Ò¡„¯ÝGŒ2ÝÅ +D™4y„G3z¹DýAŸí"w+ +CÎîъ€öäOº›\ÎaËßÉ÷5 +éK-ýõ(z®ÍKRä°Sј”èÓ£u›Z,™z¥|^ÀkŠú^îiØw5Ñß|kÆ êuPV+Ž ù„œ +ۃqD3›‚íû5TáÙ9ـ Ú©¶ôC«ÈÝtñ& +óp‡Žš”烏>ø§ç›'io +5å'ªhÁÀ.¡ºJGA‘e„âJÆðÓÎ'\ + +÷_Æû072YÑv™¿PƒøxbIƒÑN~ôˆý”’èÑÍ3ë$TS'ég'â +µÇö57ÛdK¯î™@÷ÿÙUzI)†N·ª† + rEmÊóŏGr +«uš’93Ò0ˆ¹þ€m» +„m¢³ +£pŠ6‰óµÁ2óg&'zrÌëyV}WXOìÚÓÒèªÕ–DÈ"Avg^MÞM¥žpaCÈ·°@ßނÃ÷ïîã_+˔2µŒ$QÜ£ýR +øÆ«„3)sI’‰!=C“üÑ:²œ—U0¶`úF{'cVŒˆ;I!ìì®ÏÔ¡¿•¯‹ò&Ú¹,°È +#Ïäqä1óJUNžŠª"ÜKTyŽ7eŠh +ÊÄȇ'|¢ÞãŒs¬²käÛÀ['a fÞ%à¿dÛïÆùÌ%‚ß#Ddæ͏e×ZÓ PVŽ0%ÿxF3|Ž6Ÿoþé.)’êÛG¡'>zlñËÕE„üó¥fΝ­a†o5;ì9Á'rî|Zê”DˀOÐöĈÎԊ®K€”Í}O’{±WPLmâ­>múËaÅJDšº{Rþ‘tï£ðz0§>FðSe»(BF ŒY5â8KçØꛯîfßRs€Ö + +í)¶IÛO’õ§Åѝ˶ok/Pã€qåœ9Ç žê’‹=«žáPV$„ŸÔH€{Mê/‡w'©;ëà_ •''œÙÈlR3mqŸ¹‘>Â Ê +SÖb˜™–|¥î=^&ÈÁ/ÑГgSpÍKҙ×£ñŠ +íù蔊Õ­üÚápŠêOsÉtºk^ +ýsŽßÎÓwMTœ’BԋctÛ}û–ÓG÷ë$2*?BãWp>tÒKó +¬ˆ%“„‡tåÊ +ÓŒï•Ë€vâ¬¡ê›Kè’üwêÁ¯Ÿ£Ë8%Haç$u_@áj_ÿPάýàXwé(hM–Ö?œŸºÇ”žrg3C9K¢á)<åçÂ1°À +%§g»Ÿ„Á +î)9cšC9Jå&,XÀ»Êa8ü¬3s÷—ëÁŒUcqª?!Ž/;¥­ë(¥{+ + +Äù*Üyê#ùž©/CüÐ!reÎqÐÖa‰óѝ +,þuŸOížA³oEžY`ÎêÓYŽ!Î(ê.0o3z•Á€rg&\ž§îëœ:7uVæ@ +Ää«^9x‹l¡»ô;» +íæH Kn +õÀ°4­ËªÈÍﵜæ,¥âIÌ»—”ŽžW£+é–$HòT_MfÅr D˜P»ê6úD"dïÕôÝ}‰Ð¡Œ0—Ï?Ûž +‡I/˜ü~vâ +Ÿ +>lÃ2Ï~VnF·c7¿ù¡·cˆñ:æÂRe‰œÉ›Gêf3þýœþ°U¶áµ¬8B•¥rŒ™m†‚ŸÞRŒZ}v¶YÖ­’ XÈÎ}YòjŠÜÚ’@s.ÉŠÏp:ª<Ãâ}äØà B.©Bž”#î~![ +«¥ÚmÑt|x‰§¢3 + +[;ëþt`lÅ}÷ŠãGŽ͙ãuÆ«K‚#Pý>-]¿y/J5kQ€ãv;ƒoQIq2¯ ƒ#7=¯+·ÏžÉ/¢"þM ‹óPXøàð0u;âÞ]dýqƒÌ±ª4Då~äh^„|¯Õí!e“``Ó_™ÜkHÿhín(ìêëOWÖHéÐ4V˜Êµz¯aO”£ë«W‘~É +XzŠMŽŒošî·-D–ÆÊ7ù%:œå‡v!Àjõd +û‚&ïÖöœ1%µŠ¥õÌXoM„—7Ä6¡1·ÜڏšÌüJéXÒ$(6ŽƒNÖfyByŒM!¯ÂFt9ޓX.ɚøŽD +ÆCVòIfºÛ­œùee +xÆB² +¡ÂÁ¹ª:ˆAÑD·™C‡I0Ž¯ŸšâYWÑ6%‹êaH’øÞ@”kâ›õ€sn`©¿9Ÿw×/ìtؙ’âz¢Î÷þD»q«]ì:˜ÑŠ8žb ôäs)0ßڌœ +Ž,ðd˜”&3 + ÅFÂ/K?É¢ƒ¬ +º¹*wÁ™ +IWh|ñãBmoþ–Š~â'í§fDo~ÇW ÀN±ÉŠwvøÚ[•1äüG:ö^1Êb¢?a>r¶ø3öÎÄÚž×ûH +ÒÄ[²ãséÛñ‹p,­ve~tâ4çìàëú+Ûkñ +_Â×1›šUiÂwœù‹©SòœºÁ­_rt­Ì¯Û-j/š„á|€Ô6Šõƒâ†ž¯Â©Ï=›:ašG¯Œõ\èþIñ0~W7ˆí€ò=í˜TÊÌ{ +ì›LðˆOóۇóÏ·hd@Ü(Úv+i`îozFy0ŠzOÔMì³Óºâ +ìûÂÚà2ùà¥±Žü`/äfèÕ5ìPZÀ.Nj8µ‹NËb]‚ì•Bšvîi3?FÚŸ"‡c(±o/W̍ ¹u²¡lŽ«¯óÇq><§PÔÞŸìë=HDÞtœžÌnâ/0Nªª +þË%»ýܓ”f%†Ð +3 @/Å7¹ì©$“Y¹.?㈃Û4¬æµy­—‘L‹¢’þÔ·ÕZÚt? +vr딶àáG÷Õ +óKiÁ61V®Õnœ}X,ÿ·s-DòW7Eh~ò[ô"À‹»ñk zo㑠+b†û‰S7/sÀmŒyÚÔИ4Ævzöä#º«Šp&—œÖømŸ‡dOíÞ(j0}˜wù÷—í~=†kèš×‹¥mÔ ˜ÏÂ̊% +"øÇXÄ(:[X?Gö,·ØwÙ¹e·ÂÂ`×啑yÍ +ÚúœM1k6ÊBÇ¢>ýG@ñIBzø9]vê¡e<Äû¶ýp.Ý«š)vFå†õvŽ¹špŽyÖÊ×Um™ÄY)‹ïº¶ëŠú×jvŽöˆs\L×ٔîDï +ä› ˆãž¡Ÿì÷L±tIJ̛JýG“ +éÏ·žôË&Ý­puî'ï ç8!">i$N5‹ði t‡œÑTò;óöö°ï¥ÔäqõpÁÍR6‹Å +O£Nò–Äœ˜zíœBïµ¥€Ð—Ž<œ‚¹2®Q˜&ÔbÃÛR]2 K¡]TŸ¥ù>¥úÊHL/ra¥Íwü€¶8ÆKi Ƴï æÇ.XŠjò:+˟“‰ÖÌÞ‚£ë¯cë߈aýÐ +ãJw ++§’㥮tSÆ:üЮ)äø⣌æËI>šÐÁ1þCÄ£ ° +?›ÐâDÌ(±Šð¢+š7ÀçF›ÓÈH«„üž©­ +~Ù#Ù‘ü¹Céٌ7SCkZ: +WûRL€Ûôfìý+ªXk‹ú<ªy*ô•ùÅ?‚}ù[Ÿn@ò6Ü՘š + + +)‘–H¯¿Mæ +Jœ¬/Ÿô8/)ø犲ü¶ºèþ;µ€JëÁŽOb˜àuša»ƒpVÑû‰†ø + 1ÆQÉ:”öåK²ñ2é՘Ô/–˜coÇ‹_M¯:®è÷·".°nÚO4Öâ̈́DzWµ·Y›ÀWeãÒtvë!òO +¥É* +ò€”3¡)ۈík‘.žƒúLx)ôX‹I§F˜‰äñZœÛõær¯üŒ +Æ>x7>3ìù$°ÐûçBò¥ù̀6ÀЀ‰^>fI%Sç)ÑþÜÞÅmÚÔÁ|Á™Æ¬œmÖ% +n}ºÚC°s +hÒ,ã=SŽŸh +DÊ`ñÙ×|m^Ç=D¥¬Ÿuãùó +<Å +*kŽ¥R +ݒšp +žƒk·³¹—‹Þaa³È@]ÿŽÖ&ìñ–w’bi-R¶¯w‹QÚ8Eþži"? +ûŒÂ*Ó€à"xË|âwëUªxø.ã0\ÆQ +Œ¥[6±òŸ8fú#Ÿâᢷ ’nÃrô‰ÎÝ}À¡Œ©152>v )žP8Ž6؁ƒ/®Ö•TV1F +{ +ÿ‘;prÞF!ûüÈût7ӄõ=0V;§PžòÁPØ£¡Æ¹c7ÄÉÂÄbÖÕÊÇ}Û4^Fs¶ +ù‹~€AÃE\×Fì͗=GõCråI'Csðaó]vùtZI +k‹A +!nÝ ÃŒ«Ù^rÆŠIðô<Ó²ø°‰„ 4ÒΕê÷ðòõ‰4ü»uÛw„³ã-H“kèðù~¶Üä?ÐaÒ=uY–ßR'¹i¿†’Ý’ºšéå*EƒK }v› +Ú*Æë’rB>š‡Ì +(׫Qà:ÒØ¿ÿÌ2ae‰ÏysÜ$«Ê +f +0†˜ºÊÑ6ZÙ<9Ó +Ã^¿‚ cßì×ïT;ӑQ—è +Ò +Ÿ%~j Iïr/yS³>ýš’MïOÎ]sTËîd6[±ÛýN=!;˜ñàWoǁËÍ+§‹w”#ãÁ¢ûø!ŠéJþ +jûà«oS +iØ +˪[»—ÿ6óŒh +¥Gk‡ ú†XI|*~œÀÅ6í+òÅOgG©:Ã8ëF) +{žšPÁY)ŒãKÊ*³¬«ý +à8w>š£ï˜ã§ +‹‡sb÷:Vò\YVéôÑrWÌV‘äìçC¢D² .Ðrvu+wþë:Kµë[wêAz’@)iÚ2¡·S‰mµ +O®›}kª#žÞx(íŽû‡IœÄXKãcŽ9™[#ê–íRŽt"ÿ-ûfÆ¡–þ“7š‰NÑX +˘¹$u–0aÀ•”žÁ<•ÏøŒ³š”ÂãЪò.kŽÐlàÍŠ8î˜d­y^&œÜ8ì;ñéJW“ +!ƘU€œs)Ó¹­h—<(€ü³ŸÕœúpÿÙÿÕ¶Iqô.y‘â +5t2ƪÛíbì]SžyYE”ÿ&NŸÎÒý;?λa÷Yä«R#fzÎ'î#y®í›Œð +¯Ø]G„ëšD=FUæ{ˏlŠ†VŒØ©Ö}û— 'ìSd#L­k³p4`Öò¯Ê f>Rfmgoå,m$ôJo6Ï”™Çþð\Y^–a +ÿQš>ëªS%&÷E!p® +Ãã¬0m[ŽŽÒHÈ£ä²Xœ +ï›*õÖWŸ¹GÂkQ̌&a†¢ïaÑ4¡µ0þŸ?1 +gÇŽ¥²JGŒï4^㧁NJeÇöÆþºà-ꎉéEb­®úP+U›Ýlñ¥ˆ×áIîyV97÷>TŸ-Êæ.á[ÆO|_ÙÆâØxîi +=¢1F¡2ý +èVÒ€WYN/ZOj +{­* +ƒ +t]™~’ÈßÍó]1>X|iÿ`:siˆÐê +ΣBlØb7÷þü'RQ¶÷uS'V”ÂM5÷{ኛ'/×n,•øªi÷ÙÜÈXQJ“Þó +™ùò‰€šùùø(A +÷“w]"©Nr‚|Q‹Òäÿf’AË@ž"óÖ +»rŽmØ:û œñg +˜¿ +Š±ò°ä +eêL§Ð€ö+ |猪çžsåJÑÜÓ"mI®}+q³~rï§(ŇZ +*õ +g]ÁzÕ·Sˆo +8z +e‰@íáiš{ž— +ÿÁå„ï +;új¢˜¡ŽL§®¶?ÕÆ8ÓüTË?‚` +œïÊ˺ù’ۍžw»"SÓ²nqŽoáY +uù +LëǺÓX¶«;ë éí{ïÿÀ›D?ÐõC\š+íJ7Úʄ+@a­@Š! +ÁÐfZ7„C8I™Pôh&‡#› +- +3[ö;ŽZàÅ6û¥ªŒ¯{Pà• ‘ŸDȆՋ̑‚{L4øJlC|ŠžD&4)Ñò°gÉ©6¿¡ë!@NÊñœFqϗbqËVPiÖ$ãÕÓ7²Ÿ + +Œã0¿)\óÊuìIÛõ=ƒÞBœHufƒ¬Å’u\¡’~<ˆC§*ì/Þ çÕÔCBµí×å+KFÃ; +ÇQ¯R~ÔbþJÿ²£@(|”¥•<É‡4Õ֕âþ £)lzâܗ×ü(ýg_·ò|–.éIóÉóž†< Ód.ƒßW®±¬e«ßá$$šyG'l©ìŽ|Üò‚q +Žhe*!Õó«EšŸ†Ø Ža áczþÖ𫰙5]ÆdrÅÙ4t$13ý#1øä»ÙÂíŠ` +Ï +©Ôuÿnm\tøå­NÄl}×ï$ù]€§‘žu¹/}~¢<za¬5jŽ£%œ}ˆVë;f[Š} +¿*µŒ"_å4Í4ž@° +ž×2„æ3¥b숕h,0Õ)P%/2hî”­3Eœ³o캹‰ŸjH¥é•ŠÃìõßgøx|ÙŸ<€ÎýU§ohBC> +œÓê¹ÈU@»ÚMÿ‚%Sb²‰¿G^e>WîP9kWgõ'èŸH÷K)m9µÓ +è + +1@› +ÆÜŒŠµI³ÏµÅÙXŒŒz¿Ç‡bap“ò@ƒ}•Æ +ªòQÌJH¯y~yÛͱ(ª»žº}j`©ÇxâÆbb +[ŒhžÓ*¬®ã‚Y"ôw/¥S=Âý+JÄxUÏšK$Mí +‰›f¬ØŽU”·3nýšŽ”ŒÆ#û„Å»#*0¢®öžŽ@OÁ +f +·ÿÏ÷šMŠ×˜ÙYÀþ17dsiÈôû”¡ïB•Fþ +(UÏyJ=êøX³Ô +£¶ +ÖiN—ŒW.•N3â õ‘Rtê›ÊE¢ +ÉB÷@µùÏ!Ž÷øÕ0~ÄLµªMÔÝóÌôÊÚ,vf.Ï%šl_èx|Š=ﺆ¿Ð-k +h2:·¡9Üß8TÏyή] ‘OPCBÅ7œ³ÐÃR%•g3Sùž]¬ÉEâM¶°È·Ì.~Mø +\Æ<ù$> V?Ÿ%Ÿhþ‚_›þœ0 jŒ[-ü,^§ê·5oØhw·ÃYòÛMº!s?)šo[Ä)S +Y5ßúBPh±¢W+nŽeûœƒåálŽÃEèq$ +‰ÀÈi]Œàª[ãCH"„p— +$!•[::&[%¹áX +îíVaE•†P +/ÖC +_ÀÔ»U4‡áÜgu%³†ZºmEfdIô³ùæ[Äñ +ÆtsùWû꿀˜«­%w&:Æ¢Î$§öw»ÛBøfÑß:‡fÕª=߬ÁmS!Jü³8šNyEœûW +e?jJSšÓQ³ß$‹Í8"h/Ðk0Ž™> +KÛc`ëkU!ֆÐVªœž!Q®€ +ü¬2à€Ì +] +>-t’°#€ ÔÇ©a[wŸú$Z7Q–»êÝ*ÀRÁæw5š4`ÑíLÑO-PÐ(á`;ÙMêá×WÙãÕTL§óù*mmJ–)ŽH—â<œVz®ôÂ8–ªÎ¥²—Õ +€qú']ü@$”„h— +e¹ñ@Œn‹# }röþ35ŒEjRn>G +ÊÃ!6ô^C£tޙn±.éLª#鵃֡l¢¢± + +¿]7Y·1;£³çôU2ñSþèlȟÎeÛ +‡LdH`ŠøIÊÑ÷í +-Å¥YšÂs[áð}¡FßÎeуKMÎ4.»Ï|ZˆIY¡’–4> +"¥éÈïéOԵ8XEÃ-ºzŒúÀ\V¢¢1ÆæÚWRØå +ívVvÐ4€ú› +#9³ñT* +ðPsÊö +ÀØæߪ6±¯†‹˜ÅÃ@!+ +"BÆäsšÔÓ, +jüQ€rS9Äå‹Öô(0w#¥ÌVš‰Ï@50v<þI8ú²>S”ùíÓ9âîaއàç_xè¬B=WgÞՋ–  +Ò»Ÿt:zR| +–ñŸ€mÖÊLÔ×Õn=&m(’ +P˜ŠcÚPÅ +ÄNÞ[7‚”õ¥¹EãvŒòÂý~?Ž™cmÛA/ã] +·£ˆÉ_òŽc%  +šÛI•B¶N5ìg¶ÍÛš»E:|eàœï"÷ð/ߋ +±à¥ç·gÕš  VɈúdœÄœ +0ì›@7k_ß"SÞbdÿèÛ3,€hûsç"5*œ¹4ÐËg¬íl-zò€ŒY߃ßÛáÉ'±žŸ„ŠS„ùþˆuúçYnØ/Û:R›yd˜B + +»©Ë«ÿ[â”\úåõéÞ!ŠU°Ñ§`ëNïQú5h‚ßÂÍnŸ$Î +¡/dÉF“ëüÀÕ1Ô«±Ç‹ºŸ™°ŸÂkñ +ÞÇöóu@¥=SI1Nà4{}µŠÏ$áðäÝOhF`¢GLÔ +Õ-‹ +›c/cÎӋšàÏžÎg åŽ‹+J +@õª +À€Ä+}µ +|†}KŠ‰‡/ðlæìSÁŒ.„ÍŒ,žÜŸÐn¥tyy +yGõrqœŒŽ†4ôû— +‹š;É5õ ÙS +§ÝŸMëkýý&áúY/ß +£è£á./bNçžmX‚ü‚èï.TqVŸâ+š DåÒqVÚ+ó¿Üޟ/@¡~Û¹muð¯^ +»^rÞWdøà‘+FE࣠+Tà5†+Ž=vî–v’÷i~&uy[Êîêæ;šÄ +zÌ¥vpœÕ°žÐŠñQ/kÞÞKÌ¿ºUI,±Æ—ÿ + +hŽàšŒîB¢G®B^x·õpŽŠ]',æCîÜ2s—ùÿԓŠŽd\)Ùëtgl + +lĉ³þ +|9Œ!Ÿ€Ô +0XðõªµÆÌõQå>iÁJL#DŒk_ +ya(»dÇÕa +ó¯iü,Š—ý¹T–› +™• +/—ØIvÌðãJa®dCh‡ÑA|Ra[tíӗyæýÉk¶ìACÎ)­ }ÒÉ-ó“ÙâžÕÔ^Fm + ¶i§jŠš£Ç>$çàl{ª@Û0@Å +•Ñ¥ø&ƌ8Ôéù +©íǧW§)è·«ÀÖoäØõ›4[ðž3ÍèÚ)ݕQ+eŒqe +G¹;ƒzöK&>BÌvÞe‰] +u–LÜQ(ÐÉç‚?H.&¿oØÞÔ,Ã$z76W +PÛíŸ4{¿ñÓ"G5} +?ƝŠß‡5ºéûäY ¶ßY5¬~ì` +™ã ë†p5fR‚€€}r1 +o.è¿èÄÊzºJM–7Míœëuû€×-Þþ°Ç¢}s=îÝloB¡€šMÊÿŒ®†¹ +‚‘6WW\ûRQ‹3ò̟žÆá ˜©æyՔÉ{ÁþQŒèüLN'†^:Žm»“zN× +pW”><û UCÈïPrŠüT©Ù¢’Ý}fÛóH(Šmèµî5Üõ¢?œn„ +ò¢(H’š§òS4]· +)Në +[»†s;_úhˑD±šr€šÞIkŸï˜™VBD +ÇG÷ +ªdÏ'Ä®5›2$þ’!^RX +¬Ó–íšósU"Ù#(ônäÚ8µëF”þšÞt yÎrxJœ¶›/Cùœg„øéÁ`ˆ•À© +‹[äú'KApÂק˜õÂòû‰êٖIî;­yêF9GkPfàiŒxRð‡bÃôhžÔ +eÏTs£â;¶ñ1r–‰¹h4-!B)¿ˆÀŒìKÓðª®[Ûy²úÛg•Þ;1öùph%Òv.<.P¢gŽÜA”N®±9úïP³ qIþ-oÖïEýà_‡"F‡„ª[Dëñß)·H¢Ô Ÿúº”¥{“Þ¬úlŬïŸ!Eñžø  +ö2 +òJddX6cŽ3JˆÅ6 +3BKìϙã:øÇÎqŠJzßìS~¬»Ä b{žìŠÖp]$pÕcÕ3÷£»~/Uwâ +r’ÀZMm¡ìmi.ÞZ§ü϶Ͳ9 ++ÎÍÄÔû +ã™r +ñ„9g:µTՏ¿ +0ø‰—‘€b ÿ²'H™^U-CZHÓg‰]¶¢#'+˜‹B}!óåÈ%äœç€WlrU5Ôr®–% u#¯Ú,ŽÝºï\y­KyÅmÊÏÈk𱟍ãÚ + Œ +ôäð#èÊŠcÛ·Nú„­¯ŒùÒK©ùÂCù œ8µ‚Ãéb +`~u¥Óž)ÍÀF\F$båæý ub˜Ä‚‰Q+œÑDšÝSÛGiÍ#xd "“$nšPž€¿èÜê‹ÄòÙŒ]_[ +§ñ}¯=7ž>üœƒ ™ÉCN&øZQ¯lÎ oý?úäÊ·ÊeJgS8Ç$à;ÚàŽŒB-ÛòÍ?(*š[«âes]1ë!ýc +ÕÁßñA +^ýs3¶Ðnßëڄÿ°ÈÆr‚‹âÙõ‘[ŸšLzyðÇFŒR `~AŸåÿùY AΊÒ6¢ÿÛíÂjQ²2“¬£_ö> ?Ó÷†§A7íÝÒ +Á¯??»3zàû2S4vîå0 +NiސV¬äÇyáÜIŠ’TG¡‘v&Ýe➲èxfºîŠÓb6ß"ò?TîL+ë(L©0˜“Ô%<ážÙ`e}<§íwܧû +v%léÕý¬Á28ç$ +>ÃǝLšÅd^s‚Íãa +TÑ¡‰ +!  +„*÷gKؖ>@c*ðê€,„;„À +EεíЛÂàü¢š7{»KP§îs±ÆîEµŒ#uAô¿s³hÈde +ª + +í<`âO+ÜzâW‚–] +hù0cºBióDQÀ¡6 +{Ö϶=ïæđ×ÑøåKš˜µ’‚: +°HîY6V.èùŸó. +ٖ¡_-›zÌÅ«㗰æ <¢ò¯N% +Œ +„Ÿ˜–Øô<±ùþMH†’-‹9` +äW©!Ï(ó°Ù.iëþ“úY‡ +žåq8ӘŠŽ†_iØDï' +à€Dl;‚Ñ$ÓXخۋwDâÜö ÔÔw+9°›>[ç,ÔñÎÍlfjçz—7Éíë.ÄÆ6IW7û¬« +Cu*!ù‘t6ײðpp6Äñ5~‹„†Ÿl3.eªÀž +âõ÷’¥ÓÕošÊsFïÕœëü\bïÝê>#** +}¯Ð‚Õ_‡x.—ôWǔ€N™ÛՓÚwß +ïàPŠ68¿0Žy[~|UdD(îÍl_Á·n0Bʇ‡gš†“— þ’ÊàQ‚ŽÝ%MˆžÙç÷ùtÌjLï.QŠ«ï)«ÚÛüéØEë§áL +Ê3;"=þnòÅŠWÝ7 +g”ÞLŽÈyÑÅ]"ž‰lhT^ü%ŽÑáÎÔÀeG3¢Žr`ú3OŸÉ®)÷² n”W7ÖkDÞqÜ*'æ ë¬V +¢Ãâ’Œ‰6^èL~¥ÙŠˆê£!Ï +Eâð#ýëãX±•)ñüïñÁ³ñWæ\ †îTêm"¿£€ÂÚØðº;õûísÇ-&§ôæÔZȊRCԀøŽ¡ço³æDÊO—‰ï’§èòŽ•SBê*§ÆݓkXåurèrÐj³) + +™Cx ôäÙÕÍÉ2ñŠC" +Ú6ÌÔC Ž +œdˆ›æ$W¢âm±qZÖz¯z:Æh’ÝšßT‹>G‘Í°j6u÷‚kk +³ŠãŲ®è:?àaÕê橲ǚžÙ҄«_À +'b‘·¢Ò[·yŽ1"QÐT–(ªZyèG¶×ߌÅziÝèPíû¿00Þ +â÷tÓ¿5eôªl0;W]ž3yu»ŒÅWãM®ÕšTŠ¿5öèã‹ÝÏàU,]O­«õÑ™UϊµcîÈTxòxÔUïðÃUù)v•ñ +wÚòŠK0܋V€Ù$û +œakHé»ª8»ä6ðϳ5ÈKBJi/<¯”ŒˆˆcËÖëˌ6­!ŸŸ¡žk +"Aï›j}‚wÈ¿¡6Ÿnª[ +ÁÈI7kÖiö»!¯ð +j¬ßZŸÍðR/@XÏT•7yÉ*öÇ~Ð×JIÚòr¯>.lAÌß­áÞ¥•.ϧ@Ú0V. U)cYjW  +­I1‘ù” +ìVÿnÒPŒ^öÍ + +X­5NCŠ7Hq÷"úfóRՆĘuP×sº +³ ŒËþ +Ä3±#÷˜ff}w»Ž +ß(ÉNٍî§ØÔÝس¡o最‰x08l/gtÕAœîŽ­ZÚ+ž?©o«0€)xí¯³2Š·7® +}SmšKJëÜÉ +·®Ñ‡­@éøŽÕÖ?í¥n +oØMzÔÛz·!Ÿ-qé—r,yÙŽ/†»ÄØOÞ¿3å€5üœ(Þípæ +{ ‚j]5œªÐzâ?Ÿ™’šZá¹ +ÛùÕ›ºµ~˜W }qå!wP +n&ä0_|Šoä””îãË–èb_ß=lžFê}É€‚Ê~ãÖ0 2/ +~Å/gX'ˑGº‘NLCØJ›n/óôá×u;'²æ +Êw©Âµ‘ãÊ3^坝í0Ž6FcP€Âq +y*Žsž6i7ÿîæ±Þ³™O“BW}+)œÆ[RX”J\i3ð +§Š +m_ì­'Ëùl4ŒØÑ5Ô70- +’÷:ÆÍlçÒŸiO`ºMК +˜`JQ +Þ\+q_Op¥²U·Ñðt?‡Uä±bº€[ÜQñ¿vµ(=|X_K›Ê¬P­÷©P:˜È—w&Ë!vΗa®óbNÆ·©ªchw_a‰ +–€ÎˆbtºXküP£0]ìGVI‡~åA° ’Kˆ¯” +šÊãQ”9P¥" Ÿ#*ୌ|NB˜;ÁÛڗŠ`ÿTve +W û£@Õ²GkIpš +† +—ŽA¥ß +¡\$Õ«ÿ±S‹[°[Hlqêñ¥Ò +U +›šV V+]ž{ü«L¢nË K+]3(UQÔtž#Q6Æît­ ++aÞZ!7wU[MŠ9VáMi¢œšVàü»æZò +‡n7 +Gy•“^¹îŠp\@ÙðâPû.ÚJ€>í‡Èß¹A8žšY° +;«¿3?š[Ónń1ÇÕ +ÌÁ[쑺Ñ¶›}€)3Üþ6—ˆh¿€’LZa(ýÝ®ŠÆ7;YV‚DûNºiõ +cʓ1ß~¢ 2Ó^eϊ +Œk®°œDÿ5˜ç€ñôÿäÕh£x÷c«õX¶IìöùJç7ŒfÆ5+õ +‰eœáªËúÁ‘FAU*B5A¥® q[Ì¡¹º=&7ÛE‡FQhxþýKANb-`\!äãùœ$¯ã˜Ua,ñ¶õâDÅÔU 4ÌÑvä¯v VzJ*etþÇUˆ%f'#, +ldœŠãË2Ýû'–®ØQÛ*—{ì[ªÜ%¿&È +j¢EjŽÅù•ºB +ṽãjÈëºO¯•<ihò•!H–_( +¥€Éº] +³%·-?>(õZÉ¡Qù)çînÔl׊n–3҈y©9¹ßʏ»¥¿!&U‘R–!çÞÞàG|vB× +ØpŠäùTÈÂÔëjÃ,Ìžâˆå.ŠH鉥v¿~ƒô%: +âÆåê\юmܬ÷¿&¢ZX1¬Ë/Èâîp”V]ùŒsŠ·ØÑÝßÆœ˜èTóê!Ýç{°¿(dõ +4Ít88gËø×Ú\_D•â#C~"fi(DÕHIKsúE¬nIè©öÁWMa5æm֊küªÖœáÑ + +å&º<Ù±5#‘Áُ`ÈÀ&Yxv&¥û~ã-lŸ!ªU5zŒ"J83Ԑ—‚&¢1—+cBÙã)¬¹N۝Ŗ]÷gŸK—ÌƲhicýcŽ?å\O•¶3ú7Mj +Äj:Í€© +LÄ +WšÂ +6ÈòÀ@"u +W¬™•jr„nSa—Xp'ì—Ÿ¡6×3 +î8Ãx€e9‡ +âsôZ +¹³Öºa‡/®MæSêpØ +`[ˆÛ~§ï²ÿr)oddäaýœXæ&–"± +ëÁ:N͆0/fp +=ƒ¶©»‹!*cÛLlఋ.ÒàO' + +„šKþ²  ­°™øã7t³l‰oŸñ'u\ƒŒ†Ð3UäH +‘uØŒ©€™ø+Š|5îœH'S.Šaltí»ŽP.ZMªIu+ž +M‚•&¿z]%-F†í{ËìM ΂)óéãÞœ~ü»úÛ¯u +O~t__KJêtjzb·œIš'/NhæÍUâԝ|­GüƒÔsÂÛ;hœÍ܁­Ž~»<-êÖFž|]ï +¹T62ÊÆ uŽ +2æ•Ó` +„WؘӓތòZžsŽ3ß*U€Æ±ÉªØ5ŽÑ +õYžç#Hú_Ÿ +žˆØjà©·xLR"ðOòCëòÉ¥=èv +_ÊÒÍÊ»€üE +æ•Á +j74Hš‡Â|‚èþæ?l +lÉ +‹»3 +îEQÝž +òðÝn4W.m€žÕC°²Ž¬™6õŽd +º•ƘÍEêJ{òa|ì`‹|Cºe¬ «ˆÕ#bœO +ógÞ8Ì\ŠëØþ^œÐ@ØÝÉ +~ŽùsRÜ¡Ý +)Y± +¯ï¬ÕÕÝž†¥‡Sý&r¬U: MŽÈÍDÕhsŽŠ>Kq›CÞøÊÙ1Úaueµ<ó­‹"óm #‘bó¬nǕÀ|²Ó?‰¥ÿCC—Š@D +ÜþGC+~)RÉ¢{9Ù +ßå7ÜaÇv›€ÓjÌ +ï‹Øú‡#€Ÿö¢V]ð‚D6fØi³dŠöÑ`™?Âj׳™ðe ±zÄ0#¢ŒT‘vi÷á±3)1mùëR€¹¹ #RË|ÄŠ›nIê÷kñ +áÕ +þУÉZàG”òŒµÓÊÆÁÝô‹¶Fñub™ŸŸx hÖØ}ªlYŠÕ€Œe‚Þ„Z¶³"oU~×4ܱO +•¥ÀٜhÜÅ¢ß$t)EHðôם×`;¬|×£ïûtÒòçÊžžÌ§§9Î횥ÈK³ÿÎkráÞ!»+C«)ë}œHXÕÜ[ûæ +Ï +7«Â努>ý4KÄ=M¡Ÿí¹º ‰ŸM5K¶0ýø—Nwý^¢Î[÷É¡ +ŸÂάõ1ÃœíɈ«MëPNì­áÁ¹>àºÛUÿüTÙ<<Þ +ߢÌvó†5ƒ¬+2 Ë` €j +ÊçÔVŠ$7X°×ÚZŠ”ŠÕ?1׉ÉdpžÌŸv8",†Ÿ +œ¿rŸ›R.9΄Emž%R€;~á“íI§&÷Á5˔Šß›?ðíÖ*m™Åú/Z“"š ­yþXVD +Ÿ5E‡¥} +ÕÊ)Ç^èÌë:)`|*¢Ö9ïq„¶€¢¡›=ü”ՁP°Jm)&zQ;YÁxR“Q<Ì0I©Z R*†’–Ûêþ#°ƒËcý1~€ª®ç6¯iÉøq@ŒË̋ÓJ]kž!¥ŠÐ‰‰üùÄ ØVð—Þ^_Ód‘¹yj¶2ovBµÄeá2© 1å¿$áÉ=£ à³KÔ[ +ÓE}zÙS€3Í'˜œÿFe=ªã qòæœJ„G& +bÑ9tÌYZ9-9>Ìú*+»×î +ià +V~ñ Š +¥W[{¡r¬Ïÿ +ßóuÞºE©üŠ+ÓÖ<œãl +eÀ w=Ü=âȵøò[j +҇ÅíYà +ö'Þ¬ñ +~hŸ{ŠŸ8  +ÝÖy\\dêrà­‹ÌàC4­vOõ +’ Ù+®‹—ˆ™ŽUßÂsyÉÙÏÏAtβÀŸ%X­s'FŸhå.‘ÞkªÝƒ"l%Ã&CìxùŠ†•Ù$UÓocˆšÊi)§mg¿uÅ4K—ŝÞôý +%ŠæàˆNzýGœ¥û“!šBûA +ò^yK¬u.4 +àƒñŒG~~ɘ~˜¯µ!í]»ES/ÍeE6.昮²hô)œ’2ÙÙ¥Õ~Q€ùü{øÉQ2Ÿ;˙¡psÑà +"×fB3$å™ãЌ`鰛 vI#qW!yaâ]üý”­¶/·#ê8f|Ü^ä7Ji|Áár§K«lýÝÇ¿ƒkkŒOƒUÌúì˜Úª·3‘þffñPª­ÌÐI}±Aµ‡u"Ë 0ÙèƖÿÛÍ +ğû «}hÓAK@éM]_èzX4òêŸ•ÃÓJ¡”­Ìñ +αS +Gšçcœ}ôqvN +åW€ß&µ0þweéÌC³Ûôfè'±UD\îÆNì, Ë60Ù¿çûQíÄŒ +ÀÈíwdÁë>Ïc< +ð`R#P£ ùªu ÖñnŽñôԗEIgƒéÈë +} +ÔÕwZ- +ÎŽ!òŸÀÔ +B˜‘' KÞýˆmOÔàߞLj–ӯІ߲À·Aó<Á}\ۖéjýj¿>pmž®øLÝ£Š*¿Q8ÍlvŸI˜4ßÍzî§Íp + +m}Á7©3 +ÊWÐOov*Š q›á3û +­êÛP +rÔ +ffޙïåòÆ]O2BýÛñ•Z8ð4{ØìžZ„D +Žúfžb³hÝ£ +oÍwfž +(€ž +O]ŒŒœŠžZ¢ÌË$ +\ûa]&>ÉŒkš#ê çàèÜ«»žñ±XæMŠÆÞ +%!ïŸl:Û·+Q"Éo2ù *sAÃ}õ‚£o™¬‹·Ò–ýûsgG|mJ•)@lJýKË#,ŸÏƒ”ž +‚ØòÁä S{ž°‰‡$ +_¯Æ +שÍÈPš€_î’ +rq”Én~t~@ï,Zw/là t)µ›ŠQ̀ ‚Ä® +ÙÛ݌p³|=N¹ûÕɺ<è,±æÕž(Œ§Pów’Š$ž³bF-œ˜ôŒZ:<{øOúÂÅ»ùyÎï°®ã-ÎsžÐîfýÇG +SZČƻýŠ€&VðvBߟÙ¿Áa†ÉiB­e+‘t9˜5ŒdÜÖŠÿUC4k$J®yι;i;G’ž„æ“£h€ +Ώy + +„ÿ•ók/ Ör҈¥=ž±‰ +3iû²WÀÁsL–ëM s¢Ûlãüµ +Ø3m¿ +Ÿ9.Éi$|#¶> ÷~6(I ]ô:í i›hë +—ãR¡&dPÉËJµL •äQ{›¶JyzQ?Œeʌì³_Ìí +«?ø_ +Ѫû/öÇD”7V÷ÓL¶Nhä§8?ÁÒØ,aü¬¥LH>k46Ђˆ êEhp e°C:úã +ºjªÞ‹–p3æÉÑ +óÒC;dmʵ®e—“©Ò³êW +ål‹kÅ ùVTŒÑðó +ú%/šèÐ*n\“hü–ØøS2‹‰ +»Ücî +²Mǧ^Ô/’ìMÐA”?3~,±sô鈠«‡YÜçÊx›yɵ[¹ñ–@Q!¥ƒµ.¬Á + #á7˜Â‡ÄœHé{hË]³'Ô24ÇHõ@œ8êiXŸÖMz4Ž~±×€þšµ§œó!*ojP˜.K +>T òÔ«ú\éw +’T$â+ +kÙÓÖ.Š†#QšB’Œª!$ù&~ +9üü²Ž\=Bq]k$:±©û¹þÏŠ¥Â š4åý›â²¿²’ãß×@k Pœ€“ÊTÓå:~¬Vœ'PPw«¡BU^•1ü +‚±. +5n€®Nô_¬8µF‹hêokœš³œ@Ð3#Ôñlèj|6 ++1­¬F¶‰è)NÏN©,“1“àyܞ³µ +·3ä?[‰ìE3­ÆD`œc8Y8¯¶ÃDk+O»ÂÔ\»9ØönþÔÊ,ǔI貒Çp)"ܛ Á‘ü*hžlI:Å«[35ñ +n‰ìZŠøÓ/ùŠJI_ïÎ!ÐÔ,àO +C~xûVæäÍ3Åʼn—LUQ:çù—/òh ϔ‰E{í—[l‡ÖÎ,x{ŠÑÆé–aª¶2Äôëe °Ø +¹/«ŽiéV +ýq;úí- +>û¯D«µ®HfºÂžxCÐ:é=à +²,Iæ¢:Ó‰6yyë¹UMo;ðØ0$‚BFÍìBïÉ{dã); ++Ï[/1-›“Š8Ðæш +Ÿh|Ꭰ+‡ù'ÊmÐgãåì˜ó?§þC9õVãj +û÷Á`ŠÐßæfVîh³çÅÀÃŽŸžœçYôbçŒûì‡<˜#Vמ Ažùœ,Pj>ÖM®€Þ×e6LxŸæ9ÈqÑW?›Õ°ÎÆt4œ=žXD"H¬Ò§—ʐn‰cVšuËݯÀ€êÅïåc}‰Ð°€¢mêgڏÑÿ?òYԞ%/ÛñL_£\ÝÞ6}ó¡ÎÊuœC÷șYGæS.yÎBM3õÎ?œP€œLÊ3ªëüF·NÁä°ÿˆ!µql–Ï +EµšÄÀ›œë‹¢úQ†jf<:¶ ªvVK&µ +L#ÁpX>¥ï§Ÿ4ë×È£_ +€4%P”Ç“4ââ+¢þR7Pþ\aBH„\F·^Oä×Z3F| +ׯñê¹}5há@͕ˆè@OÞ{sù•A%±uoZ-¡¿oñÎåÓšèá’lcŠv{º`sՄ¯XÙU¡æˆþxéû +¬êØ]ŸÈT¶i‹_HœÈ›ç*2ŠÂÝ|# Ü7\>‚kKÓZùVp’¿fd±vûÖÀsôÍ.sƒ§‹iÃC'tvqRÕ°äÜ}ZÓä‹P§hŠ%‚å™\RÂâ؛Ï>ßáì”ψ©–”õ-ë-3æܯŒì¹Ï8‚j+mScägV‹kêW¹ê»·ÇÜn#ñ +=Çœ"\Ýo +‹ž^ +ðXê»"éÈB«Ý4V Þ±öaÐ'”Ň&Žœah§]2üÒãêÓ[£œÂ=×ÄÀdn_|»hš™äxä:Ù=<0±žÚnןTb +™]©)LŸ-øzêѵñÙŽö΍cž +dKwvéëY›ÇAÛxˆÇé¯"n€~öO + +=OÇèî$®LxÁ| +M?ó±$^ğ,0RU7b_Á€íÔÊÃQðM,­œáAoø˜À]¥¶ÓÖNz +ß²Ëf 'Ž}ÞÅÆÙòà] +äØýôÕÖH3_­šË™Ý>°€â雟v؆@’­,„nÔ<û;ëdž•4dÕ^ +UŠš‰˱˜àè²ÞX1 ¯pÒ÷؍u;\åžA±MCð4\©Xœ78mÚ`™)KΎ{²tˆV2|U +~ÏÀ_훿 +¶d€3‹ +—kâÈK5]@–ÇÀˆ÷•t—îxö8ýåŸâöc1·ÿº +endstream +endobj +6477 0 obj << +/Type /FontDescriptor +/FontName /LVEXIR+NimbusMonL-Regu +/Flags 4 +/FontBBox [-12 -237 650 811] +/Ascent 625 +/CapHeight 557 +/Descent -147 +/ItalicAngle 0 +/StemV 41 +/XHeight 426 +/CharSet (/A/B/C/D/E/F/G/H/I/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/a/asciitilde/asterisk/at/b/backslash/bar/braceleft/braceright/bracketleft/bracketright/c/colon/comma/d/dollar/e/eight/equal/exclam/f/five/four/g/greater/h/hyphen/i/j/k/l/less/m/n/nine/numbersign/o/one/p/parenleft/parenright/percent/period/plus/q/question/quotedbl/quoteleft/quoteright/r/s/semicolon/seven/six/slash/t/three/two/u/underscore/v/w/x/y/z/zero) +/FontFile 6476 0 R +>> endobj +6478 0 obj << +/Length1 1630 +/Length2 7149 +/Length3 0 +/Length 7981 +/Filter /FlateDecode +>> +stream +xÚ­TeX”í¶Fº¥QB†’B:¥»»k +`†F:éFP鐒éFZZ)é”úœ÷¹Ÿ³³Ì\ï³îµî÷z +fz-]Niž5Dî„ääáz& +Ѐ:Z»!ÔáNjœ:;7Mkpà23˺B@H(ÜI„„ˆ +!69ÀË +àÁeȝœ\¡vöH«ŸŽ!Èñ/Ëo€µ×?ûHÔÎ ðôþà +ƒ;;Bœ÷ÿç@]€Ž‡l¡0@VSËXYCÀªš¡P„8A\A0€–Û}+`€ +qB@ضpWì¯ +w²þn +ÁuÏ%€gzñCœC +gˆ«#žÿ@;Wò~H8ꆹÙü.àÞn +ÿS³+üÞÃñ +»'ӂ#°+Ô žÏª%§ðWH{òwnô +Àmï=mà`·ß-ýÁîiîQ$ê„ !žÈß¹¬!(ÂòºÏ}Oæì +ýS†êd÷¯ +8®;« + +‚@ÜÓÜsÿžÎ¿úüîAÎÎ0¯?Ñð?^ÿ¬ŠD@`¶\ž<Œ÷9ÁÈûÜvP'\îßË¢ìd +ð<ûËnãæüÌ +âúg@¬¿w†íŸ +Ü æ°ØârkÀ‘÷)¬ÿ7•¹þs"ÿ$þü‘÷ÿ'îß5ú—øÿ{ŸÿN­àƒi€ +ïà¯GpÿÊÀj€ßï + +ä +øýÖžžAþWÈ +óú7w4„üUìóý +VF‚î‡"ídw/ +'/׳¿ÌP„Ôb£E‚í¶ ØýÌþØõl ®0šä^Û?cœzöìo˜ž=üÂé·A'›¿—/ןâ¹MŒ””Žuÿî +ýã©u¿ H=/gà¿ÓªÃmþyøÍ##÷øp +ò8yù„BBüa +ž—ÿ&㞝ÕAHWš'Àô׳g<€ûÿüþu2ÿŒnó{st‘ '›ûeû§á7 +vsuœ×øÏý¿oúç?kxBÀž_§á`±‡ŽÌtd%åÛÞ!9ÓÎv +ŽÞPçÂjœŒœ€rx›ZĊH©ÕME(W͈è]£×Ô¶óíš +ûúçv +K[ +dÿ=ÍKF¶Ž +âŧÍBÀõ n‹B‚ô +ÃhŸƒIµetÁgë߆Žu, +n0iGšù\±ÎÙÝsȘΜ ýÀ©cÉ[ˆjPH*s·wž&þ8?céîïëíi;ÂèX£fÇâ0‹¹£< +pÉŠ–4Ñ/õ‰®¢V­ÓÅt$Œ‘Øî+\&‡P +ŠM–ŒÓvÔ×;ôkÉö}£*„VüIg»Àâg–ysæ#é“WÞÝߙßùÐ8 +ÖÁ„~¥ÖGŠÕå‹o±%Ð^ŠþÒü>Gù3«õçmæ­] ²§y5Ê<þѪ\qbÀ5%µª¶ÛˆÐ&䊮‘_(Óüè;³ýKVÿ“Ä>ûސª(û%–ÓÎíî'Qšð%C¯JqìlŒHXa#ÉhH«s¢ÈŠ³?.ãÝ{Ùԛ‚€ú³×N‘sò +£uj'åUŒ +” ±ãÝ`‡ô#kÑw”[òKÞrLRÍÅYjœ+j6oÄ°}ˆ\¿ÇOT$¿]›GxŒ[2 +‡³V—ö“KãCãU*õ™fÜu‚š—‚©#«ÚŒø$ÙhÒÖeÒýÓª +éÏØÖl;âšv +?ÇßÊX «;ÎãêòJŸÌáL“rHQfÈÆ`Ÿolùék>ØáÈý"QÁ_Õáµ9ߍÄ\=É©1<œÇÁ8éÂ! +Ü#`¡;[öœ|ua†©Ì3ˆÕ˜u>ü«žÆAÂÚ› +X€Ý¥ÂDàØÓ^plŽÑ²E=¬BKªžŠšá]«ŽËÆòj˳àq +êÃž¿œ"ó¥{BìRO=L{|Ðb%Žîäåá™ùx?žGLŒæ +ºýM³£ +Õ§’œìS¶ßuU‹ñc®:â4•ö“x +š ñÃ„Ä’QB”q‘ÛœAóm\µqŠø6{YÐ7«ž‹©“Ê +Ž§³q”_­Á®EàC‹Œ¶ýOæ{ +ª:Ÿwð +‰¿ïgîc`=€»kK‡Mêlòiä§Vj,ˋL²•«ùDd1Ã/\iw +&•W­ +S + + +ÂâŠiãÔ2&ÈíñOHPª©Ÿ)¬ +òéäLVTœ\ܘ4¯ðêÓ;fœðÒ +:?0hØü:cÆ\µþ°VqÚ°‘Xd$=sÏuŽ „Þ® +Mx¯Lg¥ +Â{êªÈa’sZ€Z§Ê2gèà3+€Ïj•DÐwѓ6þ”Á¿šÃ³ƒ .çØüæ€YÖµ4xvª¡Ž"ó¡¬a5¹íùGÊ ÄJH±z™ +Žé•lÎA¶n8°±åHnìo'ÄÀ¶„þ)òU‚Ku‘=ùáçÉSÏ1¬‘ìՀD¯«‰G™âR”M¹ Á +¢ds¿Ÿ‡+ég +ŸM?ó±aSºKA“+ù@ç^ä×Ã.ž¡Šy¡•mgP{RØOZMƒÑ¡0Ë=Œ¿båÉe‹áQIÛRöÜØeœ|T–ýў䜥o™P$¥î8Æ/L'ýÄœ†kÊÜ3š +Ô©ÍAÝÀŸ¶`ú”qOèþƒ/УsÙaŠÏ‡ÉI\d¢O{‘6ã#’~Œ=Y +›-9ó³ï( mBÔ¶n,ixž{$š`t9ßkù|Xo?IúšéÖ +‹ŸPLjI nöÛÁ‹3ßf%˹—FV|.ñ_ñxâÒêùœ”*’^œëÀaR¯békÂ͇#º£âž>Ú»ÓÅnç·Gfº·F­ì*Ê©ew+C.ڂ"E2~L,fòàҞÛ#>Ñ‘ð8ð& +_L·vՉ[€§·¿à/Ì& ¥eÎΈ¥ +À§*?²"ÿ^åiÖ?B™ß:X²ä×!›^=ê®Í%m•š„Á=iNè(à>€vx‡`ďĩ2ö + +ÖæÜt/^²ð+bû +kW÷Û(±b2ø‰™œO¶‘"æçùçœ/¿ŒZœÙ5Ó +ŒœØúžawRG’TpÅLgS/ êÔvš&[Ç­_6ê›þ`ÇpZžäÚŠ +ϒì'ïªH҈=ă:ö}Öcm鞠»Èìò¡îrlD%Qáç•ßS?Ü(.Ìu[&|Iú‘]’}[]N<œË@dL%?!3\³ +²àšSè&¯Nï”ÍœgnÿŒ~ïäY±MR«vƒBº¿e ¢ h +  +ýù±f"àˆ +\ÒÔ^%ii +®ÊˆÌÈÆü2Ÿ3Ø0 ðà »›`w$J±–ñP!L®³ãß‚Ep(¬ëÊÅ«Z¥›Žšò2gs« +§ờÂl¶cë–J5£ þŠøk*ü•·RR-§¿ÑaÉÞ-¥èçî)Nl4+ékŸ{Oŧ‘¿ŠÜkÒù5sL +lLS©ú2‚Wå•y.í}+åfó™°j˜{µÀ¬3b÷Ù³!š*Z`m|֋ýò€Ü{œÅÓûŽ•y¬ho‹‡„oÍãJ€)?ÂðuÂYÑ©Q +7ó„d`£•ˆZü“g9Û¿Z{ždÊޗNá⌜<ŸäŽڂÓµAº’ÈæÉ*ʳu}è›<âàW¥HR#1f/ŒÖÑéeºCyÇ«  +–ÏCžîÜX§×£$ +‡_±_áóaÚÕ)"ÕdüÍf$m³”äØGñ¹úÄ­J¯ +ÝÙ¬¶ø9Œj~(Ð>“Ó.¬LV7ŸAGMNÄøô˜5Vù,̉oÊÀ€ÁJ³óœ°ãBٔò8 +úEߙ?ž0ð³ì!4&œ£3PœH÷E_¡ïp@ßÂÇ1žƒ +/ŜcDœ«,¡ü’dýíéÇj1sÁNúÖHâV§[„Õ[ô:C®n›œ/Ëp& +E˜/¢—,sêc +t€rA2ӂ6ÄÐ3! +;OšªO + +s&Skñžú°_W§ÛIôYRÏÿÀ\§fSTïÔ»n^HN}ÀUÄŒÚÌŸÿ¡ý„ÐÍ.¡ß5w¥(mªÈe>ÎFE”f‚`×#ÏïóóÄzí’úýz[Zê·²Õ&»D*c + +f¥‰ü”‚ÞÞR{‘S$ȻȣYe*±è +|ôÚSTf +eS +¹¹Z]Wo€äý+Ü+œ&KžÞÄöìW*Žì_*Ý[ECMu6·àÏ¢\ûp®h0oٰljx .,y^¬ +×[ +YŸ#n% + Ã,fÎmQõ™(œÔë¶Ë•Ó«ƒÊ{Gîß/„ö+ۀŒWÒYûò¬ÄÄ/Þð¹KŽüà—Ûã± +W +B9—˜WÓ\û<™üš(%8³õ,L +oÀFꓠ–% +sŸiïR{«^B^.s&w‹ —2$k"­]n÷$+«~«9\B]™ +h_\<9(Å & +}æ­p™Ÿ³£IœöS×ùnWÚ¢D–ô¿|1€œÏ¡ºÃžG +ÁUÞÀÊÕAåH)£?ÂrW¯ìL< +TtÀ–éêzdž¶SF7õ:©>¶N±ƒù# +Z¥­¡ü%ÚhÛÌíÆvÁŽ€ÂWsX³2— +„žEÉn|?”p +lٮ٪’XNùÒ1úeA#!\Èt_Q)/ü +)xNFزë@Ý>傍Ýàðè­®”ôšJgÛêP3åÁà”}?EK¶|C¡ ¥÷?ÄvbJb+`yJé)Ñ #Ղ‡‘ +«üoì¿ü(й~ƒ©IƒKƒ:T}Š“³wlž\,sNË2JÛa^Ý +ç7 š +€±6 Ü»þ¢:1‡Ïši{OŒå8k,VPNáæÿ¹+á +ÇSA2í +§ÃÌ#VŠøÜ1 +%çÝÎʝtC¥.î™gÇl,ƒZÛÔßh¿¯ì!““÷º¿«•µÈIýŠT/àO +¿ˆäØ~¹l_” -ž°ä{LòTìøÊôD’Œ(ð,çdgMr@®‚ýÚD£›ƒáD\þê€Os +óô”âõ¯ñ–§8Ɇ$Wý‘þÓáŠ2£¯#⚠+žôÆÃú`ôJ7™S £Šø›5,ŠrMüÀ +׉›Å°Ÿl°§”rü¥ŠC'ä=XÏî›ê»ü/á+ƒL_cViéú +ÍgÎx2 _Ã6Žd4j/ŸhLG\£ Î‰žeª’3€n£nÃXô<˜°Ô9ê4«\z8%R+1ùü\6 ãVƒk-I ˜êßß +Šo;m$8I¿E˜'$ùgՆff?®UC9RBón‘Íž®Î®Ÿ‹óÝ[$/†£k0çôH_YW}Nöœ@°fò +­õútîXv!Îçl’—-œ÷í›2Í2³EÑ~p~›KÅ.‘4 +l +™–µÕÈ š¢ghî9Y-^¬±ñÇd.’µUÊ•ÐÒG`¡SOö4‘ç©VÝŸÏ>óTˆc’T„h–eàÅ*é=¹›éÙËmJ],#Švù€tìJýì=ðSŒÜ-·–é wïFôÌ°žîâDM£Ûéç +ÇÁª +hŒ6YÑ-&ךœÇþpñðÀ22åkÊ ®~Ç؋(D°»réEýûL˓`fÒ¡ùþoošÒ•~1ÁÏÅã5H#òÎÄÑf^Iý2b£q<K4âøîéÌ,ëÜ£±Éåñ8frÆ"/rÃãÀØ÷‰³òT2`55Ô=íԞ×Щ>  3ÓCYÏFSa¯#ª±’¢íƒû +ò¢ç–~ + +§_zÇáN-öXY ; 1N€mªîÚŸ}¹ +$³HyÌã¿êÝôwÀKl,oiu¯§,ÂctócÞÆ%žfýÙmAXœA¶D±í?'iàgÒ`žk¢‚Ÿ7Ö!{[(™Ð°&%N2ŸÁŠ +:@ÃÛJÅ­ +—ZènJS«Z¶–ðʐšÁŒV£ï~ÌéUOèåúXw[’ÿ ¢Îlߥ²Öœx‹ÉÔ*oG—–ÚÕ;ß +Ø;l@cµŒ ‰%Œ€pòÎÞ€T4¿÷ȄÙÿB2Uùƒ=ÞºÂãù¢–çs' +¶\Ö˜ežýÈ3띒am"8‰ÚŠôhê4( +Ý¥‚ùçíÔ~ÖÇð@š“Ě–è_ž†­²^ɬŝòþàyPÖµæ$EFþ+(û³ÌÇ@mŠlËvN!§©õÃ<3qI)œ*Ñ)îÞ>„Á_yºMŒ’Õ +ɺ _ՃÉn_j’À¯YŠ­†d«"òoC³K披܇iÕKjN +Æ9’/µ&Ú+º*Ñà +ŠÚ„X„-~ȘŽ²a›Þh£ª²$iµšå +äv/€WxíôgC‚H³ÒMôŒµ“gãÜ + +±BSíhW)Y‰Â|9j +Tx?w1wî& +Š›šE`&µvZÆÖ'[.ÅS®Ÿé6,¢QH{·œ+º†mXbMŠ–gß©£&ϛÌjŽ°?p +GX`i$^£µx¿~=ùû蒪`¢ÐÞø\ðLL”XÀ:îðšu8(C5ç»Õž\TXuìX‚gI+rÔvg`žÌ1߆‰ YY°¿ø +fû$xØ !k»–-­êϑµ°åÉ;°¢7ž=v:KR¹¯ ‹‘ñÝ,\›F‡ŠY +ý¥ù’øöÁ +$Píx0 +yÔA`üí*ðèûɬ +Öë—ä=f~ÔpŠÝ¡› +ñLŽç»Œ{ˆ„ün0T1‘á‘;LSG@ÜË%N.:“?K&­PP|ü&«G‚_eՙ—&JàœzÄöQ<—q³ÁjN5„vél +šëÆöÚ늉L岀Ûû®jµÏぎN6xš¯I²»±LóFxêdë’ñ~Za³2î’Wörüçø®~écËòwv‡ÜI +QÅbA·&Ç8V’ý¢¯ðõ41ßÖG¬l*ã†m:å‡@# +‹†<:æĺ +'å +r‚ä +ßÄÓjŒzˆŽ£ƒµoÈŽK +Yp±v8:t܍q[ìؓ1+YÞ¯O)曮üž}\òâ+À]vŠ(Þfúò¬Ÿ«SÆh*V€QçӚðš +l|ù9OÜ~BîKñœ³ÉÜ5o]öEŽå9ßèÈ'PŠ7çcÞ'ÍِEQ•këÿ:_ÇkÚXý吿q[ä.T„2^ +¬=Pª‘€ +è┭û ž;8FA_u蜰äò¢ë%¡_4}^C²À/ôr‰aë51EÉ]:÷9˜>vÆÉW +æbüäÛRm^ŒÃ¢ÑyãÖ2Ýçfðâ4Vi|þ +öƒьž·w2‰‚ +ŽÔ¹ó“›Õ"wçD±Èý2·}:ø%ãý˜?¯”ÿ|“ +ÖgÜ +î°M}“hx%ÑïqA‡Žè#I›Ô+ã)M5¢o‹ÁK +í²!Mz,$Â85Šb‰EWëÌ ØÎKÑ\ˆÊ]ð[§nwŒ˜«—$$éÜ +]{ûLñðœXœú¶è·i bè+JØmÅã8Â~­jÝmîAŽ[·¬ŠoüCg^Îy×åøVôφìÓâi‰€1Z£é¡ÜåiõŸ + +­Ýé?íp€$ÎÐQwŶGßÆÖ +œzn +Í[¡Æöóòõjz>p•Ì7SFåV‚û¥ËqSw¯ífàŒ¿Ü›¶K˜œ?€é’'pœŒÁO«ü¥Y¯¥—š¬“g·eÑjÀš JZ•= 0–NŠpÅҙ +—ábAdç$_Š·t_ÛkÞ +K +Ò~t‰s/ŸÎš€*ûŠã'3íuƒ¹œ7!ÈÄxŸo &œ“–zŠûô5Ç6Šu/$•EŠ`5T>Wvº[:BÏþ˜¿eӔ~o5ðjºœ¯áœA”Y÷uëm“¢Þ+%ÐÀU¶©=‡ºš”µ;éÈi§ +P”Iô‚ø^'ŠƒaxÈaX:žÏh{lÆåÅ'|ÇBÀpó¬ÄÀ,*ð1$ +y§9Þ +­*‹ŠÖ +‡„ºÇND¹‹e +”p¡sQEg¯™Ú8ÿâh~Ɍz7Ô¡€Ç +±îә`[óšDsƒ-Šaæ²zÙ¶€±ÙÜôtlG%: R2$P\†AƒMî»=ÿ:|¡'›3ôœm„áFÌW»Î¬Ž.Î7FÇìd+‡czXè–]×W + +^Ù<ü +”ÙQžˆÂiÑ«£-&<š‚a·7 ^¢EOáÈOU³“êõ=äT I»Ò øÚß·ž]ÞùàÉóˆ1öÒÜOºìëøLé—èƒ?šM– +pjn4Å÷㱉6­9xË•é?|/ÈW­;ˆ«výÊsöc?áWRÉ+՚ÊÐd˜CÐsˀŠÏ~Øo©Å¹“fu +únJÙ%©}î3„H~+ÔÐn! +‰\êIqo¶¶3 +ì:k¯•À·°x‡¢üZL—£aàÕ{¡ÐÆHºÁìD¯‘|”æ7ûŒžÜbî`@ +w^+’ý™› K‡×c ñ^‡)Ž™Ž²¹@zc,˜&ÕœiŽn‡‘ª‘Žp.Y +hš·Ù¯ófx×F¿çQäÂ-»92Ð^ +N3xÚ +¹ëIrÜdêQú„ +†cLå»Ä[¶UB8 + +JïзÐqL§I¶ÓêÉ)åâÃÒg43E‹ª`âü6uËþÌYð(M‘¬ ŠêÇÓtúÉþÀL‹qkm\ïY®^=Ú៓Ð9ØUÝqÖÎ;éXŒmîK•+ÙÍ®Z¬}Rñ+G‹bÜáƒaŠwúAì>NwøKE˜KiˆÑc)Ô5Fºa£ÒÁ/ÝØÐà¶aÍâm1ە„€=—ô`5T„S3vÕ +;3ˆ¿fK<„ŽNŠ~€Ø¡Uu¬õ +QÆþ¬ì +†K*%n +µ +© +çå?ûÜî±ç>›)þüü6ŒœCÛ­ +>»íãÙúVLâaÊ«|œ\û}rË$aë$õ+F§% +‰˜*Ÿ}kœ +þܘñQ`žX1Šð!bÒ@ð㐖°%}Ø©Ï)ñkÇôÆL„OšÓ/3ì9Ì{ýÔ̪WŠý]®Qʙޟ؈™W§"bï:èR^êÐOgz¥ +êH­ä`Ì=3AÝêÌ ßÖ +œ0ßo +-ŸÌTöuÑÒ $W +±ZGE{OÕA‘û³Âý®«‡M×T3² +±·E™iÁ)6MºŽJó}ƃ¹Vá¡L8Á5ŸT°5çVPš"k²Úë>ßxN³ñJ~˜ÝœÊg8Ï,­¥V2B¯,ØÑʛcéêE„›Y}ÓðºVŸ—ùhºoµ~\„º‘5ÿ`»¿þÄiåNc[¥jWõD0}{ÝV¡+l +)L +Š> ++šiBšŸi,öꀉq(gAñKÇí.U£é¬˜\]yŠ/d¹²I£?CÿŁ˜ +¥" Õ#LtA¬~˜ +d-‰pX؞ñ +Û;r–»ŒQº%4;êÃ÷çšæÁ!M)ï¥c-öXõŸŒ¥M§'Hš˜N‘Hžó&ŏÂÚ»‹ÅQNZgWñ›ùsK^ü +§€xºO£¢(ÔT¿"ªWéëâ±ÆÊ¡EŸTë•Ø¢’ƒbã +‘îÒúRB=ÿÒ­mÚæ©N Œù™5F‡èºþ೎2%õŠNŒŠh`·@‰ŒEúužm»V_·ÙëªÑTMè›ZÙBî^T]F¶Jˆm‘Ö Wù£̺2Pº[ËrãŠÚ‚ÿ¿ŠöÇ +endstream +endobj +6479 0 obj << +/Type /FontDescriptor +/FontName /ZXHHQS+NimbusMonL-ReguObli +/Flags 4 +/FontBBox [-61 -237 774 811] +/Ascent 625 +/CapHeight 557 +/Descent -147 +/ItalicAngle -12 +/StemV 43 +/XHeight 426 +/CharSet (/a/b/c/d/e/f/h/i/l/m/n/o/p/r/s/slash/t/u/underscore/w/y) +/FontFile 6478 0 R +>> endobj +6480 0 obj << +/Length1 1608 +/Length2 12553 +/Length3 0 +/Length 13386 +/Filter /FlateDecode +>> +stream +xÚ­xeT]ے5î$üàœàîN‚'È.'ž»»»»Cpww×àîÁíãÞ×ݯÇûúW÷û±ÇØ«ªÖ¬Y5k­±ÇŠ$URþ,ldm”°¶fadæ(€, +~Ú+ë[É}±¶0Œ9()Eí€ú`µ•˜>Èø4ˆ +¬¬nnn$J€šµ³ +ÈÄ + Qýö–žžáŸ–¿BÎÿéyßi2±Pœ¿8-¬m,VàwˆÿõFe 6ŒA@€š¢’†Ž‚$€FRA ŽÚé[”~X€ +r C •=`lm°øÇ`hmeú«4{Æw,a{€>ÀÞhzßt2ÚüåbØí,Aööïï=ÀÄNß +üÞ°5dehñÓè/ïvcë¿ ÙØY¿GXŸûÞÁ”¬íÁö†v 0à=«’˜Ä?x‚MõÁ嶜»ÖÆï‘Fֆ?ÿ*éoß;Ì»¬²²€Nà¿rF { +}ç÷Üï`6v ¿iüŽY™ü“Àh¢ogdŽ·‡yÇþ«;ÿ¬ðߪ׷±±pþ{·õßQÿŶZ3"±°Ÿç4¿ç6Y!1ý5(ÒVÆÖæ؍~Úü§Ïh÷wƒhþšÚwúFÖVÎ# 1“‚5ø=%€æ§2ã¿OäƒÄÿÿ-òþßÄýWþÛ!þ¿žç +–øia¡ où>ÿž`ï7Œ=@ð× +óÿÅê[‚,œÿ‡è +üüÃÿ D¬ÿÞa+“w)˜™ÿaÙK€œ€FJ °¡)ÀXßâœGÛU­Œ€v +໖·ð™ +ƒã_|*Š Cs«¿šþ +ûoÐÊè_™¿Ëó7o& +™¯rrÊôÿz›þ +¥ô®:XÅÙæØÔ!omô_‹¿0DD¬®ŸY8ٟ٘9ß3€›ÛýÈ÷7Ë?×òú`;@ëœhf–¿KÿçŸ+·2Ž6úkN”ÁúVFï£õ_†¿Ü†?íìÞýûŽ¿—üŸë¿‡ +t"-Í[òú™%¥&ƒ«p3ûGÅŽº;Y ûým +kUòrŒ*¬;<“‚~s—þx®ôg¬çymrž;²yّ¡Û +ìı îHžeº“Óvå`¬QµpÒïú0é¢&s=Ÿ•Û€Ñü¬¶»9úõ›nÁ3 +Ñx +› +Âù +­¹CŽ6Å­ +š‡abMäÇÖu˜U¹GÇT±w·ÔœCý} +—°];ô‘ˆ”Œ0šT¡^¶‚šª¥®á,±œq]ª4lk‹—8¿6ؚûˆµ%†Ë®ÇÕÀz;oW©'ݕSšìüN'Å>wöÀåüx@ó2ÁöSbŒq2+áÎã±Aˆni™3¯­5©‚ü›Š‹ÑŠ­*ö€£á1ó4îþ¢«í +ž–*ý Æ +¯\ÆÇɆšDÙ_£ü•ˆ1’Øj öŽëìނԥ‡±P÷æuÓ±¹ž~Æ +žü¯;‡Sùva¿È˜nP‹=À5cÇw”OÃ6³ƒ‚ C8ÍÓ +Dz«ýª[®¯ + +淉/9ä7ŒžG¥#ì³àTŸ°pÝx5\c~Év +P1 =†ª)~ÚÛýOš¡z(Ó: +Ÿ +OÞEÑoñðöm©ð,«Ò1*DîûYªÃÀµiO\ØnT’XZ‚QJ¹æfmhzޏ°šÂËØo›µó~gy4ˆš‡,I³÷Ò5ÜåéΔ˜ l+ŸPh=™Ø]ŸÒ° +}Œ¬" +! +õ4c2ǎš¡ÙAŸ/) ++Oª×]iï9ɖ +ª²g +)Oh¬³ƒ‹úøé³—šÿ“p΢zP5vFŠƒEÝ5bÝVsNØåý(NÐ:æŒnù9«è<§ +ßØÅîO9Ä<¡{®òP8Ÿ ëZfz +–˜&âÓQoèoîoPá÷zŒKXÕ?È~›9àÔFgEÈ=xYÎW©:øvÝñi‡¯³”>è[ê«é¿ºsežø¿ +wÎû*4‡HBÏ.Êžö +]ÑëÀIŒ1˜µ¯Þ^ŸF{O”YªJŒ‚ŒÐæ–߶•c2¶ýŒâéÀ@.ïMŽþxµˆ1 +¡ÁWŒ± +$|ˆUçˆï‡†Ë_l­s”^’8À“ÖAŸ|Îy­~DQhíç®j× ØÕSÃäúÚÿŽÍgšVøC +»Hòˆq>h +MjÛõ+Tï@ÉB”yù“ö +Ánÿ +€©—Jd)Ë¢¥iæžT;¯aŒžzL4aûšYÕ'&¡µuzímÒA¿Ê^l«ufxÖúŒMì ŸŠÇØö4EõÚ€6}­‘Å’‹ðr‚XB£À +Ɓ3°öÀa+ +Ήs{·F¬{.y +ã³wç2`þ»åžéœnÁeºõ-µ1i•ÅÅ«ïŠÐ‹%¯2(+¹V¶ýˆwŽ»5Æٓf<®ÆcŸ©Þbϋ€Ì{ãa›ßêPŠû†5òC/-`Î +QÝ~ú*©{RDŒîŠœš‹0­ò6m׀ªñ·1méË%€€ý‰£rô%ŒËY?5þI®oQ?~ ßnÙü(Ò{œªÑ›ÄïÙT26+R¯úÕéSO@ƒpC8cmWÔKÖù£ZÄWj{›êŠ‹°4RÇB + 7ÇWs8­JÜb!±“®š,€v4ýV—€Þ»ÖÆ +œp- +ä+±VÂq”^xð€<èõß<=§Ýð⢜zÊ +.ŽÆÝÈp%Ž2äŒ'!&ًãö‰ò^÷қÍwK­éZƒr;y +²á€²KSÁ‰8ÁEüØÕÎ[º&mæ‡÷ôüzhÍ8šíì¥óó0X.öðÈTc)Ĕà4ECÚm#¿Œ "ŒÏBAa7jºMý%ѯuµg6é×1©hܱRÑ3åuš°yòU¡kúò +Š°±‚ípp*¶úsÈ°®܋ŠjÝ}é85ATÓí O÷¬@ò’t~%¡¶G5lj +’ ¢§l.Í[±cAÎ/0J4æ8^ +Îk}³•”€ +tbBŸ¡úŒ@dåµu£8”k«¢ +*(qkGÙE +!™N?ɔÓÐ^_êÒ+rÎüc +_)R$ÿ(þ€HW&ZŽpBŸ +šžœE×Gœþ_mšý€ÈO +éB—¥¯î_ìÌÀ.DhTŸ~Ô²Èê·ô9žBÏ3Ót–‰EvÓ{.wlZœìiÿ™bEAVRGôˆß †°˜8žÜ2xV‡BZÍ~H'TŠBeُpÅE(YF€œ‹[1à#Po4•É¥aö՛qüâÞÖÊC¯ÌU-{?‹Ð` ‰3†Ÿq—¡ã’r¹–„È­34 +‹ +wS.CöKbgÁºU·¿$3G3Øè°L”›p!•K({³’I{RŠÇ'~§íWQWšó› +ÉO‘¡úÕËœöñ„°ø‘ºe¶³rï1ë5Ï +üò +b把K2ÝÎ7qIãˏÞÔ{dð§Rwòáƒäi™ê£ˆöÔ¿0å~ŒØéÖkd–ÿЃ~Êxôà¯÷­×€žîN î¬8QÅÍ́šŒìŒ„+ʋèLɥⰠ+^EFÅ:žŒàø2@Lü‘õ€nr¶[ÉÜñ넾s×:bë­= +KݛÃ` +^õl冀hZ,+Ƨ@%‚[+³9™»Ý&g³É&¡ìÄ.ÿH +;P +û%ŽÆ +ÿ͔UƒOŠ+"ÌI +Ë*Ï÷Ž`Šÿ|˂5«+{²zqX(m0xB-Oõø +l¯{¥.°©sù1)ÖPÄÈJ ®æ.óI=§!+°èE±åW~R0¬r«iŠ/‚VŒ;E„ ¬ÁeCŽ|€á–®»’a‡$ÀRbdî[©ð3,xK6á‰úX`4íOi.ôÍæžGBòëó/.tOÌ Ñ +éAY +â"ªÁùœjê\¯Ìð5Wùµ ¥Ó/ØéÒuEU^ +e.‚!ÐQ*^®-›úû?•Ü@­.ñ)Âè2ø· +ñßs~OëYá~“Kw +¥ZØ +A‰¬­¡;ÛðA”S@;ÖÜrÆG µõªø(*¹ +Q+DëZ¹=GA*¥ÍÙÚZaŸ÷Õ0Äyúîv¥F¢ÍÚŒl¬û%mx›“"4;Ú +ւ>?cUYƒ. +.ç+‡’vÎhÑmŽLjÌòæes5c ìz_#Ã@R9I£j³„w2 +ŒQêNžºä¯‹ßóOÖS4ú˛ n||¿Ÿ¬ß#2 +÷Csë•A˜„œ[ö÷ÈT)£p»€Ÿ_pn#@z×ýlîÔfF΢{՗z7;Ñh_dAhv³1¬ÓŽ¹yï: +”ûž +=&V‡ +啧Œ*I#µW¬ŒŒp$dã;‚G€‘œuÔpcKyce›nü’Å@<†‚Ü–·n.Ú­-®­µB¿ÙÆݯxkŽ’†èùTý +4E/`Γ’ÉWåæI‘–ýÊí“Do°nHµWŠhŒòò‰`Ɵ +â„GK]v—AɛÁÊÚYʲ;Â\ö\ +ªŠ"p^H\h™žÕlŠJ<€øŒÆØ|6wþӘLžÓ6XkÔ=ÝOæ‚P'P»ý.ߢ_%›ŠNmpËpÄÆâϚ¿°ŠDþ<ñã—ÏõÛñµ€Þ +UEŸ|y{ +Eë?↻P”28¢Kžœç +Zó™tÉÑû~$Më‡Xcûf7@ߓüx³Xß"=6ìO9‰œnëÓàÅ=Ý"Z³Í’sI»`-jp÷u–#‹„£ +§9“öKz{ý@ŒÒчµº—£ïœqšÆ~ÍW/ƒEK΃3©qÕŠGûÀŸÃš³I2¹~ùÝc¶;Öå£â$~ +‰ +ŒšV²ŸCoŸÈYm +œÅÂ~u +­)$óB8÷ÕÜ+3G†+· +içdüƒ"ÛÇè`xvE"y'†¬Òâ@’ +ö\Ǻ=ð2tÕ{vZ毱Ÿ2=Óç—Qô^åñ+ŒlÌ®»1ÁvÖC. +£y§c€²îâ_®»°ŒQQ­„vl?隰>b¢GòDˆ`)˜£P„«]I–Xþž™2Hsê( ÇÌùš`G8ôÜMˆ3y“û¹ú“é,«]H•zµožoriS_Ë +†Ý2Ï¢•òÂŽYg! +:õï÷”'nåqžNRæ÷ëú†¶nã šûüöiÐ4q%*Z’3eV¯ç° +ƒ‹(G|5-!ëÛ5ÜE›Ïzž‰›4û’K{¥ +µDùã–Z?K@R£_ž·WìƒBÎå”, +õ&dà›|T +ñínX`³†Ä±]3òæz8]³”pòJœ¹uÏ$({“ÐQÑ€ÎOŽtTŸÏc=Ú"Ðäu +ì;5Õ|‰y‘?kñ8÷ o~m˜[y[Ní‡-g—£œŸŽ/'ºßhêëù +‹Œ.æ^y±fuçîÂð2µ +WwŸÓržF8¢#+qûAÿ»*?]ÛZ©×9Ç@p13Áª‰ +ÃæÔ5ZÊÚ”£)ߥڇnJõ’Y‡L²`ÏÐxâ³-]Ÿ©œ»ÀæÏëöÙô2ç˜ïÝ¥gÂçt‹#¹Ü—é +œy§1$ÁÒÎ%Þª”8â dÄ^çÞ +^8Ւˆ}N +Ÿè—(1»-]'£ +Ú4]Äú<ŠÓ‡Äéÿ,á +˜ +nè$ +'¥ÝIÇü/tt!¹Ã™¿£ÅkÝ6‰ð Ðð§ +†çqHcz°ä- +%l?3žµ+/â9»Òñ”ý +j·âÝT -y»””ÎK΢|u)3­ð?± +Ȑ w{ͱ9‚±ÃË/ü¡;(w$”ºÏG+7“‘jŠ‚`órák¡ +—ŽÍâ® „~5¬„66‘†ÆRÒW†©ÃìRy·­’ +_ò;ˆè5HÈ}ä +ʊ˜ãnn +„ÝTÀ§‰†ÈQé8Ó[‚6 +Å]PUM±ÝÒól(XBŸ;-_V,BΓ§9:Ÿ%®Ðõ»y‚Ê&ŸQîrRY>lÙe"@ó 5znëKZ‚ ‘©výÂÝÃ&äë6Ì7§D“R’àý›Ž¢TSt?e9EæÙ +ÈÀ#Pŧ¶°Ó²¿Ý$i×zïl‹Š^zѳFûõÅ< +™lj`®d +çËtrëó•gtü Œ'–Îá&!ü{ÅÐÝñàY +‘f“ÎCy(ITœÓr +I! 'â•{Ý©;\|Ïh8?ڛչÇòSÖaìýˆ!"çîyƒ*ž)~”ñë˜ +%òuÆ¡–*,ŸŒNæjðž€oÞ-œðïÈ“6™sc¹?JÞ)ŒbÈ*«HÙ;Á„-yÓðq—ú›Œ#ûNß:²ßF· +n·0ÄŸ +,×ùñ‡«§G=hœê­rFŠåSÄ3zv°htÕuÚC††ÁæË*ÍçKJA>eÂÔrÀ¯–Ä +vçöMË1îL‚廯ÏM¿Wv‰~eR¹zøᔀR­w ÙØf᭞"ÀÑv[.ž?iz†ŸÔ0Q£ŠþÔCÔbtšº0èÙì¬í]_Š.&sB.0¹^Šwíƒ@/ñ糎] +Œå‚­°Ý]øÚ³T›UúG ©PØR:ïš”Pe1”ÔŠÙP/ÚÖ +œÂy];̆= +4Ÿ4øKÑŸFxÖ`5ë”èOûª-à‹Ž +é}*²Y}m­iPŠ§µ˜›H·™Ç2h‹1ÿð£HYF®@K§žr]ô ‡BÜÔz痙P{®WµP%Ç2œí¿{[pnm1 +N +{œ +Î +}2K +‚ÝømhQ0h Ùa®Ҕ‚ÕK +šMÏÐZxƒ×ë“# +ú€]ÿ8L¶ÃÊ¿"LKIyÀwáèÍ械[üMeÝ_ rގèü +/°²ð ++,oÿ% +ñ˜m +H-¥Å£›ûNIHúçô!Z0i +‚Fª3ÏeF¢a,¶Úš:©Rùr!qß +N(­ +/–wSۀéuŸ¯¹®5ûëÂ5ñYö”n‘žê1 5c±=®òOñOý‰µÖ+„IFåRãΛü•f›\-.@41€ó&{ž‚ªê +ÞëJþôæ`Z·8+EHãU3köªZhÉ·Wõ⮎‰]C5úÛ+:J8Äͪì?Tt’|’”íÑé™oº+n6«.›‡ +uè‚gŽMwZ=¥Rƒ·Š—%õŒß*’Ñ”kMÚÞêçS +E×!Þº(„ +ßú>ïMn„¬%ž„ +jœ¥“ì¹A>6í_ø]õþ~¶óoYŸ+å®3Ãßõ*}ùF­•‡hJÊKßÉÊØWx~ëà™¿ršã"O&gKR*rxó4TÏ¥?¶)ƈ`µ·ä|yþG?ác5dìì·nїFè ³}û~põw?Fí-ÊùX·ÜSáôìÙœ-çsPgøKÉzŠ•¡Ã5iØar’ÍE9Þ¯ãã˜ÍÝyG-ƒk8%SL +nìŸp3(£xÇî1{¿LŒŸÈ +àˆº×L€çŒëõœYKÌö)~œ«G°žP»ƒ–™Ñ2ªæ–û·h“Ç,Òº8VÝd]ÁÖ€NaŸÃ§³_lÖib2xüÊ?æŠh;êÔYhŸ|]^3Š'³–*›L9ö3ö‹ý×8®Å#xšæÉl"Š5úžU‰š.šNUà +`~ßë›Åñ€Î|ЛØXAd¢÷)+×-Q9÷çS­žûû +<á<"é)=îêð##pvçÅD8Š%œ +|~À÷/%õygƒYà”WÝOìÆÛmן—=o +Y;” +ÂàšÃ˜¢Vvß{ÐÚÙ?þè06‡K×\Ïhžiț ¹×åóÈrÈ*Ó"Ô +@`"ŽŒ;øÓ¬µNi<~‚¯ +<ªåKÙØm7ÛzeH¡NM@˝göŽ‚©å`t4†ìžÛŸ×ó²Â©ž"H—N÷À.žÞ†MÐÌ¢1©š’Ö)ïj”Q&¢š\zÆ»*%åÎSXIþëL—%[ +Ûžk‡ÒD8ëgœ%°Ø;6k†C/)jWŽ!š~ŽcDÝiPISý‰Ò ›ÏŠ•D:ÂBfW¬9ZÊFL柔øÚ!œŒ( +ÇÞº‹(駟,+îhå鮞«²šL3ÛFŒu,(ñÀ+AوTА +œ¬PYn›éFŽ‹Ivc>åéóûZ’`ˆEYM£ÀƧÍ)þÕòš|¶C©P˜ÅâDêq1F±øŽãóȜû‡ŒºÕ’l›0æqúÉã 0þA ôòڊ]LØw)‘qÑšQ>™‹Ð×Ès,lŽ‚‰–ݪùì§Xœ\àÉÙÍÎ¥ÆÒŒÊáMC;'€‡%©÷Ž$7ö³Šç0Õ;9¿~Š€õ)d ·5™œfX ˜7Š-Nä}£"™õ (æE •ýÓퟳxÖ¿Uàë +YC'ˆÎ+>mŸ~²6v‘ZއèiÇñg + +_SG3_^ܾnjhljN +{Ç +‘”I€3xŠ¡ÂYt6Cs÷ýÃöerw3äcœ._t¥Ï +“˵ž]|;^)—sGuµ£R®‹ª¯SWä{ksªøuú„>k’Õw|+aîì]âÈŒ•ÌÊ>MENåÚoŸè¹_ÇrM†Š&ÏgŸ'p +ƒžÐòÁcžKÙúó6v`œ¶º±a$ÂF¹Z|%<³ÇÇŒ‘WÆӉjzŠT¹ì™‹€””Dî@È4bñÿÕEÃú6¶#ˆö]rYÐvƒMeª&Ø£!<Ÿ(ߕ׌X +ý<7Úž}9ÿ<·ðE¹‹ñ†{©5Ս{~p¿ÁÏXï£DFŠûîpyÍÉùý;‘ i¹Oõà|úqž.šû9Íô+¿ÝA(15¢cœøƒ‚"wâ:„ +¡II8¢–u‚›r +è`·Ñôß(6Úx4#ƒ²ž1«‹yì6šm°yŸŽ*ù0ʙÁwå>õ +fllV +îH"ÙÜK²o5L[aº®^Õ:gñŒW€`øYº÷f€ +A²ŒŽjJ/Ã`C +ÂÄL<Ô|s¿JÙ8žÅœQu·ÕsÁü­òà1GXŠÇÌ{-L!‚Ÿ{[ð +4Ʊé\‰¯0øqæäYÈŸ +v2|^Öß²è¬èiH"DŸ.€—. 7±0 +Ö5 +Ø!ñfû~áM‹ÖÁæ[!SˆŸˆ +KÑ +GßkªLýãb| +EôÂä㥠+òË!IÔèòA§{÷ƒ¢x +j"g§Á'YڊÙV˝*zjÁÇ£adz«œÂgõlѪŸçoÈÜ\‚"ǁ +ü,9ŒÚÙã—#"\Ÿ]HÉ5Ž +g,€R¡vÌ|-"Q€ÄQ'#ó†ÃN +8nzNƒã×Û+oÇ}®³ +Û?3 +1,îތ­‚Ÿ=<ÍÖ—~ŸÛñÂþEïËâ_aaI\PWˆW×!5ç, +&ˆN·LPâxø +ž“è“­²T±W4>‰ÅœŒýGur`Éñû£ôn +œtN¬{(Í`z0Çml÷&Žî8£ïسcÀ%+O"‡Ô,!‚õ5Ë-£é +Ámäôß³ +6Rúçûƒå·°E U/íQ +ÀD%A"'Õ4¶ÏñþrÑéú +Œª)èœÅcÆ¿SœÆ“uΗB’2äm^*U8¯t€rÇÁœŽ{ÐrÖî™Å'¬n›>? ‰ÏugEž%Uʙ=øŒÄ[Ãá&*Òr +ä9›*©ŒôƒÏGÔòºÈâ\W66}Yž‘§.xN—Ïf ÅV|ÕHJ¥í¢º€@RÉ Ý€óº3žËzøŠÖ«d~ÁԟHu?Žá$Ö_(ŸüaÀù]ãÿñ¹„tž_ðÆKÚôΫ0Bm8=0ú5E6a6Û(:ùñ~ +Žzþîüñ&ñª,õ×8>|Þ +óò8Ҙ²˜7E`÷nOˆ@ÊKa£˜ØÔ +ñêî—ÀXOH¿Òª‚¢HSƇ§÷z¥FÝÑàôù¯kµ¿r4“‘Ïü™Y¢ýzw¥õ5ŸŒòº3Xf +EÎü›(\£#!X-ŠáT®@c6ªÍœàU:ý®å +ñ˜8rٍ4–FFçaƑ‚Qꈖ÷ +êÜ+&>ïqÒÄæiøöOhÌÆU]g}œÓœ?’ΞE +üÕ멜ĄŠ)þð„JûDµd•÷+Z¶õ£,Š€*)ò'×ðôØ75;­€ç(g9Ðzœ§¢²Ìá7Ýü;Iðaɵ2¢µ!ýBɋßê +0£|pX4<[ý0ƀ§–L֥ȏ +·]Ælylš1^ó\Ÿ8STËp)JÔó”ÇõvÆáß^‹Ê82ôÈ"\®ø(£"så"dÃó‹I5Kµ"Qëp +:ºˆÉYRÜYHE€NhØwv¥w +“-§uç +w{ŸDÞJ€œœTŽÐ’œÀø LŠO¥£š£Ú&µ_wsd†Š,- +j!-Ž%’? +LË0ñŽýšRþ’Å{ˆ’Í\š£VØý5>§Ñ|Ý[ +D.B‚ɇ 7Bôç<$*ä +‚n4ÑÃGs?[Žàóþ³ŸØe +¶ Pg50  +L­ª +"E8 +ӛEóøhŒŽš˜£ÖÓüQÞä'ŠN|ú€yûð×Y!ÙEs;œÛ’2AÈ>06.Å +²}—icd + +’4j\“Ès(ôÎÜ +0­õ¥ +†¥òElªÖ¹4ì#wi\Þ>a ˜‚Øù@FÒP¡Ú¯,éÌ>yY³ûžŽ nê ¶E€¬œŒ +r±UºóÞQW—èø‹ä +sï7±!},+4R‡iÖŸ­‚PÛڂ/6‚N·µÌã­*ù«”›Î“ñò=aý²ÐõgºBÎÀwUeàþmÝGfg¿Ýü`xmÈì(âjó^œ1&’±+$ÃÑXÖ¶Fæ ØvŠf™ + +O5W'ì:DxÁ3“E<^†£e3žL©^\Ë!Þ{ºšr–£¯¡“.îîC’³qM¿þœ”$ÏRžOx4¯·‡¥ŠÑ +ÞŠO÷>iðˆÆD[ê + IsKŸž0] +šé mM‘TR†`GxÑÞ³¢¿Õv\<Ôm]Q‘Kª’~‘0œÖ’1Ä◝Ã0㏳"|B)ꀀWŸŸ¡Ú^1ãBMÁÖ»ž·2 +ó™yâ÷Ô + +1]>ô +“€7Êð˜}_lõíúyU3- +`Ú/ίÑ^G3ƒ°ªCQ?†»Ôgû&GÜHØ2¢~žå%÷Ùòä +0L ++3@¹G»x&!æKëhä»éŽ<ÿpI‹à‘èŽãŸ­“†{ëŠÍhÞl8Åœ’€òr +֘þ1 7Ž¶Äoè`x¬Ö&w”pu ?>¢ìÃ-àh™å°#-ùý§ÿªLêxݺûõ“˜œøýAn©Jö5!t³rf£%y§V)ÌÏ0QÙ”\v@µ¢’ñ̏#&Ç姪åœÄd˜ŒTð*ÿ璳Aモ¯œúáÝú§°·­Ž¥(›þpœ3îøG«Í5W·°š(3ن +`— *&Év]'╣¡LTgÌìmpšL€Ë}ÊÒfØ)‰àPkŽiíççѪž,ëþTÃÞüMT¥Þ“kQÌc+ʍxRÞI[gÞêÁq`׊ +†°É> +w[ß!î™2[fôt§²€"Ÿp^9É&ÙIp÷žšM›‘›úÝ! +’ó ­È›¶~Ê'pûÍ ˜íëª +—qo5è +Š Ɣ8úµtÐX”ï¹ë)DÌð¢¥Æ°œ÷X°þ%ãÃù1¯ð?ÍN2tƵ +Á÷ËÖÑvyRCŸ:»ê)ùþ¬ÇV¬­Íöf­TÕ¬Ÿ®ê¹²»Ø·øÒYIŠƒŸãÐó— +°»àŸÜ Ž‘ð1Mò÷CDlž¬èòW¡×Ul7H7å>Û‰‘ŽRç$¬(0;~9ñ×vZ’kn>—Ðú5³q¿ €£Dö¥§–ñ.u„e2ŸuX¥اšÿƯVŠ!u¡?™kˆ Œœ<)3Š³(v?LJürÍè«ù4±„Qt§Â³Ò(ÁÅ +}:Œ÷Å8” +ÍÅ +®RÛÖ² +õ‡&€ämK&O +Âøòìh/±„L;“Z™RRž +÷Âét°5'€! +X·b¿ÌõŠ­ÔƘó|¢¢ó؇óþñúí}~#£Õ9XüÌdCµ¹,QÔX +ÌŸ}kþr¡_w[ÿж)tä4F”ó¬=±J +;]”ëC‹CNTž.žêê!–‹^Ê»LynóÝA„udµ +š,»“‹ûUŒSM9@Q~M +.œÔ5‡g +$†Wgˆ¡ +Ã9øøËÙnžóDÓBÝ +“TîÉ+$šÉ€ÎwTŠ«‘A +ßIÈ7ö +A°›î8óeěȉŸÁ°€S¶§#HÂqmÛjáœåÏoVf² Ds3ˆHš‡Rܞø— +†Í²YP>UÁj«±ŒÿyŽgŒ\gr +Ä +‘-Þ-Ӎ"IJêx¹ŽŸ]j +>Ð7\œ¬hOöGLQÃþO،5—Ûš +guž5š³Û0Ô¢Þl¿Ðýmâ™U‹œh®O¯*žü­VXÏRmŽ+rõð“«iŒW˜o8BoãâL9êç8h44åŸRڀþA•_ëü +“«Ž2"En8<€¡z"–ë­ +†š»ÂÅ*-ÃBÈYÝi:~Ñܟ­çUŠn5+÷sê%!Êà;dTX +Öô˜n¥{ ƒ›ËqIˆ1§7Š™ÚZ ðäèl§è£‡»u +Ê~óØ® ·{E5}ÓóóK +úbÒxe;Šä +«ãŸ +ñSÂ)éʚ9žЁ(Q„)eüõ' Ã/=ž ÃHF¬ê +JWŠýeŠÀû—‘­fò ”å‡d +ÁZàrcK)êö™Ž|©u[#ù×ܪã+çŒ8%,‰4~™.Fàƒ£m +ÚÝkÜ1srÄrÉCš3) ,?ŽÚG¥Ë‚ Új67ˆ§JŸRFý¹Ÿß" Ïz»‡;â(=æ šæÂԐsÿd÷"sŸÄ QI™íôÚÙK7×ÓË¿&Šsܔ³cÿ4I +řgι‡CÑ­æàFٟ/'|ým×®\,êG1×%IM»úÌÒ¯1ÐDªŠ$bÇÛõÈ©ZjeUOõïðeuo¬ #FûGçx˜Cƒ“ +;ýª‚ˆcễ‘Œõl“‚äK'|Ín?Åã‹lŸ–}ãT8—~uÙÊd_”4Z7fvnuÅÄ·JŒŒ«4ó^Žôšg„Nv¿\"ìsAÉœcûDai˜73܄•å:’](Âû¬¡ÝQ§‚vÃï¶Â+Õ'ÈdVýÐ +z +õŸBœv*˺=-;勰1J&o§•—W–9¹¶0ëúY!τ›ŠÂ§ÈéŒÛ-öÒÂ\©G+Œ1ž)ctfõ8! Ò˜Ç +Ëç@ñ]{ SðQL:ŸÐ*ZÃu)ÔaØœµBAlë +Âk`ÌÆèÄŠ*ÁbWB*tuA@\þ¹kaÜu‹@e„SÅ£,™ÐêP‡Zƒ± +!&ãÏ$Ñ$¥ +nÝ;ë¿:«F®ÀJSÔ' +C–LÆl—_Å¿ +eðYTkG›ïy}òÛ!=B*Aä÷]]Øò¢œÎ"p,7Up:žm>‰úpò`uŸœ_Mþ§;)S°C{Óì¿`Š~ØmX"E6ßZQzÛ]'ÞhHʝà¹h÷a&Ýw©¬‹jöŠÝ#8–:îªRë p3Ÿ©×ÒÅ +kœ-^<þYB +!7QǬQœƒÑGŸÅ]€ß/»1ɉžsBܞ¥û°qꞹ6zC”æ-{‚ÃÊPÝglúC +š–$ K³L;¡ÕZ1xKsÿO‘KEŠð‡ž›Ø©vÿš·úÜŽ9ËúÐ +îÂÝÆܯ +þÅ,:{ ±Ð !\Iw°Ëîٚ@›Ä›ÃþéÐôKƒ¯„FFt‚: +œùa³A·›Ñ“ÝÙvùbñTĂóˆôpc}EªI?K‹Ì©ä«;: +Ò9Š\‹×#Ԙž©œÏ²˜ŽÆÛ +åí0KÖaüN×ÖØEV +EóúcÁùw”’œ'àUßg50»\6k€‚D‚­Ö¬ + +Œ}þ˜ñðá×úžŽZCÿ1©\cqpvƒP +#ià™(H/'@^ÉOƒ›ZMõ:S"®IÊh +Kì̈́,Ò`Â`ÏÝ$¥ .&?t„–%l8HE¡ŽŠ{•‰\óŽ«à¡Ag“ǔpü™·µ°ÿÖ€¥Âp Œ¿µžžún•²ž‡drz‡ìÑ1 +>¥¡>«Éš­€³eÕéú%á‘Í™ò¥ð¥·.²ª{űž+âÄ}kÊ7,{Ž”ŠÈ맮&í£YýŒ£ž¢°N&\YêNï኏$r^5Çh bí¹Š“ÁAó^o·+NL·œ­KñíèÚ>”°¬Ã“™¹/ý¯Nƒ³ + +y“ÏXpBî gG.·ïñnù—ÛÒGÒ£ØÄ¥.µ³NUöת¯֙îÕÛœ€ºQG’_èq€\tÂUp‡! +ù_Ðæî›Il‚[Xïó€"µž“!£\æÏyš8¢ž²Blº?¹âK€³Qþ¢ +Ο[þ<ûÈx߬¯zÄØ`KülŽy+!ê,ŸˆEn­d’  +Z­ùfØúBa‹“Pýr÷“Tá^'`䩍™;诟úc +|aø”í7‹Ç"žvÃøýL;¹ +0™amý6æ +ÇáÃäÝQÌ&éä=ºæVUÑÉ[ÃÏ +ek·Ê§7™-9g2üÉô±ø™«ÝU9ë#ž”Nh<éÐÉ­ +qÍ>‘ÞAø6]Qñ»ê@ŸI©Ù +Ä +V!Ç% +ôWVZzÐÂ¥4‘2ç†êýänu€ +àHº‰ÞZÏØ5Ïi2äö + +Y5ʖ}À`×nÀŠEžÓ] W¥é`gÇÏOô1 ?íì˟Ƅj#ËÅwË)ü_¯§„Û +ÐÕÐ[c‡ +cÖÉ>ÕR.úªCîÔiQ•ÄöFr3êÇÁOÓÙgÞ¬ +[åòŽÿ> ®0#)»í—cÐü1vº×S=-Î#„C2ªžä{vÿôg^p“ßÝAn#i„Ô/á¢{ž#TüFœJŒò +B”IØñ®ášñŽ®ÖKp’‚"JŽ€¢2KZlÀ1pþu?ªVˆC]µ\;{– RäG#äs +˜Çôàƒì. +CÊÆ~€*­” +^Då +æV&y¢/õˆP[”e·•ì–Ž©¿C +ƒàæáy•ü§t +qôŸ±ƒÎZSi +ð‚‡: +rðâ_Õ6"ÓqÃäÚ_µfµ° +z~mÐýzÚžIû®d5Ý=oæŒ#¹¬3*dU¹>¡i(‰’e˜÷#y¢zš&‘Í%yòÚ0ø;3aI7È®­VŸŒü¬Ï~li%·&œ³öAêëoUO +ùtv +`ØíØŽIf_þŽ!ñ¯Kþ66gI¯/ÁYäP_!ªšš5ýó`Ê1nœÖ +’>ˆS­øì@^êºò|8æÅì.ŽÙf ÑL(ž +eØõ>`ï£Ä“h{ª|=tkB@ +G7)Í"\ +-I±m·^‰$3Øæ€ež j>(Smü”LL÷ +÷Ê +$[~†üÿ‹ï©m +endstream +endobj +6481 0 obj << +/Type /FontDescriptor +/FontName /YJQLLS+NimbusSanL-Bold +/Flags 4 +/FontBBox [-173 -307 1003 949] +/Ascent 722 +/CapHeight 722 +/Descent -217 +/ItalicAngle 0 +/StemV 141 +/XHeight 532 +/CharSet (/A/B/C/D/E/F/G/H/I/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/a/ampersand/b/bracketleft/bracketright/c/colon/comma/d/e/eight/emdash/equal/f/fi/five/four/g/h/hyphen/i/j/k/l/m/n/nine/o/one/p/parenleft/parenright/period/q/question/quoteright/r/s/seven/six/slash/t/three/two/u/underscore/v/w/x/y/z/zero) +/FontFile 6480 0 R +>> endobj +6482 0 obj << +/Length1 1166 +/Length2 10724 +/Length3 0 +/Length 11503 +/Filter /FlateDecode +>> +stream +xÚuweT +]Ú-î +$xãwww—`Ah€±Æƒ»w +îîîNpwwO°$äòŸsgæ~3ß]õ£ÎÙû©GöÙUk + +š&³ž +ƒPÆ +afgaš€ìÍ\]4MÁJÌ@+WÀÈmŠBC£‚Øÿ‹~#$ŠXÊòÆkY»”M +lv66>nö·5ç? +œjÎ {/€t¶ß()sW{ ¢éêèhZh] +\Í.Ë·Îþ»*@ÒÁÑÓde +Ðkkè~`ddú7ÂÎÏÏ0óü'º€¬ÀÚ· +ÐÎÁñ¯Jo)d` ó[ÓŪYšJ[€  + ·†@ +XY +-Mo‹‹% +aýðÖš4ØBÒÁþ¯.(i&rš¿ +åÉúŸºÙ‚ +ÜÁÞÿ[‚ÀdáêȪ +9¹å¥þoð„òoÌ +p³q°ñ³q€N ‡¹5ë_%µ< +“ìÁŠ` +oGG€¥© +Ðd |»¡x»˜ºgW ÷ÿKüÏ + +;;Àd˜­ÞŽáßÙß` å?öÊŠgÀ€ + +Àö×õ¯•ÑہZ8€í<ÿ +®bj°êêÈ«Èê3þçìÿŠ’pxKÉÌÎË`æàã~sÊ[F~nÎÿÌø/-þ©Ãßšš)èÿöÉöï”ò`Kÿ?ÆyÓñŸ#¹]ÞŒ  ÿÛÆÿ3¿ŠdÐÿÛ:†lÜlo®y»±ÿ¯–úüÿj¬ÿ¬!ãjg÷·*ôÿðŠ‡ +@ ð—"vŠÎÿnj²óü_ +øÏ@]à?ÜÿÿÉ#1µ™‹ƒ­ìþ%ÈEäŽPAÌ­ÿa—ªlñ÷{Tspýõ&˜Ù¹ÙÿƒÓ²™Û‚..ogñ7[üGIi°¹ƒlЄŒ¹ÒÔÙâ_À_Ž¹«³ó›<ÐÛ³ÿÜ[‚Þ=€æ(«Kæ‚Á6õÁOµâÄî̇ß8xŽþž’s¡ÄØAï³Àô«Œ·-#æúúƒ/9[JmÂZ€ÚV:4ŽX:†×ݖ_¢‹ç]Œ\ÑKƒŠÚ +ýÌ-ÛQ|ôûÔÜSIÏa¹kŠŠ=É) +ÍPhwžÈâÓ¶Ÿ2èùšÕïq»?)khÆu"2Ï)MuȊÌÞô +e +]W+ÖÛWs!œµ9Q²«üÄWîá@œrA^ÙQ +DfšrÓ„“/BF„œ9Kài¶b²$x§m3ò +Âϐåóߧ(=e Uèï!²%™Ü€–‡uá]—FDÖÅzñŽÜ¹ø}g%“9“Œ` ‡k4j¹{·²ÌñÌ<öCÉÕ¬è$zѧ5š96ŠÅ‹ÈâþŽy‹èýèZÌ/Ÿ¶d£ñÔ­Ø-æ†)@"³yi*äP}I³W +µùYá +J¬N/GÑÙ _>)ÈT—¥É@ûHÈTÊZǂ|üšÇ#C(°ÊLe}/íN==‡ÃÓ®ñšÂ3­˜D“µžMjZ•˜ß&Qa‹D8‡Šw BҖ1öËìwŽ_øƒ>Ý"ãNGP`ˆx˜nÙՀе*Šøþl§šrRc‹Ý9œ=mܚ +µ³wøêKþ,úQD +Œ(í×S˪Ÿš˜‹Z$öœ$iÜøZ®`²„,;˚&³ðÔï ?;‚<ë>ZÙ°Ã>¥î +¬. +x[VF +8ý1#Úû3x6îÞ?p±:x&R—ƒäÞí†`Æ};”lìÍÜ=å•8Kk +ŸDþ58§÷ébAfLâªûŧû[h¶všïp9Ä·Ÿš©a’¹{ŒgL +mo'0žCçA+k=µãùfM"«lÔŒùƒ8Rˆzñ`Fù:Û@œúX№÷”®° +ÜrßÝl +RÅCõú{†®,”aºÃÑ “ïÌqKé£01âT²¬$_: ÊŸÂÃŽ—°+ê> ÝÊ9ۃ'Ñjv +Ê€+ž@Ÿw±ªJøTvøZ;8ìg~HU. +»Ý„%UöÅ;#? +LŠ4¬'ãp +]¥WsÕénªRŠíoüA¬5YLぜ؀v +P +7ºÀcš%žOü£s,jþf€yýNÉYTÉ—åmϑŠÍ3øс¥_Ž>D9eUðhûDMÜù¬çœ7à +]ÖwáŒÂ+ù– +av +Ãý±œIø«ÑÌð£ÃÖß;( +'®Ú‘âõ$¯”Í‹›1k¢Â}($1Xb©ŒDŽC'û]y:jÒ>&&æ>h +PÁžÑÁ +TéÉqb +Ò`Aß\úº +lÙGðŒKßég=áQg%<7:¥(Ès^YO–‹>»ß”ÒƒžHmçýYÄœÛHùú^Y”Éèôkù™° +$wËë±åTΙ)0 Ti¿$Ú`¡_(·Î¥“œ®ä¹ò2 &góî`áRZWDåÑjØ‚ÞW²yGYŠ’¹™Ø"œwB!«;j4 +ú)ÇQ‡SŒ›bŽgÕÆ*§ë*}/Ûl"ÞäF„Ìû:vàî¢Âx¯R + +ÔÕWDˆ£=x1”hփo ô‡®i +áÙk_xƒ›x1v€>Zùg‹qà™²§«µIòÎOn8ʹ(YÝ×N“\ +à á)‘Ò,Ûa +Ķâ{±)WþBa÷$~È»üK|86jNŒZT÷3¶C×ùƒì: +֟ŽÙéM“}ƒ RRVÇüßœº~ÐÇZø/t ófMŸœ{@|ªuGV›ºŸ³z+úgyqŽ/Ôø—Rþ°æo2ZrÉñj¡×wÁG~¡sT2¥fT$ +*š©ã +§Nž(Ïf¡HÇ«PÆG +ñúC> +˜TÎyȗVÃ̃Œ±›µ*Ö±ÇЋËEðbd¬=ü‰ÙÜ}ƶ'£D0a£ÂIV÷ÁEˆ‡lrŽPSà“ªK²û·z +ei$Ê*eíêՕœ01öKS‡4L­rÐj³ÅË=mþâéÊ Ý0hŒµÄõüäü‘LÆb–LAôäóÏbÃFìM +!É!¶ú +áítß%Q +-¹Ÿ—Ô(ý=NÎð˜;³4' +þ+;€Òe|å2ª§!çŔè©a9¹bMŠÇÌ÷Í9Γ¯IFÂè` +Œ0•Â8û IôZƒÈ.ü#˜(šÁo.ªÅӔì÷C + + “ü9v¹ýÆ+ëÞ-›Ï˜šXmnÀH ”Œ¬ +ÒäõåÉ÷$ÇÍØœ +ØÂ%9ïÛ5°œéE£™ßÇNÕ€1ºìÁÏŠ陏¡í/áWSÍ€³6a)Û&f•±?ù +†M;&Êó‰ÃÈJƔÓ(‰%š®4É/@.‰ý +÷ +kð÷ÌSMaz& +s™yVø|§²1èöZið‚ì.@Ãlïá•Z«œo|Ÿ›sŒŒø?EÿŒIŸcïr Ž׉ú6êYâïg +¯w;ÌÛ±örƒ‹SŠ3"OèHÔF~1µS +ÆtŠ˜ +¥Žop_ÍÀיj±K +Ÿ‚l›/ƒo1a«*lŒ+û2¥@¹íÛÛÝýHíþ<|ƖДF`ô–Õbýúš·±ÙË +Ûè;Á¡ÙD—ìÑ=åœôXè{z™œæo·Iâb£+xà£úýœ6˺z[|êû B$ü›iÛB–ï6–§ašsd>ÏŽ˜VŽ·xkxÜWk›ð +ª‰*mí>ìKÍáŽÒËD·àŽ<Bš‡ãZùºA6œŒ +k3ؖæ$}ˀ[¹¬?­æg!íU ‹Eà)5€Æ]ÂÝÏ€„Ý#- +¯À#µÜ-²ÓŸŸ™Ô€ûtÑ°)K• V!8z«Ú¡K—‰váã;LTôa'›–!˜d¬ošF\`ÃïŒ)47Û*tW4šS>Fû'Ò¥c2 +ÔÈO&ñÁR?CréÃîÁ^!ѝïÌs~kó +JKïBÂ0ÿìBUå4øc3r ò +Š:VS¥9DoŽ +ôãr˜¯³8\ÿ¶waM«“ÿqóÂ$vÏä.²ÛԞé<°ÜÃw“ø*Ù?Þiiðÿ»àòdu€=×̜öfx5 å~bx{í*ɛ˜Ö?á1€Î’±YqO15.ûÇ-ÃCO~Œu¹N>Œ +hûOr¯I°5CÃk +G +èMÝšú­®ÝïS +ÿÍM2 +Y·†8¬Kf +™Md‘• +LÿZ؂b`mÁH—Š¯²†æApE`yÅ4=#nP"»:[žœ~¥÷Šbgó}YªHщš +ŠŒ°9e]¯[þhOãŸø€Æ7ª!{ÆcÁXBÔq—‰)rºA‰D6퀯Ç\ÁB‰. +”ñÝ<]Mú¶FÞü2(Ïñ•`†(A› +Å£E‡‡~\ååûA +˜$¢\Ôh +”¥ÿÓG©¡yž±®›’¢Þ"Ì€÷—øÂñž +7n +îœÌD5ú©ÅÞFÓ©lΡ²Þl*ÔnÒ#G££Ã[ãk°l +!s`yµŠTS +}H¹” +à ïð§ˆÉšµîÆÊ>Ɂo©ê‰”š”ÑPsÿÙ·ä'µ3‰ +£à5Ë¥=it4³éí¯[¢LÉ Ç¹~:3/ðÆůð_sh¿.œsžá+ôy·Ž +V)ÝÜ@ä_]øŒûxè¿(‘ºóóû鮐X|¬Ž¹¹XjRã:8RËÖ©‰vQ?ö4–Ž¯«¿(S+Vs=Ãdœ +¥åvï3~–»¯¹ÁlågŽkmË[V¯ŸóU^UŠ@•\Gá}U2ÚwŽi–7øŽ×Ùëê-ØËâûÅ@Î?NñJ +/^úÀc«œR€%ÑÓùÕÕ²JbžìM» +TZCÜ +ào¹þ]C#”ó”áã{€ž~[ñÏâšP&çw~ÏDÛ?.ôøû`ݚ»£Z‹¢ +Wóa?ȓi +G6ßÈçPPó‰LÌÜH£%HCWÎá +~Aûª÷bCÐrªq™0_¹öU¢5(€ ^ ±lø·ÚŒ‚¢Íá»I5dž"G¯aRßæÁ¯Ÿm³È„DDY1ã:F‚®Õ{—Ês™‘Ÿo +üêpè³»BùG<ð[fT£3!f·ÿ—‘rÓ]Îû³ûU‰5Ç\\9 +_îŒó5TDZyN5˜RÖ*Aº+}wãŸŒm`žk="+­&¯§Û +ï=Ø +mæBK#ºöÁƐµ¢Z qxœ;$¿JYyÈ%O‹UåhVÝ@kœÙ;¿ÍhV¬;A¹Vñ»Ñí;| +ðÊ-(õó4±cKå)$wú©‚ð_¿)]—Fˆìøn/!ˆFT²µÆ䣔IŽ} +9~Ï9~°9=ZLŠ7AWo³r«ÀX7e€Ec§Œj?ëŠ +ŽŽ²@ˆp|Té±kÚ­_äø¹G­Öô"'†ÄŠ!«]YšæÏÔÐÂf¬$JŸŽ`r_a~cÑÇKuŠµt<—x±Hq?Ér3hW"ÍyÀ"ýè­$®âEWÉšóœ5Ö­ï'ã܎8khîB¶ +ü‘­†ù±Š³øRv¿Q‚‚ZÜ +r%ísñns°PqÒ?j0+CeW +ñ|dgÆÃú +-÷¶¥·§Š2*P€ÃA‹ìì-eIß{ b2©hÙ–ÁMLüñZ–}ýÁS†±ÓP/ ++öN‹^úNˆÌDO(€$¯2«73»o  +~^šN[:TôÏ-žúŽ‘ +dW +ÿ—~' +ö&™äåYZÓ­•ÂÝZq&aS_ôç»ÀòÒ +é9£‹^ +T¹M£SјŸip"yã¢Ï© +ߒÅîDžJž¥ÝòÍÔõU‘Õ Ç­¢}%ƒ"a[—Zbr„âÌFzCWAàŠzІl€Î‹EDœ®u&åWª +ȯŒpåøu4!Â÷N¡/UU™›9ºG“‡ë•+ +€’ȪíšsÏWˆNW8ÇvLßcG©òãÓ +Q.~QÒlŠŠm›k<¥:VŸýzŒ•Iš“ÈL`Nð¶f^Æ ú€ÔI¹— +ç€THy£› +ºnöuf +§[–g5ùwÂç6[R÷ñþŠÑÔþÑUœ- +?cÞêR–ÕgüÏšIOE.d7ñ÷³ô®—D{Öiw +Œƒ +€¿RÝ+WPâF&Ö³ ÆŠê + +Ñ?üªMne +ɬžÁ5êâ Û +2AíB;xòâuhË2¡·²-Ù¯"ðGñ^æûÌçhXìíCç +S>ÆþÁ^Võ¹»XCÄ_ºkÎq?([Í~„œl†O­ÛüÆÝ +¿Y8g²øx³Ä¿Ýö«±Sœ/& ÈfCÃ×UÞsÌ +g§zÙ +V¹Ž{ßfézÑ»x€¹žŠ±ô¥4‰¬íA”–[œ +¶º‘îƒ +ÞšEÓž$,÷¹öÁÝ-HÇ>çÊäL«3ì®,6–Ñ^K\Ü8«âyKå6ˆ’1Û1[{iL5zJ-ôTƒ3†Û^7\oZU¶Ìã3 ߙäïÌØ,†ŒqoŠ +ûˆS\Š72Ù ƒŸ?s|<‰ôÛ»ŠÚʜ겺e¥ñ5ã7’Þ +YŠt$nÈ8PL.þ¡ZyO`š"ÚÔJú| g3OC‘¬ +m¹Û”MÐ +ÏTÂLä«‘Õ ˜ +õÔÙYݺÃËêÞST + +̳×MôÜmk"IíOž +ýYiŽXΆ©è + +>‡ÿ4Ÿóxi—2€ðäó‡Î¬€âë÷ÐÜC·œt‘5< +맒ü¹—U¥ ÜíT+"Å>ŽqšìÔªÀ©kSôÔÈe݃ŸÕ‡|–”ý³, +äju}÷ÅÞAœðT³­ c ¬¯yçͱ¯FØ97:gŽMx·ÝA]0q +ø +xÉ®èB¿†ÙïV^*FH-–/ÐjvÑu„LzBË=†Ÿ,Ço +I©yp~Ë­lSÝÑÜž;à +ߓIŽðÖÔ¢ŸÔì;Rž¥¯|P»™£ãˆ~lŽÒÄNºM,Ã`‘¬.|%œ/Ñì¹°Žd`&»¬sJðSéK?'äm}×È&fJìÈel•^Ct¿º²<öÛ +&„b(pP]Òÿ¹m›š +ˆèÛ»Ù=r‚ÿsº)*7ð“—zFõjDñ÷yƒÝTbSN}†ûWÑA÷Ò©2!»¬ðíW‡`ºÖAh†pƒ‹÷áîÈ +‰y1¹ÚéHB5}3d;œRt÷QÍ + +þ쩈•çåa +| öao8³nÆ3q§dڃ„}o,GÍSbßgùº +&µPÄ_m`:/÷¶Ð7_žžùªK{ði‹ûS©Ì ŒI;‘W—øo ++¶e£Ë‹êš”ekaêÒ5#üt.§‘-â‘}ª'åV‘ïâÝ£Áà.ÚA’<£Ðìë^, +| +á}h!¡9D«-¡Žæ¥óv U?Õœ¬dÃøæ + +8ä¥uò&`Â8 +dù,Œæf±åùõ +E’úSð73xOáîâKhïËííÕ‹«®!•š‚MaÇ47 MÙ»J‰Ç~š÷þ’B&I£MóoÄ€&»åw,ۑÈÙÃQàtÿ)÷‘cë^~Oc +£ƒÞ)RÑjKÒ.䛺œ‹a{"O×­‹Ž»F7£Ý×C¡Â + +]~Æt7g÷ÚȖc·:GWŒ“Ý÷G'{yOYoÞ¯øQŒð‡ðAPõUó5žE2Râ+nÝÝ©HõŸÑÊQ8â×^^°ðÂ"SÚ=œàü£o\$dhÒpâLò9Ù_.öS2U>ìË®wاc@zC«ý?Dsà®ædƒŸ¥;%ó0wn^¯;H€ 2[ö+ZwC”þlKŠ¶“Ñ¢2œcŽœ' ®",ÆØW +”\g}8}çŒÕW +¡“·íGr Ž‘íX#@OTI» +§ëiŠæY1äpôŒ(C­—*ÖÍy¥¢Æs +*a7©ŒGñŒ§Úgçë +¶~”;žà9 ZðáËeQ±÷÷&b~~ÅÕè˜ €Š÷'ô·‡ÉâYÜ;-çFþáë +Û3ÍÚ:²d±ƒ/cs¬'™]£0õZM- îG/ï«ÂÑ¥:*€ÇK›^ +íä +þDó +Ó'%I;jØ/jzÖEšÛI–§fÒ+”iI›X +9 @îVŽÖÍýU'>Em=Ðà +*.õ‰0³.¯í¹Šß{-&écÅÙ£o—îk/b°,ÙŒ&ër/ö©­»žAUüŸ™kôN +WrM5±Ÿ-fj_^8ÁÁ犞ª"Û[“ +Z­ +Ë&ÛÂTß·?úO¿Ú;Ùãž¹?aæ·Üä'd$ +0ôf†rdð®+nàô +› +²¿–Ø_È¥ïÃA‰L=æK?us»wÒûÄMrSÂ. Î*ÑûU·gò΂ãAÌBMq’¶g&§¡°œ>s\£m~þm.ÃqÃk7TBGZ$£~[*Ýv˜ØÀΪ¿Î „°€tGOl[š„\ˆ©––AMåêYšdPUŸÞ,×lv¬³ºç¯,Î÷ÝÜ +È8+ÞT„ +z‹©-G/ u¡6×yUÌ9Ô|ÎVҏ2&l +ò +‹xÏÀÁ]íñKˆ?ªBkSm€ÀՄCðGä†Ý8Ž"Ǎ0€= cOú‰*%ùÄ!Ÿ‘Þð†( [}ãaßPF‘ +BF­Ÿz-R6Œó” +Æùcýò·ð¹@—dÁò’û==ž£ç¢0&×µmÐÛ§>þÖõQŸ}æY +lûöjì‹q +ëe~&Þ:C”ÂïFR)ºX€`æP0Ãð!öw+èàÚ /JG“C¢ý%J¹÷ŒåN£Ò7Âëéތv‘é,,+{AêÞ±wCçWYÊž€G¢Ü0ÇfTûÄU>NRé2Ê +{»&oíÓHäIŠR +Q/,ïJL*_Mš!p Ž•Ñ»÷'þú õÌKÇ!Ëåø +ùŒ"­¹ +ÕxÓä³Díšv†xœLpî)^i#ŸhŒ¿ˆsɱÂ,ÖîIíà$3ú‰ãp)r`þexæc–á@-úEšÎI˺¯`îiGOi¢íÍèÌT'ýQ`›#iT$ +è<êÙ»zí‘XÙ£T}'WJ)á`ŒÚìWö¬dBìÊûO•ÍÏ-‚»xׂÜã–qnî­]2Ç_ 4œ + +H¢Ü»“ÕÐ]M&F +]~Kùˆ +ÅåÕ"¯tè”×~Œñ‹Öç`§jŸßµ)pðÂAqjh8mûÎß^ò0ÆҚ ·:l·täVe©ïn'Zif.înD ‘b¯.Y¯$CX‹]64Ȓc‡•Žº냰n™ñ«qΟú‹çö°º.¢ÝÖHK« +óŽg +Àff–/×ux ºï[ÏÃœævšê" +& îë1(I×àž +uðԣɕc[·u¥ƒQD}ñõÇ\\Ò\'V]!¿ðŸ +Šrö’Í厖€”ÁÊ&$oäØðŸô¢ð¬ž®a +§rŸ7w—È&¡óž3Ld +¿ûCW]ü+žpéØélZ«Y%œwÚÎ$Î Ô +y?ExG +óY\èTuÏÔ~ʕ¹ +©r(mŒ€•¯,W +Å€ +û +žÆŽ‰Â]cmgóÈʈ?¥_I\ÁñM1£†îómE×¯[–Æ€P„vžšwlÊð#!vòëõÅbðJÚá2ø8udÓ[Á +A¥lš]{š(¬Î +ÔÉ1ÂçÜÆ(þ +sð~7AÒÁ>mƒŸN(ꊌ–Îz +j|*7!]¹JëQ:úàŒð•CP*Ím±:åâûŠ'ÉÂÿ +ÕúdGðø/ô¡ÞW:EÌÃp}=f]/Áx{/þ|Š +±ªñ8XEk +śVŽÌøxLf*·­~.Ú,mXŽE§^üŽ[ +çØ7Ž + ‚¹õpªô +HüÞXÛ(ém<é9Ošs›z жZüYËüú[&œ?²ÄÈMª›ýì“'/¶èáûB6¹ekQâV]â5ŽzÎ +m’+êÏ +DIöü>ZG%ÒRË;tŸœyˆ›wuŽJF”1 + +H +YðèÝ÷ÂÏç[›¯~H€+Á%­éžæýŒÙ€üiº?w†Z«9’–”Èg׎Ô  ŒÚ~ïbƳPÙ;æ"ên +Q–‰P9ߚñž†i’Y~’9‡Ò:D0M*d›ےŠ +ç×G^{éNòÝ5^‹ÂE/I^ûl) +^ˆ÷çMT +äæý€²*%ý†Nßþþ—©àbìÕŸÜeÊV6¢iÌ©­ŠÃŒFßèÀK³šf¢Õ}xŸßÑGÞ3 +±^~ +1ŠÍ«\5Þî!Žz‡2ŠŒ*ŽÁ¶±¬S! +Ÿå¡1{FX»HD˜izB|LžæÏM™W‹J +µY؋ÌüqXÄ+”yäDŒ\DiòèYú†ÔOÿъܶµ9»ßkÒouoM!O¢î*Ý¥á7öN¯Úáx.}¹Â\!Ü (iH6×ä8ÿŠM¢q‰ô¡fáC°µd«·‰‹n- +Ž_ +õ»$Š|ˆGOžšuê±÷ˆ’ÕÿÜ»M€Å +ñVáÑø˜Š~ rËT&|±MC`Xa +³›ÍÖ¥\ñ–C +WÀlY³lÂÞ»SÀ4YŸ:ig’ÆXsK¹›N¹Cö©‡@>ñyû­Õà`°vZ«"’~÷û­éJ\iœõše;¹mç>ŠÝsÏö¥óÛC€jî‰ô9Í%º0R^Á{ÈüYguŠ ¿ü»Œ+Ì +y•ÎŠ¥Â‰‡+³ƒ_Š>×S‰’U£Ÿ+µc(ÜN>‘2“o¯£ð+±/ÉÀO}a›<χAj ÷/(÷ìýõœ¶ ÖÃlŽø+6UˆœàÓì6›E˜ +€ªŠž +ŸlG_èÝP†xƒ¥Òæ„Ó„„¡jG֗qLØDÒü;¥èÓ|+ +/çáœu1 „„œµ @"@Õ©å—Œ)”Ó +Qÿüž?3©²=âoã“ýTOª_™Fݒ_±MÜNdZ7>DfŽþà + +¥’.߀Á~§óºýë£q†/ùCl{ÛY÷ý/ó +ª”‡PVêâtîÖŒ÷Ï<›;BôÐÞ#(Ō[êkنò«_z}T]œ’* +£ðGMžìÓ{` +ä“c>ç-˜CòɳŽ‹J$õ³å)«ª¹k@››»KDý¶[ªÜi¬×±F9«ÐÁ›]ϪìüÙ»ÍVW%4™¬cĆí+?RêòƒWXàI˃_GÇE~ ;Ä®›Ý@TB²VJªD >Xv­˜• + +ÆDm?bAXÓ³4,bË9WÂ8Ìúû­TÂBqx!ÐLÜO©h¡³è+¹Ïé_û•Ž¢êu±Ò1CmCrKÓÉÞ7¹ÚÖÒý˜9ž+@k_ l]Ó‰>#Jç°ÿüYœ\GŽJÆ/±Ã1¹fF_]E +®u_«5˜ oÌu¹¬Ï»çGÅÖAÒMb ÏÄL¢#,)êŽEŸb=ŠïL¬žK0ýÐ:?.>}zoܬ¹¢kº~ +ã)ŠC3/Fä+õuåÎà'L8Ú! +b¹Ê„ +±uœÅx€ßNàś +Ÿ$úVþntµ‹ú÷€q +g„%(ÍBÿ0ù.Œ&ßðÓ[ÛÍáctäZš•!¢ZÏmYÕÞH¶ôÔ\dÁ•Èd?ªæ +)z}º·˜@IiÑ·YöÊhòl³šõœèF—†›·.«xœ!ÅünÒ'”1ñÀ륒:ÏèH_ +ƒ?‹Ï쇟uՇ° µ¶.Z7ғN>W:>ƒMª:PoKv‡ &·»ëßåZN +±#7b¡FÞ±úé~ãþ‘„χÎ;§²Ïßž+PŒßŒs8AzÁ³bºf +Ó£Bq +Iê)ã#L&²8Ї9Œ[÷,뱟/^%ï"¥±+~8ŸR6íFº£ŸTm=À:ÙƋÌ볊©IÀÍ؜DºYÜs§9WåÑb{yn‚æWÊ=ûš¶ +ƒ€õE`¬žXw¯µQÇ>ôžV’=iÓœög4uFŸ°9ˆk3š'I²Uó$éJËËû6.zLëÒöÃóOÛØnœí¬9ÉühX­ÃPŠSO•-L!êþ$:‚|©ã"â£ow¿ +‚©ff÷ +Ä,tGO©>[aÍ +w҈çò沪ËåÝ +‘JÊ™^؜ +:4 Aµœ²²TRnë¥_wÇûyô +=L¬Pô‚Ÿ˜»ïâ!OœMìQ +/R‚V‘PöÍ +ÿ³ +² +Î)•‚mH²¡Ñœ!œì·&2ý‘ +¬CÖ +7{I*›^‹`†é.!uš4ñïIS†—ÓŒèa{ýÄ +† +Wþ‡;²^Çsɇ¢™”z·HaGsÊ»ÑÈ*Ì4ŒS0:ԇÎC6">µÀe‰þ??J.AD*î[Þ­-=UŸ'=«x¥¹ +F³]f&7sL"aŸÒÕo~K݁ù=—ú¿Fÿj E²>Iƞ˜ž¥¢È1 îÃÉc¿ǂŸ€2hœ@T™ÎÌAª¡L§Ô°†¿µ·ILäbɀmrîïRŽ{?²/ó{Ôw +ÞžBZ’¬X'S}EŒ~¯’ +üe®ê#º7låØcL'J¯Ç{a©3«\üëÑÿ .Ge×èGàؙ¢„ µ3vôeÇk +çìû“°ðX]̔âçò-®]/úŸÜäE[ºŽN·äiy矍‘Ÿˆ$·ybÖx­Ž\JŒjO-‚‚_ÔîœÍ>gïxä~„û)š÷¢‘Éhm!$ŸÆë`uÙÑÙ$ÅTÏÔåÓœÏÑâc™]àþڂu€Ýá’05²ZùÄ{æè%zì匧r‡fÀ+#@3kPçÄvc*_”kƒ +OôQn~ôïÌßèù¢µ£I( +E­ýÛh4ò&®µ4𪿀Žp£êãvö«Áø +7œa®ó7 +sœåóí +Çë/±Ó:iªšŽ²0ܟ±%Šã_à|ä  +%`ÌH`ço~ ¢±¥†[N2™°wÃP.]é!‘8ùfy +/ažO¬^,'Ó¢©9ŸëeUŠLtëÂsoL¿Pu{ +c>50Uì#× +ú°|Ê®€†äÄTæ$ñ]é,¥¹­d\ï +¡ðŸSü’Í›^PÖ£S>mäìÛºè%µä +i€J-à@,ýb\ŠKI‡\üâBJoÜç<ñ«9øõó[Kc£®Â·—¬O)ÒqÁò?“­Öy:šQ:#)ÈØʏÁªˆX3&–¿'È¡ +“ê>lywšž"±”Ñ›º=>qÉHŽzÎbf£®S*”[Àýì[º²€7çÔ)¬2®’ +éÚýŽ>Ÿ#@Rïqò\Œ,•ZèXÙ£õŽeÉ +endstream +endobj +6483 0 obj << +/Type /FontDescriptor +/FontName /WVINGZ+NimbusSanL-Regu +/Flags 4 +/FontBBox [-174 -285 1001 953] +/Ascent 712 +/CapHeight 712 +/Descent -213 +/ItalicAngle 0 +/StemV 85 +/XHeight 523 +/CharSet (/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/a/asterisk/b/bracketleft/bracketright/bullet/c/colon/comma/d/e/eight/emdash/equal/exclam/f/fi/five/fl/four/g/greater/h/hyphen/i/j/k/l/m/n/nine/o/one/p/parenleft/parenright/percent/period/plus/q/quotedbl/quotedblleft/quotedblright/quoteright/r/s/semicolon/seven/six/slash/t/three/two/u/underscore/v/w/x/y/z/zero) +/FontFile 6482 0 R +>> endobj +6484 0 obj << +/Length1 1199 +/Length2 8401 +/Length3 0 +/Length 9188 +/Filter /FlateDecode +>> +stream +xÚmyuT”ëö?Ý +")Ò9C +HwHw0ÄPCwƒÒR‚ŽÂHwwJIŠ"ݝ_Î9÷Üû»÷wÖûÇû<û³ó³÷^ë]ëe¢×Ð⒮v¶„È9Ãà\ n @ +êdéá®eSá҄Øz(Â- +¿“6îùG•GPÚ +b‡:Ãd,à:Úv +U +7/Š +DÀÀÇ3ïoEg7€†ÔÉÙ CÜ +¡°GHÆÙÊà ƒkyžž8B!֚wg7+ˆ»Àæ1ÃŽ +vvñqƒÚÚÁ¬:šzl + +œÿ‘€„ + +–>#ˆ;Ô`~<ÿÄ¡ÌÙ +æ÷ +fýgyÖ +.<:0š«DQæ_"œÿÈl!p?( +@\o+;ž?Bkûž@þAˆ-`Ö~.Î. +GwHÔòøÂñs·ð„àn +¿ÿøï°†ZÁ–ÛǖüÇû£bó×]Õîõ¹@øÇóï“Écs­aŽ>ÿQW³p‚xÔUå_IëqüSýÿ֔’r~tËpñ + ÐcÂü|ÿëõß|üÍşR + +è¿rþÇ¥"ÌÆ üWI\þ]–'ÄÍýqV¬Ž6à¿ý«9áVëÆÈÈ|œ ÇèÇë¿ð +²ÿ!çáèø'3¬QxäÄ + øƒÇÇÅùƒšÕÿgeáuôù»ÿUԃüµÿr÷¿ð_Þ%a¶Žˆ÷/!Ô]ê +±Ö€Â­ìþš¿é¶þsA!ÎîÐ?Vüфô?˜¶ +ÔÊqwlʟfý?AeaVÎÖP˜-@ +þ8¢nÖÿü[yž¹=òôg§ +mÿŸÛ@S„@Œ!V8ó³ÎV¢áö_Â[®ª$©œžÖÇøºt. +<èÀ8qŽÈ¿žQºÔ( +>Rƒ?œ +¥æÈh +ۉ6BUEEŽL€–ôr–jåÆ$! AQˆ¡Úã®~¡&‚w„Å:q +ìŠJŠ¥HÏݖöéS8€/»0`— +%ъt~D{ež¹åªŽAý¬¬ [}k–M˜ü&ô@]Á1ð•Æô`› +Ð>4* +W©œîë5‹’!nÝÞ%iE+‰ùÌl>Ðt€<üˑ%µÁGA‘¶ÑvÞ»OÍ67Uƒ.üJ|&.‹œãÕz¬q‡¡mR +dU +›{aú!e +] +Ÿ +:J—?ŒÖ²1Ö™ŸÍÝvDuà“Ì·v ?ylšÐÃ5’> +bwä•T€ +ÿ +É©tn^­ôÊ"ã"Š¬ggé¹®Ï^ÚÓçŒÈ +$ +0º7èÊ×kYß +PEKôpfOþÜÕ§UÅc:Çn7Ð"Ûa€šÒ0ŽÅA38}å +V®ÔÅÃó,Úòª¶) +ÕQ1øÖ +Ã_j2:2}O(ZÃïqIgcv +€øeÆž:aº]ûsF/pî©‘õØ÷ð’S‚ÄÉñž0ä›: +wž?óØáòUä€ñŽZµÍxZD~èé¢ÓÀ”¢X÷ßÍך?Ò$ðÎâ +F·muëðlñÄ62ß7 +=?)óF@Ž¹Lçuú[»ªcE“X +µÒºÕ€Íóe—„íÚùì.sŸDŽãp㟜A÷ +ñèy]ϜŠ–:™jñSÞ÷æú`ým‰úŽÂ—k@Šžñ-¹ãþì!4ò¹òQZôÂâÐäHø­Ð¶¢ß +Îü.kæ|ø +zàk–äŠÝ‚ø¹\Š1Ô6ÙKÃfÜüÙ¡(¹ŒkÅ€BkT]*Áœ㇑ƒKw1瘊MŽö¢ê÷Y2ÞSª'©-\âä^œã·ö˜švnc‰Ø: +ô^ƒŸî~FeHòO©—.jdžmY[ +(U{0>^ʼn€¬é³žÚâè=̀.Yy;@<ŸðhVõn/kŸאzáloŠÈ5ÁHΊ^’Ð̖”Ы.È +i@0ž7m}kq~ î«S8eÛYX +Vì·Œœúâ~O5 +„Émeeµ¹'$ +Ìù”ðíà,Ì/Ԑ‰@¯ž˜š+t°ÑÆi¿ +[6î›iºX +"œ'M£\ìäËŠ’O„ì8+z-çh +6LˆK5Åùâªeþ.X*jûëð^ +«(+Ñäëg‹·ôúі 5m2˜×Á`Š +×à*S—ŠxÏHNŸ +¥ÇÐÙHÀ©­C±#]'ø€õëXô‡pWñõOñ³,ñÙŒ»b1+K}ªóõ7ÍnŠÆØ>ÓʈOABҁ$‹{MÙä +ä +Ø6jb1ÊL ¿*wد äŠÎ©ûŽ×GÒO"zJ4 +Œ +FMLÙZ|x4lúÑíøÔÀ•1.äïÓaŒÑ»sÀ‘ªŸÔ_e™™ÑîØ?È®8‚?£ßIò^Š«í1Ιzۓ[¡²Å°›þél[jÏÔl­ïWªÓ-7RÃ/&Ò®ÏÃ,rýÑÇhŠøÕ}+×Ô_”žŽëõÿzulÖh¥x5ïíï|$ž­vÍWH¹•ŽÕ[”žrÑx1êß|ø+ž³œ¡iÚ÷Ie€û7P#ÝžT4uQÓHÜô%9Gœ€4ÍÝ:Rΐ׷€Nöýƒ—À„–Ñ›ðP4ס¥)>›ŸgYLË;€ŒE²€yær +nV›×ÙÎSSð>á +ëç€T.%õæ³Ýl>÷xW?Ó‰˜ölQ«Ã,÷MƎòÞów¶Où'û;Š‹Ûž/‹ Aç£wèø0ån“$ +鯎Â,(ìH²‰#I ž +îRÏD•­ŸG82æÍ§ß“ª%àÂf%Æž£óMõl5N§×è_Eé¶>Ò[õÔm.ÀðȀ˵Õé‘~Æ/é\ç£fLTÜ;ãŒÄ +š+¯¥ôž&)ý~ýcêKIFñ +ªÉ»êdp$/Ÿ×‡[KŠ|¶¬® +õ +žW“ô¯ÃÚ}ÔJàC“{ +úÔ3¯íÚ +›i€+µÆ±Î”dOŽQÜÅ;ŸA“âÚORz¹ ++O=tµœäx~ŠGÓH2ùM¯í‰Š Q¶^{ãp­—¥ªäCòõ’ü³ + LtúÍEÄŽ0ã® +ÖFžš˜eó¯:™ôÿž‰à’ÕœÕö +b:l{Â·æP—œþ +_Ʊg +K9ŽTýŠ\3QˆÌª‹]šº(ë}­’=¡æ2ÊÃWâ +ÛE]ˆ©|¢œ£@ë³Y“„0ýô^5:A#‚^¥ð»·ô«#ÁÁ§€M~Ž³ý 295œá”ø¥Z+œb‰Žô +Ñ< +lÇOµ`ßô™tìØÃqÀV^Œû"• +‹qk°Ñ˜{†^Ý,.kVåóB>Ӌ3‰'oÝ?sµ +ŠLfPˆœšÉ¢ð +ïØ%zBŒtÌcšG6¢:é‰Zsãzó^ז:ýt#GVŽCBÈMn]ŠtêŽñYÔ&•·Eۍ0‹aŸœ{ +{8ñ +~²&ÁiªµÒÕµÐÈýÃôò`Ž.Z1-2«³0E&fŠ- ›Æ„D“ýräiRÌ'ŠPnêjŽB'o'iž]º«Œ +qæ +ßqÊk£ nkn糩œá«±X™—b¬|ÕJgèÄõŽ– +æ§ïýFƗ +j&97 ۑÇÉóìO£mpÌ +ó±¶T'°Ï +z[bý×Þ&ÁUî×3L›¿‹-™“xÛ÷Œ3’D‚«Œ• +ûR,(a•ÅÚ«-Âl@ú†ååÒWIóÜÊõïŽÔUâû +yŸ‹dý +ß|·€ß*Æœšù€› +ђÎ9Üë–øØ<ØöÑà +Ý« +&Ìðœ%w=ö–EÿVŠšœž_8ä5tß°q’‰¥C^ØïSÞ +rO +÷ª\äŒÏ[Å¡WÕXõʋ$r›œ¿K‘ÿ +-/Ԛòž +žŸËú]ûûµAÕmœy|1U‚ý‹QxŸ“¿+q\±È`7sɘDn>€‡:e¡PÅûàúSt­Á>jcc+Â` ÷ò + +µsB—ŠiÂÈe +M·Ìá(úY©ØVñÿ.q%TR€E¬¡#š$_q|ÉÞ +ã‰b7õ}J_TÇg‰ÒII#Y¥ àw²ó #㱟 +В]òþh‚®@ˆöÕTp@*²Ø0Œd2? +Ñ¿Re° + +¡|)ÔCÑ3˜Ü;gMvÕ·|Â]ö)™ŠU€Ò›ñ +fª3ª0ê +ÆêOV}:ܯ­ªtœ»ÙŽ–XÚóÙ^?Ä)%x󃢐ú™–ŽgüÈœùn7]Œk·S^Cx>€dDód?ŒCc&’¢4V7,O ee°â>õ€Ö5¥;8 +ª™œv^Pw¬1ó4ªÇ +%š"Žo.e-ÒM«ŽÒÎH¹_вæØ0wNuŽx»¡ÝÁú†:>N|r¬\²­ŽòËjH̲ú6@qšWn,nÍ6"š³œŽ +ÐVp?qÄšÁŸV¡2Q¶“çuœwt-Ÿ*:dOHç2y_ÊŸYÍŽ¯‰1UZ·iÂñr•'8•6ô3‚åÃ#±Ÿ;v鷔›ý–>C;¥&§Uëµ +xD Heš¯ãù%ŠU»lEÃdÂîo$È·Žä,ýÇEº~܀ð|ÉNÁ +!ägŽ0Îÿj‹8J7É«÷÷÷Š@ST’÷M¹u›ß=dº$[SUnaK}ËŠoÌå4žeå +ڞ^dŠ,¬m­:bÕ{·ÊVËy#—ÍŒ“ói +Œuoîœ8z~sT/ ØVQÙ; +hµPòNUÎ-“êþº}=ÿ©8ãžv±šŸðœJòR¹yMûbDIy.ž€9÷kßìÛRˆ§Îæ’ =i=öŒ­âØƒÈÖüü¡Ï›@íëñhN +øF”°ùÌÁÎØÂÏNímk +H®O‚ë +!Ž2ìë°È*Ža<Õ«F·Û,Ï¿’5å÷ÜQî]Á*}ó‰â7èûÇbóbÜŽÐ7F{àM + +E`L¥xxñUàχþá†&(鷏’ñ¥ˆß/ЂžŠÕƒQüc0J-Zs·ûñ_FYHwõyˆÓ,˜œÎßO Òdc—oÛ,W¹lìÁÐœîÍÑÇÚ=rt'DG^°mI„oJ@$“Oؖ ++Ê +46\0G·ŠšHø†Gɚ!*ûóær2OÓ7¬m䖇íûL6Œ“­ªÙúñù(eƉ{pGë!_ +1)v6¢W¥Òû +$0ygý¬°O5š + +Î*¿é\/×a4zN‰;TJ&?lÖZ8Ûá–× +iXð¢—TÚÓeÊËgÕÏ;ü©RX~j‘íòá×HÆcG3ç/µ­ÆœŸjM/{'‡ý +?Ô}‚ÒÀÈ +:ø? 3u/\É{ÆCü0©sXe|Ð!Q®nÛB&|®k’ô29m8S1¿Ž•Ÿ¢gИõ¡ +—˜IdSî}6'r,Iå÷Â[­“ζàÈ+ƒ/îtâÞhõè#†ÂNröŠh‰åµ>Š4>£¥Kvׯ$Ð+I mxeH€µ.ÅŒ{3„ +žiÙ† XÁKznhÃ3ҔΊK§nd/æ›\p)Õ{ÅäR>¶š^Š;{Gþ%= +§Ÿr¹O”IWӟ–ðg×å=Ùw‹¢Iï˜=%µúr°*1c èô8‚çÕ +w·ËŸ—B0éw.·C/çb¶Wº;èÈ +ùõî5øõžAÂBˆŽqÅ*‰Ÿær;.â7æÕ·!A& +; +û]MögŸýxýŸ"ƒÒ¯·›R"”V°. æ€òÚ³ +×݂l™y÷*ïÛ컪ººµ^Œ‘š¶â. +/Mú + w_ +SšºØlç'š?O +7kÑ£~žìY1®eÕß¡é÷{ft¶ ‡‘–Ÿ¶`sâ#¯ÉeW£g€Ð +LAZ ÛÑ©‘Nnõ©Ä³[ieS®Ž +r«˜R +¡NÓyI¿cïYÒ])Ésø“Žáށ°-ŠÂð~+:d$^?² +ôL*¹g +ýžŒÍ5ŸxYr· +žÝ*õÌ}¹ÀrÀƒKvø[WCl +ÍàeÉbžB,—”qh +vÊ7 +-Ú;m™ê„ã×-ŠU•lm(4©á1'ù€Ò¹ÿBFVi(éuNoðÈ£]|%˜:‡žè­6Ñ*zÖؓ‰Ÿñd¿ +®–PxG/†^Î20 -Q\9:S>àžbŠTŽdœY9˜Xy#\œö£®>Ñ)è)vè¡=üz/“ +B +¯’Þhº+ƒ—áöŒÎ]ó~±{Úhn:¥ú­K¿©ÈŠ°ŒC»ínœ‘ŠtPÄ¢ +ÉxðGž:²€ù!šJ–ÍAÔ5/FŒâƒî×9Öœ"<ýµ"Yx–Æ`ö-æ&i†ügÆZðù}të¹ÎŒÊôãø0ô8‘^_Ô[7~_¬ +¶&<ÓqOš¶à€Ýažf4˜ªqüý)}€*v`ƒ^ϪÖi(OéÏ})VŽ’ù$Ôêw!î +Sd.Á¥¶xþäWI’Ò±8 +/ëiÕžOU•ˆ-ʕ™¹íÛQŽP‹ç«‡†^"Ñk2ö¡mÎÙšÃTüâsššBâ@Ý9KÄíꮘ8׫‘ +ì3šT‚·Y +²,ŠJí©ÄOƒ—Y')×ô8@<âÆ7D"€Œ8Î˶Ž‡ŸÐè·QŸÕb,ú"mªžp"ŠŒºröÚ^â©NLV-&ý¬ž%ã€ä÷(”?4<Ë¥5IÄ0èc+;ã `‘ +ÍSYÚsTÆo9{_É]\cáî4þ”D}”Ç‹^aTŸó»ÏÏýÞaq +„}WbÙ¯ªç“"æÏBÂÚFè5­yO=ø·÷íõé¥#L +kü +LÒ€Á†Qü±gâé¿Îò1®£èU]ý5 +že؟ + +êÜÖ +mõ9óžï'8RÙwÎîk«zï0bû®Ñƒ:éøêa +dàÃ.x˜ J¢ 4+‰³éâŠ4lVèӂŸ,KN``ûÞó CÚV6^ÀOÒŒTI.&jçÁɊ +áÅîzþˆqzð`öŒ²Î¹žš·—ò-=Ò9EðJ9ª-v€GñzëŒWû Ýí›é’×Ó +×ÖÛx”X0Ñæªé(ÄWeí;!üž‡÷îqÑŸ)K¯Âñh.„]厎œ«ŸÖ±ˆšW¯NŠk—q£1µ©š÷ÙÕÒU}`œÄ@¿ ÍéOMM_t +TÈêZ¯R裵=5ŒHõd¯™JÓk<ùþnwyæ®ÆËτøÁ%é8Zü¬ù¥lÒ>ˆ ®åXôà-þ SÇe÷‹v=ÒŽeüYvpÓ÷ìÎ5kÆY©>ç[ë¢ÙaD +PL +ú/p:{™càÎ=“pÎ쇊©Î9Ì~‚:Ìî̬rÂèÓH£²áùémҔ[`ŽÛ(ÅVlV)ñåE›ý­JꟷÐÙëk·ŽV¬Rœéi”žþÂA,‹D÷©Iþ +îaŽ€ÃÈ41NT# SMÿpþu¬kÿÍE斂Iý[¯¯õùy+‡I뀧Xž”"³Æ‚±éëK +Á„"·è®bŽU-Òë_C‘`kiÆŒx5(]_³ <¹ÏÔk‰2&‰l3qÆÎÏKb?ëèÍ«Ž3*I^¹Ÿ‚Ý"§->åŽz‚âîŸÀÂ@·;]É}3’'Ïä}DV¢.ó€E©Žã6ÉLÿŽ}Y +Ú8Çx%ˆVM`L›qš «ÒŒ¬nDÌy®aœÃ#ˆEÚe€Îdi¶; +º+Ó_^?[Y`¿ô•@xó=7=Ø;ŠŽXù./¯6Ÿâ}„tZ¥ª9Vœÿµžê RƒÆ<ñ4ïä÷†×gqAë +ÉC +2û€ºH +¥f= +"c•­æ4EòmZýv—.‡>oµZæ>ìÍ,—Òeç +š·Zø®~v3Žþjp²v·—ñëRÄNqµñ0Õ$AhŠÕ˜ôŽÓni[Ϟõ–CƒÚk€*p¿ +r±KBÿ9ÝȂÃï‹_ñ +<iãg– +óŽ÷îö?•Ü‰ÓÈ­Æ|ƒ2¢æ霆5Kž:M×ÐKÓ +ÁSIR},ŽØ‹”a`öˆîø‘öþy%÷Eqœ®p +þd*æ`z_p’![AöNDɘΓÁUbDÞzw¿îôq +>–Šï6š¬×°R«§wÔ{EIû6m}Ö³AÉ\Œ£Ø幎è^ú})–ÐhpP#— +zfš,×q5èVM+ +siˆ +2>êp¯±áêҏgÂZ?ªo +Á˜IvØANëÚÛ嚞².úøç¯ +ÆêQœ’ù}ko¡Ü|÷I߶4UÅoÀ׌Ò^™é°`Q§sS?Øɉk'k}ßQ +Qß- óJdJ7 +áŠÉÈØÄYëÌEž4D’ +Ås· +$hUæœÍôÃèA€²\Wœ‘u%jŒa +Mƒ‚Wò¡ñÙW“òº3*èûãŸhkª“­áGÆw¡qëÈC‹d™Œ.üøÆŒDGƒ?Á6ž¿Ý.xÖ +®,?›ÆŠ_§F#±±P“„ÈünÖeRr¢UïöJ;rŽã +¡Yy€Žý`§”%ºŸ5Ú|/$õ{ÉöqŒÍïٖŠzõ‰ÒwúЀ +ŠæÕÁ¿Y*QîwãN ~‘s€ +q%5’ôž¡ÃÛ€q¯§Ø±ÀnäSÏ.ž^ +Ìl2q'ªSPÊÑÅEj$‰=kTr»¥–÷òy#ú®Ïž³ +ÅÓÍ + +KJ{0GGgoJdᙌšZŸkÈÏ×;š‰ÆÞs»µêC÷‹IïåÛ_Ëō?oœngè‚IŽÞÎE +ì[€­7œ<tä­<¬rÑÌÔF +1Õj¬ÔŠáOì÷j˜eŠúìªøRÿóXîgpäŒY(þ –àþëÂs•ú,%¹ˆ|B˜| 'µí²d|ù)ç.†ˆßÀººP›;Ø·÷x?X˜qg“í3×À,Þ=ßq=#í)×ÿùé³µ +endstream +endobj +6485 0 obj << +/Type /FontDescriptor +/FontName /OMGQCW+NimbusSanL-ReguItal +/Flags 4 +/FontBBox [-178 -284 1108 953] +/Ascent 712 +/CapHeight 712 +/Descent -213 +/ItalicAngle -12 +/StemV 88 +/XHeight 523 +/CharSet (/A/B/C/D/E/G/H/I/K/L/M/N/O/S/T/U/X/Y/a/b/bracketleft/bracketright/c/d/e/eight/equal/f/fi/four/g/h/hyphen/i/k/l/m/n/o/one/p/parenleft/parenright/period/q/quoteright/r/s/seven/slash/t/two/u/v/w/x/y/z/zero) +/FontFile 6484 0 R +>> endobj +6486 0 obj << +/Length1 1626 +/Length2 18108 +/Length3 0 +/Length 18959 +/Filter /FlateDecode +>> +stream +xÚ¬¶eTœÝÖ%Š»Kp(4Xpww'žPA‚Sxpww îÁÝÝ]Cpw·›÷œîþzœÛ÷OßïGñì%s͵æÚ{5¹ŠúQ3;”-ø ++ +@ÉÒÆÄÙIÍÎFɎWá‹"ÈÌð×ΉDM-î‚-íl%€`@ +d™ØجŒŒŒHÔq;{wGKs +0€VCM‹Žñ¿,ÿ„LÜÿ§çoŠ“¥¹-€æï‡ +ÈÚÎÞd +þ +ñšÀ À7Kk@\YEGVI@+­€ق +ÖgkKS€‚¥)ÈÖ Døfç°þ÷`jgkfùOkNL±D@€“=ÈÔòoÈÍdÿ‹`rŽ±trúû +°t˜;mÁg¶XښZ;›ýCà¯ý›Ý¿Ù;Úý°ùëû +Šbçv2uŽŽþVU‘ú7O°üOm'Ë¿n€Ý·¿‘fvŠÎÿŽô/ß_˜¿^0ÐÒÖ ¹ÿ©e˜Y:Ù[ÝÿÖþ +fïhù/ÎN–¶æÿŀà2:šYƒœœþÂüÅþg:ÿÕ'àë +hooíþ¯l»Eý/–`'õ7&$V¶¿5MÁk›[Ú"1ÿ³+²¶ßì¬,ÿ¶›9ÛÿOŸ +Èñ_¢ýggèþ’šÙÙZ»Ì@ߐ˜•ìÀKhÿïTfúïù¿Aâÿÿ[äýÿ'îjô¿]âÿ¿÷ù?¡¥œ­­•€6àßo +àï#Žü}g +€ +g›ÿW +ÐÆÒÚýÿ+é?£µ@ÿf+fgmöŸ>Y0ðïHDmÍÿÊÂÂÄòo£¥“”¥ÈLÅljøŽþ;¯Ù5lÍ@ŽÖ–¶ ¿ºþk€€/¬,,ÿáûjaiúÝö8ÿíٚý'ý¿Rý‹<³¶¢Œ”žÃÿáqýW Êß%u·ÿË펢hgö¿ÿÀˆ‰Ù¹<¿°rñŸ°s°þœ{ ñr±xýJþ +ˆõ¿ÎŠ@°£¥@ïoß,¬ÿêþüþëdð0’¶Švfÿ¬:hköwÓþ—á·©³£ã_ÿuùÿvý?ÏÿÚyÈ +dŠŽ²hgÊh•š‘®Áû98.¡×ÛÍ +=d_\ÿµ Ï·Ê®Ë'5ô7o¹ñkuSÃ$ß{‹û±ýÛ® +ýÞp÷'ëÏ]É ó\b/Jºž<Ì +š6n†=fÃbÔŽ­Hϋy +-].ÍœíqU5âW8’É6vG„‹:_J—<_ +ª{{4oӔºÜvŒ¬šüãš„ÇûÏý#Cƒ]W°=»D +Ù1ˆÔü.0š4ŸÙDºåžÑx!l•hØF®žÇÞMÇ.¢sžPÛmÉÀƒšCçª#ìúj¹àà!¡2‰œÑsW$A¬#_ϊ”:¹èŽÏæÆ·w€CXâívQSé̲VqŽ~ +À·xS–ï’æpê¥n跈M +SÅ +XžÈÐ +bIq‘JË /&H‰i"òC˜j]Ì_º\b!f>-œÓ(@ÚîlSaàß%IŒï éžb)Ü€+zy©’Ž§¿É~CšÜ tÒ^šŠP$֛ÁÜúbf¹Òak“brz£H,ðÙÈ2 +«:ƒüJ][Kì(-ù\ðÃqÂ?9ºMd¥×rB +$Wn΁‹É¶)šOô†ÀÜfóZÿö‘M6 +•^$¯MMÇë6„’ݝT ÖµÎÑЙ™žCK4þ +¡š‘Ž׳±§ö£øÌê(8§ÞxŠ°W œMcÐN³pŽ$õDà^Òß|Å'žƒ˜›Y-ӎÃ_ +š0,)Íä]POd™‡Æ¿mâ]¥%ìbøãb q«G +Q¿ý²ñàê +ÂòìÕ +"š0°8 +š®L.| +†"‘|øQnè +Æ HbPb +D"ãÕ:ì®%{({š ž™Mq˜!_EG~R&¿÷4]`â‰ÀÃbÆÝÛâý +o +9ہ_Êæ +°HAÿ]NÍ­$q8ªÓY»­ÎڞiÅi2 +¹ü£° 4á+aÏ̪(žà‹Œ=ñµ:É_ +ëŒT +ø&°nžö€h—0äŽ_²}E2*ŒËo;òœ®ò‰ä(`ž0ª4ÌCÆ}ˆ]šMkŸ¶‹›Ÿ,s©ÆՈÍÁ­0øn¡‹ãùJ°”ü‘w> ¥hύ”¯Ù §KžŠþöœ +p¹EÍQœºVè*aV(dœ +šX.Š + +D_ŽöZ²åÐÍŽöGTOŒI®Eþ-֙ ;ž +Èn‘1p%¡§0Ž[æ‚bZ+ŒGœk©qS¢*G€OeεñOȐ +›ïä²è»ÐwC5àÆ?×pJi~ÒšUqËsHWF~©€ŸÌ˜Ôðc„»Ä,AÙ×u +¥¡ŽyÚëx\ùX—póqX!Ò.tÁº4Н-HžÌ1þÂD­§)‰òpÖä̌˜‹»óß;ÓU鋍Ÿ&㚞·g¥¯íA)¬òEãd¿$È¥±Ù£ zq9kÁõ: Ÿ%­(ŒÆ•1»;+FOæsœÓ8j:¢ZïÖ?Š2²‚>á3^&[=9ŒoR¥²9Qp0]ô—‘*b>_ŽáÀÊ +›šoÀ«ºÿBCOh sSÀ‹©$ÐˏÝGÉJ~}æ@¬žRÓY›WBœôˆ3ƒnOãœ"“ÉÄV°ÙÂ8[þž\ÖZ@‚º»Ðϋ>šÁèˆH_«J}J³ÀG"õÝb¿9q\î·Ëâ}<Óâ¹.o[Š×CiM#Õ‹Š +yÉfRe÷Êùn÷f«vQÐ}èô°+›Àûnk?ö +‡>û­í:Ø!œ%râç +Æ'£ +ÉÍAÁpB£< Žù×j­x÷reÁ’Yá·4 +?f‹oÇOݐko +Z²ª1ÇÃÁ:žÞßaêŸÄFÖY) +H.‘þ”‚`r/š³Ñ.Œª$ +À°;žM™?”:Ôöño7!-“ûk„5lñG?‰ùU ÍQŸ6Ýçøûcq|ßú BtNµY"ñ¡ûŽ, +5„ĺ +öÏߏƷ +{â€ÉŸ¯[{Ÿ?õ«!S«äQIÝDl?» ÊUÐ÷–7Ì÷ÞUÝÆ9I¡ñö˜ð„ÓzÓrözç·â>¢åÝfïzԍ³Ý/G.瓹IhÁ/ªBnÐ]”P‰¡þŸEmú²ì/ÝŠ1I¢Šû;êÈTŸÙål•5̆@¥ÎÁlÛϱ0·Q»œˆßh³¯œÒÔo?æŽzëÓwå2¬ÎüÎ?ô?pn üÑY™Ù»Ó +ÝϐedûñŽ#É¥!#îEÁšoîHÜ#ÎwË}Œ#ë–/m¹‡6œÌtÉ +#C$li/ƇÚÖÊã‰x]OI‹”oŸlúòù5%çZ°Ö§¯4škðWƒ¡t—BO荡‚¹»â‚ÜG‡Ý[󑚣gIð9Lq‡€3 +ØŒª3DªçʔOY +g£yžLxäœù§T +Û#¥òZÄlER‘ +þöÜ..4’€]tC×yÊÍ35×=o +³H# +KGž¥É1W$ŠG›):Ïӏ„† +„xˆ²G +¬BµŸM;¹9k©ÓïÃLí‹“ÈsQhñ·;"?£•ê¢íg„yoëXª»’z×ú(Q+ÆPá±íƒ†Ð!$XúTAjöƘóWAF ++ DœFÚñ3˜•›¶*ì ï茄ö¶ô9ž%#=k‘%RŠ^p“«¡œ×¹ÜW}Š*¡îYE*̗(a30s&‡džÝ‚ÞÒFôџªH&0x¶X4ˆðó205ujÞ¿b9G +ó^ÑŠØòÔ¬ñœá' +ÁUï`¥FB[<=¡fJr-‘ìzãGIÎl7*Í}ZÞ®vj —ŠVz¶fB +ZoþVûcߝŽ­m„1歛ô*“c€á«õ€ep€u +VÆMÎA„ül³ +G:I¢ÈVWhËÉÔvܗ*wG•ÉR +ìc—w×Øâ2 +‡[dvUX>P}°ho¥ùElÙöž=ŽÀÉŽ˜¿<™8ÝŽQ~Šº=¶0UÓÉw€q¹8yþá÷Ò¢/ì>X#ýäù鿇Р+ŽEkªŽÆúݍð OTX4{—OIàb³`Ð÷YëöÿØ*6ù}ß³@ž¬€/awœcŽp†1<˜6ˆ}ýa°Þ¡(yX¯Œ­¢ä׺W°w +¿þGÆÍæïùç͍Œ³ƒnl3¯`ä€!`ée‘ä`£y ƒÍH0ËÂYÚßvŽ²~ø›¥])ØÐQQž£­-ª©–¡’ô¢~ +v6—¥­n!ŠBf€‡øL~¢ÿÛt +ßínÚ¯¬±å±L +ˆŽ_\iåÑôbæð(ҏ§S«-dŠú +çŘ<Œ²@ŒŽ­*Ù¹wOéK Ìž’ÜÓÛ«¬è1Ñ»Šœ +&ŒûDf +-UN&z~牕ðW_ +3c¶OWªµà;Ƈá‹}Ã`a±TAͺխ,5òʒðè3Á¡ŽNjú0Nué ‘4^DmhY +Šœ|÷·&Х­ŸÈ›2ÞæÝ';·ý]“fø«_Ô¹‹àûÛ,‰“àq’Ù¡S{ÌÍ],"ŠáUD>Uíç[Ó>OJd}Y^· +u(:ٲ·"­q" fÅSDͬÌS #D‚Sôf‘x!í~dLžWóúŽyA±z +`U +™nRJ '~šÖ¿³ÊR-@”€6¹Á҄»œ +>ROø]ZÓë• +;Þ +ªæÁÁpûè3:|±yËŸ©·‰–”FÜï +MB¥e˶\Œ,˜î¢4X"ZŒÇ›ž1›÷»‰Z¶˜`h¯•=.töó„È3ˆ8¢ +®Àr&€(µh™±šÙ_LÞDáß·š2Žš~:Š BÕ _ÖsɜçhÄK“í|SðýÈýÖ(Jé^KnS +åõ^˜b?†/]Ž5\s?F8˜ì +ZÀkäfoZžó¹9\”n]Líi1íxä¬ÕÒvKnŸÀ8)Ñ«&t€òìÏÛ+Ÿã™ˆrr8£ŒÓÊâ(ÒGn|Øa +¶‚:$F‰B4`_”y–ý771ˆ“Ôž¡KµîùƒŠO?ÎBÄúïÇàšažØÃj*z`ó'~5£éXmlmù + p¹¯ +}ýÓßN¶ÑŒŸ1™Ðw ŒÏ±M}HY*ÐR +àþ +rDº³³7ŠÐî“¿55j».ï(ÿüíÂ/æÖ¹øvêÌo,~xºìD ­Ã±“‰Cø`þ÷ÔLßXš +wkfü&9XŸ7_)-åó 3PmË@ÙÂ6³ø-Α@ÚãÏAJ»Í˜u¬`9žm+¯VþƒœêOõ +jæ8Æš·ú8¡g+&"Õ4Ò÷A²žìŠTgPrRQ†Ÿ’óx+Ò҆ö6¬9ˆK¥×Ðí|€ž«÷w˜n<Óøf‡ä +±–3‡ñû+pR4ٞb]yè9òw*ª{ÊfœD÷{O©ÑïPcî8ˆ\²÷̙Þi9ߓ,«d©·sÉäÁ²«¡°‰@„€ßÞiŒí`ŒiŸ‹7ŒŒS +~i£8Œ‚(ëx›ëVîOÇÔCœµŽ—^ +ú[Ÿ4e’Ów–£ÌÉ3ŒƒñβlâçÆ?‡R¡eÍšƒÙ15žÄØ$¥§ +ÂØPÂ*Ï¢ò2¢r +j ;ÇÖùמ,£C‹‹ê? +¥«‚˜b†j–1Ü&”N€·O¯‘f:© +•à@ƒîí#æiѧÎk&Þgö +%£l +³1Q‘Ÿ’§‚Å‚o&X‚ܯYî—GEœB :10KxÖWQmšÔaÖÉ\šõ•ŸSûŠ?2 +bœPè#5 +7R**jš:G§·qxbkD +HŸËczĺ{pÔweýœÏµz k§^ôõ]¹íAØ +ÖDk¢oà©Ò«„Zïu÷ Ë£°e +Î*CÕÈ?Ö¿Š'ŒƒÉ +ŸŽ.?êÐ{ö$†*îZLÒdgçyÑã@÷W4m2 +}­á©1Hlgk[iäpݧ£«ªçQ²sòþešÎÇÒ*jˆëÏýR +ã©žmwE<,ñ“ÿåhŒ0¥Ë6MiˍŸäÕêhÝ­œ€ÿŽ’if8GpâŠYò +Ä~ßm0†ØÑÕ¯?ÙÚš¥Î³C +Ùò.?í$Þæ‹Ž=Êy®ª%^€û7ã +}ò +`$ùn¯g +ÝëÞ¶%¢"¢Åø)OÄæÜå¿0”-~7 +ͺà1?‡Ñ0 E +º»]_i¿ +eZ^ZD€Ì¶îælŒEɎm• +H ·C”]I¬à~ÒÌÎ8Ê%ªP~Jӏ }%*¥ZyŸsÌ^vÖJ9"«¹hh;O +=ð-+"šBN÷m‡Ú§ýp‡ùÔîáúV#“ëɕ}²ÆHCâ +`(ýè?J¿–5Kÿk#èÉ@èìØTÿAÐÕŠ‹%AŽ3¥RØLâOªÿh݂îÙØ'†x«˜[é3[ö‰w#„mE<– B^¶6±ù–¡­íšíö5‹€)_Žøœ¥‹Ÿüí—ïaSCô(F_ËUê²| +¢YlÅqÿÝÞΟQô›”ÆÅš\‡Çöf/›E¡ynûÄeTOݖ³ŒŸe†ä™Ž2Ætqþ>Ã3Ö7ÝuöQ.áÇ&|°hÍ<8{í +3P9òás~TLŠOìHLºà— +bÚD + +Âܺòp$š“Žcæ{ÙUš!ïÏSd +˜›TC' + ›Wšûèâ§}[ùÀ™OçvÌ)ˆø(E%£˜U8ҏÈzüŽª·Î—ýL!žÉÙpz7 VbÌݯ$ZŠÓ¢H·qpap¡czýøÆADšœGë7€£þÔ®üœ?ÛqŠ/KôVڵڏ}Ò-‚G®„F #ƒf1ŠžÏˏ"6Jú±fì+{¿ÔîxhΚ+]¥³I%VÖÿŠ¢’2Ä_+ºÍcǗðEŒ$ÿõ±â‹Ziå÷«šÔ?UÅC=sôŽýžS'4ò›%²|Ë. +‘ÿ]T«u­s”rÀlOÒTðÁåk:ªÚÊq>Ã%š¢u8` ãTÎ +fÚ¿,9τBµöú€:å|¬l圜‰ +Þ¬HkðâËc†•ë,‚†ö&uÌŸÃæåî©Ú‰pìÖþ&Áo‡šÑ™=9ß!°êž–Ž&†\¹ÈçÆLø‚¡ŸíÚOÝ`÷=ᢗ\ÎÎ>:.ý£~Ÿ†øÞÔ-Š!{|™ÈwÁ+BaᆳPr„Ò¯gñM–ä|S‹{^eœ5ëP%p4D‘z4„—Ð×-NwDn¥ +|h +œ¥á‘,pEŸü§¥‚›§ý5ƒÇèê+h±×€¿BàíÌFåÕmðQ«úŸÃËV•üO×ð +ÌZ‘öcfç°akÜŠmÛtXЍ0ž)% +®,R;?==ÄՖȹ±¶}9®“žPÈÞ¿'.âÇl#ùëóŽ|†K™³À;Ž¢—7ò +vß +,År‡áú–}Íþ¹9«œ¹ñÓ*jè—uö +á„BˍZ÷ÅÊX¶ ¹Î`'^ÄÑøŽC<‚¹#4* +æ$s¬ +‘ð‰­ˆ]ä/ÚCîÒ¡¢"œkën +#è`æ3Y +V–¶úáWIý/|4 +° +Å0ƛ˜,+]Q +¡‘BD2ãT÷OÔª²áÐ߃Ä`tÕp9Ãð„À˜•™fQ§é祖eh +d +ßxÿVÙà;pa® +|c?ªÙ‡é +.k +±™ËŒC ÿšv +±ã-ø`-çë +TŽœssIc§øŸÈa»¯ÞXÌÓœƒ  •žw4%g]žaîJf:Ë§c3ÏÙP|NbŽÂ53ΡáÚE*rƒŠ‚'ØsÐՖŠŸWŒùw« +—?ævŸ~Î6j'zZÄöγ;Dõté +zÙ³D‚h~¯7ÅÖ «ðd7œf +Žt+ŸH#Éô +ŒŒA ±ÕM:NOˆiAOM} š–u‚¡ö`A3Œ>žgTCØ +: +Ùn-·ÿYobiò‹ë‚£%ç2ò‡[šrÉ#ÙÀÀk¶ +ùÁ[’³ŽŒ€q_u^·=RØÊìòŠQ¢e +72{Å +zƒeÛö9Èþ±‘ªÌ^¥öÑ^IbÁˆ&Ÿ,P; +Ÿ(oÝŒ!K•x×&·n +~g³ŒCŽ!Ó}æÞë›wµmŒ,ž +Å~ÁHw±[ò7t íäóÔ<àWcŠ +ø"‹?@BaÑäâ/<\°˜ÒJm|wmTŠ +œë3€ Èþ‚mŽ+$üÕQ—ûŽKãڄAל)Í +Ð{êñx>d^ršRn¬Ö@·ÃDB°t +eÀËa31wäñ£™÷Ï€˜.¡iáT¶¿±ŸŒO„‡³÷š-j™Øœ: q•9‡9†©nƒ-œKŽŸJŒº]õ©7qš1£sع|þAWûAWMñɃ€g> +f-‘UNƌ̃+W„`{("ÒE}ÿ,±^üNíºÃGš݀~Yüm°Š.«û7³ÜÙ³“ÛÎàX[û‚^Èîñ]| +:œ[ñá +øÑT”_®m‰öÖꧯTþ֞šêœj±ŽiGY–$ +ƒ ‰³@øs[óû¶0ZEۈRÔöæÝÀ%údážîìàJçxr/—=þ~}3s‚V +ÑÚZµdœv<,ÎÙ±4‰áSí*âCILo—ñùð¬ÀŽFzX‹²úŒžåŸ¥¥°Ý¢ +ä©TŠ}Œ{föš@d ’Ýx)¿çRð—ºÞüÝÜjq>uÏ\=GµŠÏŠÅÑBU 9óz +vçÒå ÛàîôÀG!ÒÕüìs +Òõdÿª:76ôEq”™œ +Y—(p¢Œ ‘ühßHMQ¯õՋqVšÒÉM"'z],€f>i‘/± +¬B`%æŠ +ažEë{vudç/›IN +¶(°·U1U‡6«ø +P®cÃÆÙ©èíV©Z‡&ª€Ÿš|ݍ€N±g!®R 3Wþö™èŠ +¿6èjèTæ$s¿ +²›Ÿö¹k‘Tê +$ˈ>§XœuYL–¬dá®r‰›Ð$ž Bºd +ñ»0ÏxÿJ*-Á{`}ÃwÖHk<'¬Kv[{ˆõ=•Î»XÆì+ +‹Ysè6,âtüŒõŠj +‹¯tÿ»€JATPÜ|ŽÜI_vy—}l +â³q–òö#ÛiSÑFiÎþ"n·:T"Žš46Í+"ëmíR(~ŒÚóûIõAóCßÙÍ£H<Ütù‚| +XN$·èüµv÷whÒ¹qÒBb©tηïÛÒ +ðs³× +U#Éžíl‰Ç™CÂ* +åÅlH^É¿ç— +Œž‘ +mSÞªL°üŒ68ÞÐ&q.úØ¢/ooòœ:3Gíx¢Ì +ºÛš¶!îÙː=&¢&à_@nÞ!Vt­A$‘P:(ƒ€$ußqókâïzEmÙÌXZ6–{lÚ¬+œClø˜Œe³²Da\˜g2rÔlxfn%±Lì¶ÙÒŸ—BÁ +éåɶ +×¹Ì6®ÝD«Yê +®y²ª-èEk?ö„Q+‰(ÐaÕ¿» +|ïGñ¿)>Yј#ðj‹Xö?ðÂóCN²¥y÷Î\(î©lõq›h?ºœãe(ð”Ä + +µ€|‡nöƒâf·ïOA}@MÅ2ÖÉÑQ +`€Œ–:ÙoÔ4;â_Öi}€§µU +èß +áçþºDSqpuöÂFÞr‡Åçú>æËx%¬ïcƑ–Wýç×Kóé@%ÍO +80y9ŽÛŠ\\,?xÑ­Èܞœž +¢“œn +Ãr9³(+Õ¿“ + +Ru +孏ÅGä +§¯^Ï}‚bõ:»‰SՇh+“r 7Ý1Í5‘-ÇÓ +Öo'v +_€Š=Ù +qÄ.«Æç>¢É3ìMKëÂ:»ªu;x°Ç­;Žî\’¶€–1YÉ1SJÞ^Þ³ù虛i†pŽ +Ñ±e!vv'P(Z¡j +µ +˜ŠÇDñ°]8íüÐc9}ÞœªÊ«nÐe˜óÓ+ž&Ù!I^ó8®%í£Éí¬eFôHªšÍžê`oq;5þÿ§ùæ ‰[ó>»ôŸ“1P/ +QÖÊ' ? +Z썮Òba +ZCÓP/¿gÀ5“üìo«Œ¿âSò72s¿yÅÞžà&ì×DF§pǕ³»XHadiÜàÊ.qÇò€å +æòê +tq­CTR—`­ +`“³Uœ*²÷yqóÊ€û1­ŽÎã^!Èfµ§+óðSœì€7c¿R]š®åò‘ôïH?y]jX#ªqx²òì¥'³3VE•‰nSQLõ„[žϟU_> +EµžŠ5MžÝl:“ª&ÝËÖµk +â" ­7â\ÜUhÞÖšY +ã**éqŶ äìÍÿ +3 +»$—å%7š7çpœ)ãÀŽ8åŒèÎ0pÍb'`·`»Ñd35vH–ÅÞã +¯¹è9 +w>þ`Xä@=D¯T‡Ÿ2O„݊Eø>|Þ³AžÈ–òEÈšù¥ˆèáÃ#§mD'ÑQ¶Ì’D:ŸÓu¬(òÒ¡”[Ç +ãdt +ߎáöë‡n|¡RZé}‡¯é#Gr“Àþ€‡Ñžã26—°ÄӮϒ¬1ÄCö‰Eƒ +óJ.ž +!‘už’x€újŠu•Ðd u±ëÇ"5¢rçBSc·ü7SuͯgÍå{šÖåDµuT@,0§ã +êÚ3_?ÏÜV€Õ;Š€éŠ,ïé莶ţ° +(šQ|Æù™§zkAplO}hy§Wjߢ†žõ‘yCYÇř!Œ‰-æ ]õژÁ÷ +-žG9D1¥å÷W +¢rœi%9%?5ŸïçX7‰äVÂù÷DÉÑvx*yÜYµñé +æáÆ‰”¢t–¯$§ +€zÂ¥QÚ8 +Ý¥„šVn)U2«S×Ä~dI) +1ŠoÊeD5)€î›‹rX‚ê.0W +ª !‹6å­MÒ$9Zîq5ò«@’®*UEü+öˆ« íçGoëÝI2™^ú¥÷{8; +£L$,AŒaÈD6eÌ2j¥; +%Úåu­GD({ö!ÛP9È +¹º¢}dœåUkm˜ÅK@Ÿâ‚öm|k–'Áé¥Í’¯³ +§A•vç$}X÷+7-,&ÕÊÓ_fš+€G¿À„É1”Ï®·Ž8á +»¿¿O= 4®Óýþý›Øít +ÁFmÓ¬I¹ˆ_„3ïŸmüvIgØ}£ +ÜþæŠÔ³oG¡:xE{®ô wöŽ/Ø:i~zvn/žˆ–ÎïS›~ÎjÓáá! +Å>ª\ؔ–0VÔ#º Ì3Ë +Z&Ý3ž‡/Äãþ캵ÈKÉS]8âÉÏÓ$ˆ qòÊG'«ï=dçŸòÂ~„:±ÌŽ-m%˜IaÁâ^È5M»-Ú‡ +Ó?O\%lªûÁU:t?øù¯ÙºËŠm¯Óz'­/t!䆷©§%üBЊÎðÍËV ·í’-Æ¿ô +fá&ƺ¶AKÇ5-ApŠôƒ‘’K?‡•6Ÿ}ªñíUGmD„÷fÌ5oÄͧé™ñ ’KŸ§®%9êV:>ršÂíB?€a‚ÖGku'áð˜6šÜ;Úò_ÝSôCÐlB +~Ód”Óí +”Š-9Úm`j¡À[íòᐏü ~ù6&¹³9?°C³=·b‘ì#ý=è„÷Ñ$Õ93"Ž“T™Š)yùæÓ65§¯Úᣌá€øäy»ò•èˈeå[Cöƒ›œêªæ«í0fßzIþvîÊЇ€4ÐBåZ•‚ÙõË·0T“Qqc^’C[ÅôŸŠšüüIM±÷ðC[6DÊ +'Õó«v±Ä7RwÇâô÷1’úcñT¡jŒ ªŽÞE7ÃIûß»;ÑÈœÕÒ(ª:’ÉSè÷#2YW‡?+«]ûaÐɊâTiÒïžÌKáØÄ+”.•éšJbjŒ +TŠ+¯‡^<ݵ +8†~7B^¶‰X²Ž +“ +-4 óüçx·ŸoŸ¡šßšdWÀ÷NÚulj[]þð˜}%V“šKòUž©Õ0öKŠaþs²ÉÛLõC'Gót· ãëŒÞn +ŽÅ#“ÆB€ÔFtÄÚÄÑÔl;Ç^ŸŽ{ÚQÉOM$˜Kp”ÓFۈ`í¹ cÔ_?*»j֯ïhÆ;¶dãTÓ8‘’`m—Âw +|ûî›«Þ„¶{¿[¡HéØmwÊ +ÞýÀx{86ñ’žø|Õҗ€ä}žœ† +³®Ú|2WÍQiÁfªÏëov°ŒžQ,1^߂ +O¬#`t35ˆ‰6&§ãÓã9)n'Ųà ËÜó"糇!Ò6°W%È¡(6¢RQõ ÃÈq‹‡–9 +oør‚ +œ |È#ßêõØñXÂÌ +§˜¥ˆN„FÇK¡Ù’?ŽT¹?;œepK­Ô0`Šñ[ +?š8óݞŸÅ}ù¡+þÈ7õ©ÙËmPDÐp€Ø +Å +W: +”h“ +ҙŠÄy +8 †¹]ÿsߝÒ›QV“»„6Ìz[RV€÷ÇçO5ϕoIU} +@£˜1¡+»{îЉ0ÿû~“3æS@ } +1ž®™]ä]6ª—Ò~æ^BÐã˜MÎjåcÔßÅ話-êªüµ8ŽY†ìyæ§eJ€TG·“hjz +T +eV}ÏL5Œ‡O0aÕ|šûŒëÀìmwæ䮑T>º:Ó¹$ú‡ÿ5“™žpZ£š„ð"úœñ^ +՗Žœïk +ôŽþ­2/*;ßÞ­ÃI×7Š"÷èmÖoÛ.ðŒŸ]õæ3±³5[k]AAUdÄ1›/t®€ñk>\²ÎŽD†žûBÄÍÉ1ž‰¯Êò ˜ôÑf͔í³ô‘·ùˆš·Q¶'g +•¡‚iF7¿&ŸÅŸLˆÙžQ”ŒY.öñŽ'–2·ßÈ|9jš5Ž¬;§÷Æ,dúS›@/àۄ£• +‰‡)²L“LÇ27ÝWÖ®_ðöŒ$¶&áS©øWł/Îøʉ”ÞQ†Kkž~Ú£]˜4ÂӒ¬øÌëU©æ9Xšä +âb„ +,ûç¬ø +!¯§éH2æp+‰y2ö{Øÿuéz8±>“ƒuàlà]¿uJ„1ò“§žSí<Ðpzì3*b=‡a”M’î¹:sûcۈC÷캓ò~ã +çÜñM0_µìóeÇ!²~KO—>e÷÷o‰¹Åciënñb/ ¹l{ÌÆoûÚ`ú—}>w”ÐÆZ +|)ÅmHu)Ÿîê‘V”W‰1׌ԮB!Þ/—þe{WÒ +k$ƒð¡cº(a~m‡Úš( ‘uÈ,– –Ž)Ñ7[ɃÎÞt?Ìš7žY–CfGÒ£ž®Š# +.ëxs“ÜïÓ©·ÙãõùÕ; +šŸ2 +øôž“}+v„±‚A‘:©ÊNÁâx? +ouìO˜œt—ZÚ󃷆ë‡ +µûõ;o\Æò-_òˆ1€~§OˆÍúòŒÕbTÓÉZaÍ +*ñpË$ˆ’ā®£Üh +'JûµÛߐšàü¢o‚ùÏwG«OÖôç^K2éµùì +ÛH—ó‘„с%ëvѹž¿òbÖ2¿î·ÍÍÌZ•éîqþy2ê.N³$¿3«î¹t©?ˆ·ÓƒiŒÍڀw·,îONÇÜ¿RÍ\Ž +ŠÃ€2ì1¢lÆ7üš ŸH濖L²oÏ>ÊG>ÀôáˆP§·\î.$öµôƒðW÷ž +5”Ô¡‹Ù:GÆ +¥‚5‚ÐdZHBTº˜Ivʇã&ãeé +¿“(GkÞm*è +—ô15aRbw‡AUšúŠ”FšÌÊ- +Ž²™ù`¶{r€Ž¡Ô_>u!ýüE +ä$Ó1vÕö–“W?»]®á&¹§ÃSÍ7@ŒŒzA®Ÿê¿ðOíåê|ŽšúŸ +hÔ7µ“};ý^Ó«’ +ãhðß??|5â•jŸùEYMÓ ‰ +C„Ð÷}ÓÀY™ +<†w‹žZ–H³ò¢tÃWôžcöweLµ—f†P̏Ôñ¥LûöšIJuÕ¢”äñ¬`?§x!ªs°MÅø8°H‰Ò†+U·}Á'æ)ë”õ3©}ÊlŽ×šª®6BH‡àþÙß(×0c&ÎPA"€vÁ²úրïù™+XW`w²ž®q3`D›ððñø‰! +ÁHe(ºÙÜmó +`²© +›MœežêÑz_Ì£ +„è‹‘ÛP«—“Ðb«.š™ÒòD"æÆa#w¢ÏÑR¯* è÷“Až/)H/XqÊÂ]­/67 ¶4E§Ù=rA +€Ígò»×ùêd 6*XýŽaû8öŒ÷‰õ· +cí.s­ÏâÙ²ŸðOj£<›T5ÛÒõìýÄñ¶ùl•›ELA!ÊO{’U‰ëLãN¡çéd3ŽðìòUòn$OõŒR²ý +$ÕÓN¶šý&”5ôá~»ÚD)‘-]Šj„Ø +ìÐX¿Ã +¡ +”~8 +u »"À^2ŠØ]ÄbâŸqÎèÛ®©ó F‘öeìVdi)ï/1¹1.?Àa\Ó#µ^Ïl›¯Z‰ +ÐÚÃBSۉc=²L/-÷Üu¢±_1úVÂÒYáWe€±HvlùÅô'!4ñ€¡1N—?¡å@Ë+c`Š×KAqxr“n2Ò3'ãÌŒ[øäŠ +áÍ3 +»g +tö™ýÁ6ïgôNÓFÛª ‚¬‹êpuS¶n˜ŠƒV(ž¡’Df{áhÌ0¶Oç³ëOžB^<Ü=1$BÙ¯æŠ@s‰#ßÖõ1C‰è%‚Ì”¿kZX£ôÑUr +7µˆ3ìF󶄲™:˜×_»NWðÞó~:ŽØs²¢f4Ô6Œ« +úê­nA1˜Š»6üÊ\:qwݺ픷Õڈ'âÉmžÕ€Ò™ŒVÙ#B<[¡Õ„r? Œ² +bY>_íç¬çV–¬ +"4/Q¿Yå9ê€F%ÔëÖÓçÌqv³M%c8ÑŽ¹«~ȕ•{ û¥ƒ +æYœŠí“§ÊËæ¥Õ³°ÆXcNí›,·PØê€9t€Äøl„®Óli2œ”æŠ~ØG4ÄÃÞâ^?~Þê|а)RyÛãi!Ù +œH˜ÛiÁ Î'æ.r‚Hª£ª»\G‰epWu(Å€g”Pp¹>lÛ֖ó&–Þè?Ю,*KÃ`ÂxòÀz]æi}¢E¡t„΀ž»ZoÊ~ß +õíE±Á50ŗ°žÀŸ$6+é&Zž!:±1 3kŸ|f +Q¬UûaAÛ/< ‹¢¡ÇOìÚY·{ÈŒåjŸ| +M¡[u®äa•K»3É.I’CÍûY€@Wyø.H^oˆäæI×9eðҒË<2A8m™VÍ +29~ +S雹Ž/¶( +D‚JÔ­WóG¿,’U—1Ç/óU;dAíð\;ïñ*a¢Za™Žï¡§i\ +¢³¢¢Ý#ô ’^›Ÿ»ŽÌIf›Ø˜a²ŠHŸ¶»v{xv-îÐ=Ne휜| +Éõü¯ŒÈãÔJç)LÒ MŠöŒoÙòŽ-°21Ìû±¶üSQ˜âÕ¥ëÑX˜)§›‚֏RHzgG|WKb&x):NUŽŸœÕ­Ÿçž”c~ö­QÇìôD“ëŸ +•Qé +Á#«õž¯Úðl¢Þt[ €ì§tO‚¿ŽlõžSåŠ +sA­€lÿßà( +Ïü^µ„VSÉëü +±Ÿ4hQ¬zÊ0fŽÇNìþ¢€šC*E&í‘w¬^ªIø<;ꕙ¿95+»l +°sñŽÐµ•€_\蜷ìdQ@Ç1ÝmÂ5{G/`JÝ­qšê,MNDpÍ#{àÊÓªàQW㘣ÝfP¥ »L,]ÄÞ#£Ü†ø &þ•±K¶bŒ¶œ +')9ZÝ2žæ +'‚AˆŠkLNݞװë.ªôdyvä÷yéIµûÐÚ·šë§ßE³4™œi¢.Obþ$ +éš!Ƅ€Ž€[qÝWža¬VÜìnɀюeÓ8Wþ?¢#”Yhi«àh™ž‚©ÏðVOO4$+ª™Z +w +W›{ºÒ5žSÜ±©Gl|\«uWqvĘ6_B֖'z +ŽNã€ÆrFîrJwŽ2¬8h +„qam/²H '?¿j„  +NézEªÈÔë瓔ŘÓ9¥ôî ï>o])=1G +nÔ\KþY€3컂;]9êl +š.ø÷aß®ˆà +ÆT“d[ÑUCfÞ9oâÇþŒú#Z÷YˆýêLBa*„CM÷#{±ac!R€vùXÕÙTªþŽei–}ù>+y렕-èº~eÍb6á$:R#»{ç"k÷ø=¯à9&WfÚüW_Š‹á‹'–¢X±©0Š ûbXÊ>Â}©£C׊¢©I_\à4D>51Š÷ºy²ßòO\ÆÞe§»Å'ý|Äþql”{F5Gy†_¢9Ÿî÷ +䵧ЊŽ4!ä +ӍP$.RœVpqßä7ÏÊYcz?áP>Ǐjg¶äç8ßҊ;ŽŽÓ.1º|ëîÓ%ÚÇÏ6qôȶÍÑŠÍ +’/DªÏ +µ%²€ÕŒiÚMÿ€¥¡ºÚ®¡8 +ÝŸâä]ôŽ(Ä+mxMA(Þ[Î\5œ(Ù,Œ +’ìs_`)¢ ÷]BŽ€p‹øƒ +²H,ª3ÒP¹;ŽÅŒ¬º­žÂÞS §l‡Æð- +nCÙŠSk5µlč +ÝVŠ0­æû2‚_ +÷ +Œ®œ]l¿sÕŠ +ó‚‚R÷Ÿú-v9ZbFêvTŠë7/fúìœ?¯³8ŠcI‹ƒÃ؉1‹¹we!©ðeåÐ +ÉHkjÞ +¯XÑ:3 +#w‡`Ý+© +³}UDÜÏiFñFºZá*$Ýf)ö”_¬0§'¶ú©ËrESèž\ 4 +îì\dp†6ŽÒ +b·‰7 +JËʊä«æzdî¯0õ +õÚåD¶ +ỏI2ÌU­JŸnúç©¿I9Ñ¥™ u”^ž%) Þõ‹+ö.ì  =’å=ú^q=¡@8¶°ËÁ +} +ÙCq†¢ÉnhI5{Ç¿CZU0"ú‘fCIŒ#‚ +.w +qŒ +¢âû +iKv±•%Å!Àtd.mJÕ ÞM/»]|e)l8§vŒw!Ãê°VBB5œ˜¹v( *š»Ã† +Áû‘±‹Q[`;HìÏÑi#aÏFrðé8î’Êsxy^ü~m|—áÍW1 +™PÔ)/?{¥ž”UE{†Wº+ÎõšU\U;«x +Ì]‡€}3äIM[ +É0¢? +ÉÁ +óDÂDœ»ÀŒX +· ˜â.œžÉÜʔúŽ +MÛ»'Ž +ä¶zMz‘ +€VP +ç]ÅJ¶ +"B#ï_æš2S¶Š^røAÝ¡‰>pPÚY+«'W?q +šˆÃ!àTJæUQ”Q<¢/ÅP÷mNk‹£6ŽNÀbá|ã›ÏÓ + +vûõâ‘ÅM,Lʟna6%hIDg^“ qTbŒ}3ÿ0jAhŸ'뙩Š +:‚xBL,žücœ.ÄšÙKC'Ðÿ>ºòj«±zƒº*ì&z쮯lâ”·%VÂð·È⫕µý"K|’C• +‹4e¡V÷U=CÛdÕKÕ8~ð•fŽ«°Ç𡞌_h:îyh +ùàõ +#nI:ŽÛŠbe¡¯‹îí‘<ՕΥ~„ÕzØ'«œ%ðxÄç +œ`Ïc" +-䝞*%a + X¯ +~Ž8áCþÈŠ{êw¯G2*-\šD&%V^De]OÊç¡E²ñ•’}Ó*_'`Ò7Kø¡ßnËòç|—ÏÒ:`Þ¡3"ZmÇ;*'ç]—No»ÁŸ7îûì­Z¿hšË'G~—k +#í*ƀؑÀNœÉ=‹U­!5j[..G¿Œžï£Ão!+EÍû ÑñyçÕÇŠšœ(ÍzÉŽ«Ûù—/ +›A<Ñ_.T§{–¹æšÖ¯à®‘E•÷Ìôad˜ ‰ÕTŸIš~A\$ÿ°‘6S‹L™. +á0eft"±žžžŽÊ³èqBi +SŠ?q€Ãfãt•5$¥?ëÈC»çµ1‘ +÷Â"•µcϓ㢹 + x€ðñ—(‡«Ø@UØÖ®*•IŸÜ%a q +nîŸZvð­åÃú¬'ÉJÿêW +hŠžë) +sìÁ¹<ˆqŒ‘‡ +©©ûF!!øœåeÂËœ36æÇò¡¯Òy0ú۟‘Ô ªŠ‰Î„žt„’x²êj• +û»Ôí_?ÈÉ»¹ÓàÕFÈԙë;%PȗŒ?#C‹7-<Ä¿"®¢šÜ§¶·ZÚÌJ>iT +‰¹4ú=÷8ùÚ?\ÕÄ5ˆcwÙy€|ÊXgˆ +Ê5&õP3Žõ6ÃÑÖmAØjª%£®2û†›»²•–€ +•ZnQMC™5ê–Ñä‡Hš©z7¶ +ÚX!ˆâO+~öíBAÉcÐÆÐæQáý8 +bƟX#4Ö×Ï 2 +*Gµ˜ˆ{{ƒ‹' +&»„—–«ú K7 +ÈvºÑ.7»ÊŸŽ +üŽ ³'єљš}X§ßŽïåsØëX ·š@œ~KSÕyn‘²ã_Ÿ) â2,@``Ç;vµe +9š—:Ô!v>N— +I|­]Â:;OfVøó32¿» ž›:šÔ«/uzZ¿’ï{0—?Y¿kE+ü|‹ +őذOo +ÿ딳tý +×± IFÓT÷üŽý‰ +éµ^šOó}ŠÝì +d‰ ++]Œ_Çæqø"VˆÜËŠ«{|¶ù:w¡ßðÿ + ôöœ‰ŽœxÝê3†Ös'ÍH{—0Œ  +xh(tM§äWøGŒúqGc«öi['GØõT¡x§¹FgÚÇ,H[¹óã‡pSj·z›–bò†íÿ&4[]K¹ê2G¯¥$v;MZª·~3ºaŸ%ÇIY,<ßNÒ= +"êtšÏ±sëlW +ƒå +èŽÊ˜§Þrttÿ’y—ò§àßÎBñˆ‚¬ØpË!jqÃ|Õ=–©yŸ¡Ó +AfŸ¿ê€è +{ŽzRŠåZ’UÅ¢Ö%>Ç$ã +ï0­á` +ÓrÁÖ +îoòŒWÈçÜڀK+ä°Ë[‰þs©Î0!\@D}Z[šÐµCŒ +(Ûæk%¹4i„šÙj4IwžVSžƒMFCLI†ÑœÏ¥ë(ó<-8 €2!œb˞·Žpìk_A,Õí1®È_çoÅ·ŒÌŸ¯¥/z=§4^ÈúˆD‡áH‰R-‹7®5¯º'ÃBõo›Y=†ƒ`˜±d’ü\w=àÓ،ù&/"ôœ€zÎÄê؋.`>ráÅÛT¢ `£ +}$7€|® p®‚âtQBÎûœ¥v9ƒiŽž¶7ÏÅ:\T¯ +ùùTZ]¶äWÇ[ÔÛ¶.C³V¬'g Ö~+m¿‹NDèÞ²–j¹gc™;íE¬ +ÓM¡±œcêfÜ)€Î + +ÚÕËö’CH§TÃÜ*£¥ÝLp{ +€èÜS"l:cوŸ¬š±àâû®éœvÕX °8\1‰ý֋C4èß i?xéí눌æñmöö!g¹Œwî +À.’# +:E·þ‹€–,#)‘â`rc~ñÆs}€¹˜˜6)Ÿš0ZMžåÁœÅ§·æE;r¶ºRD²ºÞßk°cõ5¯6Ÿœà +ô³“םzn@÷öš\ՏG,p^°ÜÁ‚ƒî!Í&Á}Mùßß,«Ôi¥a“ø¶¹œœ3z¡ŸÍ’‡‘¥Þُ‡ÏŽ#" +8xbJ_S‰‹ õŒÉS ÏÃápÔÍ~šÙ§#bïgšg£ÞžôTÖ³5)›Üt:Ÿà[+u$ôŒÚ’&85F;G‚ +ý¢ÁùœžœNªÅnÌÖߞ +˜žy¹ÂãâÞòãNçŽoBËDþÙ9® ‚ï†@£•Þ ±•Ú€mØSnèV—_Ëø¬ÆÃÛ'5X5Òžæ±®e•î +”TÈ +É̒€°G"× +í·Gw@žÑ>ôç +ÎØø#s­ÌÓî‘ÖÓaÞVWH–/p9ÈYƒ + ÂêäÓ8 +«‚)K:౬ÜwŽ¡ú +Ä<ŸÈpƒ2€6ô’³Ip,7V +„Uœ(‹NfÄï9–e4)2>Á;}z!‡aOâ“ÝâÏÊÃÕ11ÂÖÆ^†J!ùŠv€†3‚ߟsŠÂÒÇ*Œ“K6^YsDÉû'?/9w_ǂëqò`Ÿ˜Á +iz^Ÿ¡‡øäžîä + + +Ås‡ÇÁÎKÊEÅgŸÔ?e@Êô ó«^:uUv*j-»àS\âç‰ÛŽùö€‹ +yËY#b–¶"ô\º:vÂP{üÆHÇŒ°D1‹-·~BîÛÞÚ­3mÄ<:[éŸRÞ£Ÿš.Jùü-n"¡&ŽC˜”,Y9†n„!lŠ8 + „ê“îM÷N™¯(ûµô +GLß +'2X‡3s'݃ÞDnº,$hk̺ÜEiÈäÛ/ ?Öɕxå£~äE]dá,ØþšOÆ#&ôëÏü.`χ©lž•nµ]àҒÞ"ÙX¿ê¬}Pz‹‹ŠØ2òœ<[Þχ²%: +ú—Wô«ó¡ÉÓàuÖ'ŠŽÝ +ù2ì;n"ƒe«ê£Ž +µÊEU/ˆÆÑÃê-*¯3ûŸž +»"ô-7*^Å;ˆbÛãŠ7É;^ +€ZaM„¯óNÚ ƒlª0°ðvNy +ùïAÖÖŽG7fˆ¥ŒyÑ8§¥gkGÄ·­µ”¹òzšZÙÍsqöGÕ×7'ÎfŒ©™® +›×Ü®iÓ +x¡ +˜:MK +ð€xáÑ&$”=<² µ;Ì¿&-²ú£ +á~ +ÞÑÊpfü +1Ÿ€ÿâ<ïßÕ%št +W„ÝFÎôgÖª·íïÍ3<Á¯ÍóËDź[>‘ϱҠL`Dªø®îÀåj4åR» e@¬ÓÐí¢& +>ų’‚š0š¹>א«§0óÅÓ%ø +‚‰ +endstream +endobj +6487 0 obj << +/Type /FontDescriptor +/FontName /XMKFCU+NimbusRomNo9L-Medi +/Flags 4 +/FontBBox [-168 -341 1000 960] +/Ascent 690 +/CapHeight 690 +/Descent -209 +/ItalicAngle 0 +/StemV 140 +/XHeight 461 +/CharSet (/A/B/C/D/E/F/G/H/I/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/a/ampersand/at/b/backslash/bar/bracketleft/bracketright/c/colon/comma/d/dollar/e/eight/emdash/equal/exclam/f/fi/five/four/g/greater/h/hyphen/i/j/k/l/m/n/nine/numbersign/o/one/p/parenleft/parenright/period/plus/q/quotedbl/quoteright/r/s/semicolon/seven/six/slash/t/three/two/u/underscore/v/w/x/y/z/zero) +/FontFile 6486 0 R +>> endobj +6488 0 obj << +/Length1 1630 +/Length2 21012 +/Length3 0 +/Length 21855 +/Filter /FlateDecode +>> +stream +xÚ¬ºStfm·&œ€‚Šm=±m£b›ÛzbÛ¶*¶m»bÛ6*æ_ï÷õîÝcÿÝ'Ýû`±î‰kâš÷ +ë`‘)(Ó ÛšˆÙÙé˜è¹r6†ÎNJv6rv\2tJ&f΀¿r62²Ž&@ +;[  7@ÝÄ bb`f0qqqÁ~ØÙ»;Z˜™”ªJêT44Žÿ)ùÇ`èþš¿žNf¶ò¿/.&Övö6&¶À¿ÿ׎Ê&& ¹ ÀÔÂÚðC^ASRN +@).§ +7±5q4°(8Z[d,ŒLlLšŠvŽëFv¶Æÿ”æDÿKÈ `p²71²øëfâfdbÿŠ`oâhcáäô÷ +`á0s4°þíÐ`akdílüOåŠvÿJÈÞÑî¯ +Í_Ý_0;' “‘£ +=ð7ª‚ˆØ¿óšÿ‰ídñW +°3ýkilgäüOIÿÒý +ù«XØ:€&nÀbšŒ-œì­ +ÜÿÆþ +fïhñ¯4œ,lÍþ3Z€£‰™£±µ‰“Ó_˜¿Øÿtç?ëü/ÕØÛ[»ÿËÛî_Vÿ3 + “‰µ)= +óߘFÀ¿±Í,laþ™I[S;ã¿åÆÎöÿ¡s1qüWƒ(ÿ™ª¿IÛÙZ»ŒMLaäì€C(ÿïXŠÿï#ù¿âÿ‚ÿ[èý#÷¿rô¿\âÿ×ûü_¡Åœ­­å +lþÀ¿w +àï’1°üÝ3À?‹ÆÚÀñÿçc`caíþòú¯Öê&ÿN÷ÿ& 4øÛ![³¿Ô0Ò3þ[há$fáfb¬`42˜Xÿíٿ䪶Æ&ŽÖ¶&¹ýW[tLŒŒÿE§bnadeû lÿV™Øÿ× +þÒõ¯üD5d¥5diþ7 +ö_† +šânÿ7·ÿQ¬ñÿ<ü#,lçð€cbçÐ1s2ýœâbfõþ߄üÓže +€Žní¿u32ý«úÿñüçIç¿ÀˆÚÙÿ3:Ê@[ã¿Óö?ÿšœ + +ÿ’ü¯ð·êÿ8ÿkîMLÜLŒ`V—ìŒx‚,Ó2Ӂµ˜9Ã"ÚýœL߆ƒíKT +óýªíz|ÓÂvž*ôßk‚駞?ÛÜÏì?€šG{1¬)zRL®òðŒIšúò‘7É;8htKàÓÏÕ£<¯d¶ÁµØÕw'•t‹ß!ñ§:X +¿_?Qù‘žäû¡‘>Ú#ø¥ÖÇ¢w"5‚ Ôœ“'ž<=R +Ž +õÜBô +àÒüŠ +&ãq‡'ôsø ++ ¥ZáƒN-x'” yw0` ù|(­LjŸoaR"æ†SÛòXp¢øô»0c»ïPŒaîÂ@aÃ[‰Qá-P¢È *šž‚èú¹È~œE +š` +–ޛªÜ¿ +[û;yÃæ°uˆÔ™6PŸÀ'ÇiÛx£µÂaSÖ +~ÇpÖ%Mn’‚h×ÔɜƒÂ؏rž”u˂œç +ôØ3B²ÀX9Õ#«×– +®©åq¯hÓYSŒ*LÒ@ƧFcéýaèó"Ï,ÿIœš'oS_Ü ÷]0‚õ"ŠRÀ€¹šŸŸŒ4Äçt.Îü™à‡ãœ8ìUãR÷•ì‹Z÷\‹oP +²'qý›óç%Œ. :¬“³Ÿ"2ëív‘1šùžï»Áo˜üE&ÏQÞÝ +uЙ{Ÿk"Ÿ€’—`$ºKŠ•“Zè§k›6ÜøãÈ×ã.󀆍Œ¯­ñrÙÑ +7RM>ò +} +Åüje²eöÓ_ ]ã[ê9 WÄÒfêWÆ%*ª +Š:÷Ô2Çm™Ž—ìbߣP_–óŸ<²õž*p™¹ßâe‚D±äƒóI4ã†Õ2× ëA›i«f2҂œÀÓ8eõ~ ‘ôÈŸô„ÓkN”ôë#·î4ÏeõçŒP$| +/®ÄŒÄf·§À¥(Ëpe©„èV„ æï, +J«òW¢uÝ큲â _oGo?Lº:©L:è­­îœß4Ö +ŽVRªWG~˜ª˒Ÿp©ˆ†þàøŠå +êÇ%þkhÉ-(cžè”Mé'ӍšôC +ec¬]HªÃ‰æ­šÄ +ôA}«èÔ±ý;gÁÈعs¹|nU×WO +ò€Ÿšü¬X_˜~UÈõÂ^™¹u†.²\òáh†ÎéPxÏa%žßô«’ÉÜݵ#¯w PíÞ‰¥ÀÊõø +=±,žpìen +šŒ‰:§}s˜qh°B~äxƒŽ.‹Û|Û0D +:xMÌÓ_ +  +Bü€å§1 +A©GÕ²©Í' +xI§‹Áã4s©'•ï¶ÓtÄþUAV^ÖMA]Á€vŽªùN~²õx˜iâS0Þ·™Aø}Št‚8ç9êŠ+„ LV +£AÌa㒀UÉuúÇÛĺ>1¶þ + œØ–†ÆsCýq¶°3€zªoå&ýaÉ3| +sœ˜;WwéÝ +äM÷÷@§°¢ýEÛQJÿÖË>?,ëÓ'²€b‹·ùZŒ›€]Óœ‰ + +ú:0šºŽŸ‚í’:' +Žj–¬€è̈́+«suìQìíΡŸîÂ/¶W¥œé·ß‚~nß¢ÍφU˜“ +l‰É¹ºãJŠâõ‚“3Á˜Íp`¶ëÂùžÝҙNÔÔIŠêD‰å)ßxz˜Ï æ‘ +Ö>fÁÆêßMwe ”GÞ,ÛLùAv«Ðî +Ä1ԘC³šoš‹˜>(—·Ìˆš¶ +2 +‰TU +f/4w!©\1p€‡ÌßÙ-í +í-4¡%Í=òç3LÌ/P?)*P)ÛAß6âÅPÉ +QŠÑˆþ@gMºgÑB'% +Þ8°Ø€ý„c‡eÐÒpýi~¡×DÞÜnÀÇ,%œŠ. +_K¶ñY 7@w‚¯a Ój1 +“ýØ3ae’¯¬±Ê‡#‰£t¿:o†>8@ǘ¢mDê3dڣΚy4^¶88øÙáÜÂJ¹²ïÜ]žÑ‚S±?þ©Åâ_Nª/þ›ê·•ÃÙ™ŒsÀ< +¯Cӑè(}ú¹^pæÉZÙOuݵšŽ”¥>h¿Üì¿ûG&ÂYŽ©k8 +·<غÕÜ\©ÿ6Œ>h[‹®¹ +‰ +ž'†ÏPmÒŒ’˜_ ™ÒÛâ@¢ÀÿkÐo†VäÍ +Wõ»`׋ + +± ÒùsºÈaJÐ9=­¿ +=±éÛt4Ÿ +숀.±gV=ž_ÈJ7Ú*ÙiþÉŸb +44nÜŽÃ-üE•·b¬6)«_~æ™n¹£Š?sµØÉ1|`â +cy-›a*¡ +uffB''Ÿ7ȄêY]ðőjülsç/w‘H‚û¡ +üï +,tqÍÜ.§õÊXV‹ižjøȊ ÅïijZZ7<¹YÛÅVŠp÷”1ÙîäÇ©dŠšµ_Æ +:qÐqã1Xþ°ã ñ‡÷Ï«ë8w¹F]«, +ÒëöžmÒòs¢ö‚ÕÀÖU҃/ºëZåŒ_Ú²2zäí†1`õ&r!¿ +S3ÆO~;&¯;Ãð + +9‰ÁJ‚§] `ùŸÏá559ÌáRNÀà~ÓíNœ³‚ÕÀ̜£ +SžàNõS,Ry-õ +3 +5¢ú'C&$Ž=S£ +S}x¯^¶#›b#t=p˜ + +À¯2ôœSd҄pÕ{aљ‹ÎÃœUuQcnâÎÛÎE•^ùLð1fJWÜ뛎UŸ3&R  +ì|òú°é²š¢j¡ àÊQpî}1â[e„­±7Ô2®ï,<:Ú£" +Î.Öo*P‚)g˜°Š&Ȉóž`œŽz>žKŠËQÆC{frâ¿gÏ1XŸ³"|$ÏÐòãbÎ<á¹tѓø`â +÷zÆðã +F +ý-5oˆY8HÖÝúûCÍtœÐé÷‡YRÎ +¿@©ùsì üˆ +9›µqÈ-²9ª<]ù2¶‚X¡Úž‰žbžÄÁœ,;î/ú}ÎÙU +vdaUY4{ž4„kä0,ŒšA%JÈ ·h©ŒîþÔ; +“ÓM&W†€D—ü3ds)±Õ¶ +³Ÿ^àLœœÎAxxKÙ +Øë0‡,5$#ÚÎp2ËMæԑðÃ8wO-ë1ö)FŠ²rum«b€Ó +ƒÅ +X™ÎÔÝÛNᇓ ŽÀœ|Ûa{g +š‡Z6ds©ž-å&>–Ø™³–®ºÒÕcUâ4c*º—0EŸº-Ý%Ïx 2æ€ô +ôe֌óLŽØšvor'Œ‘-gþT€)›ƒŒµv5Úr +àÍ×?d“Õ¢(ým‹ž,%ýóëlÛrŠ=Ž +²7ôËdÊZÀ¶§|¢[e-L:ô²éR‡Sèâ)†à Št[~!ç­ÜŽ›,_Æ.¶Ï˜•›ýMžø‡žF¡ +#눰¹ +ÑŸ:W”îÒc­äǟ +s{3ÅÕkb€#¿Æ•âµ +çÈåWï2sHðÞàÙSdÚܘpâŒËQåû®ß +OŸ~ssn* ôR±ö]Ár +}ág\ÐVjç©8埞¿M +8JÌ +ÆóߟŠjöO£UãÖù:E^®Á±ï1†„GÖkӟa÷•èsŠ8&ò—ôG2©aw!Eº/â«ì  +cèÁ+òÔ +f +Yœô‚üp +åomԊÕ^‰ê¿Ã§Ó$µw³ú\€ŒD­W7œp'™Ÿ‚Ÿ§}Ï#œ œ’™ŠBµ·Ï‹ +˜tòK’ìܪ­$Ýxdw_°,m(,šYMv0ŞdÜ.)[2ç×òø¶ÙèÆòñÎvwþ³e,^5%¿†ë$ãßÞ +ËÞhfš¶‹|)ѧõÚÏòŒ86¢¥†Ð&jÆÊú¬xiHwìŒënžã™Ö=žªô¹„ô:—EE"¬Œ@&fuÃßXæhO8åß[‰YÍ;sqW#.Œ* +6!‡:ÖBˆ=ÞûžÜ­ôBÃÅúØzJŽÒÖqÕ9Sí«IÒì^/{LE¶5ò•ú3F‰î5€Sš6kÊòÊ +g}ûŽ51œyFGÒ%}PÜ/ÜøKmþ@Mª4EÑðw|8 g)¥¿§ØÞ +·Gæ>bá6^wÄŠˆ+ú‹ä0Œ“é’xÔŠ^ƒ~oè£]ƒÄ +EšlûJÞ®À"nßI¶Þ› +ÏIJ%K09õ³¶GÒQÒ|#ÐÉ7ӕC– +¡· + F*›7®›DÝ(˜neMA¿XÖ +5­GG!ÑXLxgŸé’ ?` t;C7 +L&/r ûŽ™ºÌƒo˜W>¿XæÌóy'àÉo£=5hT. g”{ÂÏoŽ”‰E˜«ë㑌•T3èœ?ÕN).cx†Œ +çÁ³­ +X-måU§Þ&î®fš%IÅƲC»6ò=8 +©ûŒ•Ç]a÷vY0ëN +H*ÅŽN ù}uÅAžëÃeE15t£*îŠá;² +1ù³ôz{”–AœY—»96eÿx’ÇF<ð‡‚Z +H²£1[·ypEÐm÷Wï3iô€Š,k=^ڑ÷!¬¹ËÀÒÂÂo¯6Pþngi$Ùé^‡ +€ÉÕ4]lÚm¹°Pkº +ã_$5%0MÎèO<ƒÐ[ý+чv;g=ŽSÞž£ÇB·¶–î"HáMoÀ« ŠðT šÕÌ×ifâîfZ +*Ízw-Q>?rXv +¿p:ÚӃs¢‘fî„Éa:oR +ƒË“Žu£Í + +/ì Œè݈X‰‹Àïm#ê'~wªÿœV;°Æ¥øšf +ã©6ÞÊÖ«äutº~»" +’/ÉUC‡ôä­i§¶ûtP!“„ +Ær“Ìō¥­ÄÞ +–‰P?ªÚcs„ʃܑˆþdÚW¯ÓÐíµl†í“Ûk ȋð‰'¥›Uu»£=’F.±8öF• õkW +6¿2j +#X‰*Ñ`‰šŠ¿wMâ*ivj›€ŽªãGˆTS‹}žLZ!s +KŸ{Zœ<µÂu"ˆ2OÑtœLК²Áà +¯ì£Úåš] ++bJæ=1ci6Qˆ·äŠX”ãÞÈ:™µÛñçHõ{ýgðÓp +Ö2œü„ºšñãMÆoÏ»ð TÏ܇  +­Çl5ÁŽƒX̊oäÔ`]1;®gËÕ +5 ށR¿¡ÞŸªÝÉË;(’Ý·Í„ +9&Ÿ5c›œ)]ÑDjË6uAŽ¶^y+%îž×`8Êíæ#_f~còš‰³@­º/Ç(K^z¢í°_¢ECŠ±‘ßå‰'-­ß ¬oîÁJxhÁ4Ùè¿lÌaCœöÁd8™ûBþ,”¹|³—éݬÿY RÝ8­OhךŠÎU‘BÛ¶kI +’M¬¯Š¬Û­5 +âÖ$gˍÄCÿÛÂhãå% ÄC}Aî¡G ˆŽ« XÒè·3úIT¡%K$n>Œáª=a`Ήž‘¯œÊû +Ih[­»à÷f³NJÆm˜×’ÖS„ +i +ÖbCÌÒü†ì.aš2Î=:ݬ œfº~ + +}4à +ž!ùž¬[hŠ˜ +S + ~Õgã +˜¶È¯Td.S®9èÕ‹]ZŽ’oQªÉ ìßpƒ- +‡ +Gú³ +†ŒæªxúD.kk|[«‚tÉJÑá +.Â×~ŽØ¶Û×'ã`w.&B +.^pCŒÌ†ÀŸ[’+œÑÀ>Ü(OåJ%g/’ÜŒvãޙËÒÜÅ|îáŠÁÐÆÁjmt¶^ÁMæê«*àªAõ‚ ++ý ˜TĆ] +ÂüÏÌTþ²ŠYäÕ³i†"ib^yÁ>®Šp +¡‘ÅveΞE¿ž3G/Õ™^"/÷ÐÐ0|š©OÐd¬‰Í’*GF=ȲPÌÉR8òš!^·¹ŠÅî +1' +kªËÍñžð­Ÿý›Í)ó-[À ŒÏTã|uÕCæ‹ ÇO +“Ž(h9¥wOŽÉË¡ÅÁ +ô°Õ·8ò?öÔ= +‚Aà¡Ÿ¿ÇG+±Ã­D]Îzµ,‘¡ÿ<·`ʏ#k”}gw{ýæ xK‘œñ•g˜ÛÚQ!0ÿŸ”E¯Œ±Œ8MŠæÞfŠûCh,ãkR°õÚî;wQë§ÅÈõa‘Îüž<4 nMžÚ‰Ë.5ŒZ + +B»’õ­áh.Àk¥l¯ß¯+öŸ +ÎB• 7C6!~‘ÛHßRÅ+Nd§9˜sÝ¥€ê³EIjZ­Q>8Ó<íýuŠÕ?ì¶ÿÊ8ù®Õªºh³Â!ŸjQÜ䜷uX^Þø„±qŸƒX «JL%³!$f–3áñ¥}g8UûÓ'\ëX9,^YßôYÈîa_ýu‚u©9¢›¡~H° +§'nΌÐ$NQ;er¶‹5¥]·\f’w/曁î†NYXhý@v«Œìqp–wARå`ª1ÁJU„·a¥^ŒÕ„ë§ñ¢? +Gž:\œ6I‹x=ûŸ;}KÇƒÐ?‹\óãÔÒS&ŒózUcAÁ‹Û»K +jˆ +o“j:ìcSÐØÉóA’ž&W5,PÁT$ÂÔÒþnQLG4¹Ò5ÓYŒx +ÄÃ@˜p. òŽ– +É£ˆOžªêI§¬,a +èq +ÆÆnJdí’wÍ&!EÞ¥ïß²îaµãJ»PŒüì.ØÊ +‘& „l§ ñ>:™ñþ0ˬŧZWŽÎ­VŽµñªÿd(Žß +@gBc +Â?Áò,™þ)­ªµ +ñƒê’øô3ÈAy÷›l7|näš@™Á¯úê˜ +ÎQÄuÎܞ#è%„ +"I8ÆùE†œã+ +T&O&çÌ^B¹Fï=Ri| fs°P¶‡°ÝÙÊmO#SÌ (õ8ziÄZW¿{~ŽbýyU¹ÜŒÌ«[Ú{a×¥Q`«GÝlä&ÏÒJåcäë1Ðø]ñÎõI$bNàµÄa5â\†ñ +¯®õåÁ-ƒzQŒMŽË +dôšäl‚CP%&'?Æ\·E!oh-1} +õŸ:SºØ;–Î¥-1³CøæõUCé$ؗٳÊ +þ÷‹³àí­JñÅ +Ç1x}ÂÐñ4í|Ì{(çeÆ,ä$Þ¹ˆëVßTÎ\õŽR®A*ügµˆ‘§%,žQH?!òÝñõ6(}ñ“€?± D—4BŸîé›]¯°N,‡Ìá8º>âSa†x'UÅ(‹1g—”hË臒º‡då:—LGŸuÔjNpS +V +ŒB—'žîA»ã9D¹ZJ.øŸ‹Ìӟ2hXp^~i¹"Œð¯Uñ§ÎÐõqŠ5Èt-PmkwºŽË!ú‹‹úX“·¿Ýœpèl_Èö}äŽ}Ì}Ð2 M%'zô6MiÂß¿Ú.܏-=À² +Òçf +\Ÿóù殟zX۔} +óÜÅ!‹Gät +{æ3^y†;F%¢èÓ­±å +iÎþ1UObV]b€ +úŒ0/=’MBÈ^ûÓ¿Ùg7Ë4ò,ÿåÍäb¢J +#Փ~„ôÝR†KÈÝpg +º8ã" + +3Á4QÛDPÃ'J +1àn7×ÒŒ£ +žï»3 +& Ÿûa`qøÚβ +ãtg¿É· +Æø +[U5¹uü"’®Œ–Ã,-« +ܟ[ØÓúûa"F#ÄÝ­ +5bŒ§ßz¯ÜÝ®=-îAËXBßOQsk7 +šÖ ÐÃþ + +o3ä~»1'ðŠæí€ëaôŠ¯Žõ¹€‹q†x±2Wµ®r–ñÌàêiÊÖ§?³¿äÛs÷ +ŸŸ,[" +>ä'We6uX +^çRü¯ +˜zÔÜ8Î×áùQ +IÇý!sI Ä¢ÏÖIfw.?ʵfþ§“ÝíàbD +,ßØì>©VÒ1/^û»N\éÝú–[‚{‹ªkOFiÅAà +^k„@ŒŒùq¿¡™×šl_yR +ú҄áO^>œþ1‡–î +­Š@çÆߧŠxÙL’éÐ<ÔàgxÍc7>SoÅè;$㈎ÍWsLULu÷3ü~>j}»Š\!WKºü +t³x(È$NÒbPÅêˆÊ²ç#Ôœ6 +D’/×-‰e˜ +Íà„-Ư­OåZz*Ê\Š¢òÇ5ùY›×)§Šåe­W +/X]šTÀaÐæW*qü ŽwÿŒÝ"tMÅ>qùÆa€1,ÖöÀ<,±ëLŒ×H©çmë +(T#ïu +&rvÈÏ!î³=BÁÊZÁ“Ì$Êl/˜Á‰ò£ÛŠrx(µÂŠŽÆÔÉ×!XXRœ¿Æ3_Unlqr]ÌŒÀdaùŽ±[ª )fKŸ•—ÝhS»€OåËQñÇ©c?ßE8ÖÈóӞ±ï›ø7+‘;ƒÛ +†fÊ <á7Jic@“€ù +ÃÝúZï¿Ä]3TI +Aæy­L²˜îŸ¶Æ«wŸù¶°ž|•×Ñ`Økï[ÏÇë›ç•{h‹‘ˆœš·ÛEé@ ­Ÿ– + +í†6±²ߥ +/Í®åV‹ÚbƒG—ù$AYZØ©Û\ +‚§F òÏ×ÿ0té÷F†€a—S +=ý2 +€9áê{™‡ùÚ +øœÅšt + +Ž©zlÝë5Î-ef@«íî³ùnTùs¡cgpÀÄY"ZLc +ôœ¶<)`R›}Æ-ïpKÍËŽø~íá*Ò,ëYnO Î<¬V[Æ/ð¶\_ŒƒøöÚÖájz/bŸ! +GŸ9WØ=9Õ,š\C&-†ÎgÕF +«‚K·ög>º»šçrB21ŠÍ?¬`pãꕐ1XóɁvš2{ž`áêÍ?èV% +qå&5W sYZ|÷Å£øæO”v‹øO3CñEÏ:ùG—[ +im5©~«×ìà±qpŽ×·m±³iàfŠ|×Z}ìr£tæý.í¬6Oߒmøœqðð™»Uœ¯U™ +“@&uˬó¢ä=‰šòujÆO£qÛCžN„•hÆÕ¢ÔyœïI—0âu:  +F¥£ÒÜi6\¶&Œõ§í(žMŠŽe¥7CFm£æÆÒÑ ²ÍåŽÐðkDGËnØÔQ6²b\'ŒñIã.ï:bèR6ƒkí +¶GþdýbŠÕõŠ46B:£×³üX‚Â%:2•ÃÛä”5žBàDܐšW\€QH:[’å„5ÇÚ­+<Íªڲ±•Ùݺ«Ž%—Œ=,ÏUh”Èa¡›çÁ*ۙ·äRQ„¢ +HMuÔ +–ó—ËÆtïÁÖÂGÊUJaðÃ:†§ +žuRV÷ÂñcàmU +®‘ÍÝ'T‚7ڍ"ž“·t6Ѫº +:ªnV“a°õŒ?˜¡‡<ÅZìcƒuʬ›NwÉMÓWE‹‘KÎX£F­úÍ}ÑG-ÔA£ +£I¥›Ëâ‰{—«fðüîê;h +ÌkiaßӖ”“’¢G؁„¿ÀD>¡M +nB‡––gˆGÈ +§Š9Šé¶êN—íÓô‡˜ˆ:é¥ +óW’‹ªDâSª?£@Ý~lq‚³ó„á + Èÿ °™ÊðA |IwÒ€u];ðlœÓîìѯ¹Ì° +Ëì²Qu‚÷ºm÷Dò€L›ÒÊ¡¢/<Ÿ)c„/äêyýŒ.BÎnÛ/&2Í¢b pà€ +fMŸd[ž%öÐÓ +XO àÅp’±‡QE#’À61ë‡ó¹è »Žez0ÊØ$]€ž:“C–k^/ãW2|KŠ:}ŒéڃçdÄÂå¬àŠ×“Ǻˆ&¶—&=U+‰›Ž?)^bqWV÷òµ¬Ú€ÒÎÌ"Ç ‹v's\Ö>»d̖VtEãu + +g)÷§ñZ¬„è&6Kj1 WeÔ­9ëÒ>ßóh}"P“ 9]`¥îW£‹±!q6žV0Ÿu‚\²Tz2–H-«3ÕYÀÀ)XU;NÁ)7;¶ +ä +îSç·NS,1Œ +,‹Iö$32ûß3q•éL=¡$ùZšoæB„_ + +1ãwF&Õ¬Pt,>¹Ø6/tÒ>æÔN44TÜRý+ aümMªø‹#åîØlœæ^ K5זü–$E=«Ñsâýt”ÞlŠ‹f*œ^ÉJ1ÕxÆ.Ã󌣶N[í8ãb„í Ð1¯F’ðÚ׉¹øé1—h‹}9fP]‡òv2¯µÝµEÄT±YwtW:Vjë8§ + +)GBE4è/â +ñx€äœÆè +­‰P,ÚõÂøDëLýŸkr-™®-Š%Ù•ÙÕ5 + XRßÏ17É¶#Ô§î—óÿºIÔ^pO㜭ˆŒì³Sª9ü<j•€Ÿ +ýˆEdG, T€@Ÿ_î%ƒ7‰2âÛC’ž7³ÄrÞ¶Œ0žy÷"ÛԚžG• Üd8Ö%'cR¿Å·¥â̶ä+„tžD¥ÉkpŠ’5$L‡rÂQà|%ñ¶ØÚfÝoñkçŸÙ£†)AÀÝJcõÚTõc±h7šl†1ÊãáÍ"þv4NŠÿŠSÇûN;ŠAŽ&gÕªžcE`sßHíä +SŒ÷M¹øørc«Iv÷ +Ižôô1ŸÛ?Ÿím ."žžVÇß°c›ÛŒœù}JU.m›P4p‡_ÔØ" +ꙧ·4Y~èr$<–è1ޛñ•ýõ*í‘øš‰wô6Ó +Þu|;T+s.jPº\Š0ËÝ^ö>Ä@Sü³ëv»‘lqäúÛOdŠæ²üC6eYN'“ÏÇôÜ/ð‹HÌ. +·ïªÉ(°oÂØÃ5Ò ®¶Ï¥Dx.ΊÂ4w{¥‚Ýêê™kù ‹ƒ9ÄÑ +žÍï¯!NÂaò“–Ž¿et  +hºÉóWçG?ыt¡µÍ îòïrárðÚw­âw9ÒÚlŽŽ¬Ž¢ñ–'RÅ»’qT/&b#Þã™L+ôsq-œ¡>¡”g‚Ký•§Ç[šZ ž<÷š» V3Ó +„Ÿê7?¯9ÉpJÉò恚DŽžBžVŠ¯EÆkˆ÷1G‚4Œ9-Þ + +ŸçÌútùM¯apÊŸú»\¢\Ží²Èˆ÷ +«$}ÊO¥<}_G^³„·%FɈtž6ÉÎ÷ª†e[6r=št +v\eŸK‘Ç8%\¡‹öStÛÉŒ¶c^ +.uâS­©lÆ>»š?äž5bÅ¿R‰[Nesf†ÚNÿäÉgŸÃ«Z;m@q§`2Íc ƒìj­qð)°)õ¶Ø +«ë‡ +1NSµÕŽÒ6Hýڔ ”Jšñ.9¡Fy1N+|’ŠËͱ‚Þ +(Anù64Ï:ƒ‘ kb¯h«œPE`Ñÿ4Ýéýi³ŒüŒê@ÐöáÂÁú +üÎø1¬Ìð;Ô:žAœðíehΠp,mï3ŠÍ–bmlívþæH\ª“åIŠ¥ÈúãØˋ +²rþgJª¡÷ºïÅ}(=³ÒFªÃ²œnFsHÀ‡õÅñÁæUW«„.×DÚø +Üž}~ÁôÚÂV¹³[-ì7Á{šJ`’I2rÚÜÍSº†R¬†‹Šên^ªç/؈ØÚN®Ç.UáÇï +?.¥³@E”ˆ¹ô"€'ÎãZ›œ+L%„i3ÇÃcoÛùdF±ôM“åb€åÄýšýƒ >­Û=ÏK5¥Ž Å5âÆÈ +Ç]Cê:tȪc°qúš‚¯ÖªÅ~q0šîeyÖ×çqƒM]Øyš<ŸŒÏ + ð‡,x:Ânwv“‹”qœ3=°Š¥%|­úXè\9†{d?’ +×׊ê÷b'w# +[šáFl·nºø¹‘ÛՆt$æÔp+ƒLëÜ2GÅ¥#'ÉE2¢9·Õ›ê +ÝŸ•McvåÅÑ÷ÜŽý+u0FÎÖ3$ŒwÉ +¬lKG-0ÎuIzœ‰ÿg˜%è8Æ-¡ašŒ^0FŸPö +Õܯ‘ž‚ê.R¶˜JKM©÷V.×ؙ]ºònàÈæÄiᜊR£ègY<Ädº„ŠÚ»“/™¡ŽòÆMÛ +§U4ÈÎòIÕ'†K©B±‚3Š<Ýì +tÂýzgþ0ï2,ÆÆ® +Jd¶¹ÿŸ§¯sóeL©c + +;]0%^_p›œ€ÝÕæð¹k¥_6Ÿéj5cДR²?jãçDf + +¬)«OfÚáù£Æìk\›™?E<ã6õ.n +—Þ”g#á‰Ñê¥ñŽí$tDÄmÛŠÿF§£.²ÖjÄÌ,IŽnZ³Rs1œ¥ôÉð®Þ +¬Ô‡Ð +×ñdâ¥_ôT¿˜cë“r +UÔ¢/Äå +hL:ºg0Ï.áà +Fí†ynð¹-‘Š>93qnPÏÇ¿š1}mƒe?‡Öo³åR=  +‰CóךÝÃsÁ& +}ZMºtõqÒ:žƒ +ïn{ó +Žqc3Á‰ôâ+/D \àO}¿GmÛÛܜžë +FÑÊýQø6›7€’±žõ÷ÞŒxÞ)[ÈyòÇü캃z=®Ï¬= +Sš%ÞûaŽA†évÔSšJ‘»É'ÉÜÜòƒlò +ÒI +U(1ðÕN¢ + +ÈëqÕ÷Q#æ1©X襛^Òå¿ójtÑÀŽDŠ­Á⎜u(è—×gW ·¥Ã +&–ywÑ~ßMšÄŽ6ø@jnÙ8í-V÷­B{ÉêÁ÷ +e'™ûôër€»p'³ +¿³}RòŸßJaÏc}ä'•œ/&æ×;²E3ÆÖ4Ñ#ўQ[ÒåVxÐG×!Ÿúªœ²|šH5"ÒÀºŒg‹XЛ +E +ÄÚ'qšž’p ݍ,{Šº +CZT1^b5?3,?H‘Œr\ŠÀœº²FÀê*1»Æ‡ +P5?«^z}MŒ.¹ÉFN&šÄ0«W†’à±ßboŸÝEŽnD’qæ怚‡ŸS5›d +öð­®ÛVEEñ+H#=s¬RûÛB:’€†xÿaÈ×ÉuàOž<=X@wœÖšŽo+öð +yê[þãÖL×È[ØÉ +bñxJºŒ}š>[v˜’íÒu𞪌["qÄçÜa¥\ +”Ü*² +Ý¡W‹áxœ/²dWLDÞl˜ +7 +ô¢2Î߄gÍçÛúqÎ8Ý|Š‚­ÖŸ +’ +ÈüèãºsEŸàÌÇHxi5í-ÊÎv²ÎÞY—† ãû&noX?°Ó£­‰ +‘È.ö>'ĺԐ_Yå’â“ø˜¡òÅÝ +Ž¥¡;ûF\Çú +„ +þ‰fQ2ºG®8ÈABd +Á©X4ûÒõú¬9€JRy»Ÿ4ç +’7¹š8â4VŒÜÆÀt—EIØ܈Ÿ{¹ò8a]“4iô# +;|Ñ6ªG>‡:jœ4QéÝ Oÿš^ì=.»/J# +]û†;èfCÚß>6“†Ó‹2«f2: +"žÙ»Ÿ’{Ê7ŠóÌûÅ#k¿'TghEt4Hˆ[xwL©ÚœwDÓÖ Ý»1÷#Q +ŒãŠeëA) + +ê{Ž“]q®=²hö€ãŽ‡ªpš=ã¯á}N.Hbê: +eæ[ˆð›¯ +|[ÅÏKŸ•xæ×dÝ›?$GÙõfÜßvY‘Èïn—«rïûÓæå9‘7µ¡Õ’R:z +¢TRSŸI¢z’5Vb€ü +ä÷ÄáŒ"9HÚ–šU¬âJ`·ÿü* +]Õ+€È:$™á +r`ºº]*퇭ÕHjêÙց‘Ø*/æëƒe£—žc'0í +¬/±Þ:šo§X—\®ýsP”Ìó5e¡àË$ÖO„ÒåÚ"Úv$Ð&õº¬ðx–ÙÈìð]fÅ%Oæü<Øm ü®«NªÑãš.#e‚ªœ#5U@¥šOÙùh3KŽâéÆ + +Šà§ÁMBBðF;!F/2s±tUðð +×sL肪Tø™AQçàp@ + H‰Ï0ŸFæ/œÐ®'¯ÏŠüÇŽ3÷+ÑÛŒÄáC" +E²Ãš†bVzß9~ÜÏ£èôo +ק y^Њd§K»‹Àþ÷øWœA.æWŽÆÜ +\ª_ +W\n=Ô Ž·éي› Ä'¡åº.eÄiWtwýe\‡ž;z›zƒ8ëÅòô¡£Ž‹>Õð§ò'_S5’¿šÙ‹Är£»MêÔ +*˜·Õ›‹'êhc<­¯êrA +³9“ŸÄ{ +ŸR”#Å)„EvpSßûÿ j4Dr·}OÈYSZ>x•‘döŠ©2C‹š)Èýà"0ˆ/Ñ+ß_zç7:žËùÄr»(( +M„ Á +õpŸ} +m²F/€ÆEDŽW`~4ËÃР+&Ç–C1W©ÄF/$×ã—ù–JËÄfB ƒ‘W P + +³B¡müdnïró1ŸZwŸ +ôΔÎ%BHÀ Ê'Ñ + +œ +Ꜫ.4׃¯`ÍåØr +íÍ ¿Áíf‹‚ ÆŽïUô€™Ä?“b­@4߈ßiX ËGm·ÈÏèùÐї™ÿÄÞGƒ/­®4;WÄmP¬ª¡ã³À{Š;O8nkpi{T +Øz˜@–îp!{¶ +ó|vµua}=ÎOÖÅÉþEW¬:úH +6ã,ûN²40ñÅþmÝàK˜ì¬óÔI/cÿ]¡™Dw7ø•§*D +× +ì +20dj~;±Û¯Û +diw;’)rˆŸÛgoº©_F g>;d-€ø ++62î:ûxvŸùP™·‡‚q~Þn$MÓ€JsŸç“°]yWsí8f^DZЍÂ"ÆhÚÎf<ð›æmeœ?˜7~ù†Ê"8  +÷þË +ï‚„© +ÓJm +áÉ3sìÁ +ÆhRSogµµ¶Ž +²ÍrqŸðï€[Xm¿ª?ã[ +\)‰ +P + +\Sé%`¯ÌV +¿ömæ›­NŸÂEòS ónDZžŸ ÔóŠ›éÚIÒöx£è·89†›ÖÅ×ÊÍ°úÞÊ9¢dLA@Ve +Éá¡C +Ü.åÇ×ÄH#©jL6q÷æLo ^$Ù‹°$6Y,›ÐD{U¯¢M»]VöŸ[à ÊÊ +ì–UJ,2¢¹+Ö +ö~HT[Øt +HÚ + +\‹y]@å-GVjªÚ6kͱµHtSæÞm*ó”Šóˆ‹ÇÍÍ+H2U‡ûGáNë–äŒ>‰q3†Q€€à£ +P–ZÕþMŸ&ü€ÍQØñ +Ž¡^'ÝÙk²‘“žXÞ»JU_fÒšgË3ÓØOÎjíßa8—AßtÝ€ô›ÕŠužŸ{ÑVEmo‚¯蠒í)îF;€²ðÖ¢9Ì; +V{£‚n˜ŒógwÍ +T|W†!—~Zð(Ð#!Áùuu«%F=†Ø=t•`~Møt8Ü/قÁ^MÇ3ÚaÏÙCq#wàã1zʺšxÍBÈø¡(XTiT§! ˜Xzšñ˜Ü”§€/Àí„só® +Žœ.Œëm“Äñ +š1Šq‚¹¬$pq¢Uâ4AÈ€Çbò/Ùî|eÆKB¬NpÊÓX6ÍåÌõ#U=`õ6;„äMäÿ.7JpòK8ͺy ×>tzŽ+¹Åñ ƒ(Œ²\·Åñ×ú!gµHK6–ª®;å­|¢5ñ¯ÄòG]iŸ +b:˜;Öݖ|æÆ:ýjã#æÍÒ\dLOŠ{Õ†hx–$AºF›Ž3 ý=ŠA¯ۋœ„s‰uLvwÏmtc~sÏåhŽ§Dj%v,ÃtÒï#'8"§GwªÎW‚œ‰2G|mÞöâ +ðšùM{«¬„_ÍŒ S7f|­YŽ©ëŠÃï³Õ<¡ +ëVžòr1ÏØf¢ürºMŠ$ +²¢IÝ(ù +4?íñžabÄÏ<¯‚ú³‚ž¢Ÿ6"Tàé‹fFzBð +b2 +|¢Ü³ +4FAõ|©Úûq«xã$#zÄåɟµøñKh<§B µñ+æ2FçË +úŒdñŠrXæ®ô²v‘‹ß›G;ùùMOƒ»L”y +ü£ÉãÖâ/x³ÒÏ:Ædëø•§žëÊU{ÕövUÐâo +ۊœÅ)ÞÔµ·‚›BÙgÜK6£ËýÓóŒ)û‚Óæ_oʏ€EÇz‡>/¢F +Ô×”UUš<™.)s#bÈ¿1â<2uNjYÜ$T9,xvcšó&Cæ‰ûõÅü‰lœî÷©”0ŠP^dx» Cq€¶4]÷äËŒñ“šý0V +k©5~-¶S)wÉGóŒ9Î +Úóü)isÑ$ÝßåVÕpåߙªš˜±:O# +|ƒ¥Š=‚~h£ßt3D•.ÀøµK™Hç MÇ}çowÿhU” +! +©ÝÀZge? ùö֍·æϱŠŽ!àÃÞžzÛuOlœãBM"âí+%ØÆUÄ íýø +,ù±ûñ);:£{$1)x¹ÿ;¡s w[õ +ê^|±äÖ&“¥(YJ#ÓG¿b +•×# +.Búd‚ª DŒ©ê*ÿi{Æ)"^Œ—¬ŸD—!û=v:°x\‡ö,NyèÏuíYÓíÏêßZVèBÆÃ뎝AüŽÄV`æî×غ¿#Í}å +m\~ 'Ò±›Œe(g¯T +¿œCZYkwúKâ〰cš_Úz‹rÝï҂+e~m*€Ž>JG€à£úKmSÎ +”„Êõëäæ\é%ˆãǵÓn#þÂùÃö¡¿ qè€L€pqÛø% +ÛÄ»CBo0ћNcº¶±W[ŽCi¥ +pâø¡n×zm)ËP¿'w[UYÛù Š~æÕE +Ä/±ŠôÁÚ؞Њ‰œÒƒ ®ÏÞ§/nÔ|u4R‹õq 8kô+”Tä*ÁµŠŒ–αâŽ9FŽš€oŸ;Ù +"º + +ë°šŽ +yCíê#?©ßfp×Äššnl‰’Àɖœï;^{ÂG™¹þŠ0™ÚŸß,ïÓB”úÕþçåíNW|-š!²7/3ft–èqúž +5ÔåxœÂ® +Àl-7ú<ÅRN¹Ù%ˆr€ˆAüsÛ=Œ"7/ÄÙµäÙ_K—$dâ EŒC3‘ +9èڎd +!‹˜ƒ÷#¡äø„ +\ãŸ/âÚÝð!j͗wöûšÕ#.­—_K «­ˆõ·õZY-˜òþÏ>b±tÅÓÀÁã,®2“ +m7Š åx}þ.J£ÆǺ +ÖY*Ä +Í֒Ë5TŠîÇιr›Ü4»Z³KoœBwsp¿ó²aef¶d7œ Ö# :Qhl^Ž¯ +:O£uw1äóׂšw œú­+X8¥—§,Øš”«ªlçé‡)ÛëÀ%G-$†"1áð >¥ßW<_Ž^&Sêyœú¿HJÀHr2«[B¹¶™„§í“Cç +t¯°3ŽWÁßÜJœnÐ! +Wþ_È¢È!Ç-µp«£ÃZÃ͹ +_æc2$PA`²ê|„@)’Óqèf>Vd9lRý41íÕÇS3šjǍlñë} _b4ŸÒ0{;‘šzÁ\9z{ +:ýˆœZ Œü’ÛºðÛn@àF®Â&,ë³€œw­úœÄ£ë4GCñ"ŽË¡VéŒ(_ +êƒomx]isÑAFþš-ŠH{']÷&\”„䂈b¹{%|«?C`z/èÏXiezô^ërñö»1u(ž±‡î\u®Å˜7_ú•‘ +J›€»ä$G£Qi&‡OD«‹qqÊËQIçì³mËCՒ3ì÷Á>̋EF4·µ@qݚÝfÓš<÷·..£˜({§T6ڋiRe¢ÅwÚ2¡3û9®S¯†LÅžVu\­ +IÜ4«:âa‹d¯>œ-Vø`‰bQuj>ÁÜ¡_®í“gbîëG +D/‹ÒÍPí-<°Hb́DßÔãԁ +>}dâ“RRçð;Á£BÖꄮЫ¡¡b¶2]~%ÐN +áÊ»nœÊw°C˜'œ~G¬Ã‹3Ù/ +,rTØSx%Ùd$Sû€샋w`ï >iüŽ2xtA¯ÓÀËO^‘3}¬¥›§­4Á + z§L/óýYcÍ7¿â™Ÿ£ÒY]:’ÓéÑìŒÜþcº8á4xyüŠ« +Q"!r³ÑæZ +&ý +»vαF)ñi[+D1ÿæa\.Ë×ßƄÕ/4 +ÁhHЮ]4ªi’{št„ÉñÊoÛ*ÂYùÎak +;÷¥Ô¶Yt¡²V§ÿõÝ^ðeN[ŒæÚYNœd£³ÿ¡>ÜAWhøóÇcÞä>poA¥ÙÍ!TÛM/a°“¹ï¯æÚF*Õ, +¶šü- 5w +x\ç£Á?è@€ñy)܈Am%á‚tî9Y'ÂqÁ‡L(ˆÅöÒ©ßB( +‡SŠµ:³·¹¯Mñƒ +^Y„*׳tŒjÇ +Ÿ3xßי! + +ù˜;ìmjþŒ|Æo +n>úI—ª™øfœnû]۹ꎐ±:àŠ€am‹j.v.ÒoŸ]sŒT(?—4Š€«üÆ°LÅ{> +׊UŸ– +ÜwŠÝ€üó »’(¥ +Z—<ÇìRì`‹ +‹4€ŠØ ô5'Í}Ö]ö·ï«x!=¶ Ý.Œÿ +5ç·ÃRë§ *÷Å«‹ +Ý^œaW„ü +sšÃÀò¬‰dzùCW9($õÕ3ŽL +hÔº@]mŸN†YçÑÕJè¶ó˜wg¥ÅôœWo{“. +œšù4•ÂŸð° +©'F Xöïqq~•TÃz¥^Š•~‰nµó +/n(?¬,7Ÿ#ËÕ +Õ 7Ž;FP›D¡ÄJ¥€ÉDE”wžî<$ÁÓAÝçÔš5«.ÎT•„y‚HWÀáŒÙù¡0ˆôqòYWCØOô0ɇ(ËX'Ëí?Œ7À + UIóDO.’ێœÄOáb]âޝ-û* +n(=)œ1¯RúLŒÞeNÝÝ3‰@æ>÷ÊQTº+Œæ_B–K*Çžà +5‰öÇÑ$aÌ_’#à—å7M§Â‰Ž£!ÕEÆ7/úU“P˜òWöy"WÝòŠj\òØþ+†FÆpfœß%ò˜T +1Cr»ØT" +¿%0ÙF#JÁæ +ܧ=Õ_TàÆ¢a3Ñ:‰=‰ œsœkÊå&nq댐?!ÜöL®8Ö*“ýÏ¥eñ3 +÷Ò:‹ziK>ø›°oèµÕ£6ñèކ‹åÔ`ß®œ»lj¬[AïÝc‡Ói·ÇŽdµÐà +ÚnÕ%B²mكŒ>øvwþãgÇâ \æ» Ÿm4Ô ÚbšÀ+JñCz™ÛR+rW–«ÝŸk:€‚4Ûù!òxlòüFî9i +Kêq`ß$©k›ß­ÖÄ2Q{)¶ ++å©V¢Ó}<±l*‰e«©úõIìW ’ò×FŒ<ÎƒðÄbnÞxÛ²‡y.Q +_C*ÓñT“­fÀãQº›Ír˜Ÿ»V°˜&qÄh>m𠖯 +ÏÇ'ÔÈԘ’.¥Çvù8UƒFq˜ +A\(Pßçy +eU­ç“ԁ`€K2x  +ÂÂCC8„àÊ®)QÕBa +”Ò`“ð'Üáã©#bڊ:ãOÊ +ß%0ò]v» +Ñ$ãRÉp]_²Á#m8ú6 TYênìKšt-s0˜JŒbXц랶ßD'ó•Ã`©-Ÿ»iîÅ$öd£<%¡ +ùña²’²Ë; +[Á,¥•V2ETÍòZfKêÉA³ó5oL‚îš\+—ì7,kŠÌù•Žs—Êת_7é +ÐkÎd–ø\_ +! +Æ0ßòutìÄ2ö°Çù“añ6(~ÐjŽcø@é”Åf4ì!JÄE¥sùtJqŸÝ¯¯?Â}·Ó•d#Q†Ô z!ì +ã +Ù¢š=Ð~‹}z,w†f·6­-|0øÿX§ëç:ZÉiMG]µãÏ€“ˆ#ÇùÁžŸÇWÑ_'bŽÚ˙FVf+Èø8ä>Äßαœñ|Ï3pÞ#-@í‹;†`ší>’!‰6·Uwݙ +NØû)eÑ·Â9$~Øi¢Gç°Á(ʓ;ö‚¡4¹¢ÛÉ +6‹,£ê™ +¯ôîÆ>‹©·p,C[ÑìénÁ=]Aðt›;üo9eÎþœEÈ +=Àb1+„ºÛH/¹+ÀýÄþoö“úñª}ý˜ú51ºi“aSqù|‡GŠ¹k,Û +Lœ0v0T‰­„3sžÏ +£é`Qè£XñG,C›²¥+~©­ò‚ö• +³3[Û¶SÈGykŽÅÉ[Éç¿^¥¯²wKÀSWÍÈn`Jû +¶BæýcÇ +f:P`è=eãmþN¥ î•_‘dþÔö>OóØMž–É£ +P›V™^2Q©Jˆnú𠂓uXžCWÂ6AÖ+z.³m +éüŠšQðšõþkCAXd°nŸË‰Äº9ûåH4bk˜oüŠÉ€{ÂɆ”x»jO3J:kt œ#г­JUÛH[xŸÑB£újÎb.¿óXæ=?M߇å8z=>Š~' + +E–«q%,͂*Z +è@Ÿ„»üłžúó +&“íï¥l‡K::=›•Ýõò8€vRÕÔ»,bÁ‚RߍÚŽÅ=ìšE3觲Ž[{«Öô쁒ñ÷è.ç€ÁÉC~±É¥AeBÛŠbU§x‰'šäCĈÇj,ž$¥ŠweŒÊ +J­D̗²ÚõtŒÉbd5<ÊAŽºÔ†Mõ£ÁÓÉ/™/Û7Q8„úù3ŽjÁÇuŒw¯KmL©”Àb™‘cÌ·FÐU^®dßçCŸÈŽ«9çŽpº)xfGÞ %¢º°îœ]qµ’ñ‘æãð!s Y‰NR/ź٢|øÊšzE,X¡p˜€+Ò%Ó"¿1³nL²L˜¿ + +lÈ6#ҙÓ_ȵooñSi­Szv{9÷/)` Þ:Gx +K¬Æþ¥ÁcU3‘ÈÓ° +üT:8êB/û­ ÞÇÒB×?•ô6°µNáFߌšŠ­Ã,­›²Úv +Þœ<4ë² +ó +6ªÕ^?#˜ð +Bvå“Ù+®Í€)J±šËƒŒ˜ì›é©³<ä3J‰ ð <»À‘‘鄆‘-•ŒÆ㓞‡ÈÎÃM”ýæì ƒ†8†x¡c¹äšýõ}Þåóô—.íhƒ²(Cí$UµŠÕLÛÞXEÒD£;“Ì: +ú"'+šœ\\œò—0‰q’HƲH¬õ÷a{q4=¬Ä + +’/BF&àÈ©!óhøks&¬ëN‰«Ä%€ YMDˆxª^¢üÞžoºÐ„” +™ã16x®–Íå ‰0™jK¿`ÎepÙÀ¿Õ?Žv%UÁfÀ;Ԁ8ܒ +Æ +_j¡`0å +Ša+f8Þ)aEŽb8á)•°ø@L•mœ‚_‚†?òRoôšóðB kš|¹—µ€‰„0žžj@ºg%Øèž/d«N¶˜É?ÑrÛ*zóÐPÍ`VJÏ6 +™*/}§)ÈBºš¯W +:ë‡4F‚dw +”’WŠsÂÎoT¯š ä˜ø&ã( àÓô°_Ñ(ŒPth.žªãw +_˜;A4 /3dŠB0œîF +@Áüďû÷kó³D ëœgr¿»~Ó@k¢À*9ïƞÛÊl”ut/{ûÇ"Š. ù†Û·Ä# +áž +¿Ä³@Ü4IŠ\Öݘˆþ€8à?kÊ)~?úI>à6Ç¯[&Kç êb8üßÊù +yôºìe’ö6>`Èï}g?gDGÌ°|YCŸM:nä± +ëÒÐL|õ€”!HcéõÃçÕOª€H¥3V‹Ø!ÌO^ÓJ-kF+ÇŸnž ++âN8N°ÝÒà#k2ÏyhCðgýŠŠ¡*€t8Ø?sÒÚê>̞`o9ìÎq«gcžŒY¿¬V•Ž%£e I‰t¹6O1ŽŸHÉ[m®­[~œvñM,Úš”kσŠh +Ì&šðݝ1B€ùúÌõ(‚· +ƒIáQú;×y]ÞלfL +Ï«ý¬ÂJÕçæ­ä—Š”Î߄æs±TbC¡qq¢ZºwI‰äµÖlœ +ä&_”.‚è yÒè~uUÏáÊsít±lÊSŒä€ÔúxÆû6æ†Ãº€.ëXSIÖ}b +NØGó]‰‰Ò Ž††ûdA7ïw(ù&YŠ„°uˆkŸ$‡oÖς.yXˆ­­å<àØár÷VŽ.àž3{¡¬\Ø$6ΔËè.„ŠÐö÷=œ†@°« +jœy\ ¥\뇜üAvúЇÂH*ì†0imŠ +Ök€«Øý3òss +PK‹xŽ—u~Ùb +qMxÜæ±Å][öžP*sò–äx +'üÏèçغ'ïkm\­õÃÂPE2þj%•G€¡rrvlºw4ªÃ$p0 +ÉÚMLÌX# +R +b‰ß58"8ì̚K5qäCŸÉ"L+€+¥.}â9E&J +Ռ6ͱ«H§â«¿89“ñŸÅ× +øŠ|J +CBqù +•WQ%Q+•3oÀt`.iêi|îÜe4ÿY1ŠS +:ÌLtOžÙ»&âµÂïó¬Œ$Î$â·¯Hßþ»Þ3ïYºÚúìA_Õ KY§«tàB”_ +ñ ˜&c<Í>]yÇ +œ¿ƒ²Æ³ßg9yâú¬•ìُ(rTÏ6[I¿²*;‡Î«î +2gfˆT5=EíxÑ¥wÔ +Bršpv€Ì}Srkþ”+ÐSh£ /Çqò3›XFœA€v2¶µa•Ao€Úûسnâ}M +=ÁkE +rm_1õ"ٖ^ÃŒÙÌaï*ð7–‡®™yC•WQž ]àNŒ:Á +5:A³¹Ð11OÝÿ{»C‚µöÍé¿ñtÂãë¢výt^.u+[M}¶i9ääA€Kâ¹*€¡?S݃8 +J|èS–‚ úª#¡€b +UÝÔOî£P=º>˜ßiœM Š“XHFÒ`ŠýsØéÎs0`é©d‡[û»:ÒQ¥ŽÕZ€šS˜P_P4W¢t;”Û†ªW=4·®aEiÄ2 + +óƒ·üjœî‘,Õך՞÷fÈ-bŒ^«ãÆ `“øF$u ìi3ك¯øÍ@ÈAÒM¬Þb†œÑ +‹@<÷lUÃ@᪚â%"ì)v>^# +ç/»(Ðøž +¶X±ÇíèUØSB³ڐ”‚nC)äŸ8â§U@GÎ [ύbÿßDls.„§ØÞfå +<ð¢t;®$I^ ¡!÷¬Å>æ. +8SœÝ‹íÇ"æŽËîü·ñl +ó:¡ÔêÁK×ÇZª5}i]Œje4^A²¿ +™ƒ€ûù—5+q›þׄ³°³(”×þË["²Bµ²ïŠ¡zsE„r÷lÑ9”3;> +\Ñà^eɄœ™ër•¢è*ühVíɐC/dš«®s[q +š¹ + +èA؂@ó­€jVÛœ?å)!›j2 +åW“ò­šOÜӒh°';Ñàî,¢vâÆé&·QÎ +ÐÂ1£$™çëçقßršd«/èÕ +up‡À¹ÖáKx?R å[ûŒ +%^žš¯µÐ÷:MÐmØZ€›-›Y<€ØD°/\“â}LEx*q¹åÊD"ºßfœÝWL +txÙ4I€š­:ÿ»Më1†>Ö + ÚÕG +QpI» +ÅèkÆå?aÐONoq>ŸôÓœxûû4/Waæ0Z&«œàjau4Ù²hŸË·»_üßKÑfõõò]V7Ðvœ¶ëAH01jÜ°Áï.fIh$#ºÙ"04? xOBƒ”sÑèÐU¥" +%ªihj'ñRw:Šte~³vI/{éÔØó_èp¶_qÏDæ³zS-؋ +žãÍS;ÖVe&¬+k~Ëÿ!@æßÁŠ +ÊphjOtÚ à|eZù"Z‘Û)õ¹©2ñ+Փ°ŽvO«íW·4‹Ï—›ï¯5è˜!&Mˆ­Y[5 +Z® ïŸë®¢[Ç@2žt_¥sMG„£x\›,¡<ä8§mZ­ÍTØ35äû +B—äõçæ(»ˆˆ føöHj "ŹhÉ +]iŒž'"ºy›“àºàTª’u¹ía +鈃Cª8Ñkj¥\&m +¶ +æ’gƒfìùFÔõtȺÛ@áGš_„\ãøLâ°áNµ‘UªŸ¥5•ƒŒ ٟöL +ҙ›Ä¹÷hˆœÇ²+NƉJjÜ=a‚FmŽáäMÔø®äë,PøŸèž5ø¢4;O/JY +^4N¶=U‹« +˜“LÖÅ=Ž3žÚƒËj|:û9ŽeôVŽ† +¯-•˜æõ_P’özªËE +LÓî‡0€ø6:÷R·Ž8z.µÊ€Àë$FæŠJä¥^Ó¶pã^ß¿\ˆ +«><1N‚kðu;2¬¡sKa pCiØ_GžÝŸQ2„Ž7 +Èà˜ÚïE-Y¶=mD™ ¢2ø4=‚Ûûçou³x«{ +6&Ë +ýŸÿ—ñ• +]uÞu¯È.6wû)ßUgçoƒFd +5,@‹bÑz`iþŒ³«GJá-1\ +Šq[™™©¬–;œbh {G×¢Ð«KdÈŒŒóµ¥d€ï›’@­K)xߏ}zÞ.p‚Š.¥Òv]°«ÔëNڎ/nǛâùBš +‡£ìãS²Å Äm¡BŒy–d익­¬@)ÓeöSÒËx€„Ç€Ò-v·¹›}²»*‹:€óÛ¢)ŒÉôLÞ) +{M°ùÎíåFÄ6 +Ž)ù +ûàÐfZ¯ÖÚÄH-'Ð)`öžýˆZsü‘©­å8V¥ÈXiÐ¢dÏ +Î=•ømÛtÆXÚ§äß +¯\ÚgHS²„]e°üDŠšh£è×)î +u“ ï©u$! +`ûidà©îxÈ& +*eýΕE»ýGÍa‹ŸZ8r +/Zƒ +oK|Ÿ%Xïö×"×ù¶ÂRúñIQ|}ñ'͌±ºU‚khJã^ +X÷,ý?;%œQÛø?iÂ!XöŒÖvëõJIœrVl³‘¶Uk<%0<ˆ7rlCŠü^pô“Ê’ +/ÆÈӉ)ÕQœ`ÒVUš3ºHñ­ëéŽö§?rF.·È›õqFô¶Vâ¢"#s=áڞ˜íòävm +¡Ú_Š XhMŸ—¢PžðÅÞu¢ +Ukjõ)N±Œö/Tž`(Î ‚ԕˍÝQ:›“bfæä×ÛOE0oïržrîèáß +}—eœóŽžØ7ôa)ïŸ#€¯it +»¥÷ÊF¢Žîzn?!r~õýüõ^Ò'!/£fª–湑זP³^Cš³‰üã¢ØSàoÁñ»@ +Ç4š>ûÓ%)3¯—’,m­í÷f÷kú'µžk(™n +l„o€Yvq‡=är’Žåq +ŠŽ?m"䫉°iWwD1v8k²Í}€CËÏÞT¯JG\Š‘Íòqƒ«w2Ûê‰á˜fûíO¹[sWʼnØï+2R¬—VøB®LpÅB¢ñ7`þŽ +û83‹Yùè³7^Ð{ˆž¶Ü|õº‰c9õ +¶DŒzâ +ۛ³QÉ&ßD +ÚZ÷ßš[ÚUZk-áâj>\æñ9ã,ïÇ7üŸiZÅæ³:ΣÆõ +,ŸÇòÒ +“ŸA?©-–\%¹ŸMY6všç=Ý€;ƒHB1û +2ò$ŒZz°Ï]7Ÿ—;ÖýµaŽy-g’”Êšrþ'}·€å?¶ç”4P¹ç³FÅDÙ}b-Þî’Ö‰Ÿð0Æ«ŸÚ«ÐÙ=6à ++Ûº“Hé—6òš: +ÍÌõæˆ3q\ÅŽ™Š&_H• +z+î߈5o1Tè‰ÌZu8ˆöô€Œ‘ä©üUEYw­'ßêOZtYGUö¡BúßâFéÒ?œè«·(tP +“à¶/Sït"#cF– k“_"F÷ª)GŒó<ŸíʌKÛGš:òô²™HºZÎLe!„UŽ +endstream +endobj +6489 0 obj << +/Type /FontDescriptor +/FontName /EXMKXM+NimbusRomNo9L-Regu +/Flags 4 +/FontBBox [-168 -281 1000 924] +/Ascent 678 +/CapHeight 651 +/Descent -216 +/ItalicAngle 0 +/StemV 85 +/XHeight 450 +/CharSet (/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/a/ampersand/asciicircum/asciitilde/asterisk/at/b/bracketleft/bracketright/bullet/c/colon/comma/copyright/d/dollar/e/eight/emdash/equal/exclam/f/fi/five/fl/four/g/greater/h/hyphen/i/j/k/l/less/m/n/nine/numbersign/o/one/p/parenleft/parenright/percent/period/plus/q/question/quotedbl/quotedblleft/quotedblright/quoteright/r/s/semicolon/seven/six/slash/t/three/two/u/underscore/v/w/x/y/z/zero) +/FontFile 6488 0 R +>> endobj +6490 0 obj << +/Length1 1647 +/Length2 17526 +/Length3 0 +/Length 18384 +/Filter /FlateDecode +>> +stream +xÚ¬µcx%\³& +Ûîp' +Ûv:IǶmï8éضmÛ¶í€c«ckúyß9sæ:ß7fΏœ¯œê^uWÕº«j“Ë+Ñ ÛšˆÙÙé˜è¹²6†ÎNŠv6²v\ÒtŠ&fÎ@kÀ_Œ +ŽŒLÄÑÄhagûÃh +P31ü0103˜žžžàÈ"vöîŽfæ@¥Š¢ + +íZþ¹0tÿ䯧“ +™-€üïk;{[à_ŠÿkG%ÐÜ`jam‘“אPŠËªÄMlM +ÿ!ïlhma¶02±u2¡˜Ú9¬ÿ}ÙÙ[üSšý_.!'€ÀÉÞÄÈ⯛‰›‘‰ý?-ÀÞÄÑÆÂÉéïo€ +ÀÌÑÀø÷ +€v +[#kgãøk7µûWBöŽvoØüÅþ’ÉÛ9Œ +-쁀¿Qåˆý;O ¹ðŸØNa€éߛÆvFÎÿ”ô/ì/Í_h`aëšžÿ‰eh0¶p²·6pÿû/™œ£Å¿Òpv²°5ûÏ +hŽ&fŽÆÖ&NNiþrÿó:ÿY'à«ÞÀÞÞÚý_Þvÿºõ¿r°:™X›ÒÃ11ÿiüÛÌÂŽáŸ~‘°5µ01þÛnìlÿ˜‹‰ã¿ +ˆòŸž¡ú›„±­µ;ÀØÄŽAÖø7$€òÿNeúÿ>‘ÿ$þoø¿EÞÿ7qÿ«FÿÛÿ¿Îó¥s¶¶–5°ùÛÿÞ3€¿‹ÆÀðw×€ÿ,kGÀ? +ÇÂèÿãj`caíþrþ¯·ÕLþõÿäü¯ð¿CٚýUˆŽ‰žíßf +'1 +7cy + ‘9ÀÔÀúïãýË®bklâhmakòWäœï_'FÆÿ‚)›[YÙþ£Û¿![ãÿZÃ_ÝþUƒ¢øߞ•€ù?lÛ]–ÿÛ@ew{ÀÿŒ€&cgü¿ÿP +Û¹<é˜Ø¹tÌ +Œ‡ñï8r1³zÿÿ„ýÓže +€Žn-FzFF&ÀßïÿøüçIç¿ÐˆÚÙÿÓGJ@[ã¿­÷¿ +ÿÀFΎŽÿ×6ø[ùœÿ5&&n&FpkËvF<–©iÀZìœáÉZýœLàÃAö% +Ê +ùŸÕv=>©¡;\úï5AôÓܟmîKgö’Ô‡£œXÖ=É&òðœ¿Sõå£n’wpÐ +ú3è– Š«Ez^-JoCh²3ª +îN*(ê¿CLw°8Â\=Qù~wÉ÷Å }ŽGúe”RƒÙ‰Ò‚V[pvNžpòôH1862<ÔsÙw€G“ +KÆãH +á됍' ©Rá.#ÝT1œ>̶B˜ÆڗZòÒv BYª›ŸAŒœzVÐÁ#%} Hÿû) + +R÷§žœ²Ô3çñüš-±îaÙkRžKՕJ›Õ¶q˜æ7á-ýŽwùåv +«ÊuÜ +)Ì¥1cۜûÖÜ! +ÓVÀÖÓVŽÞÏUžw•nã^Ńwæ~TœÚãéêÒzˆ8?@XÄ*‰_LŸÉæD7ÿ%ìÜ&Õ²˜š "y·c”±å‡&rmSjIâ‡ï +Œ=Œdˆ£S™<-«êᐠ+ɖç0˜?"/è\ã-€ÁÄŽÆo»6Gé-¯ËRÏÉ?«²|”ú6Ždx™{Á_ŽGÄFZè Ï?û +T%sXlˆ“!ð­£þ‡°êà Aß©HŒîwSçt˜wì‘ŒžduŽ;Jƒ&aÛ +w +/eŸæ‚¥xÍ@~­ +‚P +³q0Àُ¡íáŸ=£aiEœ Má‚òSÁ³º› +X›WK +A_ +ÏÝØÇ¢€K›rIf¥à™¿œ£2íûô¹§ôÕç>8U­­ôö$ʚP9É<—\)ÿÔ*àÐ +@Êfqâíb£éӂÕz“LNŽ¡Fª|EÆ#EÓkí³ÑW%xîð(ÙüL’šiA +ÆÐÏÙJÇ ŒßGs–›gnJ§†èµªð8@ŠÙ‚Ôheu äÂw† +ñ¥SV +ô"„×#¡;ÍýSóçÛJò‡&!áuõ%Þøà}Ð{õnø +ºn–ï=ŽÃf¡ÞaµÿPNªç¹L6«6ňPΑîO¥FHŽU’}¹›.Êoó„Ð©h'9(‚ù+0+bœêåJ~ÎéƒY÷›[õ°ùnŸú]d0•¹÷–€éÍŠ#=xf"SƒF]¿Je5ZdwjÐ]FqÜ)Æ{å÷¯©“ÙOðȒ)>À˜‰Æ5šH1DõD¯Emµ»Q­¶ÅR +¹Ó·šbÛóZÀC +‚d¶X‹RJBÁ7Ž(KËx‰Ï~IƒÃ§ÉâýwÍç+z襓eOý*Þ;ÃÂódMš³$ÂM!û¢ +29!»«>šMƒÒágßÑvßo¿G Ñւ +œóž”'gÇ' ip¿¹0&6ùT²÷ï#Úá· +*5-Ü + +ž†3^ı”‘|Ó:æmš,ü¢²’ˆ%Žj# 4®ø风"â·¿”ÍP©+bœä’ +^L°g^ ÚÉ]€Á?Pä9¿ +^à l9 †rm­dìûÁDŒ|Õl +ͪׄZ{wEK4 +Äsågø®[õGNµ ”+‚'úiíez7RúŒ(¶0ú>þ²#„Ì7:³‘²ª×;ᆧÇ2US +F×+g5ú¹ã +ÿ»v +ýÍÂ@˜žhjQ‡û +ߺÖé!ÄC³ +wYŠ +_qFZó`O#Ykð¢CÞê +dÜÒÊßW°Øl€ÓÃ:™u³œ YÁ‡¬œëQ±>é)ßê­õ#6o›î^|èÍÆKŸ– +ÉÇÃç-:óh¡ÝÕÄCXgî}{áҚ‰ª­bê—QìâËBEÝȕ²V8ÍO℃X{/ðÚDíΚïù×ä}Ë\^ªO+ó +Ñqp»§|§ú +÷³‰üòôŽ%yvs¬xÊC›ƒ¹Èßlßk†ë¢lex’ +ŠYÉ:€ŸC„RÝsá^G@²<ÊÇ-4T)Èâc=,”D‡o(ÇMâëÀ3ðzfe¹6Cqt§ ì +‡é«N’Ÿ=cgìžnÓTç\Ýû +$ +åH!%~Þµ1ŠÜ]ºÓŸ?Tx÷0ŽŽ +ÚÈ7šßŸ.€;˜âDi¥Š“N•š±dr Ñ'pɉ«|¶6ŸBޑ_jt +tÍuOÈÁš‡dŠñžˆ©nÓ +·7{³M«»ØT_õ*ôÚ˜þêW3L÷5òáF§¥×œŒ° +: +CŠbüfaÝ`–p*AÀÈ2;47XEˆÝaw€óÊ`:HÐ+îÚçV”J€ÔT=OßR1Ì}Å;9æ;ÕV‘Ž +qT†<‹û̐ŽdsgºëgD˜Ñ +àZëF0§·Ä€OeȞ©ÆÓ¶Ž²†s‘ª‰ +ºY« +ì`Í¿º%›'ïìÐ8Ñbò +]ù;‘[x–\©;·ØHjíïp€x)Ÿ€2Wrÿùž%*pdÄdõKãŠñ@ŒöiGfröñ¯Œ)_\ÔMWH­M,RhŸöU"œu÷<#N˜!÷–fCwž+õ, +€Æ + +ú%²t +a]„ËÃpöÉåÙ7òÇ68ó©ÑF +VØòí˜zZBFiÏ©Ë×{[ZîvÈIÝÂ0¢în<#‡IFÁËoà\Û®‘ÙйeXž°æió +N +Ž¢ˆÂŽ¡»Ê¥:¬7e2p°cå™ÒüXD¥Cdb'W­%=ÒÁ¯¬_E4|dQ¿¯:ÂÙðj7~2Rèъœ&ÑƳôÄô&Ùl±ãøæj#Œ-þ1ÏETŸœŽõpäÜe@ÖŸš«ý=ŠšHŠ.Bðž?™Êfs³KØ|&՞Ëad|Çè\iÑ3è:ý÷ò +tÎ# +1ý08 +a•²øa*ëÀ­öö^y:âëöD$|ž¢FEtœuNaÌéèêó—8ujâáHô˜Æ§œçŁÊ¥ŽåÝ<Ôl²."üµs²ªŸèiQߍýÛnƒ‹êŠY2SАñ@páTÜî +Bœ)[m + ¬[ŸV6¯œ–µŽ^ p +Ö×~Ìbè¬(‘EÎËFàl4§ æ)ä/[Ä)»D”Z“Óüüìcâ Šs.Ôº“rÆšå^+™À“ìÐ +Í +îó8T©Lpàœu©oD®Ð4’H_7Ð,C»pr*kó ÷çH’™*å +ò²+œaÑS†yžžMsßÞ¥²x‹ÞŸ“]âDžl£}ìlðgMä‡êµ +wçÏ~ÄÙBŒP:‚oˆ€0ì-ì¢äÓ®ó$ØL40NT)3d=øy˃Tã•%ܖÚe¬H$Ô”ñ°!NW"èSá‡È)"P)©4 ú"®ûúî`nüÅËÉ zúÚ̒®Fç»ÑŽ÷ê„%Ӟ¿¢—GR¢uªñ=Ì +F‚MZÓù1{GQ­_,ÛgÏ=$<éM' +Ÿ0Hçwá,÷ߣþ<wÆÚ +[µ6ÜÎýœÞÿ†ä;¬±ëPÛö+¢C \K›)Œ¥V?š6KÀ­­µŠSÜÄ&BIW©íÚô5fnj,?ÅZå +îݶfx€Aµ”ˇš„òj¡rnÚ⏃­Í ƒ° +þ‹ñ +šÏI¯_6»ŽÔ֖|גÀ3èCÚb›¿Ì‚ضœô. ÿäüU& +¬š?ºD V« +£eØì®r5 +Ì;ûrM†Â/fh‘% +×H”.°G*ËHàõ”Lü•è”- +L.Lö+ýéŸ&@‹QçÃ× +eNh‡¢rb"tðü}-+H=rȇ‰ +Zã~EjÌ[{VߢKýŠ: +%ò–ÕµVî +šY}Œ,Ïú>+p¹ßÈù3bª;Ðež<¶}jFÚ·ƒƒ2n&§•Y7%îl×ðîÿšóxR¶üyæ_¶Ÿ#f¹? +äÙv¬YD")zœš3䖊˜§”îZ˜Ëå•ïɗüq§S€“ŒË-""zÝ®M÷ýòœŸa+ +µëÞ÷ +›™xkzásx”Ü+=œÞ©t“# +㺐¶äÏ'9CZv5Ö7ñ£4q⏛óLV抻.ŽmÚù^—ÙN9Ñ:<û€™2æs( Ãu@Z(ßÛ©,‚B¶v&«z"žA Ÿz›ì6¬6wÎ +/ÀĊ—õ"|ÌüÀBk`Èc'>°`69ԍÑgÜ)§NûٚñFZYPNsŠH¶;ŽÏŸ42Ÿ +| 9t$W™y[Κ›pQ!r€oU]žB +ÊŸËœ®iÎsò[—aÅ +ÙSõOäÄT—Y‰(âÞæU)÷ñWŒ—/ +3µý(|9l +KRàá>»£’ãOÛ`P£¹¡S©J +òӎ^°ä¹Š`Þ$ +C`x§U=1ø-iŠ§ÐÌ +›ªvÓüêŸJ9‰BɪíÞ\ƒãÇS±Ï;?_ ÐÞž«™Úwò×3ùÙjÐù׿ŒÙÜåT€áö GÜ5;øၫY +‹¥P/‡~ÆOHxÃ6‚v‹ÇœTPqaKAt%pX«[wCA+Tq + Ė^äk\©Ÿ6:îQu6֘ºØ®›ÍtŠížÜápd"uÂÕ%äýlt$“-üRk4Oõ’qÒã~“ +Å*ý~€Éšïm‹mzç² +ݎÂø +¥¹®:Ì¹hÅ@„EžEÚæõ +ˆ˜ +‘:±ø„ +wöŽÜÚ»)±{¯`W¹Ò„TDó™aÈ=ŒIñf¢UŠÖ͋©h$ò'>ùmÚn ÄûõëZŠ)ïvà—r.~?û˜êMÈ朮=¶÷úËïš«8·®f\©@“j˜÷Ü9 +. +O*—$A¥—»0ˆ±š¬Kvà +áLÜm続z¬{¢H+™LY„¿ +,‘«oCš{“`“|píh)¥×±„*¡ëáŸô³7º¥pÓ¢)5Æ÷©ä+ÌqB¡ +œ¹A—µ OÏِG>Ó薥uü~‰ ¹ü@°9ùtÏüB©%Ó¢TËËßæ©ŸAï)~|¯ì§Š˜Àr®Š‰§ÏÜ MâM–Žž%Šÿ¡c¢ +á:*8søÍw3ž„’÷Ln¿†šM‹t5N†"Øö~º M]L +ÈÔՑ‰÷±zڏ^Š0[Gûª›P²Õ²ÓºNNæÁq®·ç»,³ºcú6ŠL£9Z’’-QEE‰KN–žç0óÝDÇQè4'{äÒq1#? +±ýª]}5Ìd›XrJˬb:€RǂÌâGB +Î{¿òúëˆf>]àþ&ŠŽÑ¢±Ñ&€£Hp°•lõײj%ˆ +dù8Õ +~Ø=J·Úš®nö»Oâ“t¥V#vè,>‹’Ð~u<›RW—AË}›gêo‚— 3¯í͵ŠÀ\n;б|ÝuÂЊ +•X +îZ W}Õqœ¢ +”pΠh}ÚO0éÄ€`rŒãBâ%Md[­>‹ $îûvœæáuÈ0C¬‹ +=\¿ŒT‰°ÃGHi Ë +ꍙÌý œ`gL r̵æó‰” +—”wF³køhÙ'æU0(.%÷FD„ +Ž“þ7j +Àeç£Ø²€‡}°>Ö¶ÌÝòg³”沞 +mP›’"àÑ©d&ZM +,Lcôk7m!¯D·6îUrü”™mEËWKŽ•\FˆB$\g”¡NuGávÕÛ² +Ë]ʍћã]âlG°[€ +XÂëid¹7Ùðl*//©íµè5N"H£‰ž&q_è”_ð‡òöççíT@bSÅéðBx¶Ñ<ƒsö˜c¬6ç4;I ɲâà•ý)'$¿¥“\Hí•÷Wùï öŒùñRDù +Œ×@ž5ßšíË"Ó¯/Îcïñ)î!葏dC,v°Rª w/Wîþ•Ÿ=¶á“.î +4'Ä-ŠüpÑŽ9‘"X +øEÁpNßALŸT +2Êú¢”r +ë˜3ǞlºdI]²7ì×Z_ȶ1wp²©÷ýã?( +ïP¥eÚñ— 6ü‹OäÅð +£ FnŽ6;öÄïûmyèñÕöñ5õ:Ô(á`&sìéЯ‘`<íæ:5ŽÕ¢ +VÊ=?º-aŽz;ÿ'3žßžvÜ +@¿þ®ý™N]Ù(§ì~tjšEí)ezQOü"k¶ + +é“]«Õ°ú™'yùkÊãIÓ%ñ¹Õ +œÁûžTÈD°çîXtdÌ.ãÍvŽ$/qêf?`­­ûM³ŒgTÍ8⪕§ŠÎü+jù˜ó§ô¹Qi[]A%ýÇ€ +€\Øå +çCŽG³BH0š‹®ê²ÎŠg +ª‚‘?»Ôñáã7†ÔA4¬³“µT`ÆǺ܁V¡îºìâþÜóŠÈÁ*?Rޟ|ìŽ;Aª¹‚ +x3 +Xu/ièŽÖm‚•èÞÓxlp>ç--ëºcwý‰_„éXHö +P¢‡™-²µëIï£eJ +ÊGõ®÷yVŽœûgùòVãÂr¥0êöVf'×Ác••)«hUn?¹‰RóV{ùZš~Éúž·D$ùôåÝô ÛÖ4Z±åèÅ(s®b*,F8œÅ©ÍAµš +üh;U^ñˆøAsÍV€Ã,njŒ%‘*þˆÑÄnZŽÌé&»ï÷Å&IÚþž +/õðÞäŸBÃ!~#rTÜ+¹>ÚºÄq +[m©2Ï­+Ða$ +Dnû:š— +*Q­EÜž”ÀªbM;üÊEƛ8x‹âKᢀi)“QkiŠ@Ó +ããVë(ËŽÖôÇîEeï^–›âV¢¯Ó¯R°ð +á_L=ÝÝþV@ ÄÑlQGQŽÖ2§àh³A.Öٗ4Þ‰Šq}¡™ë^WR ³ž5_FÌJº$Eß'Iê¥Ú- +ž?™dZžöLX=kR8ÀÛÙ_þþK› +ÇzŎyÂ/} +I€. +ϑ<Æn,FÙÔáv`Ž(sU}œô•šÄ)à†Iq1Ò}uãâÖv +Vn#Ï@ 7Պ P•Â|?¡'W +òÌrãŒ}A÷ØÍÈNû­ìzPPÆ¢o”ÐòÐ>8 +—·°äpZ«W–âë#êHž"õО¢ÃrJs0ŒRoÔ/'Ç@CæǏÈR•6Jœ·°_äqˆÄžà6ð +KÖ[ڑ’.•ìøF%ë +²­QJ¿U\ãŽ"q¬ +#¡i-×~üpòžñ"` +$4¡ +õ+ðq{{%\ +RòŠ—šè·‰+ $®)ñ4I'¹pç*¹â£”i:ÒÝE1‹0—Ý•}²ë—YJðá(®žøs‚†AË*Ζ>"j Tn•|V·z +}[0ª-­ + 7ÏÁ~"η—@·cùb‡é!ˆÀßwm^8Þ=ÝmN2û6³ÿÜé›.eñžý +G=)Õ ¶$ên‹4égæRҎní¡ù J|öGh›e‰‚ e"û'aôÎNªšÚFEUš <}øa3ùÒ`Z°|_#K~5Œi +¶(iœ§³IãÚ]¯FY žD»bG/ îW +œÃà©WLÓQDÖàXŽÎ“owwsrØ& +Æ9l&~p’è,crÑó9»Œ}z6™és_µ +ëÓsš^F &3žéÚL:Î_Ù×Y 1 +¯¶~—Uœ)˜vZ)ˆ2vR2BUž}Ì:4‹Æà™G`›0¥1ڇd”QÅé™5/ +ñz +þ“mÙ;ÉJt}¬’5ú +qÇ1îœ3ŽúÉ'xnX–Ûªˆj ŽÇ®û† ïöÛá +A©Þ2è1tð×ña|wÃÄ5Gô*{ð6{wÙ›M/U(›²góyWWù{W+S—<“jõz«¬ÓD8!O +SÏ­g§ûî20€£‰î„Hªª +wW!~®/”(•ûAx•MI +09Zå}Ä~—bˆüŠØJ%Ýk·Ú”¢·®SpøƒKÔh^&ˆí(¡©À:!E›‚Œã*Ÿ·ŒËSËóá[1ÏÆ_i8‰?Ù[à¡àØCܵe‹†RX>Li±¢æÏÀ7p&ϙOÜaD‡N•.‚XiŠÜâEaOÆŠìqA©§ª†ñ‚ˆ€ºî·Ï&è#Ø:£[3èRŽŽîÕ úò¥^ž(ü(qnKÌÝãÔ/\.‚Ñv•z„x;vŽHßq8¶Ê5C05=í¥§F4rS¶+›{šNÔXS +UâB8J] +«Õ«™¥pÕ*g㮀Í/3+»Ô;Ÿ7(E+€uæ9÷œW'À=.‹'¿ÅËHKщSšµå÷«±§S[ç\Søò`óÀT9oSQÀ•Z +é’HŽ1G©D±Aۘó1œUت!Ìљ¢=,fNŸuùSŒÿ„ +õÄ +>€š`Í®°SóÑe0qý×á4°"?2R-HâËO"¡J +vŸiNҔ.wì[êÂÛ.ë®Ç©ª‚~˜véRß·±#‰° +«_D߶à +„R²[xäñ-­Œ +f¶Éb®Æ&ës#ñ£j +òmèÁÓS’h"˹ÆàtpYµÈ,îîëŒù!šú +Ñ&< +~ï5/M¬.p{ƒZ-ŸÛ<4»‡R­W%ÌŒ.ß!Q7&ñ57Œ”}s2dd~pìšYÑÄkĉ2s»pŠ· +Š¬ÐÌŽK)Œï?M +H퓶‡ŸÓi‰”P€éj}?œüŠMÎxk +ô€utB'ˆ/ï"ÚØýÅØÅ +®UÝ +ó=« +:SkÚ +)ùÒÐ?"ƒ–§R(šË*àÅvW‹Î.ú–­TŒ—7 3œbž¥j7Ž9Ž +Ê!évp®OÌ[‹™Ühè8­õýáOFƒ|t + Ç^º­Î1ù’ïö¶žqÙ>ۆè;ƒŸ‡ÈR¥AÙŒüÐœ,²rÍkÀf)·?ÈÖò ìd±[øùÏ­ŒS*Øëqbn +Ó°é™ ‚žPƒ1ՁEKìt<£€jÎ2F^®a»ˆ›vÆ”O}\’2:•J Dÿª`Žë‡' +œ–Úþ/êtéFˆµÝ×ݘ#”ZåËÞêâߣA€¡˜f48 +{àz˜ÓòÝÒ€iêê"³ŒùÄ +äA +wö<·l +°‚óÃåzŽœh"Ó÷pú±’o›‘á؃aÛ[w]8 âyfåÁ(èì‘ÛÓ@ð ÚðAÚ< +ôÁʏAó4gøÏ|ŽGfDd34²ækºý¬šŸ=£Ï;~Ik>JWkKdÊÕäJØlnߙñ|$dÌëÄ™kk—ëÙ0Á­#ŠdÍŒþêiõokõ8žÓ“j»æß*~ñ–Ÿ|Žú’ogor±p +v[êkšåôh]ž¢z€#[AQ&J"'›%VMPWœ+¶®3ãJèe¿U8äù¥€rõÉâF,{Ž +b}œv¥Âßp}"»ŠÇxÃÓ + +ž0ŸÑO_šûK«{Ÿ'r°Ží ¯§¥ÏGJ2FGg՘ ñK«t×⊱qsžwæã[Jô/Ýøb-–ðÜ a—*ß.)€Â÷ûzÌ˕§êû!õ‘hwã­Ûë>Wq`αÎÞÆ +«¡çáÒ¶¯? Á&Ý* +Æ +ªzƒì +87V«)eÂîuq |áb–£nÆ·z4ÂÑÉ~‘bÎ ^ +‹Â››Åd +;šÐçkõAQù#a<Ý +¯] +åC® +¯J)–wÞ©4p"Bƒc‡ +NîŽ(6Ý¢b“ Ì5°« ~éÁ¥÷CHþËÏHH™w6PúPÅWxÊ£bÎE}(üBÆ«Ÿfµ7š¯×Dà»Hê|‡[¢yÕVY£ˆÖÉ +Ž+00áõûÉAO&4A•9׉žœß^@ +Ü°Ki¹*:àaDNI?žc8BÉmUýšG斻Î` %°>7Úµs‡H`@wÉSý :„ŽÎŸwöö ·–Ë¡Vr4Õø‰Ÿÿ•dLòƒT§zE;Röœ  ÞMˆ‘øѕØf +¢Ìà Žswhéò¶ði¶0ÊêŠ^vo'g†îGj€èF\I<>Kp±aü‡›Tùg3‹ËۃpËÇgPãëû“¢í†JÛB&ŒsŽŽuÝ«‘åŸ:2cë,Ìe5°ŽíDÒåŒVib0Pt]nf1ÿ]¬ô@AÑA€#Kê¹YöÙÑèŽÏ¹ùŽç<ól±]Âsuô“Pg(dJ˜òT +¢$y1štTÓEՃ¡MGUX0ÈËÃG+ä::#Š¹úúu.ÑçæDUTøôˆN,ž"1X7·žùŠ5®ùñÜqŠé".ƘÓc>B!—Z˜,F›Æ–ßÆäéö°ü\*Ošy°8ƒp¯ ° +m`kUÚ[o+hWKUΰõZ¿X­I=(mÞ –ë.IÖ.ZÜqxÃËmfR +ÆfYª W¥žœNù)ò㏮ +Íó¿3ÅßÅZ•‚Ÿ"×-¿rÃß.áÊ'ª@6/ +lùùM×!34vã«OuŠŽ‘òh2=| +|^µbÁvL/?ŒÒd÷~‘l—`Æšâ@È-dá€8W}ø~µ«}^ÊDp©Q,ÕûÁžÍ:¥Ç +’JÆ\ÖäÝJ?שÞsâÕϓ?ÏKëÊÿb€ÏŒ¿ÒŒçŠ§ËªKt"^ƒ_* + +JD} +Ý©>XŒpjÝä +ðVŸûø5ªëŽ~ÒãvwýÍiÝ'’;AŽ¬Æ^šO”ÿô–z­Ì +11vS}€í1êŽ)äÌ»%eG€+ü@ +êgMŸ +ˆA¯byê÷ӟ{Ùãžöé<8 +@Ó×Ã*kÄ$édŠ[1מ© +!l™Î»°3€Ø뒞Ô!#Šµšâ +Êó€Ÿaˇõ+Gãpšßšì‡ä@õpƒºVµ‹CBKD + +4 +PaX$ɟ’¡ORˆ o ++<ÌOW‰p#Úݧ¬ñ•ÆÛ꫖c”©@Šº»Î+֐\3QmŸŽ¡ÆÝFT×)—C­6¡ŒÍçlŒ`|µwø.cyÆÄÕ{>·eVÜTorúØù·\j"–ÆB%Žê¹ +nŠ)Î_GJ»uŒV&² ÜePœàK± +u€Y~̚ž†cbžÉ +JÇ0 +Ež<è>Z›—MlîíŸGÀ»tÀyoÚ'4wŽ26K)­щØT‰Ü†N~•%ŽK’í^ë¥R÷G5$ªí-Ž»aÀç~l÷1þ.ŽRØW¡Éw1œPSduÉE9T‰,ÒJ~óõjý‡RšP·ñ'@§Ä'\4<~š>Ë +ëÉωô,Bž0O­âÃ=‰Å±»Ü“@óVʃèñXœ:)·VÍ$ô%W8wÜï96ÏZ®›„’¯/užÊæ9ՋŽ]w¿Y‘oc©æ©BôÎРÞÙ +éµTÛ¬1Üˑlõ™–Àúm-0­^î2 Ç úxWkÕvŽXžã•=y€T9ÔIƒh‰J +3ûë²¹Xè„7Cz§I‹ÊŠ;Í­©ö +ÔŽªÊþÖAJc`l„qžIœ^whŞ^†Æl6S+láo/oŸ +ólBâ2ÔÂgrM¿Á¯]uT·µÌ1ê–͘·šAÚääçÓ©7—TŽŸëXŽIŒë€Ë'7ܟ ç[¢îÈ[ñÍ /Û +Ô5ˆiD#Ä/¬ 7v.Ÿ9ô +µ–îlIOÎ÷÷æm’Þ·tñˆÁ˜Š®ÙœJ¶Q’îR6Ïä’'ƒè\8_ÈÙÉgŠŽ†ò%ð€ùFo +8áÒdj`{( +ˆmðŠºŽ›sl¬²ˆ?žŠ—æØö#À®0jø„’¬*瀞H +Æ +r›HY-?ÔY—0 Œ?Í + +Ԕҫüäù¶Øv÷Ä /¹3ªô€ +£C-ð×éÞ'àœ~ÁppÈŸý³ÉÛ¢”Ç“ÈûF:¯1mIú_ä}ôè`;·dp¶Ff‘áàæHŽiÚØøRt'U•mÓèå¹öµÿ÷åDXš§+/4b}è‚[(aà¡(“˜žm¶Ç“žáÌp¡ýŒÍ—IŸfì +®p¶,¯ÊkXô*U[]wè©éPÆùh.Ÿý€ÒÙ|ä‰`²#ñKòòµ˜ !}êdHn}]Â.žiìT-Ì.5”Æ²à™­¶ÌÕXw.ƒòƒä¢’& ¥¬< +žÈ.~*H§¹kZeÆÄQœy_jEeÚÏ·äçûA;ÀE)QÖá¶îG7 +Š1hœ! Q™Š*ñdŠ0† +ùâ¢út%3"e +(4š +¶iͱ ŽKÁ‹&‹È: +ðv€SœQñèOÎåEœóG.v§Œèeš±ï% :FU,õƒÑÇnq˜³`ŽX¯9 dGc0<®|h#õQ7[Ñî+û¯¹Ýɕk +J' ç7ß͵w +îBô9€Ë›tkêV03 +»‘Up£øƒã +4žtzì% òþ)§ŽbÍopèL³ÂWõ)0æŽâïmKf¶7ĜìåÖ¬ŸäÎeVU§i–š©³xàÍt]tl-øՇý®Á'kè?ŠuÎÉXÒó†~$lþ¡TÍÿš·M'ˆÈ­TûšÜЬ šÕ¹5ªÀÍË +͖Y[ž™ªoŸÕñÀP3®íꝖˆÎ +t›˜¿@ÐJAäLH{Ed IžgB÷ùü¶‡åø­ƒœoŽËFj({{5šÅƒ‹‰žÿ"›žgÁÜ%Ôחrõkh‚u†‚M;ÄùÙÖªž;}ÏΞÛ]²OÐ{ ÛQ7{‡Ì`×Û©M›$ +òô8Æa/“·* +9Ђ[׋у2 +^-ka|ø†\©¶J•ô8‚f)ŒÖw†ŒT’GÍ¢N€š× Ç”ñáƒRÛ,å3|oÔÑ{eZ_ÿóLÁ’»Š3 +ØH$ãQ‹m“Á®2¢øó`(÷^Ï +>>FE(+rl<åàZº/? +/Šð©:ƒØŒÍâ>5Ðt$ +y8dœh è*#5ŸY/®"l +.óf’IÚÆÌaË +2Ú^H!!\wk¹™¶Î Óõ£0û‹är¡f +;)’óVŽ!YuÝ!ûfNûaónþÔ€‹VU×E.ñwèìš6óõÃAžò +ùâõŒrðíJéW¬vLûînÄào$®ÎŠåV°'²`?v筚43ŸßÎU—· +ºqÃø™x–·õÈn®öRä +`Žì+ëP á +Š9X ¿œk„²p6Ë°ã._¡‚ÝÄš8É-ʐU8±ÍO"ڞïåêé1ÚuG@**œ.â"ƒjRÕßXÅsqî!qÛ6QpJîCY⟠+"fz»Ü]Ïîmèdhœå_äF#ÀŽËaáùŃ⡠+͊ì?€š‡ÃS" +Ñl<²XÚZ£ˆùL~,ԑžÄõµÓúˆØs4kUWwFP¹ ¡íd¹²Ô4ºOh«ì›²ŸåyÊʗ’©ÊÚ Ï2 3ý#× +š +·jCä)ÖOiy‹ÄjÉ¢"Ça€ìG +ñM/]Ã1 +à:žMŠã +º[ց‰QŸxVÀ R>”lqÅq>¯žVcM0}š~†W +»•«yÇüô΃×X•*µÉÓ炱À—Á†$7!Š„œ‡ÿíÑõ†·ž=±=à_®§Ý¶ßo€9ÎP:EÁRhàÂcÉ€bý|'F#]áÞèÃÌÇú + +ºÌh–ßA57EÙr‘:)çØ â“+h.ŸV`€¹óœÄnÃþòe}^Nƒá.Ø +óf‚ +ÓEWÄ»dµ#iÇNpôF +!øš²esäï]X:¬>­Ç»¯U¬iQ³²š‚!u +‚ŠÄ +ûø8y¥Ì-t@o¿ñ*]°S=¬²QªyRƒˆÒÄŒž +Ìwbd``t0s8‡Ôk^éÞ°ûŒŠˆîõcœ4ê& Ç=„œ(”œ£5ÓFgëÝNY +8ªë_À†t;$PŠIèbˆÚž¥‡}ÑF +”3‡ˆVCcšq¡ù„ +w«G蘥!œ0¿+m;ÏfFîɕý÷ŒQ£µyxêXË@µo7`\p£_¬œŽÎÓ^Œzyðßôý÷PœÂ|;‹ +Û#ŸŠO¬°¥ì–èaš~«ñ¿-¬L +Œ6 +ŒÑ +>vèJ0ᜢæ:BA5Çñúd¡-µnp£•„ ÍéO2Ó}ã£ØaauIfÉÛªd Åæa¶aóø +#­`^ŒÌˆ'‡Çœ„;o³ÿN¢‘&GxË1‘ +97üÕh×`ˈ°iVwÓØÖÍGµªð€ÿ$wϯ¡³< +Û0ՇMàëÅ̀7L·#ƒøV”oWô³å«6,}²N';VtQ›7[ÌXB> ïÁ­Ù­M.8Të +<•ƒ¬Ï2Q¥»M¯‘Û>}©2X9çՏb’m[ý™8Ð÷”εŒ˜ê +>ºñY£x+ó¥}µÉ¯ÀzpэbP² +Лóåœáô¬‰ÞM +’2џÉøÌ¢3wŒÎÚG +ª ë +‡ýS5$Ãßí{5%Šñ„ŠPS’_KÉ¥“Єst7”ži ,åÔØQ33§ q­ÀPWÕԀ̪ +œ?Pòº0¹¡¿&_?ƒêµc4 +¹!‰¬â2+ô +z£Ô#L“x€žÕõ¢5d jDՂ/ÉÖ‹ô<é°Ú–­ª<1æPƒŒM #bvh°³’- +ý|ÁaïC‰ùŸ9WÿE1F©s8”è(óÝêô7Ïowv +øá0Êž€CRŽ\ŠÈ‚SlÏŽÜvœ[q8áâ_ éŠr6”‚¥¹®³¹c7/^–L÷€s“n6%(OŸ²Ä^úñ©$Y£OÔØʂN–:º© +"Û +ù¯p7Õw ÄdI#å¬Þø)¯BQ[ÓÀ|–ÝäÀ™Št"†Šç‹ñ*yèÓoy3ˆ€óŠD‘J jCÃæ°ç¶8;kw#‹ª¬:ü÷û"+1ñ3OYu÷÷k +vC`Ò¥ÝQqÒʁ>ãÝېQ8RÔŋ!=÷ŠT +¿QqÕó÷¯Î,ˆK8‰žÿÆÿéÔH²Þ̆‹ë +Ëa{˜†£ +·N©[œÁ‹$‚ô„ž&øa—ßMoÇŽL +8èò–,d{ŒHwÇ.päÃ9áÙyý +—üð°HÔëƒH$¯™×êsˆ +Š5H:»ç8’L +ÁM¯k܃Ÿø_ +W²ÆeŒÁÝiÚOtü§œx€žÃÁ»6ìHGâ µäönÕÞô–—Gº®Ô›ùÁ^pˆf™ÜNóÀŠYÍ{fŠ~CUí ƒÐ®n +˘“âIî>ƒ&Nl +V˜BAÕ‰Ú +yÕ®ú@l{ìÉÂ+]¡fíõ©4‹<}Z‰p[ìê +1˜‹qî<—ÉF'úúï‰Õ§:TÍßw⌊ÝŽÄ7꺖F#·"w UoŽš¯.C;«ûû‡K(ü=±ƒÛW¢?Bԉ!j,[#yzz+îˆè—yçrè·XÃç­j&xn–AX­ßÐC‹ GÀûÁÐæ蕟Æ`¡F›àF RuZ‰'øAš”î†ïoU nØ + +bw +œÇá`ÇÏÜ".†—lRÏùä22‘ìYÊGM‡iŸ—+úÂRLD¬þ!8ôOœL +€%ߒD—*º7 +Ӊ%é±$ý™‰‹¡4‹âjÏnþèԕ7Œ]oGNðŸF÷¹êº¡ïtwìî‹«GðÏx'6TX +”üÙ²˜^3FO +|Åš‚³~åךü&“ÍDpk33N?“ô™@~—Óuî +Ÿ ³,OqŠ-9ë3já~óƒœrK3[F²ßÒ:cf³·€‡ÍTþé¹+ë-&ÍdŸ§âÂX°GîŒ×ãúZÑìWêökùŸ™ÇŽO1–ÎqãËXKH‹š°1ØÒå5‡ +š&õž§ëëÜчõ +²Éáû^j/DÍRŠ“ €\ +²2 +‰§ÛÀ»Õ²]ù;!Qcæ•Ú°(œm®€þoVÀ& +n‰õÔÄå£Ééj¥"Lœ1ŸŸD=šwmÒOZK¹^,¡§E^Î?®Ží{J°h“<]üÌ)¬gÃÃ¥uäý,5pÐüÆ9ù`M9Š#—0'ºÆmî|œç¯`¥ +,ûJÜãþé%u +øÏ^×vL1¿õ@šrD,$áÍ€ +ã@% +îˆVŒù ÆþÉX&P엧éßZê¬?Þz—¥ÐÇ׹빧O3#JÿŽó&>Ìã/E}paËäEˆ¥j§ +–Ö¢+»h;B×Æ.Ú£ŠeôŒãŠÏ$S3¡€l™ýzÉGÎÈãM51ñ遉 +Q·¹ß1¬pړŠb•œ*žËÜE‘Û+`À +R%”aRwMºR8yDä5&T±ËbõéBŠ£ Xlµ$eÅug¥F-·$jÌeF +ш÷ògÃâèÙû~~åTËàCIÐùùÇpN2×Ju¿rÒŒžíØÙ}t[ýÆúº;Ñՙƒ=øÍ nÑÞ*b1pãÀ_³È6 +ëºa‡C +á(ç7ùÖ6Ÿ0À +šÔY.•ºÉ“ÏÜ4ŠŒMŠÁ©CxYœù«*?C*œMíyÒ×Ɓ§Û¶ì΋\œwI-ž¿]Åge±¬ÄÄM*é·³™tä6ŸÏÆgøB· ¹þ<·’Mh8·c¯ÓD»"£BǪµÙÆJPgb'¬:ÁCäÝBr§š3>@n +4~”Åip휃d +uf +DšD s6]ÖDß +**,NêŒG˙~ˆ +àƒmü[œ +Å×YL@š„úh™Ÿ¯á²0 + +ðüI­LD†¶ +Í0슗XjÑß²0dA‘³]hCè\嗂e¯‘ +’>ðT¿é "˜æš‘åßæ•'Œ (bÀÅR•Gˀs†€Ê¡µB’?ÏâäÉèCö6Šn*Îíñ}-jÍ0lÂÿ ‡xp–0Ÿ’ßm»è–Ž.úúºÐõè∁¬l:Üõ‰–óþŸÝ¶Ç *šÁw2 +qñ8/‹•·JB +ñzhúƒËù*3û²Šq[æŒáš¬ü×ft±’*Õ&€ætE“löýa*%'‰š² +wOäVÚ,æyØ2'œ”OŸÒÇ? +‘\œ+«ü>Ú»N Ä +̊–%™SLéỨ}éRß~Ošÿ[coùNšÎ&Î}8 YhsuvYDÌïmÙ«žy¥@eŽñC©Á¹?XÈä]dÿ +5^[ÛÓÕM +«ìä’>h +p"º] º +†§nÔÅåêŸ±Þ¯ÔÏ +30ãgœcÈÿ§æñàu”€MW +TÑAÕIžöÞÐfhít +†|ú%ÎÅÅò•%ü€šæ( + +uìf$ǐšå¹Ÿ¡ìòµõCé{NïF¢Ó:‰ê–µ±fÙÁš¡1ãÄ€»гΊIæ/O©Å'=ùhäÙZJ +z]•*·“ÖŸm&p,ÈIEj8]5ÄPDd[ŠÝ`z&á{ÿ +1ü.K + +׀¹âyN +žN­ä¡—u¹ƒ*v%õˆœëÓiàÌMÕt³dœ{BD‘Yd˜íË6ȭȘiÚ{£E79fÀ)üÓ m\,ÕnøC`(ºÉ + + ¥ºmYŒ-‰ñìXŠœ>Ÿ„L +Š€®FiÓ;áY8‰@)ŒYUMŒ¡±q +KìƒðœºÊOä")ۃ +£œ`ßQwn÷ ƒƒ» +ŽÿÖ!÷P¹ORihálÉwáç­ç€)¡ž +,gßp'3ŸSÎ=ÁfÐaŽ§HÚÑ>̏®Ä +ɗŽ@b3é=íIjkCÕÏ +ÏB‡p(^CWÚpPŸñåÔÁ@¶ +˜Þ5‚»š—îR¶µSÐmÈW`&T€ØCâ–(tT z1b}ÏY3„\œøôPÔª¥Çª(WÙý­ŸcŒÞÏÛÁ\ÈîÓPH³Øßè:©”yo¶ +k +ijÛ>Ug»1³ +ó*®ôçµÂÿ€ +°gAùíû¯æúèŒf +VAÏFºå’Îsm‰ï²E7J +¥ fñ'úqóMPÂËÆG+é‰-éÛßµéLq÷áÅžfû× ~2XŒ‡–‹†3P5NžœÖýTj­{üyöõîqJI +²öôøöŒyFº†§nwÚ¢±l0€ÍÅP9é©ðE +ª[o>mŸÝì?eNòÒf·c§£=2 “`d}ûêIHÔÝŽZ¢vVZŸSÞ?ÑÓøpç4"d))!f (ùÍÃ_G¡v4Ô%ÀÐ( +U¯€¿°¯„Þ«3؃WÑÙ0ïáÍ11—ƒSšŸŒ±˜í! +endstream +endobj +6491 0 obj << +/Type /FontDescriptor +/FontName /RGGNUJ+NimbusRomNo9L-ReguItal +/Flags 4 +/FontBBox [-169 -270 1010 924] +/Ascent 668 +/CapHeight 668 +/Descent -193 +/ItalicAngle -15 +/StemV 78 +/XHeight 441 +/CharSet (/A/B/C/D/E/F/G/H/I/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/a/at/b/bar/braceleft/braceright/bracketleft/bracketright/c/colon/comma/d/e/eight/emdash/equal/f/fi/five/fl/four/g/h/hyphen/i/j/k/l/m/n/nine/o/one/p/period/q/question/r/s/seven/six/slash/t/three/two/u/underscore/v/w/x/y/z/zero) +/FontFile 6490 0 R +>> endobj +6455 0 obj << +/Type /Encoding +/Differences [2/fi/fl 33/exclam/quotedbl/numbersign/dollar/percent/ampersand/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/asciicircum/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright/asciitilde 147/quotedblleft/quotedblright/bullet 151/emdash 169/copyright] +>> endobj +2489 0 obj << +/Type /Font +/Subtype /Type1 +/BaseFont /SYFPBV+CMMI10 +/FontDescriptor 6467 0 R +/FirstChar 60 +/LastChar 62 +/Widths 6452 0 R +>> endobj +1739 0 obj << +/Type /Font +/Subtype /Type1 +/BaseFont /ZRLUIR+CMMI8 +/FontDescriptor 6469 0 R +/FirstChar 60 +/LastChar 62 +/Widths 6453 0 R +>> endobj +1733 0 obj << +/Type /Font +/Subtype /Type1 +/BaseFont /YJCLWH+CMMI9 +/FontDescriptor 6471 0 R +/FirstChar 60 +/LastChar 62 +/Widths 6454 0 R +>> endobj +1265 0 obj << +/Type /Font +/Subtype /Type1 +/BaseFont /CLZSEX+NimbusMonL-Bold +/FontDescriptor 6473 0 R +/FirstChar 34 +/LastChar 124 +/Widths 6459 0 R +/Encoding 6455 0 R +>> endobj +1440 0 obj << +/Type /Font +/Subtype /Type1 +/BaseFont /QWJIRQ+NimbusMonL-BoldObli +/FontDescriptor 6475 0 R +/FirstChar 34 +/LastChar 126 +/Widths 6457 0 R +/Encoding 6455 0 R +>> endobj +1263 0 obj << +/Type /Font +/Subtype /Type1 +/BaseFont /LVEXIR+NimbusMonL-Regu +/FontDescriptor 6477 0 R +/FirstChar 33 +/LastChar 126 +/Widths 6460 0 R +/Encoding 6455 0 R +>> endobj +1676 0 obj << +/Type /Font +/Subtype /Type1 +/BaseFont /ZXHHQS+NimbusMonL-ReguObli +/FontDescriptor 6479 0 R +/FirstChar 47 +/LastChar 121 +/Widths 6456 0 R +/Encoding 6455 0 R +>> endobj +852 0 obj << +/Type /Font +/Subtype /Type1 +/BaseFont /YJQLLS+NimbusSanL-Bold +/FontDescriptor 6481 0 R +/FirstChar 2 +/LastChar 151 +/Widths 6465 0 R +/Encoding 6455 0 R +>> endobj +1258 0 obj << +/Type /Font +/Subtype /Type1 +/BaseFont /WVINGZ+NimbusSanL-Regu +/FontDescriptor 6483 0 R +/FirstChar 2 +/LastChar 151 +/Widths 6461 0 R +/Encoding 6455 0 R +>> endobj +1386 0 obj << +/Type /Font +/Subtype /Type1 +/BaseFont /OMGQCW+NimbusSanL-ReguItal +/FontDescriptor 6485 0 R +/FirstChar 2 +/LastChar 122 +/Widths 6458 0 R +/Encoding 6455 0 R +>> endobj +956 0 obj << +/Type /Font +/Subtype /Type1 +/BaseFont /XMKFCU+NimbusRomNo9L-Medi +/FontDescriptor 6487 0 R +/FirstChar 2 +/LastChar 151 +/Widths 6462 0 R +/Encoding 6455 0 R +>> endobj +858 0 obj << +/Type /Font +/Subtype /Type1 +/BaseFont /EXMKXM+NimbusRomNo9L-Regu +/FontDescriptor 6489 0 R +/FirstChar 2 +/LastChar 169 +/Widths 6464 0 R +/Encoding 6455 0 R +>> endobj +859 0 obj << +/Type /Font +/Subtype /Type1 +/BaseFont /RGGNUJ+NimbusRomNo9L-ReguItal +/FontDescriptor 6491 0 R +/FirstChar 2 +/LastChar 151 +/Widths 6463 0 R +/Encoding 6455 0 R +>> endobj +853 0 obj << +/Type /Pages +/Count 6 +/Parent 6492 0 R +/Kids [846 0 R 855 0 R 953 0 R 1097 0 R 1205 0 R 1240 0 R] +>> endobj +1289 0 obj << +/Type /Pages +/Count 6 +/Parent 6492 0 R +/Kids [1254 0 R 1291 0 R 1328 0 R 1369 0 R 1424 0 R 1479 0 R] +>> endobj +1562 0 obj << +/Type /Pages +/Count 6 +/Parent 6492 0 R +/Kids [1516 0 R 1566 0 R 1608 0 R 1650 0 R 1701 0 R 1724 0 R] +>> endobj +1790 0 obj << +/Type /Pages +/Count 6 +/Parent 6492 0 R +/Kids [1749 0 R 1792 0 R 1825 0 R 1877 0 R 1926 0 R 1940 0 R] +>> endobj +1994 0 obj << +/Type /Pages +/Count 6 +/Parent 6492 0 R +/Kids [1970 0 R 1996 0 R 2045 0 R 2080 0 R 2103 0 R 2135 0 R] +>> endobj +2200 0 obj << +/Type /Pages +/Count 6 +/Parent 6492 0 R +/Kids [2179 0 R 2202 0 R 2231 0 R 2268 0 R 2292 0 R 2320 0 R] +>> endobj +2388 0 obj << +/Type /Pages +/Count 6 +/Parent 6493 0 R +/Kids [2356 0 R 2391 0 R 2412 0 R 2447 0 R 2498 0 R 2520 0 R] +>> endobj +2563 0 obj << +/Type /Pages +/Count 6 +/Parent 6493 0 R +/Kids [2544 0 R 2565 0 R 2593 0 R 2612 0 R 2645 0 R 2663 0 R] +>> endobj +2730 0 obj << +/Type /Pages +/Count 6 +/Parent 6493 0 R +/Kids [2682 0 R 2732 0 R 2781 0 R 2818 0 R 2856 0 R 2895 0 R] +>> endobj +2964 0 obj << +/Type /Pages +/Count 6 +/Parent 6493 0 R +/Kids [2942 0 R 2968 0 R 3000 0 R 3032 0 R 3061 0 R 3103 0 R] +>> endobj +3149 0 obj << +/Type /Pages +/Count 6 +/Parent 6493 0 R +/Kids [3124 0 R 3151 0 R 3188 0 R 3216 0 R 3244 0 R 3261 0 R] +>> endobj +3319 0 obj << +/Type /Pages +/Count 6 +/Parent 6493 0 R +/Kids [3286 0 R 3321 0 R 3336 0 R 3366 0 R 3384 0 R 3396 0 R] +>> endobj +3435 0 obj << +/Type /Pages +/Count 6 +/Parent 6494 0 R +/Kids [3408 0 R 3437 0 R 3459 0 R 3488 0 R 3500 0 R 3528 0 R] +>> endobj +3591 0 obj << +/Type /Pages +/Count 6 +/Parent 6494 0 R +/Kids [3564 0 R 3593 0 R 3597 0 R 3627 0 R 3652 0 R 3673 0 R] +>> endobj +3711 0 obj << +/Type /Pages +/Count 6 +/Parent 6494 0 R +/Kids [3678 0 R 3713 0 R 3758 0 R 3799 0 R 3842 0 R 3864 0 R] +>> endobj +3937 0 obj << +/Type /Pages +/Count 6 +/Parent 6494 0 R +/Kids [3906 0 R 3939 0 R 3981 0 R 4012 0 R 4068 0 R 4102 0 R] +>> endobj +4169 0 obj << +/Type /Pages +/Count 6 +/Parent 6494 0 R +/Kids [4131 0 R 4171 0 R 4192 0 R 4220 0 R 4280 0 R 4299 0 R] +>> endobj +4354 0 obj << +/Type /Pages +/Count 6 +/Parent 6494 0 R +/Kids [4307 0 R 4356 0 R 4409 0 R 4421 0 R 4425 0 R 4468 0 R] +>> endobj +4556 0 obj << +/Type /Pages +/Count 6 +/Parent 6495 0 R +/Kids [4511 0 R 4558 0 R 4582 0 R 4591 0 R 4622 0 R 4669 0 R] +>> endobj +4722 0 obj << +/Type /Pages +/Count 6 +/Parent 6495 0 R +/Kids [4689 0 R 4724 0 R 4762 0 R 4815 0 R 4844 0 R 4872 0 R] +>> endobj +4939 0 obj << +/Type /Pages +/Count 6 +/Parent 6495 0 R +/Kids [4904 0 R 4941 0 R 4979 0 R 5018 0 R 5063 0 R 5075 0 R] +>> endobj +5144 0 obj << +/Type /Pages +/Count 6 +/Parent 6495 0 R +/Kids [5116 0 R 5146 0 R 5161 0 R 5178 0 R 5218 0 R 5261 0 R] +>> endobj +5333 0 obj << +/Type /Pages +/Count 6 +/Parent 6495 0 R +/Kids [5298 0 R 5337 0 R 5375 0 R 5414 0 R 5493 0 R 5575 0 R] +>> endobj +5615 0 obj << +/Type /Pages +/Count 6 +/Parent 6495 0 R +/Kids [5588 0 R 5620 0 R 5655 0 R 5707 0 R 5748 0 R 5794 0 R] +>> endobj +5870 0 obj << +/Type /Pages +/Count 6 +/Parent 6496 0 R +/Kids [5836 0 R 5872 0 R 5910 0 R 5955 0 R 5997 0 R 6042 0 R] +>> endobj +6146 0 obj << +/Type /Pages +/Count 6 +/Parent 6496 0 R +/Kids [6094 0 R 6148 0 R 6205 0 R 6250 0 R 6296 0 R 6321 0 R] +>> endobj +6409 0 obj << +/Type /Pages +/Count 2 +/Parent 6496 0 R +/Kids [6362 0 R 6411 0 R] +>> endobj +6492 0 obj << +/Type /Pages +/Count 36 +/Parent 6497 0 R +/Kids [853 0 R 1289 0 R 1562 0 R 1790 0 R 1994 0 R 2200 0 R] +>> endobj +6493 0 obj << +/Type /Pages +/Count 36 +/Parent 6497 0 R +/Kids [2388 0 R 2563 0 R 2730 0 R 2964 0 R 3149 0 R 3319 0 R] +>> endobj +6494 0 obj << +/Type /Pages +/Count 36 +/Parent 6497 0 R +/Kids [3435 0 R 3591 0 R 3711 0 R 3937 0 R 4169 0 R 4354 0 R] +>> endobj +6495 0 obj << +/Type /Pages +/Count 36 +/Parent 6497 0 R +/Kids [4556 0 R 4722 0 R 4939 0 R 5144 0 R 5333 0 R 5615 0 R] +>> endobj +6496 0 obj << +/Type /Pages +/Count 14 +/Parent 6497 0 R +/Kids [5870 0 R 6146 0 R 6409 0 R] +>> endobj +6497 0 obj << +/Type /Pages +/Count 158 +/Kids [6492 0 R 6493 0 R 6494 0 R 6495 0 R 6496 0 R] +>> endobj +6498 0 obj << +/Type /Outlines +/First 3 0 R +/Last 831 0 R +/Count 17 +>> endobj +843 0 obj << +/Title 844 0 R +/A 841 0 R +/Parent 831 0 R +/Prev 839 0 R +>> endobj +839 0 obj << +/Title 840 0 R +/A 837 0 R +/Parent 831 0 R +/Prev 835 0 R +/Next 843 0 R +>> endobj +835 0 obj << +/Title 836 0 R +/A 833 0 R +/Parent 831 0 R +/Next 839 0 R +>> endobj +831 0 obj << +/Title 832 0 R +/A 829 0 R +/Parent 6498 0 R +/Prev 759 0 R +/First 835 0 R +/Last 843 0 R +/Count -3 +>> endobj +827 0 obj << +/Title 828 0 R +/A 825 0 R +/Parent 759 0 R +/Prev 823 0 R +>> endobj +823 0 obj << +/Title 824 0 R +/A 821 0 R +/Parent 759 0 R +/Prev 819 0 R +/Next 827 0 R +>> endobj +819 0 obj << +/Title 820 0 R +/A 817 0 R +/Parent 759 0 R +/Prev 815 0 R +/Next 823 0 R +>> endobj +815 0 obj << +/Title 816 0 R +/A 813 0 R +/Parent 759 0 R +/Prev 811 0 R +/Next 819 0 R +>> endobj +811 0 obj << +/Title 812 0 R +/A 809 0 R +/Parent 759 0 R +/Prev 807 0 R +/Next 815 0 R +>> endobj +807 0 obj << +/Title 808 0 R +/A 805 0 R +/Parent 759 0 R +/Prev 803 0 R +/Next 811 0 R +>> endobj +803 0 obj << +/Title 804 0 R +/A 801 0 R +/Parent 759 0 R +/Prev 799 0 R +/Next 807 0 R +>> endobj +799 0 obj << +/Title 800 0 R +/A 797 0 R +/Parent 759 0 R +/Prev 795 0 R +/Next 803 0 R +>> endobj +795 0 obj << +/Title 796 0 R +/A 793 0 R +/Parent 759 0 R +/Prev 791 0 R +/Next 799 0 R +>> endobj +791 0 obj << +/Title 792 0 R +/A 789 0 R +/Parent 759 0 R +/Prev 787 0 R +/Next 795 0 R +>> endobj +787 0 obj << +/Title 788 0 R +/A 785 0 R +/Parent 759 0 R +/Prev 783 0 R +/Next 791 0 R +>> endobj +783 0 obj << +/Title 784 0 R +/A 781 0 R +/Parent 759 0 R +/Prev 779 0 R +/Next 787 0 R +>> endobj +779 0 obj << +/Title 780 0 R +/A 777 0 R +/Parent 759 0 R +/Prev 775 0 R +/Next 783 0 R +>> endobj +775 0 obj << +/Title 776 0 R +/A 773 0 R +/Parent 759 0 R +/Prev 771 0 R +/Next 779 0 R +>> endobj +771 0 obj << +/Title 772 0 R +/A 769 0 R +/Parent 759 0 R +/Prev 763 0 R +/Next 775 0 R +>> endobj +767 0 obj << +/Title 768 0 R +/A 765 0 R +/Parent 763 0 R +>> endobj +763 0 obj << +/Title 764 0 R +/A 761 0 R +/Parent 759 0 R +/Next 771 0 R +/First 767 0 R +/Last 767 0 R +/Count -1 +>> endobj +759 0 obj << +/Title 760 0 R +/A 757 0 R +/Parent 6498 0 R +/Prev 743 0 R +/Next 831 0 R +/First 763 0 R +/Last 827 0 R +/Count -16 +>> endobj +755 0 obj << +/Title 756 0 R +/A 753 0 R +/Parent 743 0 R +/Prev 751 0 R +>> endobj +751 0 obj << +/Title 752 0 R +/A 749 0 R +/Parent 743 0 R +/Prev 747 0 R +/Next 755 0 R +>> endobj +747 0 obj << +/Title 748 0 R +/A 745 0 R +/Parent 743 0 R +/Next 751 0 R +>> endobj +743 0 obj << +/Title 744 0 R +/A 741 0 R +/Parent 6498 0 R +/Prev 719 0 R +/Next 759 0 R +/First 747 0 R +/Last 755 0 R +/Count -3 +>> endobj +739 0 obj << +/Title 740 0 R +/A 737 0 R +/Parent 719 0 R +/Prev 735 0 R +>> endobj +735 0 obj << +/Title 736 0 R +/A 733 0 R +/Parent 719 0 R +/Prev 731 0 R +/Next 739 0 R +>> endobj +731 0 obj << +/Title 732 0 R +/A 729 0 R +/Parent 719 0 R +/Prev 727 0 R +/Next 735 0 R +>> endobj +727 0 obj << +/Title 728 0 R +/A 725 0 R +/Parent 719 0 R +/Prev 723 0 R +/Next 731 0 R +>> endobj +723 0 obj << +/Title 724 0 R +/A 721 0 R +/Parent 719 0 R +/Next 727 0 R +>> endobj +719 0 obj << +/Title 720 0 R +/A 717 0 R +/Parent 6498 0 R +/Prev 695 0 R +/Next 743 0 R +/First 723 0 R +/Last 739 0 R +/Count -5 +>> endobj +715 0 obj << +/Title 716 0 R +/A 713 0 R +/Parent 695 0 R +/Prev 711 0 R +>> endobj +711 0 obj << +/Title 712 0 R +/A 709 0 R +/Parent 695 0 R +/Prev 707 0 R +/Next 715 0 R +>> endobj +707 0 obj << +/Title 708 0 R +/A 705 0 R +/Parent 695 0 R +/Prev 703 0 R +/Next 711 0 R +>> endobj +703 0 obj << +/Title 704 0 R +/A 701 0 R +/Parent 695 0 R +/Prev 699 0 R +/Next 707 0 R +>> endobj +699 0 obj << +/Title 700 0 R +/A 697 0 R +/Parent 695 0 R +/Next 703 0 R +>> endobj +695 0 obj << +/Title 696 0 R +/A 693 0 R +/Parent 6498 0 R +/Prev 551 0 R +/Next 719 0 R +/First 699 0 R +/Last 715 0 R +/Count -5 +>> endobj +691 0 obj << +/Title 692 0 R +/A 689 0 R +/Parent 663 0 R +/Prev 687 0 R +>> endobj +687 0 obj << +/Title 688 0 R +/A 685 0 R +/Parent 663 0 R +/Prev 683 0 R +/Next 691 0 R +>> endobj +683 0 obj << +/Title 684 0 R +/A 681 0 R +/Parent 663 0 R +/Prev 679 0 R +/Next 687 0 R +>> endobj +679 0 obj << +/Title 680 0 R +/A 677 0 R +/Parent 663 0 R +/Prev 667 0 R +/Next 683 0 R +>> endobj +675 0 obj << +/Title 676 0 R +/A 673 0 R +/Parent 667 0 R +/Prev 671 0 R +>> endobj +671 0 obj << +/Title 672 0 R +/A 669 0 R +/Parent 667 0 R +/Next 675 0 R +>> endobj +667 0 obj << +/Title 668 0 R +/A 665 0 R +/Parent 663 0 R +/Next 679 0 R +/First 671 0 R +/Last 675 0 R +/Count -2 +>> endobj +663 0 obj << +/Title 664 0 R +/A 661 0 R +/Parent 551 0 R +/Prev 555 0 R +/First 667 0 R +/Last 691 0 R +/Count -5 +>> endobj +659 0 obj << +/Title 660 0 R +/A 657 0 R +/Parent 555 0 R +/Prev 651 0 R +>> endobj +655 0 obj << +/Title 656 0 R +/A 653 0 R +/Parent 651 0 R +>> endobj +651 0 obj << +/Title 652 0 R +/A 649 0 R +/Parent 555 0 R +/Prev 643 0 R +/Next 659 0 R +/First 655 0 R +/Last 655 0 R +/Count -1 +>> endobj +647 0 obj << +/Title 648 0 R +/A 645 0 R +/Parent 643 0 R +>> endobj +643 0 obj << +/Title 644 0 R +/A 641 0 R +/Parent 555 0 R +/Prev 635 0 R +/Next 651 0 R +/First 647 0 R +/Last 647 0 R +/Count -1 +>> endobj +639 0 obj << +/Title 640 0 R +/A 637 0 R +/Parent 635 0 R +>> endobj +635 0 obj << +/Title 636 0 R +/A 633 0 R +/Parent 555 0 R +/Prev 627 0 R +/Next 643 0 R +/First 639 0 R +/Last 639 0 R +/Count -1 +>> endobj +631 0 obj << +/Title 632 0 R +/A 629 0 R +/Parent 627 0 R +>> endobj +627 0 obj << +/Title 628 0 R +/A 625 0 R +/Parent 555 0 R +/Prev 619 0 R +/Next 635 0 R +/First 631 0 R +/Last 631 0 R +/Count -1 +>> endobj +623 0 obj << +/Title 624 0 R +/A 621 0 R +/Parent 619 0 R +>> endobj +619 0 obj << +/Title 620 0 R +/A 617 0 R +/Parent 555 0 R +/Prev 611 0 R +/Next 627 0 R +/First 623 0 R +/Last 623 0 R +/Count -1 +>> endobj +615 0 obj << +/Title 616 0 R +/A 613 0 R +/Parent 611 0 R +>> endobj +611 0 obj << +/Title 612 0 R +/A 609 0 R +/Parent 555 0 R +/Prev 603 0 R +/Next 619 0 R +/First 615 0 R +/Last 615 0 R +/Count -1 +>> endobj +607 0 obj << +/Title 608 0 R +/A 605 0 R +/Parent 603 0 R +>> endobj +603 0 obj << +/Title 604 0 R +/A 601 0 R +/Parent 555 0 R +/Prev 595 0 R +/Next 611 0 R +/First 607 0 R +/Last 607 0 R +/Count -1 +>> endobj +599 0 obj << +/Title 600 0 R +/A 597 0 R +/Parent 595 0 R +>> endobj +595 0 obj << +/Title 596 0 R +/A 593 0 R +/Parent 555 0 R +/Prev 575 0 R +/Next 603 0 R +/First 599 0 R +/Last 599 0 R +/Count -1 +>> endobj +591 0 obj << +/Title 592 0 R +/A 589 0 R +/Parent 575 0 R +/Prev 587 0 R +>> endobj +587 0 obj << +/Title 588 0 R +/A 585 0 R +/Parent 575 0 R +/Prev 583 0 R +/Next 591 0 R +>> endobj +583 0 obj << +/Title 584 0 R +/A 581 0 R +/Parent 575 0 R +/Prev 579 0 R +/Next 587 0 R +>> endobj +579 0 obj << +/Title 580 0 R +/A 577 0 R +/Parent 575 0 R +/Next 583 0 R +>> endobj +575 0 obj << +/Title 576 0 R +/A 573 0 R +/Parent 555 0 R +/Prev 563 0 R +/Next 595 0 R +/First 579 0 R +/Last 591 0 R +/Count -4 +>> endobj +571 0 obj << +/Title 572 0 R +/A 569 0 R +/Parent 563 0 R +/Prev 567 0 R +>> endobj +567 0 obj << +/Title 568 0 R +/A 565 0 R +/Parent 563 0 R +/Next 571 0 R +>> endobj +563 0 obj << +/Title 564 0 R +/A 561 0 R +/Parent 555 0 R +/Prev 559 0 R +/Next 575 0 R +/First 567 0 R +/Last 571 0 R +/Count -2 +>> endobj +559 0 obj << +/Title 560 0 R +/A 557 0 R +/Parent 555 0 R +/Next 563 0 R +>> endobj +555 0 obj << +/Title 556 0 R +/A 553 0 R +/Parent 551 0 R +/Next 663 0 R +/First 559 0 R +/Last 659 0 R +/Count -12 +>> endobj +551 0 obj << +/Title 552 0 R +/A 549 0 R +/Parent 6498 0 R +/Prev 535 0 R +/Next 695 0 R +/First 555 0 R +/Last 663 0 R +/Count -2 +>> endobj +547 0 obj << +/Title 548 0 R +/A 545 0 R +/Parent 535 0 R +/Prev 539 0 R +>> endobj +543 0 obj << +/Title 544 0 R +/A 541 0 R +/Parent 539 0 R +>> endobj +539 0 obj << +/Title 540 0 R +/A 537 0 R +/Parent 535 0 R +/Next 547 0 R +/First 543 0 R +/Last 543 0 R +/Count -1 +>> endobj +535 0 obj << +/Title 536 0 R +/A 533 0 R +/Parent 6498 0 R +/Prev 527 0 R +/Next 551 0 R +/First 539 0 R +/Last 547 0 R +/Count -2 +>> endobj +531 0 obj << +/Title 532 0 R +/A 529 0 R +/Parent 527 0 R +>> endobj +527 0 obj << +/Title 528 0 R +/A 525 0 R +/Parent 6498 0 R +/Prev 507 0 R +/Next 535 0 R +/First 531 0 R +/Last 531 0 R +/Count -1 +>> endobj +523 0 obj << +/Title 524 0 R +/A 521 0 R +/Parent 519 0 R +>> endobj +519 0 obj << +/Title 520 0 R +/A 517 0 R +/Parent 507 0 R +/Prev 515 0 R +/First 523 0 R +/Last 523 0 R +/Count -1 +>> endobj +515 0 obj << +/Title 516 0 R +/A 513 0 R +/Parent 507 0 R +/Prev 511 0 R +/Next 519 0 R +>> endobj +511 0 obj << +/Title 512 0 R +/A 509 0 R +/Parent 507 0 R +/Next 515 0 R +>> endobj +507 0 obj << +/Title 508 0 R +/A 505 0 R +/Parent 6498 0 R +/Prev 431 0 R +/Next 527 0 R +/First 511 0 R +/Last 519 0 R +/Count -3 +>> endobj +503 0 obj << +/Title 504 0 R +/A 501 0 R +/Parent 431 0 R +/Prev 499 0 R +>> endobj +499 0 obj << +/Title 500 0 R +/A 497 0 R +/Parent 431 0 R +/Prev 495 0 R +/Next 503 0 R +>> endobj +495 0 obj << +/Title 496 0 R +/A 493 0 R +/Parent 431 0 R +/Prev 483 0 R +/Next 499 0 R +>> endobj +491 0 obj << +/Title 492 0 R +/A 489 0 R +/Parent 483 0 R +/Prev 487 0 R +>> endobj +487 0 obj << +/Title 488 0 R +/A 485 0 R +/Parent 483 0 R +/Next 491 0 R +>> endobj +483 0 obj << +/Title 484 0 R +/A 481 0 R +/Parent 431 0 R +/Prev 479 0 R +/Next 495 0 R +/First 487 0 R +/Last 491 0 R +/Count -2 +>> endobj +479 0 obj << +/Title 480 0 R +/A 477 0 R +/Parent 431 0 R +/Prev 475 0 R +/Next 483 0 R +>> endobj +475 0 obj << +/Title 476 0 R +/A 473 0 R +/Parent 431 0 R +/Prev 471 0 R +/Next 479 0 R +>> endobj +471 0 obj << +/Title 472 0 R +/A 469 0 R +/Parent 431 0 R +/Prev 467 0 R +/Next 475 0 R +>> endobj +467 0 obj << +/Title 468 0 R +/A 465 0 R +/Parent 431 0 R +/Prev 463 0 R +/Next 471 0 R +>> endobj +463 0 obj << +/Title 464 0 R +/A 461 0 R +/Parent 431 0 R +/Prev 451 0 R +/Next 467 0 R +>> endobj +459 0 obj << +/Title 460 0 R +/A 457 0 R +/Parent 451 0 R +/Prev 455 0 R +>> endobj +455 0 obj << +/Title 456 0 R +/A 453 0 R +/Parent 451 0 R +/Next 459 0 R +>> endobj +451 0 obj << +/Title 452 0 R +/A 449 0 R +/Parent 431 0 R +/Prev 447 0 R +/Next 463 0 R +/First 455 0 R +/Last 459 0 R +/Count -2 +>> endobj +447 0 obj << +/Title 448 0 R +/A 445 0 R +/Parent 431 0 R +/Prev 443 0 R +/Next 451 0 R +>> endobj +443 0 obj << +/Title 444 0 R +/A 441 0 R +/Parent 431 0 R +/Prev 439 0 R +/Next 447 0 R +>> endobj +439 0 obj << +/Title 440 0 R +/A 437 0 R +/Parent 431 0 R +/Prev 435 0 R +/Next 443 0 R +>> endobj +435 0 obj << +/Title 436 0 R +/A 433 0 R +/Parent 431 0 R +/Next 439 0 R +>> endobj +431 0 obj << +/Title 432 0 R +/A 429 0 R +/Parent 6498 0 R +/Prev 247 0 R +/Next 507 0 R +/First 435 0 R +/Last 503 0 R +/Count -14 +>> endobj +427 0 obj << +/Title 428 0 R +/A 425 0 R +/Parent 419 0 R +/Prev 423 0 R +>> endobj +423 0 obj << +/Title 424 0 R +/A 421 0 R +/Parent 419 0 R +/Next 427 0 R +>> endobj +419 0 obj << +/Title 420 0 R +/A 417 0 R +/Parent 247 0 R +/Prev 415 0 R +/First 423 0 R +/Last 427 0 R +/Count -2 +>> endobj +415 0 obj << +/Title 416 0 R +/A 413 0 R +/Parent 247 0 R +/Prev 411 0 R +/Next 419 0 R +>> endobj +411 0 obj << +/Title 412 0 R +/A 409 0 R +/Parent 247 0 R +/Prev 399 0 R +/Next 415 0 R +>> endobj +407 0 obj << +/Title 408 0 R +/A 405 0 R +/Parent 399 0 R +/Prev 403 0 R +>> endobj +403 0 obj << +/Title 404 0 R +/A 401 0 R +/Parent 399 0 R +/Next 407 0 R +>> endobj +399 0 obj << +/Title 400 0 R +/A 397 0 R +/Parent 247 0 R +/Prev 387 0 R +/Next 411 0 R +/First 403 0 R +/Last 407 0 R +/Count -2 +>> endobj +395 0 obj << +/Title 396 0 R +/A 393 0 R +/Parent 387 0 R +/Prev 391 0 R +>> endobj +391 0 obj << +/Title 392 0 R +/A 389 0 R +/Parent 387 0 R +/Next 395 0 R +>> endobj +387 0 obj << +/Title 388 0 R +/A 385 0 R +/Parent 247 0 R +/Prev 379 0 R +/Next 399 0 R +/First 391 0 R +/Last 395 0 R +/Count -2 +>> endobj +383 0 obj << +/Title 384 0 R +/A 381 0 R +/Parent 379 0 R +>> endobj +379 0 obj << +/Title 380 0 R +/A 377 0 R +/Parent 247 0 R +/Prev 375 0 R +/Next 387 0 R +/First 383 0 R +/Last 383 0 R +/Count -1 +>> endobj +375 0 obj << +/Title 376 0 R +/A 373 0 R +/Parent 247 0 R +/Prev 371 0 R +/Next 379 0 R +>> endobj +371 0 obj << +/Title 372 0 R +/A 369 0 R +/Parent 247 0 R +/Prev 367 0 R +/Next 375 0 R +>> endobj +367 0 obj << +/Title 368 0 R +/A 365 0 R +/Parent 247 0 R +/Prev 347 0 R +/Next 371 0 R +>> endobj +363 0 obj << +/Title 364 0 R +/A 361 0 R +/Parent 347 0 R +/Prev 359 0 R +>> endobj +359 0 obj << +/Title 360 0 R +/A 357 0 R +/Parent 347 0 R +/Prev 355 0 R +/Next 363 0 R +>> endobj +355 0 obj << +/Title 356 0 R +/A 353 0 R +/Parent 347 0 R +/Prev 351 0 R +/Next 359 0 R +>> endobj +351 0 obj << +/Title 352 0 R +/A 349 0 R +/Parent 347 0 R +/Next 355 0 R +>> endobj +347 0 obj << +/Title 348 0 R +/A 345 0 R +/Parent 247 0 R +/Prev 335 0 R +/Next 367 0 R +/First 351 0 R +/Last 363 0 R +/Count -4 +>> endobj +343 0 obj << +/Title 344 0 R +/A 341 0 R +/Parent 335 0 R +/Prev 339 0 R +>> endobj +339 0 obj << +/Title 340 0 R +/A 337 0 R +/Parent 335 0 R +/Next 343 0 R +>> endobj +335 0 obj << +/Title 336 0 R +/A 333 0 R +/Parent 247 0 R +/Prev 331 0 R +/Next 347 0 R +/First 339 0 R +/Last 343 0 R +/Count -2 +>> endobj +331 0 obj << +/Title 332 0 R +/A 329 0 R +/Parent 247 0 R +/Prev 327 0 R +/Next 335 0 R +>> endobj +327 0 obj << +/Title 328 0 R +/A 325 0 R +/Parent 247 0 R +/Prev 319 0 R +/Next 331 0 R +>> endobj +323 0 obj << +/Title 324 0 R +/A 321 0 R +/Parent 319 0 R +>> endobj +319 0 obj << +/Title 320 0 R +/A 317 0 R +/Parent 247 0 R +/Prev 315 0 R +/Next 327 0 R +/First 323 0 R +/Last 323 0 R +/Count -1 +>> endobj +315 0 obj << +/Title 316 0 R +/A 313 0 R +/Parent 247 0 R +/Prev 263 0 R +/Next 319 0 R +>> endobj +311 0 obj << +/Title 312 0 R +/A 309 0 R +/Parent 263 0 R +/Prev 307 0 R +>> endobj +307 0 obj << +/Title 308 0 R +/A 305 0 R +/Parent 263 0 R +/Prev 303 0 R +/Next 311 0 R +>> endobj +303 0 obj << +/Title 304 0 R +/A 301 0 R +/Parent 263 0 R +/Prev 299 0 R +/Next 307 0 R +>> endobj +299 0 obj << +/Title 300 0 R +/A 297 0 R +/Parent 263 0 R +/Prev 291 0 R +/Next 303 0 R +>> endobj +295 0 obj << +/Title 296 0 R +/A 293 0 R +/Parent 291 0 R +>> endobj +291 0 obj << +/Title 292 0 R +/A 289 0 R +/Parent 263 0 R +/Prev 287 0 R +/Next 299 0 R +/First 295 0 R +/Last 295 0 R +/Count -1 +>> endobj +287 0 obj << +/Title 288 0 R +/A 285 0 R +/Parent 263 0 R +/Prev 283 0 R +/Next 291 0 R +>> endobj +283 0 obj << +/Title 284 0 R +/A 281 0 R +/Parent 263 0 R +/Prev 279 0 R +/Next 287 0 R +>> endobj +279 0 obj << +/Title 280 0 R +/A 277 0 R +/Parent 263 0 R +/Prev 271 0 R +/Next 283 0 R +>> endobj +275 0 obj << +/Title 276 0 R +/A 273 0 R +/Parent 271 0 R +>> endobj +271 0 obj << +/Title 272 0 R +/A 269 0 R +/Parent 263 0 R +/Prev 267 0 R +/Next 279 0 R +/First 275 0 R +/Last 275 0 R +/Count -1 +>> endobj +267 0 obj << +/Title 268 0 R +/A 265 0 R +/Parent 263 0 R +/Next 271 0 R +>> endobj +263 0 obj << +/Title 264 0 R +/A 261 0 R +/Parent 247 0 R +/Prev 259 0 R +/Next 315 0 R +/First 267 0 R +/Last 311 0 R +/Count -10 +>> endobj +259 0 obj << +/Title 260 0 R +/A 257 0 R +/Parent 247 0 R +/Prev 255 0 R +/Next 263 0 R +>> endobj +255 0 obj << +/Title 256 0 R +/A 253 0 R +/Parent 247 0 R +/Prev 251 0 R +/Next 259 0 R +>> endobj +251 0 obj << +/Title 252 0 R +/A 249 0 R +/Parent 247 0 R +/Next 255 0 R +>> endobj +247 0 obj << +/Title 248 0 R +/A 245 0 R +/Parent 6498 0 R +/Prev 151 0 R +/Next 431 0 R +/First 251 0 R +/Last 419 0 R +/Count -19 +>> endobj +243 0 obj << +/Title 244 0 R +/A 241 0 R +/Parent 231 0 R +/Prev 239 0 R +>> endobj +239 0 obj << +/Title 240 0 R +/A 237 0 R +/Parent 231 0 R +/Prev 235 0 R +/Next 243 0 R +>> endobj +235 0 obj << +/Title 236 0 R +/A 233 0 R +/Parent 231 0 R +/Next 239 0 R +>> endobj +231 0 obj << +/Title 232 0 R +/A 229 0 R +/Parent 151 0 R +/Prev 227 0 R +/First 235 0 R +/Last 243 0 R +/Count -3 +>> endobj +227 0 obj << +/Title 228 0 R +/A 225 0 R +/Parent 151 0 R +/Prev 223 0 R +/Next 231 0 R +>> endobj +223 0 obj << +/Title 224 0 R +/A 221 0 R +/Parent 151 0 R +/Prev 207 0 R +/Next 227 0 R +>> endobj +219 0 obj << +/Title 220 0 R +/A 217 0 R +/Parent 207 0 R +/Prev 215 0 R +>> endobj +215 0 obj << +/Title 216 0 R +/A 213 0 R +/Parent 207 0 R +/Prev 211 0 R +/Next 219 0 R +>> endobj +211 0 obj << +/Title 212 0 R +/A 209 0 R +/Parent 207 0 R +/Next 215 0 R +>> endobj +207 0 obj << +/Title 208 0 R +/A 205 0 R +/Parent 151 0 R +/Prev 203 0 R +/Next 223 0 R +/First 211 0 R +/Last 219 0 R +/Count -3 +>> endobj +203 0 obj << +/Title 204 0 R +/A 201 0 R +/Parent 151 0 R +/Prev 199 0 R +/Next 207 0 R +>> endobj +199 0 obj << +/Title 200 0 R +/A 197 0 R +/Parent 151 0 R +/Prev 191 0 R +/Next 203 0 R +>> endobj +195 0 obj << +/Title 196 0 R +/A 193 0 R +/Parent 191 0 R +>> endobj +191 0 obj << +/Title 192 0 R +/A 189 0 R +/Parent 151 0 R +/Prev 183 0 R +/Next 199 0 R +/First 195 0 R +/Last 195 0 R +/Count -1 +>> endobj +187 0 obj << +/Title 188 0 R +/A 185 0 R +/Parent 183 0 R +>> endobj +183 0 obj << +/Title 184 0 R +/A 181 0 R +/Parent 151 0 R +/Prev 175 0 R +/Next 191 0 R +/First 187 0 R +/Last 187 0 R +/Count -1 +>> endobj +179 0 obj << +/Title 180 0 R +/A 177 0 R +/Parent 175 0 R +>> endobj +175 0 obj << +/Title 176 0 R +/A 173 0 R +/Parent 151 0 R +/Prev 171 0 R +/Next 183 0 R +/First 179 0 R +/Last 179 0 R +/Count -1 +>> endobj +171 0 obj << +/Title 172 0 R +/A 169 0 R +/Parent 151 0 R +/Prev 167 0 R +/Next 175 0 R +>> endobj +167 0 obj << +/Title 168 0 R +/A 165 0 R +/Parent 151 0 R +/Prev 155 0 R +/Next 171 0 R +>> endobj +163 0 obj << +/Title 164 0 R +/A 161 0 R +/Parent 155 0 R +/Prev 159 0 R +>> endobj +159 0 obj << +/Title 160 0 R +/A 157 0 R +/Parent 155 0 R +/Next 163 0 R +>> endobj +155 0 obj << +/Title 156 0 R +/A 153 0 R +/Parent 151 0 R +/Next 167 0 R +/First 159 0 R +/Last 163 0 R +/Count -2 +>> endobj +151 0 obj << +/Title 152 0 R +/A 149 0 R +/Parent 6498 0 R +/Prev 103 0 R +/Next 247 0 R +/First 155 0 R +/Last 231 0 R +/Count -12 +>> endobj +147 0 obj << +/Title 148 0 R +/A 145 0 R +/Parent 103 0 R +/Prev 143 0 R +>> endobj +143 0 obj << +/Title 144 0 R +/A 141 0 R +/Parent 103 0 R +/Prev 139 0 R +/Next 147 0 R +>> endobj +139 0 obj << +/Title 140 0 R +/A 137 0 R +/Parent 103 0 R +/Prev 135 0 R +/Next 143 0 R +>> endobj +135 0 obj << +/Title 136 0 R +/A 133 0 R +/Parent 103 0 R +/Prev 131 0 R +/Next 139 0 R +>> endobj +131 0 obj << +/Title 132 0 R +/A 129 0 R +/Parent 103 0 R +/Prev 127 0 R +/Next 135 0 R +>> endobj +127 0 obj << +/Title 128 0 R +/A 125 0 R +/Parent 103 0 R +/Prev 123 0 R +/Next 131 0 R +>> endobj +123 0 obj << +/Title 124 0 R +/A 121 0 R +/Parent 103 0 R +/Prev 119 0 R +/Next 127 0 R +>> endobj +119 0 obj << +/Title 120 0 R +/A 117 0 R +/Parent 103 0 R +/Prev 115 0 R +/Next 123 0 R +>> endobj +115 0 obj << +/Title 116 0 R +/A 113 0 R +/Parent 103 0 R +/Prev 111 0 R +/Next 119 0 R +>> endobj +111 0 obj << +/Title 112 0 R +/A 109 0 R +/Parent 103 0 R +/Prev 107 0 R +/Next 115 0 R +>> endobj +107 0 obj << +/Title 108 0 R +/A 105 0 R +/Parent 103 0 R +/Next 111 0 R +>> endobj +103 0 obj << +/Title 104 0 R +/A 101 0 R +/Parent 6498 0 R +/Prev 15 0 R +/Next 151 0 R +/First 107 0 R +/Last 147 0 R +/Count -11 +>> endobj +99 0 obj << +/Title 100 0 R +/A 97 0 R +/Parent 15 0 R +/Prev 63 0 R +>> endobj +95 0 obj << +/Title 96 0 R +/A 93 0 R +/Parent 87 0 R +/Prev 91 0 R +>> endobj +91 0 obj << +/Title 92 0 R +/A 89 0 R +/Parent 87 0 R +/Next 95 0 R +>> endobj +87 0 obj << +/Title 88 0 R +/A 85 0 R +/Parent 63 0 R +/Prev 75 0 R +/First 91 0 R +/Last 95 0 R +/Count -2 +>> endobj +83 0 obj << +/Title 84 0 R +/A 81 0 R +/Parent 75 0 R +/Prev 79 0 R +>> endobj +79 0 obj << +/Title 80 0 R +/A 77 0 R +/Parent 75 0 R +/Next 83 0 R +>> endobj +75 0 obj << +/Title 76 0 R +/A 73 0 R +/Parent 63 0 R +/Prev 71 0 R +/Next 87 0 R +/First 79 0 R +/Last 83 0 R +/Count -2 +>> endobj +71 0 obj << +/Title 72 0 R +/A 69 0 R +/Parent 63 0 R +/Prev 67 0 R +/Next 75 0 R +>> endobj +67 0 obj << +/Title 68 0 R +/A 65 0 R +/Parent 63 0 R +/Next 71 0 R +>> endobj +63 0 obj << +/Title 64 0 R +/A 61 0 R +/Parent 15 0 R +/Prev 59 0 R +/Next 99 0 R +/First 67 0 R +/Last 87 0 R +/Count -4 +>> endobj +59 0 obj << +/Title 60 0 R +/A 57 0 R +/Parent 15 0 R +/Prev 55 0 R +/Next 63 0 R +>> endobj +55 0 obj << +/Title 56 0 R +/A 53 0 R +/Parent 15 0 R +/Prev 51 0 R +/Next 59 0 R +>> endobj +51 0 obj << +/Title 52 0 R +/A 49 0 R +/Parent 15 0 R +/Prev 43 0 R +/Next 55 0 R +>> endobj +47 0 obj << +/Title 48 0 R +/A 45 0 R +/Parent 43 0 R +>> endobj +43 0 obj << +/Title 44 0 R +/A 41 0 R +/Parent 15 0 R +/Prev 39 0 R +/Next 51 0 R +/First 47 0 R +/Last 47 0 R +/Count -1 +>> endobj +39 0 obj << +/Title 40 0 R +/A 37 0 R +/Parent 15 0 R +/Prev 31 0 R +/Next 43 0 R +>> endobj +35 0 obj << +/Title 36 0 R +/A 33 0 R +/Parent 31 0 R +>> endobj +31 0 obj << +/Title 32 0 R +/A 29 0 R +/Parent 15 0 R +/Prev 27 0 R +/Next 39 0 R +/First 35 0 R +/Last 35 0 R +/Count -1 +>> endobj +27 0 obj << +/Title 28 0 R +/A 25 0 R +/Parent 15 0 R +/Prev 23 0 R +/Next 31 0 R +>> endobj +23 0 obj << +/Title 24 0 R +/A 21 0 R +/Parent 15 0 R +/Prev 19 0 R +/Next 27 0 R +>> endobj +19 0 obj << +/Title 20 0 R +/A 17 0 R +/Parent 15 0 R +/Next 23 0 R +>> endobj +15 0 obj << +/Title 16 0 R +/A 13 0 R +/Parent 6498 0 R +/Prev 11 0 R +/Next 103 0 R +/First 19 0 R +/Last 99 0 R +/Count -11 +>> endobj +11 0 obj << +/Title 12 0 R +/A 9 0 R +/Parent 6498 0 R +/Prev 7 0 R +/Next 15 0 R +>> endobj +7 0 obj << +/Title 8 0 R +/A 5 0 R +/Parent 6498 0 R +/Prev 3 0 R +/Next 11 0 R +>> endobj +3 0 obj << +/Title 4 0 R +/A 1 0 R +/Parent 6498 0 R +/Next 7 0 R +>> endobj +6499 0 obj << +/Names [(0:1007) 2063 0 R (0:1008) 2064 0 R (0:1009) 2065 0 R (0:101) 1294 0 R (0:1010) 2066 0 R (0:1011) 2067 0 R] +/Limits [(0:1007) (0:1011)] +>> endobj +6500 0 obj << +/Names [(0:1012) 2068 0 R (0:1013) 2069 0 R (0:1014) 2070 0 R (0:1015) 2071 0 R (0:1016) 2072 0 R (0:1017) 2073 0 R] +/Limits [(0:1012) (0:1017)] +>> endobj +6501 0 obj << +/Names [(0:1018) 2074 0 R (0:1019) 2075 0 R (0:102) 1332 0 R (0:1020) 2076 0 R (0:1021) 2083 0 R (0:1022) 2084 0 R] +/Limits [(0:1018) (0:1022)] +>> endobj +6502 0 obj << +/Names [(0:1023) 2085 0 R (0:1024) 2086 0 R (0:1025) 2087 0 R (0:1026) 2088 0 R (0:1027) 2089 0 R (0:1029) 2090 0 R] +/Limits [(0:1023) (0:1029)] +>> endobj +6503 0 obj << +/Names [(0:103) 1333 0 R (0:1030) 2091 0 R (0:1031) 2092 0 R (0:1032) 2093 0 R (0:1035) 2095 0 R (0:1036) 2096 0 R] +/Limits [(0:103) (0:1036)] +>> endobj +6504 0 obj << +/Names [(0:1037) 2097 0 R (0:1039) 2098 0 R (0:1040) 2099 0 R (0:1041) 2100 0 R (0:106) 1334 0 R (0:1068) 2106 0 R] +/Limits [(0:1037) (0:1068)] +>> endobj +6505 0 obj << +/Names [(0:1069) 2107 0 R (0:107) 1335 0 R (0:1070) 2108 0 R (0:1071) 2109 0 R (0:108) 1336 0 R (0:109) 1337 0 R] +/Limits [(0:1069) (0:109)] +>> endobj +6506 0 obj << +/Names [(0:110) 1338 0 R (0:1106) 2111 0 R (0:1107) 2112 0 R (0:1108) 2113 0 R (0:1109) 2114 0 R (0:111) 1339 0 R] +/Limits [(0:110) (0:111)] +>> endobj +6507 0 obj << +/Names [(0:1110) 2115 0 R (0:1111) 2116 0 R (0:1112) 2117 0 R (0:1113) 2118 0 R (0:1114) 2119 0 R (0:1115) 2120 0 R] +/Limits [(0:1110) (0:1115)] +>> endobj +6508 0 obj << +/Names [(0:1116) 2121 0 R (0:1117) 2122 0 R (0:1118) 2123 0 R (0:1119) 2124 0 R (0:112) 1340 0 R (0:1120) 2125 0 R] +/Limits [(0:1116) (0:1120)] +>> endobj +6509 0 obj << +/Names [(0:1121) 2126 0 R (0:1122) 2127 0 R (0:1123) 2128 0 R (0:1124) 2129 0 R (0:1125) 2130 0 R (0:1126) 2139 0 R] +/Limits [(0:1121) (0:1126)] +>> endobj +6510 0 obj << +/Names [(0:1127) 2140 0 R (0:1128) 2141 0 R (0:1129) 2142 0 R (0:113) 1341 0 R (0:1130) 2143 0 R (0:1131) 2144 0 R] +/Limits [(0:1127) (0:1131)] +>> endobj +6511 0 obj << +/Names [(0:1132) 2145 0 R (0:1133) 2146 0 R (0:1134) 2147 0 R (0:1135) 2148 0 R (0:1136) 2149 0 R (0:1137) 2150 0 R] +/Limits [(0:1132) (0:1137)] +>> endobj +6512 0 obj << +/Names [(0:1138) 2151 0 R (0:1139) 2152 0 R (0:114) 1342 0 R (0:1140) 2153 0 R (0:1141) 2154 0 R (0:1142) 2155 0 R] +/Limits [(0:1138) (0:1142)] +>> endobj +6513 0 obj << +/Names [(0:1144) 2156 0 R (0:1147) 2157 0 R (0:1148) 2158 0 R (0:115) 1343 0 R (0:1150) 2159 0 R (0:1152) 2160 0 R] +/Limits [(0:1144) (0:1152)] +>> endobj +6514 0 obj << +/Names [(0:1153) 2161 0 R (0:1154) 2162 0 R (0:1155) 2163 0 R (0:1157) 2164 0 R (0:1158) 2165 0 R (0:1159) 2166 0 R] +/Limits [(0:1153) (0:1159)] +>> endobj +6515 0 obj << +/Names [(0:116) 1344 0 R (0:1160) 2167 0 R (0:1161) 2168 0 R (0:1162) 2169 0 R (0:1163) 2170 0 R (0:1164) 2171 0 R] +/Limits [(0:116) (0:1164)] +>> endobj +6516 0 obj << +/Names [(0:1165) 2172 0 R (0:1167) 2173 0 R (0:1168) 2174 0 R (0:1169) 2175 0 R (0:117) 1345 0 R (0:1170) 2176 0 R] +/Limits [(0:1165) (0:1170)] +>> endobj +6517 0 obj << +/Names [(0:1171) 2177 0 R (0:1173) 2138 0 R (0:1175) 2182 0 R (0:1176) 2183 0 R (0:1177) 2184 0 R (0:1178) 2185 0 R] +/Limits [(0:1171) (0:1178)] +>> endobj +6518 0 obj << +/Names [(0:1179) 2186 0 R (0:118) 1346 0 R (0:1180) 2187 0 R (0:1181) 2188 0 R (0:1182) 2189 0 R (0:1183) 2190 0 R] +/Limits [(0:1179) (0:1183)] +>> endobj +6519 0 obj << +/Names [(0:1184) 2191 0 R (0:1185) 2192 0 R (0:1186) 2193 0 R (0:1187) 2194 0 R (0:1188) 2195 0 R (0:1189) 2196 0 R] +/Limits [(0:1184) (0:1189)] +>> endobj +6520 0 obj << +/Names [(0:119) 1347 0 R (0:1190) 2197 0 R (0:1191) 2198 0 R (0:1192) 2199 0 R (0:1195) 2206 0 R (0:1196) 2207 0 R] +/Limits [(0:119) (0:1196)] +>> endobj +6521 0 obj << +/Names [(0:1198) 2208 0 R (0:1199) 2209 0 R (0:120) 1348 0 R (0:1200) 2210 0 R (0:1201) 2211 0 R (0:1202) 2212 0 R] +/Limits [(0:1198) (0:1202)] +>> endobj +6522 0 obj << +/Names [(0:1203) 2213 0 R (0:1204) 2214 0 R (0:1205) 2215 0 R (0:1207) 2216 0 R (0:1209) 2217 0 R (0:121) 1349 0 R] +/Limits [(0:1203) (0:121)] +>> endobj +6523 0 obj << +/Names [(0:1210) 2218 0 R (0:1211) 2219 0 R (0:1212) 2220 0 R (0:1213) 2221 0 R (0:1214) 2222 0 R (0:1216) 2223 0 R] +/Limits [(0:1210) (0:1216)] +>> endobj +6524 0 obj << +/Names [(0:1217) 2224 0 R (0:1218) 2225 0 R (0:1219) 2226 0 R (0:122) 1350 0 R (0:1220) 2227 0 R (0:1221) 2228 0 R] +/Limits [(0:1217) (0:1221)] +>> endobj +6525 0 obj << +/Names [(0:1222) 2229 0 R (0:1224) 2205 0 R (0:1225) 2235 0 R (0:1226) 2236 0 R (0:1227) 2237 0 R (0:1228) 2238 0 R] +/Limits [(0:1222) (0:1228)] +>> endobj +6526 0 obj << +/Names [(0:1229) 2239 0 R (0:123) 1351 0 R (0:1231) 2240 0 R (0:1232) 2241 0 R (0:1233) 2242 0 R (0:1234) 2243 0 R] +/Limits [(0:1229) (0:1234)] +>> endobj +6527 0 obj << +/Names [(0:1235) 2244 0 R (0:1236) 2245 0 R (0:1238) 2246 0 R (0:1239) 2247 0 R (0:124) 1352 0 R (0:1240) 2248 0 R] +/Limits [(0:1235) (0:1240)] +>> endobj +6528 0 obj << +/Names [(0:1241) 2249 0 R (0:1242) 2250 0 R (0:1243) 2251 0 R (0:1244) 2252 0 R (0:1246) 2253 0 R (0:1247) 2254 0 R] +/Limits [(0:1241) (0:1247)] +>> endobj +6529 0 obj << +/Names [(0:1248) 2255 0 R (0:1249) 2256 0 R (0:125) 1353 0 R (0:1250) 2257 0 R (0:1251) 2258 0 R (0:1252) 2259 0 R] +/Limits [(0:1248) (0:1252)] +>> endobj +6530 0 obj << +/Names [(0:1254) 2260 0 R (0:1255) 2261 0 R (0:1256) 2262 0 R (0:1257) 2263 0 R (0:1258) 2264 0 R (0:1259) 2265 0 R] +/Limits [(0:1254) (0:1259)] +>> endobj +6531 0 obj << +/Names [(0:126) 1354 0 R (0:1260) 2266 0 R (0:1262) 2271 0 R (0:1263) 2272 0 R (0:1264) 2273 0 R (0:1265) 2274 0 R] +/Limits [(0:126) (0:1265)] +>> endobj +6532 0 obj << +/Names [(0:1266) 2275 0 R (0:1267) 2234 0 R (0:127) 1355 0 R (0:1270) 2276 0 R (0:1271) 2277 0 R (0:1272) 2278 0 R] +/Limits [(0:1266) (0:1272)] +>> endobj +6533 0 obj << +/Names [(0:1273) 2279 0 R (0:1274) 2280 0 R (0:1275) 2281 0 R (0:1276) 2282 0 R (0:1277) 2283 0 R (0:1278) 2284 0 R] +/Limits [(0:1273) (0:1278)] +>> endobj +6534 0 obj << +/Names [(0:1279) 2285 0 R (0:128) 1356 0 R (0:1282) 2295 0 R (0:1283) 2296 0 R (0:1284) 2297 0 R (0:1285) 2298 0 R] +/Limits [(0:1279) (0:1285)] +>> endobj +6535 0 obj << +/Names [(0:1286) 2299 0 R (0:1287) 2300 0 R (0:1288) 2301 0 R (0:129) 1357 0 R (0:1290) 2302 0 R (0:1291) 2303 0 R] +/Limits [(0:1286) (0:1291)] +>> endobj +6536 0 obj << +/Names [(0:1293) 2304 0 R (0:1294) 2305 0 R (0:1295) 2306 0 R (0:1296) 2307 0 R (0:1297) 2308 0 R (0:1298) 2309 0 R] +/Limits [(0:1293) (0:1298)] +>> endobj +6537 0 obj << +/Names [(0:130) 1358 0 R (0:1300) 2310 0 R (0:1301) 2311 0 R (0:1302) 2312 0 R (0:1303) 2313 0 R (0:1304) 2314 0 R] +/Limits [(0:130) (0:1304)] +>> endobj +6538 0 obj << +/Names [(0:1305) 2315 0 R (0:1306) 2316 0 R (0:1307) 2317 0 R (0:1309) 2323 0 R (0:131) 1359 0 R (0:1311) 2324 0 R] +/Limits [(0:1305) (0:1311)] +>> endobj +6539 0 obj << +/Names [(0:1315) 2325 0 R (0:1316) 2326 0 R (0:1318) 2327 0 R (0:1319) 2328 0 R (0:132) 1360 0 R (0:1320) 2329 0 R] +/Limits [(0:1315) (0:1320)] +>> endobj +6540 0 obj << +/Names [(0:1321) 2330 0 R (0:1322) 2331 0 R (0:1323) 2332 0 R (0:1324) 2333 0 R (0:1325) 2334 0 R (0:1326) 2335 0 R] +/Limits [(0:1321) (0:1326)] +>> endobj +6541 0 obj << +/Names [(0:1328) 2336 0 R (0:1329) 2337 0 R (0:133) 1361 0 R (0:1330) 2338 0 R (0:1331) 2339 0 R (0:1332) 2340 0 R] +/Limits [(0:1328) (0:1332)] +>> endobj +6542 0 obj << +/Names [(0:1333) 2341 0 R (0:1334) 2342 0 R (0:1337) 2343 0 R (0:1338) 2344 0 R (0:1339) 2345 0 R (0:134) 1362 0 R] +/Limits [(0:1333) (0:134)] +>> endobj +6543 0 obj << +/Names [(0:1340) 2346 0 R (0:1341) 2347 0 R (0:1342) 2348 0 R (0:1344) 2349 0 R (0:1346) 2350 0 R (0:1347) 2351 0 R] +/Limits [(0:1340) (0:1347)] +>> endobj +6544 0 obj << +/Names [(0:1348) 2359 0 R (0:1349) 2360 0 R (0:135) 1363 0 R (0:1350) 2361 0 R (0:1351) 2362 0 R (0:1352) 2363 0 R] +/Limits [(0:1348) (0:1352)] +>> endobj +6545 0 obj << +/Names [(0:1353) 2364 0 R (0:1354) 2365 0 R (0:1356) 2366 0 R (0:1357) 2367 0 R (0:1358) 2368 0 R (0:1359) 2369 0 R] +/Limits [(0:1353) (0:1359)] +>> endobj +6546 0 obj << +/Names [(0:136) 1373 0 R (0:1360) 2370 0 R (0:1361) 2371 0 R (0:1362) 2372 0 R (0:1363) 2373 0 R (0:1364) 2374 0 R] +/Limits [(0:136) (0:1364)] +>> endobj +6547 0 obj << +/Names [(0:1365) 2375 0 R (0:1367) 2376 0 R (0:1368) 2377 0 R (0:1369) 2378 0 R (0:137) 1374 0 R (0:1370) 2379 0 R] +/Limits [(0:1365) (0:1370)] +>> endobj +6548 0 obj << +/Names [(0:1371) 2380 0 R (0:1372) 2381 0 R (0:1373) 2382 0 R (0:1374) 2383 0 R (0:1375) 2384 0 R (0:1376) 2385 0 R] +/Limits [(0:1371) (0:1376)] +>> endobj +6549 0 obj << +/Names [(0:1377) 2386 0 R (0:1378) 2387 0 R (0:138) 1375 0 R (0:1380) 2394 0 R (0:1382) 2395 0 R (0:1386) 2396 0 R] +/Limits [(0:1377) (0:1386)] +>> endobj +6550 0 obj << +/Names [(0:1387) 2397 0 R (0:1389) 2398 0 R (0:139) 1331 0 R (0:1390) 2399 0 R (0:1391) 2400 0 R (0:1392) 2401 0 R] +/Limits [(0:1387) (0:1392)] +>> endobj +6551 0 obj << +/Names [(0:1393) 2402 0 R (0:1394) 2403 0 R (0:1395) 2404 0 R (0:1397) 2405 0 R (0:14) 1242 0 R (0:1400) 2407 0 R] +/Limits [(0:1393) (0:1400)] +>> endobj +6552 0 obj << +/Names [(0:1401) 2408 0 R (0:1402) 2409 0 R (0:1403) 2410 0 R (0:1406) 2416 0 R (0:1407) 2417 0 R (0:141) 1376 0 R] +/Limits [(0:1401) (0:141)] +>> endobj +6553 0 obj << +/Names [(0:1411) 2418 0 R (0:1412) 2419 0 R (0:1413) 2420 0 R (0:1414) 2421 0 R (0:1415) 2422 0 R (0:1416) 2423 0 R] +/Limits [(0:1411) (0:1416)] +>> endobj +6554 0 obj << +/Names [(0:1417) 2424 0 R (0:1418) 2425 0 R (0:1419) 2426 0 R (0:1420) 2427 0 R (0:1421) 2428 0 R (0:1422) 2429 0 R] +/Limits [(0:1417) (0:1422)] +>> endobj +6555 0 obj << +/Names [(0:1424) 2430 0 R (0:1425) 2431 0 R (0:1426) 2432 0 R (0:1427) 2433 0 R (0:1428) 2434 0 R (0:1429) 2435 0 R] +/Limits [(0:1424) (0:1429)] +>> endobj +6556 0 obj << +/Names [(0:1432) 2436 0 R (0:1434) 2437 0 R (0:1435) 2438 0 R (0:1436) 2439 0 R (0:1437) 2440 0 R (0:1438) 2441 0 R] +/Limits [(0:1432) (0:1438)] +>> endobj +6557 0 obj << +/Names [(0:1439) 2442 0 R (0:144) 1377 0 R (0:1441) 2443 0 R (0:1442) 2444 0 R (0:1443) 2445 0 R (0:1445) 2415 0 R] +/Limits [(0:1439) (0:1445)] +>> endobj +6558 0 obj << +/Names [(0:1446) 2451 0 R (0:1447) 2452 0 R (0:1448) 2453 0 R (0:1449) 2454 0 R (0:145) 1378 0 R (0:1450) 2455 0 R] +/Limits [(0:1446) (0:1450)] +>> endobj +6559 0 obj << +/Names [(0:1452) 2456 0 R (0:1453) 2457 0 R (0:1454) 2458 0 R (0:1455) 2459 0 R (0:1456) 2460 0 R (0:1457) 2461 0 R] +/Limits [(0:1452) (0:1457)] +>> endobj +6560 0 obj << +/Names [(0:1459) 2462 0 R (0:146) 1379 0 R (0:1460) 2463 0 R (0:1461) 2464 0 R (0:1462) 2465 0 R (0:1463) 2466 0 R] +/Limits [(0:1459) (0:1463)] +>> endobj +6561 0 obj << +/Names [(0:1464) 2467 0 R (0:1466) 2468 0 R (0:1467) 2469 0 R (0:1468) 2470 0 R (0:1469) 2471 0 R (0:147) 1380 0 R] +/Limits [(0:1464) (0:147)] +>> endobj +6562 0 obj << +/Names [(0:1470) 2472 0 R (0:1471) 2473 0 R (0:1473) 2474 0 R (0:1474) 2475 0 R (0:1475) 2476 0 R (0:1476) 2477 0 R] +/Limits [(0:1470) (0:1476)] +>> endobj +6563 0 obj << +/Names [(0:1477) 2478 0 R (0:1478) 2479 0 R (0:148) 1381 0 R (0:1481) 2481 0 R (0:1482) 2482 0 R (0:1483) 2483 0 R] +/Limits [(0:1477) (0:1483)] +>> endobj +6564 0 obj << +/Names [(0:1484) 2484 0 R (0:1485) 2485 0 R (0:1486) 2486 0 R (0:1487) 2487 0 R (0:1488) 2488 0 R (0:1489) 2490 0 R] +/Limits [(0:1484) (0:1489)] +>> endobj +6565 0 obj << +/Names [(0:149) 1382 0 R (0:1490) 2491 0 R (0:1491) 2492 0 R (0:1492) 2493 0 R (0:1493) 2494 0 R (0:1494) 2495 0 R] +/Limits [(0:149) (0:1494)] +>> endobj +6566 0 obj << +/Names [(0:1495) 2496 0 R (0:1496) 2501 0 R (0:1497) 2502 0 R (0:15) 1243 0 R (0:1500) 2503 0 R (0:1502) 2504 0 R] +/Limits [(0:1495) (0:1502)] +>> endobj +6567 0 obj << +/Names [(0:1503) 2505 0 R (0:1504) 2506 0 R (0:1505) 2507 0 R (0:1506) 2508 0 R (0:1507) 2509 0 R (0:1508) 2510 0 R] +/Limits [(0:1503) (0:1508)] +>> endobj +6568 0 obj << +/Names [(0:1509) 2511 0 R (0:151) 1383 0 R (0:1510) 2512 0 R (0:1511) 2513 0 R (0:1512) 2514 0 R (0:1513) 2515 0 R] +/Limits [(0:1509) (0:1513)] +>> endobj +6569 0 obj << +/Names [(0:1514) 2516 0 R (0:1515) 2517 0 R (0:1516) 2518 0 R (0:1517) 2523 0 R (0:1518) 2524 0 R (0:1519) 2525 0 R] +/Limits [(0:1514) (0:1519)] +>> endobj +6570 0 obj << +/Names [(0:152) 1384 0 R (0:1520) 2526 0 R (0:1523) 2528 0 R (0:1525) 2529 0 R (0:1526) 2530 0 R (0:1527) 2531 0 R] +/Limits [(0:152) (0:1527)] +>> endobj +6571 0 obj << +/Names [(0:1528) 2532 0 R (0:1529) 2533 0 R (0:153) 1385 0 R (0:1530) 2534 0 R (0:1531) 2535 0 R (0:1532) 2536 0 R] +/Limits [(0:1528) (0:1532)] +>> endobj +6572 0 obj << +/Names [(0:1533) 2537 0 R (0:1534) 2538 0 R (0:1535) 2539 0 R (0:1536) 2540 0 R (0:1537) 2541 0 R (0:1538) 2542 0 R] +/Limits [(0:1533) (0:1538)] +>> endobj +6573 0 obj << +/Names [(0:1539) 2548 0 R (0:1540) 2549 0 R (0:1541) 2550 0 R (0:1542) 2551 0 R (0:1543) 2552 0 R (0:1544) 2553 0 R] +/Limits [(0:1539) (0:1544)] +>> endobj +6574 0 obj << +/Names [(0:1547) 2554 0 R (0:1548) 2555 0 R (0:1549) 2556 0 R (0:155) 1387 0 R (0:1550) 2557 0 R (0:1551) 2558 0 R] +/Limits [(0:1547) (0:1551)] +>> endobj +6575 0 obj << +/Names [(0:1552) 2559 0 R (0:1553) 2560 0 R (0:1554) 2561 0 R (0:1555) 2562 0 R (0:1556) 2568 0 R (0:1557) 2569 0 R] +/Limits [(0:1552) (0:1557)] +>> endobj +6576 0 obj << +/Names [(0:1558) 2547 0 R (0:1559) 2570 0 R (0:156) 1388 0 R (0:1560) 2571 0 R (0:1561) 2572 0 R (0:1562) 2573 0 R] +/Limits [(0:1558) (0:1562)] +>> endobj +6577 0 obj << +/Names [(0:1563) 2574 0 R (0:1566) 2575 0 R (0:1567) 2576 0 R (0:1568) 2577 0 R (0:1569) 2578 0 R (0:157) 1389 0 R] +/Limits [(0:1563) (0:157)] +>> endobj +6578 0 obj << +/Names [(0:1570) 2579 0 R (0:158) 1390 0 R (0:16) 1244 0 R (0:160) 1391 0 R (0:1600) 2581 0 R (0:1601) 2582 0 R] +/Limits [(0:1570) (0:1601)] +>> endobj +6579 0 obj << +/Names [(0:1602) 2583 0 R (0:1603) 2584 0 R (0:1604) 2585 0 R (0:1605) 2586 0 R (0:1606) 2587 0 R (0:1609) 2588 0 R] +/Limits [(0:1602) (0:1609)] +>> endobj +6580 0 obj << +/Names [(0:161) 1392 0 R (0:1611) 2589 0 R (0:1612) 2590 0 R (0:1613) 2591 0 R (0:1614) 2596 0 R (0:1615) 2597 0 R] +/Limits [(0:161) (0:1615)] +>> endobj +6581 0 obj << +/Names [(0:1616) 2598 0 R (0:1617) 2599 0 R (0:1618) 2600 0 R (0:1619) 2601 0 R (0:162) 1393 0 R (0:1620) 2602 0 R] +/Limits [(0:1616) (0:1620)] +>> endobj +6582 0 obj << +/Names [(0:1622) 2603 0 R (0:1623) 2604 0 R (0:1624) 2605 0 R (0:1625) 2606 0 R (0:1626) 2607 0 R (0:1627) 2608 0 R] +/Limits [(0:1622) (0:1627)] +>> endobj +6583 0 obj << +/Names [(0:1628) 2609 0 R (0:1630) 2610 0 R (0:1631) 2615 0 R (0:1632) 2616 0 R (0:1633) 2617 0 R (0:1634) 2618 0 R] +/Limits [(0:1628) (0:1634)] +>> endobj +6584 0 obj << +/Names [(0:1635) 2619 0 R (0:1636) 2620 0 R (0:1637) 2621 0 R (0:1638) 2622 0 R (0:1639) 2623 0 R (0:164) 1394 0 R] +/Limits [(0:1635) (0:164)] +>> endobj +6585 0 obj << +/Names [(0:1640) 2624 0 R (0:1641) 2625 0 R (0:1642) 2626 0 R (0:1643) 2627 0 R (0:1644) 2628 0 R (0:1646) 2629 0 R] +/Limits [(0:1640) (0:1646)] +>> endobj +6586 0 obj << +/Names [(0:1647) 2630 0 R (0:1648) 2631 0 R (0:1649) 2632 0 R (0:165) 1395 0 R (0:1650) 2633 0 R (0:1651) 2634 0 R] +/Limits [(0:1647) (0:1651)] +>> endobj +6587 0 obj << +/Names [(0:1652) 2635 0 R (0:1653) 2636 0 R (0:1654) 2637 0 R (0:1655) 2638 0 R (0:1656) 2639 0 R (0:1657) 2640 0 R] +/Limits [(0:1652) (0:1657)] +>> endobj +6588 0 obj << +/Names [(0:1659) 2641 0 R (0:166) 1396 0 R (0:1660) 2642 0 R (0:1663) 2648 0 R (0:1664) 2649 0 R (0:1665) 2650 0 R] +/Limits [(0:1659) (0:1665)] +>> endobj +6589 0 obj << +/Names [(0:1666) 2651 0 R (0:1667) 2652 0 R (0:1668) 2653 0 R (0:1669) 2654 0 R (0:167) 1397 0 R (0:1670) 2655 0 R] +/Limits [(0:1666) (0:1670)] +>> endobj +6590 0 obj << +/Names [(0:1671) 2656 0 R (0:1674) 2658 0 R (0:1675) 2659 0 R (0:1676) 2660 0 R (0:1679) 2666 0 R (0:168) 1398 0 R] +/Limits [(0:1671) (0:168)] +>> endobj +6591 0 obj << +/Names [(0:1680) 2667 0 R (0:1681) 2668 0 R (0:1682) 2669 0 R (0:1683) 2670 0 R (0:1684) 2671 0 R (0:1685) 2672 0 R] +/Limits [(0:1680) (0:1685)] +>> endobj +6592 0 obj << +/Names [(0:1686) 2673 0 R (0:1687) 2674 0 R (0:1689) 2675 0 R (0:169) 1399 0 R (0:1690) 2676 0 R (0:1691) 2677 0 R] +/Limits [(0:1686) (0:1691)] +>> endobj +6593 0 obj << +/Names [(0:1695) 2685 0 R (0:1696) 2686 0 R (0:1697) 2687 0 R (0:1698) 2688 0 R (0:1699) 2689 0 R (0:17) 1245 0 R] +/Limits [(0:1695) (0:17)] +>> endobj +6594 0 obj << +/Names [(0:1700) 2690 0 R (0:1701) 2691 0 R (0:1702) 2692 0 R (0:1703) 2693 0 R (0:1704) 2694 0 R (0:1706) 2695 0 R] +/Limits [(0:1700) (0:1706)] +>> endobj +6595 0 obj << +/Names [(0:1707) 2696 0 R (0:1708) 2697 0 R (0:1709) 2698 0 R (0:171) 1400 0 R (0:1710) 2699 0 R (0:1711) 2700 0 R] +/Limits [(0:1707) (0:1711)] +>> endobj +6596 0 obj << +/Names [(0:1712) 2701 0 R (0:1713) 2702 0 R (0:1714) 2703 0 R (0:1717) 2704 0 R (0:1718) 2705 0 R (0:1719) 2706 0 R] +/Limits [(0:1712) (0:1719)] +>> endobj +6597 0 obj << +/Names [(0:1720) 2707 0 R (0:1721) 2708 0 R (0:1722) 2709 0 R (0:1726) 2710 0 R (0:1727) 2711 0 R (0:1728) 2712 0 R] +/Limits [(0:1720) (0:1728)] +>> endobj +6598 0 obj << +/Names [(0:1729) 2713 0 R (0:173) 1401 0 R (0:1730) 2714 0 R (0:1731) 2715 0 R (0:1732) 2716 0 R (0:1733) 2717 0 R] +/Limits [(0:1729) (0:1733)] +>> endobj +6599 0 obj << +/Names [(0:1734) 2718 0 R (0:1735) 2719 0 R (0:1736) 2720 0 R (0:1737) 2721 0 R (0:1738) 2722 0 R (0:1739) 2723 0 R] +/Limits [(0:1734) (0:1739)] +>> endobj +6600 0 obj << +/Names [(0:174) 1402 0 R (0:1740) 2724 0 R (0:1741) 2725 0 R (0:1742) 2726 0 R (0:1743) 2727 0 R (0:1744) 2728 0 R] +/Limits [(0:174) (0:1744)] +>> endobj +6601 0 obj << +/Names [(0:1745) 2729 0 R (0:1746) 2735 0 R (0:1747) 2736 0 R (0:1748) 2737 0 R (0:1749) 2738 0 R (0:175) 1403 0 R] +/Limits [(0:1745) (0:175)] +>> endobj +6602 0 obj << +/Names [(0:1750) 2739 0 R (0:1751) 2740 0 R (0:1752) 2741 0 R (0:1753) 2742 0 R (0:1754) 2743 0 R (0:1755) 2744 0 R] +/Limits [(0:1750) (0:1755)] +>> endobj +6603 0 obj << +/Names [(0:1756) 2745 0 R (0:1757) 2746 0 R (0:1758) 2747 0 R (0:1759) 2748 0 R (0:176) 1404 0 R (0:1760) 2749 0 R] +/Limits [(0:1756) (0:1760)] +>> endobj +6604 0 obj << +/Names [(0:1761) 2750 0 R (0:1762) 2751 0 R (0:1763) 2752 0 R (0:1764) 2753 0 R (0:1765) 2754 0 R (0:1768) 2755 0 R] +/Limits [(0:1761) (0:1768)] +>> endobj +6605 0 obj << +/Names [(0:1769) 2756 0 R (0:177) 1405 0 R (0:1770) 2757 0 R (0:1771) 2758 0 R (0:1772) 2759 0 R (0:1773) 2760 0 R] +/Limits [(0:1769) (0:1773)] +>> endobj +6606 0 obj << +/Names [(0:1774) 2761 0 R (0:1775) 2762 0 R (0:1776) 2763 0 R (0:1777) 2764 0 R (0:1778) 2765 0 R (0:1779) 2766 0 R] +/Limits [(0:1774) (0:1779)] +>> endobj +6607 0 obj << +/Names [(0:178) 1406 0 R (0:1780) 2767 0 R (0:1781) 2768 0 R (0:1782) 2769 0 R (0:1783) 2770 0 R (0:1784) 2771 0 R] +/Limits [(0:178) (0:1784)] +>> endobj +6608 0 obj << +/Names [(0:1785) 2772 0 R (0:1786) 2773 0 R (0:1787) 2774 0 R (0:1788) 2775 0 R (0:1789) 2776 0 R (0:179) 1407 0 R] +/Limits [(0:1785) (0:179)] +>> endobj +6609 0 obj << +/Names [(0:1790) 2777 0 R (0:1791) 2778 0 R (0:1794) 2784 0 R (0:1795) 2785 0 R (0:1796) 2786 0 R (0:1797) 2787 0 R] +/Limits [(0:1790) (0:1797)] +>> endobj +6610 0 obj << +/Names [(0:1798) 2788 0 R (0:1799) 2789 0 R (0:18) 1246 0 R (0:180) 1408 0 R (0:1800) 2790 0 R (0:1801) 2791 0 R] +/Limits [(0:1798) (0:1801)] +>> endobj +6611 0 obj << +/Names [(0:1802) 2792 0 R (0:1803) 2793 0 R (0:1804) 2794 0 R (0:1805) 2795 0 R (0:1806) 2796 0 R (0:1807) 2797 0 R] +/Limits [(0:1802) (0:1807)] +>> endobj +6612 0 obj << +/Names [(0:1808) 2798 0 R (0:1809) 2799 0 R (0:181) 1427 0 R (0:1810) 2800 0 R (0:1811) 2801 0 R (0:1812) 2802 0 R] +/Limits [(0:1808) (0:1812)] +>> endobj +6613 0 obj << +/Names [(0:1813) 2803 0 R (0:1814) 2804 0 R (0:1815) 2805 0 R (0:1816) 2806 0 R (0:1817) 2807 0 R (0:1818) 2808 0 R] +/Limits [(0:1813) (0:1818)] +>> endobj +6614 0 obj << +/Names [(0:1819) 2809 0 R (0:182) 1428 0 R (0:1820) 2810 0 R (0:1821) 2811 0 R (0:1822) 2812 0 R (0:1823) 2813 0 R] +/Limits [(0:1819) (0:1823)] +>> endobj +6615 0 obj << +/Names [(0:1827) 2814 0 R (0:183) 1372 0 R (0:1830) 2815 0 R (0:1831) 2816 0 R (0:1832) 2822 0 R (0:1833) 2823 0 R] +/Limits [(0:1827) (0:1833)] +>> endobj +6616 0 obj << +/Names [(0:1835) 2824 0 R (0:1836) 2825 0 R (0:1837) 2826 0 R (0:1838) 2827 0 R (0:1840) 2828 0 R (0:1841) 2829 0 R] +/Limits [(0:1835) (0:1841)] +>> endobj +6617 0 obj << +/Names [(0:1842) 2830 0 R (0:1843) 2831 0 R (0:1845) 2832 0 R (0:1846) 2833 0 R (0:1847) 2834 0 R (0:1848) 2835 0 R] +/Limits [(0:1842) (0:1848)] +>> endobj +6618 0 obj << +/Names [(0:1849) 2836 0 R (0:185) 1429 0 R (0:1851) 2837 0 R (0:1852) 2838 0 R (0:1853) 2839 0 R (0:1854) 2840 0 R] +/Limits [(0:1849) (0:1854)] +>> endobj +6619 0 obj << +/Names [(0:1856) 2841 0 R (0:1857) 2842 0 R (0:1858) 2843 0 R (0:1859) 2844 0 R (0:186) 1430 0 R (0:1861) 2845 0 R] +/Limits [(0:1856) (0:1861)] +>> endobj +6620 0 obj << +/Names [(0:1862) 2846 0 R (0:1863) 2847 0 R (0:1864) 2848 0 R (0:1865) 2849 0 R (0:1867) 2850 0 R (0:1868) 2851 0 R] +/Limits [(0:1862) (0:1868)] +>> endobj +6621 0 obj << +/Names [(0:1869) 2852 0 R (0:1871) 2859 0 R (0:1872) 2860 0 R (0:1873) 2861 0 R (0:1875) 2821 0 R (0:1876) 2862 0 R] +/Limits [(0:1869) (0:1876)] +>> endobj +6622 0 obj << +/Names [(0:1877) 2863 0 R (0:1879) 2864 0 R (0:188) 1431 0 R (0:1880) 2865 0 R (0:1881) 2866 0 R (0:1883) 2867 0 R] +/Limits [(0:1877) (0:1883)] +>> endobj +6623 0 obj << +/Names [(0:1884) 2868 0 R (0:1885) 2869 0 R (0:1887) 2870 0 R (0:1888) 2871 0 R (0:1889) 2872 0 R (0:189) 1432 0 R] +/Limits [(0:1884) (0:189)] +>> endobj +6624 0 obj << +/Names [(0:1890) 2873 0 R (0:1892) 2874 0 R (0:1893) 2875 0 R (0:1895) 2876 0 R (0:1896) 2877 0 R (0:1897) 2878 0 R] +/Limits [(0:1890) (0:1897)] +>> endobj +6625 0 obj << +/Names [(0:1898) 2879 0 R (0:1899) 2880 0 R (0:19) 1247 0 R (0:190) 1433 0 R (0:1900) 2881 0 R (0:1901) 2882 0 R] +/Limits [(0:1898) (0:1901)] +>> endobj +6626 0 obj << +/Names [(0:1902) 2883 0 R (0:1905) 2885 0 R (0:1906) 2886 0 R (0:1907) 2887 0 R (0:1908) 2888 0 R (0:1909) 2889 0 R] +/Limits [(0:1902) (0:1909)] +>> endobj +6627 0 obj << +/Names [(0:191) 1434 0 R (0:1910) 2890 0 R (0:1911) 2891 0 R (0:1912) 2892 0 R (0:1913) 2898 0 R (0:1915) 2899 0 R] +/Limits [(0:191) (0:1915)] +>> endobj +6628 0 obj << +/Names [(0:1916) 2900 0 R (0:1918) 2901 0 R (0:1919) 2902 0 R (0:1920) 2903 0 R (0:1923) 2905 0 R (0:1924) 2906 0 R] +/Limits [(0:1916) (0:1924)] +>> endobj +6629 0 obj << +/Names [(0:1925) 2907 0 R (0:1926) 2908 0 R (0:1927) 2909 0 R (0:1928) 2910 0 R (0:1929) 2911 0 R (0:193) 1435 0 R] +/Limits [(0:1925) (0:193)] +>> endobj +6630 0 obj << +/Names [(0:1930) 2912 0 R (0:1931) 2913 0 R (0:1932) 2914 0 R (0:1933) 2915 0 R (0:1934) 2916 0 R (0:1935) 2917 0 R] +/Limits [(0:1930) (0:1935)] +>> endobj +6631 0 obj << +/Names [(0:1936) 2918 0 R (0:1937) 2919 0 R (0:1938) 2920 0 R (0:1939) 2921 0 R (0:194) 1436 0 R (0:1940) 2922 0 R] +/Limits [(0:1936) (0:1940)] +>> endobj +6632 0 obj << +/Names [(0:1941) 2923 0 R (0:1942) 2924 0 R (0:1943) 2925 0 R (0:1944) 2926 0 R (0:1945) 2927 0 R (0:1946) 2928 0 R] +/Limits [(0:1941) (0:1946)] +>> endobj +6633 0 obj << +/Names [(0:1947) 2929 0 R (0:1948) 2930 0 R (0:1949) 2931 0 R (0:195) 1437 0 R (0:1950) 2932 0 R (0:1951) 2933 0 R] +/Limits [(0:1947) (0:1951)] +>> endobj +6634 0 obj << +/Names [(0:1952) 2934 0 R (0:1953) 2935 0 R (0:1954) 2936 0 R (0:1955) 2937 0 R (0:1956) 2938 0 R (0:1957) 2939 0 R] +/Limits [(0:1952) (0:1957)] +>> endobj +6635 0 obj << +/Names [(0:1958) 2946 0 R (0:1959) 2947 0 R (0:1960) 2948 0 R (0:1961) 2949 0 R (0:1962) 2950 0 R (0:1963) 2951 0 R] +/Limits [(0:1958) (0:1963)] +>> endobj +6636 0 obj << +/Names [(0:1964) 2952 0 R (0:1965) 2953 0 R (0:1966) 2954 0 R (0:1967) 2955 0 R (0:1968) 2956 0 R (0:197) 1438 0 R] +/Limits [(0:1964) (0:197)] +>> endobj +6637 0 obj << +/Names [(0:1971) 2958 0 R (0:1972) 2959 0 R (0:1973) 2960 0 R (0:1974) 2961 0 R (0:1975) 2962 0 R (0:1976) 2963 0 R] +/Limits [(0:1971) (0:1976)] +>> endobj +6638 0 obj << +/Names [(0:1978) 2972 0 R (0:1979) 2973 0 R (0:198) 1439 0 R (0:1980) 2974 0 R (0:1981) 2945 0 R (0:1982) 2975 0 R] +/Limits [(0:1978) (0:1982)] +>> endobj +6639 0 obj << +/Names [(0:1983) 2976 0 R (0:1984) 2977 0 R (0:1985) 2978 0 R (0:1987) 2979 0 R (0:1988) 2980 0 R (0:1989) 2981 0 R] +/Limits [(0:1983) (0:1989)] +>> endobj +6640 0 obj << +/Names [(0:199) 1441 0 R (0:1990) 2982 0 R (0:1991) 2983 0 R (0:1992) 2984 0 R (0:1993) 2985 0 R (0:1996) 2986 0 R] +/Limits [(0:199) (0:1996)] +>> endobj +6641 0 obj << +/Names [(0:1997) 2987 0 R (0:1998) 2988 0 R (0:1999) 2989 0 R (0:20) 1248 0 R (0:200) 1442 0 R (0:2000) 2990 0 R] +/Limits [(0:1997) (0:2000)] +>> endobj +6642 0 obj << +/Names [(0:2001) 2991 0 R (0:2002) 2992 0 R (0:2003) 2993 0 R (0:2004) 2994 0 R (0:2006) 2995 0 R (0:2007) 2996 0 R] +/Limits [(0:2001) (0:2007)] +>> endobj +6643 0 obj << +/Names [(0:2008) 2997 0 R (0:2009) 3003 0 R (0:2011) 2971 0 R (0:2015) 3004 0 R (0:2016) 3005 0 R (0:2017) 3006 0 R] +/Limits [(0:2008) (0:2017)] +>> endobj +6644 0 obj << +/Names [(0:2018) 3007 0 R (0:2019) 3008 0 R (0:202) 1443 0 R (0:2021) 3009 0 R (0:2022) 3010 0 R (0:2023) 3011 0 R] +/Limits [(0:2018) (0:2023)] +>> endobj +6645 0 obj << +/Names [(0:2024) 3012 0 R (0:2025) 3013 0 R (0:2026) 3014 0 R (0:2027) 3015 0 R (0:2028) 3016 0 R (0:2029) 3017 0 R] +/Limits [(0:2024) (0:2029)] +>> endobj +6646 0 obj << +/Names [(0:203) 1444 0 R (0:2030) 3018 0 R (0:2031) 3019 0 R (0:2034) 3021 0 R (0:2035) 3022 0 R (0:2036) 3023 0 R] +/Limits [(0:203) (0:2036)] +>> endobj +6647 0 obj << +/Names [(0:2037) 3024 0 R (0:2038) 3025 0 R (0:2039) 3026 0 R (0:204) 1445 0 R (0:2040) 3027 0 R (0:2042) 3028 0 R] +/Limits [(0:2037) (0:2042)] +>> endobj +6648 0 obj << +/Names [(0:2045) 3030 0 R (0:2046) 3035 0 R (0:2047) 3036 0 R (0:2048) 3037 0 R (0:2049) 3038 0 R (0:205) 1446 0 R] +/Limits [(0:2045) (0:205)] +>> endobj +6649 0 obj << +/Names [(0:2050) 3039 0 R (0:2052) 3040 0 R (0:2053) 3041 0 R (0:2056) 3043 0 R (0:2057) 3044 0 R (0:2058) 3045 0 R] +/Limits [(0:2050) (0:2058)] +>> endobj +6650 0 obj << +/Names [(0:2059) 3046 0 R (0:2060) 3047 0 R (0:2061) 3048 0 R (0:2062) 3049 0 R (0:2063) 3050 0 R (0:2065) 3051 0 R] +/Limits [(0:2059) (0:2065)] +>> endobj +6651 0 obj << +/Names [(0:2066) 3052 0 R (0:2067) 3053 0 R (0:2069) 3054 0 R (0:207) 1447 0 R (0:2070) 3055 0 R (0:2073) 3056 0 R] +/Limits [(0:2066) (0:2073)] +>> endobj +6652 0 obj << +/Names [(0:2074) 3057 0 R (0:2075) 3058 0 R (0:2076) 3065 0 R (0:2077) 3066 0 R (0:2078) 3067 0 R (0:2079) 3068 0 R] +/Limits [(0:2074) (0:2079)] +>> endobj +6653 0 obj << +/Names [(0:208) 1448 0 R (0:2080) 3069 0 R (0:2081) 3070 0 R (0:2082) 3071 0 R (0:2083) 3072 0 R (0:2084) 3073 0 R] +/Limits [(0:208) (0:2084)] +>> endobj +6654 0 obj << +/Names [(0:2085) 3074 0 R (0:2087) 3075 0 R (0:2088) 3076 0 R (0:2089) 3077 0 R (0:209) 1449 0 R (0:2091) 3078 0 R] +/Limits [(0:2085) (0:2091)] +>> endobj +6655 0 obj << +/Names [(0:2092) 3079 0 R (0:2093) 3080 0 R (0:2094) 3081 0 R (0:2095) 3082 0 R (0:2096) 3083 0 R (0:2097) 3084 0 R] +/Limits [(0:2092) (0:2097)] +>> endobj +6656 0 obj << +/Names [(0:2098) 3085 0 R (0:2099) 3086 0 R (0:21) 1249 0 R (0:2100) 3087 0 R (0:2101) 3088 0 R (0:2102) 3089 0 R] +/Limits [(0:2098) (0:2102)] +>> endobj +6657 0 obj << +/Names [(0:2103) 3090 0 R (0:2104) 3091 0 R (0:2105) 3092 0 R (0:2106) 3093 0 R (0:2107) 3094 0 R (0:2108) 3095 0 R] +/Limits [(0:2103) (0:2108)] +>> endobj +6658 0 obj << +/Names [(0:211) 1450 0 R (0:2111) 3097 0 R (0:2113) 3098 0 R (0:2115) 3099 0 R (0:2116) 3100 0 R (0:2117) 3106 0 R] +/Limits [(0:211) (0:2117)] +>> endobj +6659 0 obj << +/Names [(0:2118) 3107 0 R (0:2119) 3064 0 R (0:212) 1451 0 R (0:2120) 3108 0 R (0:2123) 3110 0 R (0:2124) 3111 0 R] +/Limits [(0:2118) (0:2124)] +>> endobj +6660 0 obj << +/Names [(0:2127) 3112 0 R (0:2128) 3113 0 R (0:2129) 3114 0 R (0:213) 1452 0 R (0:2130) 3115 0 R (0:2131) 3116 0 R] +/Limits [(0:2127) (0:2131)] +>> endobj +6661 0 obj << +/Names [(0:2132) 3117 0 R (0:2134) 3118 0 R (0:2136) 3119 0 R (0:2137) 3120 0 R (0:2138) 3121 0 R (0:2139) 3122 0 R] +/Limits [(0:2132) (0:2139)] +>> endobj +6662 0 obj << +/Names [(0:2142) 3127 0 R (0:2143) 3128 0 R (0:2144) 3129 0 R (0:2145) 3130 0 R (0:2146) 3131 0 R (0:2147) 3132 0 R] +/Limits [(0:2142) (0:2147)] +>> endobj +6663 0 obj << +/Names [(0:2148) 3133 0 R (0:2149) 3134 0 R (0:215) 1453 0 R (0:2150) 3135 0 R (0:2151) 3136 0 R (0:2152) 3137 0 R] +/Limits [(0:2148) (0:2152)] +>> endobj +6664 0 obj << +/Names [(0:2153) 3138 0 R (0:2154) 3139 0 R (0:2155) 3140 0 R (0:2157) 3141 0 R (0:216) 1454 0 R (0:2160) 3143 0 R] +/Limits [(0:2153) (0:2160)] +>> endobj +6665 0 obj << +/Names [(0:2161) 3144 0 R (0:2162) 3145 0 R (0:2163) 3146 0 R (0:2164) 3147 0 R (0:2165) 3148 0 R (0:2166) 3154 0 R] +/Limits [(0:2161) (0:2166)] +>> endobj +6666 0 obj << +/Names [(0:2167) 3155 0 R (0:2168) 3156 0 R (0:2169) 3157 0 R (0:217) 1455 0 R (0:2170) 3158 0 R (0:2171) 3159 0 R] +/Limits [(0:2167) (0:2171)] +>> endobj +6667 0 obj << +/Names [(0:2172) 3160 0 R (0:2173) 3161 0 R (0:2174) 3162 0 R (0:2175) 3163 0 R (0:2176) 3164 0 R (0:2177) 3165 0 R] +/Limits [(0:2172) (0:2177)] +>> endobj +6668 0 obj << +/Names [(0:2178) 3166 0 R (0:2179) 3167 0 R (0:2180) 3168 0 R (0:2181) 3169 0 R (0:2182) 3170 0 R (0:2185) 3171 0 R] +/Limits [(0:2178) (0:2185)] +>> endobj +6669 0 obj << +/Names [(0:2186) 3172 0 R (0:2187) 3173 0 R (0:2188) 3174 0 R (0:2189) 3175 0 R (0:219) 1456 0 R (0:2190) 3176 0 R] +/Limits [(0:2186) (0:2190)] +>> endobj +6670 0 obj << +/Names [(0:2191) 3177 0 R (0:2192) 3178 0 R (0:2193) 3179 0 R (0:2194) 3180 0 R (0:2195) 3181 0 R (0:2196) 3182 0 R] +/Limits [(0:2191) (0:2196)] +>> endobj +6671 0 obj << +/Names [(0:2197) 3183 0 R (0:2198) 3184 0 R (0:2199) 3185 0 R (0:22) 1250 0 R (0:220) 1457 0 R (0:2200) 3186 0 R] +/Limits [(0:2197) (0:2200)] +>> endobj +6672 0 obj << +/Names [(0:2203) 3192 0 R (0:2204) 3193 0 R (0:2205) 3194 0 R (0:2206) 3195 0 R (0:2207) 3196 0 R (0:2208) 3197 0 R] +/Limits [(0:2203) (0:2208)] +>> endobj +6673 0 obj << +/Names [(0:2209) 3198 0 R (0:221) 1458 0 R (0:2212) 3199 0 R (0:2213) 3200 0 R (0:2214) 3201 0 R (0:2215) 3202 0 R] +/Limits [(0:2209) (0:2215)] +>> endobj +6674 0 obj << +/Names [(0:2216) 3203 0 R (0:2217) 3204 0 R (0:2218) 3205 0 R (0:222) 1459 0 R (0:2220) 3206 0 R (0:2221) 3207 0 R] +/Limits [(0:2216) (0:2221)] +>> endobj +6675 0 obj << +/Names [(0:2222) 3208 0 R (0:2223) 3209 0 R (0:2224) 3210 0 R (0:2225) 3211 0 R (0:2226) 3212 0 R (0:2227) 3213 0 R] +/Limits [(0:2222) (0:2227)] +>> endobj +6676 0 obj << +/Names [(0:2228) 3214 0 R (0:2229) 3219 0 R (0:2230) 3220 0 R (0:2231) 3221 0 R (0:2232) 3222 0 R (0:2233) 3223 0 R] +/Limits [(0:2228) (0:2233)] +>> endobj +6677 0 obj << +/Names [(0:2234) 3224 0 R (0:2235) 3191 0 R (0:2239) 3226 0 R (0:224) 1460 0 R (0:2240) 3227 0 R (0:2241) 3228 0 R] +/Limits [(0:2234) (0:2241)] +>> endobj +6678 0 obj << +/Names [(0:2242) 3229 0 R (0:2243) 3230 0 R (0:2244) 3231 0 R (0:2245) 3232 0 R (0:2246) 3233 0 R (0:2247) 3234 0 R] +/Limits [(0:2242) (0:2247)] +>> endobj +6679 0 obj << +/Names [(0:2248) 3235 0 R (0:2249) 3236 0 R (0:225) 1461 0 R (0:2250) 3237 0 R (0:2251) 3238 0 R (0:2252) 3239 0 R] +/Limits [(0:2248) (0:2252)] +>> endobj +6680 0 obj << +/Names [(0:2253) 3240 0 R (0:2254) 3241 0 R (0:2256) 3247 0 R (0:2257) 3248 0 R (0:2258) 3249 0 R (0:2259) 3250 0 R] +/Limits [(0:2253) (0:2259)] +>> endobj +6681 0 obj << +/Names [(0:226) 1462 0 R (0:2260) 3251 0 R (0:2261) 3252 0 R (0:2262) 3253 0 R (0:2265) 3255 0 R (0:2266) 3256 0 R] +/Limits [(0:226) (0:2266)] +>> endobj +6682 0 obj << +/Names [(0:2267) 3257 0 R (0:2268) 3258 0 R (0:2272) 3264 0 R (0:2273) 3265 0 R (0:2275) 3266 0 R (0:2276) 3267 0 R] +/Limits [(0:2267) (0:2276)] +>> endobj +6683 0 obj << +/Names [(0:2277) 3268 0 R (0:2278) 3269 0 R (0:2279) 3270 0 R (0:228) 1463 0 R (0:2280) 3271 0 R (0:2281) 3272 0 R] +/Limits [(0:2277) (0:2281)] +>> endobj +6684 0 obj << +/Names [(0:2282) 3273 0 R (0:2283) 3274 0 R (0:2284) 3275 0 R (0:2285) 3276 0 R (0:2286) 3277 0 R (0:2288) 3278 0 R] +/Limits [(0:2282) (0:2288)] +>> endobj +6685 0 obj << +/Names [(0:2289) 3279 0 R (0:229) 1464 0 R (0:2290) 3280 0 R (0:2291) 3281 0 R (0:2293) 3282 0 R (0:2295) 3289 0 R] +/Limits [(0:2289) (0:2295)] +>> endobj +6686 0 obj << +/Names [(0:2296) 3290 0 R (0:2297) 3291 0 R (0:2298) 3292 0 R (0:2299) 3293 0 R (0:2300) 3294 0 R (0:2301) 3295 0 R] +/Limits [(0:2296) (0:2301)] +>> endobj +6687 0 obj << +/Names [(0:2303) 3296 0 R (0:2304) 3297 0 R (0:2305) 3298 0 R (0:2306) 3299 0 R (0:2307) 3300 0 R (0:2308) 3301 0 R] +/Limits [(0:2303) (0:2308)] +>> endobj +6688 0 obj << +/Names [(0:2309) 3302 0 R (0:231) 1465 0 R (0:2310) 3303 0 R (0:2311) 3304 0 R (0:2312) 3305 0 R (0:2313) 3306 0 R] +/Limits [(0:2309) (0:2313)] +>> endobj +6689 0 obj << +/Names [(0:2314) 3307 0 R (0:2315) 3308 0 R (0:2316) 3309 0 R (0:2317) 3310 0 R (0:2319) 3311 0 R (0:232) 1466 0 R] +/Limits [(0:2314) (0:232)] +>> endobj +6690 0 obj << +/Names [(0:2320) 3312 0 R (0:2321) 3313 0 R (0:2322) 3314 0 R (0:2323) 3315 0 R (0:2326) 3316 0 R (0:2327) 3317 0 R] +/Limits [(0:2320) (0:2327)] +>> endobj +6691 0 obj << +/Names [(0:2328) 3318 0 R (0:233) 1467 0 R (0:2332) 3325 0 R (0:2333) 3326 0 R (0:2334) 3327 0 R (0:2335) 3328 0 R] +/Limits [(0:2328) (0:2335)] +>> endobj +6692 0 obj << +/Names [(0:2336) 3329 0 R (0:2337) 3330 0 R (0:2338) 3331 0 R (0:2339) 3332 0 R (0:2340) 3333 0 R (0:2343) 3339 0 R] +/Limits [(0:2336) (0:2343)] +>> endobj +6693 0 obj << +/Names [(0:2344) 3340 0 R (0:2345) 3341 0 R (0:2346) 3342 0 R (0:2347) 3343 0 R (0:2348) 3344 0 R (0:2349) 3345 0 R] +/Limits [(0:2344) (0:2349)] +>> endobj +6694 0 obj << +/Names [(0:235) 1468 0 R (0:2350) 3346 0 R (0:2351) 3347 0 R (0:2352) 3348 0 R (0:2353) 3349 0 R (0:2354) 3350 0 R] +/Limits [(0:235) (0:2354)] +>> endobj +6695 0 obj << +/Names [(0:2355) 3351 0 R (0:2356) 3352 0 R (0:2357) 3353 0 R (0:2358) 3354 0 R (0:2359) 3355 0 R (0:236) 1469 0 R] +/Limits [(0:2355) (0:236)] +>> endobj +6696 0 obj << +/Names [(0:2360) 3356 0 R (0:2361) 3357 0 R (0:2362) 3358 0 R (0:2363) 3359 0 R (0:2364) 3360 0 R (0:2365) 3361 0 R] +/Limits [(0:2360) (0:2365)] +>> endobj +6697 0 obj << +/Names [(0:2368) 3363 0 R (0:2369) 3369 0 R (0:237) 1470 0 R (0:2370) 3370 0 R (0:2371) 3371 0 R (0:2372) 3372 0 R] +/Limits [(0:2368) (0:2372)] +>> endobj +6698 0 obj << +/Names [(0:2374) 3373 0 R (0:2377) 3374 0 R (0:2378) 3375 0 R (0:2379) 3376 0 R (0:238) 1471 0 R (0:2380) 3377 0 R] +/Limits [(0:2374) (0:2380)] +>> endobj +6699 0 obj << +/Names [(0:2381) 3378 0 R (0:2382) 3379 0 R (0:2383) 3380 0 R (0:2384) 3381 0 R (0:2385) 3382 0 R (0:2389) 3387 0 R] +/Limits [(0:2381) (0:2389)] +>> endobj +6700 0 obj << +/Names [(0:239) 1472 0 R (0:2390) 3388 0 R (0:2391) 3389 0 R (0:2392) 3390 0 R (0:2393) 3391 0 R (0:2394) 3392 0 R] +/Limits [(0:239) (0:2394)] +>> endobj +6701 0 obj << +/Names [(0:2395) 3393 0 R (0:2396) 3394 0 R (0:2399) 3399 0 R (0:240) 1473 0 R (0:2400) 3400 0 R (0:2401) 3401 0 R] +/Limits [(0:2395) (0:2401)] +>> endobj +6702 0 obj << +/Names [(0:2402) 3402 0 R (0:2403) 3403 0 R (0:2404) 3404 0 R (0:2405) 3405 0 R (0:2406) 3406 0 R (0:2409) 3411 0 R] +/Limits [(0:2402) (0:2409)] +>> endobj +6703 0 obj << +/Names [(0:241) 1474 0 R (0:2410) 3412 0 R (0:2411) 3413 0 R (0:2412) 3414 0 R (0:2413) 3415 0 R (0:2414) 3416 0 R] +/Limits [(0:241) (0:2414)] +>> endobj +6704 0 obj << +/Names [(0:2415) 3417 0 R (0:2416) 3418 0 R (0:2417) 3419 0 R (0:2418) 3420 0 R (0:2419) 3421 0 R (0:242) 1475 0 R] +/Limits [(0:2415) (0:242)] +>> endobj +6705 0 obj << +/Names [(0:2420) 3422 0 R (0:2421) 3423 0 R (0:2422) 3424 0 R (0:2424) 3425 0 R (0:2425) 3426 0 R (0:2426) 3427 0 R] +/Limits [(0:2420) (0:2426)] +>> endobj +6706 0 obj << +/Names [(0:2427) 3428 0 R (0:2428) 3429 0 R (0:2429) 3430 0 R (0:2430) 3431 0 R (0:2431) 3432 0 R (0:2432) 3433 0 R] +/Limits [(0:2427) (0:2432)] +>> endobj +6707 0 obj << +/Names [(0:2434) 3434 0 R (0:2437) 3440 0 R (0:2438) 3441 0 R (0:2439) 3442 0 R (0:244) 1476 0 R (0:2440) 3443 0 R] +/Limits [(0:2434) (0:2440)] +>> endobj +6708 0 obj << +/Names [(0:2441) 3444 0 R (0:2442) 3445 0 R (0:2444) 3446 0 R (0:2445) 3447 0 R (0:2446) 3448 0 R (0:2447) 3449 0 R] +/Limits [(0:2441) (0:2447)] +>> endobj +6709 0 obj << +/Names [(0:2448) 3450 0 R (0:2449) 3451 0 R (0:2451) 3452 0 R (0:2452) 3453 0 R (0:2453) 3454 0 R (0:2454) 3455 0 R] +/Limits [(0:2448) (0:2454)] +>> endobj +6710 0 obj << +/Names [(0:2455) 3456 0 R (0:2456) 3457 0 R (0:2458) 3462 0 R (0:2459) 3463 0 R (0:2460) 3464 0 R (0:2461) 3465 0 R] +/Limits [(0:2455) (0:2461)] +>> endobj +6711 0 obj << +/Names [(0:2463) 3466 0 R (0:2464) 3467 0 R (0:2465) 3468 0 R (0:2466) 3469 0 R (0:2467) 3470 0 R (0:2468) 3471 0 R] +/Limits [(0:2463) (0:2468)] +>> endobj +6712 0 obj << +/Names [(0:2469) 3472 0 R (0:2470) 3473 0 R (0:2471) 3474 0 R (0:2472) 3475 0 R (0:2473) 3476 0 R (0:2474) 3477 0 R] +/Limits [(0:2469) (0:2474)] +>> endobj +6713 0 obj << +/Names [(0:2475) 3478 0 R (0:2476) 3479 0 R (0:2477) 3480 0 R (0:2478) 3481 0 R (0:2479) 3482 0 R (0:248) 1482 0 R] +/Limits [(0:2475) (0:248)] +>> endobj +6714 0 obj << +/Names [(0:2480) 3483 0 R (0:2481) 3484 0 R (0:2482) 3485 0 R (0:2484) 3486 0 R (0:2487) 3492 0 R (0:2488) 3493 0 R] +/Limits [(0:2480) (0:2488)] +>> endobj +6715 0 obj << +/Names [(0:2489) 3494 0 R (0:249) 1483 0 R (0:2490) 3495 0 R (0:2491) 3496 0 R (0:2493) 3497 0 R (0:2494) 3498 0 R] +/Limits [(0:2489) (0:2494)] +>> endobj +6716 0 obj << +/Names [(0:2495) 3491 0 R (0:2497) 3504 0 R (0:2498) 3505 0 R (0:2499) 3506 0 R (0:25) 1256 0 R (0:250) 1484 0 R] +/Limits [(0:2495) (0:250)] +>> endobj +6717 0 obj << +/Names [(0:2500) 3507 0 R (0:2501) 3508 0 R (0:2502) 3509 0 R (0:2503) 3510 0 R (0:2504) 3511 0 R (0:2505) 3512 0 R] +/Limits [(0:2500) (0:2505)] +>> endobj +6718 0 obj << +/Names [(0:2506) 3513 0 R (0:2507) 3514 0 R (0:2508) 3515 0 R (0:2509) 3516 0 R (0:251) 1485 0 R (0:2510) 3517 0 R] +/Limits [(0:2506) (0:2510)] +>> endobj +6719 0 obj << +/Names [(0:2511) 3518 0 R (0:2512) 3519 0 R (0:2513) 3520 0 R (0:2514) 3521 0 R (0:2516) 3522 0 R (0:2517) 3523 0 R] +/Limits [(0:2511) (0:2517)] +>> endobj +6720 0 obj << +/Names [(0:2518) 3524 0 R (0:2519) 3525 0 R (0:252) 1486 0 R (0:2520) 3526 0 R (0:2522) 3531 0 R (0:2523) 3532 0 R] +/Limits [(0:2518) (0:2523)] +>> endobj +6721 0 obj << +/Names [(0:2524) 3533 0 R (0:2525) 3503 0 R (0:2528) 3534 0 R (0:2529) 3535 0 R (0:253) 1487 0 R (0:2530) 3536 0 R] +/Limits [(0:2524) (0:2530)] +>> endobj +6722 0 obj << +/Names [(0:2531) 3537 0 R (0:2532) 3538 0 R (0:2533) 3539 0 R (0:2534) 3540 0 R (0:2536) 3541 0 R (0:2537) 3542 0 R] +/Limits [(0:2531) (0:2537)] +>> endobj +6723 0 obj << +/Names [(0:2538) 3543 0 R (0:254) 1488 0 R (0:2540) 3544 0 R (0:2541) 3545 0 R (0:2542) 3546 0 R (0:2543) 3547 0 R] +/Limits [(0:2538) (0:2543)] +>> endobj +6724 0 obj << +/Names [(0:2544) 3548 0 R (0:2545) 3549 0 R (0:2546) 3550 0 R (0:2548) 3551 0 R (0:2549) 3552 0 R (0:255) 1489 0 R] +/Limits [(0:2544) (0:255)] +>> endobj +6725 0 obj << +/Names [(0:2550) 3553 0 R (0:2552) 3554 0 R (0:2553) 3555 0 R (0:2554) 3556 0 R (0:2555) 3557 0 R (0:2556) 3558 0 R] +/Limits [(0:2550) (0:2556)] +>> endobj +6726 0 obj << +/Names [(0:2557) 3559 0 R (0:2558) 3560 0 R (0:2559) 3561 0 R (0:256) 1490 0 R (0:2560) 3562 0 R (0:2561) 3567 0 R] +/Limits [(0:2557) (0:2561)] +>> endobj +6727 0 obj << +/Names [(0:2562) 3568 0 R (0:2563) 3569 0 R (0:2564) 3570 0 R (0:2565) 3571 0 R (0:2566) 3572 0 R (0:2567) 3573 0 R] +/Limits [(0:2562) (0:2567)] +>> endobj +6728 0 obj << +/Names [(0:2568) 3574 0 R (0:2569) 3575 0 R (0:257) 1491 0 R (0:2570) 3576 0 R (0:2571) 3577 0 R (0:2572) 3578 0 R] +/Limits [(0:2568) (0:2572)] +>> endobj +6729 0 obj << +/Names [(0:2573) 3579 0 R (0:2574) 3580 0 R (0:2575) 3581 0 R (0:2576) 3582 0 R (0:2577) 3583 0 R (0:2578) 3584 0 R] +/Limits [(0:2573) (0:2578)] +>> endobj +6730 0 obj << +/Names [(0:2579) 3585 0 R (0:258) 1492 0 R (0:2580) 3586 0 R (0:2581) 3587 0 R (0:2582) 3588 0 R (0:2583) 3589 0 R] +/Limits [(0:2579) (0:2583)] +>> endobj +6731 0 obj << +/Names [(0:2585) 3590 0 R (0:2588) 3601 0 R (0:2589) 3602 0 R (0:259) 1493 0 R (0:2590) 3603 0 R (0:2591) 3604 0 R] +/Limits [(0:2585) (0:2591)] +>> endobj +6732 0 obj << +/Names [(0:2592) 3605 0 R (0:2593) 3606 0 R (0:2594) 3607 0 R (0:2595) 3608 0 R (0:2596) 3609 0 R (0:2599) 3610 0 R] +/Limits [(0:2592) (0:2599)] +>> endobj +6733 0 obj << +/Names [(0:260) 1494 0 R (0:2600) 3611 0 R (0:2601) 3612 0 R (0:2602) 3613 0 R (0:2603) 3614 0 R (0:2604) 3615 0 R] +/Limits [(0:260) (0:2604)] +>> endobj +6734 0 obj << +/Names [(0:2605) 3616 0 R (0:2606) 3617 0 R (0:2607) 3618 0 R (0:2609) 3619 0 R (0:261) 1495 0 R (0:2610) 3620 0 R] +/Limits [(0:2605) (0:2610)] +>> endobj +6735 0 obj << +/Names [(0:2611) 3621 0 R (0:2612) 3622 0 R (0:2613) 3623 0 R (0:2614) 3624 0 R (0:2615) 3625 0 R (0:2616) 3630 0 R] +/Limits [(0:2611) (0:2616)] +>> endobj +6736 0 obj << +/Names [(0:2617) 3631 0 R (0:2618) 3600 0 R (0:2619) 3632 0 R (0:262) 1496 0 R (0:2620) 3633 0 R (0:2623) 3634 0 R] +/Limits [(0:2617) (0:2623)] +>> endobj +6737 0 obj << +/Names [(0:2625) 3635 0 R (0:2626) 3636 0 R (0:2627) 3637 0 R (0:2628) 3638 0 R (0:2629) 3639 0 R (0:263) 1497 0 R] +/Limits [(0:2625) (0:263)] +>> endobj +6738 0 obj << +/Names [(0:2630) 3640 0 R (0:2631) 3641 0 R (0:2632) 3642 0 R (0:2633) 3643 0 R (0:2634) 3644 0 R (0:2635) 3645 0 R] +/Limits [(0:2630) (0:2635)] +>> endobj +6739 0 obj << +/Names [(0:2636) 3646 0 R (0:2637) 3647 0 R (0:2638) 3648 0 R (0:2639) 3649 0 R (0:2640) 3650 0 R (0:2641) 3655 0 R] +/Limits [(0:2636) (0:2641)] +>> endobj +6740 0 obj << +/Names [(0:2642) 3656 0 R (0:2643) 3657 0 R (0:2644) 3658 0 R (0:2645) 3659 0 R (0:2646) 3660 0 R (0:2647) 3661 0 R] +/Limits [(0:2642) (0:2647)] +>> endobj +6741 0 obj << +/Names [(0:2648) 3662 0 R (0:2649) 3663 0 R (0:265) 1498 0 R (0:2650) 3664 0 R (0:2651) 3665 0 R (0:2652) 3666 0 R] +/Limits [(0:2648) (0:2652)] +>> endobj +6742 0 obj << +/Names [(0:2654) 3667 0 R (0:2655) 3668 0 R (0:2657) 3669 0 R (0:2658) 3670 0 R (0:2659) 3671 0 R (0:266) 1499 0 R] +/Limits [(0:2654) (0:266)] +>> endobj +6743 0 obj << +/Names [(0:2663) 3681 0 R (0:2664) 3682 0 R (0:2665) 3683 0 R (0:2666) 3684 0 R (0:2667) 3685 0 R (0:2668) 3686 0 R] +/Limits [(0:2663) (0:2668)] +>> endobj +6744 0 obj << +/Names [(0:2669) 3687 0 R (0:267) 1500 0 R (0:2671) 3688 0 R (0:2672) 3689 0 R (0:2673) 3690 0 R (0:2674) 3691 0 R] +/Limits [(0:2669) (0:2674)] +>> endobj +6745 0 obj << +/Names [(0:2675) 3692 0 R (0:2676) 3693 0 R (0:2677) 3694 0 R (0:268) 1501 0 R (0:2680) 3695 0 R (0:2681) 3696 0 R] +/Limits [(0:2675) (0:2681)] +>> endobj +6746 0 obj << +/Names [(0:2682) 3697 0 R (0:2683) 3698 0 R (0:2684) 3699 0 R (0:2685) 3700 0 R (0:2686) 3701 0 R (0:2687) 3702 0 R] +/Limits [(0:2682) (0:2687)] +>> endobj +6747 0 obj << +/Names [(0:2689) 3703 0 R (0:269) 1502 0 R (0:2690) 3704 0 R (0:2691) 3705 0 R (0:2692) 3706 0 R (0:2693) 3707 0 R] +/Limits [(0:2689) (0:2693)] +>> endobj +6748 0 obj << +/Names [(0:2694) 3708 0 R (0:2695) 3709 0 R (0:2696) 3716 0 R (0:2697) 3717 0 R (0:2698) 3710 0 R (0:27) 1257 0 R] +/Limits [(0:2694) (0:27)] +>> endobj +6749 0 obj << +/Names [(0:270) 1503 0 R (0:2702) 3718 0 R (0:2703) 3719 0 R (0:2704) 3720 0 R (0:2705) 3721 0 R (0:2706) 3722 0 R] +/Limits [(0:270) (0:2706)] +>> endobj +6750 0 obj << +/Names [(0:2707) 3723 0 R (0:2708) 3724 0 R (0:2709) 3725 0 R (0:271) 1504 0 R (0:2712) 3726 0 R (0:2713) 3727 0 R] +/Limits [(0:2707) (0:2713)] +>> endobj +6751 0 obj << +/Names [(0:2714) 3728 0 R (0:2715) 3729 0 R (0:2716) 3730 0 R (0:2717) 3731 0 R (0:2718) 3732 0 R (0:272) 1505 0 R] +/Limits [(0:2714) (0:272)] +>> endobj +6752 0 obj << +/Names [(0:2720) 3733 0 R (0:2721) 3734 0 R (0:2722) 3735 0 R (0:2723) 3736 0 R (0:2724) 3737 0 R (0:2725) 3738 0 R] +/Limits [(0:2720) (0:2725)] +>> endobj +6753 0 obj << +/Names [(0:2726) 3739 0 R (0:2727) 3740 0 R (0:2728) 3741 0 R (0:2729) 3742 0 R (0:273) 1506 0 R (0:2730) 3743 0 R] +/Limits [(0:2726) (0:2730)] +>> endobj +6754 0 obj << +/Names [(0:2731) 3744 0 R (0:2732) 3745 0 R (0:2733) 3746 0 R (0:2734) 3747 0 R (0:2735) 3748 0 R (0:2736) 3749 0 R] +/Limits [(0:2731) (0:2736)] +>> endobj +6755 0 obj << +/Names [(0:2738) 3750 0 R (0:2739) 3751 0 R (0:2740) 3752 0 R (0:2741) 3753 0 R (0:2742) 3754 0 R (0:2743) 3755 0 R] +/Limits [(0:2738) (0:2743)] +>> endobj +6756 0 obj << +/Names [(0:2744) 3756 0 R (0:2746) 3761 0 R (0:2747) 3762 0 R (0:2748) 3763 0 R (0:2749) 3764 0 R (0:2750) 3765 0 R] +/Limits [(0:2744) (0:2750)] +>> endobj +6757 0 obj << +/Names [(0:2751) 3766 0 R (0:2753) 3767 0 R (0:2754) 3768 0 R (0:2755) 3769 0 R (0:2756) 3770 0 R (0:2758) 3771 0 R] +/Limits [(0:2751) (0:2758)] +>> endobj +6758 0 obj << +/Names [(0:2759) 3772 0 R (0:276) 1507 0 R (0:2760) 3773 0 R (0:2761) 3774 0 R (0:2762) 3775 0 R (0:2765) 3776 0 R] +/Limits [(0:2759) (0:2765)] +>> endobj +6759 0 obj << +/Names [(0:2766) 3777 0 R (0:2767) 3778 0 R (0:2768) 3779 0 R (0:2769) 3780 0 R (0:277) 1508 0 R (0:2770) 3781 0 R] +/Limits [(0:2766) (0:2770)] +>> endobj +6760 0 obj << +/Names [(0:2771) 3782 0 R (0:2772) 3783 0 R (0:2773) 3784 0 R (0:2774) 3785 0 R (0:2775) 3786 0 R (0:2776) 3787 0 R] +/Limits [(0:2771) (0:2776)] +>> endobj +6761 0 obj << +/Names [(0:2777) 3788 0 R (0:2778) 3789 0 R (0:2779) 3790 0 R (0:278) 1509 0 R (0:2780) 3791 0 R (0:2781) 3792 0 R] +/Limits [(0:2777) (0:2781)] +>> endobj +6762 0 obj << +/Names [(0:2782) 3793 0 R (0:2783) 3794 0 R (0:2784) 3795 0 R (0:2785) 3796 0 R (0:2786) 3802 0 R (0:2787) 3803 0 R] +/Limits [(0:2782) (0:2787)] +>> endobj +6763 0 obj << +/Names [(0:2788) 3804 0 R (0:2789) 3805 0 R (0:279) 1510 0 R (0:2790) 3806 0 R (0:2791) 3807 0 R (0:2792) 3808 0 R] +/Limits [(0:2788) (0:2792)] +>> endobj +6764 0 obj << +/Names [(0:2793) 3809 0 R (0:2794) 3810 0 R (0:2795) 3811 0 R (0:2796) 3812 0 R (0:2797) 3813 0 R (0:2798) 3814 0 R] +/Limits [(0:2793) (0:2798)] +>> endobj +6765 0 obj << +/Names [(0:2799) 3815 0 R (0:280) 1511 0 R (0:2800) 3816 0 R (0:2801) 3817 0 R (0:2802) 3818 0 R (0:2803) 3819 0 R] +/Limits [(0:2799) (0:2803)] +>> endobj +6766 0 obj << +/Names [(0:2805) 3820 0 R (0:2806) 3821 0 R (0:2807) 3822 0 R (0:2808) 3823 0 R (0:2809) 3824 0 R (0:281) 1512 0 R] +/Limits [(0:2805) (0:281)] +>> endobj +6767 0 obj << +/Names [(0:2810) 3825 0 R (0:2811) 3826 0 R (0:2812) 3827 0 R (0:2813) 3828 0 R (0:2814) 3829 0 R (0:2815) 3830 0 R] +/Limits [(0:2810) (0:2815)] +>> endobj +6768 0 obj << +/Names [(0:2816) 3831 0 R (0:2817) 3832 0 R (0:2818) 3833 0 R (0:2819) 3834 0 R (0:282) 1513 0 R (0:2820) 3835 0 R] +/Limits [(0:2816) (0:2820)] +>> endobj +6769 0 obj << +/Names [(0:2821) 3836 0 R (0:2822) 3837 0 R (0:2825) 3838 0 R (0:2826) 3839 0 R (0:2827) 3840 0 R (0:2828) 3845 0 R] +/Limits [(0:2821) (0:2828)] +>> endobj +6770 0 obj << +/Names [(0:2829) 3846 0 R (0:283) 1514 0 R (0:2830) 3847 0 R (0:2833) 3848 0 R (0:2834) 3849 0 R (0:2835) 3850 0 R] +/Limits [(0:2829) (0:2835)] +>> endobj +6771 0 obj << +/Names [(0:2836) 3851 0 R (0:2838) 3852 0 R (0:2839) 3853 0 R (0:284) 1519 0 R (0:2840) 3854 0 R (0:2841) 3855 0 R] +/Limits [(0:2836) (0:2841)] +>> endobj +6772 0 obj << +/Names [(0:2842) 3856 0 R (0:2843) 3857 0 R (0:2846) 3859 0 R (0:2847) 3860 0 R (0:2848) 3861 0 R (0:2849) 3867 0 R] +/Limits [(0:2842) (0:2849)] +>> endobj +6773 0 obj << +/Names [(0:285) 1520 0 R (0:2850) 3868 0 R (0:2851) 3869 0 R (0:2852) 3870 0 R (0:2853) 3871 0 R (0:2854) 3872 0 R] +/Limits [(0:285) (0:2854)] +>> endobj +6774 0 obj << +/Names [(0:2855) 3873 0 R (0:2857) 3874 0 R (0:2858) 3875 0 R (0:2859) 3876 0 R (0:286) 1521 0 R (0:2861) 3877 0 R] +/Limits [(0:2855) (0:2861)] +>> endobj +6775 0 obj << +/Names [(0:2862) 3878 0 R (0:2863) 3879 0 R (0:2864) 3880 0 R (0:2865) 3881 0 R (0:2866) 3882 0 R (0:2867) 3883 0 R] +/Limits [(0:2862) (0:2867)] +>> endobj +6776 0 obj << +/Names [(0:2868) 3884 0 R (0:2869) 3885 0 R (0:287) 1522 0 R (0:2870) 3886 0 R (0:2873) 3888 0 R (0:2874) 3889 0 R] +/Limits [(0:2868) (0:2874)] +>> endobj +6777 0 obj << +/Names [(0:2875) 3890 0 R (0:2876) 3891 0 R (0:2878) 3892 0 R (0:2879) 3893 0 R (0:288) 1523 0 R (0:2880) 3894 0 R] +/Limits [(0:2875) (0:2880)] +>> endobj +6778 0 obj << +/Names [(0:2881) 3895 0 R (0:2882) 3896 0 R (0:2883) 3897 0 R (0:2884) 3898 0 R (0:2885) 3899 0 R (0:2886) 3900 0 R] +/Limits [(0:2881) (0:2886)] +>> endobj +6779 0 obj << +/Names [(0:2887) 3901 0 R (0:2888) 3902 0 R (0:2889) 3903 0 R (0:289) 1524 0 R (0:2891) 3909 0 R (0:2892) 3910 0 R] +/Limits [(0:2887) (0:2892)] +>> endobj +6780 0 obj << +/Names [(0:2893) 3911 0 R (0:2895) 3913 0 R (0:2896) 3914 0 R (0:2897) 3915 0 R (0:2898) 3916 0 R (0:2899) 3917 0 R] +/Limits [(0:2893) (0:2899)] +>> endobj +6781 0 obj << +/Names [(0:29) 1259 0 R (0:290) 1525 0 R (0:2900) 3918 0 R (0:2901) 3919 0 R (0:2902) 3920 0 R (0:2903) 3921 0 R] +/Limits [(0:29) (0:2903)] +>> endobj +6782 0 obj << +/Names [(0:2904) 3922 0 R (0:2907) 3923 0 R (0:2908) 3924 0 R (0:2909) 3925 0 R (0:291) 1526 0 R (0:2910) 3926 0 R] +/Limits [(0:2904) (0:2910)] +>> endobj +6783 0 obj << +/Names [(0:2911) 3927 0 R (0:2912) 3928 0 R (0:2913) 3929 0 R (0:2914) 3930 0 R (0:2915) 3931 0 R (0:2916) 3932 0 R] +/Limits [(0:2911) (0:2916)] +>> endobj +6784 0 obj << +/Names [(0:2917) 3933 0 R (0:2918) 3934 0 R (0:2921) 3935 0 R (0:2922) 3936 0 R (0:2923) 3943 0 R (0:2924) 3944 0 R] +/Limits [(0:2917) (0:2924)] +>> endobj +6785 0 obj << +/Names [(0:2927) 3945 0 R (0:2928) 3946 0 R (0:2929) 3947 0 R (0:2930) 3948 0 R (0:2931) 3949 0 R (0:2932) 3950 0 R] +/Limits [(0:2927) (0:2932)] +>> endobj +6786 0 obj << +/Names [(0:2933) 3951 0 R (0:2935) 3952 0 R (0:2936) 3953 0 R (0:2937) 3954 0 R (0:2939) 3955 0 R (0:294) 1528 0 R] +/Limits [(0:2933) (0:294)] +>> endobj +6787 0 obj << +/Names [(0:2940) 3956 0 R (0:2941) 3957 0 R (0:2943) 3958 0 R (0:2944) 3959 0 R (0:2945) 3960 0 R (0:2947) 3961 0 R] +/Limits [(0:2940) (0:2947)] +>> endobj +6788 0 obj << +/Names [(0:2948) 3962 0 R (0:2949) 3963 0 R (0:295) 1529 0 R (0:2951) 3964 0 R (0:2952) 3965 0 R (0:2953) 3966 0 R] +/Limits [(0:2948) (0:2953)] +>> endobj +6789 0 obj << +/Names [(0:2955) 3967 0 R (0:2956) 3968 0 R (0:2957) 3969 0 R (0:2959) 3970 0 R (0:296) 1530 0 R (0:2960) 3971 0 R] +/Limits [(0:2955) (0:2960)] +>> endobj +6790 0 obj << +/Names [(0:2961) 3972 0 R (0:2963) 3973 0 R (0:2964) 3974 0 R (0:2965) 3975 0 R (0:2967) 3976 0 R (0:2968) 3977 0 R] +/Limits [(0:2961) (0:2968)] +>> endobj +6791 0 obj << +/Names [(0:2969) 3978 0 R (0:297) 1531 0 R (0:2971) 3985 0 R (0:2972) 3986 0 R (0:2973) 3987 0 R (0:2974) 3942 0 R] +/Limits [(0:2969) (0:2974)] +>> endobj +6792 0 obj << +/Names [(0:2975) 3988 0 R (0:2976) 3989 0 R (0:2977) 3990 0 R (0:2978) 3991 0 R (0:2979) 3992 0 R (0:298) 1532 0 R] +/Limits [(0:2975) (0:298)] +>> endobj +6793 0 obj << +/Names [(0:2981) 3993 0 R (0:2982) 3994 0 R (0:2983) 3995 0 R (0:2984) 3996 0 R (0:2985) 3997 0 R (0:299) 1533 0 R] +/Limits [(0:2981) (0:299)] +>> endobj +6794 0 obj << +/Names [(0:300) 1534 0 R (0:3009) 3999 0 R (0:301) 1535 0 R (0:3010) 4000 0 R (0:3011) 4001 0 R (0:302) 1536 0 R] +/Limits [(0:300) (0:302)] +>> endobj +6795 0 obj << +/Names [(0:3026) 4003 0 R (0:3028) 4004 0 R (0:303) 1537 0 R (0:3031) 4005 0 R (0:3032) 4006 0 R (0:3033) 4007 0 R] +/Limits [(0:3026) (0:3033)] +>> endobj +6796 0 obj << +/Names [(0:3034) 4008 0 R (0:3035) 4009 0 R (0:3036) 4010 0 R (0:3037) 4016 0 R (0:3038) 3984 0 R (0:304) 1538 0 R] +/Limits [(0:3034) (0:304)] +>> endobj +6797 0 obj << +/Names [(0:3041) 4017 0 R (0:3042) 4018 0 R (0:3044) 4019 0 R (0:3045) 4020 0 R (0:3046) 4021 0 R (0:3047) 4022 0 R] +/Limits [(0:3041) (0:3047)] +>> endobj +6798 0 obj << +/Names [(0:3048) 4023 0 R (0:3049) 4024 0 R (0:305) 1539 0 R (0:3050) 4025 0 R (0:3051) 4026 0 R (0:3052) 4027 0 R] +/Limits [(0:3048) (0:3052)] +>> endobj +6799 0 obj << +/Names [(0:3053) 4028 0 R (0:3054) 4029 0 R (0:3055) 4030 0 R (0:3056) 4031 0 R (0:3057) 4032 0 R (0:3058) 4033 0 R] +/Limits [(0:3053) (0:3058)] +>> endobj +6800 0 obj << +/Names [(0:3059) 4034 0 R (0:306) 1540 0 R (0:3060) 4035 0 R (0:3061) 4036 0 R (0:3062) 4037 0 R (0:3063) 4038 0 R] +/Limits [(0:3059) (0:3063)] +>> endobj +6801 0 obj << +/Names [(0:3064) 4039 0 R (0:3065) 4040 0 R (0:3066) 4041 0 R (0:3067) 4042 0 R (0:3068) 4043 0 R (0:3069) 4044 0 R] +/Limits [(0:3064) (0:3069)] +>> endobj +6802 0 obj << +/Names [(0:307) 1541 0 R (0:3070) 4045 0 R (0:3071) 4046 0 R (0:3072) 4047 0 R (0:3073) 4048 0 R (0:3074) 4049 0 R] +/Limits [(0:307) (0:3074)] +>> endobj +6803 0 obj << +/Names [(0:3075) 4050 0 R (0:3076) 4051 0 R (0:3077) 4052 0 R (0:3078) 4053 0 R (0:3079) 4054 0 R (0:308) 1542 0 R] +/Limits [(0:3075) (0:308)] +>> endobj +6804 0 obj << +/Names [(0:3080) 4055 0 R (0:3081) 4056 0 R (0:3082) 4057 0 R (0:3083) 4058 0 R (0:3084) 4059 0 R (0:3085) 4060 0 R] +/Limits [(0:3080) (0:3085)] +>> endobj +6805 0 obj << +/Names [(0:3086) 4061 0 R (0:3087) 4062 0 R (0:3088) 4063 0 R (0:3089) 4064 0 R (0:309) 1543 0 R (0:3090) 4065 0 R] +/Limits [(0:3086) (0:3090)] +>> endobj +6806 0 obj << +/Names [(0:3091) 4066 0 R (0:3093) 4071 0 R (0:3094) 4072 0 R (0:3095) 4073 0 R (0:3096) 4015 0 R (0:3098) 4074 0 R] +/Limits [(0:3091) (0:3098)] +>> endobj +6807 0 obj << +/Names [(0:3099) 4075 0 R (0:310) 1544 0 R (0:3100) 4076 0 R (0:3102) 4077 0 R (0:3103) 4078 0 R (0:3106) 4079 0 R] +/Limits [(0:3099) (0:3106)] +>> endobj +6808 0 obj << +/Names [(0:3107) 4080 0 R (0:3108) 4081 0 R (0:3109) 4082 0 R (0:311) 1545 0 R (0:3110) 4083 0 R (0:3111) 4084 0 R] +/Limits [(0:3107) (0:3111)] +>> endobj +6809 0 obj << +/Names [(0:3112) 4085 0 R (0:3113) 4086 0 R (0:3114) 4087 0 R (0:3115) 4088 0 R (0:3117) 4089 0 R (0:3118) 4090 0 R] +/Limits [(0:3112) (0:3118)] +>> endobj +6810 0 obj << +/Names [(0:3119) 4091 0 R (0:312) 1546 0 R (0:3120) 4092 0 R (0:3121) 4093 0 R (0:3122) 4094 0 R (0:3125) 4095 0 R] +/Limits [(0:3119) (0:3125)] +>> endobj +6811 0 obj << +/Names [(0:3126) 4096 0 R (0:3127) 4097 0 R (0:3128) 4098 0 R (0:3129) 4099 0 R (0:313) 1547 0 R (0:3132) 4105 0 R] +/Limits [(0:3126) (0:3132)] +>> endobj +6812 0 obj << +/Names [(0:3133) 4106 0 R (0:3134) 4107 0 R (0:3135) 4108 0 R (0:3136) 4109 0 R (0:3137) 4110 0 R (0:3138) 4111 0 R] +/Limits [(0:3133) (0:3138)] +>> endobj +6813 0 obj << +/Names [(0:3139) 4112 0 R (0:314) 1548 0 R (0:3142) 4114 0 R (0:3143) 4115 0 R (0:3144) 4116 0 R (0:3145) 4117 0 R] +/Limits [(0:3139) (0:3145)] +>> endobj +6814 0 obj << +/Names [(0:3146) 4118 0 R (0:3147) 4119 0 R (0:3149) 4120 0 R (0:315) 1549 0 R (0:3150) 4121 0 R (0:3151) 4122 0 R] +/Limits [(0:3146) (0:3151)] +>> endobj +6815 0 obj << +/Names [(0:3152) 4123 0 R (0:3153) 4124 0 R (0:3154) 4125 0 R (0:3155) 4126 0 R (0:3156) 4127 0 R (0:3158) 4128 0 R] +/Limits [(0:3152) (0:3158)] +>> endobj +6816 0 obj << +/Names [(0:316) 1550 0 R (0:3161) 4134 0 R (0:3162) 4135 0 R (0:3163) 4136 0 R (0:3164) 4137 0 R (0:3165) 4138 0 R] +/Limits [(0:316) (0:3165)] +>> endobj +6817 0 obj << +/Names [(0:3166) 4139 0 R (0:3167) 4140 0 R (0:3168) 4141 0 R (0:3169) 4142 0 R (0:317) 1551 0 R (0:3170) 4143 0 R] +/Limits [(0:3166) (0:3170)] +>> endobj +6818 0 obj << +/Names [(0:3171) 4144 0 R (0:3172) 4145 0 R (0:3173) 4146 0 R (0:3176) 4147 0 R (0:3177) 4148 0 R (0:3178) 4149 0 R] +/Limits [(0:3171) (0:3178)] +>> endobj +6819 0 obj << +/Names [(0:318) 1552 0 R (0:3182) 4150 0 R (0:3183) 4151 0 R (0:3184) 4152 0 R (0:3185) 4153 0 R (0:3186) 4154 0 R] +/Limits [(0:318) (0:3186)] +>> endobj +6820 0 obj << +/Names [(0:3187) 4155 0 R (0:3188) 4156 0 R (0:3189) 4157 0 R (0:319) 1553 0 R (0:3190) 4158 0 R (0:3191) 4159 0 R] +/Limits [(0:3187) (0:3191)] +>> endobj +6821 0 obj << +/Names [(0:3192) 4160 0 R (0:3193) 4161 0 R (0:3194) 4162 0 R (0:3195) 4163 0 R (0:3196) 4164 0 R (0:3197) 4165 0 R] +/Limits [(0:3192) (0:3197)] +>> endobj +6822 0 obj << +/Names [(0:3198) 4166 0 R (0:3199) 4167 0 R (0:320) 1554 0 R (0:3200) 4168 0 R (0:3201) 4174 0 R (0:3202) 4175 0 R] +/Limits [(0:3198) (0:3202)] +>> endobj +6823 0 obj << +/Names [(0:3204) 4176 0 R (0:3205) 4177 0 R (0:3206) 4178 0 R (0:3207) 4179 0 R (0:3208) 4180 0 R (0:3209) 4181 0 R] +/Limits [(0:3204) (0:3209)] +>> endobj +6824 0 obj << +/Names [(0:3211) 4182 0 R (0:3212) 4183 0 R (0:3213) 4184 0 R (0:3214) 4185 0 R (0:3215) 4186 0 R (0:3216) 4187 0 R] +/Limits [(0:3211) (0:3216)] +>> endobj +6825 0 obj << +/Names [(0:3217) 4188 0 R (0:322) 1555 0 R (0:3220) 4195 0 R (0:3221) 4196 0 R (0:3224) 4197 0 R (0:3225) 4198 0 R] +/Limits [(0:3217) (0:3225)] +>> endobj +6826 0 obj << +/Names [(0:323) 1556 0 R (0:3230) 4199 0 R (0:3231) 4200 0 R (0:3232) 4201 0 R (0:3233) 4202 0 R (0:3234) 4203 0 R] +/Limits [(0:323) (0:3234)] +>> endobj +6827 0 obj << +/Names [(0:3235) 4204 0 R (0:3236) 4205 0 R (0:3237) 4206 0 R (0:3238) 4207 0 R (0:3239) 4208 0 R (0:324) 1557 0 R] +/Limits [(0:3235) (0:324)] +>> endobj +6828 0 obj << +/Names [(0:3240) 4209 0 R (0:3242) 4210 0 R (0:3245) 4211 0 R (0:3246) 4212 0 R (0:3247) 4213 0 R (0:3248) 4214 0 R] +/Limits [(0:3240) (0:3248)] +>> endobj +6829 0 obj << +/Names [(0:3249) 4215 0 R (0:325) 1558 0 R (0:3250) 4216 0 R (0:3251) 4217 0 R (0:3252) 4224 0 R (0:3253) 4225 0 R] +/Limits [(0:3249) (0:3253)] +>> endobj +6830 0 obj << +/Names [(0:3254) 4226 0 R (0:3255) 4227 0 R (0:3256) 4228 0 R (0:3257) 4229 0 R (0:3258) 4230 0 R (0:3259) 4231 0 R] +/Limits [(0:3254) (0:3259)] +>> endobj +6831 0 obj << +/Names [(0:326) 1559 0 R (0:3260) 4232 0 R (0:3261) 4233 0 R (0:3262) 4234 0 R (0:3263) 4235 0 R (0:3264) 4236 0 R] +/Limits [(0:326) (0:3264)] +>> endobj +6832 0 obj << +/Names [(0:3265) 4237 0 R (0:3266) 4238 0 R (0:3267) 4239 0 R (0:3268) 4240 0 R (0:3269) 4241 0 R (0:327) 1560 0 R] +/Limits [(0:3265) (0:327)] +>> endobj +6833 0 obj << +/Names [(0:3270) 4242 0 R (0:3271) 4243 0 R (0:3272) 4244 0 R (0:3273) 4245 0 R (0:3274) 4246 0 R (0:3275) 4247 0 R] +/Limits [(0:3270) (0:3275)] +>> endobj +6834 0 obj << +/Names [(0:3276) 4248 0 R (0:3277) 4249 0 R (0:3278) 4250 0 R (0:3279) 4251 0 R (0:328) 1561 0 R (0:3280) 4252 0 R] +/Limits [(0:3276) (0:3280)] +>> endobj +6835 0 obj << +/Names [(0:3281) 4253 0 R (0:3282) 4254 0 R (0:3283) 4255 0 R (0:3284) 4256 0 R (0:3285) 4257 0 R (0:3286) 4258 0 R] +/Limits [(0:3281) (0:3286)] +>> endobj +6836 0 obj << +/Names [(0:3287) 4259 0 R (0:3288) 4260 0 R (0:3289) 4261 0 R (0:3291) 4262 0 R (0:3292) 4263 0 R (0:3293) 4264 0 R] +/Limits [(0:3287) (0:3293)] +>> endobj +6837 0 obj << +/Names [(0:3294) 4265 0 R (0:3295) 4266 0 R (0:3296) 4267 0 R (0:3297) 4268 0 R (0:3298) 4269 0 R (0:3299) 4270 0 R] +/Limits [(0:3294) (0:3299)] +>> endobj +6838 0 obj << +/Names [(0:33) 1260 0 R (0:3300) 4271 0 R (0:3301) 4272 0 R (0:3302) 4273 0 R (0:3303) 4274 0 R (0:3304) 4275 0 R] +/Limits [(0:33) (0:3304)] +>> endobj +6839 0 obj << +/Names [(0:3305) 4276 0 R (0:3306) 4277 0 R (0:3307) 4278 0 R (0:3308) 4283 0 R (0:3309) 4223 0 R (0:331) 1569 0 R] +/Limits [(0:3305) (0:331)] +>> endobj +6840 0 obj << +/Names [(0:3312) 4284 0 R (0:3313) 4285 0 R (0:3314) 4286 0 R (0:3315) 4287 0 R (0:3316) 4288 0 R (0:3317) 4289 0 R] +/Limits [(0:3312) (0:3317)] +>> endobj +6841 0 obj << +/Names [(0:3318) 4290 0 R (0:3319) 4291 0 R (0:332) 1570 0 R (0:3320) 4292 0 R (0:3321) 4293 0 R (0:3324) 4295 0 R] +/Limits [(0:3318) (0:3324)] +>> endobj +6842 0 obj << +/Names [(0:3325) 4296 0 R (0:3326) 4297 0 R (0:3329) 4310 0 R (0:333) 1571 0 R (0:3332) 4311 0 R (0:3333) 4312 0 R] +/Limits [(0:3325) (0:3333)] +>> endobj +6843 0 obj << +/Names [(0:3334) 4313 0 R (0:3335) 4314 0 R (0:3336) 4315 0 R (0:3337) 4316 0 R (0:3338) 4317 0 R (0:3339) 4318 0 R] +/Limits [(0:3334) (0:3339)] +>> endobj +6844 0 obj << +/Names [(0:334) 1572 0 R (0:3340) 4319 0 R (0:3341) 4320 0 R (0:3342) 4321 0 R (0:3343) 4322 0 R (0:3344) 4323 0 R] +/Limits [(0:334) (0:3344)] +>> endobj +6845 0 obj << +/Names [(0:3345) 4324 0 R (0:3346) 4325 0 R (0:3347) 4326 0 R (0:3348) 4327 0 R (0:335) 1573 0 R (0:3350) 4328 0 R] +/Limits [(0:3345) (0:3350)] +>> endobj +6846 0 obj << +/Names [(0:3351) 4329 0 R (0:3352) 4330 0 R (0:3353) 4331 0 R (0:3354) 4332 0 R (0:3355) 4333 0 R (0:3356) 4334 0 R] +/Limits [(0:3351) (0:3356)] +>> endobj +6847 0 obj << +/Names [(0:3357) 4335 0 R (0:3358) 4336 0 R (0:3359) 4337 0 R (0:336) 1574 0 R (0:3360) 4338 0 R (0:3361) 4339 0 R] +/Limits [(0:3357) (0:3361)] +>> endobj +6848 0 obj << +/Names [(0:3363) 4340 0 R (0:3364) 4341 0 R (0:3366) 4342 0 R (0:3368) 4343 0 R (0:3369) 4344 0 R (0:337) 1575 0 R] +/Limits [(0:3363) (0:337)] +>> endobj +6849 0 obj << +/Names [(0:3370) 4345 0 R (0:3371) 4346 0 R (0:3372) 4347 0 R (0:3373) 4348 0 R (0:3374) 4349 0 R (0:3375) 4350 0 R] +/Limits [(0:3370) (0:3375)] +>> endobj +6850 0 obj << +/Names [(0:3376) 4351 0 R (0:3377) 4352 0 R (0:3378) 4359 0 R (0:3379) 4360 0 R (0:338) 1576 0 R (0:3380) 4361 0 R] +/Limits [(0:3376) (0:3380)] +>> endobj +6851 0 obj << +/Names [(0:3381) 4362 0 R (0:3382) 4353 0 R (0:3384) 4363 0 R (0:3385) 4364 0 R (0:3386) 4365 0 R (0:3387) 4366 0 R] +/Limits [(0:3381) (0:3387)] +>> endobj +6852 0 obj << +/Names [(0:3388) 4367 0 R (0:3389) 4368 0 R (0:339) 1577 0 R (0:3390) 4369 0 R (0:3391) 4370 0 R (0:3392) 4371 0 R] +/Limits [(0:3388) (0:3392)] +>> endobj +6853 0 obj << +/Names [(0:3393) 4372 0 R (0:3395) 4373 0 R (0:3396) 4374 0 R (0:3397) 4375 0 R (0:3398) 4376 0 R (0:3399) 4377 0 R] +/Limits [(0:3393) (0:3399)] +>> endobj +6854 0 obj << +/Names [(0:34) 1261 0 R (0:340) 1578 0 R (0:3400) 4378 0 R (0:3401) 4379 0 R (0:3402) 4380 0 R (0:3404) 4381 0 R] +/Limits [(0:34) (0:3404)] +>> endobj +6855 0 obj << +/Names [(0:3405) 4382 0 R (0:3406) 4383 0 R (0:3407) 4384 0 R (0:3408) 4385 0 R (0:3409) 4386 0 R (0:341) 1579 0 R] +/Limits [(0:3405) (0:341)] +>> endobj +6856 0 obj << +/Names [(0:3410) 4387 0 R (0:3412) 4388 0 R (0:3413) 4389 0 R (0:3414) 4390 0 R (0:3415) 4391 0 R (0:3416) 4392 0 R] +/Limits [(0:3410) (0:3416)] +>> endobj +6857 0 obj << +/Names [(0:3417) 4393 0 R (0:3418) 4394 0 R (0:3419) 4395 0 R (0:342) 1580 0 R (0:3420) 4396 0 R (0:3421) 4397 0 R] +/Limits [(0:3417) (0:3421)] +>> endobj +6858 0 obj << +/Names [(0:3422) 4398 0 R (0:3423) 4399 0 R (0:3424) 4400 0 R (0:3425) 4401 0 R (0:3426) 4402 0 R (0:3427) 4403 0 R] +/Limits [(0:3422) (0:3427)] +>> endobj +6859 0 obj << +/Names [(0:3428) 4404 0 R (0:3429) 4405 0 R (0:343) 1581 0 R (0:3430) 4406 0 R (0:3431) 4407 0 R (0:3432) 4412 0 R] +/Limits [(0:3428) (0:3432)] +>> endobj +6860 0 obj << +/Names [(0:3435) 4413 0 R (0:3436) 4414 0 R (0:3437) 4415 0 R (0:3438) 4416 0 R (0:3439) 4417 0 R (0:344) 1582 0 R] +/Limits [(0:3435) (0:344)] +>> endobj +6861 0 obj << +/Names [(0:3440) 4418 0 R (0:3441) 4419 0 R (0:3444) 4428 0 R (0:3445) 4429 0 R (0:3446) 4430 0 R (0:3449) 4431 0 R] +/Limits [(0:3440) (0:3449)] +>> endobj +6862 0 obj << +/Names [(0:3450) 4432 0 R (0:3451) 4433 0 R (0:3452) 4434 0 R (0:3453) 4435 0 R (0:3454) 4436 0 R (0:3455) 4437 0 R] +/Limits [(0:3450) (0:3455)] +>> endobj +6863 0 obj << +/Names [(0:3456) 4438 0 R (0:3457) 4439 0 R (0:3458) 4440 0 R (0:3459) 4441 0 R (0:346) 1583 0 R (0:3460) 4442 0 R] +/Limits [(0:3456) (0:3460)] +>> endobj +6864 0 obj << +/Names [(0:3461) 4443 0 R (0:3462) 4444 0 R (0:3463) 4445 0 R (0:3464) 4446 0 R (0:3466) 4447 0 R (0:3467) 4448 0 R] +/Limits [(0:3461) (0:3467)] +>> endobj +6865 0 obj << +/Names [(0:3468) 4449 0 R (0:3469) 4450 0 R (0:347) 1584 0 R (0:3470) 4451 0 R (0:3471) 4452 0 R (0:3472) 4453 0 R] +/Limits [(0:3468) (0:3472)] +>> endobj +6866 0 obj << +/Names [(0:3473) 4454 0 R (0:3474) 4455 0 R (0:3475) 4456 0 R (0:3476) 4457 0 R (0:3477) 4458 0 R (0:3479) 4459 0 R] +/Limits [(0:3473) (0:3479)] +>> endobj +6867 0 obj << +/Names [(0:348) 1585 0 R (0:3480) 4460 0 R (0:3481) 4461 0 R (0:3482) 4462 0 R (0:3483) 4463 0 R (0:3485) 4464 0 R] +/Limits [(0:348) (0:3485)] +>> endobj +6868 0 obj << +/Names [(0:3486) 4465 0 R (0:3487) 4466 0 R (0:3488) 4471 0 R (0:3489) 4472 0 R (0:349) 1586 0 R (0:3490) 4473 0 R] +/Limits [(0:3486) (0:3490)] +>> endobj +6869 0 obj << +/Names [(0:3491) 4474 0 R (0:3492) 4475 0 R (0:3493) 4476 0 R (0:3494) 4477 0 R (0:3495) 4478 0 R (0:3496) 4479 0 R] +/Limits [(0:3491) (0:3496)] +>> endobj +6870 0 obj << +/Names [(0:3497) 4480 0 R (0:3498) 4481 0 R (0:3499) 4482 0 R (0:35) 1262 0 R (0:3500) 4483 0 R (0:3501) 4484 0 R] +/Limits [(0:3497) (0:3501)] +>> endobj +6871 0 obj << +/Names [(0:3502) 4485 0 R (0:3503) 4486 0 R (0:3504) 4487 0 R (0:3505) 4488 0 R (0:3506) 4489 0 R (0:3507) 4490 0 R] +/Limits [(0:3502) (0:3507)] +>> endobj +6872 0 obj << +/Names [(0:3509) 4491 0 R (0:351) 1587 0 R (0:3510) 4492 0 R (0:3511) 4493 0 R (0:3512) 4494 0 R (0:3515) 4496 0 R] +/Limits [(0:3509) (0:3515)] +>> endobj +6873 0 obj << +/Names [(0:3517) 4497 0 R (0:3518) 4498 0 R (0:3519) 4499 0 R (0:352) 1588 0 R (0:3520) 4500 0 R (0:3521) 4501 0 R] +/Limits [(0:3517) (0:3521)] +>> endobj +6874 0 obj << +/Names [(0:3522) 4502 0 R (0:3523) 4503 0 R (0:3524) 4504 0 R (0:3525) 4505 0 R (0:3526) 4506 0 R (0:3527) 4507 0 R] +/Limits [(0:3522) (0:3527)] +>> endobj +6875 0 obj << +/Names [(0:3528) 4508 0 R (0:3529) 4509 0 R (0:3530) 4515 0 R (0:3531) 4516 0 R (0:3532) 4517 0 R (0:3533) 4518 0 R] +/Limits [(0:3528) (0:3533)] +>> endobj +6876 0 obj << +/Names [(0:3534) 4519 0 R (0:3535) 4520 0 R (0:3536) 4521 0 R (0:3537) 4522 0 R (0:3538) 4523 0 R (0:3539) 4524 0 R] +/Limits [(0:3534) (0:3539)] +>> endobj +6877 0 obj << +/Names [(0:3540) 4525 0 R (0:3541) 4526 0 R (0:3542) 4527 0 R (0:3543) 4528 0 R (0:3544) 4529 0 R (0:3545) 4530 0 R] +/Limits [(0:3540) (0:3545)] +>> endobj +6878 0 obj << +/Names [(0:3546) 4531 0 R (0:3547) 4532 0 R (0:3548) 4533 0 R (0:3549) 4534 0 R (0:355) 1589 0 R (0:3550) 4535 0 R] +/Limits [(0:3546) (0:3550)] +>> endobj +6879 0 obj << +/Names [(0:3551) 4536 0 R (0:3553) 4537 0 R (0:3554) 4538 0 R (0:3555) 4539 0 R (0:3556) 4540 0 R (0:3557) 4541 0 R] +/Limits [(0:3551) (0:3557)] +>> endobj +6880 0 obj << +/Names [(0:3558) 4542 0 R (0:3559) 4543 0 R (0:356) 1590 0 R (0:3561) 4544 0 R (0:3562) 4545 0 R (0:3563) 4546 0 R] +/Limits [(0:3558) (0:3563)] +>> endobj +6881 0 obj << +/Names [(0:3564) 4547 0 R (0:3566) 4548 0 R (0:3567) 4549 0 R (0:3568) 4550 0 R (0:3569) 4551 0 R (0:357) 1591 0 R] +/Limits [(0:3564) (0:357)] +>> endobj +6882 0 obj << +/Names [(0:3570) 4552 0 R (0:3571) 4553 0 R (0:3572) 4554 0 R (0:3573) 4555 0 R (0:3575) 4561 0 R (0:3576) 4562 0 R] +/Limits [(0:3570) (0:3576)] +>> endobj +6883 0 obj << +/Names [(0:3577) 4563 0 R (0:3578) 4564 0 R (0:3579) 4514 0 R (0:358) 1592 0 R (0:3581) 4565 0 R (0:3582) 4566 0 R] +/Limits [(0:3577) (0:3582)] +>> endobj +6884 0 obj << +/Names [(0:3583) 4567 0 R (0:3585) 4568 0 R (0:3586) 4569 0 R (0:3589) 4570 0 R (0:359) 1593 0 R (0:3590) 4571 0 R] +/Limits [(0:3583) (0:3590)] +>> endobj +6885 0 obj << +/Names [(0:3591) 4572 0 R (0:3592) 4573 0 R (0:3593) 4574 0 R (0:3594) 4575 0 R (0:3595) 4576 0 R (0:3596) 4577 0 R] +/Limits [(0:3591) (0:3596)] +>> endobj +6886 0 obj << +/Names [(0:3597) 4578 0 R (0:3598) 4579 0 R (0:3599) 4580 0 R (0:36) 1264 0 R (0:360) 1594 0 R (0:3600) 4585 0 R] +/Limits [(0:3597) (0:3600)] +>> endobj +6887 0 obj << +/Names [(0:3601) 4586 0 R (0:3602) 4587 0 R (0:3603) 4588 0 R (0:3608) 4594 0 R (0:3609) 4595 0 R (0:361) 1595 0 R] +/Limits [(0:3601) (0:361)] +>> endobj +6888 0 obj << +/Names [(0:3610) 4596 0 R (0:3611) 4597 0 R (0:3612) 4598 0 R (0:3613) 4599 0 R (0:3614) 4600 0 R (0:3615) 4601 0 R] +/Limits [(0:3610) (0:3615)] +>> endobj +6889 0 obj << +/Names [(0:3617) 4602 0 R (0:3618) 4603 0 R (0:3619) 4604 0 R (0:362) 1596 0 R (0:3621) 4605 0 R (0:3622) 4606 0 R] +/Limits [(0:3617) (0:3622)] +>> endobj +6890 0 obj << +/Names [(0:3623) 4607 0 R (0:3624) 4608 0 R (0:3625) 4609 0 R (0:3626) 4610 0 R (0:3627) 4611 0 R (0:3628) 4612 0 R] +/Limits [(0:3623) (0:3628)] +>> endobj +6891 0 obj << +/Names [(0:3629) 4613 0 R (0:363) 1597 0 R (0:3630) 4614 0 R (0:3631) 4615 0 R (0:3633) 4616 0 R (0:3634) 4617 0 R] +/Limits [(0:3629) (0:3634)] +>> endobj +6892 0 obj << +/Names [(0:3635) 4618 0 R (0:3637) 4625 0 R (0:3638) 4626 0 R (0:3639) 4627 0 R (0:364) 1598 0 R (0:3640) 4628 0 R] +/Limits [(0:3635) (0:3640)] +>> endobj +6893 0 obj << +/Names [(0:3643) 4629 0 R (0:3644) 4630 0 R (0:3645) 4631 0 R (0:3646) 4632 0 R (0:3647) 4633 0 R (0:3648) 4634 0 R] +/Limits [(0:3643) (0:3648)] +>> endobj +6894 0 obj << +/Names [(0:3649) 4635 0 R (0:365) 1599 0 R (0:3650) 4636 0 R (0:3651) 4637 0 R (0:3652) 4638 0 R (0:3653) 4639 0 R] +/Limits [(0:3649) (0:3653)] +>> endobj +6895 0 obj << +/Names [(0:3654) 4640 0 R (0:3655) 4641 0 R (0:3656) 4642 0 R (0:3657) 4643 0 R (0:3658) 4644 0 R (0:3659) 4645 0 R] +/Limits [(0:3654) (0:3659)] +>> endobj +6896 0 obj << +/Names [(0:366) 1600 0 R (0:3660) 4646 0 R (0:3661) 4647 0 R (0:3662) 4648 0 R (0:3663) 4649 0 R (0:3665) 4650 0 R] +/Limits [(0:366) (0:3665)] +>> endobj +6897 0 obj << +/Names [(0:3666) 4651 0 R (0:3667) 4652 0 R (0:3668) 4653 0 R (0:3669) 4654 0 R (0:3670) 4655 0 R (0:3671) 4656 0 R] +/Limits [(0:3666) (0:3671)] +>> endobj +6898 0 obj << +/Names [(0:3672) 4657 0 R (0:3673) 4658 0 R (0:3674) 4659 0 R (0:3675) 4660 0 R (0:3676) 4661 0 R (0:3677) 4662 0 R] +/Limits [(0:3672) (0:3677)] +>> endobj +6899 0 obj << +/Names [(0:3678) 4663 0 R (0:3679) 4664 0 R (0:368) 1601 0 R (0:3680) 4665 0 R (0:3681) 4666 0 R (0:3682) 4667 0 R] +/Limits [(0:3678) (0:3682)] +>> endobj +6900 0 obj << +/Names [(0:3683) 4672 0 R (0:3686) 4673 0 R (0:3689) 4675 0 R (0:369) 1602 0 R (0:3690) 4676 0 R (0:3691) 4677 0 R] +/Limits [(0:3683) (0:3691)] +>> endobj +6901 0 obj << +/Names [(0:3693) 4678 0 R (0:3694) 4679 0 R (0:3695) 4680 0 R (0:3696) 4681 0 R (0:3697) 4682 0 R (0:3699) 4683 0 R] +/Limits [(0:3693) (0:3699)] +>> endobj +6902 0 obj << +/Names [(0:37) 1266 0 R (0:370) 1603 0 R (0:3700) 4684 0 R (0:3701) 4685 0 R (0:3702) 4686 0 R (0:3704) 4692 0 R] +/Limits [(0:37) (0:3704)] +>> endobj +6903 0 obj << +/Names [(0:3705) 4693 0 R (0:3706) 4694 0 R (0:3707) 4695 0 R (0:3708) 4696 0 R (0:371) 1604 0 R (0:3710) 4697 0 R] +/Limits [(0:3705) (0:3710)] +>> endobj +6904 0 obj << +/Names [(0:3711) 4698 0 R (0:3712) 4699 0 R (0:3713) 4700 0 R (0:3714) 4701 0 R (0:3716) 4702 0 R (0:3717) 4703 0 R] +/Limits [(0:3711) (0:3717)] +>> endobj +6905 0 obj << +/Names [(0:3718) 4704 0 R (0:3719) 4705 0 R (0:372) 1605 0 R (0:3720) 4706 0 R (0:3723) 4708 0 R (0:3724) 4709 0 R] +/Limits [(0:3718) (0:3724)] +>> endobj +6906 0 obj << +/Names [(0:3725) 4710 0 R (0:3726) 4711 0 R (0:3727) 4712 0 R (0:3728) 4713 0 R (0:3729) 4714 0 R (0:3730) 4715 0 R] +/Limits [(0:3725) (0:3730)] +>> endobj +6907 0 obj << +/Names [(0:3733) 4717 0 R (0:3735) 4718 0 R (0:3736) 4719 0 R (0:3737) 4720 0 R (0:3738) 4721 0 R (0:3740) 4728 0 R] +/Limits [(0:3733) (0:3740)] +>> endobj +6908 0 obj << +/Names [(0:3741) 4729 0 R (0:3742) 4730 0 R (0:3743) 4731 0 R (0:3745) 4732 0 R (0:3746) 4733 0 R (0:3747) 4734 0 R] +/Limits [(0:3741) (0:3747)] +>> endobj +6909 0 obj << +/Names [(0:3749) 4735 0 R (0:375) 1611 0 R (0:3750) 4736 0 R (0:3751) 4737 0 R (0:3752) 4738 0 R (0:3753) 4739 0 R] +/Limits [(0:3749) (0:3753)] +>> endobj +6910 0 obj << +/Names [(0:3754) 4740 0 R (0:3755) 4741 0 R (0:3756) 4742 0 R (0:3758) 4743 0 R (0:3759) 4744 0 R (0:376) 1612 0 R] +/Limits [(0:3754) (0:376)] +>> endobj +6911 0 obj << +/Names [(0:3760) 4745 0 R (0:3761) 4746 0 R (0:3764) 4748 0 R (0:3766) 4749 0 R (0:3767) 4750 0 R (0:3768) 4751 0 R] +/Limits [(0:3760) (0:3768)] +>> endobj +6912 0 obj << +/Names [(0:3769) 4752 0 R (0:377) 1613 0 R (0:3770) 4753 0 R (0:3771) 4754 0 R (0:3772) 4755 0 R (0:3773) 4756 0 R] +/Limits [(0:3769) (0:3773)] +>> endobj +6913 0 obj << +/Names [(0:3774) 4757 0 R (0:3775) 4758 0 R (0:3776) 4759 0 R (0:3777) 4760 0 R (0:3778) 4765 0 R (0:3779) 4766 0 R] +/Limits [(0:3774) (0:3779)] +>> endobj +6914 0 obj << +/Names [(0:378) 1614 0 R (0:3780) 4727 0 R (0:3782) 4767 0 R (0:3784) 4768 0 R (0:3785) 4769 0 R (0:3786) 4770 0 R] +/Limits [(0:378) (0:3786)] +>> endobj +6915 0 obj << +/Names [(0:3788) 4771 0 R (0:3789) 4772 0 R (0:379) 1615 0 R (0:3790) 4773 0 R (0:3791) 4774 0 R (0:3792) 4775 0 R] +/Limits [(0:3788) (0:3792)] +>> endobj +6916 0 obj << +/Names [(0:3794) 4776 0 R (0:3795) 4777 0 R (0:3796) 4778 0 R (0:3797) 4779 0 R (0:3798) 4780 0 R (0:3799) 4781 0 R] +/Limits [(0:3794) (0:3799)] +>> endobj +6917 0 obj << +/Names [(0:38) 1267 0 R (0:380) 1616 0 R (0:3800) 4782 0 R (0:3801) 4783 0 R (0:3802) 4784 0 R (0:3803) 4785 0 R] +/Limits [(0:38) (0:3803)] +>> endobj +6918 0 obj << +/Names [(0:3804) 4786 0 R (0:3806) 4787 0 R (0:3807) 4788 0 R (0:3808) 4789 0 R (0:3809) 4790 0 R (0:381) 1617 0 R] +/Limits [(0:3804) (0:381)] +>> endobj +6919 0 obj << +/Names [(0:3811) 4791 0 R (0:3812) 4792 0 R (0:3813) 4793 0 R (0:3814) 4794 0 R (0:3815) 4795 0 R (0:3816) 4796 0 R] +/Limits [(0:3811) (0:3816)] +>> endobj +6920 0 obj << +/Names [(0:3817) 4797 0 R (0:3818) 4798 0 R (0:382) 1618 0 R (0:3820) 4799 0 R (0:3821) 4800 0 R (0:3822) 4801 0 R] +/Limits [(0:3817) (0:3822)] +>> endobj +6921 0 obj << +/Names [(0:3823) 4802 0 R (0:3825) 4803 0 R (0:3826) 4804 0 R (0:3827) 4805 0 R (0:3828) 4806 0 R (0:3831) 4808 0 R] +/Limits [(0:3823) (0:3831)] +>> endobj +6922 0 obj << +/Names [(0:3832) 4809 0 R (0:3833) 4810 0 R (0:3834) 4811 0 R (0:3835) 4812 0 R (0:3836) 4813 0 R (0:3837) 4818 0 R] +/Limits [(0:3832) (0:3837)] +>> endobj +6923 0 obj << +/Names [(0:3838) 4819 0 R (0:3839) 4820 0 R (0:384) 1619 0 R (0:3840) 4821 0 R (0:3843) 4823 0 R (0:3846) 4825 0 R] +/Limits [(0:3838) (0:3846)] +>> endobj +6924 0 obj << +/Names [(0:3847) 4826 0 R (0:385) 1620 0 R (0:3850) 4828 0 R (0:3851) 4829 0 R (0:3852) 4830 0 R (0:3855) 4832 0 R] +/Limits [(0:3847) (0:3855)] +>> endobj +6925 0 obj << +/Names [(0:3858) 4834 0 R (0:3859) 4835 0 R (0:3860) 4836 0 R (0:3861) 4837 0 R (0:3862) 4838 0 R (0:3864) 4839 0 R] +/Limits [(0:3858) (0:3864)] +>> endobj +6926 0 obj << +/Names [(0:3865) 4840 0 R (0:3866) 4841 0 R (0:3869) 4847 0 R (0:3870) 4848 0 R (0:3873) 4850 0 R (0:3874) 4851 0 R] +/Limits [(0:3865) (0:3874)] +>> endobj +6927 0 obj << +/Names [(0:3877) 4853 0 R (0:3878) 4854 0 R (0:388) 1621 0 R (0:3881) 4856 0 R (0:3882) 4857 0 R (0:3883) 4858 0 R] +/Limits [(0:3877) (0:3883)] +>> endobj +6928 0 obj << +/Names [(0:3884) 4859 0 R (0:3885) 4860 0 R (0:3886) 4861 0 R (0:3887) 4862 0 R (0:3888) 4863 0 R (0:3890) 4864 0 R] +/Limits [(0:3884) (0:3890)] +>> endobj +6929 0 obj << +/Names [(0:3891) 4865 0 R (0:3892) 4866 0 R (0:3893) 4867 0 R (0:3896) 4869 0 R (0:3897) 4870 0 R (0:3898) 4875 0 R] +/Limits [(0:3891) (0:3898)] +>> endobj +6930 0 obj << +/Names [(0:3899) 4876 0 R (0:39) 1268 0 R (0:390) 1622 0 R (0:3900) 4877 0 R (0:3901) 4878 0 R (0:3902) 4879 0 R] +/Limits [(0:3899) (0:3902)] +>> endobj +6931 0 obj << +/Names [(0:3903) 4880 0 R (0:3904) 4881 0 R (0:3905) 4882 0 R (0:3906) 4883 0 R (0:3907) 4884 0 R (0:3908) 4885 0 R] +/Limits [(0:3903) (0:3908)] +>> endobj +6932 0 obj << +/Names [(0:3909) 4886 0 R (0:391) 1623 0 R (0:3910) 4887 0 R (0:3911) 4888 0 R (0:3912) 4889 0 R (0:3913) 4890 0 R] +/Limits [(0:3909) (0:3913)] +>> endobj +6933 0 obj << +/Names [(0:3916) 4892 0 R (0:3917) 4893 0 R (0:3918) 4894 0 R (0:3919) 4895 0 R (0:392) 1624 0 R (0:3920) 4896 0 R] +/Limits [(0:3916) (0:3920)] +>> endobj +6934 0 obj << +/Names [(0:3921) 4897 0 R (0:3922) 4898 0 R (0:3923) 4899 0 R (0:3924) 4900 0 R (0:3925) 4901 0 R (0:3926) 4902 0 R] +/Limits [(0:3921) (0:3926)] +>> endobj +6935 0 obj << +/Names [(0:3927) 4907 0 R (0:3928) 4908 0 R (0:3929) 4909 0 R (0:393) 1625 0 R (0:3931) 4910 0 R (0:3932) 4911 0 R] +/Limits [(0:3927) (0:3932)] +>> endobj +6936 0 obj << +/Names [(0:3933) 4912 0 R (0:3934) 4913 0 R (0:3935) 4914 0 R (0:3937) 4915 0 R (0:3938) 4916 0 R (0:3939) 4917 0 R] +/Limits [(0:3933) (0:3939)] +>> endobj +6937 0 obj << +/Names [(0:3942) 4919 0 R (0:3943) 4920 0 R (0:3944) 4921 0 R (0:3945) 4922 0 R (0:3946) 4923 0 R (0:3947) 4924 0 R] +/Limits [(0:3942) (0:3947)] +>> endobj +6938 0 obj << +/Names [(0:3948) 4925 0 R (0:3949) 4926 0 R (0:3950) 4927 0 R (0:3951) 4928 0 R (0:3952) 4929 0 R (0:3953) 4930 0 R] +/Limits [(0:3948) (0:3953)] +>> endobj +6939 0 obj << +/Names [(0:3954) 4931 0 R (0:3955) 4932 0 R (0:3956) 4933 0 R (0:3957) 4934 0 R (0:3958) 4935 0 R (0:3959) 4936 0 R] +/Limits [(0:3954) (0:3959)] +>> endobj +6940 0 obj << +/Names [(0:396) 1626 0 R (0:3960) 4937 0 R (0:3961) 4938 0 R (0:3962) 4944 0 R (0:3963) 4945 0 R (0:3964) 4946 0 R] +/Limits [(0:396) (0:3964)] +>> endobj +6941 0 obj << +/Names [(0:3965) 4947 0 R (0:3966) 4948 0 R (0:3967) 4949 0 R (0:3968) 4950 0 R (0:3969) 4951 0 R (0:397) 1627 0 R] +/Limits [(0:3965) (0:397)] +>> endobj +6942 0 obj << +/Names [(0:3970) 4952 0 R (0:3971) 4953 0 R (0:3972) 4954 0 R (0:3973) 4955 0 R (0:3974) 4956 0 R (0:3975) 4957 0 R] +/Limits [(0:3970) (0:3975)] +>> endobj +6943 0 obj << +/Names [(0:3976) 4958 0 R (0:3977) 4959 0 R (0:398) 1628 0 R (0:3980) 4961 0 R (0:3981) 4962 0 R (0:3984) 4964 0 R] +/Limits [(0:3976) (0:3984)] +>> endobj +6944 0 obj << +/Names [(0:3985) 4965 0 R (0:3988) 4967 0 R (0:399) 1629 0 R (0:3990) 4968 0 R (0:3993) 4969 0 R (0:3994) 4970 0 R] +/Limits [(0:3985) (0:3994)] +>> endobj +6945 0 obj << +/Names [(0:3995) 4971 0 R (0:3996) 4972 0 R (0:3997) 4973 0 R (0:3998) 4974 0 R (0:3999) 4975 0 R (0:40) 1269 0 R] +/Limits [(0:3995) (0:40)] +>> endobj +6946 0 obj << +/Names [(0:400) 1630 0 R (0:4000) 4976 0 R (0:4001) 4982 0 R (0:4002) 4983 0 R (0:4003) 4984 0 R (0:4004) 4985 0 R] +/Limits [(0:400) (0:4004)] +>> endobj +6947 0 obj << +/Names [(0:4005) 4986 0 R (0:4006) 4987 0 R (0:4007) 4988 0 R (0:4008) 4989 0 R (0:401) 1631 0 R (0:4010) 4990 0 R] +/Limits [(0:4005) (0:4010)] +>> endobj +6948 0 obj << +/Names [(0:4011) 4991 0 R (0:4012) 4992 0 R (0:4014) 4993 0 R (0:4015) 4994 0 R (0:4017) 4995 0 R (0:4019) 4996 0 R] +/Limits [(0:4011) (0:4019)] +>> endobj +6949 0 obj << +/Names [(0:4024) 4999 0 R (0:4025) 5000 0 R (0:4026) 5001 0 R (0:4027) 5002 0 R (0:4028) 5003 0 R (0:4029) 5004 0 R] +/Limits [(0:4024) (0:4029)] +>> endobj +6950 0 obj << +/Names [(0:403) 1632 0 R (0:4030) 5005 0 R (0:4031) 5006 0 R (0:4032) 5007 0 R (0:4033) 5008 0 R (0:4034) 5009 0 R] +/Limits [(0:403) (0:4034)] +>> endobj +6951 0 obj << +/Names [(0:4037) 5011 0 R (0:4038) 5012 0 R (0:4039) 5013 0 R (0:404) 1633 0 R (0:4040) 5014 0 R (0:4041) 5015 0 R] +/Limits [(0:4037) (0:4041)] +>> endobj +6952 0 obj << +/Names [(0:4042) 5016 0 R (0:4043) 5022 0 R (0:4044) 5023 0 R (0:4045) 5024 0 R (0:4048) 5026 0 R (0:4049) 5027 0 R] +/Limits [(0:4042) (0:4049)] +>> endobj +6953 0 obj << +/Names [(0:405) 1634 0 R (0:4050) 5028 0 R (0:4051) 5029 0 R (0:4052) 5030 0 R (0:4053) 5031 0 R (0:4056) 5033 0 R] +/Limits [(0:405) (0:4056)] +>> endobj +6954 0 obj << +/Names [(0:4058) 5034 0 R (0:4059) 5035 0 R (0:406) 1635 0 R (0:4060) 5036 0 R (0:4061) 5037 0 R (0:4062) 5038 0 R] +/Limits [(0:4058) (0:4062)] +>> endobj +6955 0 obj << +/Names [(0:4065) 5040 0 R (0:4066) 5041 0 R (0:4067) 5042 0 R (0:4068) 5043 0 R (0:4069) 5044 0 R (0:407) 1636 0 R] +/Limits [(0:4065) (0:407)] +>> endobj +6956 0 obj << +/Names [(0:4070) 5045 0 R (0:4071) 5046 0 R (0:4072) 5047 0 R (0:4073) 5048 0 R (0:4074) 5049 0 R (0:4075) 5050 0 R] +/Limits [(0:4070) (0:4075)] +>> endobj +6957 0 obj << +/Names [(0:4076) 5051 0 R (0:4078) 5052 0 R (0:4079) 5053 0 R (0:408) 1637 0 R (0:4080) 5054 0 R (0:4083) 5056 0 R] +/Limits [(0:4076) (0:4083)] +>> endobj +6958 0 obj << +/Names [(0:4084) 5057 0 R (0:4085) 5058 0 R (0:4086) 5059 0 R (0:4087) 5060 0 R (0:4088) 5061 0 R (0:4089) 5066 0 R] +/Limits [(0:4084) (0:4089)] +>> endobj +6959 0 obj << +/Names [(0:409) 1638 0 R (0:4090) 5021 0 R (0:4092) 5067 0 R (0:4093) 5068 0 R (0:4094) 5069 0 R (0:4095) 5070 0 R] +/Limits [(0:409) (0:4095)] +>> endobj +6960 0 obj << +/Names [(0:4096) 5071 0 R (0:4097) 5072 0 R (0:4098) 5073 0 R (0:41) 1270 0 R (0:410) 1639 0 R (0:4103) 5078 0 R] +/Limits [(0:4096) (0:4103)] +>> endobj +6961 0 obj << +/Names [(0:4104) 5079 0 R (0:4105) 5080 0 R (0:4106) 5081 0 R (0:4107) 5082 0 R (0:4108) 5083 0 R (0:4109) 5084 0 R] +/Limits [(0:4104) (0:4109)] +>> endobj +6962 0 obj << +/Names [(0:411) 1640 0 R (0:4110) 5085 0 R (0:4111) 5086 0 R (0:4112) 5087 0 R (0:4113) 5088 0 R (0:4114) 5089 0 R] +/Limits [(0:411) (0:4114)] +>> endobj +6963 0 obj << +/Names [(0:4115) 5090 0 R (0:4116) 5091 0 R (0:4118) 5092 0 R (0:4119) 5093 0 R (0:412) 1641 0 R (0:4120) 5094 0 R] +/Limits [(0:4115) (0:4120)] +>> endobj +6964 0 obj << +/Names [(0:4121) 5095 0 R (0:4122) 5096 0 R (0:4123) 5097 0 R (0:4124) 5098 0 R (0:4125) 5099 0 R (0:4126) 5100 0 R] +/Limits [(0:4121) (0:4126)] +>> endobj +6965 0 obj << +/Names [(0:4127) 5101 0 R (0:4128) 5102 0 R (0:4129) 5103 0 R (0:413) 1642 0 R (0:4130) 5104 0 R (0:4131) 5105 0 R] +/Limits [(0:4127) (0:4131)] +>> endobj +6966 0 obj << +/Names [(0:4132) 5106 0 R (0:4133) 5107 0 R (0:4134) 5108 0 R (0:4135) 5109 0 R (0:4136) 5110 0 R (0:4137) 5111 0 R] +/Limits [(0:4132) (0:4137)] +>> endobj +6967 0 obj << +/Names [(0:4138) 5112 0 R (0:4139) 5113 0 R (0:4140) 5114 0 R (0:4143) 5119 0 R (0:4144) 5120 0 R (0:4145) 5121 0 R] +/Limits [(0:4138) (0:4145)] +>> endobj +6968 0 obj << +/Names [(0:4146) 5122 0 R (0:4147) 5123 0 R (0:4148) 5124 0 R (0:4149) 5125 0 R (0:415) 1643 0 R (0:4150) 5126 0 R] +/Limits [(0:4146) (0:4150)] +>> endobj +6969 0 obj << +/Names [(0:4151) 5127 0 R (0:4152) 5128 0 R (0:4153) 5129 0 R (0:4154) 5130 0 R (0:4155) 5131 0 R (0:4156) 5132 0 R] +/Limits [(0:4151) (0:4156)] +>> endobj +6970 0 obj << +/Names [(0:4157) 5133 0 R (0:4158) 5134 0 R (0:4159) 5135 0 R (0:416) 1644 0 R (0:4160) 5136 0 R (0:4161) 5137 0 R] +/Limits [(0:4157) (0:4161)] +>> endobj +6971 0 obj << +/Names [(0:4162) 5138 0 R (0:4163) 5139 0 R (0:4164) 5140 0 R (0:4165) 5141 0 R (0:4166) 5142 0 R (0:4167) 5143 0 R] +/Limits [(0:4162) (0:4167)] +>> endobj +6972 0 obj << +/Names [(0:4169) 5149 0 R (0:417) 1645 0 R (0:4172) 5150 0 R (0:4173) 5151 0 R (0:4174) 5152 0 R (0:4175) 5153 0 R] +/Limits [(0:4169) (0:4175)] +>> endobj +6973 0 obj << +/Names [(0:4178) 5154 0 R (0:4179) 5155 0 R (0:418) 1646 0 R (0:4180) 5156 0 R (0:4183) 5157 0 R (0:4184) 5158 0 R] +/Limits [(0:4178) (0:4184)] +>> endobj +6974 0 obj << +/Names [(0:4185) 5159 0 R (0:4186) 5164 0 R (0:4187) 5165 0 R (0:4188) 5166 0 R (0:4189) 5167 0 R (0:419) 1647 0 R] +/Limits [(0:4185) (0:419)] +>> endobj +6975 0 obj << +/Names [(0:4190) 5168 0 R (0:4191) 5169 0 R (0:4192) 5170 0 R (0:4193) 5171 0 R (0:4194) 5172 0 R (0:4195) 5173 0 R] +/Limits [(0:4190) (0:4195)] +>> endobj +6976 0 obj << +/Names [(0:4196) 5174 0 R (0:4197) 5175 0 R (0:42) 1271 0 R (0:4202) 5181 0 R (0:4204) 5182 0 R (0:4205) 5183 0 R] +/Limits [(0:4196) (0:4205)] +>> endobj +6977 0 obj << +/Names [(0:4206) 5184 0 R (0:4208) 5185 0 R (0:4209) 5186 0 R (0:4210) 5187 0 R (0:4211) 5188 0 R (0:4214) 5189 0 R] +/Limits [(0:4206) (0:4214)] +>> endobj +6978 0 obj << +/Names [(0:4215) 5190 0 R (0:4216) 5191 0 R (0:4217) 5192 0 R (0:4219) 5193 0 R (0:422) 1653 0 R (0:4220) 5194 0 R] +/Limits [(0:4215) (0:4220)] +>> endobj +6979 0 obj << +/Names [(0:4221) 5195 0 R (0:4222) 5196 0 R (0:4223) 5197 0 R (0:4225) 5198 0 R (0:4226) 5199 0 R (0:4227) 5200 0 R] +/Limits [(0:4221) (0:4227)] +>> endobj +6980 0 obj << +/Names [(0:4229) 5201 0 R (0:423) 1654 0 R (0:4230) 5202 0 R (0:4231) 5203 0 R (0:4232) 5204 0 R (0:4233) 5205 0 R] +/Limits [(0:4229) (0:4233)] +>> endobj +6981 0 obj << +/Names [(0:4235) 5206 0 R (0:4236) 5207 0 R (0:4237) 5208 0 R (0:4239) 5209 0 R (0:424) 1655 0 R (0:4240) 5210 0 R] +/Limits [(0:4235) (0:4240)] +>> endobj +6982 0 obj << +/Names [(0:4241) 5211 0 R (0:4243) 5212 0 R (0:4244) 5213 0 R (0:4245) 5214 0 R (0:4247) 5221 0 R (0:4248) 5222 0 R] +/Limits [(0:4241) (0:4248)] +>> endobj +6983 0 obj << +/Names [(0:4249) 5223 0 R (0:425) 1656 0 R (0:4250) 5224 0 R (0:4252) 5215 0 R (0:4253) 5225 0 R (0:4254) 5226 0 R] +/Limits [(0:4249) (0:4254)] +>> endobj +6984 0 obj << +/Names [(0:4256) 5227 0 R (0:4257) 5228 0 R (0:4258) 5229 0 R (0:4259) 5230 0 R (0:4260) 5231 0 R (0:4261) 5232 0 R] +/Limits [(0:4256) (0:4261)] +>> endobj +6985 0 obj << +/Names [(0:4263) 5233 0 R (0:4264) 5234 0 R (0:4265) 5235 0 R (0:4266) 5236 0 R (0:4268) 5237 0 R (0:4269) 5238 0 R] +/Limits [(0:4263) (0:4269)] +>> endobj +6986 0 obj << +/Names [(0:427) 1657 0 R (0:4270) 5239 0 R (0:4273) 5240 0 R (0:4274) 5241 0 R (0:4275) 5242 0 R (0:4277) 5243 0 R] +/Limits [(0:427) (0:4277)] +>> endobj +6987 0 obj << +/Names [(0:4278) 5244 0 R (0:4279) 5245 0 R (0:428) 1658 0 R (0:4281) 5246 0 R (0:4282) 5247 0 R (0:4283) 5248 0 R] +/Limits [(0:4278) (0:4283)] +>> endobj +6988 0 obj << +/Names [(0:4285) 5249 0 R (0:4286) 5250 0 R (0:4287) 5251 0 R (0:4289) 5252 0 R (0:429) 1659 0 R (0:4290) 5253 0 R] +/Limits [(0:4285) (0:4290)] +>> endobj +6989 0 obj << +/Names [(0:4291) 5254 0 R (0:4292) 5255 0 R (0:4293) 5256 0 R (0:4295) 5257 0 R (0:4296) 5258 0 R (0:4297) 5259 0 R] +/Limits [(0:4291) (0:4297)] +>> endobj +6990 0 obj << +/Names [(0:4299) 5264 0 R (0:43) 1272 0 R (0:430) 1660 0 R (0:4300) 5265 0 R (0:4301) 5266 0 R (0:4302) 5267 0 R] +/Limits [(0:4299) (0:4302)] +>> endobj +6991 0 obj << +/Names [(0:4304) 5268 0 R (0:4305) 5269 0 R (0:4306) 5270 0 R (0:4308) 5271 0 R (0:4309) 5272 0 R (0:431) 1661 0 R] +/Limits [(0:4304) (0:431)] +>> endobj +6992 0 obj << +/Names [(0:4310) 5273 0 R (0:4312) 5274 0 R (0:4313) 5275 0 R (0:4314) 5276 0 R (0:4316) 5277 0 R (0:4317) 5278 0 R] +/Limits [(0:4310) (0:4317)] +>> endobj +6993 0 obj << +/Names [(0:4318) 5279 0 R (0:432) 1662 0 R (0:4320) 5280 0 R (0:4321) 5281 0 R (0:4322) 5282 0 R (0:4325) 5283 0 R] +/Limits [(0:4318) (0:4325)] +>> endobj +6994 0 obj << +/Names [(0:4326) 5284 0 R (0:4328) 5285 0 R (0:4329) 5286 0 R (0:433) 1663 0 R (0:4330) 5287 0 R (0:4332) 5288 0 R] +/Limits [(0:4326) (0:4332)] +>> endobj +6995 0 obj << +/Names [(0:4333) 5289 0 R (0:4334) 5290 0 R (0:4336) 5291 0 R (0:4337) 5292 0 R (0:4338) 5293 0 R (0:4340) 5294 0 R] +/Limits [(0:4333) (0:4340)] +>> endobj +6996 0 obj << +/Names [(0:4341) 5295 0 R (0:4342) 5296 0 R (0:4344) 5301 0 R (0:4345) 5302 0 R (0:4346) 5303 0 R (0:4347) 5304 0 R] +/Limits [(0:4341) (0:4347)] +>> endobj +6997 0 obj << +/Names [(0:435) 1664 0 R (0:4350) 5305 0 R (0:4352) 5306 0 R (0:4353) 5307 0 R (0:4354) 5308 0 R (0:4355) 5309 0 R] +/Limits [(0:435) (0:4355)] +>> endobj +6998 0 obj << +/Names [(0:4357) 5310 0 R (0:4358) 5311 0 R (0:4359) 5312 0 R (0:436) 1665 0 R (0:4360) 5313 0 R (0:4361) 5314 0 R] +/Limits [(0:4357) (0:4361)] +>> endobj +6999 0 obj << +/Names [(0:4362) 5315 0 R (0:4364) 5316 0 R (0:4365) 5317 0 R (0:4366) 5318 0 R (0:4369) 5319 0 R (0:437) 1666 0 R] +/Limits [(0:4362) (0:437)] +>> endobj +7000 0 obj << +/Names [(0:4371) 5320 0 R (0:4372) 5321 0 R (0:4373) 5322 0 R (0:4375) 5323 0 R (0:4376) 5324 0 R (0:4377) 5325 0 R] +/Limits [(0:4371) (0:4377)] +>> endobj +7001 0 obj << +/Names [(0:4379) 5326 0 R (0:438) 1667 0 R (0:4380) 5327 0 R (0:4381) 5328 0 R (0:4383) 5329 0 R (0:4384) 5330 0 R] +/Limits [(0:4379) (0:4384)] +>> endobj +7002 0 obj << +/Names [(0:4385) 5331 0 R (0:4386) 5332 0 R (0:4388) 5341 0 R (0:4389) 5342 0 R (0:439) 1668 0 R (0:4390) 5343 0 R] +/Limits [(0:4385) (0:4390)] +>> endobj +7003 0 obj << +/Names [(0:4391) 5344 0 R (0:4392) 5345 0 R (0:4394) 5346 0 R (0:4395) 5347 0 R (0:4396) 5348 0 R (0:4397) 5349 0 R] +/Limits [(0:4391) (0:4397)] +>> endobj +7004 0 obj << +/Names [(0:4398) 5350 0 R (0:44) 1273 0 R (0:440) 1669 0 R (0:4400) 5351 0 R (0:4401) 5352 0 R (0:4402) 5353 0 R] +/Limits [(0:4398) (0:4402)] +>> endobj +7005 0 obj << +/Names [(0:4404) 5354 0 R (0:4405) 5355 0 R (0:4406) 5356 0 R (0:4409) 5357 0 R (0:441) 1670 0 R (0:4410) 5358 0 R] +/Limits [(0:4404) (0:4410)] +>> endobj +7006 0 obj << +/Names [(0:4412) 5359 0 R (0:4414) 5360 0 R (0:4415) 5361 0 R (0:4417) 5362 0 R (0:4418) 5363 0 R (0:4419) 5364 0 R] +/Limits [(0:4412) (0:4419)] +>> endobj +7007 0 obj << +/Names [(0:442) 1671 0 R (0:4422) 5365 0 R (0:4423) 5366 0 R (0:4424) 5367 0 R (0:4425) 5368 0 R (0:4427) 5369 0 R] +/Limits [(0:442) (0:4427)] +>> endobj +7008 0 obj << +/Names [(0:4428) 5370 0 R (0:4429) 5371 0 R (0:443) 1672 0 R (0:4430) 5372 0 R (0:4431) 5373 0 R (0:4433) 5378 0 R] +/Limits [(0:4428) (0:4433)] +>> endobj +7009 0 obj << +/Names [(0:4434) 5379 0 R (0:4435) 5380 0 R (0:4436) 5381 0 R (0:4438) 5340 0 R (0:4439) 5382 0 R (0:4440) 5383 0 R] +/Limits [(0:4434) (0:4440)] +>> endobj +7010 0 obj << +/Names [(0:4441) 5384 0 R (0:4443) 5385 0 R (0:4444) 5386 0 R (0:4445) 5387 0 R (0:4446) 5388 0 R (0:4448) 5389 0 R] +/Limits [(0:4441) (0:4448)] +>> endobj +7011 0 obj << +/Names [(0:4449) 5390 0 R (0:4450) 5391 0 R (0:4451) 5392 0 R (0:4453) 5393 0 R (0:4454) 5394 0 R (0:4455) 5395 0 R] +/Limits [(0:4449) (0:4455)] +>> endobj +7012 0 obj << +/Names [(0:4456) 5396 0 R (0:4458) 5397 0 R (0:4459) 5398 0 R (0:4460) 5399 0 R (0:4461) 5400 0 R (0:4463) 5401 0 R] +/Limits [(0:4456) (0:4463)] +>> endobj +7013 0 obj << +/Names [(0:4464) 5402 0 R (0:4465) 5403 0 R (0:4466) 5404 0 R (0:4468) 5405 0 R (0:4469) 5406 0 R (0:4470) 5407 0 R] +/Limits [(0:4464) (0:4470)] +>> endobj +7014 0 obj << +/Names [(0:4471) 5408 0 R (0:4473) 5409 0 R (0:4474) 5410 0 R (0:4475) 5411 0 R (0:4480) 5417 0 R (0:4481) 5418 0 R] +/Limits [(0:4471) (0:4481)] +>> endobj +7015 0 obj << +/Names [(0:4482) 5419 0 R (0:4483) 5420 0 R (0:4484) 5421 0 R (0:4485) 5422 0 R (0:4486) 5423 0 R (0:4487) 5424 0 R] +/Limits [(0:4482) (0:4487)] +>> endobj +7016 0 obj << +/Names [(0:4488) 5425 0 R (0:4489) 5426 0 R (0:4490) 5427 0 R (0:4491) 5428 0 R (0:4492) 5429 0 R (0:4493) 5430 0 R] +/Limits [(0:4488) (0:4493)] +>> endobj +7017 0 obj << +/Names [(0:4494) 5431 0 R (0:4495) 5432 0 R (0:4496) 5433 0 R (0:4497) 5434 0 R (0:4498) 5435 0 R (0:4499) 5436 0 R] +/Limits [(0:4494) (0:4499)] +>> endobj +7018 0 obj << +/Names [(0:45) 1274 0 R (0:4500) 5437 0 R (0:4501) 5438 0 R (0:4502) 5439 0 R (0:4503) 5440 0 R (0:4504) 5441 0 R] +/Limits [(0:45) (0:4504)] +>> endobj +7019 0 obj << +/Names [(0:4505) 5442 0 R (0:4506) 5443 0 R (0:4507) 5444 0 R (0:4508) 5445 0 R (0:4509) 5446 0 R (0:4510) 5447 0 R] +/Limits [(0:4505) (0:4510)] +>> endobj +7020 0 obj << +/Names [(0:4511) 5448 0 R (0:4512) 5449 0 R (0:4513) 5450 0 R (0:4514) 5451 0 R (0:4515) 5452 0 R (0:4516) 5453 0 R] +/Limits [(0:4511) (0:4516)] +>> endobj +7021 0 obj << +/Names [(0:4517) 5454 0 R (0:4518) 5455 0 R (0:4519) 5456 0 R (0:4520) 5457 0 R (0:4521) 5458 0 R (0:4522) 5459 0 R] +/Limits [(0:4517) (0:4522)] +>> endobj +7022 0 obj << +/Names [(0:4523) 5460 0 R (0:4524) 5461 0 R (0:4525) 5462 0 R (0:4526) 5463 0 R (0:4527) 5464 0 R (0:4528) 5465 0 R] +/Limits [(0:4523) (0:4528)] +>> endobj +7023 0 obj << +/Names [(0:4529) 5466 0 R (0:4530) 5467 0 R (0:4531) 5468 0 R (0:4532) 5469 0 R (0:4533) 5470 0 R (0:4534) 5471 0 R] +/Limits [(0:4529) (0:4534)] +>> endobj +7024 0 obj << +/Names [(0:4535) 5472 0 R (0:4536) 5473 0 R (0:4537) 5474 0 R (0:4538) 5475 0 R (0:4539) 5476 0 R (0:4540) 5477 0 R] +/Limits [(0:4535) (0:4540)] +>> endobj +7025 0 obj << +/Names [(0:4541) 5478 0 R (0:4542) 5479 0 R (0:4543) 5480 0 R (0:4544) 5481 0 R (0:4545) 5482 0 R (0:4546) 5483 0 R] +/Limits [(0:4541) (0:4546)] +>> endobj +7026 0 obj << +/Names [(0:4548) 5484 0 R (0:4549) 5485 0 R (0:4550) 5486 0 R (0:4551) 5487 0 R (0:4552) 5488 0 R (0:4553) 5489 0 R] +/Limits [(0:4548) (0:4553)] +>> endobj +7027 0 obj << +/Names [(0:4554) 5490 0 R (0:4555) 5491 0 R (0:4556) 5496 0 R (0:4557) 5497 0 R (0:4558) 5498 0 R (0:4559) 5499 0 R] +/Limits [(0:4554) (0:4559)] +>> endobj +7028 0 obj << +/Names [(0:4560) 5500 0 R (0:4561) 5501 0 R (0:4562) 5502 0 R (0:4563) 5503 0 R (0:4564) 5504 0 R (0:4565) 5505 0 R] +/Limits [(0:4560) (0:4565)] +>> endobj +7029 0 obj << +/Names [(0:4566) 5506 0 R (0:4567) 5507 0 R (0:4568) 5508 0 R (0:4569) 5509 0 R (0:4570) 5510 0 R (0:4571) 5511 0 R] +/Limits [(0:4566) (0:4571)] +>> endobj +7030 0 obj << +/Names [(0:4572) 5512 0 R (0:4573) 5513 0 R (0:4574) 5514 0 R (0:4575) 5515 0 R (0:4576) 5516 0 R (0:4577) 5517 0 R] +/Limits [(0:4572) (0:4577)] +>> endobj +7031 0 obj << +/Names [(0:4578) 5518 0 R (0:4579) 5519 0 R (0:4580) 5520 0 R (0:4581) 5521 0 R (0:4582) 5522 0 R (0:4583) 5523 0 R] +/Limits [(0:4578) (0:4583)] +>> endobj +7032 0 obj << +/Names [(0:4584) 5524 0 R (0:4585) 5525 0 R (0:4586) 5526 0 R (0:4587) 5527 0 R (0:4588) 5528 0 R (0:4589) 5529 0 R] +/Limits [(0:4584) (0:4589)] +>> endobj +7033 0 obj << +/Names [(0:4590) 5530 0 R (0:4591) 5531 0 R (0:4592) 5532 0 R (0:4596) 5533 0 R (0:4597) 5534 0 R (0:4598) 5535 0 R] +/Limits [(0:4590) (0:4598)] +>> endobj +7034 0 obj << +/Names [(0:4599) 5536 0 R (0:46) 1275 0 R (0:4600) 5537 0 R (0:4601) 5538 0 R (0:4602) 5539 0 R (0:4603) 5540 0 R] +/Limits [(0:4599) (0:4603)] +>> endobj +7035 0 obj << +/Names [(0:4604) 5541 0 R (0:4605) 5542 0 R (0:4606) 5543 0 R (0:4608) 5544 0 R (0:4609) 5545 0 R (0:4610) 5546 0 R] +/Limits [(0:4604) (0:4610)] +>> endobj +7036 0 obj << +/Names [(0:4611) 5547 0 R (0:4612) 5548 0 R (0:4613) 5549 0 R (0:4614) 5550 0 R (0:4615) 5551 0 R (0:4616) 5552 0 R] +/Limits [(0:4611) (0:4616)] +>> endobj +7037 0 obj << +/Names [(0:4617) 5553 0 R (0:4618) 5554 0 R (0:4619) 5555 0 R (0:4620) 5556 0 R (0:4621) 5557 0 R (0:4622) 5558 0 R] +/Limits [(0:4617) (0:4622)] +>> endobj +7038 0 obj << +/Names [(0:4623) 5559 0 R (0:4624) 5560 0 R (0:4625) 5561 0 R (0:4629) 5562 0 R (0:4630) 5563 0 R (0:4631) 5564 0 R] +/Limits [(0:4623) (0:4631)] +>> endobj +7039 0 obj << +/Names [(0:4632) 5565 0 R (0:4633) 5566 0 R (0:4634) 5567 0 R (0:4635) 5568 0 R (0:4636) 5569 0 R (0:4637) 5570 0 R] +/Limits [(0:4632) (0:4637)] +>> endobj +7040 0 obj << +/Names [(0:4638) 5571 0 R (0:4639) 5572 0 R (0:4640) 5573 0 R (0:4641) 5578 0 R (0:4642) 5579 0 R (0:4643) 5580 0 R] +/Limits [(0:4638) (0:4643)] +>> endobj +7041 0 obj << +/Names [(0:4644) 5581 0 R (0:4645) 5582 0 R (0:4646) 5583 0 R (0:4651) 5591 0 R (0:4652) 5592 0 R (0:4653) 5593 0 R] +/Limits [(0:4644) (0:4653)] +>> endobj +7042 0 obj << +/Names [(0:4654) 5594 0 R (0:4655) 5595 0 R (0:4659) 5596 0 R (0:4660) 5597 0 R (0:4661) 5598 0 R (0:4662) 5599 0 R] +/Limits [(0:4654) (0:4662)] +>> endobj +7043 0 obj << +/Names [(0:4663) 5600 0 R (0:4664) 5601 0 R (0:4665) 5602 0 R (0:4666) 5603 0 R (0:4667) 5604 0 R (0:4668) 5605 0 R] +/Limits [(0:4663) (0:4668)] +>> endobj +7044 0 obj << +/Names [(0:4669) 5606 0 R (0:4670) 5607 0 R (0:4672) 5608 0 R (0:4673) 5609 0 R (0:4675) 5610 0 R (0:4676) 5611 0 R] +/Limits [(0:4669) (0:4676)] +>> endobj +7045 0 obj << +/Names [(0:4677) 5612 0 R (0:4678) 5613 0 R (0:4681) 5624 0 R (0:4682) 5625 0 R (0:4683) 5626 0 R (0:4684) 5627 0 R] +/Limits [(0:4677) (0:4684)] +>> endobj +7046 0 obj << +/Names [(0:4685) 5628 0 R (0:4686) 5629 0 R (0:4687) 5630 0 R (0:4688) 5631 0 R (0:4689) 5632 0 R (0:4692) 5633 0 R] +/Limits [(0:4685) (0:4692)] +>> endobj +7047 0 obj << +/Names [(0:4694) 5634 0 R (0:4695) 5635 0 R (0:4696) 5636 0 R (0:4697) 5637 0 R (0:4698) 5638 0 R (0:4699) 5639 0 R] +/Limits [(0:4694) (0:4699)] +>> endobj +7048 0 obj << +/Names [(0:47) 1276 0 R (0:4700) 5640 0 R (0:4701) 5641 0 R (0:4702) 5642 0 R (0:4703) 5643 0 R (0:4704) 5644 0 R] +/Limits [(0:47) (0:4704)] +>> endobj +7049 0 obj << +/Names [(0:4705) 5645 0 R (0:4706) 5646 0 R (0:4707) 5647 0 R (0:4709) 5648 0 R (0:4710) 5649 0 R (0:4711) 5650 0 R] +/Limits [(0:4705) (0:4711)] +>> endobj +7050 0 obj << +/Names [(0:4712) 5651 0 R (0:4713) 5652 0 R (0:4714) 5653 0 R (0:4717) 5658 0 R (0:4719) 5623 0 R (0:4721) 5659 0 R] +/Limits [(0:4712) (0:4721)] +>> endobj +7051 0 obj << +/Names [(0:4722) 5660 0 R (0:4723) 5661 0 R (0:4724) 5662 0 R (0:4725) 5663 0 R (0:4726) 5664 0 R (0:4727) 5665 0 R] +/Limits [(0:4722) (0:4727)] +>> endobj +7052 0 obj << +/Names [(0:4728) 5666 0 R (0:4729) 5667 0 R (0:4730) 5668 0 R (0:4731) 5669 0 R (0:4732) 5670 0 R (0:4733) 5671 0 R] +/Limits [(0:4728) (0:4733)] +>> endobj +7053 0 obj << +/Names [(0:4734) 5672 0 R (0:4735) 5673 0 R (0:4736) 5674 0 R (0:4737) 5675 0 R (0:4738) 5676 0 R (0:4739) 5677 0 R] +/Limits [(0:4734) (0:4739)] +>> endobj +7054 0 obj << +/Names [(0:4740) 5678 0 R (0:4741) 5679 0 R (0:4742) 5680 0 R (0:4743) 5681 0 R (0:4744) 5682 0 R (0:4745) 5683 0 R] +/Limits [(0:4740) (0:4745)] +>> endobj +7055 0 obj << +/Names [(0:4746) 5684 0 R (0:4747) 5685 0 R (0:4748) 5686 0 R (0:4749) 5687 0 R (0:4750) 5688 0 R (0:4751) 5689 0 R] +/Limits [(0:4746) (0:4751)] +>> endobj +7056 0 obj << +/Names [(0:4752) 5690 0 R (0:4753) 5691 0 R (0:4754) 5692 0 R (0:4755) 5693 0 R (0:4756) 5694 0 R (0:4757) 5695 0 R] +/Limits [(0:4752) (0:4757)] +>> endobj +7057 0 obj << +/Names [(0:4758) 5696 0 R (0:4759) 5697 0 R (0:4760) 5698 0 R (0:4761) 5699 0 R (0:4762) 5700 0 R (0:4763) 5701 0 R] +/Limits [(0:4758) (0:4763)] +>> endobj +7058 0 obj << +/Names [(0:4764) 5702 0 R (0:4765) 5703 0 R (0:4766) 5704 0 R (0:4767) 5711 0 R (0:4768) 5712 0 R (0:4769) 5713 0 R] +/Limits [(0:4764) (0:4769)] +>> endobj +7059 0 obj << +/Names [(0:4772) 5714 0 R (0:4774) 5715 0 R (0:4775) 5716 0 R (0:4776) 5717 0 R (0:4777) 5718 0 R (0:4778) 5719 0 R] +/Limits [(0:4772) (0:4778)] +>> endobj +7060 0 obj << +/Names [(0:4779) 5720 0 R (0:4780) 5721 0 R (0:4781) 5722 0 R (0:4782) 5723 0 R (0:4783) 5724 0 R (0:4784) 5725 0 R] +/Limits [(0:4779) (0:4784)] +>> endobj +7061 0 obj << +/Names [(0:4785) 5726 0 R (0:4786) 5727 0 R (0:4787) 5728 0 R (0:4788) 5729 0 R (0:4789) 5730 0 R (0:4790) 5731 0 R] +/Limits [(0:4785) (0:4790)] +>> endobj +7062 0 obj << +/Names [(0:4791) 5732 0 R (0:4792) 5733 0 R (0:4793) 5734 0 R (0:4794) 5735 0 R (0:4795) 5736 0 R (0:4796) 5737 0 R] +/Limits [(0:4791) (0:4796)] +>> endobj +7063 0 obj << +/Names [(0:4797) 5738 0 R (0:4798) 5739 0 R (0:4799) 5740 0 R (0:48) 1277 0 R (0:4800) 5741 0 R (0:4801) 5742 0 R] +/Limits [(0:4797) (0:4801)] +>> endobj +7064 0 obj << +/Names [(0:4802) 5743 0 R (0:4803) 5744 0 R (0:4804) 5745 0 R (0:4807) 5746 0 R (0:4808) 5751 0 R (0:4809) 5752 0 R] +/Limits [(0:4802) (0:4809)] +>> endobj +7065 0 obj << +/Names [(0:4810) 5710 0 R (0:4811) 5753 0 R (0:4812) 5754 0 R (0:4813) 5755 0 R (0:4814) 5756 0 R (0:4815) 5757 0 R] +/Limits [(0:4810) (0:4815)] +>> endobj +7066 0 obj << +/Names [(0:4816) 5758 0 R (0:4817) 5759 0 R (0:4818) 5760 0 R (0:4819) 5761 0 R (0:4820) 5762 0 R (0:4821) 5763 0 R] +/Limits [(0:4816) (0:4821)] +>> endobj +7067 0 obj << +/Names [(0:4822) 5764 0 R (0:4823) 5765 0 R (0:4824) 5766 0 R (0:4825) 5767 0 R (0:4828) 5768 0 R (0:4829) 5769 0 R] +/Limits [(0:4822) (0:4829)] +>> endobj +7068 0 obj << +/Names [(0:4830) 5770 0 R (0:4831) 5771 0 R (0:4832) 5772 0 R (0:4833) 5773 0 R (0:4834) 5774 0 R (0:4835) 5775 0 R] +/Limits [(0:4830) (0:4835)] +>> endobj +7069 0 obj << +/Names [(0:4836) 5776 0 R (0:4837) 5777 0 R (0:4838) 5778 0 R (0:4839) 5779 0 R (0:4840) 5780 0 R (0:4841) 5781 0 R] +/Limits [(0:4836) (0:4841)] +>> endobj +7070 0 obj << +/Names [(0:4842) 5782 0 R (0:4843) 5783 0 R (0:4844) 5784 0 R (0:4845) 5785 0 R (0:4846) 5786 0 R (0:4847) 5787 0 R] +/Limits [(0:4842) (0:4847)] +>> endobj +7071 0 obj << +/Names [(0:4848) 5788 0 R (0:4849) 5789 0 R (0:4850) 5790 0 R (0:4851) 5791 0 R (0:4852) 5792 0 R (0:4853) 5798 0 R] +/Limits [(0:4848) (0:4853)] +>> endobj +7072 0 obj << +/Names [(0:4854) 5799 0 R (0:4855) 5800 0 R (0:4856) 5801 0 R (0:4857) 5802 0 R (0:4858) 5803 0 R (0:4861) 5804 0 R] +/Limits [(0:4854) (0:4861)] +>> endobj +7073 0 obj << +/Names [(0:4862) 5805 0 R (0:4863) 5806 0 R (0:4864) 5807 0 R (0:4865) 5808 0 R (0:4866) 5809 0 R (0:4867) 5810 0 R] +/Limits [(0:4862) (0:4867)] +>> endobj +7074 0 obj << +/Names [(0:4868) 5811 0 R (0:4869) 5812 0 R (0:4870) 5813 0 R (0:4871) 5814 0 R (0:4872) 5815 0 R (0:4873) 5816 0 R] +/Limits [(0:4868) (0:4873)] +>> endobj +7075 0 obj << +/Names [(0:4874) 5817 0 R (0:4875) 5818 0 R (0:4876) 5819 0 R (0:4877) 5820 0 R (0:4878) 5821 0 R (0:4879) 5822 0 R] +/Limits [(0:4874) (0:4879)] +>> endobj +7076 0 obj << +/Names [(0:4880) 5823 0 R (0:4881) 5824 0 R (0:4882) 5825 0 R (0:4883) 5826 0 R (0:4884) 5827 0 R (0:4885) 5828 0 R] +/Limits [(0:4880) (0:4885)] +>> endobj +7077 0 obj << +/Names [(0:4886) 5829 0 R (0:4887) 5830 0 R (0:4888) 5831 0 R (0:4889) 5832 0 R (0:4890) 5833 0 R (0:4891) 5834 0 R] +/Limits [(0:4886) (0:4891)] +>> endobj +7078 0 obj << +/Names [(0:4894) 5840 0 R (0:4895) 5797 0 R (0:4897) 5841 0 R (0:4898) 5842 0 R (0:4899) 5843 0 R (0:49) 1278 0 R] +/Limits [(0:4894) (0:49)] +>> endobj +7079 0 obj << +/Names [(0:4900) 5844 0 R (0:4901) 5845 0 R (0:4902) 5846 0 R (0:4903) 5847 0 R (0:4904) 5848 0 R (0:4905) 5849 0 R] +/Limits [(0:4900) (0:4905)] +>> endobj +7080 0 obj << +/Names [(0:4906) 5850 0 R (0:4907) 5851 0 R (0:4908) 5852 0 R (0:4909) 5853 0 R (0:491) 1674 0 R (0:4910) 5854 0 R] +/Limits [(0:4906) (0:4910)] +>> endobj +7081 0 obj << +/Names [(0:4911) 5855 0 R (0:4912) 5856 0 R (0:4915) 5857 0 R (0:4916) 5858 0 R (0:4917) 5859 0 R (0:4918) 5860 0 R] +/Limits [(0:4911) (0:4918)] +>> endobj +7082 0 obj << +/Names [(0:4919) 5861 0 R (0:492) 1675 0 R (0:4920) 5862 0 R (0:4921) 5863 0 R (0:4922) 5864 0 R (0:4923) 5865 0 R] +/Limits [(0:4919) (0:4923)] +>> endobj +7083 0 obj << +/Names [(0:4924) 5866 0 R (0:4925) 5867 0 R (0:4926) 5868 0 R (0:4927) 5869 0 R (0:493) 1677 0 R (0:4930) 5876 0 R] +/Limits [(0:4924) (0:4930)] +>> endobj +7084 0 obj << +/Names [(0:4931) 5839 0 R (0:4933) 5877 0 R (0:4934) 5878 0 R (0:4935) 5879 0 R (0:4936) 5880 0 R (0:4937) 5881 0 R] +/Limits [(0:4931) (0:4937)] +>> endobj +7085 0 obj << +/Names [(0:4938) 5882 0 R (0:4939) 5883 0 R (0:494) 1678 0 R (0:4940) 5884 0 R (0:4941) 5885 0 R (0:4942) 5886 0 R] +/Limits [(0:4938) (0:4942)] +>> endobj +7086 0 obj << +/Names [(0:4943) 5887 0 R (0:4944) 5888 0 R (0:4945) 5889 0 R (0:4946) 5890 0 R (0:4947) 5891 0 R (0:4948) 5892 0 R] +/Limits [(0:4943) (0:4948)] +>> endobj +7087 0 obj << +/Names [(0:4949) 5893 0 R (0:495) 1679 0 R (0:4950) 5894 0 R (0:4951) 5895 0 R (0:4952) 5896 0 R (0:4953) 5897 0 R] +/Limits [(0:4949) (0:4953)] +>> endobj +7088 0 obj << +/Names [(0:4954) 5898 0 R (0:4955) 5899 0 R (0:4956) 5900 0 R (0:4957) 5901 0 R (0:496) 1680 0 R (0:4960) 5902 0 R] +/Limits [(0:4954) (0:4960)] +>> endobj +7089 0 obj << +/Names [(0:4961) 5903 0 R (0:4962) 5904 0 R (0:4963) 5905 0 R (0:4964) 5906 0 R (0:4965) 5907 0 R (0:4966) 5908 0 R] +/Limits [(0:4961) (0:4966)] +>> endobj +7090 0 obj << +/Names [(0:4967) 5913 0 R (0:4968) 5914 0 R (0:4969) 5915 0 R (0:497) 1681 0 R (0:4970) 5875 0 R (0:4973) 5916 0 R] +/Limits [(0:4967) (0:4973)] +>> endobj +7091 0 obj << +/Names [(0:4974) 5917 0 R (0:4975) 5918 0 R (0:4976) 5919 0 R (0:4977) 5920 0 R (0:4978) 5921 0 R (0:4979) 5922 0 R] +/Limits [(0:4974) (0:4979)] +>> endobj +7092 0 obj << +/Names [(0:498) 1682 0 R (0:4980) 5923 0 R (0:4981) 5924 0 R (0:4982) 5925 0 R (0:4983) 5926 0 R (0:4984) 5927 0 R] +/Limits [(0:498) (0:4984)] +>> endobj +7093 0 obj << +/Names [(0:4985) 5928 0 R (0:4986) 5929 0 R (0:4987) 5930 0 R (0:499) 1683 0 R (0:4990) 5931 0 R (0:4991) 5932 0 R] +/Limits [(0:4985) (0:4991)] +>> endobj +7094 0 obj << +/Names [(0:4992) 5933 0 R (0:4993) 5934 0 R (0:4994) 5935 0 R (0:4995) 5936 0 R (0:4996) 5937 0 R (0:4997) 5938 0 R] +/Limits [(0:4992) (0:4997)] +>> endobj +7095 0 obj << +/Names [(0:4998) 5939 0 R (0:4999) 5940 0 R (0:50) 1279 0 R (0:500) 1684 0 R (0:5000) 5941 0 R (0:5001) 5942 0 R] +/Limits [(0:4998) (0:5001)] +>> endobj +7096 0 obj << +/Names [(0:5002) 5943 0 R (0:5003) 5944 0 R (0:5004) 5945 0 R (0:5005) 5946 0 R (0:5006) 5947 0 R (0:5007) 5948 0 R] +/Limits [(0:5002) (0:5007)] +>> endobj +7097 0 obj << +/Names [(0:5008) 5949 0 R (0:5009) 5950 0 R (0:501) 1685 0 R (0:5010) 5951 0 R (0:5011) 5952 0 R (0:5012) 5953 0 R] +/Limits [(0:5008) (0:5012)] +>> endobj +7098 0 obj << +/Names [(0:5013) 5959 0 R (0:5014) 5960 0 R (0:5015) 5961 0 R (0:5016) 5962 0 R (0:5017) 5963 0 R (0:5018) 5964 0 R] +/Limits [(0:5013) (0:5018)] +>> endobj +7099 0 obj << +/Names [(0:5019) 5965 0 R (0:502) 1686 0 R (0:5020) 5966 0 R (0:5023) 5967 0 R (0:5024) 5968 0 R (0:5025) 5969 0 R] +/Limits [(0:5019) (0:5025)] +>> endobj +7100 0 obj << +/Names [(0:5026) 5970 0 R (0:5027) 5971 0 R (0:5028) 5972 0 R (0:5029) 5973 0 R (0:503) 1687 0 R (0:5030) 5974 0 R] +/Limits [(0:5026) (0:5030)] +>> endobj +7101 0 obj << +/Names [(0:5031) 5975 0 R (0:5032) 5976 0 R (0:5033) 5977 0 R (0:5034) 5978 0 R (0:5035) 5979 0 R (0:5036) 5980 0 R] +/Limits [(0:5031) (0:5036)] +>> endobj +7102 0 obj << +/Names [(0:5037) 5981 0 R (0:5038) 5982 0 R (0:5039) 5983 0 R (0:504) 1688 0 R (0:5040) 5984 0 R (0:5041) 5985 0 R] +/Limits [(0:5037) (0:5041)] +>> endobj +7103 0 obj << +/Names [(0:5042) 5986 0 R (0:5043) 5987 0 R (0:5044) 5988 0 R (0:5045) 5989 0 R (0:5046) 5990 0 R (0:5047) 5991 0 R] +/Limits [(0:5042) (0:5047)] +>> endobj +7104 0 obj << +/Names [(0:5048) 5992 0 R (0:5049) 5993 0 R (0:505) 1689 0 R (0:5050) 5994 0 R (0:5053) 5995 0 R (0:5054) 6000 0 R] +/Limits [(0:5048) (0:5054)] +>> endobj +7105 0 obj << +/Names [(0:5055) 6001 0 R (0:5056) 5958 0 R (0:5057) 6002 0 R (0:5058) 6003 0 R (0:5059) 6004 0 R (0:506) 1690 0 R] +/Limits [(0:5055) (0:506)] +>> endobj +7106 0 obj << +/Names [(0:5060) 6005 0 R (0:5061) 6006 0 R (0:5062) 6007 0 R (0:5063) 6008 0 R (0:5064) 6009 0 R (0:5065) 6010 0 R] +/Limits [(0:5060) (0:5065)] +>> endobj +7107 0 obj << +/Names [(0:5066) 6011 0 R (0:5067) 6012 0 R (0:5068) 6013 0 R (0:5069) 6014 0 R (0:507) 1691 0 R (0:5070) 6015 0 R] +/Limits [(0:5066) (0:5070)] +>> endobj +7108 0 obj << +/Names [(0:5071) 6016 0 R (0:5072) 6017 0 R (0:5073) 6018 0 R (0:5074) 6019 0 R (0:5075) 6020 0 R (0:5076) 6021 0 R] +/Limits [(0:5071) (0:5076)] +>> endobj +7109 0 obj << +/Names [(0:5077) 6022 0 R (0:5078) 6023 0 R (0:5079) 6024 0 R (0:508) 1692 0 R (0:5080) 6025 0 R (0:5081) 6026 0 R] +/Limits [(0:5077) (0:5081)] +>> endobj +7110 0 obj << +/Names [(0:5082) 6027 0 R (0:5083) 6028 0 R (0:5084) 6029 0 R (0:5085) 6030 0 R (0:5086) 6031 0 R (0:5087) 6032 0 R] +/Limits [(0:5082) (0:5087)] +>> endobj +7111 0 obj << +/Names [(0:5088) 6033 0 R (0:5089) 6034 0 R (0:509) 1693 0 R (0:5090) 6035 0 R (0:5091) 6036 0 R (0:5092) 6037 0 R] +/Limits [(0:5088) (0:5092)] +>> endobj +7112 0 obj << +/Names [(0:5093) 6038 0 R (0:5094) 6039 0 R (0:5095) 6040 0 R (0:5096) 6045 0 R (0:5097) 6046 0 R (0:5098) 6047 0 R] +/Limits [(0:5093) (0:5098)] +>> endobj +7113 0 obj << +/Names [(0:5099) 6048 0 R (0:51) 1280 0 R (0:510) 1694 0 R (0:5100) 6049 0 R (0:5101) 6050 0 R (0:5102) 6051 0 R] +/Limits [(0:5099) (0:5102)] +>> endobj +7114 0 obj << +/Names [(0:5103) 6052 0 R (0:5104) 6053 0 R (0:5105) 6054 0 R (0:5106) 6055 0 R (0:5107) 6056 0 R (0:5108) 6057 0 R] +/Limits [(0:5103) (0:5108)] +>> endobj +7115 0 obj << +/Names [(0:5109) 6058 0 R (0:511) 1695 0 R (0:5110) 6059 0 R (0:5111) 6060 0 R (0:5112) 6061 0 R (0:5113) 6062 0 R] +/Limits [(0:5109) (0:5113)] +>> endobj +7116 0 obj << +/Names [(0:5114) 6063 0 R (0:5115) 6064 0 R (0:5116) 6065 0 R (0:5117) 6066 0 R (0:5118) 6067 0 R (0:5119) 6068 0 R] +/Limits [(0:5114) (0:5119)] +>> endobj +7117 0 obj << +/Names [(0:512) 1696 0 R (0:5120) 6069 0 R (0:5121) 6070 0 R (0:5122) 6071 0 R (0:5123) 6072 0 R (0:5124) 6073 0 R] +/Limits [(0:512) (0:5124)] +>> endobj +7118 0 obj << +/Names [(0:5125) 6074 0 R (0:5126) 6075 0 R (0:5127) 6076 0 R (0:5128) 6077 0 R (0:5129) 6078 0 R (0:513) 1697 0 R] +/Limits [(0:5125) (0:513)] +>> endobj +7119 0 obj << +/Names [(0:5130) 6079 0 R (0:5131) 6080 0 R (0:5132) 6081 0 R (0:5133) 6082 0 R (0:5134) 6083 0 R (0:5135) 6084 0 R] +/Limits [(0:5130) (0:5135)] +>> endobj +7120 0 obj << +/Names [(0:5136) 6085 0 R (0:5137) 6086 0 R (0:5138) 6087 0 R (0:5139) 6088 0 R (0:514) 1698 0 R (0:5140) 6089 0 R] +/Limits [(0:5136) (0:5140)] +>> endobj +7121 0 obj << +/Names [(0:5141) 6090 0 R (0:5142) 6091 0 R (0:5143) 6092 0 R (0:5144) 6098 0 R (0:5145) 6099 0 R (0:5146) 6100 0 R] +/Limits [(0:5141) (0:5146)] +>> endobj +7122 0 obj << +/Names [(0:5147) 6101 0 R (0:5148) 6102 0 R (0:5149) 6103 0 R (0:5150) 6104 0 R (0:5151) 6105 0 R (0:5152) 6106 0 R] +/Limits [(0:5147) (0:5152)] +>> endobj +7123 0 obj << +/Names [(0:5153) 6107 0 R (0:5154) 6108 0 R (0:5155) 6109 0 R (0:5156) 6110 0 R (0:5157) 6111 0 R (0:5158) 6112 0 R] +/Limits [(0:5153) (0:5158)] +>> endobj +7124 0 obj << +/Names [(0:5159) 6113 0 R (0:5160) 6114 0 R (0:5161) 6115 0 R (0:5162) 6116 0 R (0:5163) 6117 0 R (0:5164) 6118 0 R] +/Limits [(0:5159) (0:5164)] +>> endobj +7125 0 obj << +/Names [(0:5165) 6119 0 R (0:5166) 6120 0 R (0:5167) 6121 0 R (0:5168) 6122 0 R (0:5169) 6123 0 R (0:5170) 6124 0 R] +/Limits [(0:5165) (0:5170)] +>> endobj +7126 0 obj << +/Names [(0:5171) 6125 0 R (0:5172) 6126 0 R (0:5173) 6127 0 R (0:5174) 6128 0 R (0:5175) 6129 0 R (0:5176) 6130 0 R] +/Limits [(0:5171) (0:5176)] +>> endobj +7127 0 obj << +/Names [(0:5177) 6131 0 R (0:5178) 6132 0 R (0:5179) 6133 0 R (0:5180) 6134 0 R (0:5181) 6135 0 R (0:5182) 6136 0 R] +/Limits [(0:5177) (0:5182)] +>> endobj +7128 0 obj << +/Names [(0:5183) 6137 0 R (0:5184) 6138 0 R (0:5185) 6139 0 R (0:5186) 6140 0 R (0:5187) 6141 0 R (0:5188) 6142 0 R] +/Limits [(0:5183) (0:5188)] +>> endobj +7129 0 obj << +/Names [(0:5189) 6143 0 R (0:519) 1705 0 R (0:5190) 6144 0 R (0:5191) 6145 0 R (0:5192) 6152 0 R (0:5193) 6153 0 R] +/Limits [(0:5189) (0:5193)] +>> endobj +7130 0 obj << +/Names [(0:5194) 6154 0 R (0:5195) 6155 0 R (0:5196) 6097 0 R (0:5199) 6156 0 R (0:52) 1281 0 R (0:520) 1706 0 R] +/Limits [(0:5194) (0:520)] +>> endobj +7131 0 obj << +/Names [(0:5200) 6157 0 R (0:5201) 6158 0 R (0:5202) 6159 0 R (0:5203) 6160 0 R (0:5204) 6161 0 R (0:5205) 6162 0 R] +/Limits [(0:5200) (0:5205)] +>> endobj +7132 0 obj << +/Names [(0:5206) 6163 0 R (0:5207) 6164 0 R (0:5208) 6165 0 R (0:5209) 6166 0 R (0:5210) 6167 0 R (0:5211) 6168 0 R] +/Limits [(0:5206) (0:5211)] +>> endobj +7133 0 obj << +/Names [(0:5212) 6169 0 R (0:5213) 6170 0 R (0:5214) 6171 0 R (0:5215) 6172 0 R (0:5216) 6173 0 R (0:5217) 6174 0 R] +/Limits [(0:5212) (0:5217)] +>> endobj +7134 0 obj << +/Names [(0:5218) 6175 0 R (0:5219) 6176 0 R (0:5220) 6177 0 R (0:5221) 6178 0 R (0:5222) 6179 0 R (0:5223) 6180 0 R] +/Limits [(0:5218) (0:5223)] +>> endobj +7135 0 obj << +/Names [(0:5224) 6181 0 R (0:5225) 6182 0 R (0:5226) 6183 0 R (0:5227) 6184 0 R (0:5228) 6185 0 R (0:5229) 6186 0 R] +/Limits [(0:5224) (0:5229)] +>> endobj +7136 0 obj << +/Names [(0:5230) 6187 0 R (0:5231) 6188 0 R (0:5232) 6189 0 R (0:5233) 6190 0 R (0:5234) 6191 0 R (0:5235) 6192 0 R] +/Limits [(0:5230) (0:5235)] +>> endobj +7137 0 obj << +/Names [(0:5236) 6193 0 R (0:5237) 6194 0 R (0:5238) 6195 0 R (0:5239) 6196 0 R (0:5240) 6197 0 R (0:5241) 6198 0 R] +/Limits [(0:5236) (0:5241)] +>> endobj +7138 0 obj << +/Names [(0:5242) 6199 0 R (0:5243) 6200 0 R (0:5244) 6201 0 R (0:5245) 6202 0 R (0:5246) 6203 0 R (0:5247) 6209 0 R] +/Limits [(0:5242) (0:5247)] +>> endobj +7139 0 obj << +/Names [(0:5248) 6210 0 R (0:5249) 6211 0 R (0:5250) 6151 0 R (0:5251) 6212 0 R (0:5252) 6213 0 R (0:5253) 6214 0 R] +/Limits [(0:5248) (0:5253)] +>> endobj +7140 0 obj << +/Names [(0:5254) 6215 0 R (0:5255) 6216 0 R (0:5256) 6217 0 R (0:5257) 6218 0 R (0:5258) 6219 0 R (0:5259) 6220 0 R] +/Limits [(0:5254) (0:5259)] +>> endobj +7141 0 obj << +/Names [(0:5260) 6221 0 R (0:5261) 6222 0 R (0:5262) 6223 0 R (0:5263) 6224 0 R (0:5264) 6225 0 R (0:5265) 6226 0 R] +/Limits [(0:5260) (0:5265)] +>> endobj +7142 0 obj << +/Names [(0:5266) 6227 0 R (0:5267) 6228 0 R (0:5268) 6229 0 R (0:5269) 6230 0 R (0:5270) 6231 0 R (0:5271) 6232 0 R] +/Limits [(0:5266) (0:5271)] +>> endobj +7143 0 obj << +/Names [(0:5272) 6233 0 R (0:5273) 6234 0 R (0:5274) 6235 0 R (0:5275) 6236 0 R (0:5276) 6237 0 R (0:5277) 6238 0 R] +/Limits [(0:5272) (0:5277)] +>> endobj +7144 0 obj << +/Names [(0:5278) 6239 0 R (0:5279) 6240 0 R (0:5280) 6241 0 R (0:5281) 6242 0 R (0:5282) 6243 0 R (0:5283) 6244 0 R] +/Limits [(0:5278) (0:5283)] +>> endobj +7145 0 obj << +/Names [(0:5284) 6245 0 R (0:5285) 6246 0 R (0:5286) 6247 0 R (0:5287) 6253 0 R (0:5288) 6254 0 R (0:5289) 6255 0 R] +/Limits [(0:5284) (0:5289)] +>> endobj +7146 0 obj << +/Names [(0:5290) 6208 0 R (0:5293) 6256 0 R (0:5294) 6257 0 R (0:5297) 6258 0 R (0:5299) 6259 0 R (0:53) 1282 0 R] +/Limits [(0:5290) (0:53)] +>> endobj +7147 0 obj << +/Names [(0:5300) 6260 0 R (0:5301) 6261 0 R (0:5302) 6262 0 R (0:5303) 6263 0 R (0:5304) 6264 0 R (0:5305) 6265 0 R] +/Limits [(0:5300) (0:5305)] +>> endobj +7148 0 obj << +/Names [(0:5306) 6266 0 R (0:5307) 6267 0 R (0:5308) 6268 0 R (0:5309) 6269 0 R (0:5310) 6270 0 R (0:5311) 6271 0 R] +/Limits [(0:5306) (0:5311)] +>> endobj +7149 0 obj << +/Names [(0:5312) 6272 0 R (0:5313) 6273 0 R (0:5314) 6274 0 R (0:5315) 6275 0 R (0:5316) 6276 0 R (0:5317) 6277 0 R] +/Limits [(0:5312) (0:5317)] +>> endobj +7150 0 obj << +/Names [(0:5318) 6278 0 R (0:5319) 6279 0 R (0:5320) 6280 0 R (0:5321) 6281 0 R (0:5322) 6282 0 R (0:5323) 6283 0 R] +/Limits [(0:5318) (0:5323)] +>> endobj +7151 0 obj << +/Names [(0:5324) 6284 0 R (0:5325) 6285 0 R (0:5326) 6286 0 R (0:5327) 6287 0 R (0:5328) 6288 0 R (0:5329) 6289 0 R] +/Limits [(0:5324) (0:5329)] +>> endobj +7152 0 obj << +/Names [(0:5330) 6290 0 R (0:5331) 6291 0 R (0:5332) 6292 0 R (0:5333) 6293 0 R (0:5334) 6299 0 R (0:5335) 6300 0 R] +/Limits [(0:5330) (0:5335)] +>> endobj +7153 0 obj << +/Names [(0:5336) 6301 0 R (0:5339) 6302 0 R (0:5340) 6303 0 R (0:5341) 6304 0 R (0:5342) 6305 0 R (0:5343) 6306 0 R] +/Limits [(0:5336) (0:5343)] +>> endobj +7154 0 obj << +/Names [(0:5344) 6307 0 R (0:5345) 6308 0 R (0:5346) 6309 0 R (0:5347) 6310 0 R (0:5349) 6311 0 R (0:5350) 6312 0 R] +/Limits [(0:5344) (0:5350)] +>> endobj +7155 0 obj << +/Names [(0:5351) 6313 0 R (0:5352) 6314 0 R (0:5353) 6315 0 R (0:5355) 6316 0 R (0:5356) 6317 0 R (0:5357) 6318 0 R] +/Limits [(0:5351) (0:5357)] +>> endobj +7156 0 obj << +/Names [(0:5358) 6319 0 R (0:5361) 6324 0 R (0:5362) 6325 0 R (0:5363) 6326 0 R (0:5364) 6327 0 R (0:5365) 6328 0 R] +/Limits [(0:5358) (0:5365)] +>> endobj +7157 0 obj << +/Names [(0:5366) 6329 0 R (0:5367) 6330 0 R (0:5370) 6331 0 R (0:5372) 6332 0 R (0:5373) 6333 0 R (0:5374) 6334 0 R] +/Limits [(0:5366) (0:5374)] +>> endobj +7158 0 obj << +/Names [(0:5376) 6335 0 R (0:5377) 6336 0 R (0:5378) 6337 0 R (0:5380) 6338 0 R (0:5381) 6339 0 R (0:5382) 6340 0 R] +/Limits [(0:5376) (0:5382)] +>> endobj +7159 0 obj << +/Names [(0:5384) 6341 0 R (0:5385) 6342 0 R (0:5386) 6343 0 R (0:5388) 6344 0 R (0:5389) 6345 0 R (0:5390) 6346 0 R] +/Limits [(0:5384) (0:5390)] +>> endobj +7160 0 obj << +/Names [(0:5392) 6347 0 R (0:5393) 6348 0 R (0:5394) 6349 0 R (0:5396) 6350 0 R (0:5397) 6351 0 R (0:5398) 6352 0 R] +/Limits [(0:5392) (0:5398)] +>> endobj +7161 0 obj << +/Names [(0:54) 1283 0 R (0:540) 1709 0 R (0:5400) 6353 0 R (0:5401) 6354 0 R (0:5402) 6355 0 R (0:5403) 6356 0 R] +/Limits [(0:54) (0:5403)] +>> endobj +7162 0 obj << +/Names [(0:5405) 6357 0 R (0:5406) 6358 0 R (0:5407) 6359 0 R (0:5409) 6365 0 R (0:5410) 6366 0 R (0:5411) 6367 0 R] +/Limits [(0:5405) (0:5411)] +>> endobj +7163 0 obj << +/Names [(0:5413) 6360 0 R (0:5414) 6368 0 R (0:5415) 6369 0 R (0:5417) 6370 0 R (0:5418) 6371 0 R (0:5419) 6372 0 R] +/Limits [(0:5413) (0:5419)] +>> endobj +7164 0 obj << +/Names [(0:542) 1710 0 R (0:5421) 6373 0 R (0:5422) 6374 0 R (0:5423) 6375 0 R (0:5425) 6376 0 R (0:5426) 6377 0 R] +/Limits [(0:542) (0:5426)] +>> endobj +7165 0 obj << +/Names [(0:5427) 6378 0 R (0:5429) 6379 0 R (0:543) 1711 0 R (0:5430) 6380 0 R (0:5431) 6381 0 R (0:5433) 6382 0 R] +/Limits [(0:5427) (0:5433)] +>> endobj +7166 0 obj << +/Names [(0:5434) 6383 0 R (0:5435) 6384 0 R (0:5437) 6385 0 R (0:5438) 6386 0 R (0:5439) 6387 0 R (0:544) 1712 0 R] +/Limits [(0:5434) (0:544)] +>> endobj +7167 0 obj << +/Names [(0:5441) 6388 0 R (0:5442) 6389 0 R (0:5443) 6390 0 R (0:5445) 6391 0 R (0:5446) 6392 0 R (0:5447) 6393 0 R] +/Limits [(0:5441) (0:5447)] +>> endobj +7168 0 obj << +/Names [(0:5449) 6394 0 R (0:5450) 6395 0 R (0:5451) 6396 0 R (0:5453) 6397 0 R (0:5454) 6398 0 R (0:5455) 6399 0 R] +/Limits [(0:5449) (0:5455)] +>> endobj +7169 0 obj << +/Names [(0:5457) 6400 0 R (0:5458) 6401 0 R (0:5459) 6402 0 R (0:5461) 6403 0 R (0:5462) 6404 0 R (0:5463) 6405 0 R] +/Limits [(0:5457) (0:5463)] +>> endobj +7170 0 obj << +/Names [(0:5465) 6406 0 R (0:5466) 6407 0 R (0:5467) 6408 0 R (0:5469) 6414 0 R (0:5470) 6415 0 R (0:5471) 6416 0 R] +/Limits [(0:5465) (0:5471)] +>> endobj +7171 0 obj << +/Names [(0:5474) 6417 0 R (0:5476) 6418 0 R (0:5477) 6419 0 R (0:5478) 6420 0 R (0:5480) 6421 0 R (0:5481) 6422 0 R] +/Limits [(0:5474) (0:5481)] +>> endobj +7172 0 obj << +/Names [(0:5482) 6423 0 R (0:5484) 6424 0 R (0:5485) 6425 0 R (0:5486) 6426 0 R (0:5488) 6427 0 R (0:5489) 6428 0 R] +/Limits [(0:5482) (0:5489)] +>> endobj +7173 0 obj << +/Names [(0:5490) 6429 0 R (0:5492) 6430 0 R (0:5493) 6431 0 R (0:5494) 6432 0 R (0:5496) 6433 0 R (0:5497) 6434 0 R] +/Limits [(0:5490) (0:5497)] +>> endobj +7174 0 obj << +/Names [(0:5498) 6435 0 R (0:55) 1284 0 R (0:5500) 6436 0 R (0:5501) 6437 0 R (0:5502) 6438 0 R (0:5505) 6439 0 R] +/Limits [(0:5498) (0:5505)] +>> endobj +7175 0 obj << +/Names [(0:5507) 6440 0 R (0:5508) 6441 0 R (0:5509) 6442 0 R (0:5511) 6443 0 R (0:5512) 6444 0 R (0:5513) 6445 0 R] +/Limits [(0:5507) (0:5513)] +>> endobj +7176 0 obj << +/Names [(0:5515) 6446 0 R (0:5516) 6447 0 R (0:5517) 6448 0 R (0:5519) 6449 0 R (0:5520) 6450 0 R (0:5521) 6451 0 R] +/Limits [(0:5515) (0:5521)] +>> endobj +7177 0 obj << +/Names [(0:56) 1285 0 R (0:566) 1716 0 R (0:567) 1717 0 R (0:57) 1286 0 R (0:58) 1287 0 R (0:59) 1288 0 R] +/Limits [(0:56) (0:59)] +>> endobj +7178 0 obj << +/Names [(0:606) 1720 0 R (0:607) 1721 0 R (0:62) 1295 0 R (0:63) 1296 0 R (0:64) 1297 0 R (0:646) 1727 0 R] +/Limits [(0:606) (0:646)] +>> endobj +7179 0 obj << +/Names [(0:647) 1728 0 R (0:648) 1729 0 R (0:649) 1730 0 R (0:65) 1298 0 R (0:650) 1731 0 R (0:651) 1732 0 R] +/Limits [(0:647) (0:651)] +>> endobj +7180 0 obj << +/Names [(0:652) 1734 0 R (0:653) 1735 0 R (0:654) 1736 0 R (0:655) 1737 0 R (0:656) 1738 0 R (0:657) 1740 0 R] +/Limits [(0:652) (0:657)] +>> endobj +7181 0 obj << +/Names [(0:658) 1741 0 R (0:659) 1742 0 R (0:66) 1299 0 R (0:660) 1743 0 R (0:661) 1744 0 R (0:662) 1745 0 R] +/Limits [(0:658) (0:662)] +>> endobj +7182 0 obj << +/Names [(0:663) 1746 0 R (0:664) 1747 0 R (0:665) 1752 0 R (0:666) 1753 0 R (0:667) 1754 0 R (0:668) 1755 0 R] +/Limits [(0:663) (0:668)] +>> endobj +7183 0 obj << +/Names [(0:669) 1756 0 R (0:67) 1300 0 R (0:670) 1757 0 R (0:671) 1758 0 R (0:672) 1759 0 R (0:673) 1760 0 R] +/Limits [(0:669) (0:673)] +>> endobj +7184 0 obj << +/Names [(0:674) 1761 0 R (0:675) 1762 0 R (0:676) 1763 0 R (0:677) 1764 0 R (0:678) 1765 0 R (0:679) 1766 0 R] +/Limits [(0:674) (0:679)] +>> endobj +7185 0 obj << +/Names [(0:68) 1301 0 R (0:680) 1767 0 R (0:681) 1768 0 R (0:682) 1769 0 R (0:684) 1770 0 R (0:685) 1771 0 R] +/Limits [(0:68) (0:685)] +>> endobj +7186 0 obj << +/Names [(0:686) 1772 0 R (0:687) 1773 0 R (0:688) 1774 0 R (0:689) 1775 0 R (0:69) 1302 0 R (0:690) 1776 0 R] +/Limits [(0:686) (0:690)] +>> endobj +7187 0 obj << +/Names [(0:691) 1777 0 R (0:692) 1778 0 R (0:693) 1779 0 R (0:694) 1780 0 R (0:695) 1781 0 R (0:696) 1782 0 R] +/Limits [(0:691) (0:696)] +>> endobj +7188 0 obj << +/Names [(0:697) 1783 0 R (0:698) 1784 0 R (0:699) 1785 0 R (0:70) 1303 0 R (0:700) 1786 0 R (0:701) 1787 0 R] +/Limits [(0:697) (0:701)] +>> endobj +7189 0 obj << +/Names [(0:702) 1788 0 R (0:704) 1789 0 R (0:709) 1795 0 R (0:710) 1796 0 R (0:711) 1797 0 R (0:712) 1798 0 R] +/Limits [(0:702) (0:712)] +>> endobj +7190 0 obj << +/Names [(0:713) 1799 0 R (0:714) 1800 0 R (0:715) 1801 0 R (0:716) 1802 0 R (0:717) 1803 0 R (0:718) 1804 0 R] +/Limits [(0:713) (0:718)] +>> endobj +7191 0 obj << +/Names [(0:719) 1805 0 R (0:720) 1806 0 R (0:721) 1807 0 R (0:722) 1808 0 R (0:723) 1809 0 R (0:724) 1810 0 R] +/Limits [(0:719) (0:724)] +>> endobj +7192 0 obj << +/Names [(0:725) 1811 0 R (0:726) 1812 0 R (0:727) 1813 0 R (0:728) 1814 0 R (0:729) 1815 0 R (0:73) 1304 0 R] +/Limits [(0:725) (0:73)] +>> endobj +7193 0 obj << +/Names [(0:732) 1816 0 R (0:733) 1817 0 R (0:734) 1818 0 R (0:735) 1819 0 R (0:736) 1820 0 R (0:737) 1821 0 R] +/Limits [(0:732) (0:737)] +>> endobj +7194 0 obj << +/Names [(0:738) 1822 0 R (0:74) 1305 0 R (0:741) 1823 0 R (0:742) 1828 0 R (0:743) 1829 0 R (0:744) 1830 0 R] +/Limits [(0:738) (0:744)] +>> endobj +7195 0 obj << +/Names [(0:745) 1831 0 R (0:746) 1832 0 R (0:747) 1833 0 R (0:748) 1834 0 R (0:749) 1835 0 R (0:750) 1836 0 R] +/Limits [(0:745) (0:750)] +>> endobj +7196 0 obj << +/Names [(0:751) 1837 0 R (0:752) 1838 0 R (0:753) 1839 0 R (0:754) 1840 0 R (0:755) 1841 0 R (0:756) 1842 0 R] +/Limits [(0:751) (0:756)] +>> endobj +7197 0 obj << +/Names [(0:757) 1843 0 R (0:758) 1844 0 R (0:759) 1845 0 R (0:76) 1306 0 R (0:760) 1846 0 R (0:761) 1847 0 R] +/Limits [(0:757) (0:761)] +>> endobj +7198 0 obj << +/Names [(0:762) 1848 0 R (0:763) 1849 0 R (0:764) 1850 0 R (0:765) 1851 0 R (0:766) 1852 0 R (0:767) 1853 0 R] +/Limits [(0:762) (0:767)] +>> endobj +7199 0 obj << +/Names [(0:768) 1854 0 R (0:769) 1855 0 R (0:77) 1307 0 R (0:770) 1856 0 R (0:771) 1857 0 R (0:772) 1858 0 R] +/Limits [(0:768) (0:772)] +>> endobj +7200 0 obj << +/Names [(0:773) 1859 0 R (0:774) 1860 0 R (0:775) 1861 0 R (0:776) 1862 0 R (0:777) 1863 0 R (0:778) 1864 0 R] +/Limits [(0:773) (0:778)] +>> endobj +7201 0 obj << +/Names [(0:779) 1865 0 R (0:78) 1308 0 R (0:780) 1866 0 R (0:781) 1867 0 R (0:782) 1868 0 R (0:783) 1869 0 R] +/Limits [(0:779) (0:783)] +>> endobj +7202 0 obj << +/Names [(0:784) 1870 0 R (0:785) 1871 0 R (0:786) 1872 0 R (0:789) 1873 0 R (0:79) 1309 0 R (0:790) 1874 0 R] +/Limits [(0:784) (0:790)] +>> endobj +7203 0 obj << +/Names [(0:791) 1880 0 R (0:792) 1881 0 R (0:793) 1882 0 R (0:794) 1883 0 R (0:795) 1884 0 R (0:796) 1885 0 R] +/Limits [(0:791) (0:796)] +>> endobj +7204 0 obj << +/Names [(0:797) 1886 0 R (0:798) 1887 0 R (0:799) 1888 0 R (0:80) 1310 0 R (0:800) 1889 0 R (0:801) 1890 0 R] +/Limits [(0:797) (0:801)] +>> endobj +7205 0 obj << +/Names [(0:802) 1891 0 R (0:803) 1892 0 R (0:804) 1893 0 R (0:805) 1894 0 R (0:806) 1895 0 R (0:807) 1896 0 R] +/Limits [(0:802) (0:807)] +>> endobj +7206 0 obj << +/Names [(0:808) 1897 0 R (0:809) 1898 0 R (0:81) 1311 0 R (0:810) 1899 0 R (0:811) 1900 0 R (0:812) 1901 0 R] +/Limits [(0:808) (0:812)] +>> endobj +7207 0 obj << +/Names [(0:813) 1902 0 R (0:814) 1903 0 R (0:815) 1904 0 R (0:816) 1905 0 R (0:817) 1906 0 R (0:818) 1907 0 R] +/Limits [(0:813) (0:818)] +>> endobj +7208 0 obj << +/Names [(0:819) 1908 0 R (0:820) 1909 0 R (0:822) 1910 0 R (0:823) 1911 0 R (0:824) 1912 0 R (0:827) 1913 0 R] +/Limits [(0:819) (0:827)] +>> endobj +7209 0 obj << +/Names [(0:828) 1914 0 R (0:829) 1915 0 R (0:83) 1312 0 R (0:830) 1916 0 R (0:833) 1917 0 R (0:834) 1918 0 R] +/Limits [(0:828) (0:834)] +>> endobj +7210 0 obj << +/Names [(0:835) 1919 0 R (0:836) 1920 0 R (0:837) 1921 0 R (0:838) 1922 0 R (0:839) 1929 0 R (0:84) 1313 0 R] +/Limits [(0:835) (0:84)] +>> endobj +7211 0 obj << +/Names [(0:840) 1930 0 R (0:843) 1931 0 R (0:844) 1932 0 R (0:846) 1933 0 R (0:847) 1934 0 R (0:848) 1943 0 R] +/Limits [(0:840) (0:848)] +>> endobj +7212 0 obj << +/Names [(0:849) 1944 0 R (0:85) 1314 0 R (0:850) 1945 0 R (0:851) 1946 0 R (0:852) 1947 0 R (0:853) 1948 0 R] +/Limits [(0:849) (0:853)] +>> endobj +7213 0 obj << +/Names [(0:854) 1949 0 R (0:855) 1950 0 R (0:856) 1951 0 R (0:857) 1952 0 R (0:858) 1953 0 R (0:859) 1954 0 R] +/Limits [(0:854) (0:859)] +>> endobj +7214 0 obj << +/Names [(0:86) 1315 0 R (0:860) 1955 0 R (0:861) 1956 0 R (0:862) 1957 0 R (0:865) 1958 0 R (0:866) 1959 0 R] +/Limits [(0:86) (0:866)] +>> endobj +7215 0 obj << +/Names [(0:868) 1960 0 R (0:869) 1961 0 R (0:87) 1316 0 R (0:872) 1962 0 R (0:874) 1963 0 R (0:875) 1964 0 R] +/Limits [(0:868) (0:875)] +>> endobj +7216 0 obj << +/Names [(0:876) 1965 0 R (0:878) 1966 0 R (0:879) 1967 0 R (0:88) 1317 0 R (0:882) 1973 0 R (0:883) 1974 0 R] +/Limits [(0:876) (0:883)] +>> endobj +7217 0 obj << +/Names [(0:884) 1975 0 R (0:885) 1976 0 R (0:886) 1977 0 R (0:887) 1978 0 R (0:888) 1979 0 R (0:889) 1980 0 R] +/Limits [(0:884) (0:889)] +>> endobj +7218 0 obj << +/Names [(0:89) 1318 0 R (0:891) 1981 0 R (0:892) 1982 0 R (0:893) 1983 0 R (0:895) 1984 0 R (0:896) 1985 0 R] +/Limits [(0:89) (0:896)] +>> endobj +7219 0 obj << +/Names [(0:897) 1986 0 R (0:899) 1987 0 R (0:90) 1319 0 R (0:900) 1988 0 R (0:901) 1989 0 R (0:902) 1990 0 R] +/Limits [(0:897) (0:902)] +>> endobj +7220 0 obj << +/Names [(0:903) 1991 0 R (0:904) 1992 0 R (0:905) 1993 0 R (0:908) 1999 0 R (0:909) 2000 0 R (0:910) 2001 0 R] +/Limits [(0:903) (0:910)] +>> endobj +7221 0 obj << +/Names [(0:911) 2002 0 R (0:912) 2003 0 R (0:913) 2004 0 R (0:914) 2005 0 R (0:915) 2006 0 R (0:916) 2007 0 R] +/Limits [(0:911) (0:916)] +>> endobj +7222 0 obj << +/Names [(0:917) 2008 0 R (0:918) 2009 0 R (0:919) 2010 0 R (0:92) 1320 0 R (0:920) 2011 0 R (0:921) 2012 0 R] +/Limits [(0:917) (0:921)] +>> endobj +7223 0 obj << +/Names [(0:922) 2013 0 R (0:923) 2014 0 R (0:924) 2015 0 R (0:925) 2016 0 R (0:926) 2017 0 R (0:927) 2018 0 R] +/Limits [(0:922) (0:927)] +>> endobj +7224 0 obj << +/Names [(0:928) 2019 0 R (0:929) 2020 0 R (0:93) 1321 0 R (0:930) 2021 0 R (0:931) 2022 0 R (0:932) 2023 0 R] +/Limits [(0:928) (0:932)] +>> endobj +7225 0 obj << +/Names [(0:933) 2024 0 R (0:934) 2025 0 R (0:935) 2026 0 R (0:936) 2027 0 R (0:937) 2028 0 R (0:938) 2029 0 R] +/Limits [(0:933) (0:938)] +>> endobj +7226 0 obj << +/Names [(0:939) 2030 0 R (0:94) 1322 0 R (0:940) 2031 0 R (0:941) 2032 0 R (0:942) 2033 0 R (0:943) 2034 0 R] +/Limits [(0:939) (0:943)] +>> endobj +7227 0 obj << +/Names [(0:944) 2035 0 R (0:945) 2036 0 R (0:946) 2037 0 R (0:947) 2038 0 R (0:948) 2039 0 R (0:949) 2040 0 R] +/Limits [(0:944) (0:949)] +>> endobj +7228 0 obj << +/Names [(0:95) 1323 0 R (0:950) 2041 0 R (0:951) 2042 0 R (0:954) 2048 0 R (0:955) 2049 0 R (0:956) 2050 0 R] +/Limits [(0:95) (0:956)] +>> endobj +7229 0 obj << +/Names [(0:957) 2051 0 R (0:961) 2052 0 R (0:962) 2053 0 R (0:963) 2054 0 R (0:964) 2055 0 R (0:965) 2056 0 R] +/Limits [(0:957) (0:965)] +>> endobj +7230 0 obj << +/Names [(0:966) 2057 0 R (0:969) 2059 0 R (0:97) 1324 0 R (0:970) 2060 0 R (0:971) 2061 0 R (0:98) 1325 0 R] +/Limits [(0:966) (0:98)] +>> endobj +7231 0 obj << +/Names [(0:99) 1326 0 R (0:ACLCHECK) 3096 0 R (0:ALL-EXCEPT) 1000 0 R (0:AUTH-CRED) 4113 0 R (0:BASCLT) 996 0 R (0:BASIC-CONFIGURATION) 982 0 R] +/Limits [(0:99) (0:BASIC-CONFIGURATION)] +>> endobj +7232 0 obj << +/Names [(0:CALLING-EXTERNAL-PROGRAMS) 1131 0 R (0:CHANGE-CODES) 3109 0 R (0:CHECKING-FOR-KERNEL-MODULE-ROOTKITS) 1224 0 R (0:CHECKING-FOR-SUID-FILES) 1225 0 R (0:CHECKING-MOUNTS) 1226 0 R (0:CHECKING-PORTS) 1229 0 R] +/Limits [(0:CALLING-EXTERNAL-PROGRAMS) (0:CHECKING-PORTS)] +>> endobj +7233 0 obj << +/Names [(0:CHECKING-PROCESSES) 1228 0 R (0:CHECKING-USERFILES) 1227 0 R (0:CHROOT) 1122 0 R (0:CLASSES) 2094 0 R (0:CLIENT-INTEGRITY) 1143 0 R (0:CLIENT-SERVER-CONNECTIVITY) 1212 0 R] +/Limits [(0:CHECKING-PROCESSES) (0:CLIENT-SERVER-CONNECTIVITY)] +>> endobj +7234 0 obj << +/Names [(0:CLIENTS) 1116 0 R (0:COMMAND-LINE) 1214 0 R (0:COMMAND-LINE-GENERAL) 1215 0 R (0:COMMAND-LINE-YULE) 1217 0 R (0:COMPILATION-CHECKS) 1210 0 R (0:COMPILATION-OPTIONS) 1208 0 R] +/Limits [(0:CLIENTS) (0:COMPILATION-OPTIONS)] +>> endobj +7235 0 obj << +/Names [(0:COMPILATION-OPTIONS-GENERAL) 1209 0 R (0:CONDITIONALS) 5614 0 R (0:CONFIGFACILITY) 984 0 R (0:CONFIGFILE) 1219 0 R (0:CONFIGFILE-CLIENTS) 1234 0 R (0:CONFIGURATION-EMAIL) 986 0 R] +/Limits [(0:COMPILATION-OPTIONS-GENERAL) (0:CONFIGURATION-EMAIL)] +>> endobj +7236 0 obj << +/Names [(0:CONFIGURATION-EXTERNAL) 989 0 R (0:CONFIGURATION-FILE-DOWNLOAD) 3858 0 R (0:CONFIGURATION-LOGSERVER) 988 0 R (0:CONSOLEDETAILS) 990 0 R (0:CONTROLLING-THE-DAEMON) 973 0 R (0:CUSTOMRPM) 4998 0 R] +/Limits [(0:CONFIGURATION-EXTERNAL) (0:CUSTOMRPM)] +>> endobj +7237 0 obj << +/Names [(0:DAEMONTOOL) 972 0 R (0:DATABASE) 1231 0 R (0:DATABASE-CONFIGURATION-FILE-DOWNLOAD) 1118 0 R (0:DATABASE-FIELDS) 1235 0 R (0:DATABASE-FILE-DOWNLOAD) 3887 0 R (0:DATABASEFILE) 1101 0 R] +/Limits [(0:DAEMONTOOL) (0:DATABASEFILE)] +>> endobj +7238 0 obj << +/Names [(0:DB-UPGRADE) 2643 0 R (0:DB-UPGRADE2) 2657 0 R (0:DEB) 5055 0 R (0:DEFTRUST) 1409 0 R (0:DEPLOY-BUILD) 4855 0 R (0:DEPLOY-BUILD-OPT) 4868 0 R] +/Limits [(0:DB-UPGRADE) (0:DEPLOY-BUILD-OPT)] +>> endobj +7239 0 obj << +/Names [(0:DEPLOY-CHECKSRC) 4849 0 R (0:DEPLOY-CHECKSRC-OPT) 4852 0 R (0:DEPLOY-CLEAN) 4827 0 R (0:DEPLOY-CLEAN-OPT) 4831 0 R (0:DEPLOY-CUSTOMIZE) 4716 0 R (0:DEPLOY-DOWNLOAD) 4833 0 R] +/Limits [(0:DEPLOY-CHECKSRC) (0:DEPLOY-DOWNLOAD)] +>> endobj +7240 0 obj << +/Names [(0:DEPLOY-DOWNLOAD-OPT) 4842 0 R (0:DEPLOY-INFO) 4822 0 R (0:DEPLOY-INFO-OPT) 4824 0 R (0:DEPLOY-INSTALL) 4891 0 R (0:DEPLOY-INSTALL-OPT) 4918 0 R (0:DEPLOY-LAYOUT) 4620 0 R] +/Limits [(0:DEPLOY-DOWNLOAD-OPT) (0:DEPLOY-LAYOUT)] +>> endobj +7241 0 obj << +/Names [(0:DEPLOY-LAYOUT-ARCHPKG) 4707 0 R (0:DEPLOY-LAYOUT-CONFIGS) 4674 0 R (0:DEPLOY-MISC) 4966 0 R (0:DEPLOY-REQ) 4619 0 R (0:DEPLOY-SCRIPT) 4747 0 R (0:DEPLOY-SH-GENERAL) 4807 0 R] +/Limits [(0:DEPLOY-LAYOUT-ARCHPKG) (0:DEPLOY-SH-GENERAL)] +>> endobj +7242 0 obj << +/Names [(0:DEPLOY-UNINSTALL) 4960 0 R (0:DEPLOY-UNINSTALL-OPT) 4963 0 R (0:DEPLOY.SH) 1138 0 R (0:DEPLOYMENT) 1137 0 R (0:DESIGN) 1145 0 R (0:DNMALLOC) 980 0 R] +/Limits [(0:DEPLOY-UNINSTALL) (0:DNMALLOC)] +>> endobj +7243 0 obj << +/Names [(0:DROPROOT) 1115 0 R (0:DYNUP) 1935 0 R (0:EMAILDETAILS) 2286 0 R (0:ENABLING-LOGGING-TO-THE-SERVER) 1117 0 R (0:EXTERN) 1128 0 R (0:EXTERNAL) 1233 0 R] +/Limits [(0:DROPROOT) (0:EXTERNAL)] +>> endobj +7244 0 obj << +/Names [(0:FILE-CONTENT-STORE) 1112 0 R (0:FILE-MONITOR) 995 0 R (0:FILE-SIGNATURES) 998 0 R (0:FILE-SPECIFICATION) 2884 0 R (0:FILEDEF) 999 0 R (0:FILES-TO-CHECK) 1220 0 R] +/Limits [(0:FILE-CONTENT-STORE) (0:FILES-TO-CHECK)] +>> endobj +7245 0 obj << +/Names [(0:GCM) 1120 0 R (0:GEN-DB-FIELDS) 1236 0 R (0:GENERAL) 1114 0 R (0:HARDLINKCHECK) 3020 0 R (0:HASH-FUNCTION) 997 0 R (0:HIDING-THE-EXECUTABLE) 1135 0 R] +/Limits [(0:GCM) (0:HIDING-THE-EXECUTABLE)] +>> endobj +7246 0 obj << +/Names [(0:HLOFFSETS) 3029 0 R (0:HOW-TO-INVOKE) 971 0 R (0:HPUX) 5025 0 R (0:IMPROVING-THE-SIGNAL-TO-NOISE-RATIO) 978 0 R (0:INDEX) 851 0 R (0:INITIALIZING-UPDATING-CHECKING) 1100 0 R] +/Limits [(0:HLOFFSETS) (0:INITIALIZING-UPDATING-CHECKING)] +>> endobj +7247 0 obj << +/Names [(0:INSTALLATION) 958 0 R (0:INSTALLATION-BUILD) 963 0 R (0:INSTALLATION-CONFIGURE) 962 0 R (0:INSTALLATION-CUSTOMIZE) 965 0 R (0:INSTALLATION-DOWNLOAD) 961 0 R (0:INSTALLATION-FILES) 1714 0 R] +/Limits [(0:INSTALLATION) (0:INSTALLATION-FILES)] +>> endobj +7248 0 obj << +/Names [(0:INSTALLATION-INITIALIZE) 966 0 R (0:INSTALLATION-INSTALL) 964 0 R (0:INSTALLATION-OVERVIEW) 959 0 R (0:INSTALLATION-REQUIREMENTS) 960 0 R (0:INSTALLATION-RUNNING) 967 0 R (0:INSTALLED-CLIENT) 1715 0 R] +/Limits [(0:INSTALLATION-INITIALIZE) (0:INSTALLED-CLIENT)] +>> endobj +7249 0 obj << +/Names [(0:INSTALLED-SERVER) 1719 0 R (0:INTRO) 957 0 R (0:KERNELDEF) 1103 0 R (0:KERNELDEF-CONFIG) 3283 0 R (0:KERNELDEF-ERRORS) 3362 0 R (0:KERNELDEF-HOW) 3334 0 R] +/Limits [(0:INSTALLED-SERVER) (0:KERNELDEF-HOW)] +>> endobj +7250 0 obj << +/Names [(0:KERNELDEF-WHAT) 3324 0 R (0:KEYPAD) 1142 0 R (0:KHIDE) 4495 0 R (0:LAYOUT) 968 0 R (0:LAYOUT-DETAILS) 1648 0 R (0:LIBWRAP) 1123 0 R] +/Limits [(0:KERNELDEF-WHAT) (0:LIBWRAP)] +>> endobj +7251 0 obj << +/Names [(0:LOG-FILE-ROTATION) 976 0 R (0:LOGDEF) 983 0 R (0:LOGFILE) 1923 0 R (0:LOGGING-THRESHOLDS) 1222 0 R (0:LOGMON) 1109 0 R (0:LOGMON-CHECK) 1230 0 R] +/Limits [(0:LOG-FILE-ROTATION) (0:LOGMON-CHECK)] +>> endobj +7252 0 obj << +/Names [(0:LOGSERVERDETAILS) 2406 0 R (0:MISCELLANEOUS) 1232 0 R (0:MOD-DB-FIELDS) 1237 0 R (0:MODULES) 1110 0 R (0:MONDEF) 1104 0 R (0:MOUNTCHECK) 1105 0 R] +/Limits [(0:LOGSERVERDETAILS) (0:MOUNTCHECK)] +>> endobj +7253 0 obj << +/Names [(0:MYSQL-CFG) 2661 0 R (0:NAGIOS) 992 0 R (0:NATIVE-PACKAGES) 1139 0 R (0:OBSCURE) 3042 0 R (0:OPENPGP-SIGNATURES) 1211 0 R (0:OPTIONS-CONFIGURATION-FILE) 979 0 R] +/Limits [(0:MYSQL-CFG) (0:OPTIONS-CONFIGURATION-FILE)] +>> endobj +7254 0 obj << +/Names [(0:PACKING-THE-EXECUTABLE) 1136 0 R (0:PAGING) 4294 0 R (0:PATHS) 1213 0 R (0:PERFORMANCE-TUNING) 1111 0 R (0:PERFORMANCE-TUNING-SERVER) 1127 0 R (0:PID-FILE) 975 0 R] +/Limits [(0:PACKING-THE-EXECUTABLE) (0:PID-FILE)] +>> endobj +7255 0 obj << +/Names [(0:PIPES) 1129 0 R (0:POLICY) 1968 0 R (0:POLRULES) 2904 0 R (0:PORTCHECK) 1108 0 R (0:PRELINK) 2893 0 R (0:PRELUDE8) 2527 0 R] +/Limits [(0:PIPES) (0:PRELUDE8)] +>> endobj +7256 0 obj << +/Names [(0:PRELUDE9) 2450 0 R (0:PRELUDECL) 2480 0 R (0:PRELUDEDETAILS) 991 0 R (0:PROCESSCHECK) 1107 0 R (0:RECDEP) 2940 0 R (0:RPM) 4997 0 R] +/Limits [(0:PRELUDE9) (0:RPM)] +>> endobj +7257 0 obj << +/Names [(0:RUNTIME-CLIENT) 1704 0 R (0:RUNTIME-FILES) 1699 0 R (0:RUNTIME-SERVER) 1708 0 R (0:SAMHAIN-COMMAND-LINE) 1216 0 R (0:SAMHAINADMIN) 1133 0 R (0:SECOND-SCHEDULE) 3142 0 R] +/Limits [(0:RUNTIME-CLIENT) (0:SECOND-SCHEDULE)] +>> endobj +7258 0 obj << +/Names [(0:SECURITY-DESIGN) 1140 0 R (0:SECURITY-USAGE) 1141 0 R (0:SEND-COMMANDS) 1124 0 R (0:SERVER-LOGGING) 1119 0 R (0:SERVER-SECURITY) 1144 0 R (0:SERVER-STATUS-INFORMATION) 1121 0 R] +/Limits [(0:SECURITY-DESIGN) (0:SERVER-STATUS-INFORMATION)] +>> endobj +7259 0 obj << +/Names [(0:SERVER-TO-SERVER) 1126 0 R (0:SEVERITY-OF-EVENTS) 1221 0 R (0:SEVERITYDEF) 2058 0 R (0:SIGNALS) 974 0 R (0:SIGNED-FILES) 1132 0 R (0:SOL) 5032 0 R] +/Limits [(0:SERVER-TO-SERVER) (0:SOL)] +>> endobj +7260 0 obj << +/Names [(0:SQLDETAILS) 994 0 R (0:STEALTHMODE) 1134 0 R (0:SUIDCHK) 1102 0 R (0:SUIDCHK-CONFIG) 3254 0 R (0:SUIDCHK-QUARANTINE) 3225 0 R (0:SUPPLY-COMMANDS) 4100 0 R] +/Limits [(0:SQLDETAILS) (0:SUPPLY-COMMANDS)] +>> endobj +7261 0 obj << +/Names [(0:SUPPORT) 981 0 R (0:SUPPRESS) 2957 0 R (0:SYS-DB-FIELDS) 1238 0 R (0:SYSLOGDETAILS) 993 0 R (0:SYSTEM-V-MESSAGE-QUEUE) 1130 0 R (0:TARGETS) 1527 0 R] +/Limits [(0:SUPPORT) (0:TARGETS)] +>> endobj +7262 0 obj << +/Names [(0:TBZ2) 5039 0 R (0:TESTSUITE) 969 0 R (0:THE-CONFIGURATION-FILE) 1218 0 R (0:THRESHOLDS) 985 0 R (0:TIMING-FILE-CHECKS) 1001 0 R (0:TRUSTEDEXAMPLE) 987 0 R] +/Limits [(0:TBZ2) (0:TRUSTEDEXAMPLE)] +>> endobj +7263 0 obj << +/Names [(0:UDP) 1125 0 R (0:UPDATING-THE-FILE-SIGNATURE-DATABASE) 977 0 R (0:USAGE) 970 0 R (0:USERCHECK) 1106 0 R (0:VANILLARPM) 5010 0 R (0:WATCHING-LOGIN-LOGOUT-EVENTS) 1223 0 R] +/Limits [(0:UDP) (0:WATCHING-LOGIN-LOGOUT-EVENTS)] +>> endobj +7264 0 obj << +/Names [(0:YULE) 1113 0 R (1.0) 2 0 R (10.0) 526 0 R (10.71.1) 530 0 R (11.0) 534 0 R (11.72.1) 538 0 R] +/Limits [(0:YULE) (11.72.1)] +>> endobj +7265 0 obj << +/Names [(11.72.47.2) 542 0 R (11.73.1) 546 0 R (12.0) 550 0 R (12.74.1) 554 0 R (12.74.48.2) 558 0 R (12.74.49.2) 562 0 R] +/Limits [(11.72.47.2) (12.74.49.2)] +>> endobj +7266 0 obj << +/Names [(12.74.49.7.3) 566 0 R (12.74.49.8.3) 570 0 R (12.74.50.10.3) 582 0 R (12.74.50.11.3) 586 0 R (12.74.50.12.3) 590 0 R (12.74.50.2) 574 0 R] +/Limits [(12.74.49.7.3) (12.74.50.2)] +>> endobj +7267 0 obj << +/Names [(12.74.50.9.3) 578 0 R (12.74.51.13.3) 598 0 R (12.74.51.2) 594 0 R (12.74.52.14.3) 606 0 R (12.74.52.2) 602 0 R (12.74.53.15.3) 614 0 R] +/Limits [(12.74.50.9.3) (12.74.53.15.3)] +>> endobj +7268 0 obj << +/Names [(12.74.53.2) 610 0 R (12.74.54.16.3) 622 0 R (12.74.54.2) 618 0 R (12.74.55.17.3) 630 0 R (12.74.55.2) 626 0 R (12.74.56.18.3) 638 0 R] +/Limits [(12.74.53.2) (12.74.56.18.3)] +>> endobj +7269 0 obj << +/Names [(12.74.56.2) 634 0 R (12.74.57.19.3) 646 0 R (12.74.57.2) 642 0 R (12.74.58.2) 650 0 R (12.74.58.20.3) 654 0 R (12.74.59.2) 658 0 R] +/Limits [(12.74.56.2) (12.74.59.2)] +>> endobj +7270 0 obj << +/Names [(12.75.1) 662 0 R (12.75.60.2) 666 0 R (12.75.60.21.3) 670 0 R (12.75.60.22.3) 674 0 R (12.75.61.2) 678 0 R (12.75.62.2) 682 0 R] +/Limits [(12.75.1) (12.75.62.2)] +>> endobj +7271 0 obj << +/Names [(12.75.63.2) 686 0 R (12.75.64.2) 690 0 R (13.0) 694 0 R (13.76.1) 698 0 R (13.77.1) 702 0 R (13.78.1) 706 0 R] +/Limits [(12.75.63.2) (13.78.1)] +>> endobj +7272 0 obj << +/Names [(13.79.1) 710 0 R (13.80.1) 714 0 R (14.0) 718 0 R (14.81.1) 722 0 R (14.82.1) 726 0 R (14.83.1) 730 0 R] +/Limits [(13.79.1) (14.83.1)] +>> endobj +7273 0 obj << +/Names [(14.84.1) 734 0 R (14.85.1) 738 0 R (15.0) 742 0 R (15.86.1) 746 0 R (15.87.1) 750 0 R (15.88.1) 754 0 R] +/Limits [(14.84.1) (15.88.1)] +>> endobj +7274 0 obj << +/Names [(16.0) 758 0 R (16.100.1) 810 0 R (16.101.1) 814 0 R (16.102.1) 818 0 R (16.103.1) 822 0 R (16.104.1) 826 0 R] +/Limits [(16.0) (16.104.1)] +>> endobj +7275 0 obj << +/Names [(16.89.1) 762 0 R (16.89.65.2) 766 0 R (16.90.1) 770 0 R (16.91.1) 774 0 R (16.92.1) 778 0 R (16.93.1) 782 0 R] +/Limits [(16.89.1) (16.93.1)] +>> endobj +7276 0 obj << +/Names [(16.94.1) 786 0 R (16.95.1) 790 0 R (16.96.1) 794 0 R (16.97.1) 798 0 R (16.98.1) 802 0 R (16.99.1) 806 0 R] +/Limits [(16.94.1) (16.99.1)] +>> endobj +7277 0 obj << +/Names [(17.0) 830 0 R (17.105.1) 834 0 R (17.106.1) 838 0 R (17.107.1) 842 0 R (2.0) 6 0 R (3.0) 10 0 R] +/Limits [(17.0) (3.0)] +>> endobj +7278 0 obj << +/Names [(4.0) 14 0 R (4.1.1) 18 0 R (4.10.1) 62 0 R (4.10.3.2) 66 0 R (4.10.4.2) 70 0 R (4.10.5.1.3) 78 0 R] +/Limits [(4.0) (4.10.5.1.3)] +>> endobj +7279 0 obj << +/Names [(4.10.5.2) 74 0 R (4.10.5.2.3) 82 0 R (4.10.6.2) 86 0 R (4.10.6.3.3) 90 0 R (4.10.6.4.3) 94 0 R (4.11.1) 98 0 R] +/Limits [(4.10.5.2) (4.11.1)] +>> endobj +7280 0 obj << +/Names [(4.2.1) 22 0 R (4.3.1) 26 0 R (4.4.1) 30 0 R (4.4.1.2) 34 0 R (4.5.1) 38 0 R (4.6.1) 42 0 R] +/Limits [(4.2.1) (4.6.1)] +>> endobj +7281 0 obj << +/Names [(4.6.2.2) 46 0 R (4.7.1) 50 0 R (4.8.1) 54 0 R (4.9.1) 58 0 R (5.0) 102 0 R (5.12.1) 106 0 R] +/Limits [(4.6.2.2) (5.12.1)] +>> endobj +7282 0 obj << +/Names [(5.13.1) 110 0 R (5.14.1) 114 0 R (5.15.1) 118 0 R (5.16.1) 122 0 R (5.17.1) 126 0 R (5.18.1) 130 0 R] +/Limits [(5.13.1) (5.18.1)] +>> endobj +7283 0 obj << +/Names [(5.19.1) 134 0 R (5.20.1) 138 0 R (5.21.1) 142 0 R (5.22.1) 146 0 R (6.0) 150 0 R (6.23.1) 154 0 R] +/Limits [(5.19.1) (6.23.1)] +>> endobj +7284 0 obj << +/Names [(6.23.7.2) 158 0 R (6.23.8.2) 162 0 R (6.24.1) 166 0 R (6.25.1) 170 0 R (6.26.1) 174 0 R (6.26.9.2) 178 0 R] +/Limits [(6.23.7.2) (6.26.9.2)] +>> endobj +7285 0 obj << +/Names [(6.27.1) 182 0 R (6.27.10.2) 186 0 R (6.28.1) 190 0 R (6.28.11.2) 194 0 R (6.29.1) 198 0 R (6.30.1) 202 0 R] +/Limits [(6.27.1) (6.30.1)] +>> endobj +7286 0 obj << +/Names [(6.31.1) 206 0 R (6.31.12.2) 210 0 R (6.31.13.2) 214 0 R (6.31.14.2) 218 0 R (6.32.1) 222 0 R (6.33.1) 226 0 R] +/Limits [(6.31.1) (6.33.1)] +>> endobj +7287 0 obj << +/Names [(6.34.1) 230 0 R (6.34.15.2) 234 0 R (6.34.16.2) 238 0 R (6.34.17.2) 242 0 R (7.0) 246 0 R (7.35.1) 250 0 R] +/Limits [(6.34.1) (7.35.1)] +>> endobj +7288 0 obj << +/Names [(7.36.1) 254 0 R (7.37.1) 258 0 R (7.38.1) 262 0 R (7.38.18.2) 266 0 R (7.38.19.2) 270 0 R (7.38.19.5.3) 274 0 R] +/Limits [(7.36.1) (7.38.19.5.3)] +>> endobj +7289 0 obj << +/Names [(7.38.20.2) 278 0 R (7.38.21.2) 282 0 R (7.38.22.2) 286 0 R (7.38.23.2) 290 0 R (7.38.23.6.3) 294 0 R (7.38.24.2) 298 0 R] +/Limits [(7.38.20.2) (7.38.24.2)] +>> endobj +7290 0 obj << +/Names [(7.38.25.2) 302 0 R (7.38.26.2) 306 0 R (7.38.27.2) 310 0 R (7.39.1) 314 0 R (7.40.1) 318 0 R (7.40.28.2) 322 0 R] +/Limits [(7.38.25.2) (7.40.28.2)] +>> endobj +7291 0 obj << +/Names [(7.41.1) 326 0 R (7.42.1) 330 0 R (7.43.1) 334 0 R (7.43.29.2) 338 0 R (7.43.30.2) 342 0 R (7.44.1) 346 0 R] +/Limits [(7.41.1) (7.44.1)] +>> endobj +7292 0 obj << +/Names [(7.44.31.2) 350 0 R (7.44.32.2) 354 0 R (7.44.33.2) 358 0 R (7.44.34.2) 362 0 R (7.45.1) 366 0 R (7.46.1) 370 0 R] +/Limits [(7.44.31.2) (7.46.1)] +>> endobj +7293 0 obj << +/Names [(7.47.1) 374 0 R (7.48.1) 378 0 R (7.48.35.2) 382 0 R (7.49.1) 386 0 R (7.49.36.2) 390 0 R (7.49.37.2) 394 0 R] +/Limits [(7.47.1) (7.49.37.2)] +>> endobj +7294 0 obj << +/Names [(7.50.1) 398 0 R (7.50.38.2) 402 0 R (7.50.39.2) 406 0 R (7.51.1) 410 0 R (7.52.1) 414 0 R (7.53.1) 418 0 R] +/Limits [(7.50.1) (7.53.1)] +>> endobj +7295 0 obj << +/Names [(7.53.40.2) 422 0 R (7.53.41.2) 426 0 R (8.0) 430 0 R (8.54.1) 434 0 R (8.55.1) 438 0 R (8.56.1) 442 0 R] +/Limits [(7.53.40.2) (8.56.1)] +>> endobj +7296 0 obj << +/Names [(8.57.1) 446 0 R (8.58.1) 450 0 R (8.58.42.2) 454 0 R (8.58.43.2) 458 0 R (8.59.1) 462 0 R (8.60.1) 466 0 R] +/Limits [(8.57.1) (8.60.1)] +>> endobj +7297 0 obj << +/Names [(8.61.1) 470 0 R (8.62.1) 474 0 R (8.63.1) 478 0 R (8.64.1) 482 0 R (8.64.44.2) 486 0 R (8.64.45.2) 490 0 R] +/Limits [(8.61.1) (8.64.45.2)] +>> endobj +7298 0 obj << +/Names [(8.65.1) 494 0 R (8.66.1) 498 0 R (8.67.1) 502 0 R (9.0) 506 0 R (9.68.1) 510 0 R (9.69.1) 514 0 R] +/Limits [(8.65.1) (9.69.1)] +>> endobj +7299 0 obj << +/Names [(9.70.1) 518 0 R (9.70.46.2) 522 0 R (Doc-Start) 850 0 R (page.1) 849 0 R (page.10) 1610 0 R (page.100) 4411 0 R] +/Limits [(9.70.1) (page.100)] +>> endobj +7300 0 obj << +/Names [(page.101) 4423 0 R (page.102) 4427 0 R (page.103) 4470 0 R (page.104) 4513 0 R (page.105) 4560 0 R (page.106) 4584 0 R] +/Limits [(page.101) (page.106)] +>> endobj +7301 0 obj << +/Names [(page.107) 4593 0 R (page.108) 4624 0 R (page.109) 4671 0 R (page.11) 1652 0 R (page.110) 4691 0 R (page.111) 4726 0 R] +/Limits [(page.107) (page.111)] +>> endobj +7302 0 obj << +/Names [(page.112) 4764 0 R (page.113) 4817 0 R (page.114) 4846 0 R (page.115) 4874 0 R (page.116) 4906 0 R (page.117) 4943 0 R] +/Limits [(page.112) (page.117)] +>> endobj +7303 0 obj << +/Names [(page.118) 4981 0 R (page.119) 5020 0 R (page.12) 1703 0 R (page.120) 5065 0 R (page.121) 5077 0 R (page.122) 5118 0 R] +/Limits [(page.118) (page.122)] +>> endobj +7304 0 obj << +/Names [(page.123) 5148 0 R (page.124) 5163 0 R (page.125) 5180 0 R (page.126) 5220 0 R (page.127) 5263 0 R (page.128) 5300 0 R] +/Limits [(page.123) (page.128)] +>> endobj +7305 0 obj << +/Names [(page.129) 5339 0 R (page.13) 1726 0 R (page.130) 5377 0 R (page.131) 5416 0 R (page.132) 5495 0 R (page.133) 5577 0 R] +/Limits [(page.129) (page.133)] +>> endobj +7306 0 obj << +/Names [(page.134) 5590 0 R (page.135) 5622 0 R (page.136) 5657 0 R (page.137) 5709 0 R (page.138) 5750 0 R (page.139) 5796 0 R] +/Limits [(page.134) (page.139)] +>> endobj +7307 0 obj << +/Names [(page.14) 1751 0 R (page.140) 5838 0 R (page.141) 5874 0 R (page.142) 5912 0 R (page.143) 5957 0 R (page.144) 5999 0 R] +/Limits [(page.14) (page.144)] +>> endobj +7308 0 obj << +/Names [(page.145) 6044 0 R (page.146) 6096 0 R (page.147) 6150 0 R (page.148) 6207 0 R (page.149) 6252 0 R (page.15) 1794 0 R] +/Limits [(page.145) (page.15)] +>> endobj +7309 0 obj << +/Names [(page.150) 6298 0 R (page.151) 6323 0 R (page.152) 6364 0 R (page.153) 6413 0 R (page.16) 1827 0 R (page.17) 1879 0 R] +/Limits [(page.150) (page.17)] +>> endobj +7310 0 obj << +/Names [(page.18) 1928 0 R (page.19) 1942 0 R (page.2) 857 0 R (page.20) 1972 0 R (page.21) 1998 0 R (page.22) 2047 0 R] +/Limits [(page.18) (page.22)] +>> endobj +7311 0 obj << +/Names [(page.23) 2082 0 R (page.24) 2105 0 R (page.25) 2137 0 R (page.26) 2181 0 R (page.27) 2204 0 R (page.28) 2233 0 R] +/Limits [(page.23) (page.28)] +>> endobj +7312 0 obj << +/Names [(page.29) 2270 0 R (page.3) 1293 0 R (page.30) 2294 0 R (page.31) 2322 0 R (page.32) 2358 0 R (page.33) 2393 0 R] +/Limits [(page.29) (page.33)] +>> endobj +7313 0 obj << +/Names [(page.34) 2414 0 R (page.35) 2449 0 R (page.36) 2500 0 R (page.37) 2522 0 R (page.38) 2546 0 R (page.39) 2567 0 R] +/Limits [(page.34) (page.39)] +>> endobj +7314 0 obj << +/Names [(page.4) 1330 0 R (page.40) 2595 0 R (page.41) 2614 0 R (page.42) 2647 0 R (page.43) 2665 0 R (page.44) 2684 0 R] +/Limits [(page.4) (page.44)] +>> endobj +7315 0 obj << +/Names [(page.45) 2734 0 R (page.46) 2783 0 R (page.47) 2820 0 R (page.48) 2858 0 R (page.49) 2897 0 R (page.5) 1371 0 R] +/Limits [(page.45) (page.5)] +>> endobj +7316 0 obj << +/Names [(page.50) 2944 0 R (page.51) 2970 0 R (page.52) 3002 0 R (page.53) 3034 0 R (page.54) 3063 0 R (page.55) 3105 0 R] +/Limits [(page.50) (page.55)] +>> endobj +7317 0 obj << +/Names [(page.56) 3126 0 R (page.57) 3153 0 R (page.58) 3190 0 R (page.59) 3218 0 R (page.6) 1426 0 R (page.60) 3246 0 R] +/Limits [(page.56) (page.60)] +>> endobj +7318 0 obj << +/Names [(page.61) 3263 0 R (page.62) 3288 0 R (page.63) 3323 0 R (page.64) 3338 0 R (page.65) 3368 0 R (page.66) 3386 0 R] +/Limits [(page.61) (page.66)] +>> endobj +7319 0 obj << +/Names [(page.67) 3398 0 R (page.68) 3410 0 R (page.69) 3439 0 R (page.7) 1481 0 R (page.70) 3461 0 R (page.71) 3490 0 R] +/Limits [(page.67) (page.71)] +>> endobj +7320 0 obj << +/Names [(page.72) 3502 0 R (page.73) 3530 0 R (page.74) 3566 0 R (page.75) 3595 0 R (page.76) 3599 0 R (page.77) 3629 0 R] +/Limits [(page.72) (page.77)] +>> endobj +7321 0 obj << +/Names [(page.78) 3654 0 R (page.79) 3675 0 R (page.8) 1518 0 R (page.80) 3680 0 R (page.81) 3715 0 R (page.82) 3760 0 R] +/Limits [(page.78) (page.82)] +>> endobj +7322 0 obj << +/Names [(page.83) 3801 0 R (page.84) 3844 0 R (page.85) 3866 0 R (page.86) 3908 0 R (page.87) 3941 0 R (page.88) 3983 0 R] +/Limits [(page.83) (page.88)] +>> endobj +7323 0 obj << +/Names [(page.89) 4014 0 R (page.9) 1568 0 R (page.90) 4070 0 R (page.91) 4104 0 R (page.92) 4133 0 R (page.93) 4173 0 R] +/Limits [(page.89) (page.93)] +>> endobj +7324 0 obj << +/Names [(page.94) 4194 0 R (page.95) 4222 0 R (page.96) 4282 0 R (page.97) 4301 0 R (page.98) 4309 0 R (page.99) 4358 0 R] +/Limits [(page.94) (page.99)] +>> endobj +7325 0 obj << +/Names [(page.iii) 955 0 R (page.iv) 1099 0 R (page.v) 1207 0 R (table.1) 1673 0 R (table.10) 3998 0 R (table.11) 4002 0 R] +/Limits [(page.iii) (table.11)] +>> endobj +7326 0 obj << +/Names [(table.2) 1707 0 R (table.3) 1713 0 R (table.4) 1718 0 R (table.5) 1722 0 R (table.6) 2062 0 R (table.7) 2101 0 R] +/Limits [(table.2) (table.7)] +>> endobj +7327 0 obj << +/Names [(table.8) 2110 0 R (table.9) 2580 0 R] +/Limits [(table.8) (table.9)] +>> endobj +7328 0 obj << +/Kids [6499 0 R 6500 0 R 6501 0 R 6502 0 R 6503 0 R 6504 0 R] +/Limits [(0:1007) (0:1068)] +>> endobj +7329 0 obj << +/Kids [6505 0 R 6506 0 R 6507 0 R 6508 0 R 6509 0 R 6510 0 R] +/Limits [(0:1069) (0:1131)] +>> endobj +7330 0 obj << +/Kids [6511 0 R 6512 0 R 6513 0 R 6514 0 R 6515 0 R 6516 0 R] +/Limits [(0:1132) (0:1170)] +>> endobj +7331 0 obj << +/Kids [6517 0 R 6518 0 R 6519 0 R 6520 0 R 6521 0 R 6522 0 R] +/Limits [(0:1171) (0:121)] +>> endobj +7332 0 obj << +/Kids [6523 0 R 6524 0 R 6525 0 R 6526 0 R 6527 0 R 6528 0 R] +/Limits [(0:1210) (0:1247)] +>> endobj +7333 0 obj << +/Kids [6529 0 R 6530 0 R 6531 0 R 6532 0 R 6533 0 R 6534 0 R] +/Limits [(0:1248) (0:1285)] +>> endobj +7334 0 obj << +/Kids [6535 0 R 6536 0 R 6537 0 R 6538 0 R 6539 0 R 6540 0 R] +/Limits [(0:1286) (0:1326)] +>> endobj +7335 0 obj << +/Kids [6541 0 R 6542 0 R 6543 0 R 6544 0 R 6545 0 R 6546 0 R] +/Limits [(0:1328) (0:1364)] +>> endobj +7336 0 obj << +/Kids [6547 0 R 6548 0 R 6549 0 R 6550 0 R 6551 0 R 6552 0 R] +/Limits [(0:1365) (0:141)] +>> endobj +7337 0 obj << +/Kids [6553 0 R 6554 0 R 6555 0 R 6556 0 R 6557 0 R 6558 0 R] +/Limits [(0:1411) (0:1450)] +>> endobj +7338 0 obj << +/Kids [6559 0 R 6560 0 R 6561 0 R 6562 0 R 6563 0 R 6564 0 R] +/Limits [(0:1452) (0:1489)] +>> endobj +7339 0 obj << +/Kids [6565 0 R 6566 0 R 6567 0 R 6568 0 R 6569 0 R 6570 0 R] +/Limits [(0:149) (0:1527)] +>> endobj +7340 0 obj << +/Kids [6571 0 R 6572 0 R 6573 0 R 6574 0 R 6575 0 R 6576 0 R] +/Limits [(0:1528) (0:1562)] +>> endobj +7341 0 obj << +/Kids [6577 0 R 6578 0 R 6579 0 R 6580 0 R 6581 0 R 6582 0 R] +/Limits [(0:1563) (0:1627)] +>> endobj +7342 0 obj << +/Kids [6583 0 R 6584 0 R 6585 0 R 6586 0 R 6587 0 R 6588 0 R] +/Limits [(0:1628) (0:1665)] +>> endobj +7343 0 obj << +/Kids [6589 0 R 6590 0 R 6591 0 R 6592 0 R 6593 0 R 6594 0 R] +/Limits [(0:1666) (0:1706)] +>> endobj +7344 0 obj << +/Kids [6595 0 R 6596 0 R 6597 0 R 6598 0 R 6599 0 R 6600 0 R] +/Limits [(0:1707) (0:1744)] +>> endobj +7345 0 obj << +/Kids [6601 0 R 6602 0 R 6603 0 R 6604 0 R 6605 0 R 6606 0 R] +/Limits [(0:1745) (0:1779)] +>> endobj +7346 0 obj << +/Kids [6607 0 R 6608 0 R 6609 0 R 6610 0 R 6611 0 R 6612 0 R] +/Limits [(0:178) (0:1812)] +>> endobj +7347 0 obj << +/Kids [6613 0 R 6614 0 R 6615 0 R 6616 0 R 6617 0 R 6618 0 R] +/Limits [(0:1813) (0:1854)] +>> endobj +7348 0 obj << +/Kids [6619 0 R 6620 0 R 6621 0 R 6622 0 R 6623 0 R 6624 0 R] +/Limits [(0:1856) (0:1897)] +>> endobj +7349 0 obj << +/Kids [6625 0 R 6626 0 R 6627 0 R 6628 0 R 6629 0 R 6630 0 R] +/Limits [(0:1898) (0:1935)] +>> endobj +7350 0 obj << +/Kids [6631 0 R 6632 0 R 6633 0 R 6634 0 R 6635 0 R 6636 0 R] +/Limits [(0:1936) (0:197)] +>> endobj +7351 0 obj << +/Kids [6637 0 R 6638 0 R 6639 0 R 6640 0 R 6641 0 R 6642 0 R] +/Limits [(0:1971) (0:2007)] +>> endobj +7352 0 obj << +/Kids [6643 0 R 6644 0 R 6645 0 R 6646 0 R 6647 0 R 6648 0 R] +/Limits [(0:2008) (0:205)] +>> endobj +7353 0 obj << +/Kids [6649 0 R 6650 0 R 6651 0 R 6652 0 R 6653 0 R 6654 0 R] +/Limits [(0:2050) (0:2091)] +>> endobj +7354 0 obj << +/Kids [6655 0 R 6656 0 R 6657 0 R 6658 0 R 6659 0 R 6660 0 R] +/Limits [(0:2092) (0:2131)] +>> endobj +7355 0 obj << +/Kids [6661 0 R 6662 0 R 6663 0 R 6664 0 R 6665 0 R 6666 0 R] +/Limits [(0:2132) (0:2171)] +>> endobj +7356 0 obj << +/Kids [6667 0 R 6668 0 R 6669 0 R 6670 0 R 6671 0 R 6672 0 R] +/Limits [(0:2172) (0:2208)] +>> endobj +7357 0 obj << +/Kids [6673 0 R 6674 0 R 6675 0 R 6676 0 R 6677 0 R 6678 0 R] +/Limits [(0:2209) (0:2247)] +>> endobj +7358 0 obj << +/Kids [6679 0 R 6680 0 R 6681 0 R 6682 0 R 6683 0 R 6684 0 R] +/Limits [(0:2248) (0:2288)] +>> endobj +7359 0 obj << +/Kids [6685 0 R 6686 0 R 6687 0 R 6688 0 R 6689 0 R 6690 0 R] +/Limits [(0:2289) (0:2327)] +>> endobj +7360 0 obj << +/Kids [6691 0 R 6692 0 R 6693 0 R 6694 0 R 6695 0 R 6696 0 R] +/Limits [(0:2328) (0:2365)] +>> endobj +7361 0 obj << +/Kids [6697 0 R 6698 0 R 6699 0 R 6700 0 R 6701 0 R 6702 0 R] +/Limits [(0:2368) (0:2409)] +>> endobj +7362 0 obj << +/Kids [6703 0 R 6704 0 R 6705 0 R 6706 0 R 6707 0 R 6708 0 R] +/Limits [(0:241) (0:2447)] +>> endobj +7363 0 obj << +/Kids [6709 0 R 6710 0 R 6711 0 R 6712 0 R 6713 0 R 6714 0 R] +/Limits [(0:2448) (0:2488)] +>> endobj +7364 0 obj << +/Kids [6715 0 R 6716 0 R 6717 0 R 6718 0 R 6719 0 R 6720 0 R] +/Limits [(0:2489) (0:2523)] +>> endobj +7365 0 obj << +/Kids [6721 0 R 6722 0 R 6723 0 R 6724 0 R 6725 0 R 6726 0 R] +/Limits [(0:2524) (0:2561)] +>> endobj +7366 0 obj << +/Kids [6727 0 R 6728 0 R 6729 0 R 6730 0 R 6731 0 R 6732 0 R] +/Limits [(0:2562) (0:2599)] +>> endobj +7367 0 obj << +/Kids [6733 0 R 6734 0 R 6735 0 R 6736 0 R 6737 0 R 6738 0 R] +/Limits [(0:260) (0:2635)] +>> endobj +7368 0 obj << +/Kids [6739 0 R 6740 0 R 6741 0 R 6742 0 R 6743 0 R 6744 0 R] +/Limits [(0:2636) (0:2674)] +>> endobj +7369 0 obj << +/Kids [6745 0 R 6746 0 R 6747 0 R 6748 0 R 6749 0 R 6750 0 R] +/Limits [(0:2675) (0:2713)] +>> endobj +7370 0 obj << +/Kids [6751 0 R 6752 0 R 6753 0 R 6754 0 R 6755 0 R 6756 0 R] +/Limits [(0:2714) (0:2750)] +>> endobj +7371 0 obj << +/Kids [6757 0 R 6758 0 R 6759 0 R 6760 0 R 6761 0 R 6762 0 R] +/Limits [(0:2751) (0:2787)] +>> endobj +7372 0 obj << +/Kids [6763 0 R 6764 0 R 6765 0 R 6766 0 R 6767 0 R 6768 0 R] +/Limits [(0:2788) (0:2820)] +>> endobj +7373 0 obj << +/Kids [6769 0 R 6770 0 R 6771 0 R 6772 0 R 6773 0 R 6774 0 R] +/Limits [(0:2821) (0:2861)] +>> endobj +7374 0 obj << +/Kids [6775 0 R 6776 0 R 6777 0 R 6778 0 R 6779 0 R 6780 0 R] +/Limits [(0:2862) (0:2899)] +>> endobj +7375 0 obj << +/Kids [6781 0 R 6782 0 R 6783 0 R 6784 0 R 6785 0 R 6786 0 R] +/Limits [(0:29) (0:294)] +>> endobj +7376 0 obj << +/Kids [6787 0 R 6788 0 R 6789 0 R 6790 0 R 6791 0 R 6792 0 R] +/Limits [(0:2940) (0:298)] +>> endobj +7377 0 obj << +/Kids [6793 0 R 6794 0 R 6795 0 R 6796 0 R 6797 0 R 6798 0 R] +/Limits [(0:2981) (0:3052)] +>> endobj +7378 0 obj << +/Kids [6799 0 R 6800 0 R 6801 0 R 6802 0 R 6803 0 R 6804 0 R] +/Limits [(0:3053) (0:3085)] +>> endobj +7379 0 obj << +/Kids [6805 0 R 6806 0 R 6807 0 R 6808 0 R 6809 0 R 6810 0 R] +/Limits [(0:3086) (0:3125)] +>> endobj +7380 0 obj << +/Kids [6811 0 R 6812 0 R 6813 0 R 6814 0 R 6815 0 R 6816 0 R] +/Limits [(0:3126) (0:3165)] +>> endobj +7381 0 obj << +/Kids [6817 0 R 6818 0 R 6819 0 R 6820 0 R 6821 0 R 6822 0 R] +/Limits [(0:3166) (0:3202)] +>> endobj +7382 0 obj << +/Kids [6823 0 R 6824 0 R 6825 0 R 6826 0 R 6827 0 R 6828 0 R] +/Limits [(0:3204) (0:3248)] +>> endobj +7383 0 obj << +/Kids [6829 0 R 6830 0 R 6831 0 R 6832 0 R 6833 0 R 6834 0 R] +/Limits [(0:3249) (0:3280)] +>> endobj +7384 0 obj << +/Kids [6835 0 R 6836 0 R 6837 0 R 6838 0 R 6839 0 R 6840 0 R] +/Limits [(0:3281) (0:3317)] +>> endobj +7385 0 obj << +/Kids [6841 0 R 6842 0 R 6843 0 R 6844 0 R 6845 0 R 6846 0 R] +/Limits [(0:3318) (0:3356)] +>> endobj +7386 0 obj << +/Kids [6847 0 R 6848 0 R 6849 0 R 6850 0 R 6851 0 R 6852 0 R] +/Limits [(0:3357) (0:3392)] +>> endobj +7387 0 obj << +/Kids [6853 0 R 6854 0 R 6855 0 R 6856 0 R 6857 0 R 6858 0 R] +/Limits [(0:3393) (0:3427)] +>> endobj +7388 0 obj << +/Kids [6859 0 R 6860 0 R 6861 0 R 6862 0 R 6863 0 R 6864 0 R] +/Limits [(0:3428) (0:3467)] +>> endobj +7389 0 obj << +/Kids [6865 0 R 6866 0 R 6867 0 R 6868 0 R 6869 0 R 6870 0 R] +/Limits [(0:3468) (0:3501)] +>> endobj +7390 0 obj << +/Kids [6871 0 R 6872 0 R 6873 0 R 6874 0 R 6875 0 R 6876 0 R] +/Limits [(0:3502) (0:3539)] +>> endobj +7391 0 obj << +/Kids [6877 0 R 6878 0 R 6879 0 R 6880 0 R 6881 0 R 6882 0 R] +/Limits [(0:3540) (0:3576)] +>> endobj +7392 0 obj << +/Kids [6883 0 R 6884 0 R 6885 0 R 6886 0 R 6887 0 R 6888 0 R] +/Limits [(0:3577) (0:3615)] +>> endobj +7393 0 obj << +/Kids [6889 0 R 6890 0 R 6891 0 R 6892 0 R 6893 0 R 6894 0 R] +/Limits [(0:3617) (0:3653)] +>> endobj +7394 0 obj << +/Kids [6895 0 R 6896 0 R 6897 0 R 6898 0 R 6899 0 R 6900 0 R] +/Limits [(0:3654) (0:3691)] +>> endobj +7395 0 obj << +/Kids [6901 0 R 6902 0 R 6903 0 R 6904 0 R 6905 0 R 6906 0 R] +/Limits [(0:3693) (0:3730)] +>> endobj +7396 0 obj << +/Kids [6907 0 R 6908 0 R 6909 0 R 6910 0 R 6911 0 R 6912 0 R] +/Limits [(0:3733) (0:3773)] +>> endobj +7397 0 obj << +/Kids [6913 0 R 6914 0 R 6915 0 R 6916 0 R 6917 0 R 6918 0 R] +/Limits [(0:3774) (0:381)] +>> endobj +7398 0 obj << +/Kids [6919 0 R 6920 0 R 6921 0 R 6922 0 R 6923 0 R 6924 0 R] +/Limits [(0:3811) (0:3855)] +>> endobj +7399 0 obj << +/Kids [6925 0 R 6926 0 R 6927 0 R 6928 0 R 6929 0 R 6930 0 R] +/Limits [(0:3858) (0:3902)] +>> endobj +7400 0 obj << +/Kids [6931 0 R 6932 0 R 6933 0 R 6934 0 R 6935 0 R 6936 0 R] +/Limits [(0:3903) (0:3939)] +>> endobj +7401 0 obj << +/Kids [6937 0 R 6938 0 R 6939 0 R 6940 0 R 6941 0 R 6942 0 R] +/Limits [(0:3942) (0:3975)] +>> endobj +7402 0 obj << +/Kids [6943 0 R 6944 0 R 6945 0 R 6946 0 R 6947 0 R 6948 0 R] +/Limits [(0:3976) (0:4019)] +>> endobj +7403 0 obj << +/Kids [6949 0 R 6950 0 R 6951 0 R 6952 0 R 6953 0 R 6954 0 R] +/Limits [(0:4024) (0:4062)] +>> endobj +7404 0 obj << +/Kids [6955 0 R 6956 0 R 6957 0 R 6958 0 R 6959 0 R 6960 0 R] +/Limits [(0:4065) (0:4103)] +>> endobj +7405 0 obj << +/Kids [6961 0 R 6962 0 R 6963 0 R 6964 0 R 6965 0 R 6966 0 R] +/Limits [(0:4104) (0:4137)] +>> endobj +7406 0 obj << +/Kids [6967 0 R 6968 0 R 6969 0 R 6970 0 R 6971 0 R 6972 0 R] +/Limits [(0:4138) (0:4175)] +>> endobj +7407 0 obj << +/Kids [6973 0 R 6974 0 R 6975 0 R 6976 0 R 6977 0 R 6978 0 R] +/Limits [(0:4178) (0:4220)] +>> endobj +7408 0 obj << +/Kids [6979 0 R 6980 0 R 6981 0 R 6982 0 R 6983 0 R 6984 0 R] +/Limits [(0:4221) (0:4261)] +>> endobj +7409 0 obj << +/Kids [6985 0 R 6986 0 R 6987 0 R 6988 0 R 6989 0 R 6990 0 R] +/Limits [(0:4263) (0:4302)] +>> endobj +7410 0 obj << +/Kids [6991 0 R 6992 0 R 6993 0 R 6994 0 R 6995 0 R 6996 0 R] +/Limits [(0:4304) (0:4347)] +>> endobj +7411 0 obj << +/Kids [6997 0 R 6998 0 R 6999 0 R 7000 0 R 7001 0 R 7002 0 R] +/Limits [(0:435) (0:4390)] +>> endobj +7412 0 obj << +/Kids [7003 0 R 7004 0 R 7005 0 R 7006 0 R 7007 0 R 7008 0 R] +/Limits [(0:4391) (0:4433)] +>> endobj +7413 0 obj << +/Kids [7009 0 R 7010 0 R 7011 0 R 7012 0 R 7013 0 R 7014 0 R] +/Limits [(0:4434) (0:4481)] +>> endobj +7414 0 obj << +/Kids [7015 0 R 7016 0 R 7017 0 R 7018 0 R 7019 0 R 7020 0 R] +/Limits [(0:4482) (0:4516)] +>> endobj +7415 0 obj << +/Kids [7021 0 R 7022 0 R 7023 0 R 7024 0 R 7025 0 R 7026 0 R] +/Limits [(0:4517) (0:4553)] +>> endobj +7416 0 obj << +/Kids [7027 0 R 7028 0 R 7029 0 R 7030 0 R 7031 0 R 7032 0 R] +/Limits [(0:4554) (0:4589)] +>> endobj +7417 0 obj << +/Kids [7033 0 R 7034 0 R 7035 0 R 7036 0 R 7037 0 R 7038 0 R] +/Limits [(0:4590) (0:4631)] +>> endobj +7418 0 obj << +/Kids [7039 0 R 7040 0 R 7041 0 R 7042 0 R 7043 0 R 7044 0 R] +/Limits [(0:4632) (0:4676)] +>> endobj +7419 0 obj << +/Kids [7045 0 R 7046 0 R 7047 0 R 7048 0 R 7049 0 R 7050 0 R] +/Limits [(0:4677) (0:4721)] +>> endobj +7420 0 obj << +/Kids [7051 0 R 7052 0 R 7053 0 R 7054 0 R 7055 0 R 7056 0 R] +/Limits [(0:4722) (0:4757)] +>> endobj +7421 0 obj << +/Kids [7057 0 R 7058 0 R 7059 0 R 7060 0 R 7061 0 R 7062 0 R] +/Limits [(0:4758) (0:4796)] +>> endobj +7422 0 obj << +/Kids [7063 0 R 7064 0 R 7065 0 R 7066 0 R 7067 0 R 7068 0 R] +/Limits [(0:4797) (0:4835)] +>> endobj +7423 0 obj << +/Kids [7069 0 R 7070 0 R 7071 0 R 7072 0 R 7073 0 R 7074 0 R] +/Limits [(0:4836) (0:4873)] +>> endobj +7424 0 obj << +/Kids [7075 0 R 7076 0 R 7077 0 R 7078 0 R 7079 0 R 7080 0 R] +/Limits [(0:4874) (0:4910)] +>> endobj +7425 0 obj << +/Kids [7081 0 R 7082 0 R 7083 0 R 7084 0 R 7085 0 R 7086 0 R] +/Limits [(0:4911) (0:4948)] +>> endobj +7426 0 obj << +/Kids [7087 0 R 7088 0 R 7089 0 R 7090 0 R 7091 0 R 7092 0 R] +/Limits [(0:4949) (0:4984)] +>> endobj +7427 0 obj << +/Kids [7093 0 R 7094 0 R 7095 0 R 7096 0 R 7097 0 R 7098 0 R] +/Limits [(0:4985) (0:5018)] +>> endobj +7428 0 obj << +/Kids [7099 0 R 7100 0 R 7101 0 R 7102 0 R 7103 0 R 7104 0 R] +/Limits [(0:5019) (0:5054)] +>> endobj +7429 0 obj << +/Kids [7105 0 R 7106 0 R 7107 0 R 7108 0 R 7109 0 R 7110 0 R] +/Limits [(0:5055) (0:5087)] +>> endobj +7430 0 obj << +/Kids [7111 0 R 7112 0 R 7113 0 R 7114 0 R 7115 0 R 7116 0 R] +/Limits [(0:5088) (0:5119)] +>> endobj +7431 0 obj << +/Kids [7117 0 R 7118 0 R 7119 0 R 7120 0 R 7121 0 R 7122 0 R] +/Limits [(0:512) (0:5152)] +>> endobj +7432 0 obj << +/Kids [7123 0 R 7124 0 R 7125 0 R 7126 0 R 7127 0 R 7128 0 R] +/Limits [(0:5153) (0:5188)] +>> endobj +7433 0 obj << +/Kids [7129 0 R 7130 0 R 7131 0 R 7132 0 R 7133 0 R 7134 0 R] +/Limits [(0:5189) (0:5223)] +>> endobj +7434 0 obj << +/Kids [7135 0 R 7136 0 R 7137 0 R 7138 0 R 7139 0 R 7140 0 R] +/Limits [(0:5224) (0:5259)] +>> endobj +7435 0 obj << +/Kids [7141 0 R 7142 0 R 7143 0 R 7144 0 R 7145 0 R 7146 0 R] +/Limits [(0:5260) (0:53)] +>> endobj +7436 0 obj << +/Kids [7147 0 R 7148 0 R 7149 0 R 7150 0 R 7151 0 R 7152 0 R] +/Limits [(0:5300) (0:5335)] +>> endobj +7437 0 obj << +/Kids [7153 0 R 7154 0 R 7155 0 R 7156 0 R 7157 0 R 7158 0 R] +/Limits [(0:5336) (0:5382)] +>> endobj +7438 0 obj << +/Kids [7159 0 R 7160 0 R 7161 0 R 7162 0 R 7163 0 R 7164 0 R] +/Limits [(0:5384) (0:5426)] +>> endobj +7439 0 obj << +/Kids [7165 0 R 7166 0 R 7167 0 R 7168 0 R 7169 0 R 7170 0 R] +/Limits [(0:5427) (0:5471)] +>> endobj +7440 0 obj << +/Kids [7171 0 R 7172 0 R 7173 0 R 7174 0 R 7175 0 R 7176 0 R] +/Limits [(0:5474) (0:5521)] +>> endobj +7441 0 obj << +/Kids [7177 0 R 7178 0 R 7179 0 R 7180 0 R 7181 0 R 7182 0 R] +/Limits [(0:56) (0:668)] +>> endobj +7442 0 obj << +/Kids [7183 0 R 7184 0 R 7185 0 R 7186 0 R 7187 0 R 7188 0 R] +/Limits [(0:669) (0:701)] +>> endobj +7443 0 obj << +/Kids [7189 0 R 7190 0 R 7191 0 R 7192 0 R 7193 0 R 7194 0 R] +/Limits [(0:702) (0:744)] +>> endobj +7444 0 obj << +/Kids [7195 0 R 7196 0 R 7197 0 R 7198 0 R 7199 0 R 7200 0 R] +/Limits [(0:745) (0:778)] +>> endobj +7445 0 obj << +/Kids [7201 0 R 7202 0 R 7203 0 R 7204 0 R 7205 0 R 7206 0 R] +/Limits [(0:779) (0:812)] +>> endobj +7446 0 obj << +/Kids [7207 0 R 7208 0 R 7209 0 R 7210 0 R 7211 0 R 7212 0 R] +/Limits [(0:813) (0:853)] +>> endobj +7447 0 obj << +/Kids [7213 0 R 7214 0 R 7215 0 R 7216 0 R 7217 0 R 7218 0 R] +/Limits [(0:854) (0:896)] +>> endobj +7448 0 obj << +/Kids [7219 0 R 7220 0 R 7221 0 R 7222 0 R 7223 0 R 7224 0 R] +/Limits [(0:897) (0:932)] +>> endobj +7449 0 obj << +/Kids [7225 0 R 7226 0 R 7227 0 R 7228 0 R 7229 0 R 7230 0 R] +/Limits [(0:933) (0:98)] +>> endobj +7450 0 obj << +/Kids [7231 0 R 7232 0 R 7233 0 R 7234 0 R 7235 0 R 7236 0 R] +/Limits [(0:99) (0:CUSTOMRPM)] +>> endobj +7451 0 obj << +/Kids [7237 0 R 7238 0 R 7239 0 R 7240 0 R 7241 0 R 7242 0 R] +/Limits [(0:DAEMONTOOL) (0:DNMALLOC)] +>> endobj +7452 0 obj << +/Kids [7243 0 R 7244 0 R 7245 0 R 7246 0 R 7247 0 R 7248 0 R] +/Limits [(0:DROPROOT) (0:INSTALLED-CLIENT)] +>> endobj +7453 0 obj << +/Kids [7249 0 R 7250 0 R 7251 0 R 7252 0 R 7253 0 R 7254 0 R] +/Limits [(0:INSTALLED-SERVER) (0:PID-FILE)] +>> endobj +7454 0 obj << +/Kids [7255 0 R 7256 0 R 7257 0 R 7258 0 R 7259 0 R 7260 0 R] +/Limits [(0:PIPES) (0:SUPPLY-COMMANDS)] +>> endobj +7455 0 obj << +/Kids [7261 0 R 7262 0 R 7263 0 R 7264 0 R 7265 0 R 7266 0 R] +/Limits [(0:SUPPORT) (12.74.50.2)] +>> endobj +7456 0 obj << +/Kids [7267 0 R 7268 0 R 7269 0 R 7270 0 R 7271 0 R 7272 0 R] +/Limits [(12.74.50.9.3) (14.83.1)] +>> endobj +7457 0 obj << +/Kids [7273 0 R 7274 0 R 7275 0 R 7276 0 R 7277 0 R 7278 0 R] +/Limits [(14.84.1) (4.10.5.1.3)] +>> endobj +7458 0 obj << +/Kids [7279 0 R 7280 0 R 7281 0 R 7282 0 R 7283 0 R 7284 0 R] +/Limits [(4.10.5.2) (6.26.9.2)] +>> endobj +7459 0 obj << +/Kids [7285 0 R 7286 0 R 7287 0 R 7288 0 R 7289 0 R 7290 0 R] +/Limits [(6.27.1) (7.40.28.2)] +>> endobj +7460 0 obj << +/Kids [7291 0 R 7292 0 R 7293 0 R 7294 0 R 7295 0 R 7296 0 R] +/Limits [(7.41.1) (8.60.1)] +>> endobj +7461 0 obj << +/Kids [7297 0 R 7298 0 R 7299 0 R 7300 0 R 7301 0 R 7302 0 R] +/Limits [(8.61.1) (page.117)] +>> endobj +7462 0 obj << +/Kids [7303 0 R 7304 0 R 7305 0 R 7306 0 R 7307 0 R 7308 0 R] +/Limits [(page.118) (page.15)] +>> endobj +7463 0 obj << +/Kids [7309 0 R 7310 0 R 7311 0 R 7312 0 R 7313 0 R 7314 0 R] +/Limits [(page.150) (page.44)] +>> endobj +7464 0 obj << +/Kids [7315 0 R 7316 0 R 7317 0 R 7318 0 R 7319 0 R 7320 0 R] +/Limits [(page.45) (page.77)] +>> endobj +7465 0 obj << +/Kids [7321 0 R 7322 0 R 7323 0 R 7324 0 R 7325 0 R 7326 0 R] +/Limits [(page.78) (table.7)] +>> endobj +7466 0 obj << +/Kids [7327 0 R] +/Limits [(table.8) (table.9)] +>> endobj +7467 0 obj << +/Kids [7328 0 R 7329 0 R 7330 0 R 7331 0 R 7332 0 R 7333 0 R] +/Limits [(0:1007) (0:1285)] +>> endobj +7468 0 obj << +/Kids [7334 0 R 7335 0 R 7336 0 R 7337 0 R 7338 0 R 7339 0 R] +/Limits [(0:1286) (0:1527)] +>> endobj +7469 0 obj << +/Kids [7340 0 R 7341 0 R 7342 0 R 7343 0 R 7344 0 R 7345 0 R] +/Limits [(0:1528) (0:1779)] +>> endobj +7470 0 obj << +/Kids [7346 0 R 7347 0 R 7348 0 R 7349 0 R 7350 0 R 7351 0 R] +/Limits [(0:178) (0:2007)] +>> endobj +7471 0 obj << +/Kids [7352 0 R 7353 0 R 7354 0 R 7355 0 R 7356 0 R 7357 0 R] +/Limits [(0:2008) (0:2247)] +>> endobj +7472 0 obj << +/Kids [7358 0 R 7359 0 R 7360 0 R 7361 0 R 7362 0 R 7363 0 R] +/Limits [(0:2248) (0:2488)] +>> endobj +7473 0 obj << +/Kids [7364 0 R 7365 0 R 7366 0 R 7367 0 R 7368 0 R 7369 0 R] +/Limits [(0:2489) (0:2713)] +>> endobj +7474 0 obj << +/Kids [7370 0 R 7371 0 R 7372 0 R 7373 0 R 7374 0 R 7375 0 R] +/Limits [(0:2714) (0:294)] +>> endobj +7475 0 obj << +/Kids [7376 0 R 7377 0 R 7378 0 R 7379 0 R 7380 0 R 7381 0 R] +/Limits [(0:2940) (0:3202)] +>> endobj +7476 0 obj << +/Kids [7382 0 R 7383 0 R 7384 0 R 7385 0 R 7386 0 R 7387 0 R] +/Limits [(0:3204) (0:3427)] +>> endobj +7477 0 obj << +/Kids [7388 0 R 7389 0 R 7390 0 R 7391 0 R 7392 0 R 7393 0 R] +/Limits [(0:3428) (0:3653)] +>> endobj +7478 0 obj << +/Kids [7394 0 R 7395 0 R 7396 0 R 7397 0 R 7398 0 R 7399 0 R] +/Limits [(0:3654) (0:3902)] +>> endobj +7479 0 obj << +/Kids [7400 0 R 7401 0 R 7402 0 R 7403 0 R 7404 0 R 7405 0 R] +/Limits [(0:3903) (0:4137)] +>> endobj +7480 0 obj << +/Kids [7406 0 R 7407 0 R 7408 0 R 7409 0 R 7410 0 R 7411 0 R] +/Limits [(0:4138) (0:4390)] +>> endobj +7481 0 obj << +/Kids [7412 0 R 7413 0 R 7414 0 R 7415 0 R 7416 0 R 7417 0 R] +/Limits [(0:4391) (0:4631)] +>> endobj +7482 0 obj << +/Kids [7418 0 R 7419 0 R 7420 0 R 7421 0 R 7422 0 R 7423 0 R] +/Limits [(0:4632) (0:4873)] +>> endobj +7483 0 obj << +/Kids [7424 0 R 7425 0 R 7426 0 R 7427 0 R 7428 0 R 7429 0 R] +/Limits [(0:4874) (0:5087)] +>> endobj +7484 0 obj << +/Kids [7430 0 R 7431 0 R 7432 0 R 7433 0 R 7434 0 R 7435 0 R] +/Limits [(0:5088) (0:53)] +>> endobj +7485 0 obj << +/Kids [7436 0 R 7437 0 R 7438 0 R 7439 0 R 7440 0 R 7441 0 R] +/Limits [(0:5300) (0:668)] +>> endobj +7486 0 obj << +/Kids [7442 0 R 7443 0 R 7444 0 R 7445 0 R 7446 0 R 7447 0 R] +/Limits [(0:669) (0:896)] +>> endobj +7487 0 obj << +/Kids [7448 0 R 7449 0 R 7450 0 R 7451 0 R 7452 0 R 7453 0 R] +/Limits [(0:897) (0:PID-FILE)] +>> endobj +7488 0 obj << +/Kids [7454 0 R 7455 0 R 7456 0 R 7457 0 R 7458 0 R 7459 0 R] +/Limits [(0:PIPES) (7.40.28.2)] +>> endobj +7489 0 obj << +/Kids [7460 0 R 7461 0 R 7462 0 R 7463 0 R 7464 0 R 7465 0 R] +/Limits [(7.41.1) (table.7)] +>> endobj +7490 0 obj << +/Kids [7466 0 R] +/Limits [(table.8) (table.9)] +>> endobj +7491 0 obj << +/Kids [7467 0 R 7468 0 R 7469 0 R 7470 0 R 7471 0 R 7472 0 R] +/Limits [(0:1007) (0:2488)] +>> endobj +7492 0 obj << +/Kids [7473 0 R 7474 0 R 7475 0 R 7476 0 R 7477 0 R 7478 0 R] +/Limits [(0:2489) (0:3902)] +>> endobj +7493 0 obj << +/Kids [7479 0 R 7480 0 R 7481 0 R 7482 0 R 7483 0 R 7484 0 R] +/Limits [(0:3903) (0:53)] +>> endobj +7494 0 obj << +/Kids [7485 0 R 7486 0 R 7487 0 R 7488 0 R 7489 0 R 7490 0 R] +/Limits [(0:5300) (table.9)] +>> endobj +7495 0 obj << +/Kids [7491 0 R 7492 0 R 7493 0 R 7494 0 R] +/Limits [(0:1007) (table.9)] +>> endobj +7496 0 obj << +/Dests 7495 0 R +>> endobj +7497 0 obj << +/Type /Catalog +/Pages 6497 0 R +/Outlines 6498 0 R +/Names 7496 0 R +/PageMode/UseOutlines/PageLabels << /Nums [0 << /P (1) >> 1 << /P (2) >> 2 << /P (iii) >> 3 << /P (iv) >> 4 << /P (v) >> 5 << /P (1) >> 6 << /P (2) >> 7 << /P (3) >> 8 << /P (4) >> 9 << /P (5) >> 10 << /P (6) >> 11 << /P (7) >> 12 << /P (8) >> 13 << /P (9) >> 14 << /P (10) >> 15 << /P (11) >> 16 << /P (12) >> 17 << /P (13) >> 18 << /P (14) >> 19 << /P (15) >> 20 << /P (16) >> 21 << /P (17) >> 22 << /P (18) >> 23 << /P (19) >> 24 << /P (20) >> 25 << /P (21) >> 26 << /P (22) >> 27 << /P (23) >> 28 << /P (24) >> 29 << /P (25) >> 30 << /P (26) >> 31 << /P (27) >> 32 << /P (28) >> 33 << /P (29) >> 34 << /P (30) >> 35 << /P (31) >> 36 << /P (32) >> 37 << /P (33) >> 38 << /P (34) >> 39 << /P (35) >> 40 << /P (36) >> 41 << /P (37) >> 42 << /P (38) >> 43 << /P (39) >> 44 << /P (40) >> 45 << /P (41) >> 46 << /P (42) >> 47 << /P (43) >> 48 << /P (44) >> 49 << /P (45) >> 50 << /P (46) >> 51 << /P (47) >> 52 << /P (48) >> 53 << /P (49) >> 54 << /P (50) >> 55 << /P (51) >> 56 << /P (52) >> 57 << /P (53) >> 58 << /P (54) >> 59 << /P (55) >> 60 << /P (56) >> 61 << /P (57) >> 62 << /P (58) >> 63 << /P (59) >> 64 << /P (60) >> 65 << /P (61) >> 66 << /P (62) >> 67 << /P (63) >> 68 << /P (64) >> 69 << /P (65) >> 70 << /P (66) >> 71 << /P (67) >> 72 << /P (68) >> 73 << /P (69) >> 74 << /P (70) >> 75 << /P (71) >> 76 << /P (72) >> 77 << /P (73) >> 78 << /P (74) >> 79 << /P (75) >> 80 << /P (76) >> 81 << /P (77) >> 82 << /P (78) >> 83 << /P (79) >> 84 << /P (80) >> 85 << /P (81) >> 86 << /P (82) >> 87 << /P (83) >> 88 << /P (84) >> 89 << /P (85) >> 90 << /P (86) >> 91 << /P (87) >> 92 << /P (88) >> 93 << /P (89) >> 94 << /P (90) >> 95 << /P (91) >> 96 << /P (92) >> 97 << /P (93) >> 98 << /P (94) >> 99 << /P (95) >> 100 << /P (96) >> 101 << /P (97) >> 102 << /P (98) >> 103 << /P (99) >> 104 << /P (100) >> 105 << /P (101) >> 106 << /P (102) >> 107 << /P (103) >> 108 << /P (104) >> 109 << /P (105) >> 110 << /P (106) >> 111 << /P (107) >> 112 << /P (108) >> 113 << /P (109) >> 114 << /P (110) >> 115 << /P (111) >> 116 << /P (112) >> 117 << /P (113) >> 118 << /P (114) >> 119 << /P (115) >> 120 << /P (116) >> 121 << /P (117) >> 122 << /P (118) >> 123 << /P (119) >> 124 << /P (120) >> 125 << /P (121) >> 126 << /P (122) >> 127 << /P (123) >> 128 << /P (124) >> 129 << /P (125) >> 130 << /P (126) >> 131 << /P (127) >> 132 << /P (128) >> 133 << /P (129) >> 134 << /P (130) >> 135 << /P (131) >> 136 << /P (132) >> 137 << /P (133) >> 138 << /P (134) >> 139 << /P (135) >> 140 << /P (136) >> 141 << /P (137) >> 142 << /P (138) >> 143 << /P (139) >> 144 << /P (140) >> 145 << /P (141) >> 146 << /P (142) >> 147 << /P (143) >> 148 << /P (144) >> 149 << /P (145) >> 150 << /P (146) >> 151 << /P (147) >> 152 << /P (148) >> 153 << /P (149) >> 154 << /P (150) >> 155 << /P (151) >> 156 << /P (152) >> 157 << /P (153) >> ] >> +/OpenAction 845 0 R +>> endobj +7498 0 obj << +/Author()/Title()/Subject()/Creator(LaTeX with hyperref package)/Producer(pdfTeX-1.40.3)/Keywords() +/CreationDate (D:20081031195503+01'00') +/ModDate (D:20081031195503+01'00') +/Trapped /False +/PTEX.Fullbanner (This is pdfTeX using libpoppler, Version 3.141592-1.40.3-2.2 (Web2C 7.5.6) kpathsea version 3.5.6) +>> endobj +xref +0 7499 +0000000000 65535 f +0000000015 00000 n +0000020596 00000 n +0000876434 00000 n +0000000054 00000 n +0000000116 00000 n +0000039147 00000 n +0000876349 00000 n +0000000155 00000 n +0000000190 00000 n +0000070564 00000 n +0000876262 00000 n +0000000229 00000 n +0000000271 00000 n +0000072661 00000 n +0000876134 00000 n +0000000311 00000 n +0000000365 00000 n +0000072973 00000 n +0000876060 00000 n +0000000407 00000 n +0000000439 00000 n +0000076925 00000 n +0000875973 00000 n +0000000481 00000 n +0000000517 00000 n +0000080443 00000 n +0000875886 00000 n +0000000559 00000 n +0000000603 00000 n +0000085646 00000 n +0000875762 00000 n +0000000645 00000 n +0000000691 00000 n +0000092029 00000 n +0000875701 00000 n +0000000735 00000 n +0000000792 00000 n +0000096931 00000 n +0000875614 00000 n +0000000834 00000 n +0000000863 00000 n +0000098637 00000 n +0000875490 00000 n +0000000905 00000 n +0000000936 00000 n +0000101411 00000 n +0000875429 00000 n +0000000980 00000 n +0000001028 00000 n +0000106261 00000 n +0000875342 00000 n +0000001070 00000 n +0000001103 00000 n +0000107646 00000 n +0000875255 00000 n +0000001145 00000 n +0000001201 00000 n +0000111170 00000 n +0000875168 00000 n +0000001243 00000 n +0000001278 00000 n +0000111924 00000 n +0000875044 00000 n +0000001321 00000 n +0000001372 00000 n +0000112364 00000 n +0000874970 00000 n +0000001417 00000 n +0000001475 00000 n +0000116260 00000 n +0000874883 00000 n +0000001520 00000 n +0000001563 00000 n +0000121380 00000 n +0000874759 00000 n +0000001608 00000 n +0000001648 00000 n +0000121505 00000 n +0000874685 00000 n +0000001695 00000 n +0000001744 00000 n +0000121818 00000 n +0000874611 00000 n +0000001791 00000 n +0000001826 00000 n +0000122256 00000 n +0000874500 00000 n +0000001871 00000 n +0000001913 00000 n +0000122381 00000 n +0000874426 00000 n +0000001960 00000 n +0000002009 00000 n +0000122695 00000 n +0000874352 00000 n +0000002056 00000 n +0000002091 00000 n +0000124995 00000 n +0000874277 00000 n +0000002134 00000 n +0000002173 00000 n +0000132658 00000 n +0000874144 00000 n +0000002214 00000 n +0000002264 00000 n +0000132783 00000 n +0000874065 00000 n +0000002308 00000 n +0000002346 00000 n +0000134241 00000 n +0000873972 00000 n +0000002390 00000 n +0000002456 00000 n +0000134810 00000 n +0000873879 00000 n +0000002500 00000 n +0000002547 00000 n +0000139932 00000 n +0000873786 00000 n +0000002591 00000 n +0000002623 00000 n +0000144771 00000 n +0000873693 00000 n +0000002667 00000 n +0000002700 00000 n +0000145150 00000 n +0000873600 00000 n +0000002744 00000 n +0000002786 00000 n +0000147335 00000 n +0000873507 00000 n +0000002830 00000 n +0000002891 00000 n +0000151237 00000 n +0000873414 00000 n +0000002935 00000 n +0000002993 00000 n +0000151614 00000 n +0000873321 00000 n +0000003037 00000 n +0000003109 00000 n +0000154183 00000 n +0000873228 00000 n +0000003153 00000 n +0000003212 00000 n +0000157370 00000 n +0000873149 00000 n +0000003256 00000 n +0000003307 00000 n +0000162683 00000 n +0000873015 00000 n +0000003348 00000 n +0000003414 00000 n +0000163062 00000 n +0000872897 00000 n +0000003458 00000 n +0000003490 00000 n +0000163570 00000 n +0000872818 00000 n +0000003536 00000 n +0000003578 00000 n +0000167427 00000 n +0000872739 00000 n +0000003624 00000 n +0000003658 00000 n +0000170730 00000 n +0000872646 00000 n +0000003702 00000 n +0000003755 00000 n +0000176082 00000 n +0000872553 00000 n +0000003799 00000 n +0000003876 00000 n +0000182312 00000 n +0000872421 00000 n +0000003920 00000 n +0000003950 00000 n +0000192585 00000 n +0000872356 00000 n +0000003996 00000 n +0000004056 00000 n +0000196756 00000 n +0000872224 00000 n +0000004100 00000 n +0000004133 00000 n +0000198021 00000 n +0000872159 00000 n +0000004180 00000 n +0000004237 00000 n +0000205552 00000 n +0000872027 00000 n +0000004281 00000 n +0000004316 00000 n +0000206311 00000 n +0000871962 00000 n +0000004363 00000 n +0000004397 00000 n +0000209134 00000 n +0000871869 00000 n +0000004441 00000 n +0000004485 00000 n +0000209385 00000 n +0000871776 00000 n +0000004529 00000 n +0000004561 00000 n +0000210654 00000 n +0000871644 00000 n +0000004605 00000 n +0000004637 00000 n +0000214762 00000 n +0000871565 00000 n +0000004684 00000 n +0000004746 00000 n +0000217796 00000 n +0000871472 00000 n +0000004793 00000 n +0000004856 00000 n +0000221069 00000 n +0000871393 00000 n +0000004903 00000 n +0000004966 00000 n +0000224378 00000 n +0000871300 00000 n +0000005010 00000 n +0000005061 00000 n +0000227758 00000 n +0000871207 00000 n +0000005105 00000 n +0000005137 00000 n +0000228706 00000 n +0000871089 00000 n +0000005181 00000 n +0000005219 00000 n +0000237551 00000 n +0000871010 00000 n +0000005266 00000 n +0000005316 00000 n +0000238246 00000 n +0000870917 00000 n +0000005363 00000 n +0000005415 00000 n +0000239810 00000 n +0000870838 00000 n +0000005462 00000 n +0000005517 00000 n +0000243162 00000 n +0000870704 00000 n +0000005558 00000 n +0000005636 00000 n +0000244488 00000 n +0000870625 00000 n +0000005680 00000 n +0000005719 00000 n +0000249480 00000 n +0000870532 00000 n +0000005763 00000 n +0000005816 00000 n +0000252918 00000 n +0000870439 00000 n +0000005860 00000 n +0000005900 00000 n +0000254942 00000 n +0000870306 00000 n +0000005944 00000 n +0000006024 00000 n +0000255130 00000 n +0000870227 00000 n +0000006071 00000 n +0000006117 00000 n +0000262174 00000 n +0000870095 00000 n +0000006164 00000 n +0000006219 00000 n +0000265957 00000 n +0000870030 00000 n +0000006268 00000 n +0000006302 00000 n +0000270926 00000 n +0000869937 00000 n +0000006349 00000 n +0000006417 00000 n +0000274922 00000 n +0000869844 00000 n +0000006464 00000 n +0000006549 00000 n +0000278498 00000 n +0000869751 00000 n +0000006596 00000 n +0000006643 00000 n +0000279637 00000 n +0000869619 00000 n +0000006690 00000 n +0000006731 00000 n +0000280271 00000 n +0000869554 00000 n +0000006780 00000 n +0000006850 00000 n +0000283175 00000 n +0000869461 00000 n +0000006897 00000 n +0000006949 00000 n +0000284125 00000 n +0000869368 00000 n +0000006996 00000 n +0000007042 00000 n +0000289045 00000 n +0000869275 00000 n +0000007089 00000 n +0000007149 00000 n +0000291894 00000 n +0000869196 00000 n +0000007196 00000 n +0000007262 00000 n +0000292145 00000 n +0000869103 00000 n +0000007306 00000 n +0000007384 00000 n +0000294677 00000 n +0000868971 00000 n +0000007428 00000 n +0000007471 00000 n +0000295752 00000 n +0000868906 00000 n +0000007518 00000 n +0000007568 00000 n +0000299002 00000 n +0000868813 00000 n +0000007612 00000 n +0000007672 00000 n +0000302388 00000 n +0000868720 00000 n +0000007716 00000 n +0000007768 00000 n +0000302956 00000 n +0000868588 00000 n +0000007812 00000 n +0000007884 00000 n +0000306558 00000 n +0000868509 00000 n +0000007931 00000 n +0000007984 00000 n +0000310287 00000 n +0000868430 00000 n +0000008031 00000 n +0000008071 00000 n +0000313087 00000 n +0000868298 00000 n +0000008115 00000 n +0000008166 00000 n +0000318639 00000 n +0000868219 00000 n +0000008213 00000 n +0000008254 00000 n +0000320868 00000 n +0000868126 00000 n +0000008301 00000 n +0000008355 00000 n +0000323192 00000 n +0000868033 00000 n +0000008402 00000 n +0000008458 00000 n +0000324773 00000 n +0000867954 00000 n +0000008505 00000 n +0000008547 00000 n +0000327411 00000 n +0000867861 00000 n +0000008591 00000 n +0000008647 00000 n +0000329469 00000 n +0000867768 00000 n +0000008691 00000 n +0000008753 00000 n +0000331531 00000 n +0000867675 00000 n +0000008797 00000 n +0000008862 00000 n +0000333930 00000 n +0000867543 00000 n +0000008906 00000 n +0000008974 00000 n +0000335450 00000 n +0000867478 00000 n +0000009021 00000 n +0000009070 00000 n +0000337554 00000 n +0000867346 00000 n +0000009114 00000 n +0000009163 00000 n +0000340708 00000 n +0000867267 00000 n +0000009210 00000 n +0000009245 00000 n +0000342296 00000 n +0000867188 00000 n +0000009292 00000 n +0000009341 00000 n +0000344203 00000 n +0000867056 00000 n +0000009385 00000 n +0000009438 00000 n +0000350676 00000 n +0000866977 00000 n +0000009485 00000 n +0000009520 00000 n +0000356113 00000 n +0000866898 00000 n +0000009567 00000 n +0000009616 00000 n +0000359760 00000 n +0000866805 00000 n +0000009660 00000 n +0000009693 00000 n +0000360456 00000 n +0000866712 00000 n +0000009737 00000 n +0000009781 00000 n +0000363941 00000 n +0000866594 00000 n +0000009825 00000 n +0000009912 00000 n +0000367593 00000 n +0000866515 00000 n +0000009959 00000 n +0000010008 00000 n +0000367781 00000 n +0000866436 00000 n +0000010055 00000 n +0000010105 00000 n +0000371191 00000 n +0000866302 00000 n +0000010146 00000 n +0000010209 00000 n +0000372207 00000 n +0000866223 00000 n +0000010253 00000 n +0000010285 00000 n +0000376062 00000 n +0000866130 00000 n +0000010329 00000 n +0000010382 00000 n +0000381244 00000 n +0000866037 00000 n +0000010426 00000 n +0000010471 00000 n +0000387244 00000 n +0000865944 00000 n +0000010515 00000 n +0000010570 00000 n +0000389625 00000 n +0000865812 00000 n +0000010614 00000 n +0000010711 00000 n +0000390385 00000 n +0000865733 00000 n +0000010758 00000 n +0000010803 00000 n +0000394527 00000 n +0000865654 00000 n +0000010850 00000 n +0000010890 00000 n +0000399055 00000 n +0000865561 00000 n +0000010934 00000 n +0000010995 00000 n +0000399942 00000 n +0000865468 00000 n +0000011039 00000 n +0000011088 00000 n +0000401924 00000 n +0000865375 00000 n +0000011132 00000 n +0000011184 00000 n +0000407932 00000 n +0000865282 00000 n +0000011228 00000 n +0000011259 00000 n +0000416330 00000 n +0000865189 00000 n +0000011303 00000 n +0000011374 00000 n +0000417470 00000 n +0000865057 00000 n +0000011418 00000 n +0000011471 00000 n +0000420091 00000 n +0000864978 00000 n +0000011518 00000 n +0000011575 00000 n +0000420724 00000 n +0000864899 00000 n +0000011622 00000 n +0000011678 00000 n +0000424248 00000 n +0000864806 00000 n +0000011722 00000 n +0000011762 00000 n +0000425200 00000 n +0000864713 00000 n +0000011806 00000 n +0000011852 00000 n +0000425516 00000 n +0000864634 00000 n +0000011896 00000 n +0000011940 00000 n +0000431656 00000 n +0000864501 00000 n +0000011981 00000 n +0000012039 00000 n +0000431908 00000 n +0000864422 00000 n +0000012083 00000 n +0000012113 00000 n +0000432161 00000 n +0000864329 00000 n +0000012157 00000 n +0000012204 00000 n +0000433047 00000 n +0000864211 00000 n +0000012248 00000 n +0000012298 00000 n +0000441992 00000 n +0000864146 00000 n +0000012345 00000 n +0000012396 00000 n +0000445811 00000 n +0000864013 00000 n +0000012438 00000 n +0000012524 00000 n +0000455964 00000 n +0000863948 00000 n +0000012569 00000 n +0000012617 00000 n +0000459396 00000 n +0000863815 00000 n +0000012659 00000 n +0000012717 00000 n +0000459713 00000 n +0000863697 00000 n +0000012762 00000 n +0000012808 00000 n +0000466233 00000 n +0000863632 00000 n +0000012856 00000 n +0000012939 00000 n +0000475409 00000 n +0000863553 00000 n +0000012984 00000 n +0000013031 00000 n +0000479725 00000 n +0000863420 00000 n +0000013073 00000 n +0000013131 00000 n +0000479851 00000 n +0000863301 00000 n +0000013176 00000 n +0000013233 00000 n +0000484365 00000 n +0000863222 00000 n +0000013281 00000 n +0000013321 00000 n +0000488621 00000 n +0000863090 00000 n +0000013369 00000 n +0000013428 00000 n +0000488810 00000 n +0000863011 00000 n +0000013478 00000 n +0000013532 00000 n +0000492355 00000 n +0000862932 00000 n +0000013582 00000 n +0000013636 00000 n +0000492991 00000 n +0000862800 00000 n +0000013684 00000 n +0000013734 00000 n +0000493117 00000 n +0000862721 00000 n +0000013784 00000 n +0000013837 00000 n +0000495872 00000 n +0000862628 00000 n +0000013888 00000 n +0000013952 00000 n +0000496380 00000 n +0000862535 00000 n +0000014003 00000 n +0000014077 00000 n +0000496950 00000 n +0000862456 00000 n +0000014128 00000 n +0000014187 00000 n +0000497331 00000 n +0000862324 00000 n +0000014235 00000 n +0000014289 00000 n +0000503050 00000 n +0000862259 00000 n +0000014340 00000 n +0000014385 00000 n +0000505593 00000 n +0000862127 00000 n +0000014433 00000 n +0000014475 00000 n +0000505781 00000 n +0000862062 00000 n +0000014526 00000 n +0000014572 00000 n +0000506033 00000 n +0000861930 00000 n +0000014620 00000 n +0000014663 00000 n +0000506348 00000 n +0000861865 00000 n +0000014714 00000 n +0000014760 00000 n +0000506537 00000 n +0000861733 00000 n +0000014808 00000 n +0000014854 00000 n +0000509308 00000 n +0000861668 00000 n +0000014905 00000 n +0000014951 00000 n +0000509560 00000 n +0000861536 00000 n +0000014999 00000 n +0000015045 00000 n +0000509812 00000 n +0000861471 00000 n +0000015096 00000 n +0000015142 00000 n +0000510064 00000 n +0000861339 00000 n +0000015190 00000 n +0000015233 00000 n +0000510951 00000 n +0000861274 00000 n +0000015284 00000 n +0000015330 00000 n +0000514342 00000 n +0000861142 00000 n +0000015378 00000 n +0000015424 00000 n +0000518100 00000 n +0000861077 00000 n +0000015475 00000 n +0000015522 00000 n +0000522578 00000 n +0000860945 00000 n +0000015570 00000 n +0000015618 00000 n +0000522831 00000 n +0000860880 00000 n +0000015669 00000 n +0000015716 00000 n +0000523080 00000 n +0000860801 00000 n +0000015764 00000 n +0000015804 00000 n +0000523333 00000 n +0000860683 00000 n +0000015849 00000 n +0000015911 00000 n +0000527352 00000 n +0000860565 00000 n +0000015959 00000 n +0000016002 00000 n +0000527477 00000 n +0000860486 00000 n +0000016053 00000 n +0000016093 00000 n +0000528303 00000 n +0000860407 00000 n +0000016144 00000 n +0000016184 00000 n +0000530991 00000 n +0000860314 00000 n +0000016232 00000 n +0000016284 00000 n +0000531499 00000 n +0000860221 00000 n +0000016332 00000 n +0000016386 00000 n +0000532004 00000 n +0000860128 00000 n +0000016434 00000 n +0000016493 00000 n +0000533078 00000 n +0000860049 00000 n +0000016541 00000 n +0000016594 00000 n +0000537286 00000 n +0000859916 00000 n +0000016636 00000 n +0000016683 00000 n +0000537412 00000 n +0000859837 00000 n +0000016728 00000 n +0000016759 00000 n +0000542066 00000 n +0000859744 00000 n +0000016804 00000 n +0000016857 00000 n +0000545807 00000 n +0000859651 00000 n +0000016902 00000 n +0000016955 00000 n +0000546186 00000 n +0000859558 00000 n +0000017000 00000 n +0000017036 00000 n +0000546498 00000 n +0000859479 00000 n +0000017081 00000 n +0000017114 00000 n +0000551539 00000 n +0000859346 00000 n +0000017156 00000 n +0000017230 00000 n +0000551664 00000 n +0000859267 00000 n +0000017275 00000 n +0000017307 00000 n +0000561485 00000 n +0000859174 00000 n +0000017352 00000 n +0000017422 00000 n +0000564572 00000 n +0000859081 00000 n +0000017467 00000 n +0000017542 00000 n +0000565586 00000 n +0000858988 00000 n +0000017587 00000 n +0000017638 00000 n +0000570121 00000 n +0000858909 00000 n +0000017683 00000 n +0000017713 00000 n +0000577399 00000 n +0000858776 00000 n +0000017755 00000 n +0000017815 00000 n +0000577525 00000 n +0000858697 00000 n +0000017860 00000 n +0000017892 00000 n +0000587307 00000 n +0000858604 00000 n +0000017937 00000 n +0000017969 00000 n +0000589276 00000 n +0000858525 00000 n +0000018014 00000 n +0000018043 00000 n +0000593839 00000 n +0000858391 00000 n +0000018085 00000 n +0000018151 00000 n +0000593965 00000 n +0000858273 00000 n +0000018196 00000 n +0000018228 00000 n +0000597650 00000 n +0000858208 00000 n +0000018276 00000 n +0000018315 00000 n +0000598346 00000 n +0000858115 00000 n +0000018360 00000 n +0000018399 00000 n +0000600987 00000 n +0000858022 00000 n +0000018444 00000 n +0000018487 00000 n +0000605717 00000 n +0000857929 00000 n +0000018532 00000 n +0000018575 00000 n +0000607862 00000 n +0000857836 00000 n +0000018620 00000 n +0000018673 00000 n +0000610360 00000 n +0000857743 00000 n +0000018718 00000 n +0000018778 00000 n +0000613978 00000 n +0000857650 00000 n +0000018823 00000 n +0000018876 00000 n +0000617517 00000 n +0000857557 00000 n +0000018921 00000 n +0000018972 00000 n +0000618715 00000 n +0000857464 00000 n +0000019017 00000 n +0000019065 00000 n +0000621095 00000 n +0000857371 00000 n +0000019110 00000 n +0000019179 00000 n +0000622865 00000 n +0000857278 00000 n +0000019224 00000 n +0000019273 00000 n +0000626102 00000 n +0000857185 00000 n +0000019319 00000 n +0000019372 00000 n +0000629718 00000 n +0000857092 00000 n +0000019418 00000 n +0000019452 00000 n +0000631612 00000 n +0000856999 00000 n +0000019498 00000 n +0000019537 00000 n +0000657392 00000 n +0000856906 00000 n +0000019583 00000 n +0000019617 00000 n +0000662013 00000 n +0000856827 00000 n +0000019663 00000 n +0000019696 00000 n +0000664905 00000 n +0000856708 00000 n +0000019738 00000 n +0000019793 00000 n +0000665477 00000 n +0000856629 00000 n +0000019839 00000 n +0000019871 00000 n +0000672736 00000 n +0000856536 00000 n +0000019917 00000 n +0000019949 00000 n +0000674253 00000 n +0000856457 00000 n +0000019995 00000 n +0000020026 00000 n +0000020293 00000 n +0000020656 00000 n +0000020078 00000 n +0000020413 00000 n +0000020474 00000 n +0000020535 00000 n +0000851285 00000 n +0000852342 00000 n +0000021616 00000 n +0000021435 00000 n +0000020728 00000 n +0000021555 00000 n +0000851986 00000 n +0000852162 00000 n +0000024696 00000 n +0000024846 00000 n +0000024996 00000 n +0000025153 00000 n +0000025310 00000 n +0000025476 00000 n +0000025642 00000 n +0000025812 00000 n +0000025982 00000 n +0000026148 00000 n +0000026314 00000 n +0000026480 00000 n +0000026647 00000 n +0000026809 00000 n +0000026972 00000 n +0000027137 00000 n +0000027302 00000 n +0000027468 00000 n +0000027634 00000 n +0000027802 00000 n +0000027970 00000 n +0000028135 00000 n +0000028300 00000 n +0000028450 00000 n +0000028601 00000 n +0000028755 00000 n +0000028909 00000 n +0000029058 00000 n +0000029208 00000 n +0000029365 00000 n +0000029522 00000 n +0000029677 00000 n +0000029832 00000 n +0000029999 00000 n +0000030166 00000 n +0000030318 00000 n +0000030470 00000 n +0000030623 00000 n +0000030776 00000 n +0000030938 00000 n +0000031100 00000 n +0000031281 00000 n +0000031462 00000 n +0000031640 00000 n +0000031819 00000 n +0000031990 00000 n +0000032161 00000 n +0000032313 00000 n +0000032466 00000 n +0000032618 00000 n +0000032770 00000 n +0000032934 00000 n +0000033098 00000 n +0000033248 00000 n +0000033398 00000 n +0000033557 00000 n +0000033716 00000 n +0000033871 00000 n +0000034026 00000 n +0000034189 00000 n +0000034352 00000 n +0000034511 00000 n +0000034670 00000 n +0000034838 00000 n +0000035006 00000 n +0000035173 00000 n +0000035340 00000 n +0000035497 00000 n +0000035655 00000 n +0000035814 00000 n +0000035973 00000 n +0000036124 00000 n +0000036275 00000 n +0000036433 00000 n +0000036591 00000 n +0000036746 00000 n +0000036901 00000 n +0000037058 00000 n +0000037215 00000 n +0000037365 00000 n +0000037515 00000 n +0000037673 00000 n +0000037831 00000 n +0000037991 00000 n +0000038151 00000 n +0000038302 00000 n +0000038454 00000 n +0000038608 00000 n +0000038762 00000 n +0000038924 00000 n +0000042480 00000 n +0000042655 00000 n +0000039207 00000 n +0000023844 00000 n +0000021714 00000 n +0000039086 00000 n +0000851810 00000 n +0000070502 00000 n +0000072599 00000 n +0000072911 00000 n +0000076865 00000 n +0000080381 00000 n +0000085585 00000 n +0000094948 00000 n +0000098575 00000 n +0000103620 00000 n +0000107584 00000 n +0000108780 00000 n +0000111862 00000 n +0000124933 00000 n +0000132596 00000 n +0000132721 00000 n +0000134179 00000 n +0000134748 00000 n +0000139870 00000 n +0000144709 00000 n +0000145088 00000 n +0000147273 00000 n +0000151176 00000 n +0000151552 00000 n +0000152058 00000 n +0000155577 00000 n +0000162621 00000 n +0000163001 00000 n +0000170668 00000 n +0000176021 00000 n +0000182250 00000 n +0000196694 00000 n +0000205490 00000 n +0000206628 00000 n +0000209323 00000 n +0000210592 00000 n +0000224316 00000 n +0000227696 00000 n +0000228645 00000 n +0000243100 00000 n +0000244426 00000 n +0000249420 00000 n +0000251072 00000 n +0000254880 00000 n +0000292082 00000 n +0000294614 00000 n +0000042830 00000 n +0000042988 00000 n +0000043146 00000 n +0000043299 00000 n +0000043452 00000 n +0000043606 00000 n +0000043760 00000 n +0000043912 00000 n +0000044064 00000 n +0000044220 00000 n +0000044376 00000 n +0000044531 00000 n +0000044686 00000 n +0000044844 00000 n +0000045002 00000 n +0000045157 00000 n +0000045312 00000 n +0000045464 00000 n +0000045616 00000 n +0000045768 00000 n +0000045920 00000 n +0000046084 00000 n +0000046248 00000 n +0000046411 00000 n +0000046575 00000 n +0000046725 00000 n +0000046875 00000 n +0000047028 00000 n +0000047181 00000 n +0000047334 00000 n +0000047488 00000 n +0000047640 00000 n +0000047792 00000 n +0000047967 00000 n +0000048143 00000 n +0000048325 00000 n +0000048507 00000 n +0000048667 00000 n +0000048827 00000 n +0000048975 00000 n +0000049123 00000 n +0000049294 00000 n +0000049465 00000 n +0000049617 00000 n +0000049769 00000 n +0000049921 00000 n +0000050073 00000 n +0000050232 00000 n +0000050391 00000 n +0000050540 00000 n +0000050689 00000 n +0000050851 00000 n +0000051013 00000 n +0000051183 00000 n +0000051353 00000 n +0000051505 00000 n +0000051657 00000 n +0000051808 00000 n +0000051959 00000 n +0000052127 00000 n +0000052295 00000 n +0000052466 00000 n +0000052637 00000 n +0000052795 00000 n +0000052953 00000 n +0000053111 00000 n +0000053268 00000 n +0000053425 00000 n +0000053581 00000 n +0000053748 00000 n +0000053914 00000 n +0000054082 00000 n +0000054249 00000 n +0000054405 00000 n +0000054560 00000 n +0000054714 00000 n +0000054867 00000 n +0000055028 00000 n +0000055188 00000 n +0000055349 00000 n +0000055509 00000 n +0000055668 00000 n +0000055826 00000 n +0000055978 00000 n +0000056129 00000 n +0000056291 00000 n +0000056452 00000 n +0000056613 00000 n +0000056773 00000 n +0000056924 00000 n +0000059323 00000 n +0000059488 00000 n +0000059652 00000 n +0000059825 00000 n +0000057137 00000 n +0000041519 00000 n +0000039318 00000 n +0000057074 00000 n +0000298939 00000 n +0000300082 00000 n +0000302893 00000 n +0000313024 00000 n +0000327348 00000 n +0000329406 00000 n +0000330037 00000 n +0000332099 00000 n +0000337491 00000 n +0000344140 00000 n +0000357505 00000 n +0000360393 00000 n +0000363878 00000 n +0000371128 00000 n +0000372144 00000 n +0000375999 00000 n +0000381181 00000 n +0000387181 00000 n +0000389562 00000 n +0000398992 00000 n +0000399879 00000 n +0000401862 00000 n +0000407869 00000 n +0000416267 00000 n +0000417407 00000 n +0000421738 00000 n +0000425137 00000 n +0000425453 00000 n +0000431593 00000 n +0000431845 00000 n +0000432098 00000 n +0000432984 00000 n +0000445748 00000 n +0000455901 00000 n +0000459333 00000 n +0000459650 00000 n +0000475346 00000 n +0000479662 00000 n +0000479788 00000 n +0000523270 00000 n +0000537223 00000 n +0000537349 00000 n +0000539822 00000 n +0000545744 00000 n +0000546123 00000 n +0000546435 00000 n +0000059997 00000 n +0000060161 00000 n +0000060324 00000 n +0000060488 00000 n +0000060651 00000 n +0000060823 00000 n +0000060994 00000 n +0000061144 00000 n +0000061293 00000 n +0000061450 00000 n +0000061607 00000 n +0000061773 00000 n +0000061938 00000 n +0000062103 00000 n +0000062267 00000 n +0000062430 00000 n +0000062592 00000 n +0000062760 00000 n +0000062927 00000 n +0000063083 00000 n +0000063238 00000 n +0000063398 00000 n +0000063557 00000 n +0000063721 00000 n +0000063884 00000 n +0000064048 00000 n +0000064211 00000 n +0000064385 00000 n +0000064558 00000 n +0000064739 00000 n +0000064919 00000 n +0000065088 00000 n +0000065256 00000 n +0000065416 00000 n +0000065575 00000 n +0000065739 00000 n +0000065902 00000 n +0000066066 00000 n +0000066229 00000 n +0000066389 00000 n +0000066548 00000 n +0000066706 00000 n +0000066863 00000 n +0000067016 00000 n +0000067168 00000 n +0000067327 00000 n +0000067485 00000 n +0000067639 00000 n +0000067792 00000 n +0000067956 00000 n +0000068119 00000 n +0000068280 00000 n +0000068440 00000 n +0000068599 00000 n +0000068757 00000 n +0000068916 00000 n +0000069074 00000 n +0000069232 00000 n +0000069452 00000 n +0000058630 00000 n +0000057236 00000 n +0000069389 00000 n +0000551476 00000 n +0000551601 00000 n +0000561423 00000 n +0000564510 00000 n +0000565523 00000 n +0000570058 00000 n +0000577336 00000 n +0000577462 00000 n +0000587244 00000 n +0000589213 00000 n +0000593776 00000 n +0000593902 00000 n +0000598283 00000 n +0000599743 00000 n +0000600925 00000 n +0000607800 00000 n +0000610297 00000 n +0000613915 00000 n +0000616000 00000 n +0000618653 00000 n +0000619598 00000 n +0000622802 00000 n +0000626039 00000 n +0000629655 00000 n +0000631549 00000 n +0000657329 00000 n +0000661950 00000 n +0000664842 00000 n +0000665414 00000 n +0000668624 00000 n +0000674190 00000 n +0000071193 00000 n +0000070379 00000 n +0000069551 00000 n +0000070625 00000 n +0000070688 00000 n +0000070751 00000 n +0000070815 00000 n +0000070878 00000 n +0000070940 00000 n +0000071002 00000 n +0000071065 00000 n +0000071129 00000 n +0000072281 00000 n +0000072449 00000 n +0000074748 00000 n +0000072127 00000 n +0000071292 00000 n +0000072723 00000 n +0000072786 00000 n +0000851458 00000 n +0000072848 00000 n +0000073035 00000 n +0000073098 00000 n +0000073161 00000 n +0000850931 00000 n +0000073225 00000 n +0000850577 00000 n +0000073289 00000 n +0000073352 00000 n +0000073415 00000 n +0000073479 00000 n +0000073543 00000 n +0000073607 00000 n +0000073671 00000 n +0000073735 00000 n +0000073799 00000 n +0000073863 00000 n +0000073927 00000 n +0000073990 00000 n +0000074053 00000 n +0000074117 00000 n +0000074181 00000 n +0000074244 00000 n +0000074306 00000 n +0000074369 00000 n +0000074432 00000 n +0000074495 00000 n +0000074558 00000 n +0000074622 00000 n +0000074686 00000 n +0000852463 00000 n +0000078446 00000 n +0000076044 00000 n +0000074889 00000 n +0000076168 00000 n +0000076231 00000 n +0000076293 00000 n +0000076357 00000 n +0000076420 00000 n +0000076483 00000 n +0000076547 00000 n +0000076611 00000 n +0000076674 00000 n +0000076737 00000 n +0000076801 00000 n +0000076987 00000 n +0000077050 00000 n +0000077113 00000 n +0000077176 00000 n +0000077239 00000 n +0000077303 00000 n +0000077367 00000 n +0000077431 00000 n +0000077495 00000 n +0000077558 00000 n +0000077620 00000 n +0000077684 00000 n +0000077748 00000 n +0000077812 00000 n +0000077876 00000 n +0000077938 00000 n +0000078002 00000 n +0000078065 00000 n +0000078128 00000 n +0000078192 00000 n +0000078256 00000 n +0000078319 00000 n +0000078382 00000 n +0000082407 00000 n +0000080005 00000 n +0000078573 00000 n +0000080129 00000 n +0000080192 00000 n +0000080254 00000 n +0000080317 00000 n +0000080504 00000 n +0000080566 00000 n +0000080630 00000 n +0000080694 00000 n +0000080758 00000 n +0000080822 00000 n +0000080886 00000 n +0000080949 00000 n +0000081013 00000 n +0000081076 00000 n +0000081140 00000 n +0000081203 00000 n +0000081267 00000 n +0000081330 00000 n +0000081393 00000 n +0000081457 00000 n +0000081520 00000 n +0000081584 00000 n +0000081647 00000 n +0000081711 00000 n +0000081775 00000 n +0000081838 00000 n +0000081901 00000 n +0000081964 00000 n +0000082028 00000 n +0000082091 00000 n +0000082154 00000 n +0000082217 00000 n +0000082280 00000 n +0000082343 00000 n +0000084586 00000 n +0000084737 00000 n +0000084891 00000 n +0000085055 00000 n +0000087678 00000 n +0000084414 00000 n +0000082534 00000 n +0000085205 00000 n +0000085268 00000 n +0000085330 00000 n +0000085393 00000 n +0000085457 00000 n +0000085521 00000 n +0000085708 00000 n +0000085771 00000 n +0000085834 00000 n +0000085898 00000 n +0000085962 00000 n +0000086026 00000 n +0000086089 00000 n +0000086152 00000 n +0000086216 00000 n +0000851632 00000 n +0000086280 00000 n +0000086343 00000 n +0000086407 00000 n +0000086471 00000 n +0000086535 00000 n +0000086598 00000 n +0000086662 00000 n +0000086726 00000 n +0000086789 00000 n +0000086853 00000 n +0000086916 00000 n +0000086979 00000 n +0000087043 00000 n +0000087106 00000 n +0000087169 00000 n +0000087233 00000 n +0000087297 00000 n +0000087361 00000 n +0000087424 00000 n +0000087488 00000 n +0000087551 00000 n +0000087614 00000 n +0000112301 00000 n +0000089667 00000 n +0000089820 00000 n +0000089975 00000 n +0000090130 00000 n +0000090281 00000 n +0000090437 00000 n +0000090592 00000 n +0000090748 00000 n +0000090908 00000 n +0000091066 00000 n +0000091224 00000 n +0000091381 00000 n +0000091531 00000 n +0000095010 00000 n +0000089414 00000 n +0000087846 00000 n +0000091712 00000 n +0000091775 00000 n +0000091838 00000 n +0000091902 00000 n +0000091966 00000 n +0000092091 00000 n +0000092154 00000 n +0000092217 00000 n +0000092280 00000 n +0000092344 00000 n +0000092408 00000 n +0000092471 00000 n +0000092535 00000 n +0000092597 00000 n +0000850752 00000 n +0000092659 00000 n +0000092722 00000 n +0000092786 00000 n +0000092850 00000 n +0000092914 00000 n +0000092977 00000 n +0000093041 00000 n +0000093105 00000 n +0000093168 00000 n +0000093232 00000 n +0000093296 00000 n +0000093359 00000 n +0000093423 00000 n +0000093487 00000 n +0000093550 00000 n +0000093613 00000 n +0000093676 00000 n +0000093740 00000 n +0000093803 00000 n +0000093867 00000 n +0000093931 00000 n +0000093994 00000 n +0000094058 00000 n +0000094121 00000 n +0000094184 00000 n +0000094248 00000 n +0000094311 00000 n +0000094375 00000 n +0000094438 00000 n +0000094502 00000 n +0000094565 00000 n +0000094629 00000 n +0000094692 00000 n +0000094756 00000 n +0000094820 00000 n +0000094884 00000 n +0000096708 00000 n +0000099204 00000 n +0000096563 00000 n +0000095164 00000 n +0000096868 00000 n +0000096992 00000 n +0000097055 00000 n +0000097119 00000 n +0000097182 00000 n +0000097245 00000 n +0000097309 00000 n +0000097372 00000 n +0000097435 00000 n +0000097499 00000 n +0000097562 00000 n +0000097625 00000 n +0000097689 00000 n +0000097752 00000 n +0000097815 00000 n +0000097878 00000 n +0000097942 00000 n +0000098005 00000 n +0000098068 00000 n +0000098131 00000 n +0000098194 00000 n +0000098258 00000 n +0000098321 00000 n +0000098385 00000 n +0000098448 00000 n +0000098511 00000 n +0000098699 00000 n +0000098762 00000 n +0000098825 00000 n +0000098888 00000 n +0000098952 00000 n +0000099014 00000 n +0000099077 00000 n +0000099141 00000 n +0000103682 00000 n +0000100653 00000 n +0000099344 00000 n +0000100777 00000 n +0000100840 00000 n +0000100903 00000 n +0000100967 00000 n +0000101030 00000 n +0000101094 00000 n +0000101158 00000 n +0000101221 00000 n +0000101284 00000 n +0000101348 00000 n +0000101473 00000 n +0000101536 00000 n +0000101599 00000 n +0000101663 00000 n +0000101726 00000 n +0000101788 00000 n +0000101850 00000 n +0000101914 00000 n +0000101977 00000 n +0000102041 00000 n +0000102104 00000 n +0000102167 00000 n +0000102231 00000 n +0000102294 00000 n +0000102357 00000 n +0000102420 00000 n +0000102484 00000 n +0000102545 00000 n +0000102607 00000 n +0000102669 00000 n +0000102733 00000 n +0000102796 00000 n +0000102860 00000 n +0000102923 00000 n +0000102986 00000 n +0000103050 00000 n +0000103113 00000 n +0000103176 00000 n +0000103239 00000 n +0000103303 00000 n +0000103366 00000 n +0000103429 00000 n +0000103493 00000 n +0000103556 00000 n +0000852588 00000 n +0000105878 00000 n +0000106030 00000 n +0000108842 00000 n +0000105724 00000 n +0000103836 00000 n +0000106198 00000 n +0000106323 00000 n +0000106386 00000 n +0000106449 00000 n +0000106513 00000 n +0000106576 00000 n +0000106638 00000 n +0000106701 00000 n +0000106763 00000 n +0000106827 00000 n +0000106891 00000 n +0000106954 00000 n +0000107018 00000 n +0000107081 00000 n +0000107145 00000 n +0000107209 00000 n +0000107271 00000 n +0000107333 00000 n +0000107396 00000 n +0000107459 00000 n +0000107520 00000 n +0000107708 00000 n +0000107771 00000 n +0000107834 00000 n +0000107897 00000 n +0000107960 00000 n +0000108024 00000 n +0000108087 00000 n +0000108151 00000 n +0000108214 00000 n +0000108278 00000 n +0000108342 00000 n +0000108406 00000 n +0000108469 00000 n +0000108532 00000 n +0000108592 00000 n +0000108652 00000 n +0000108716 00000 n +0000110948 00000 n +0000113880 00000 n +0000110803 00000 n +0000109010 00000 n +0000111107 00000 n +0000111232 00000 n +0000111295 00000 n +0000111359 00000 n +0000111420 00000 n +0000111481 00000 n +0000111545 00000 n +0000111608 00000 n +0000111672 00000 n +0000111735 00000 n +0000111798 00000 n +0000111985 00000 n +0000112048 00000 n +0000112111 00000 n +0000112174 00000 n +0000112237 00000 n +0000112426 00000 n +0000112489 00000 n +0000112552 00000 n +0000112616 00000 n +0000112680 00000 n +0000112744 00000 n +0000112807 00000 n +0000112869 00000 n +0000112931 00000 n +0000112994 00000 n +0000113057 00000 n +0000113121 00000 n +0000113185 00000 n +0000113248 00000 n +0000113311 00000 n +0000113375 00000 n +0000113439 00000 n +0000113501 00000 n +0000113564 00000 n +0000113628 00000 n +0000113692 00000 n +0000113754 00000 n +0000113817 00000 n +0000119241 00000 n +0000116073 00000 n +0000114035 00000 n +0000116197 00000 n +0000116322 00000 n +0000116385 00000 n +0000116448 00000 n +0000116512 00000 n +0000116575 00000 n +0000116638 00000 n +0000116702 00000 n +0000116766 00000 n +0000116830 00000 n +0000116894 00000 n +0000116956 00000 n +0000117019 00000 n +0000117082 00000 n +0000117146 00000 n +0000117210 00000 n +0000117274 00000 n +0000117337 00000 n +0000117401 00000 n +0000117465 00000 n +0000117528 00000 n +0000117591 00000 n +0000117654 00000 n +0000117717 00000 n +0000851106 00000 n +0000117781 00000 n +0000117845 00000 n +0000117908 00000 n +0000117971 00000 n +0000118035 00000 n +0000118098 00000 n +0000118162 00000 n +0000118226 00000 n +0000118289 00000 n +0000118353 00000 n +0000118417 00000 n +0000118480 00000 n +0000118544 00000 n +0000118608 00000 n +0000118671 00000 n +0000118734 00000 n +0000118797 00000 n +0000118860 00000 n +0000118924 00000 n +0000118988 00000 n +0000119050 00000 n +0000119114 00000 n +0000119178 00000 n +0000122946 00000 n +0000121193 00000 n +0000119423 00000 n +0000121317 00000 n +0000121442 00000 n +0000121566 00000 n +0000121629 00000 n +0000121692 00000 n +0000121755 00000 n +0000121880 00000 n +0000121943 00000 n +0000122006 00000 n +0000122067 00000 n +0000122130 00000 n +0000122193 00000 n +0000122318 00000 n +0000122443 00000 n +0000122506 00000 n +0000122569 00000 n +0000122632 00000 n +0000122757 00000 n +0000122820 00000 n +0000122883 00000 n +0000126252 00000 n +0000124746 00000 n +0000123073 00000 n +0000124870 00000 n +0000125057 00000 n +0000125120 00000 n +0000125183 00000 n +0000125247 00000 n +0000125310 00000 n +0000125373 00000 n +0000850432 00000 n +0000125435 00000 n +0000125498 00000 n +0000125561 00000 n +0000125624 00000 n +0000125687 00000 n +0000850287 00000 n +0000125751 00000 n +0000125814 00000 n +0000125877 00000 n +0000125938 00000 n +0000126001 00000 n +0000126064 00000 n +0000126127 00000 n +0000126190 00000 n +0000130622 00000 n +0000128029 00000 n +0000126421 00000 n +0000128153 00000 n +0000128216 00000 n +0000128280 00000 n +0000128344 00000 n +0000128407 00000 n +0000128471 00000 n +0000128535 00000 n +0000128598 00000 n +0000128662 00000 n +0000128726 00000 n +0000128789 00000 n +0000128853 00000 n +0000128917 00000 n +0000128980 00000 n +0000129044 00000 n +0000129108 00000 n +0000129171 00000 n +0000129235 00000 n +0000129299 00000 n +0000129361 00000 n +0000129424 00000 n +0000129487 00000 n +0000129550 00000 n +0000129613 00000 n +0000129676 00000 n +0000129740 00000 n +0000129803 00000 n +0000129866 00000 n +0000129930 00000 n +0000129993 00000 n +0000130056 00000 n +0000130119 00000 n +0000130183 00000 n +0000130246 00000 n +0000130308 00000 n +0000130370 00000 n +0000130433 00000 n +0000130496 00000 n +0000130558 00000 n +0000852713 00000 n +0000134936 00000 n +0000132409 00000 n +0000130763 00000 n +0000132533 00000 n +0000132846 00000 n +0000132909 00000 n +0000132972 00000 n +0000133034 00000 n +0000133097 00000 n +0000133161 00000 n +0000133225 00000 n +0000133288 00000 n +0000133352 00000 n +0000133416 00000 n +0000133479 00000 n +0000133543 00000 n +0000133607 00000 n +0000133671 00000 n +0000133735 00000 n +0000133799 00000 n +0000133862 00000 n +0000133925 00000 n +0000133988 00000 n +0000134052 00000 n +0000134115 00000 n +0000134303 00000 n +0000134366 00000 n +0000134429 00000 n +0000134493 00000 n +0000134557 00000 n +0000134620 00000 n +0000134684 00000 n +0000134873 00000 n +0000140121 00000 n +0000136836 00000 n +0000135048 00000 n +0000136960 00000 n +0000137023 00000 n +0000137086 00000 n +0000137149 00000 n +0000137212 00000 n +0000137276 00000 n +0000137339 00000 n +0000137403 00000 n +0000137466 00000 n +0000137530 00000 n +0000137593 00000 n +0000137657 00000 n +0000137721 00000 n +0000137785 00000 n +0000137846 00000 n +0000137907 00000 n +0000137970 00000 n +0000138034 00000 n +0000138098 00000 n +0000138162 00000 n +0000138225 00000 n +0000138288 00000 n +0000138351 00000 n +0000138414 00000 n +0000138477 00000 n +0000138541 00000 n +0000138605 00000 n +0000138668 00000 n +0000138732 00000 n +0000138796 00000 n +0000138859 00000 n +0000138922 00000 n +0000138985 00000 n +0000139048 00000 n +0000139112 00000 n +0000139176 00000 n +0000139239 00000 n +0000139302 00000 n +0000139366 00000 n +0000139426 00000 n +0000139489 00000 n +0000139553 00000 n +0000139617 00000 n +0000139681 00000 n +0000139744 00000 n +0000139807 00000 n +0000139995 00000 n +0000140058 00000 n +0000142397 00000 n +0000145592 00000 n +0000142252 00000 n +0000140220 00000 n +0000142550 00000 n +0000142613 00000 n +0000142676 00000 n +0000142740 00000 n +0000142804 00000 n +0000142866 00000 n +0000142929 00000 n +0000142992 00000 n +0000143055 00000 n +0000143119 00000 n +0000143183 00000 n +0000143245 00000 n +0000143309 00000 n +0000143373 00000 n +0000143437 00000 n +0000143501 00000 n +0000143564 00000 n +0000143628 00000 n +0000143692 00000 n +0000143755 00000 n +0000143819 00000 n +0000143883 00000 n +0000143947 00000 n +0000144010 00000 n +0000144073 00000 n +0000144136 00000 n +0000144199 00000 n +0000144263 00000 n +0000144327 00000 n +0000144390 00000 n +0000144454 00000 n +0000144518 00000 n +0000144581 00000 n +0000144645 00000 n +0000144834 00000 n +0000144897 00000 n +0000144960 00000 n +0000145024 00000 n +0000145213 00000 n +0000145275 00000 n +0000145337 00000 n +0000145401 00000 n +0000145465 00000 n +0000145529 00000 n +0000197958 00000 n +0000146933 00000 n +0000147652 00000 n +0000146788 00000 n +0000145718 00000 n +0000147084 00000 n +0000147147 00000 n +0000147210 00000 n +0000147398 00000 n +0000147461 00000 n +0000147525 00000 n +0000147589 00000 n +0000274859 00000 n +0000149685 00000 n +0000149836 00000 n +0000149993 00000 n +0000152120 00000 n +0000149522 00000 n +0000147778 00000 n +0000150161 00000 n +0000150224 00000 n +0000150287 00000 n +0000150351 00000 n +0000150415 00000 n +0000150478 00000 n +0000150540 00000 n +0000150604 00000 n +0000150667 00000 n +0000150731 00000 n +0000150794 00000 n +0000150858 00000 n +0000150921 00000 n +0000150985 00000 n +0000151049 00000 n +0000151112 00000 n +0000151300 00000 n +0000151362 00000 n +0000151425 00000 n +0000151488 00000 n +0000151676 00000 n +0000151739 00000 n +0000151803 00000 n +0000151867 00000 n +0000151930 00000 n +0000151994 00000 n +0000255068 00000 n +0000155639 00000 n +0000153996 00000 n +0000152232 00000 n +0000154120 00000 n +0000154246 00000 n +0000154309 00000 n +0000154373 00000 n +0000154436 00000 n +0000154500 00000 n +0000154563 00000 n +0000154627 00000 n +0000154690 00000 n +0000154754 00000 n +0000154817 00000 n +0000154880 00000 n +0000154944 00000 n +0000155007 00000 n +0000155070 00000 n +0000155134 00000 n +0000155197 00000 n +0000155260 00000 n +0000155323 00000 n +0000155386 00000 n +0000155450 00000 n +0000155513 00000 n +0000852838 00000 n +0000160225 00000 n +0000157183 00000 n +0000155765 00000 n +0000157307 00000 n +0000157432 00000 n +0000157495 00000 n +0000157559 00000 n +0000157622 00000 n +0000157686 00000 n +0000157750 00000 n +0000157813 00000 n +0000157876 00000 n +0000157939 00000 n +0000158002 00000 n +0000158065 00000 n +0000158129 00000 n +0000158192 00000 n +0000158256 00000 n +0000158319 00000 n +0000158383 00000 n +0000158446 00000 n +0000158509 00000 n +0000158572 00000 n +0000158635 00000 n +0000158698 00000 n +0000158762 00000 n +0000158826 00000 n +0000158889 00000 n +0000158953 00000 n +0000159017 00000 n +0000159080 00000 n +0000159144 00000 n +0000159207 00000 n +0000159271 00000 n +0000159334 00000 n +0000159398 00000 n +0000159461 00000 n +0000159525 00000 n +0000159589 00000 n +0000159653 00000 n +0000159716 00000 n +0000159780 00000 n +0000159844 00000 n +0000159908 00000 n +0000159971 00000 n +0000160035 00000 n +0000160097 00000 n +0000160161 00000 n +0000162404 00000 n +0000164773 00000 n +0000162259 00000 n +0000160351 00000 n +0000162558 00000 n +0000162746 00000 n +0000162809 00000 n +0000162873 00000 n +0000162937 00000 n +0000163125 00000 n +0000163188 00000 n +0000163251 00000 n +0000163315 00000 n +0000163379 00000 n +0000163443 00000 n +0000163507 00000 n +0000163633 00000 n +0000163696 00000 n +0000163760 00000 n +0000163823 00000 n +0000163886 00000 n +0000163948 00000 n +0000164012 00000 n +0000164076 00000 n +0000164139 00000 n +0000164202 00000 n +0000164264 00000 n +0000164328 00000 n +0000164392 00000 n +0000164456 00000 n +0000164519 00000 n +0000164583 00000 n +0000164646 00000 n +0000164710 00000 n +0000166291 00000 n +0000166447 00000 n +0000167932 00000 n +0000166137 00000 n +0000164886 00000 n +0000166603 00000 n +0000166666 00000 n +0000166730 00000 n +0000166793 00000 n +0000166857 00000 n +0000166920 00000 n +0000166984 00000 n +0000167048 00000 n +0000167110 00000 n +0000167174 00000 n +0000167238 00000 n +0000167301 00000 n +0000167364 00000 n +0000167490 00000 n +0000167553 00000 n +0000167616 00000 n +0000167680 00000 n +0000167743 00000 n +0000167806 00000 n +0000167869 00000 n +0000172063 00000 n +0000170168 00000 n +0000168045 00000 n +0000170292 00000 n +0000170355 00000 n +0000170418 00000 n +0000170480 00000 n +0000170542 00000 n +0000170605 00000 n +0000170793 00000 n +0000170856 00000 n +0000170919 00000 n +0000170982 00000 n +0000171045 00000 n +0000171108 00000 n +0000171172 00000 n +0000171236 00000 n +0000171300 00000 n +0000171363 00000 n +0000171427 00000 n +0000171491 00000 n +0000171554 00000 n +0000171618 00000 n +0000171682 00000 n +0000171746 00000 n +0000171810 00000 n +0000171873 00000 n +0000171937 00000 n +0000172001 00000 n +0000174293 00000 n +0000174449 00000 n +0000174601 00000 n +0000177474 00000 n +0000174130 00000 n +0000172176 00000 n +0000174752 00000 n +0000174815 00000 n +0000174877 00000 n +0000174941 00000 n +0000175005 00000 n +0000175068 00000 n +0000175131 00000 n +0000175195 00000 n +0000175259 00000 n +0000175323 00000 n +0000175386 00000 n +0000175450 00000 n +0000175514 00000 n +0000175578 00000 n +0000175640 00000 n +0000175704 00000 n +0000175768 00000 n +0000175832 00000 n +0000175895 00000 n +0000175958 00000 n +0000176145 00000 n +0000176207 00000 n +0000176271 00000 n +0000176335 00000 n +0000176398 00000 n +0000176462 00000 n +0000176526 00000 n +0000176590 00000 n +0000176653 00000 n +0000176716 00000 n +0000176778 00000 n +0000176841 00000 n +0000176904 00000 n +0000176967 00000 n +0000177031 00000 n +0000177094 00000 n +0000177157 00000 n +0000177220 00000 n +0000177284 00000 n +0000177347 00000 n +0000177411 00000 n +0000180664 00000 n +0000179337 00000 n +0000177601 00000 n +0000179461 00000 n +0000179524 00000 n +0000179588 00000 n +0000179651 00000 n +0000179714 00000 n +0000179777 00000 n +0000179840 00000 n +0000179903 00000 n +0000179966 00000 n +0000180029 00000 n +0000180093 00000 n +0000180157 00000 n +0000180220 00000 n +0000180283 00000 n +0000180347 00000 n +0000180411 00000 n +0000180475 00000 n +0000180538 00000 n +0000180601 00000 n +0000852963 00000 n +0000183895 00000 n +0000182001 00000 n +0000180832 00000 n +0000182125 00000 n +0000182188 00000 n +0000182375 00000 n +0000182438 00000 n +0000182502 00000 n +0000182565 00000 n +0000182628 00000 n +0000182692 00000 n +0000182756 00000 n +0000182819 00000 n +0000182882 00000 n +0000182945 00000 n +0000183008 00000 n +0000183071 00000 n +0000183134 00000 n +0000183197 00000 n +0000183261 00000 n +0000183325 00000 n +0000183389 00000 n +0000183451 00000 n +0000183514 00000 n +0000183577 00000 n +0000183641 00000 n +0000183705 00000 n +0000183769 00000 n +0000183831 00000 n +0000187672 00000 n +0000185394 00000 n +0000184049 00000 n +0000185518 00000 n +0000185581 00000 n +0000185643 00000 n +0000185706 00000 n +0000185770 00000 n +0000185834 00000 n +0000185898 00000 n +0000185961 00000 n +0000186024 00000 n +0000186086 00000 n +0000186150 00000 n +0000186214 00000 n +0000186278 00000 n +0000186341 00000 n +0000186404 00000 n +0000186467 00000 n +0000186531 00000 n +0000186595 00000 n +0000186658 00000 n +0000186721 00000 n +0000186785 00000 n +0000186847 00000 n +0000186910 00000 n +0000186974 00000 n +0000187038 00000 n +0000187102 00000 n +0000187165 00000 n +0000187229 00000 n +0000187292 00000 n +0000187355 00000 n +0000187419 00000 n +0000187483 00000 n +0000187547 00000 n +0000187608 00000 n +0000190160 00000 n +0000188960 00000 n +0000187785 00000 n +0000189084 00000 n +0000189147 00000 n +0000189210 00000 n +0000189273 00000 n +0000189337 00000 n +0000189401 00000 n +0000189465 00000 n +0000189528 00000 n +0000189590 00000 n +0000189654 00000 n +0000189718 00000 n +0000189782 00000 n +0000189845 00000 n +0000189908 00000 n +0000189971 00000 n +0000190034 00000 n +0000190097 00000 n +0000192211 00000 n +0000192370 00000 n +0000196044 00000 n +0000196195 00000 n +0000194099 00000 n +0000192057 00000 n +0000190287 00000 n +0000192522 00000 n +0000192648 00000 n +0000192711 00000 n +0000192775 00000 n +0000192839 00000 n +0000192902 00000 n +0000192965 00000 n +0000193028 00000 n +0000193091 00000 n +0000193155 00000 n +0000193218 00000 n +0000193280 00000 n +0000193343 00000 n +0000193406 00000 n +0000193469 00000 n +0000193531 00000 n +0000193593 00000 n +0000193656 00000 n +0000193720 00000 n +0000193783 00000 n +0000193846 00000 n +0000193910 00000 n +0000193973 00000 n +0000194036 00000 n +0000196346 00000 n +0000198656 00000 n +0000195881 00000 n +0000194254 00000 n +0000196503 00000 n +0000196566 00000 n +0000196630 00000 n +0000196819 00000 n +0000196882 00000 n +0000196945 00000 n +0000197008 00000 n +0000197071 00000 n +0000197135 00000 n +0000197199 00000 n +0000197263 00000 n +0000197326 00000 n +0000197390 00000 n +0000197453 00000 n +0000197517 00000 n +0000197580 00000 n +0000197643 00000 n +0000197706 00000 n +0000197769 00000 n +0000197832 00000 n +0000197895 00000 n +0000198083 00000 n +0000198146 00000 n +0000198210 00000 n +0000198274 00000 n +0000198338 00000 n +0000198402 00000 n +0000198465 00000 n +0000198528 00000 n +0000198592 00000 n +0000201183 00000 n +0000204997 00000 n +0000205148 00000 n +0000203236 00000 n +0000201038 00000 n +0000198810 00000 n +0000201337 00000 n +0000201400 00000 n +0000201463 00000 n +0000201527 00000 n +0000201591 00000 n +0000201654 00000 n +0000201718 00000 n +0000201782 00000 n +0000201845 00000 n +0000201908 00000 n +0000201971 00000 n +0000202034 00000 n +0000202097 00000 n +0000202159 00000 n +0000202223 00000 n +0000202286 00000 n +0000202349 00000 n +0000202412 00000 n +0000202475 00000 n +0000202538 00000 n +0000202602 00000 n +0000202665 00000 n +0000202728 00000 n +0000202792 00000 n +0000202855 00000 n +0000202919 00000 n +0000202982 00000 n +0000203046 00000 n +0000203110 00000 n +0000203174 00000 n +0000853088 00000 n +0000208858 00000 n +0000206690 00000 n +0000204843 00000 n +0000203404 00000 n +0000205299 00000 n +0000205362 00000 n +0000205426 00000 n +0000205615 00000 n +0000205678 00000 n +0000205741 00000 n +0000205804 00000 n +0000205867 00000 n +0000205931 00000 n +0000205995 00000 n +0000206059 00000 n +0000206122 00000 n +0000206185 00000 n +0000206248 00000 n +0000206374 00000 n +0000206437 00000 n +0000206501 00000 n +0000206565 00000 n +0000211347 00000 n +0000208713 00000 n +0000206830 00000 n +0000209009 00000 n +0000209072 00000 n +0000209197 00000 n +0000209260 00000 n +0000209447 00000 n +0000209509 00000 n +0000209573 00000 n +0000209637 00000 n +0000209700 00000 n +0000209763 00000 n +0000209827 00000 n +0000209890 00000 n +0000209954 00000 n +0000210018 00000 n +0000210082 00000 n +0000210146 00000 n +0000210209 00000 n +0000210272 00000 n +0000210336 00000 n +0000210400 00000 n +0000210464 00000 n +0000210528 00000 n +0000210717 00000 n +0000210780 00000 n +0000210843 00000 n +0000210906 00000 n +0000210969 00000 n +0000211033 00000 n +0000211096 00000 n +0000211158 00000 n +0000211221 00000 n +0000211284 00000 n +0000215769 00000 n +0000212614 00000 n +0000211515 00000 n +0000212738 00000 n +0000212801 00000 n +0000212863 00000 n +0000212926 00000 n +0000212990 00000 n +0000213054 00000 n +0000213118 00000 n +0000213181 00000 n +0000213244 00000 n +0000213307 00000 n +0000213371 00000 n +0000213435 00000 n +0000213499 00000 n +0000213562 00000 n +0000213625 00000 n +0000213688 00000 n +0000213751 00000 n +0000213814 00000 n +0000213877 00000 n +0000213940 00000 n +0000214003 00000 n +0000214066 00000 n +0000214129 00000 n +0000214192 00000 n +0000214255 00000 n +0000214318 00000 n +0000214381 00000 n +0000214444 00000 n +0000214508 00000 n +0000214572 00000 n +0000214636 00000 n +0000214699 00000 n +0000214823 00000 n +0000214886 00000 n +0000214949 00000 n +0000215012 00000 n +0000215074 00000 n +0000215136 00000 n +0000215199 00000 n +0000215263 00000 n +0000850141 00000 n +0000215327 00000 n +0000215390 00000 n +0000215454 00000 n +0000215518 00000 n +0000215581 00000 n +0000215644 00000 n +0000215707 00000 n +0000218872 00000 n +0000217481 00000 n +0000215909 00000 n +0000217605 00000 n +0000217668 00000 n +0000217732 00000 n +0000217858 00000 n +0000217921 00000 n +0000217984 00000 n +0000218048 00000 n +0000218112 00000 n +0000218176 00000 n +0000218240 00000 n +0000218303 00000 n +0000218367 00000 n +0000218431 00000 n +0000218494 00000 n +0000218557 00000 n +0000218620 00000 n +0000218684 00000 n +0000218747 00000 n +0000218810 00000 n +0000222084 00000 n +0000220565 00000 n +0000219082 00000 n +0000220689 00000 n +0000220752 00000 n +0000220815 00000 n +0000220879 00000 n +0000220942 00000 n +0000221006 00000 n +0000221132 00000 n +0000221195 00000 n +0000221258 00000 n +0000221321 00000 n +0000221385 00000 n +0000221449 00000 n +0000221513 00000 n +0000221577 00000 n +0000221640 00000 n +0000221703 00000 n +0000221766 00000 n +0000221830 00000 n +0000221894 00000 n +0000221957 00000 n +0000222020 00000 n +0000225013 00000 n +0000223687 00000 n +0000222252 00000 n +0000223811 00000 n +0000223874 00000 n +0000223936 00000 n +0000223999 00000 n +0000224062 00000 n +0000224125 00000 n +0000224189 00000 n +0000224252 00000 n +0000224440 00000 n +0000224503 00000 n +0000224567 00000 n +0000224631 00000 n +0000224695 00000 n +0000224758 00000 n +0000224822 00000 n +0000224886 00000 n +0000224950 00000 n +0000853213 00000 n +0000229022 00000 n +0000227065 00000 n +0000225153 00000 n +0000227189 00000 n +0000227252 00000 n +0000227315 00000 n +0000227379 00000 n +0000227442 00000 n +0000227506 00000 n +0000227569 00000 n +0000227632 00000 n +0000227821 00000 n +0000227884 00000 n +0000227947 00000 n +0000228011 00000 n +0000228073 00000 n +0000228136 00000 n +0000228199 00000 n +0000228262 00000 n +0000228326 00000 n +0000228390 00000 n +0000228453 00000 n +0000228517 00000 n +0000228581 00000 n +0000228769 00000 n +0000228832 00000 n +0000228895 00000 n +0000228959 00000 n +0000232229 00000 n +0000231093 00000 n +0000229190 00000 n +0000231217 00000 n +0000231280 00000 n +0000231344 00000 n +0000231407 00000 n +0000231470 00000 n +0000231533 00000 n +0000231597 00000 n +0000231661 00000 n +0000231724 00000 n +0000231787 00000 n +0000231850 00000 n +0000231914 00000 n +0000231977 00000 n +0000232040 00000 n +0000232103 00000 n +0000232166 00000 n +0000236243 00000 n +0000234223 00000 n +0000232384 00000 n +0000234347 00000 n +0000234410 00000 n +0000234473 00000 n +0000234536 00000 n +0000234599 00000 n +0000234663 00000 n +0000234726 00000 n +0000234789 00000 n +0000234853 00000 n +0000234916 00000 n +0000234979 00000 n +0000235042 00000 n +0000235106 00000 n +0000235169 00000 n +0000235233 00000 n +0000235295 00000 n +0000235358 00000 n +0000235421 00000 n +0000235485 00000 n +0000235548 00000 n +0000235612 00000 n +0000235675 00000 n +0000235738 00000 n +0000235801 00000 n +0000235864 00000 n +0000235927 00000 n +0000235991 00000 n +0000236053 00000 n +0000236116 00000 n +0000236180 00000 n +0000238562 00000 n +0000237364 00000 n +0000236425 00000 n +0000237488 00000 n +0000237614 00000 n +0000237677 00000 n +0000237741 00000 n +0000237805 00000 n +0000237868 00000 n +0000237931 00000 n +0000237994 00000 n +0000238057 00000 n +0000238120 00000 n +0000238183 00000 n +0000238309 00000 n +0000238372 00000 n +0000238436 00000 n +0000238499 00000 n +0000240634 00000 n +0000239623 00000 n +0000238675 00000 n +0000239747 00000 n +0000239873 00000 n +0000239936 00000 n +0000239999 00000 n +0000240062 00000 n +0000240126 00000 n +0000240190 00000 n +0000240254 00000 n +0000240318 00000 n +0000240382 00000 n +0000240445 00000 n +0000240508 00000 n +0000240571 00000 n +0000242585 00000 n +0000242737 00000 n +0000242887 00000 n +0000246196 00000 n +0000242422 00000 n +0000240761 00000 n +0000243037 00000 n +0000243224 00000 n +0000243287 00000 n +0000243351 00000 n +0000243414 00000 n +0000243477 00000 n +0000243541 00000 n +0000243605 00000 n +0000243668 00000 n +0000243731 00000 n +0000243795 00000 n +0000243858 00000 n +0000243921 00000 n +0000243985 00000 n +0000244049 00000 n +0000244112 00000 n +0000244174 00000 n +0000244236 00000 n +0000244299 00000 n +0000244362 00000 n +0000244551 00000 n +0000244614 00000 n +0000244678 00000 n +0000244741 00000 n +0000244804 00000 n +0000244867 00000 n +0000244931 00000 n +0000244994 00000 n +0000245057 00000 n +0000245120 00000 n +0000245183 00000 n +0000245245 00000 n +0000245308 00000 n +0000245372 00000 n +0000245435 00000 n +0000245498 00000 n +0000245562 00000 n +0000245626 00000 n +0000245689 00000 n +0000245753 00000 n +0000245816 00000 n +0000245879 00000 n +0000245942 00000 n +0000246004 00000 n +0000246068 00000 n +0000246132 00000 n +0000853338 00000 n +0000251134 00000 n +0000247964 00000 n +0000246309 00000 n +0000248088 00000 n +0000248151 00000 n +0000248215 00000 n +0000248279 00000 n +0000248342 00000 n +0000248406 00000 n +0000248469 00000 n +0000248532 00000 n +0000248595 00000 n +0000248659 00000 n +0000248723 00000 n +0000248787 00000 n +0000248851 00000 n +0000248915 00000 n +0000248978 00000 n +0000249041 00000 n +0000249105 00000 n +0000249168 00000 n +0000249232 00000 n +0000249294 00000 n +0000249356 00000 n +0000249543 00000 n +0000249606 00000 n +0000249670 00000 n +0000249734 00000 n +0000249798 00000 n +0000249862 00000 n +0000249925 00000 n +0000249989 00000 n +0000250052 00000 n +0000250116 00000 n +0000250180 00000 n +0000250244 00000 n +0000250308 00000 n +0000250372 00000 n +0000250436 00000 n +0000250500 00000 n +0000250564 00000 n +0000250627 00000 n +0000250690 00000 n +0000250753 00000 n +0000250817 00000 n +0000250881 00000 n +0000250944 00000 n +0000251008 00000 n +0000252703 00000 n +0000255319 00000 n +0000252558 00000 n +0000251274 00000 n +0000252855 00000 n +0000252981 00000 n +0000253044 00000 n +0000253107 00000 n +0000253171 00000 n +0000253234 00000 n +0000253297 00000 n +0000253360 00000 n +0000253423 00000 n +0000253487 00000 n +0000253549 00000 n +0000253612 00000 n +0000253674 00000 n +0000253738 00000 n +0000253800 00000 n +0000253864 00000 n +0000253927 00000 n +0000253991 00000 n +0000254054 00000 n +0000254118 00000 n +0000254182 00000 n +0000254245 00000 n +0000254309 00000 n +0000254372 00000 n +0000254436 00000 n +0000254499 00000 n +0000254563 00000 n +0000254626 00000 n +0000254690 00000 n +0000254753 00000 n +0000254817 00000 n +0000255005 00000 n +0000255193 00000 n +0000255256 00000 n +0000258650 00000 n +0000256444 00000 n +0000255431 00000 n +0000256568 00000 n +0000256631 00000 n +0000256693 00000 n +0000256756 00000 n +0000256820 00000 n +0000256883 00000 n +0000256946 00000 n +0000257010 00000 n +0000257073 00000 n +0000257136 00000 n +0000257198 00000 n +0000257262 00000 n +0000257325 00000 n +0000257388 00000 n +0000257451 00000 n +0000257515 00000 n +0000257579 00000 n +0000257641 00000 n +0000257704 00000 n +0000257767 00000 n +0000257829 00000 n +0000257892 00000 n +0000257955 00000 n +0000258018 00000 n +0000258081 00000 n +0000258144 00000 n +0000258207 00000 n +0000258270 00000 n +0000258334 00000 n +0000258397 00000 n +0000258460 00000 n +0000258523 00000 n +0000258586 00000 n +0000260315 00000 n +0000265303 00000 n +0000262743 00000 n +0000260170 00000 n +0000258750 00000 n +0000260467 00000 n +0000260530 00000 n +0000260593 00000 n +0000260656 00000 n +0000260720 00000 n +0000260783 00000 n +0000260847 00000 n +0000260910 00000 n +0000260973 00000 n +0000261037 00000 n +0000261100 00000 n +0000261163 00000 n +0000261226 00000 n +0000261289 00000 n +0000261352 00000 n +0000261416 00000 n +0000261480 00000 n +0000261543 00000 n +0000261606 00000 n +0000261669 00000 n +0000261733 00000 n +0000261797 00000 n +0000261861 00000 n +0000261925 00000 n +0000261989 00000 n +0000262050 00000 n +0000262111 00000 n +0000262237 00000 n +0000262300 00000 n +0000262363 00000 n +0000262426 00000 n +0000262490 00000 n +0000262553 00000 n +0000262616 00000 n +0000262679 00000 n +0000284062 00000 n +0000268242 00000 n +0000265158 00000 n +0000262897 00000 n +0000265455 00000 n +0000265518 00000 n +0000265581 00000 n +0000265643 00000 n +0000265706 00000 n +0000265769 00000 n +0000265832 00000 n +0000265896 00000 n +0000266019 00000 n +0000266082 00000 n +0000266145 00000 n +0000266209 00000 n +0000266272 00000 n +0000266336 00000 n +0000266400 00000 n +0000266463 00000 n +0000266527 00000 n +0000266591 00000 n +0000266654 00000 n +0000266718 00000 n +0000266781 00000 n +0000266845 00000 n +0000266908 00000 n +0000266970 00000 n +0000267033 00000 n +0000267097 00000 n +0000267161 00000 n +0000267224 00000 n +0000267287 00000 n +0000267351 00000 n +0000267415 00000 n +0000267477 00000 n +0000267541 00000 n +0000267604 00000 n +0000267668 00000 n +0000267731 00000 n +0000267795 00000 n +0000267859 00000 n +0000267923 00000 n +0000267987 00000 n +0000268051 00000 n +0000268115 00000 n +0000268179 00000 n +0000278435 00000 n +0000271369 00000 n +0000269923 00000 n +0000268410 00000 n +0000270047 00000 n +0000270110 00000 n +0000270172 00000 n +0000270236 00000 n +0000270298 00000 n +0000270360 00000 n +0000270423 00000 n +0000270486 00000 n +0000270549 00000 n +0000270612 00000 n +0000270675 00000 n +0000270738 00000 n +0000270800 00000 n +0000270863 00000 n +0000270989 00000 n +0000271051 00000 n +0000271115 00000 n +0000271179 00000 n +0000271243 00000 n +0000271306 00000 n +0000853463 00000 n +0000273695 00000 n +0000277999 00000 n +0000275745 00000 n +0000273550 00000 n +0000271509 00000 n +0000273852 00000 n +0000273915 00000 n +0000273977 00000 n +0000274040 00000 n +0000274104 00000 n +0000274168 00000 n +0000274231 00000 n +0000274293 00000 n +0000274356 00000 n +0000274419 00000 n +0000274482 00000 n +0000274545 00000 n +0000274608 00000 n +0000274670 00000 n +0000274733 00000 n +0000274796 00000 n +0000274985 00000 n +0000275048 00000 n +0000275111 00000 n +0000275174 00000 n +0000275237 00000 n +0000275299 00000 n +0000275362 00000 n +0000275426 00000 n +0000275490 00000 n +0000275554 00000 n +0000275617 00000 n +0000275681 00000 n +0000278155 00000 n +0000280397 00000 n +0000277845 00000 n +0000275872 00000 n +0000278308 00000 n +0000278371 00000 n +0000278561 00000 n +0000278624 00000 n +0000278687 00000 n +0000278750 00000 n +0000278813 00000 n +0000278877 00000 n +0000278940 00000 n +0000279003 00000 n +0000279067 00000 n +0000279130 00000 n +0000279192 00000 n +0000279256 00000 n +0000279320 00000 n +0000279384 00000 n +0000279448 00000 n +0000279511 00000 n +0000279574 00000 n +0000279700 00000 n +0000279763 00000 n +0000279827 00000 n +0000279891 00000 n +0000279954 00000 n +0000280018 00000 n +0000280082 00000 n +0000280145 00000 n +0000280208 00000 n +0000280334 00000 n +0000284378 00000 n +0000282480 00000 n +0000280537 00000 n +0000282604 00000 n +0000282667 00000 n +0000282731 00000 n +0000282795 00000 n +0000282859 00000 n +0000282923 00000 n +0000282986 00000 n +0000283049 00000 n +0000283112 00000 n +0000283238 00000 n +0000283301 00000 n +0000283364 00000 n +0000283428 00000 n +0000283492 00000 n +0000283555 00000 n +0000283619 00000 n +0000283683 00000 n +0000283745 00000 n +0000283808 00000 n +0000283872 00000 n +0000283935 00000 n +0000283998 00000 n +0000284188 00000 n +0000284251 00000 n +0000284314 00000 n +0000286732 00000 n +0000289360 00000 n +0000286587 00000 n +0000284532 00000 n +0000286888 00000 n +0000286951 00000 n +0000287013 00000 n +0000287076 00000 n +0000287139 00000 n +0000287203 00000 n +0000287267 00000 n +0000287331 00000 n +0000287395 00000 n +0000287459 00000 n +0000287522 00000 n +0000287586 00000 n +0000287648 00000 n +0000287711 00000 n +0000287775 00000 n +0000287838 00000 n +0000287901 00000 n +0000287965 00000 n +0000288028 00000 n +0000288092 00000 n +0000288156 00000 n +0000288219 00000 n +0000288282 00000 n +0000288346 00000 n +0000288410 00000 n +0000288474 00000 n +0000288537 00000 n +0000288600 00000 n +0000288664 00000 n +0000288727 00000 n +0000288791 00000 n +0000288855 00000 n +0000288919 00000 n +0000288982 00000 n +0000289108 00000 n +0000289171 00000 n +0000289234 00000 n +0000289297 00000 n +0000291426 00000 n +0000292904 00000 n +0000291281 00000 n +0000289514 00000 n +0000291578 00000 n +0000291641 00000 n +0000291704 00000 n +0000291768 00000 n +0000291831 00000 n +0000291957 00000 n +0000292019 00000 n +0000292208 00000 n +0000292271 00000 n +0000292335 00000 n +0000292399 00000 n +0000292462 00000 n +0000292525 00000 n +0000292588 00000 n +0000292651 00000 n +0000292714 00000 n +0000292778 00000 n +0000292841 00000 n +0000296192 00000 n +0000294427 00000 n +0000293031 00000 n +0000294551 00000 n +0000294739 00000 n +0000294802 00000 n +0000294866 00000 n +0000294929 00000 n +0000294992 00000 n +0000295056 00000 n +0000295118 00000 n +0000295181 00000 n +0000295244 00000 n +0000295308 00000 n +0000295371 00000 n +0000295435 00000 n +0000295499 00000 n +0000295563 00000 n +0000295626 00000 n +0000295689 00000 n +0000295813 00000 n +0000295876 00000 n +0000295939 00000 n +0000296002 00000 n +0000296065 00000 n +0000296129 00000 n +0000853588 00000 n +0000300145 00000 n +0000297676 00000 n +0000296346 00000 n +0000297800 00000 n +0000297863 00000 n +0000297926 00000 n +0000297990 00000 n +0000298053 00000 n +0000298116 00000 n +0000298179 00000 n +0000298242 00000 n +0000298305 00000 n +0000298368 00000 n +0000298431 00000 n +0000298494 00000 n +0000298558 00000 n +0000298621 00000 n +0000298685 00000 n +0000298748 00000 n +0000298812 00000 n +0000298875 00000 n +0000299065 00000 n +0000299128 00000 n +0000299191 00000 n +0000299254 00000 n +0000299317 00000 n +0000299381 00000 n +0000299444 00000 n +0000299508 00000 n +0000299572 00000 n +0000299636 00000 n +0000299700 00000 n +0000299764 00000 n +0000299828 00000 n +0000299891 00000 n +0000299955 00000 n +0000300018 00000 n +0000304032 00000 n +0000302139 00000 n +0000300285 00000 n +0000302263 00000 n +0000302326 00000 n +0000302451 00000 n +0000302514 00000 n +0000302578 00000 n +0000302641 00000 n +0000302703 00000 n +0000302766 00000 n +0000302829 00000 n +0000303019 00000 n +0000303082 00000 n +0000303145 00000 n +0000303208 00000 n +0000303271 00000 n +0000303334 00000 n +0000303397 00000 n +0000303460 00000 n +0000303523 00000 n +0000303585 00000 n +0000303649 00000 n +0000303713 00000 n +0000303777 00000 n +0000303840 00000 n +0000303904 00000 n +0000303968 00000 n +0000307637 00000 n +0000305925 00000 n +0000304200 00000 n +0000306049 00000 n +0000306112 00000 n +0000306175 00000 n +0000306239 00000 n +0000306303 00000 n +0000306367 00000 n +0000306431 00000 n +0000306495 00000 n +0000306620 00000 n +0000306683 00000 n +0000306747 00000 n +0000306811 00000 n +0000306875 00000 n +0000306939 00000 n +0000307003 00000 n +0000307066 00000 n +0000307130 00000 n +0000307194 00000 n +0000307258 00000 n +0000307322 00000 n +0000307386 00000 n +0000307448 00000 n +0000307510 00000 n +0000307574 00000 n +0000309558 00000 n +0000310601 00000 n +0000309413 00000 n +0000307791 00000 n +0000309713 00000 n +0000309776 00000 n +0000309840 00000 n +0000309904 00000 n +0000309968 00000 n +0000310032 00000 n +0000310096 00000 n +0000310160 00000 n +0000310224 00000 n +0000310350 00000 n +0000310411 00000 n +0000310475 00000 n +0000310538 00000 n +0000312800 00000 n +0000314352 00000 n +0000312655 00000 n +0000310756 00000 n +0000312961 00000 n +0000313150 00000 n +0000313213 00000 n +0000313276 00000 n +0000313340 00000 n +0000313402 00000 n +0000313465 00000 n +0000313528 00000 n +0000313592 00000 n +0000313655 00000 n +0000313718 00000 n +0000313781 00000 n +0000313845 00000 n +0000313909 00000 n +0000313973 00000 n +0000314036 00000 n +0000314098 00000 n +0000314162 00000 n +0000314226 00000 n +0000314289 00000 n +0000318576 00000 n +0000316639 00000 n +0000318892 00000 n +0000316494 00000 n +0000314506 00000 n +0000316796 00000 n +0000316859 00000 n +0000316923 00000 n +0000316987 00000 n +0000317051 00000 n +0000317115 00000 n +0000317179 00000 n +0000317243 00000 n +0000317306 00000 n +0000317369 00000 n +0000317432 00000 n +0000317495 00000 n +0000317559 00000 n +0000317622 00000 n +0000317686 00000 n +0000317750 00000 n +0000317814 00000 n +0000317878 00000 n +0000317941 00000 n +0000318005 00000 n +0000318067 00000 n +0000318131 00000 n +0000318195 00000 n +0000318258 00000 n +0000318321 00000 n +0000318385 00000 n +0000318449 00000 n +0000318512 00000 n +0000318702 00000 n +0000318765 00000 n +0000318829 00000 n +0000853713 00000 n +0000321566 00000 n +0000320619 00000 n +0000319047 00000 n +0000320743 00000 n +0000320806 00000 n +0000320931 00000 n +0000320994 00000 n +0000321058 00000 n +0000321121 00000 n +0000321184 00000 n +0000321248 00000 n +0000321312 00000 n +0000321376 00000 n +0000321439 00000 n +0000321503 00000 n +0000324899 00000 n +0000323005 00000 n +0000321679 00000 n +0000323129 00000 n +0000323255 00000 n +0000323318 00000 n +0000323381 00000 n +0000323444 00000 n +0000323507 00000 n +0000323571 00000 n +0000323633 00000 n +0000323696 00000 n +0000323759 00000 n +0000323823 00000 n +0000323886 00000 n +0000323949 00000 n +0000324012 00000 n +0000324075 00000 n +0000324139 00000 n +0000324203 00000 n +0000324266 00000 n +0000324329 00000 n +0000324392 00000 n +0000324455 00000 n +0000324519 00000 n +0000324583 00000 n +0000324647 00000 n +0000324710 00000 n +0000324836 00000 n +0000326813 00000 n +0000328042 00000 n +0000326668 00000 n +0000325012 00000 n +0000326970 00000 n +0000327033 00000 n +0000327097 00000 n +0000327159 00000 n +0000327222 00000 n +0000327285 00000 n +0000327474 00000 n +0000327537 00000 n +0000327600 00000 n +0000327663 00000 n +0000327726 00000 n +0000327789 00000 n +0000327853 00000 n +0000327916 00000 n +0000327980 00000 n +0000330100 00000 n +0000329219 00000 n +0000328182 00000 n +0000329343 00000 n +0000329532 00000 n +0000329595 00000 n +0000329658 00000 n +0000329721 00000 n +0000329784 00000 n +0000329847 00000 n +0000329911 00000 n +0000329974 00000 n +0000332162 00000 n +0000331344 00000 n +0000330226 00000 n +0000331468 00000 n +0000331594 00000 n +0000331657 00000 n +0000331720 00000 n +0000331783 00000 n +0000331846 00000 n +0000331909 00000 n +0000331973 00000 n +0000332036 00000 n +0000335575 00000 n +0000333743 00000 n +0000332288 00000 n +0000333867 00000 n +0000333993 00000 n +0000334056 00000 n +0000334119 00000 n +0000334182 00000 n +0000334245 00000 n +0000334309 00000 n +0000334372 00000 n +0000334436 00000 n +0000334500 00000 n +0000334563 00000 n +0000334627 00000 n +0000334690 00000 n +0000334753 00000 n +0000334817 00000 n +0000334880 00000 n +0000334943 00000 n +0000335007 00000 n +0000335070 00000 n +0000335133 00000 n +0000335197 00000 n +0000335259 00000 n +0000335323 00000 n +0000335387 00000 n +0000335512 00000 n +0000853838 00000 n +0000338754 00000 n +0000337304 00000 n +0000335729 00000 n +0000337428 00000 n +0000337617 00000 n +0000337680 00000 n +0000337743 00000 n +0000337806 00000 n +0000337869 00000 n +0000337933 00000 n +0000337996 00000 n +0000338059 00000 n +0000338122 00000 n +0000338186 00000 n +0000338250 00000 n +0000338314 00000 n +0000338378 00000 n +0000338441 00000 n +0000338503 00000 n +0000338567 00000 n +0000338631 00000 n +0000338692 00000 n +0000342421 00000 n +0000340521 00000 n +0000338880 00000 n +0000340645 00000 n +0000340771 00000 n +0000340834 00000 n +0000340898 00000 n +0000340962 00000 n +0000341025 00000 n +0000341088 00000 n +0000341151 00000 n +0000341215 00000 n +0000341279 00000 n +0000341343 00000 n +0000341407 00000 n +0000341470 00000 n +0000341534 00000 n +0000341598 00000 n +0000341661 00000 n +0000341724 00000 n +0000341788 00000 n +0000341852 00000 n +0000341915 00000 n +0000341979 00000 n +0000342043 00000 n +0000342106 00000 n +0000342169 00000 n +0000342233 00000 n +0000342358 00000 n +0000344708 00000 n +0000343891 00000 n +0000342575 00000 n +0000344015 00000 n +0000344078 00000 n +0000344266 00000 n +0000344329 00000 n +0000344392 00000 n +0000344455 00000 n +0000344518 00000 n +0000344581 00000 n +0000344644 00000 n +0000348470 00000 n +0000346763 00000 n +0000344848 00000 n +0000346887 00000 n +0000346950 00000 n +0000347012 00000 n +0000347076 00000 n +0000347140 00000 n +0000347203 00000 n +0000347267 00000 n +0000347330 00000 n +0000347394 00000 n +0000347457 00000 n +0000347521 00000 n +0000347584 00000 n +0000347648 00000 n +0000347710 00000 n +0000347774 00000 n +0000347837 00000 n +0000347901 00000 n +0000347964 00000 n +0000348028 00000 n +0000348091 00000 n +0000348154 00000 n +0000348216 00000 n +0000348279 00000 n +0000348343 00000 n +0000348407 00000 n +0000352771 00000 n +0000350489 00000 n +0000348611 00000 n +0000350613 00000 n +0000350739 00000 n +0000350802 00000 n +0000350865 00000 n +0000350929 00000 n +0000350992 00000 n +0000351055 00000 n +0000351119 00000 n +0000351183 00000 n +0000351247 00000 n +0000351311 00000 n +0000351375 00000 n +0000351438 00000 n +0000351501 00000 n +0000351565 00000 n +0000351628 00000 n +0000351691 00000 n +0000351755 00000 n +0000351819 00000 n +0000351883 00000 n +0000351947 00000 n +0000352011 00000 n +0000352074 00000 n +0000352137 00000 n +0000352201 00000 n +0000352264 00000 n +0000352327 00000 n +0000352391 00000 n +0000352454 00000 n +0000352517 00000 n +0000352581 00000 n +0000352644 00000 n +0000352707 00000 n +0000356238 00000 n +0000354471 00000 n +0000352925 00000 n +0000354595 00000 n +0000354658 00000 n +0000354721 00000 n +0000354784 00000 n +0000354848 00000 n +0000354912 00000 n +0000354976 00000 n +0000355040 00000 n +0000355104 00000 n +0000355168 00000 n +0000355231 00000 n +0000355294 00000 n +0000355358 00000 n +0000355421 00000 n +0000355484 00000 n +0000355545 00000 n +0000355606 00000 n +0000355670 00000 n +0000355733 00000 n +0000355796 00000 n +0000355859 00000 n +0000355922 00000 n +0000355986 00000 n +0000356050 00000 n +0000356175 00000 n +0000853963 00000 n +0000357568 00000 n +0000357318 00000 n +0000356378 00000 n +0000357442 00000 n +0000361532 00000 n +0000359511 00000 n +0000357655 00000 n +0000359635 00000 n +0000359698 00000 n +0000359823 00000 n +0000359886 00000 n +0000359949 00000 n +0000360012 00000 n +0000360075 00000 n +0000360139 00000 n +0000360202 00000 n +0000360265 00000 n +0000360329 00000 n +0000360519 00000 n +0000360582 00000 n +0000360645 00000 n +0000360708 00000 n +0000360770 00000 n +0000360832 00000 n +0000360895 00000 n +0000360959 00000 n +0000361023 00000 n +0000361086 00000 n +0000361149 00000 n +0000361213 00000 n +0000361277 00000 n +0000361341 00000 n +0000361404 00000 n +0000361468 00000 n +0000365081 00000 n +0000363438 00000 n +0000361672 00000 n +0000363562 00000 n +0000363625 00000 n +0000363688 00000 n +0000363752 00000 n +0000363815 00000 n +0000364003 00000 n +0000364066 00000 n +0000364129 00000 n +0000364193 00000 n +0000364257 00000 n +0000364321 00000 n +0000364385 00000 n +0000364448 00000 n +0000364511 00000 n +0000364575 00000 n +0000364637 00000 n +0000364700 00000 n +0000364764 00000 n +0000364828 00000 n +0000364891 00000 n +0000364954 00000 n +0000365018 00000 n +0000368034 00000 n +0000366654 00000 n +0000365235 00000 n +0000366778 00000 n +0000366841 00000 n +0000366905 00000 n +0000366969 00000 n +0000367032 00000 n +0000367096 00000 n +0000367159 00000 n +0000367222 00000 n +0000367283 00000 n +0000367345 00000 n +0000367407 00000 n +0000367469 00000 n +0000367531 00000 n +0000367655 00000 n +0000367718 00000 n +0000367844 00000 n +0000367907 00000 n +0000367971 00000 n +0000368656 00000 n +0000368469 00000 n +0000368175 00000 n +0000368593 00000 n +0000370913 00000 n +0000373284 00000 n +0000370768 00000 n +0000368743 00000 n +0000371065 00000 n +0000371254 00000 n +0000371317 00000 n +0000371380 00000 n +0000371443 00000 n +0000371507 00000 n +0000371571 00000 n +0000371635 00000 n +0000371698 00000 n +0000371762 00000 n +0000371825 00000 n +0000371889 00000 n +0000371953 00000 n +0000372017 00000 n +0000372081 00000 n +0000372270 00000 n +0000372333 00000 n +0000372396 00000 n +0000372460 00000 n +0000372524 00000 n +0000372588 00000 n +0000372651 00000 n +0000372715 00000 n +0000372779 00000 n +0000372843 00000 n +0000372906 00000 n +0000372969 00000 n +0000373032 00000 n +0000373095 00000 n +0000373159 00000 n +0000373222 00000 n +0000854088 00000 n +0000378093 00000 n +0000375177 00000 n +0000373424 00000 n +0000375301 00000 n +0000375364 00000 n +0000375427 00000 n +0000375491 00000 n +0000375554 00000 n +0000375618 00000 n +0000375681 00000 n +0000375745 00000 n +0000375808 00000 n +0000375872 00000 n +0000375935 00000 n +0000376124 00000 n +0000376187 00000 n +0000376251 00000 n +0000376315 00000 n +0000376379 00000 n +0000376442 00000 n +0000376506 00000 n +0000376569 00000 n +0000376632 00000 n +0000376694 00000 n +0000376758 00000 n +0000376822 00000 n +0000376886 00000 n +0000376950 00000 n +0000377014 00000 n +0000377076 00000 n +0000377140 00000 n +0000377204 00000 n +0000377267 00000 n +0000377329 00000 n +0000377393 00000 n +0000377456 00000 n +0000377519 00000 n +0000377583 00000 n +0000377647 00000 n +0000377710 00000 n +0000377773 00000 n +0000377837 00000 n +0000377901 00000 n +0000377965 00000 n +0000378029 00000 n +0000382641 00000 n +0000380045 00000 n +0000378233 00000 n +0000380169 00000 n +0000380232 00000 n +0000380295 00000 n +0000380358 00000 n +0000380422 00000 n +0000380485 00000 n +0000380548 00000 n +0000380611 00000 n +0000380674 00000 n +0000380737 00000 n +0000380801 00000 n +0000380864 00000 n +0000380926 00000 n +0000380989 00000 n +0000381053 00000 n +0000381117 00000 n +0000381307 00000 n +0000381370 00000 n +0000381434 00000 n +0000381498 00000 n +0000381561 00000 n +0000381624 00000 n +0000381687 00000 n +0000381750 00000 n +0000381813 00000 n +0000381877 00000 n +0000381941 00000 n +0000382004 00000 n +0000382068 00000 n +0000382131 00000 n +0000382194 00000 n +0000382258 00000 n +0000382322 00000 n +0000382386 00000 n +0000382450 00000 n +0000382514 00000 n +0000382578 00000 n +0000384683 00000 n +0000387497 00000 n +0000384538 00000 n +0000382781 00000 n +0000384835 00000 n +0000384898 00000 n +0000384961 00000 n +0000385025 00000 n +0000385088 00000 n +0000385151 00000 n +0000385215 00000 n +0000385278 00000 n +0000385342 00000 n +0000385405 00000 n +0000385468 00000 n +0000385532 00000 n +0000385595 00000 n +0000385658 00000 n +0000385721 00000 n +0000385785 00000 n +0000385849 00000 n +0000385913 00000 n +0000385977 00000 n +0000386041 00000 n +0000386104 00000 n +0000386168 00000 n +0000386231 00000 n +0000386295 00000 n +0000386358 00000 n +0000386421 00000 n +0000386484 00000 n +0000386548 00000 n +0000386611 00000 n +0000386675 00000 n +0000386738 00000 n +0000386802 00000 n +0000386865 00000 n +0000386928 00000 n +0000386991 00000 n +0000387055 00000 n +0000387117 00000 n +0000387307 00000 n +0000387370 00000 n +0000387434 00000 n +0000390637 00000 n +0000389186 00000 n +0000387637 00000 n +0000389310 00000 n +0000389373 00000 n +0000389436 00000 n +0000389499 00000 n +0000389688 00000 n +0000389751 00000 n +0000389815 00000 n +0000389879 00000 n +0000389942 00000 n +0000390005 00000 n +0000390069 00000 n +0000390133 00000 n +0000390195 00000 n +0000390258 00000 n +0000390322 00000 n +0000390447 00000 n +0000390510 00000 n +0000390574 00000 n +0000392982 00000 n +0000395608 00000 n +0000392837 00000 n +0000390791 00000 n +0000393133 00000 n +0000393196 00000 n +0000393259 00000 n +0000393321 00000 n +0000393385 00000 n +0000393448 00000 n +0000393512 00000 n +0000393576 00000 n +0000393639 00000 n +0000393702 00000 n +0000393766 00000 n +0000393829 00000 n +0000393892 00000 n +0000393956 00000 n +0000394019 00000 n +0000394082 00000 n +0000394145 00000 n +0000394209 00000 n +0000394273 00000 n +0000394336 00000 n +0000394400 00000 n +0000394464 00000 n +0000394590 00000 n +0000394653 00000 n +0000394717 00000 n +0000394780 00000 n +0000394843 00000 n +0000394907 00000 n +0000394971 00000 n +0000395035 00000 n +0000395098 00000 n +0000395162 00000 n +0000395225 00000 n +0000395289 00000 n +0000395353 00000 n +0000395417 00000 n +0000395481 00000 n +0000395545 00000 n +0000397805 00000 n +0000400132 00000 n +0000397651 00000 n +0000395762 00000 n +0000398106 00000 n +0000398169 00000 n +0000398232 00000 n +0000398296 00000 n +0000397956 00000 n +0000398359 00000 n +0000398422 00000 n +0000398486 00000 n +0000398549 00000 n +0000398612 00000 n +0000398675 00000 n +0000398738 00000 n +0000398801 00000 n +0000398864 00000 n +0000398928 00000 n +0000399117 00000 n +0000399180 00000 n +0000399243 00000 n +0000399306 00000 n +0000399370 00000 n +0000399434 00000 n +0000399496 00000 n +0000399560 00000 n +0000399624 00000 n +0000399687 00000 n +0000399751 00000 n +0000399815 00000 n +0000400005 00000 n +0000400068 00000 n +0000854213 00000 n +0000404137 00000 n +0000401486 00000 n +0000400286 00000 n +0000401610 00000 n +0000401673 00000 n +0000401735 00000 n +0000401798 00000 n +0000401987 00000 n +0000402050 00000 n +0000402113 00000 n +0000402177 00000 n +0000402241 00000 n +0000402304 00000 n +0000402367 00000 n +0000402430 00000 n +0000402493 00000 n +0000402556 00000 n +0000402620 00000 n +0000402683 00000 n +0000402746 00000 n +0000402810 00000 n +0000402873 00000 n +0000402935 00000 n +0000402999 00000 n +0000403062 00000 n +0000403125 00000 n +0000403188 00000 n +0000403250 00000 n +0000403313 00000 n +0000403377 00000 n +0000403440 00000 n +0000403503 00000 n +0000403567 00000 n +0000403630 00000 n +0000403693 00000 n +0000403757 00000 n +0000403820 00000 n +0000403883 00000 n +0000403947 00000 n +0000404010 00000 n +0000404073 00000 n +0000406331 00000 n +0000408376 00000 n +0000406186 00000 n +0000404263 00000 n +0000406481 00000 n +0000406544 00000 n +0000406606 00000 n +0000406669 00000 n +0000406732 00000 n +0000406796 00000 n +0000406859 00000 n +0000406923 00000 n +0000406987 00000 n +0000407051 00000 n +0000407115 00000 n +0000407177 00000 n +0000407239 00000 n +0000407302 00000 n +0000407365 00000 n +0000407428 00000 n +0000407491 00000 n +0000407554 00000 n +0000407617 00000 n +0000407680 00000 n +0000407743 00000 n +0000407806 00000 n +0000407995 00000 n +0000408058 00000 n +0000408122 00000 n +0000408185 00000 n +0000408248 00000 n +0000408312 00000 n +0000413750 00000 n +0000410266 00000 n +0000408531 00000 n +0000410390 00000 n +0000410453 00000 n +0000410515 00000 n +0000410578 00000 n +0000410640 00000 n +0000410703 00000 n +0000410766 00000 n +0000410830 00000 n +0000410894 00000 n +0000410957 00000 n +0000411020 00000 n +0000411083 00000 n +0000411147 00000 n +0000411210 00000 n +0000411274 00000 n +0000411337 00000 n +0000411401 00000 n +0000411464 00000 n +0000411527 00000 n +0000411591 00000 n +0000411655 00000 n +0000411718 00000 n +0000411782 00000 n +0000411846 00000 n +0000411909 00000 n +0000411973 00000 n +0000412035 00000 n +0000412099 00000 n +0000412163 00000 n +0000412226 00000 n +0000412290 00000 n +0000412354 00000 n +0000412417 00000 n +0000412481 00000 n +0000412545 00000 n +0000412608 00000 n +0000412671 00000 n +0000412734 00000 n +0000412798 00000 n +0000412862 00000 n +0000412925 00000 n +0000412988 00000 n +0000413052 00000 n +0000413116 00000 n +0000413180 00000 n +0000413244 00000 n +0000413308 00000 n +0000413372 00000 n +0000413435 00000 n +0000413498 00000 n +0000413561 00000 n +0000413623 00000 n +0000413687 00000 n +0000417912 00000 n +0000415572 00000 n +0000413905 00000 n +0000415696 00000 n +0000415759 00000 n +0000415822 00000 n +0000415886 00000 n +0000415950 00000 n +0000416014 00000 n +0000416078 00000 n +0000416141 00000 n +0000416203 00000 n +0000416393 00000 n +0000416456 00000 n +0000416520 00000 n +0000416584 00000 n +0000416646 00000 n +0000416708 00000 n +0000416771 00000 n +0000416833 00000 n +0000416897 00000 n +0000416961 00000 n +0000417024 00000 n +0000417087 00000 n +0000417151 00000 n +0000417215 00000 n +0000417279 00000 n +0000417343 00000 n +0000417533 00000 n +0000417596 00000 n +0000417659 00000 n +0000417722 00000 n +0000417786 00000 n +0000417849 00000 n +0000421801 00000 n +0000419904 00000 n +0000418094 00000 n +0000420028 00000 n +0000420154 00000 n +0000420217 00000 n +0000420281 00000 n +0000420344 00000 n +0000420408 00000 n +0000420472 00000 n +0000420533 00000 n +0000420597 00000 n +0000420661 00000 n +0000420787 00000 n +0000420850 00000 n +0000420914 00000 n +0000420978 00000 n +0000421042 00000 n +0000421106 00000 n +0000421168 00000 n +0000421231 00000 n +0000421293 00000 n +0000421357 00000 n +0000421421 00000 n +0000421484 00000 n +0000421548 00000 n +0000421612 00000 n +0000421675 00000 n +0000424032 00000 n +0000426782 00000 n +0000423887 00000 n +0000421955 00000 n +0000424185 00000 n +0000424310 00000 n +0000424373 00000 n +0000424436 00000 n +0000424499 00000 n +0000424562 00000 n +0000424626 00000 n +0000424690 00000 n +0000424753 00000 n +0000424817 00000 n +0000424881 00000 n +0000424945 00000 n +0000425009 00000 n +0000425073 00000 n +0000425262 00000 n +0000425325 00000 n +0000425389 00000 n +0000425579 00000 n +0000425642 00000 n +0000425703 00000 n +0000425767 00000 n +0000425830 00000 n +0000425894 00000 n +0000425958 00000 n +0000426022 00000 n +0000426085 00000 n +0000426148 00000 n +0000426211 00000 n +0000426274 00000 n +0000426338 00000 n +0000426402 00000 n +0000426466 00000 n +0000426529 00000 n +0000426592 00000 n +0000426655 00000 n +0000426719 00000 n +0000854338 00000 n +0000429357 00000 n +0000428216 00000 n +0000426908 00000 n +0000428340 00000 n +0000428403 00000 n +0000428467 00000 n +0000428530 00000 n +0000428594 00000 n +0000428657 00000 n +0000428720 00000 n +0000428784 00000 n +0000428848 00000 n +0000428911 00000 n +0000428974 00000 n +0000429038 00000 n +0000429102 00000 n +0000429166 00000 n +0000429229 00000 n +0000429293 00000 n +0000431220 00000 n +0000431370 00000 n +0000433554 00000 n +0000431066 00000 n +0000429497 00000 n +0000431530 00000 n +0000431719 00000 n +0000431782 00000 n +0000431971 00000 n +0000432034 00000 n +0000432224 00000 n +0000432287 00000 n +0000432350 00000 n +0000432412 00000 n +0000432476 00000 n +0000432539 00000 n +0000432602 00000 n +0000432666 00000 n +0000432730 00000 n +0000432794 00000 n +0000432858 00000 n +0000432921 00000 n +0000433110 00000 n +0000433173 00000 n +0000433236 00000 n +0000433300 00000 n +0000433362 00000 n +0000433426 00000 n +0000433490 00000 n +0000435648 00000 n +0000439421 00000 n +0000435503 00000 n +0000433694 00000 n +0000435801 00000 n +0000435864 00000 n +0000435926 00000 n +0000435989 00000 n +0000436053 00000 n +0000436117 00000 n +0000436181 00000 n +0000436244 00000 n +0000436307 00000 n +0000436370 00000 n +0000436434 00000 n +0000436496 00000 n +0000436560 00000 n +0000436624 00000 n +0000436688 00000 n +0000436750 00000 n +0000436812 00000 n +0000436875 00000 n +0000436939 00000 n +0000437003 00000 n +0000437067 00000 n +0000437130 00000 n +0000437193 00000 n +0000437256 00000 n +0000437319 00000 n +0000437382 00000 n +0000437446 00000 n +0000437509 00000 n +0000437573 00000 n +0000437637 00000 n +0000437701 00000 n +0000437765 00000 n +0000437829 00000 n +0000437893 00000 n +0000437957 00000 n +0000438021 00000 n +0000438085 00000 n +0000438149 00000 n +0000438213 00000 n +0000438276 00000 n +0000438340 00000 n +0000438403 00000 n +0000438467 00000 n +0000438531 00000 n +0000438595 00000 n +0000438658 00000 n +0000438722 00000 n +0000438785 00000 n +0000438848 00000 n +0000438912 00000 n +0000438975 00000 n +0000439038 00000 n +0000439102 00000 n +0000439166 00000 n +0000439230 00000 n +0000439294 00000 n +0000439358 00000 n +0000442244 00000 n +0000441043 00000 n +0000439534 00000 n +0000441167 00000 n +0000441230 00000 n +0000441294 00000 n +0000441357 00000 n +0000441420 00000 n +0000441484 00000 n +0000441547 00000 n +0000441610 00000 n +0000441674 00000 n +0000441738 00000 n +0000441802 00000 n +0000441866 00000 n +0000441929 00000 n +0000442055 00000 n +0000442118 00000 n +0000442181 00000 n +0000442827 00000 n +0000442640 00000 n +0000442384 00000 n +0000442764 00000 n +0000445061 00000 n +0000445216 00000 n +0000445373 00000 n +0000445527 00000 n +0000448664 00000 n +0000444889 00000 n +0000442914 00000 n +0000445685 00000 n +0000445872 00000 n +0000445935 00000 n +0000445999 00000 n +0000446063 00000 n +0000446126 00000 n +0000446189 00000 n +0000446253 00000 n +0000446316 00000 n +0000446380 00000 n +0000446444 00000 n +0000446508 00000 n +0000446571 00000 n +0000446634 00000 n +0000446697 00000 n +0000446760 00000 n +0000446823 00000 n +0000446887 00000 n +0000446951 00000 n +0000447015 00000 n +0000447078 00000 n +0000447142 00000 n +0000447204 00000 n +0000447268 00000 n +0000447332 00000 n +0000447396 00000 n +0000447459 00000 n +0000447523 00000 n +0000447587 00000 n +0000447651 00000 n +0000447715 00000 n +0000447778 00000 n +0000447840 00000 n +0000447904 00000 n +0000447966 00000 n +0000448030 00000 n +0000448094 00000 n +0000448158 00000 n +0000448221 00000 n +0000448284 00000 n +0000448347 00000 n +0000448410 00000 n +0000448474 00000 n +0000448538 00000 n +0000448602 00000 n +0000854463 00000 n +0000454099 00000 n +0000450808 00000 n +0000448832 00000 n +0000450932 00000 n +0000450995 00000 n +0000451058 00000 n +0000451121 00000 n +0000451185 00000 n +0000451249 00000 n +0000451312 00000 n +0000451375 00000 n +0000451438 00000 n +0000451501 00000 n +0000451565 00000 n +0000451629 00000 n +0000451692 00000 n +0000451755 00000 n +0000451819 00000 n +0000451882 00000 n +0000451946 00000 n +0000452010 00000 n +0000452074 00000 n +0000452137 00000 n +0000452201 00000 n +0000452264 00000 n +0000452327 00000 n +0000452390 00000 n +0000452453 00000 n +0000452517 00000 n +0000452581 00000 n +0000452644 00000 n +0000452707 00000 n +0000452771 00000 n +0000452834 00000 n +0000452897 00000 n +0000452961 00000 n +0000453024 00000 n +0000453087 00000 n +0000453151 00000 n +0000453214 00000 n +0000453277 00000 n +0000453340 00000 n +0000453404 00000 n +0000453467 00000 n +0000453531 00000 n +0000453594 00000 n +0000453658 00000 n +0000453720 00000 n +0000453784 00000 n +0000453847 00000 n +0000453911 00000 n +0000453973 00000 n +0000454035 00000 n +0000456469 00000 n +0000455650 00000 n +0000454267 00000 n +0000455774 00000 n +0000455837 00000 n +0000456026 00000 n +0000456089 00000 n +0000456152 00000 n +0000456215 00000 n +0000456279 00000 n +0000456342 00000 n +0000456405 00000 n +0000457174 00000 n +0000456987 00000 n +0000456609 00000 n +0000457111 00000 n +0000462063 00000 n +0000459146 00000 n +0000457261 00000 n +0000459270 00000 n +0000459459 00000 n +0000459522 00000 n +0000459586 00000 n +0000459776 00000 n +0000459839 00000 n +0000459902 00000 n +0000459965 00000 n +0000460028 00000 n +0000460092 00000 n +0000460155 00000 n +0000460218 00000 n +0000460281 00000 n +0000460345 00000 n +0000460409 00000 n +0000460473 00000 n +0000460536 00000 n +0000460600 00000 n +0000460664 00000 n +0000460728 00000 n +0000460791 00000 n +0000460854 00000 n +0000460918 00000 n +0000460982 00000 n +0000461046 00000 n +0000461110 00000 n +0000461173 00000 n +0000461236 00000 n +0000461300 00000 n +0000461364 00000 n +0000461428 00000 n +0000461492 00000 n +0000461555 00000 n +0000461618 00000 n +0000461682 00000 n +0000461745 00000 n +0000461809 00000 n +0000461872 00000 n +0000461935 00000 n +0000461999 00000 n +0000467187 00000 n +0000464459 00000 n +0000462203 00000 n +0000464583 00000 n +0000464646 00000 n +0000464709 00000 n +0000464772 00000 n +0000464836 00000 n +0000464900 00000 n +0000464963 00000 n +0000465026 00000 n +0000465090 00000 n +0000465152 00000 n +0000465214 00000 n +0000465278 00000 n +0000465342 00000 n +0000465405 00000 n +0000465469 00000 n +0000465533 00000 n +0000465597 00000 n +0000465661 00000 n +0000465725 00000 n +0000465789 00000 n +0000465853 00000 n +0000465915 00000 n +0000465978 00000 n +0000466042 00000 n +0000466106 00000 n +0000466170 00000 n +0000466296 00000 n +0000466359 00000 n +0000466422 00000 n +0000466485 00000 n +0000466549 00000 n +0000466613 00000 n +0000466677 00000 n +0000466740 00000 n +0000466804 00000 n +0000466868 00000 n +0000466932 00000 n +0000466996 00000 n +0000467060 00000 n +0000467124 00000 n +0000472347 00000 n +0000469482 00000 n +0000467355 00000 n +0000469606 00000 n +0000469669 00000 n +0000469731 00000 n +0000469794 00000 n +0000469858 00000 n +0000469922 00000 n +0000469986 00000 n +0000470049 00000 n +0000470113 00000 n +0000470176 00000 n +0000470240 00000 n +0000470304 00000 n +0000470368 00000 n +0000470432 00000 n +0000470496 00000 n +0000470560 00000 n +0000470624 00000 n +0000470688 00000 n +0000470752 00000 n +0000470816 00000 n +0000470880 00000 n +0000470944 00000 n +0000471008 00000 n +0000471072 00000 n +0000471135 00000 n +0000471199 00000 n +0000471263 00000 n +0000471327 00000 n +0000471391 00000 n +0000471455 00000 n +0000471519 00000 n +0000471582 00000 n +0000471646 00000 n +0000471710 00000 n +0000471774 00000 n +0000471837 00000 n +0000471901 00000 n +0000471965 00000 n +0000472028 00000 n +0000472092 00000 n +0000472156 00000 n +0000472220 00000 n +0000472284 00000 n +0000854588 00000 n +0000476169 00000 n +0000474588 00000 n +0000472515 00000 n +0000474712 00000 n +0000474775 00000 n +0000474839 00000 n +0000474903 00000 n +0000474967 00000 n +0000475030 00000 n +0000475093 00000 n +0000475157 00000 n +0000475220 00000 n +0000475283 00000 n +0000475472 00000 n +0000475535 00000 n +0000475599 00000 n +0000475663 00000 n +0000475726 00000 n +0000475789 00000 n +0000475852 00000 n +0000475916 00000 n +0000475980 00000 n +0000476043 00000 n +0000476106 00000 n +0000477350 00000 n +0000476909 00000 n +0000476323 00000 n +0000477033 00000 n +0000477096 00000 n +0000477159 00000 n +0000477223 00000 n +0000477287 00000 n +0000479441 00000 n +0000481556 00000 n +0000479296 00000 n +0000477450 00000 n +0000479599 00000 n +0000479914 00000 n +0000479977 00000 n +0000480040 00000 n +0000480104 00000 n +0000480167 00000 n +0000480230 00000 n +0000480294 00000 n +0000480358 00000 n +0000480422 00000 n +0000480486 00000 n +0000480549 00000 n +0000480612 00000 n +0000480674 00000 n +0000480738 00000 n +0000480800 00000 n +0000480863 00000 n +0000480926 00000 n +0000480989 00000 n +0000481052 00000 n +0000481115 00000 n +0000481178 00000 n +0000481242 00000 n +0000481305 00000 n +0000481368 00000 n +0000481432 00000 n +0000481494 00000 n +0000488558 00000 n +0000486906 00000 n +0000483924 00000 n +0000481724 00000 n +0000484048 00000 n +0000484111 00000 n +0000484175 00000 n +0000484238 00000 n +0000484301 00000 n +0000484428 00000 n +0000484491 00000 n +0000484554 00000 n +0000484617 00000 n +0000484681 00000 n +0000484745 00000 n +0000484808 00000 n +0000484871 00000 n +0000484934 00000 n +0000484998 00000 n +0000485062 00000 n +0000485126 00000 n +0000485190 00000 n +0000485254 00000 n +0000485317 00000 n +0000485381 00000 n +0000485444 00000 n +0000485508 00000 n +0000485572 00000 n +0000485635 00000 n +0000485699 00000 n +0000485762 00000 n +0000485824 00000 n +0000485888 00000 n +0000485951 00000 n +0000486015 00000 n +0000486079 00000 n +0000486142 00000 n +0000486206 00000 n +0000486270 00000 n +0000486334 00000 n +0000486398 00000 n +0000486462 00000 n +0000486526 00000 n +0000486589 00000 n +0000486652 00000 n +0000486715 00000 n +0000486779 00000 n +0000486842 00000 n +0000489632 00000 n +0000488308 00000 n +0000487074 00000 n +0000488432 00000 n +0000488495 00000 n +0000488684 00000 n +0000488747 00000 n +0000488872 00000 n +0000488935 00000 n +0000488999 00000 n +0000489062 00000 n +0000489125 00000 n +0000489187 00000 n +0000489251 00000 n +0000489314 00000 n +0000489378 00000 n +0000489441 00000 n +0000489504 00000 n +0000489568 00000 n +0000495588 00000 n +0000493434 00000 n +0000491154 00000 n +0000489787 00000 n +0000491278 00000 n +0000491341 00000 n +0000491404 00000 n +0000491467 00000 n +0000491531 00000 n +0000491594 00000 n +0000491658 00000 n +0000491721 00000 n +0000491784 00000 n +0000491848 00000 n +0000491911 00000 n +0000491975 00000 n +0000492038 00000 n +0000492101 00000 n +0000492165 00000 n +0000492228 00000 n +0000492292 00000 n +0000492418 00000 n +0000492481 00000 n +0000492545 00000 n +0000492609 00000 n +0000492672 00000 n +0000492736 00000 n +0000492800 00000 n +0000492864 00000 n +0000492928 00000 n +0000493054 00000 n +0000493180 00000 n +0000493243 00000 n +0000493307 00000 n +0000493371 00000 n +0000854713 00000 n +0000498215 00000 n +0000495443 00000 n +0000493588 00000 n +0000495747 00000 n +0000495810 00000 n +0000495935 00000 n +0000495998 00000 n +0000496062 00000 n +0000496126 00000 n +0000496190 00000 n +0000496253 00000 n +0000496317 00000 n +0000496443 00000 n +0000496506 00000 n +0000496569 00000 n +0000496632 00000 n +0000496696 00000 n +0000496759 00000 n +0000496823 00000 n +0000496887 00000 n +0000497013 00000 n +0000497076 00000 n +0000497140 00000 n +0000497204 00000 n +0000497268 00000 n +0000497394 00000 n +0000497457 00000 n +0000497520 00000 n +0000497584 00000 n +0000497648 00000 n +0000497710 00000 n +0000497772 00000 n +0000497835 00000 n +0000497898 00000 n +0000497961 00000 n +0000498024 00000 n +0000498088 00000 n +0000498151 00000 n +0000503491 00000 n +0000500134 00000 n +0000498397 00000 n +0000500258 00000 n +0000500321 00000 n +0000500384 00000 n +0000500448 00000 n +0000500510 00000 n +0000500573 00000 n +0000500636 00000 n +0000500700 00000 n +0000500763 00000 n +0000500826 00000 n +0000500890 00000 n +0000500954 00000 n +0000501018 00000 n +0000501081 00000 n +0000501144 00000 n +0000501208 00000 n +0000501272 00000 n +0000501336 00000 n +0000501400 00000 n +0000501464 00000 n +0000501527 00000 n +0000501591 00000 n +0000501655 00000 n +0000501719 00000 n +0000501782 00000 n +0000501845 00000 n +0000501909 00000 n +0000501972 00000 n +0000502035 00000 n +0000502098 00000 n +0000502162 00000 n +0000502226 00000 n +0000502290 00000 n +0000502354 00000 n +0000502416 00000 n +0000502480 00000 n +0000502543 00000 n +0000502606 00000 n +0000502670 00000 n +0000502733 00000 n +0000502796 00000 n +0000502859 00000 n +0000502923 00000 n +0000502987 00000 n +0000503113 00000 n +0000503176 00000 n +0000503239 00000 n +0000503302 00000 n +0000503365 00000 n +0000503428 00000 n +0000507170 00000 n +0000505093 00000 n +0000503631 00000 n +0000505217 00000 n +0000505280 00000 n +0000505343 00000 n +0000505406 00000 n +0000505468 00000 n +0000505530 00000 n +0000505655 00000 n +0000505718 00000 n +0000505844 00000 n +0000505907 00000 n +0000505970 00000 n +0000506096 00000 n +0000506159 00000 n +0000506223 00000 n +0000506285 00000 n +0000506411 00000 n +0000506474 00000 n +0000506600 00000 n +0000506663 00000 n +0000506727 00000 n +0000506790 00000 n +0000506854 00000 n +0000506917 00000 n +0000506980 00000 n +0000507043 00000 n +0000507107 00000 n +0000511140 00000 n +0000509121 00000 n +0000507338 00000 n +0000509245 00000 n +0000509371 00000 n +0000509434 00000 n +0000509497 00000 n +0000509623 00000 n +0000509685 00000 n +0000509749 00000 n +0000509875 00000 n +0000509938 00000 n +0000510001 00000 n +0000510127 00000 n +0000510190 00000 n +0000510254 00000 n +0000510317 00000 n +0000510381 00000 n +0000510444 00000 n +0000510508 00000 n +0000510572 00000 n +0000510635 00000 n +0000510697 00000 n +0000510760 00000 n +0000510824 00000 n +0000510888 00000 n +0000511014 00000 n +0000511077 00000 n +0000515099 00000 n +0000513084 00000 n +0000511308 00000 n +0000513208 00000 n +0000513271 00000 n +0000513334 00000 n +0000513397 00000 n +0000513461 00000 n +0000513525 00000 n +0000513588 00000 n +0000513651 00000 n +0000513715 00000 n +0000513778 00000 n +0000513841 00000 n +0000513905 00000 n +0000513966 00000 n +0000514027 00000 n +0000514090 00000 n +0000514153 00000 n +0000514216 00000 n +0000514279 00000 n +0000514405 00000 n +0000514468 00000 n +0000514530 00000 n +0000514594 00000 n +0000514657 00000 n +0000514720 00000 n +0000514783 00000 n +0000514847 00000 n +0000514910 00000 n +0000514974 00000 n +0000515037 00000 n +0000519423 00000 n +0000517152 00000 n +0000515253 00000 n +0000517276 00000 n +0000517339 00000 n +0000517402 00000 n +0000517466 00000 n +0000517529 00000 n +0000517592 00000 n +0000517656 00000 n +0000517720 00000 n +0000517784 00000 n +0000517847 00000 n +0000517910 00000 n +0000517973 00000 n +0000518037 00000 n +0000518163 00000 n +0000518226 00000 n +0000518289 00000 n +0000518351 00000 n +0000518413 00000 n +0000518476 00000 n +0000518539 00000 n +0000518602 00000 n +0000518666 00000 n +0000518729 00000 n +0000518792 00000 n +0000518855 00000 n +0000518918 00000 n +0000518981 00000 n +0000519045 00000 n +0000519108 00000 n +0000519171 00000 n +0000519234 00000 n +0000519297 00000 n +0000519360 00000 n +0000854838 00000 n +0000523902 00000 n +0000521316 00000 n +0000519605 00000 n +0000521440 00000 n +0000521503 00000 n +0000521566 00000 n +0000521629 00000 n +0000521693 00000 n +0000521755 00000 n +0000521817 00000 n +0000521880 00000 n +0000521943 00000 n +0000522006 00000 n +0000522069 00000 n +0000522132 00000 n +0000522196 00000 n +0000522260 00000 n +0000522323 00000 n +0000522387 00000 n +0000522451 00000 n +0000522515 00000 n +0000522641 00000 n +0000522704 00000 n +0000522768 00000 n +0000522893 00000 n +0000522955 00000 n +0000523017 00000 n +0000523143 00000 n +0000523206 00000 n +0000523395 00000 n +0000523458 00000 n +0000523521 00000 n +0000523585 00000 n +0000523648 00000 n +0000523711 00000 n +0000523775 00000 n +0000523838 00000 n +0000526122 00000 n +0000528746 00000 n +0000525977 00000 n +0000524098 00000 n +0000526274 00000 n +0000526337 00000 n +0000526400 00000 n +0000526464 00000 n +0000526528 00000 n +0000526592 00000 n +0000526656 00000 n +0000526720 00000 n +0000526784 00000 n +0000526847 00000 n +0000526909 00000 n +0000526973 00000 n +0000527036 00000 n +0000527099 00000 n +0000527162 00000 n +0000527225 00000 n +0000527289 00000 n +0000527415 00000 n +0000527540 00000 n +0000527603 00000 n +0000527667 00000 n +0000527731 00000 n +0000527795 00000 n +0000527859 00000 n +0000527923 00000 n +0000527985 00000 n +0000528049 00000 n +0000528113 00000 n +0000528176 00000 n +0000528240 00000 n +0000528366 00000 n +0000528429 00000 n +0000528492 00000 n +0000528555 00000 n +0000528619 00000 n +0000528683 00000 n +0000533523 00000 n +0000530488 00000 n +0000528914 00000 n +0000530612 00000 n +0000530675 00000 n +0000530737 00000 n +0000530800 00000 n +0000530864 00000 n +0000530928 00000 n +0000531054 00000 n +0000531117 00000 n +0000531181 00000 n +0000531245 00000 n +0000531309 00000 n +0000531373 00000 n +0000531437 00000 n +0000531562 00000 n +0000531625 00000 n +0000531688 00000 n +0000531749 00000 n +0000531813 00000 n +0000531877 00000 n +0000531941 00000 n +0000532066 00000 n +0000532129 00000 n +0000532193 00000 n +0000532257 00000 n +0000532321 00000 n +0000532385 00000 n +0000532449 00000 n +0000532509 00000 n +0000532571 00000 n +0000532635 00000 n +0000532698 00000 n +0000532761 00000 n +0000532824 00000 n +0000532887 00000 n +0000532951 00000 n +0000533015 00000 n +0000533140 00000 n +0000533203 00000 n +0000533267 00000 n +0000533331 00000 n +0000533395 00000 n +0000533459 00000 n +0000535130 00000 n +0000534432 00000 n +0000533663 00000 n +0000534556 00000 n +0000534619 00000 n +0000534683 00000 n +0000534747 00000 n +0000534811 00000 n +0000534875 00000 n +0000534939 00000 n +0000535002 00000 n +0000535066 00000 n +0000539885 00000 n +0000537036 00000 n +0000535243 00000 n +0000537160 00000 n +0000537475 00000 n +0000537537 00000 n +0000537600 00000 n +0000537663 00000 n +0000537726 00000 n +0000537788 00000 n +0000537850 00000 n +0000537912 00000 n +0000537976 00000 n +0000538039 00000 n +0000538103 00000 n +0000538167 00000 n +0000538231 00000 n +0000538295 00000 n +0000538358 00000 n +0000538421 00000 n +0000538485 00000 n +0000538549 00000 n +0000538613 00000 n +0000538677 00000 n +0000538741 00000 n +0000538805 00000 n +0000538869 00000 n +0000538932 00000 n +0000538996 00000 n +0000539060 00000 n +0000539124 00000 n +0000539187 00000 n +0000539251 00000 n +0000539314 00000 n +0000539377 00000 n +0000539440 00000 n +0000539503 00000 n +0000539567 00000 n +0000539630 00000 n +0000539694 00000 n +0000539758 00000 n +0000543709 00000 n +0000541879 00000 n +0000540039 00000 n +0000542003 00000 n +0000542129 00000 n +0000542192 00000 n +0000542256 00000 n +0000542319 00000 n +0000542382 00000 n +0000542445 00000 n +0000542507 00000 n +0000542570 00000 n +0000542633 00000 n +0000542695 00000 n +0000542758 00000 n +0000542822 00000 n +0000542885 00000 n +0000542949 00000 n +0000543012 00000 n +0000543075 00000 n +0000543138 00000 n +0000543201 00000 n +0000543264 00000 n +0000543327 00000 n +0000543391 00000 n +0000543454 00000 n +0000543518 00000 n +0000543582 00000 n +0000543646 00000 n +0000854963 00000 n +0000546750 00000 n +0000545493 00000 n +0000543849 00000 n +0000545617 00000 n +0000545680 00000 n +0000545870 00000 n +0000545933 00000 n +0000545997 00000 n +0000546060 00000 n +0000546247 00000 n +0000546310 00000 n +0000546373 00000 n +0000546561 00000 n +0000546624 00000 n +0000546688 00000 n +0000549610 00000 n +0000548666 00000 n +0000546863 00000 n +0000548790 00000 n +0000548853 00000 n +0000548915 00000 n +0000548978 00000 n +0000549041 00000 n +0000549105 00000 n +0000549168 00000 n +0000549232 00000 n +0000549295 00000 n +0000549359 00000 n +0000549422 00000 n +0000549484 00000 n +0000549548 00000 n +0000551262 00000 n +0000553940 00000 n +0000551117 00000 n +0000549710 00000 n +0000551413 00000 n +0000551726 00000 n +0000551789 00000 n +0000551852 00000 n +0000551915 00000 n +0000551979 00000 n +0000552042 00000 n +0000552105 00000 n +0000552169 00000 n +0000552233 00000 n +0000552296 00000 n +0000552359 00000 n +0000552423 00000 n +0000552487 00000 n +0000552550 00000 n +0000552612 00000 n +0000552676 00000 n +0000552740 00000 n +0000552802 00000 n +0000552865 00000 n +0000552928 00000 n +0000552992 00000 n +0000553055 00000 n +0000553118 00000 n +0000553181 00000 n +0000553245 00000 n +0000553309 00000 n +0000553372 00000 n +0000553435 00000 n +0000553499 00000 n +0000553561 00000 n +0000553624 00000 n +0000553688 00000 n +0000553751 00000 n +0000553814 00000 n +0000553878 00000 n +0000555904 00000 n +0000558590 00000 n +0000555759 00000 n +0000554053 00000 n +0000556056 00000 n +0000556119 00000 n +0000556182 00000 n +0000556245 00000 n +0000556309 00000 n +0000556373 00000 n +0000556436 00000 n +0000556500 00000 n +0000556562 00000 n +0000556625 00000 n +0000556689 00000 n +0000556753 00000 n +0000556817 00000 n +0000556881 00000 n +0000556944 00000 n +0000557007 00000 n +0000557071 00000 n +0000557134 00000 n +0000557197 00000 n +0000557260 00000 n +0000557324 00000 n +0000557387 00000 n +0000557450 00000 n +0000557514 00000 n +0000557577 00000 n +0000557640 00000 n +0000557704 00000 n +0000557767 00000 n +0000557830 00000 n +0000557894 00000 n +0000557957 00000 n +0000558020 00000 n +0000558084 00000 n +0000558147 00000 n +0000558208 00000 n +0000558272 00000 n +0000558336 00000 n +0000558400 00000 n +0000558463 00000 n +0000558526 00000 n +0000562432 00000 n +0000560035 00000 n +0000558703 00000 n +0000560159 00000 n +0000560222 00000 n +0000560285 00000 n +0000560348 00000 n +0000560412 00000 n +0000560475 00000 n +0000560537 00000 n +0000560600 00000 n +0000560664 00000 n +0000560727 00000 n +0000560790 00000 n +0000560854 00000 n +0000560917 00000 n +0000560980 00000 n +0000561044 00000 n +0000561107 00000 n +0000561170 00000 n +0000561234 00000 n +0000561297 00000 n +0000561360 00000 n +0000561548 00000 n +0000561611 00000 n +0000561674 00000 n +0000561737 00000 n +0000561800 00000 n +0000561864 00000 n +0000561927 00000 n +0000561990 00000 n +0000562053 00000 n +0000562115 00000 n +0000562178 00000 n +0000562242 00000 n +0000562305 00000 n +0000562368 00000 n +0000566536 00000 n +0000564070 00000 n +0000562558 00000 n +0000564194 00000 n +0000564257 00000 n +0000564320 00000 n +0000564383 00000 n +0000564447 00000 n +0000564635 00000 n +0000564698 00000 n +0000564761 00000 n +0000564823 00000 n +0000564887 00000 n +0000564951 00000 n +0000565014 00000 n +0000565077 00000 n +0000565141 00000 n +0000565205 00000 n +0000565269 00000 n +0000565333 00000 n +0000565396 00000 n +0000565459 00000 n +0000565649 00000 n +0000565712 00000 n +0000565775 00000 n +0000565838 00000 n +0000565902 00000 n +0000565965 00000 n +0000566028 00000 n +0000566092 00000 n +0000566155 00000 n +0000566218 00000 n +0000566282 00000 n +0000566345 00000 n +0000566408 00000 n +0000566472 00000 n +0000855088 00000 n +0000568614 00000 n +0000568770 00000 n +0000571258 00000 n +0000568460 00000 n +0000566662 00000 n +0000568922 00000 n +0000568985 00000 n +0000569047 00000 n +0000569110 00000 n +0000569173 00000 n +0000569237 00000 n +0000569300 00000 n +0000569363 00000 n +0000569426 00000 n +0000569489 00000 n +0000569553 00000 n +0000569616 00000 n +0000569680 00000 n +0000569743 00000 n +0000569806 00000 n +0000569869 00000 n +0000569932 00000 n +0000569995 00000 n +0000570183 00000 n +0000570246 00000 n +0000570310 00000 n +0000570373 00000 n +0000570436 00000 n +0000570498 00000 n +0000570561 00000 n +0000570624 00000 n +0000570687 00000 n +0000570750 00000 n +0000570813 00000 n +0000570877 00000 n +0000570940 00000 n +0000571003 00000 n +0000571066 00000 n +0000571130 00000 n +0000571194 00000 n +0000574821 00000 n +0000572478 00000 n +0000571398 00000 n +0000572602 00000 n +0000572665 00000 n +0000572728 00000 n +0000572791 00000 n +0000572855 00000 n +0000572919 00000 n +0000572982 00000 n +0000573046 00000 n +0000573109 00000 n +0000573172 00000 n +0000573235 00000 n +0000573299 00000 n +0000573363 00000 n +0000573426 00000 n +0000573489 00000 n +0000573553 00000 n +0000573617 00000 n +0000573680 00000 n +0000573743 00000 n +0000573807 00000 n +0000573871 00000 n +0000573934 00000 n +0000573996 00000 n +0000574060 00000 n +0000574124 00000 n +0000574187 00000 n +0000574249 00000 n +0000574313 00000 n +0000574377 00000 n +0000574440 00000 n +0000574503 00000 n +0000574567 00000 n +0000574631 00000 n +0000574694 00000 n +0000574757 00000 n +0000577122 00000 n +0000582358 00000 n +0000576977 00000 n +0000574921 00000 n +0000577273 00000 n +0000577588 00000 n +0000577651 00000 n +0000577714 00000 n +0000577777 00000 n +0000577841 00000 n +0000577905 00000 n +0000577968 00000 n +0000578032 00000 n +0000578096 00000 n +0000578159 00000 n +0000578223 00000 n +0000578287 00000 n +0000578350 00000 n +0000578414 00000 n +0000578478 00000 n +0000578541 00000 n +0000578605 00000 n +0000578669 00000 n +0000578732 00000 n +0000578796 00000 n +0000578860 00000 n +0000578924 00000 n +0000578988 00000 n +0000579051 00000 n +0000579115 00000 n +0000579179 00000 n +0000579243 00000 n +0000579307 00000 n +0000579370 00000 n +0000579434 00000 n +0000579498 00000 n +0000579562 00000 n +0000579626 00000 n +0000579689 00000 n +0000579753 00000 n +0000579817 00000 n +0000579881 00000 n +0000579945 00000 n +0000580008 00000 n +0000580072 00000 n +0000580136 00000 n +0000580200 00000 n +0000580264 00000 n +0000580326 00000 n +0000580390 00000 n +0000580454 00000 n +0000580518 00000 n +0000580582 00000 n +0000580644 00000 n +0000580707 00000 n +0000580770 00000 n +0000580832 00000 n +0000580896 00000 n +0000580959 00000 n +0000581023 00000 n +0000581087 00000 n +0000581151 00000 n +0000581214 00000 n +0000581278 00000 n +0000581342 00000 n +0000581405 00000 n +0000581468 00000 n +0000581532 00000 n +0000581596 00000 n +0000581660 00000 n +0000581723 00000 n +0000581787 00000 n +0000581851 00000 n +0000581915 00000 n +0000581978 00000 n +0000582041 00000 n +0000582103 00000 n +0000582167 00000 n +0000582231 00000 n +0000582295 00000 n +0000590097 00000 n +0000584706 00000 n +0000582498 00000 n +0000584830 00000 n +0000584893 00000 n +0000584957 00000 n +0000585021 00000 n +0000585084 00000 n +0000585147 00000 n +0000585210 00000 n +0000585273 00000 n +0000585337 00000 n +0000585401 00000 n +0000585465 00000 n +0000585528 00000 n +0000585592 00000 n +0000585656 00000 n +0000585720 00000 n +0000585782 00000 n +0000585846 00000 n +0000585910 00000 n +0000585974 00000 n +0000586037 00000 n +0000586101 00000 n +0000586165 00000 n +0000586229 00000 n +0000586292 00000 n +0000586355 00000 n +0000586418 00000 n +0000586481 00000 n +0000586545 00000 n +0000586609 00000 n +0000586670 00000 n +0000586734 00000 n +0000586798 00000 n +0000586861 00000 n +0000586925 00000 n +0000586989 00000 n +0000587052 00000 n +0000587116 00000 n +0000587180 00000 n +0000587370 00000 n +0000587433 00000 n +0000587496 00000 n +0000587560 00000 n +0000587624 00000 n +0000587688 00000 n +0000587752 00000 n +0000587816 00000 n +0000587880 00000 n +0000587944 00000 n +0000588008 00000 n +0000588071 00000 n +0000588134 00000 n +0000588197 00000 n +0000588260 00000 n +0000588323 00000 n +0000588387 00000 n +0000588451 00000 n +0000588515 00000 n +0000588577 00000 n +0000588641 00000 n +0000588705 00000 n +0000588769 00000 n +0000588833 00000 n +0000588896 00000 n +0000588959 00000 n +0000589022 00000 n +0000589085 00000 n +0000589149 00000 n +0000589339 00000 n +0000589402 00000 n +0000589465 00000 n +0000589529 00000 n +0000589593 00000 n +0000589656 00000 n +0000589720 00000 n +0000589784 00000 n +0000589847 00000 n +0000589910 00000 n +0000589973 00000 n +0000590036 00000 n +0000591340 00000 n +0000590773 00000 n +0000590251 00000 n +0000590897 00000 n +0000590960 00000 n +0000591024 00000 n +0000591088 00000 n +0000591151 00000 n +0000591214 00000 n +0000591277 00000 n +0000593258 00000 n +0000593411 00000 n +0000593561 00000 n +0000595548 00000 n +0000593095 00000 n +0000591440 00000 n +0000593713 00000 n +0000594028 00000 n +0000594091 00000 n +0000594155 00000 n +0000594219 00000 n +0000594283 00000 n +0000594346 00000 n +0000594409 00000 n +0000594472 00000 n +0000594536 00000 n +0000594600 00000 n +0000594664 00000 n +0000594728 00000 n +0000594791 00000 n +0000594855 00000 n +0000594918 00000 n +0000594981 00000 n +0000595043 00000 n +0000595106 00000 n +0000595169 00000 n +0000595232 00000 n +0000595295 00000 n +0000595359 00000 n +0000595423 00000 n +0000595486 00000 n +0000855213 00000 n +0000597222 00000 n +0000597373 00000 n +0000600705 00000 n +0000599806 00000 n +0000597068 00000 n +0000595716 00000 n +0000597525 00000 n +0000597588 00000 n +0000597713 00000 n +0000597776 00000 n +0000597840 00000 n +0000597903 00000 n +0000597967 00000 n +0000598031 00000 n +0000598092 00000 n +0000598156 00000 n +0000598220 00000 n +0000598409 00000 n +0000598472 00000 n +0000598535 00000 n +0000598598 00000 n +0000598662 00000 n +0000598726 00000 n +0000598790 00000 n +0000598854 00000 n +0000598918 00000 n +0000598982 00000 n +0000599046 00000 n +0000599110 00000 n +0000599173 00000 n +0000599236 00000 n +0000599300 00000 n +0000599363 00000 n +0000599426 00000 n +0000599489 00000 n +0000599553 00000 n +0000599616 00000 n +0000599679 00000 n +0000604018 00000 n +0000600560 00000 n +0000599946 00000 n +0000600862 00000 n +0000601050 00000 n +0000601113 00000 n +0000601176 00000 n +0000601239 00000 n +0000601302 00000 n +0000601366 00000 n +0000601429 00000 n +0000601492 00000 n +0000601556 00000 n +0000601619 00000 n +0000601682 00000 n +0000601746 00000 n +0000601808 00000 n +0000601870 00000 n +0000601934 00000 n +0000601997 00000 n +0000602060 00000 n +0000602124 00000 n +0000602187 00000 n +0000602250 00000 n +0000602314 00000 n +0000602376 00000 n +0000602438 00000 n +0000602502 00000 n +0000602565 00000 n +0000602628 00000 n +0000602692 00000 n +0000602755 00000 n +0000602818 00000 n +0000602882 00000 n +0000602944 00000 n +0000603006 00000 n +0000603069 00000 n +0000603132 00000 n +0000603195 00000 n +0000603259 00000 n +0000603322 00000 n +0000603385 00000 n +0000603449 00000 n +0000603512 00000 n +0000603575 00000 n +0000603638 00000 n +0000603701 00000 n +0000603764 00000 n +0000603828 00000 n +0000603891 00000 n +0000603954 00000 n +0000605247 00000 n +0000607988 00000 n +0000605102 00000 n +0000604144 00000 n +0000605402 00000 n +0000605465 00000 n +0000605527 00000 n +0000605590 00000 n +0000605653 00000 n +0000605780 00000 n +0000605843 00000 n +0000605906 00000 n +0000605969 00000 n +0000606032 00000 n +0000606095 00000 n +0000606158 00000 n +0000606222 00000 n +0000606284 00000 n +0000606346 00000 n +0000606410 00000 n +0000606473 00000 n +0000606536 00000 n +0000606600 00000 n +0000606663 00000 n +0000606726 00000 n +0000606790 00000 n +0000606853 00000 n +0000606916 00000 n +0000606979 00000 n +0000607042 00000 n +0000607105 00000 n +0000607169 00000 n +0000607232 00000 n +0000607295 00000 n +0000607359 00000 n +0000607422 00000 n +0000607485 00000 n +0000607547 00000 n +0000607610 00000 n +0000607673 00000 n +0000607737 00000 n +0000607925 00000 n +0000612000 00000 n +0000609036 00000 n +0000608114 00000 n +0000609160 00000 n +0000609223 00000 n +0000609286 00000 n +0000609349 00000 n +0000609412 00000 n +0000609475 00000 n +0000609538 00000 n +0000609601 00000 n +0000609664 00000 n +0000609728 00000 n +0000609791 00000 n +0000609854 00000 n +0000609918 00000 n +0000609981 00000 n +0000610044 00000 n +0000610107 00000 n +0000610170 00000 n +0000610233 00000 n +0000610423 00000 n +0000610486 00000 n +0000610549 00000 n +0000610612 00000 n +0000610675 00000 n +0000610738 00000 n +0000610801 00000 n +0000610865 00000 n +0000610928 00000 n +0000610991 00000 n +0000611053 00000 n +0000611116 00000 n +0000611179 00000 n +0000611243 00000 n +0000611306 00000 n +0000611369 00000 n +0000611433 00000 n +0000611496 00000 n +0000611559 00000 n +0000611622 00000 n +0000611685 00000 n +0000611748 00000 n +0000611812 00000 n +0000611874 00000 n +0000611936 00000 n +0000616063 00000 n +0000613288 00000 n +0000612126 00000 n +0000613412 00000 n +0000613475 00000 n +0000613537 00000 n +0000613600 00000 n +0000613663 00000 n +0000613727 00000 n +0000613789 00000 n +0000613851 00000 n +0000614041 00000 n +0000614104 00000 n +0000614167 00000 n +0000614230 00000 n +0000614293 00000 n +0000614355 00000 n +0000614417 00000 n +0000614481 00000 n +0000614544 00000 n +0000614607 00000 n +0000614671 00000 n +0000614734 00000 n +0000614797 00000 n +0000614861 00000 n +0000614924 00000 n +0000614987 00000 n +0000615051 00000 n +0000615114 00000 n +0000615177 00000 n +0000615241 00000 n +0000615304 00000 n +0000615367 00000 n +0000615431 00000 n +0000615494 00000 n +0000615557 00000 n +0000615621 00000 n +0000615684 00000 n +0000615747 00000 n +0000615811 00000 n +0000615874 00000 n +0000615937 00000 n +0000619661 00000 n +0000617268 00000 n +0000616189 00000 n +0000617392 00000 n +0000617455 00000 n +0000617580 00000 n +0000617643 00000 n +0000617706 00000 n +0000617769 00000 n +0000617832 00000 n +0000617896 00000 n +0000617959 00000 n +0000618022 00000 n +0000618086 00000 n +0000618148 00000 n +0000618210 00000 n +0000618274 00000 n +0000618337 00000 n +0000618400 00000 n +0000618464 00000 n +0000618527 00000 n +0000618590 00000 n +0000618778 00000 n +0000618841 00000 n +0000618904 00000 n +0000618967 00000 n +0000619029 00000 n +0000619092 00000 n +0000619155 00000 n +0000619219 00000 n +0000619282 00000 n +0000619345 00000 n +0000619409 00000 n +0000619472 00000 n +0000619535 00000 n +0000855338 00000 n +0000623369 00000 n +0000620846 00000 n +0000619787 00000 n +0000620970 00000 n +0000621033 00000 n +0000621158 00000 n +0000621221 00000 n +0000621284 00000 n +0000621347 00000 n +0000621410 00000 n +0000621474 00000 n +0000621537 00000 n +0000621600 00000 n +0000621664 00000 n +0000621727 00000 n +0000621790 00000 n +0000621854 00000 n +0000621917 00000 n +0000621980 00000 n +0000622044 00000 n +0000622107 00000 n +0000622170 00000 n +0000622233 00000 n +0000622296 00000 n +0000622359 00000 n +0000622423 00000 n +0000622486 00000 n +0000622549 00000 n +0000622612 00000 n +0000622675 00000 n +0000622738 00000 n +0000622927 00000 n +0000622990 00000 n +0000623053 00000 n +0000623116 00000 n +0000623179 00000 n +0000623242 00000 n +0000623305 00000 n +0000627616 00000 n +0000624714 00000 n +0000623495 00000 n +0000624838 00000 n +0000624901 00000 n +0000624964 00000 n +0000625027 00000 n +0000625091 00000 n +0000625154 00000 n +0000625217 00000 n +0000625280 00000 n +0000625343 00000 n +0000625406 00000 n +0000625470 00000 n +0000625533 00000 n +0000625596 00000 n +0000625660 00000 n +0000625723 00000 n +0000625786 00000 n +0000625849 00000 n +0000625912 00000 n +0000625975 00000 n +0000626165 00000 n +0000626228 00000 n +0000626291 00000 n +0000626354 00000 n +0000626416 00000 n +0000626478 00000 n +0000626542 00000 n +0000626605 00000 n +0000626668 00000 n +0000626732 00000 n +0000626795 00000 n +0000626858 00000 n +0000626922 00000 n +0000626984 00000 n +0000627046 00000 n +0000627110 00000 n +0000627173 00000 n +0000627236 00000 n +0000627300 00000 n +0000627363 00000 n +0000627426 00000 n +0000627490 00000 n +0000627553 00000 n +0000631738 00000 n +0000628900 00000 n +0000627742 00000 n +0000629024 00000 n +0000629087 00000 n +0000629149 00000 n +0000629212 00000 n +0000629275 00000 n +0000629339 00000 n +0000629402 00000 n +0000629465 00000 n +0000629528 00000 n +0000629591 00000 n +0000629779 00000 n +0000629842 00000 n +0000629905 00000 n +0000629968 00000 n +0000630031 00000 n +0000630094 00000 n +0000630157 00000 n +0000630221 00000 n +0000630284 00000 n +0000630347 00000 n +0000630411 00000 n +0000630474 00000 n +0000630537 00000 n +0000630600 00000 n +0000630663 00000 n +0000630726 00000 n +0000630790 00000 n +0000630853 00000 n +0000630916 00000 n +0000630980 00000 n +0000631043 00000 n +0000631106 00000 n +0000631169 00000 n +0000631232 00000 n +0000631295 00000 n +0000631359 00000 n +0000631422 00000 n +0000631485 00000 n +0000631675 00000 n +0000635994 00000 n +0000633215 00000 n +0000631864 00000 n +0000633339 00000 n +0000633402 00000 n +0000633465 00000 n +0000633528 00000 n +0000633591 00000 n +0000633654 00000 n +0000633717 00000 n +0000633780 00000 n +0000633843 00000 n +0000633907 00000 n +0000633970 00000 n +0000634033 00000 n +0000634097 00000 n +0000634160 00000 n +0000634223 00000 n +0000634286 00000 n +0000634349 00000 n +0000634412 00000 n +0000634476 00000 n +0000634539 00000 n +0000634602 00000 n +0000634666 00000 n +0000634729 00000 n +0000634792 00000 n +0000634856 00000 n +0000634919 00000 n +0000634982 00000 n +0000635046 00000 n +0000635109 00000 n +0000635172 00000 n +0000635236 00000 n +0000635299 00000 n +0000635362 00000 n +0000635425 00000 n +0000635488 00000 n +0000635551 00000 n +0000635615 00000 n +0000635678 00000 n +0000635741 00000 n +0000635805 00000 n +0000635868 00000 n +0000635931 00000 n +0000640872 00000 n +0000637653 00000 n +0000636107 00000 n +0000637777 00000 n +0000637840 00000 n +0000637903 00000 n +0000637966 00000 n +0000638030 00000 n +0000638093 00000 n +0000638156 00000 n +0000638220 00000 n +0000638283 00000 n +0000638346 00000 n +0000638410 00000 n +0000638473 00000 n +0000638536 00000 n +0000638600 00000 n +0000638663 00000 n +0000638726 00000 n +0000638790 00000 n +0000638851 00000 n +0000638912 00000 n +0000638976 00000 n +0000639039 00000 n +0000639102 00000 n +0000639166 00000 n +0000639229 00000 n +0000639292 00000 n +0000639356 00000 n +0000639419 00000 n +0000639482 00000 n +0000639546 00000 n +0000639609 00000 n +0000639672 00000 n +0000639734 00000 n +0000639797 00000 n +0000639860 00000 n +0000639924 00000 n +0000639987 00000 n +0000640050 00000 n +0000640114 00000 n +0000640177 00000 n +0000640240 00000 n +0000640304 00000 n +0000640367 00000 n +0000640430 00000 n +0000640494 00000 n +0000640556 00000 n +0000640618 00000 n +0000640682 00000 n +0000640745 00000 n +0000640808 00000 n +0000645846 00000 n +0000642563 00000 n +0000640985 00000 n +0000642687 00000 n +0000642750 00000 n +0000642812 00000 n +0000642875 00000 n +0000642938 00000 n +0000643002 00000 n +0000643064 00000 n +0000643127 00000 n +0000643190 00000 n +0000643254 00000 n +0000643317 00000 n +0000643380 00000 n +0000643444 00000 n +0000643506 00000 n +0000643568 00000 n +0000643632 00000 n +0000643695 00000 n +0000643758 00000 n +0000643822 00000 n +0000643885 00000 n +0000643948 00000 n +0000644012 00000 n +0000644075 00000 n +0000644138 00000 n +0000644202 00000 n +0000644266 00000 n +0000644330 00000 n +0000644392 00000 n +0000644454 00000 n +0000644518 00000 n +0000644581 00000 n +0000644644 00000 n +0000644708 00000 n +0000644771 00000 n +0000644834 00000 n +0000644898 00000 n +0000644961 00000 n +0000645024 00000 n +0000645087 00000 n +0000645150 00000 n +0000645213 00000 n +0000645277 00000 n +0000645340 00000 n +0000645403 00000 n +0000645467 00000 n +0000645530 00000 n +0000645593 00000 n +0000645656 00000 n +0000645719 00000 n +0000645782 00000 n +0000855463 00000 n +0000650637 00000 n +0000647100 00000 n +0000645973 00000 n +0000647224 00000 n +0000647287 00000 n +0000647349 00000 n +0000647412 00000 n +0000647475 00000 n +0000647539 00000 n +0000647603 00000 n +0000647666 00000 n +0000647729 00000 n +0000647792 00000 n +0000647855 00000 n +0000647918 00000 n +0000647982 00000 n +0000648044 00000 n +0000648106 00000 n +0000648170 00000 n +0000648233 00000 n +0000648296 00000 n +0000648360 00000 n +0000648423 00000 n +0000648486 00000 n +0000648550 00000 n +0000648613 00000 n +0000648676 00000 n +0000648740 00000 n +0000648802 00000 n +0000648864 00000 n +0000648928 00000 n +0000648991 00000 n +0000649054 00000 n +0000649118 00000 n +0000649181 00000 n +0000649244 00000 n +0000649308 00000 n +0000649371 00000 n +0000649434 00000 n +0000649498 00000 n +0000649561 00000 n +0000649624 00000 n +0000649688 00000 n +0000649751 00000 n +0000649814 00000 n +0000649878 00000 n +0000649941 00000 n +0000650004 00000 n +0000650068 00000 n +0000650131 00000 n +0000650194 00000 n +0000650258 00000 n +0000650321 00000 n +0000650384 00000 n +0000650448 00000 n +0000650511 00000 n +0000650574 00000 n +0000655197 00000 n +0000652484 00000 n +0000650764 00000 n +0000652608 00000 n +0000652671 00000 n +0000652733 00000 n +0000652796 00000 n +0000652859 00000 n +0000652923 00000 n +0000652986 00000 n +0000653049 00000 n +0000653112 00000 n +0000653175 00000 n +0000653238 00000 n +0000653302 00000 n +0000653365 00000 n +0000653428 00000 n +0000653492 00000 n +0000653555 00000 n +0000653618 00000 n +0000653682 00000 n +0000653745 00000 n +0000653808 00000 n +0000653872 00000 n +0000653935 00000 n +0000653998 00000 n +0000654061 00000 n +0000654124 00000 n +0000654187 00000 n +0000654250 00000 n +0000654313 00000 n +0000654376 00000 n +0000654440 00000 n +0000654502 00000 n +0000654564 00000 n +0000654628 00000 n +0000654691 00000 n +0000654754 00000 n +0000654818 00000 n +0000654881 00000 n +0000654944 00000 n +0000655007 00000 n +0000655070 00000 n +0000655133 00000 n +0000656799 00000 n +0000659733 00000 n +0000656654 00000 n +0000655310 00000 n +0000656951 00000 n +0000657014 00000 n +0000657077 00000 n +0000657140 00000 n +0000657203 00000 n +0000657266 00000 n +0000657455 00000 n +0000657518 00000 n +0000657581 00000 n +0000657644 00000 n +0000657707 00000 n +0000657770 00000 n +0000657833 00000 n +0000657897 00000 n +0000657960 00000 n +0000658023 00000 n +0000658086 00000 n +0000658149 00000 n +0000658213 00000 n +0000658276 00000 n +0000658339 00000 n +0000658403 00000 n +0000658466 00000 n +0000658529 00000 n +0000658593 00000 n +0000658656 00000 n +0000658719 00000 n +0000658783 00000 n +0000658846 00000 n +0000658909 00000 n +0000658973 00000 n +0000659036 00000 n +0000659099 00000 n +0000659163 00000 n +0000659226 00000 n +0000659289 00000 n +0000659353 00000 n +0000659416 00000 n +0000659479 00000 n +0000659543 00000 n +0000659606 00000 n +0000659669 00000 n +0000661545 00000 n +0000663217 00000 n +0000661400 00000 n +0000659859 00000 n +0000661697 00000 n +0000661760 00000 n +0000661823 00000 n +0000661886 00000 n +0000662076 00000 n +0000662139 00000 n +0000662203 00000 n +0000662266 00000 n +0000662329 00000 n +0000662391 00000 n +0000662454 00000 n +0000662517 00000 n +0000662581 00000 n +0000662644 00000 n +0000662707 00000 n +0000662771 00000 n +0000662835 00000 n +0000662899 00000 n +0000662962 00000 n +0000663026 00000 n +0000663089 00000 n +0000663153 00000 n +0000667436 00000 n +0000664655 00000 n +0000663371 00000 n +0000664779 00000 n +0000664968 00000 n +0000665031 00000 n +0000665095 00000 n +0000665159 00000 n +0000665223 00000 n +0000665286 00000 n +0000665350 00000 n +0000665540 00000 n +0000665603 00000 n +0000665666 00000 n +0000665728 00000 n +0000665792 00000 n +0000665855 00000 n +0000665918 00000 n +0000665982 00000 n +0000666045 00000 n +0000666108 00000 n +0000666172 00000 n +0000666234 00000 n +0000666297 00000 n +0000666361 00000 n +0000666424 00000 n +0000666487 00000 n +0000666551 00000 n +0000666614 00000 n +0000666677 00000 n +0000666741 00000 n +0000666804 00000 n +0000666867 00000 n +0000666931 00000 n +0000666993 00000 n +0000667056 00000 n +0000667120 00000 n +0000667184 00000 n +0000667247 00000 n +0000667310 00000 n +0000667374 00000 n +0000671468 00000 n +0000668437 00000 n +0000667548 00000 n +0000668561 00000 n +0000668686 00000 n +0000668749 00000 n +0000668812 00000 n +0000668876 00000 n +0000668938 00000 n +0000669002 00000 n +0000669065 00000 n +0000669128 00000 n +0000669192 00000 n +0000669255 00000 n +0000669318 00000 n +0000669381 00000 n +0000669444 00000 n +0000669507 00000 n +0000669571 00000 n +0000669634 00000 n +0000669696 00000 n +0000669760 00000 n +0000669823 00000 n +0000669886 00000 n +0000669949 00000 n +0000670012 00000 n +0000670075 00000 n +0000670139 00000 n +0000670202 00000 n +0000670265 00000 n +0000670329 00000 n +0000670392 00000 n +0000670455 00000 n +0000670519 00000 n +0000670582 00000 n +0000670645 00000 n +0000670709 00000 n +0000670772 00000 n +0000670835 00000 n +0000670899 00000 n +0000670962 00000 n +0000671025 00000 n +0000671089 00000 n +0000671152 00000 n +0000671215 00000 n +0000671279 00000 n +0000671342 00000 n +0000671404 00000 n +0000855588 00000 n +0000675139 00000 n +0000672359 00000 n +0000671554 00000 n +0000672483 00000 n +0000672546 00000 n +0000672609 00000 n +0000672672 00000 n +0000672799 00000 n +0000672861 00000 n +0000672924 00000 n +0000672986 00000 n +0000673050 00000 n +0000673113 00000 n +0000673176 00000 n +0000673240 00000 n +0000673303 00000 n +0000673366 00000 n +0000673430 00000 n +0000673493 00000 n +0000673556 00000 n +0000673620 00000 n +0000673683 00000 n +0000673746 00000 n +0000673810 00000 n +0000673873 00000 n +0000673936 00000 n +0000674000 00000 n +0000674063 00000 n +0000674126 00000 n +0000674316 00000 n +0000674379 00000 n +0000674442 00000 n +0000674505 00000 n +0000674569 00000 n +0000674632 00000 n +0000674695 00000 n +0000674759 00000 n +0000674822 00000 n +0000674885 00000 n +0000674949 00000 n +0000675012 00000 n +0000675075 00000 n +0000675238 00000 n +0000675274 00000 n +0000675312 00000 n +0000849583 00000 n +0000675350 00000 n +0000675670 00000 n +0000676062 00000 n +0000676539 00000 n +0000676923 00000 n +0000677319 00000 n +0000677898 00000 n +0000678478 00000 n +0000679053 00000 n +0000679696 00000 n +0000680274 00000 n +0000682083 00000 n +0000682318 00000 n +0000684133 00000 n +0000684367 00000 n +0000686184 00000 n +0000686418 00000 n +0000704470 00000 n +0000704958 00000 n +0000722847 00000 n +0000723371 00000 n +0000743239 00000 n +0000743870 00000 n +0000751972 00000 n +0000752261 00000 n +0000765769 00000 n +0000766285 00000 n +0000777910 00000 n +0000778503 00000 n +0000787812 00000 n +0000788250 00000 n +0000807331 00000 n +0000807915 00000 n +0000829892 00000 n +0000830566 00000 n +0000849072 00000 n +0000855677 00000 n +0000855802 00000 n +0000855928 00000 n +0000856054 00000 n +0000856180 00000 n +0000856279 00000 n +0000856380 00000 n +0000876506 00000 n +0000876674 00000 n +0000876843 00000 n +0000877011 00000 n +0000877180 00000 n +0000877347 00000 n +0000877515 00000 n +0000877680 00000 n +0000877845 00000 n +0000878014 00000 n +0000878182 00000 n +0000878351 00000 n +0000878519 00000 n +0000878688 00000 n +0000878856 00000 n +0000879024 00000 n +0000879193 00000 n +0000879360 00000 n +0000879528 00000 n +0000879697 00000 n +0000879865 00000 n +0000880034 00000 n +0000880201 00000 n +0000880369 00000 n +0000880536 00000 n +0000880705 00000 n +0000880873 00000 n +0000881042 00000 n +0000881210 00000 n +0000881378 00000 n +0000881547 00000 n +0000881715 00000 n +0000881884 00000 n +0000882051 00000 n +0000882219 00000 n +0000882388 00000 n +0000882556 00000 n +0000882724 00000 n +0000882893 00000 n +0000883060 00000 n +0000883228 00000 n +0000883396 00000 n +0000883565 00000 n +0000883733 00000 n +0000883900 00000 n +0000884069 00000 n +0000884237 00000 n +0000884406 00000 n +0000884573 00000 n +0000884741 00000 n +0000884910 00000 n +0000885078 00000 n +0000885246 00000 n +0000885413 00000 n +0000885580 00000 n +0000885749 00000 n +0000885918 00000 n +0000886087 00000 n +0000886256 00000 n +0000886424 00000 n +0000886592 00000 n +0000886761 00000 n +0000886929 00000 n +0000887096 00000 n +0000887265 00000 n +0000887433 00000 n +0000887602 00000 n +0000887769 00000 n +0000887936 00000 n +0000888105 00000 n +0000888273 00000 n +0000888442 00000 n +0000888609 00000 n +0000888777 00000 n +0000888946 00000 n +0000889115 00000 n +0000889283 00000 n +0000889452 00000 n +0000889620 00000 n +0000889787 00000 n +0000889952 00000 n +0000890121 00000 n +0000890288 00000 n +0000890456 00000 n +0000890625 00000 n +0000890794 00000 n +0000890961 00000 n +0000891130 00000 n +0000891298 00000 n +0000891467 00000 n +0000891635 00000 n +0000891803 00000 n +0000891970 00000 n +0000892139 00000 n +0000892307 00000 n +0000892472 00000 n +0000892641 00000 n +0000892809 00000 n +0000892978 00000 n +0000893147 00000 n +0000893315 00000 n +0000893484 00000 n +0000893651 00000 n +0000893818 00000 n +0000893987 00000 n +0000894155 00000 n +0000894324 00000 n +0000894492 00000 n +0000894661 00000 n +0000894828 00000 n +0000894995 00000 n +0000895164 00000 n +0000895330 00000 n +0000895499 00000 n +0000895667 00000 n +0000895836 00000 n +0000896004 00000 n +0000896172 00000 n +0000896341 00000 n +0000896510 00000 n +0000896678 00000 n +0000896846 00000 n +0000897015 00000 n +0000897184 00000 n +0000897352 00000 n +0000897519 00000 n +0000897688 00000 n +0000897854 00000 n +0000898023 00000 n +0000898190 00000 n +0000898359 00000 n +0000898526 00000 n +0000898695 00000 n +0000898863 00000 n +0000899032 00000 n +0000899200 00000 n +0000899369 00000 n +0000899538 00000 n +0000899705 00000 n +0000899874 00000 n +0000900042 00000 n +0000900211 00000 n +0000900378 00000 n +0000900544 00000 n +0000900713 00000 n +0000900882 00000 n +0000901050 00000 n +0000901219 00000 n +0000901386 00000 n +0000901554 00000 n +0000901721 00000 n +0000901890 00000 n +0000902059 00000 n +0000902227 00000 n +0000902396 00000 n +0000902563 00000 n +0000902731 00000 n +0000902900 00000 n +0000903067 00000 n +0000903236 00000 n +0000903403 00000 n +0000903571 00000 n +0000903739 00000 n +0000903908 00000 n +0000904077 00000 n +0000904245 00000 n +0000904413 00000 n +0000904582 00000 n +0000904750 00000 n +0000904919 00000 n +0000905088 00000 n +0000905256 00000 n +0000905425 00000 n +0000905591 00000 n +0000905760 00000 n +0000905928 00000 n +0000906096 00000 n +0000906265 00000 n +0000906434 00000 n +0000906602 00000 n +0000906771 00000 n +0000906939 00000 n +0000907108 00000 n +0000907275 00000 n +0000907444 00000 n +0000907612 00000 n +0000907781 00000 n +0000907949 00000 n +0000908118 00000 n +0000908287 00000 n +0000908455 00000 n +0000908622 00000 n +0000908791 00000 n +0000908959 00000 n +0000909128 00000 n +0000909297 00000 n +0000909464 00000 n +0000909631 00000 n +0000909800 00000 n +0000909968 00000 n +0000910136 00000 n +0000910305 00000 n +0000910472 00000 n +0000910640 00000 n +0000910809 00000 n +0000910976 00000 n +0000911143 00000 n +0000911312 00000 n +0000911481 00000 n +0000911649 00000 n +0000911818 00000 n +0000911987 00000 n +0000912156 00000 n +0000912325 00000 n +0000912494 00000 n +0000912661 00000 n +0000912830 00000 n +0000912998 00000 n +0000913163 00000 n +0000913332 00000 n +0000913500 00000 n +0000913669 00000 n +0000913837 00000 n +0000914005 00000 n +0000914174 00000 n +0000914342 00000 n +0000914509 00000 n +0000914678 00000 n +0000914846 00000 n +0000915015 00000 n +0000915183 00000 n +0000915352 00000 n +0000915520 00000 n +0000915688 00000 n +0000915857 00000 n +0000916024 00000 n +0000916192 00000 n +0000916361 00000 n +0000916529 00000 n +0000916696 00000 n +0000916865 00000 n +0000917034 00000 n +0000917203 00000 n +0000917371 00000 n +0000917538 00000 n +0000917707 00000 n +0000917875 00000 n +0000918043 00000 n +0000918212 00000 n +0000918380 00000 n +0000918545 00000 n +0000918712 00000 n +0000918880 00000 n +0000919047 00000 n +0000919216 00000 n +0000919384 00000 n +0000919553 00000 n +0000919722 00000 n +0000919891 00000 n +0000920060 00000 n +0000920228 00000 n +0000920396 00000 n +0000920565 00000 n +0000920733 00000 n +0000920902 00000 n +0000921070 00000 n +0000921239 00000 n +0000921407 00000 n +0000921574 00000 n +0000921743 00000 n +0000921911 00000 n +0000922080 00000 n +0000922248 00000 n +0000922416 00000 n +0000922585 00000 n +0000922752 00000 n +0000922920 00000 n +0000923089 00000 n +0000923257 00000 n +0000923425 00000 n +0000923594 00000 n +0000923762 00000 n +0000923931 00000 n +0000924095 00000 n +0000924263 00000 n +0000924432 00000 n +0000924601 00000 n +0000924770 00000 n +0000924937 00000 n +0000925106 00000 n +0000925274 00000 n +0000925442 00000 n +0000925611 00000 n +0000925779 00000 n +0000925946 00000 n +0000926113 00000 n +0000926277 00000 n +0000926445 00000 n +0000926612 00000 n +0000926781 00000 n +0000926949 00000 n +0000927118 00000 n +0000927286 00000 n +0000927455 00000 n +0000927622 00000 n +0000927789 00000 n +0000927958 00000 n +0000928126 00000 n +0000928295 00000 n +0000928463 00000 n +0000928631 00000 n +0000928800 00000 n +0000928968 00000 n +0000929136 00000 n +0000929305 00000 n +0000929473 00000 n +0000929641 00000 n +0000929810 00000 n +0000929977 00000 n +0000930145 00000 n +0000930314 00000 n +0000930481 00000 n +0000930649 00000 n +0000930818 00000 n +0000930986 00000 n +0000931155 00000 n +0000931324 00000 n +0000931492 00000 n +0000931659 00000 n +0000931826 00000 n +0000931995 00000 n +0000932163 00000 n +0000932332 00000 n +0000932499 00000 n +0000932666 00000 n +0000932835 00000 n +0000933003 00000 n +0000933172 00000 n +0000933341 00000 n +0000933510 00000 n +0000933675 00000 n +0000933842 00000 n +0000934011 00000 n +0000934179 00000 n +0000934347 00000 n +0000934516 00000 n +0000934683 00000 n +0000934851 00000 n +0000935020 00000 n +0000935188 00000 n +0000935355 00000 n +0000935524 00000 n +0000935692 00000 n +0000935861 00000 n +0000936029 00000 n +0000936198 00000 n +0000936362 00000 n +0000936529 00000 n +0000936698 00000 n +0000936866 00000 n +0000937035 00000 n +0000937203 00000 n +0000937370 00000 n +0000937539 00000 n +0000937708 00000 n +0000937876 00000 n +0000938045 00000 n +0000938213 00000 n +0000938382 00000 n +0000938549 00000 n +0000938717 00000 n +0000938886 00000 n +0000939053 00000 n +0000939222 00000 n +0000939390 00000 n +0000939558 00000 n +0000939727 00000 n +0000939896 00000 n +0000940065 00000 n +0000940234 00000 n +0000940402 00000 n +0000940571 00000 n +0000940739 00000 n +0000940906 00000 n +0000941075 00000 n +0000941243 00000 n +0000941411 00000 n +0000941580 00000 n +0000941746 00000 n +0000941913 00000 n +0000942082 00000 n +0000942250 00000 n +0000942419 00000 n +0000942587 00000 n +0000942755 00000 n +0000942924 00000 n +0000943092 00000 n +0000943261 00000 n +0000943428 00000 n +0000943597 00000 n +0000943766 00000 n +0000943934 00000 n +0000944102 00000 n +0000944271 00000 n +0000944435 00000 n +0000944603 00000 n +0000944772 00000 n +0000944940 00000 n +0000945109 00000 n +0000945278 00000 n +0000945447 00000 n +0000945615 00000 n +0000945782 00000 n +0000945951 00000 n +0000946119 00000 n +0000946288 00000 n +0000946455 00000 n +0000946623 00000 n +0000946792 00000 n +0000946956 00000 n +0000947123 00000 n +0000947292 00000 n +0000947460 00000 n +0000947629 00000 n +0000947798 00000 n +0000947966 00000 n +0000948134 00000 n +0000948303 00000 n +0000948472 00000 n +0000948640 00000 n +0000948809 00000 n +0000948978 00000 n +0000949144 00000 n +0000949313 00000 n +0000949481 00000 n +0000949649 00000 n +0000949818 00000 n +0000949986 00000 n +0000950155 00000 n +0000950324 00000 n +0000950493 00000 n +0000950662 00000 n +0000950829 00000 n +0000950996 00000 n +0000951165 00000 n +0000951333 00000 n +0000951501 00000 n +0000951666 00000 n +0000951833 00000 n +0000952001 00000 n +0000952170 00000 n +0000952339 00000 n +0000952506 00000 n +0000952674 00000 n +0000952843 00000 n +0000953010 00000 n +0000953178 00000 n +0000953345 00000 n +0000953514 00000 n +0000953682 00000 n +0000953851 00000 n +0000954018 00000 n +0000954184 00000 n +0000954353 00000 n +0000954520 00000 n +0000954688 00000 n +0000954857 00000 n +0000955025 00000 n +0000955194 00000 n +0000955363 00000 n +0000955531 00000 n +0000955700 00000 n +0000955868 00000 n +0000956037 00000 n +0000956205 00000 n +0000956373 00000 n +0000956540 00000 n +0000956709 00000 n +0000956876 00000 n +0000957045 00000 n +0000957213 00000 n +0000957382 00000 n +0000957550 00000 n +0000957718 00000 n +0000957887 00000 n +0000958055 00000 n +0000958224 00000 n +0000958393 00000 n +0000958560 00000 n +0000958728 00000 n +0000958896 00000 n +0000959065 00000 n +0000959231 00000 n +0000959398 00000 n +0000959567 00000 n +0000959735 00000 n +0000959903 00000 n +0000960072 00000 n +0000960241 00000 n +0000960408 00000 n +0000960576 00000 n +0000960743 00000 n +0000960912 00000 n +0000961080 00000 n +0000961248 00000 n +0000961417 00000 n +0000961583 00000 n +0000961751 00000 n +0000961920 00000 n +0000962087 00000 n +0000962255 00000 n +0000962424 00000 n +0000962593 00000 n +0000962762 00000 n +0000962931 00000 n +0000963100 00000 n +0000963269 00000 n +0000963438 00000 n +0000963607 00000 n +0000963776 00000 n +0000963941 00000 n +0000964110 00000 n +0000964279 00000 n +0000964448 00000 n +0000964617 00000 n +0000964786 00000 n +0000964955 00000 n +0000965124 00000 n +0000965293 00000 n +0000965462 00000 n +0000965631 00000 n +0000965800 00000 n +0000965969 00000 n +0000966138 00000 n +0000966307 00000 n +0000966476 00000 n +0000966643 00000 n +0000966812 00000 n +0000966981 00000 n +0000967150 00000 n +0000967319 00000 n +0000967488 00000 n +0000967657 00000 n +0000967826 00000 n +0000967995 00000 n +0000968164 00000 n +0000968333 00000 n +0000968502 00000 n +0000968671 00000 n +0000968840 00000 n +0000969005 00000 n +0000969174 00000 n +0000969343 00000 n +0000969512 00000 n +0000969681 00000 n +0000969850 00000 n +0000970019 00000 n +0000970188 00000 n +0000970357 00000 n +0000970526 00000 n +0000970695 00000 n +0000970864 00000 n +0000971033 00000 n +0000971202 00000 n +0000971371 00000 n +0000971538 00000 n +0000971707 00000 n +0000971876 00000 n +0000972045 00000 n +0000972214 00000 n +0000972383 00000 n +0000972552 00000 n +0000972721 00000 n +0000972890 00000 n +0000973059 00000 n +0000973228 00000 n +0000973397 00000 n +0000973566 00000 n +0000973735 00000 n +0000973904 00000 n +0000974069 00000 n +0000974238 00000 n +0000974406 00000 n +0000974575 00000 n +0000974743 00000 n +0000974911 00000 n +0000975080 00000 n +0000975248 00000 n +0000975417 00000 n +0000975585 00000 n +0000975753 00000 n +0000975922 00000 n +0000976090 00000 n +0000976259 00000 n +0000976426 00000 n +0000976594 00000 n +0000976763 00000 n +0000976929 00000 n +0000977098 00000 n +0000977266 00000 n +0000977435 00000 n +0000977603 00000 n +0000977771 00000 n +0000977940 00000 n +0000978108 00000 n +0000978277 00000 n +0000978445 00000 n +0000978612 00000 n +0000978781 00000 n +0000978949 00000 n +0000979118 00000 n +0000979286 00000 n +0000979455 00000 n +0000979623 00000 n +0000979792 00000 n +0000979958 00000 n +0000980127 00000 n +0000980295 00000 n +0000980464 00000 n +0000980631 00000 n +0000980798 00000 n +0000980967 00000 n +0000981135 00000 n +0000981304 00000 n +0000981473 00000 n +0000981642 00000 n +0000981811 00000 n +0000981980 00000 n +0000982149 00000 n +0000982318 00000 n +0000982487 00000 n +0000982655 00000 n +0000982820 00000 n +0000982989 00000 n +0000983158 00000 n +0000983327 00000 n +0000983496 00000 n +0000983665 00000 n +0000983834 00000 n +0000984003 00000 n +0000984172 00000 n +0000984341 00000 n +0000984510 00000 n +0000984679 00000 n +0000984848 00000 n +0000985017 00000 n +0000985186 00000 n +0000985355 00000 n +0000985520 00000 n +0000985689 00000 n +0000985858 00000 n +0000986027 00000 n +0000986196 00000 n +0000986365 00000 n +0000986534 00000 n +0000986703 00000 n +0000986872 00000 n +0000987041 00000 n +0000987210 00000 n +0000987379 00000 n +0000987548 00000 n +0000987717 00000 n +0000987886 00000 n +0000988050 00000 n +0000988219 00000 n +0000988388 00000 n +0000988555 00000 n +0000988723 00000 n +0000988890 00000 n +0000989059 00000 n +0000989228 00000 n +0000989397 00000 n +0000989566 00000 n +0000989735 00000 n +0000989904 00000 n +0000990073 00000 n +0000990240 00000 n +0000990409 00000 n +0000990578 00000 n +0000990733 00000 n +0000990891 00000 n +0000991051 00000 n +0000991212 00000 n +0000991372 00000 n +0000991533 00000 n +0000991693 00000 n +0000991854 00000 n +0000992013 00000 n +0000992173 00000 n +0000992334 00000 n +0000992494 00000 n +0000992655 00000 n +0000992816 00000 n +0000992977 00000 n +0000993136 00000 n +0000993297 00000 n +0000993457 00000 n +0000993618 00000 n +0000993779 00000 n +0000993939 00000 n +0000994100 00000 n +0000994260 00000 n +0000994421 00000 n +0000994581 00000 n +0000994741 00000 n +0000994902 00000 n +0000995062 00000 n +0000995223 00000 n +0000995383 00000 n +0000995544 00000 n +0000995705 00000 n +0000995865 00000 n +0000996024 00000 n +0000996185 00000 n +0000996345 00000 n +0000996506 00000 n +0000996665 00000 n +0000996825 00000 n +0000996985 00000 n +0000997146 00000 n +0000997305 00000 n +0000997465 00000 n +0000997626 00000 n +0000997787 00000 n +0000997947 00000 n +0000998108 00000 n +0000998268 00000 n +0000998429 00000 n +0000998589 00000 n +0000998750 00000 n +0000998909 00000 n +0000999070 00000 n +0000999228 00000 n +0000999438 00000 n +0000999738 00000 n +0001000010 00000 n +0001000266 00000 n +0001000547 00000 n +0001000828 00000 n +0001001089 00000 n +0001001312 00000 n +0001001572 00000 n +0001001831 00000 n +0001002099 00000 n +0001002328 00000 n +0001002550 00000 n +0001002800 00000 n +0001003030 00000 n +0001003299 00000 n +0001003574 00000 n +0001003870 00000 n +0001004110 00000 n +0001004319 00000 n +0001004549 00000 n +0001004777 00000 n +0001005028 00000 n +0001005278 00000 n +0001005471 00000 n +0001005670 00000 n +0001005924 00000 n +0001006197 00000 n +0001006419 00000 n +0001006655 00000 n +0001006874 00000 n +0001007103 00000 n +0001007360 00000 n +0001007518 00000 n +0001007701 00000 n +0001007911 00000 n +0001008122 00000 n +0001008329 00000 n +0001008530 00000 n +0001008725 00000 n +0001008902 00000 n +0001009070 00000 n +0001009238 00000 n +0001009409 00000 n +0001009583 00000 n +0001009754 00000 n +0001009907 00000 n +0001010069 00000 n +0001010244 00000 n +0001010395 00000 n +0001010550 00000 n +0001010713 00000 n +0001010873 00000 n +0001011046 00000 n +0001011215 00000 n +0001011387 00000 n +0001011556 00000 n +0001011735 00000 n +0001011924 00000 n +0001012105 00000 n +0001012274 00000 n +0001012452 00000 n +0001012627 00000 n +0001012796 00000 n +0001012965 00000 n +0001013134 00000 n +0001013306 00000 n +0001013466 00000 n +0001013642 00000 n +0001013827 00000 n +0001014011 00000 n +0001014196 00000 n +0001014380 00000 n +0001014565 00000 n +0001014749 00000 n +0001014934 00000 n +0001015117 00000 n +0001015300 00000 n +0001015482 00000 n +0001015657 00000 n +0001015834 00000 n +0001016010 00000 n +0001016187 00000 n +0001016362 00000 n +0001016537 00000 n +0001016714 00000 n +0001016890 00000 n +0001017067 00000 n +0001017243 00000 n +0001017420 00000 n +0001017596 00000 n +0001017773 00000 n +0001017949 00000 n +0001018126 00000 n +0001018306 00000 n +0001018483 00000 n +0001018584 00000 n +0001018698 00000 n +0001018812 00000 n +0001018926 00000 n +0001019039 00000 n +0001019153 00000 n +0001019267 00000 n +0001019381 00000 n +0001019495 00000 n +0001019608 00000 n +0001019722 00000 n +0001019836 00000 n +0001019949 00000 n +0001020063 00000 n +0001020177 00000 n +0001020291 00000 n +0001020405 00000 n +0001020519 00000 n +0001020633 00000 n +0001020746 00000 n +0001020860 00000 n +0001020974 00000 n +0001021088 00000 n +0001021201 00000 n +0001021315 00000 n +0001021428 00000 n +0001021542 00000 n +0001021656 00000 n +0001021770 00000 n +0001021884 00000 n +0001021998 00000 n +0001022112 00000 n +0001022226 00000 n +0001022340 00000 n +0001022454 00000 n +0001022567 00000 n +0001022681 00000 n +0001022795 00000 n +0001022909 00000 n +0001023023 00000 n +0001023136 00000 n +0001023250 00000 n +0001023364 00000 n +0001023478 00000 n +0001023592 00000 n +0001023706 00000 n +0001023820 00000 n +0001023934 00000 n +0001024045 00000 n +0001024158 00000 n +0001024272 00000 n +0001024386 00000 n +0001024500 00000 n +0001024614 00000 n +0001024728 00000 n +0001024842 00000 n +0001024956 00000 n +0001025070 00000 n +0001025184 00000 n +0001025298 00000 n +0001025412 00000 n +0001025526 00000 n +0001025640 00000 n +0001025754 00000 n +0001025868 00000 n +0001025982 00000 n +0001026096 00000 n +0001026210 00000 n +0001026324 00000 n +0001026438 00000 n +0001026551 00000 n +0001026665 00000 n +0001026779 00000 n +0001026893 00000 n +0001027007 00000 n +0001027121 00000 n +0001027235 00000 n +0001027349 00000 n +0001027463 00000 n +0001027577 00000 n +0001027691 00000 n +0001027805 00000 n +0001027919 00000 n +0001028033 00000 n +0001028146 00000 n +0001028260 00000 n +0001028374 00000 n +0001028488 00000 n +0001028602 00000 n +0001028716 00000 n +0001028830 00000 n +0001028944 00000 n +0001029058 00000 n +0001029172 00000 n +0001029286 00000 n +0001029400 00000 n +0001029514 00000 n +0001029628 00000 n +0001029742 00000 n +0001029856 00000 n +0001029970 00000 n +0001030084 00000 n +0001030198 00000 n +0001030312 00000 n +0001030425 00000 n +0001030539 00000 n +0001030653 00000 n +0001030767 00000 n +0001030879 00000 n +0001030993 00000 n +0001031107 00000 n +0001031221 00000 n +0001031335 00000 n +0001031449 00000 n +0001031560 00000 n +0001031672 00000 n +0001031784 00000 n +0001031896 00000 n +0001032008 00000 n +0001032120 00000 n +0001032232 00000 n +0001032344 00000 n +0001032455 00000 n +0001032572 00000 n +0001032696 00000 n +0001032826 00000 n +0001032956 00000 n +0001033082 00000 n +0001033203 00000 n +0001033324 00000 n +0001033443 00000 n +0001033561 00000 n +0001033678 00000 n +0001033792 00000 n +0001033908 00000 n +0001034025 00000 n +0001034142 00000 n +0001034258 00000 n +0001034374 00000 n +0001034445 00000 n +0001034559 00000 n +0001034673 00000 n +0001034787 00000 n +0001034900 00000 n +0001035014 00000 n +0001035128 00000 n +0001035242 00000 n +0001035355 00000 n +0001035469 00000 n +0001035583 00000 n +0001035697 00000 n +0001035811 00000 n +0001035925 00000 n +0001036039 00000 n +0001036153 00000 n +0001036267 00000 n +0001036381 00000 n +0001036493 00000 n +0001036606 00000 n +0001036718 00000 n +0001036835 00000 n +0001036953 00000 n +0001037068 00000 n +0001037139 00000 n +0001037253 00000 n +0001037367 00000 n +0001037479 00000 n +0001037594 00000 n +0001037691 00000 n +0001037731 00000 n +0001040666 00000 n +trailer +<< /Size 7499 +/Root 7497 0 R +/Info 7498 0 R +/ID [<815741010C0A9640014F52A1FB9D2B2B> <815741010C0A9640014F52A1FB9D2B2B>] >> +startxref +1040998 +%%EOF Index: /tags/2.5.0/docs/README =================================================================== --- /tags/2.5.0/docs/README (revision 189) +++ /tags/2.5.0/docs/README (revision 189) @@ -0,0 +1,497 @@ + +CONTENT OF THIS DOCUMENT +------------------------ + + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +++ +++ + +++ NOTE: The distribution package contains a much more detailed MANUAL +++ + +++ +++ + +++ ---- See the docs/ subdirectory ---- +++ + +++ +++ + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + - INSTALL basic install procedure + + - PGP SIGNATURES signing database and config file + + - CLIENT/SERVER how to install and use with client/server mode + for distributed host monitoring + + - STEALTH how to install and use with stealth mode enabled + + - USAGE some usage examples + + - CAVEATS what the name says + + - START AT BOOT TIME how to start the daemon during the boot sequence + + - CONFIGURE OPTIONS overview of supported options, and defaults + + - TESTING test suite (also useful to see EXAMPLES) + + + + +INSTALL: +------- + + Unpack the source with: + + gunzip -c samhain-current.tar.gz | tar xvf - + + This will drop two files in your current directory: + + samhain-{version}.tar.gz + samhain-{version}.tar.gz.asc + + To check authenticity and integrity of the source code, verify + the PGP signature on samhain-{version}.tar.gz + (public PGP key for Rainer Wichmann at http://wwwkeys.pgp.net/): + + gpg --verify samhain-{version}.tar.gz.asc samhain-{version}.tar.gz + + Then unpack samhain-{version}.tar.gz: + + gunzip -c samhain-{version}.tar.gz | tar xvf - + cd samhain-{version} + + If you have an incarnation of 'dialog' (xdialog, dialog, lxdialog) + installed, you can use the GUI install tool: + + ./Install.sh + + Otherwise use the commands: + + ./configure [options] + make + su root + make install + + At least the following executable will be built: + + +++ samhain +++ the monitoring agent, without any + client/server support (i.e. local use only) + + Additional executables will be built if you compile in client/server + and/or stealth mode (see below). + + The 'make install' target will strip the executable(s), i.e. + discard symbols. + + PATHS: + ----- + For configuring the install paths/locations, + see the MANUAL. + + + WARNING: + ------- + Some versions of gcc have a bug that generates incorrect + code if strength reducing is enabled. + If you modify the compiler flags, always use the -fno-strength-reduce + option with gcc, unless you are sure that your compiler does not + suffer from the problem (see README.gcc_bug). + Also, some gcc versions generate incorrect code unless the + -fno-omit-frame-pointer option is used. + The -fno-strength-reduce and the -fno-omit-frame-pointer options are + enabled by default by the 'configure' script. + +PGP SIGNATURES: +-------------- + By default, samhain will report on the checksums of the database + and configuration files on startup. + + You can always (clear)sign the database (once initialized) + with GnuPG, as well as the configuration file + (recommended: gpg -a --clearsign --not-dash-escaped FILE). + + However, to have samhain check these signatures, rather than ignoring + them, you need GnuPG and you must compile samhain with the option + + ./configure --with-gpg=PATH + + where PATH is the path to the gpg/pgp binary. + + Samhain will invoke gpg only after checking that + only trusted users (by default: root and the effective user) + have write access to any element in the path. + + The public key for verification must be in the keyring of the + effective user (usually root) + + For more security, it is possible to compile in the checksum + of the GnuPG executable, and/or the key fingerprint. See + the MANUAL for more details. + + The public key will be searched in the gpg home directory + (~/.gnupg/) of the effective user (usually root). + The key identification and fingerprint will be reported. + +CLIENT/SERVER: +------------- + + samhain supports logging to a central server via TCP/IP. + To enable this option, use the ./configure option + + ./configure --enable-network=client|server [more options] + + NOTE: client and server are __distict__ applications, and must be + built seperately. By default, installation names and paths are + different. Do not blame us if you abuse './configure' options to + cause name clashes, if you install both on the same host. + + The following executables are built: + + +++ samhain (client) +++ the monitoring agent, + with client code included + if --enable-network=client + + +++ yule (server) +++ the log server (no monitoring, just report + collecting !!!) + if --enable-network=server + + +++ samhain_setpwd +++ a utility program to set the password of + a monitoring agent (see man page samhain.8). + Use it without options to get help. + + + To set up a monitoring agent, do the following: + + -- select a (16-digit hexadecimal) password. To generate + a random password, you can use: + + ./yule -G + + -- use 'samhain_setpwd samhain ' + to generate an agent 'samhain.suffix' with the selected password + (you can rename the agent afterwards, of course) + + -- use 'yule -P password' to compute an entry to register the agent + + -- in the servers's configuration file, insert the computed entry + (replace HOSTNAME with the host, on which the agent will run) + in the section called [Clients] + + By default, client/server authentication + is done with the SRP (Secure Remote Password) protocol. + + It is also possible to store configuration and database files + on the server. See the manual for details. + +STEALTH: +------- + + samhain supports a 'stealth' mode of operation, meaning that + the program can be run without any obvious trace of its presence + on disk. The supplied facilities are more sophisticated than + just running the program under a different name, + and might thwart efforts using 'standard' Unix commands, + but they will not resist a search using dedicated utilities. + To enable this mode, use the ./configure option + + ./configure --enable-stealth=XOR_VAL [more options] + + XOR_VAL must be a decimal number in the range 0, 128..255 + (using 0 will have no effect). + + The runtime executable will contain no printable strings revealing + its nature or purpose (strings are xor'ed with XOR_VAL at compile + time, and decoded at runtime). + + The configuration file is expected to be + a postscript file with _uncompressed_ image data, wherein + the configuration data are hidden by steganography. + To create a suitable image file from an existing image, + you may use e.g. the ImageMagick program 'convert', such as: + + convert +compress ima.jpg ima.ps + + The following additional executable will be built: + + +++ samhain_stealth +++ steganography utility program to hide/extract + the configuration file data in/from a + postscript file with + _uncompressed_ image data. + Use it without options to get help. + + Database and log file entries are xor'ed with XOR_VAL to 'mask' + printable strings as binary data. No steganography is supported + for them, as this would require image files of unreasonable large + size. + However, if the database/log file is an existing image (say, a .jpg + file), the data will be appended to the end of the image data. + The image will display normally, and on examination of the file, + the add-on data will look like binary (image) data at first sight. + The built-in utility to verify and print log file entries + will handle this situation transparently. + + To re-name samhain to something unsuspicious, use the configure option + + ./configure --enable-install-name=NAME + + 'make install' will then re-name samhain upon installation. Also, + database, log file, and pid file will have 'samhain' replaced by + NAME. + + +USAGE EXAMPLES: +-------------- + + Review the default configuration file that comes with the + source distribution. Read the man page (samhain.8). + + initialize database: samhain -t init + + check files: samhain -t check + + run as daemon: samhain -t check -D + + report to log server: samhain -t check -D -e warn + + start the log server: yule -S + + +CAVEATS: +------- + Permissions: + ----------- + samhain needs root permissions to check some system files. + The log server does not require root permissions, unless + you use a privileged port (port number below 1024). + If you use --enable-udp to listen on the syslog socket, you need + to start the log server with root permissions (it will drop them + after binding to the port). + + Trust: + ----- + samhain checks the path to critical files (database, configuration) + for write access by untrusted users. By default, only root and + the effective user are trusted. More UIDs can be added as a + compile options (some systems habe 'bin' as owner of the root + directory). + + Integrity: + --------- + On startup, samhain will report on signatures or checksums of + database and configuration files. You better check these reports. + + Both startup and exit will be reported. If you are using samhain + as daemon and start it at boot time, you may want to check that + startup/exit corresponds with scheduled reboots. + + If the path to the samhain binary is defined in the configuration + file, samhain will checksum the binary at startup and compare + at program termination. This will minimize the time available + for an intruder to modify the binary. + + Mail address: + ------------ + For offsite mail, you may have to set a mail relay host + in the configuration file. + +START AT BOOT TIME: +------------------ + the easy way (supported on Linux, FreeBSD, HP-UX, AIX): + + su root + make install-boot + + + +CONFIGURE OPTIONS: +----------------- + + ------------------- + -- basic options -- + ------------------- + + --enable-network Compile with client/server support. + + --enable-udp Enable the server to listen on + port 514/udp (syslog). + + --enable-srp Use SRP protocol to authenticate to + log server. + + --with-gpg=PATH Use GnuPG to verify database/config. + The public key of the effective + user (in ~/.gnupg/pubring.gpg) + will be used. + + --enable-login-watch Watch for login/logout events. + + --enable-stealth=XOR_VAL Enable stealth mode, and set XOR_VAL. + XOR_VAL must be decimal in + 0..32 or 127..255 + and will be used to 'mask' literal + strings as binary data. + (0 has no effect). + + --enable-micro-stealth=XOR_VAL + As --with-stealth, but without + steganographic hidden configuration + file. + + --enable-nocl=PW Enable command line parsing ONLY if + PW is the first argument on the command + line. If PW is "" (empty string), + command line parsing is completely + disabled. + + --enable-base=BASE Set base for one-time pads. Must be + ONE string (no space) made of TWO + comma-separated integers in the range + -2147483648...2147483647. + (The default is compile time.) + Binaries compiled with different + values cannot verify the audit trail(s) + of each other. + THIS IS IMPORTANT IF YOU COMPILE + MULTIPLE TIMES, E.G. ON DIFFERENT + HOSTS. + + + ------------------- + -- paths -- + ------------------- + + ${install_name} is "samhain" by default + (see --with-install-name=NAME ) + + configuration: /etc/${install_name}rc + state data: /var/lib/${install_name} + log file: /var/log/${install_name}_log + lock/pid file: /var/run/${install_name}.pid + + mandir: /usr/local/man + bindir: /usr/local/sbin/ + + + --exec-prefix=EPREFIX Set sbindir prefix (default + is /usr/local, ie. binaries + go to /usr/local/sbin) + + --prefix=PREFIX install directory + (default is NONE) + + IF PREFIX = USR; then + + configuration: /etc/${install_name}rc + state data: /var/lib/${install_name} + log file: /var/log/${install_name}_log + lock/pid file: /var/run/${install_name}.pid + + mandir: /usr/share/man + bindir: /usr/sbin/ + + IF PREFIX = OPT; then + + configuration: /etc/opt/${install_name}rc + state data: /var/opt/${install_name}/${install_name} + log file: /var/opt/${install_name}/${install_name}_log + lock/pid file: /var/opt/${install_name}/${install_name}.pid + + mandir: /opt/${install_name}/man + bindir: /opt/${install_name}/bin/ + + IF PREFIX = (something else); then + + If EPREFIX is not set, it will be set to PREFIX. + configuration: PREFIX/etc/${install_name}rc + state data: PREFIX/var/lib/${install_name} + log file: PREFIX/var/log/${install_name}_log + lock/pid file: PREFIX/var/run/${install_name}.pid + + mandir: PREFIX/share/man + bindir: PREFIX/sbin/ + + + + --with-config-file=FILE Set path of configuration file + (default is PREFIX/etc/samhainrc) + + --with-data-file=FILE Set path of data file + (PREFIX/var/lib/samhain/samhain_file) + --with-html-file=FILE Set path of server status html file + (PREFIX/var/lib/samhain/samhain.html) + + --with-log-file=FILE Set path of log file + (PREFIX/var/log/samhain_log) + --with-pid-file=FILE Set path of lock file + (PREFIX/var/run/samhain.pid) + + ------------------- + -- other -- + ------------------- + + + --with-checksum=CHECKSUM Compile in TIGER checksum of the + gpg/pgp binary. + CHECKSUM must be the full + line output by samhain or GnuPG when + computing the checksum. + + --with-fp=FINGERPRINT Compile in public key fingerprint. + FINGERPRINT must be without spaces. + Only useful in combination with + '--with-gpg'. + If used, samhain will check the + fingerprint, but still report on the + used public key. + + --enable-identity=USER Set user when dropping root privileges + (default is the user "nobody"). + Only needed if there is no user + 'nobody' on your system + (check /etc/passwd) + + --with-port=PORT Set port number for TCP/IP + (default is 49777). + Only needed if this port is already + used by some other application. + + --with-logserver=HOST Set host address for log server + (default is NULL). + You can set this in the configuration + file as well. + + --with-timeserver=HOST Set host address for time server + (default is NULL - use own clock). + You can set this in the configuration + file as well. + + --with-sender=SENDER Set sender for e-mail + (default is daemon). + + --enable-xml-log Use XML format for log file. + + --enable-debug Enable extended debugging + + --enable-ptrace Use anti-debugging code. + + --with-trusted=UID Comma-separated list of UID's of + users that are always trusted + (default is 0 = root). + You will need this only if the + path to the config file has directories + owned neither by 'root' nor by the + (effective) user of the program. + + +TESTING: +------- + For testing compilation etc., you may use the test suite: + + ./test/test.sh n [hostname] + + The argument 'n' is the number of the test to run. Some tests require + that the (fully qualified) hostname be given as second argument. + + Without options, you will get a short help/usage message, listing + each test, its purpose, and the name of the configuration file used. + You may want to review the respective configuration file before + running a test. + + Also listed are the scripts used for each test. If you have problems + getting samhain to run, you may use these scripts as examples. + Index: /tags/2.5.0/docs/README.LZO =================================================================== --- /tags/2.5.0/docs/README.LZO (revision 189) +++ /tags/2.5.0/docs/README.LZO (revision 189) @@ -0,0 +1,136 @@ +-----BEGIN PGP SIGNED MESSAGE----- + + + ============================================================================ + miniLZO -- mini subset of the LZO real-time data compression library + ============================================================================ + + Author : Markus Franz Xaver Johannes Oberhumer + + http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html + Version : 1.06 + Date : 29-Nov-1999 + + I've created miniLZO for projects where it is inconvenient to + include (or require) the full LZO source code just because you + want to add a little bit of data compression to your application. + + miniLZO implements the LZO1X-1 compressor and both the standard and + safe LZO1X decompressor. Apart from fast compression it also useful + for situations where you want to use pre-compressed data files (which + must have been compressed with LZO1X-999). + + miniLZO consists of one C source file and two header files: + minilzo.c + minilzo.h + lzoconf.h + + To use miniLZO just copy these files into your source directory, add + minilzo.c to your Makefile and #include minilzo.h from your program. + Note: you also must distribute this file (`README.LZO') with your project. + + minilzo.o compiles to about 6 kB (using gcc or Watcom C on a i386), and + the sources are about 14 kB when packed with zip - so there's no more + excuse that your application doesn't support data compression :-) + + For more information, documentation, example programs and other support + files (like Makefiles and build scripts) please download the full LZO + package from + http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html + + Have fun, + Markus + + + P.S. minilzo.c is generated automatically from the LZO sources and + therefore functionality is completely identical + + + Appendix A: building miniLZO + ---------------------------- + miniLZO is written such a way that it should compile and run + out-of-the-box on most machines. + + If you are running on a very unusual architecture and lzo_init() fails then + you should first recompile with `-DLZO_DEBUG' to see what causes the failure. + The most probable case is something like `sizeof(char *) != sizeof(long)'. + After identifying the problem you can compile by adding some defines + like `-DSIZEOF_CHAR_P=8' to your Makefile. + + The best solution is (of course) using Autoconf - if your project uses + Autoconf anyway just add `-DMINILZO_HAVE_CONFIG_H' to your compiler + flags when compiling minilzo.c. See the LZO distribution for an example + how to set up configure.in. + + + Appendix B: list of public functions available in miniLZO + --------------------------------------------------------- + Library initialization + lzo_init() + + Compression + lzo1x_1_compress() + + Decompression + lzo1x_decompress() + lzo1x_decompress_safe() + + Checksum functions + lzo_adler32() + + Version functions + lzo_version() + lzo_version_string() + lzo_version_date() + + Portable (but slow) string functions + lzo_memcmp() + lzo_memcpy() + lzo_memmove() + lzo_memset() + + + Appendix C: suggested macros for `configure.in' when using Autoconf + ------------------------------------------------------------------- + Checks for typedefs and structures + AC_CHECK_TYPE(ptrdiff_t,long) + AC_TYPE_SIZE_T + AC_CHECK_SIZEOF(unsigned short) + AC_CHECK_SIZEOF(unsigned) + AC_CHECK_SIZEOF(unsigned long) + AC_CHECK_SIZEOF(char *) + AC_CHECK_SIZEOF(ptrdiff_t) + AC_CHECK_SIZEOF(size_t) + + Checks for compiler characteristics + AC_C_CONST + + Checks for library functions + AC_CHECK_FUNCS(memcmp memcpy memmove memset) + + + Appendix D: Copyright + --------------------- + LZO and miniLZO are Copyright (C) 1996-1999 + Markus Franz Xaver Johannes Oberhumer + + LZO and miniLZO are distributed under the terms of the GNU General + Public License (GPL). See the file COPYING. + + Special licenses for commercial and other applications which + are not willing to accept the GNU General Public License + are available by contacting the author. + + + + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.3ia +Charset: noconv + +iQCVAwUBOEK5Km10fyLu8beJAQE2oAQAovSZ1KDXJKdbfUmGHhRAoU/BdQXydYKr +tGDtC0i8EfC2cjrbJANbZq8GQM0PMZSAgyW9/BaUmRZ/d5pxpF0eBBpUp87i/ZM6 +BoPE3uu7Rwu05SSR3FRFe1lCrMDn/yHkyV9T+DUY6XaBLONdaPh7BayQ93MnCFoD +9gs3grhALsM= +=uuXN +-----END PGP SIGNATURE----- Index: /tags/2.5.0/docs/README.UPGRADE =================================================================== --- /tags/2.5.0/docs/README.UPGRADE (revision 189) +++ /tags/2.5.0/docs/README.UPGRADE (revision 189) @@ -0,0 +1,88 @@ + +to 2.4.4 and higher: it is possible now to store the full content of + small files in the baseline database. To support this feature with + logging to an RDBMS, the DB schema for Oracle needs to be adjusted + by converting the link_old, link_new columns from VARCHAR2 to CLOB: + + -- Oracle: + ALTER TABLE samhain.log ADD tmp_name CLOB; + UPDATE samhain.log SET tmp_name=link_old; + ALTER TABLE samhain.log DROP COLUMN link_old; + ALTER TABLE samhain.log RENAME COLUMN tmp_name to link_old; + + ALTER TABLE samhain.log ADD tmp_name CLOB; + UPDATE samhain.log SET tmp_name=link_new; + ALTER TABLE samhain.log DROP COLUMN link_new; + ALTER TABLE samhain.log RENAME COLUMN tmp_name to link_new; + + -- Samhain server (yule): if you are logging to the RDBMS via + the server (yule), as recommended, you need to also upgrade the + server, because earlier versions had a too restrictive limit on + the maximum length of an SQL query. + + +to 2.3.3 and higher: a bug has been fixed that resulted in an additional + slash at the beginning of the linked path of symlinks in the root + directory (symlinks in other directories were not affected) + + -- this may cause spurious warnings about modified links, if you check + against a database created with an earlier version of samhain + + + +from lower to 2.3.x: the database scheme has changed slightly. + To upgrade, use the following SQL commands in the command-line + client of your database: + + -- MySQL: + ALTER TABLE samhain.log ADD COLUMN acl_old BLOB; + ALTER TABLE samhain.log ADD COLUMN acl_new BLOB; + + -- PostgreSQL: + ALTER TABLE samhain.log ADD COLUMN acl_old TEXT; + ALTER TABLE samhain.log ADD COLUMN acl_new TEXT; + + -- Oracle: + ALTER TABLE samhain.log ADD acl_old VARCHAR2(4000); + ALTER TABLE samhain.log ADD acl_new VARCHAR2(4000); + DROP TRIGGER trigger_on_log; + + + +since 2.2.0: server-to-server relay is possible + + -- this implies that problems will arise if your server is misconfigured + to connect to itself (SetExportSeverity is explicitely set + to a threshold different from 'none', and the logserver is set to + localhost). The server may deadlock in this case. + + + +since 2.1.0: update and daemon mode can be combined + + -- this implies that '-t update' will start a daemon process if running as + daemon is the default specified in the config file. use '--foreground' + to avoid starting a daemon process + + + +from 1.7.x to 1.8.x: client/server encryption protocol has been enhanced + + -- 1.7.x clients can connect to a 1.8.x server + + -- 1.8.x clients can only connect to a 1.7.x server, if they + are built with --enable-encrypt=1 + + + +from 1.6.x to 1.7.x: things to watch out for + + -- the log server drops root privileges after startup; it needs a logfile + directory with write access for the unprivileged user now + + -- the PID file does not double as lock for the log file anymore; the + log file has its own lock now (same path, with .lock appended) + + -- by default, the HTML status page of the server is in the log directory + now; this allows to make the data directory read-only for the server + Index: /tags/2.5.0/docs/README.gcc_bug =================================================================== --- /tags/2.5.0/docs/README.gcc_bug (revision 189) +++ /tags/2.5.0/docs/README.gcc_bug (revision 189) @@ -0,0 +1,49 @@ + +GCC Compiler Bug +---------------- + +Reference: http://boudicca.tux.org/hypermail/linux-kernel/2000week05/0983.html + +From: Johan Kullstam (kullstam@ne.mediaone.net) +Date: Thu Jan 27 2000 - 18:00:28 EST + +Horst von Brand writes: + +> My question in this vein would be the -fno-strength-reduce. The gcc bug +> that placed this in the kernel was in gcc-2.7.2, and was worked around in +> 2.7.2.3 by just making this option unconditional. Both 2.2.15pre4 and +> 2.3.41pre2 at least demand gcc-2.7.2.3 as minimal version. + +just when you thought it was safe to go into the water... + +strength-reduction is broken again in gcc-2.95.2 (aka the current +release). i'm not sure about what versions actually do work. + +for fun, try this one out. cut and paste the program bug.c. + +$ gcc -O2 bug.c -o b0 +$ gcc -O2 -fno-strength-reduce bug.c -o b1 + +run b1. notice it finish immediately. +now run b0. notice how b0 never terminates (until you ^C it). + + +-- bug.c ----------------------------------------- +static void bug(int size, int tries) +{ + int i; + int num = 0; + + while (num < size) + { + for (i = 1; i < tries; i++) num++; + } +} + +int main() +{ + bug(5, 10); + return 0; +} +-- bug.c ----------------------------------------- + Index: /tags/2.5.0/docs/README.sstrip =================================================================== --- /tags/2.5.0/docs/README.sstrip (revision 189) +++ /tags/2.5.0/docs/README.sstrip (revision 189) @@ -0,0 +1,40 @@ +sstrip is a small utility that removes the contents at the end of an +ELF file that are not part of the program's memory image. + +Most ELF executables are built with both a program header table and a +section header table. However, only the former is required in order +for the OS to load, link and execute a program. sstrip attempts to +extract the ELF header, the program header table, and its contents, +leaving everything else in the bit bucket. It can only remove parts of +the file that occur at the end, after the parts to be saved. However, +this almost always includes the section header table, and occasionally +a few random sections that are not used when running a program. + +It should be noted that the GNU bfd library is (understandably) +dependent on the section header table as an index to the file's +contents. Thus, an executable file that has no section header table +cannot be used with gdb, objdump, or any other program based upon the +bfd library, at all. In fact, the program will not even recognize the +file as a valid executable. (This limitation is noted in the source +code comments for bfd, and is marked "FIXME", so this may change at +some future date. However, I would imagine that it is a pretty +low-priority item, as executables without a section header table are +rare in the extreme.) This probably also explains why strip doesn't +offer the option to do this. + +Shared library files may also have their section header table removed. +Such a library will still function; however, it will no longer be +possible for a compiler to link a new program against it. + +As an added bonus, sstrip also tries to removes trailing zero bytes +from the end of the file. (This normally cannot be done with an +executable that has a section header table.) + +sstrip is a very simplistic program. It depends upon the common +practice of putting the parts of the file that contribute to the +memory image at the front, and the remaining material at the end. This +permits it to discard the latter material without affecting file +offsets and memory addresses in what remains. However, the ELF +standard permits files to be organized in almost any order. So +although this procedure usually works in practice, it is not meant to +be taken too seriously. Index: /tags/2.5.0/docs/README.win2K =================================================================== --- /tags/2.5.0/docs/README.win2K (revision 189) +++ /tags/2.5.0/docs/README.win2K (revision 189) @@ -0,0 +1,36 @@ + +Using SAMHAIN on Win2K +---------------------- + +samhain builds and runs on Win2K (and maybe other M$ products) with +the (free, GPL) Cygwin environment. +Fabio Paracchini writes: + +(UPDATE: note that some configure options have changed since this has been + written. Check the manual and/or run './configure --help' for + available options.) + + The configuration I'm testing now is a server on OpenBSD 2.8 and a client on + W2K, using the latest Cygwin. I was able to compile the client on a W2K + Cygwin development machine using those configuration flags: + + --enable-static + --enable-network + --with-tmp-dir=/tmp + --with-data-file=REQ_FROM_SERVER/samhain.db + --with-config-file=REQ_FROM_SERVER/etc/samhainrc + --with-logserver=x.x.x.x + --with-lock-file=/cygdrive/c/samhain.lck + --with-log-file=/cygdrive/c/samhain.log + + I was able to successfully compile and sign the executable, upload to the + production server with the cygwin1.dll in the same directory and run both + samhain -t init and samhain -t check. + + If you need a stealthy configuration you could change lock & log file to + something more obscure, only pay attention that in Cygwin if you need to + access drive C: you have to prefix your path with /cygdrive/c. + + The configuration is kept on the server where Yule runs; I registered the + client and I'm in the process of tuning the exceptions for the files + modified by Windows. Index: /tags/2.5.0/docs/TODO =================================================================== --- /tags/2.5.0/docs/TODO (revision 189) +++ /tags/2.5.0/docs/TODO (revision 189) @@ -0,0 +1,7 @@ +gcc -g -DDNMALLOC_DEBUG=1 -DUSE_MALLOC_LOCK=1 -Wall -O2 -o dnmalloc-1.0.beta5-rw.o -c src/dnmalloc-1.0.beta5-rw.c + +gcc -g -Wall -O2 -o t-test.o -c src/t-test1.c +gcc -g -DUSE_MALLOC_LOCK=1 -Wall -O2 -o dnmalloc-1.0.beta5-rw.o -c src/dnmalloc-1.0.beta5-rw.c +gcc -g -lpthread -o t-test t-test.o dnmalloc-1.0.beta5-rw.o +./t-test + Index: /tags/2.5.0/docs/sh_mounts.txt =================================================================== --- /tags/2.5.0/docs/sh_mounts.txt (revision 189) +++ /tags/2.5.0/docs/sh_mounts.txt (revision 189) @@ -0,0 +1,59 @@ +Documentation for sh_mounts, the samhain "Mounts" module. +--------------------------------------------------------- +sh_mounts implements functionality we had in a policy-checking Perl script we +have here at eircom; basically, all it does is ensure that certain mounts are +there (for example, /, /tmp, /var, /usr, /home) and that certain options are +specified on those mounts (for example noexec,nosuid on /tmp). + +All quite simple. It wouldn't be too hard to extend this module somewhat, to +report any NFS mounts found, for example, or to test that _only_ the mounts +specified are mounted on the machine. + +Here's a bit for the manual: + + + +Checking mounted filesystem policies +------------------------------------ +samhain can be compiled to check if certain filesystems are mounted, and if they +are mounted with the appropriate options. This module currently supports Linux, +Solaris and FreeBSD. The configuration of the module is done in the Mounts +section of the configuration file: + +-------->8--------- + +[Mounts] +# +# Activate (0 is off). +# +MountCheckActive=1 + +# +# Interval between checks. +# +MountCheckInterval=7200 + +# +# Logging severities. We have two checks: to see if a mount is there, and to +# see if it is mounted with the correct options. +# +SeverityMountMissing=warn +SeverityOptionMissing=warn + +# +# Mounts to check for, followed by lists of options to check on them. +# +checkmount=/ +checkmount=/var +checkmount=/usr +checkmount=/tmp noexec,nosuid,nodev +checkmount=/home noexec,nosuid,nodev + +-------->8--------- + + + +The module is enabled as part of the compilation of samhain by specifying +--enable-mounts-check + +This module by the eircom.net Computer Incident Response Team Index: /tags/2.5.0/docs/sh_userfiles.txt =================================================================== --- /tags/2.5.0/docs/sh_userfiles.txt (revision 189) +++ /tags/2.5.0/docs/sh_userfiles.txt (revision 189) @@ -0,0 +1,39 @@ +Checking sensitive files owned by users. +------------------------------------ +samhain can be compiled to support checking of files that are specified +as being relative to the a user's home directory. It is intended to +detect interference with files that influence process behaviour such as +.profile +It simply adds the appropriate file entries to the main samhain list, at +the specified alerting level. + + +-------->8--------- + +[UserFiles] +# +# Activate (0 is off). +# +UserfilesActive=1 + +# +# Files to check for under each $HOME +# A specific level can be specified. +# The allowed values are: +# allignore +# attributes +# logfiles +# loggrow +# noignore +# readonly +# user0 +# user1 +# +#Ê The default is noignore +UserfilesName=.login noignore +UserfilesName=.profile readonly +UserfilesName=.ssh/authorized_keys + +-------->8--------- + +This module by the eircom.net Computer Incident Response Team. Index: /tags/2.5.0/dsys/0F571F6C.asc =================================================================== --- /tags/2.5.0/dsys/0F571F6C.asc (revision 189) +++ /tags/2.5.0/dsys/0F571F6C.asc (revision 189) @@ -0,0 +1,183 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.2.1 (GNU/Linux) + +mQGiBDgcfd0RBADvXitAL1gCXw1yOJsPWJdU6wbgqMWqfMbkFGRiLZut/rwbN3x/ +ch8sF+hptcQGH4Hhe25+1WkSO1KO81j6ZQZqhYNHogE3IFsv1TK7vX0r81ZRjinM +koQ69kWw+elp1vcLCwHzHDB8MhV3eI3jpQcGgpsRVq4uEumyGfI1v6AUfwCg+RIj +aGtvyxFH2UsSUVNaM/008v8D/R56I6qLcixxuWrHUhZBNaiQ0I70PWo92uLHwSvF +dnSnkpUc4BvTeq4PVuId6e3LdeonG4OW8jWFK0/9OE+ubuZYJdOmuv+3BzPOktZy +9Cf8QwHpUvQ/c9S5MrIOsFdQAOj6rQvlA7OmnidyW4+MA3IYp8bwq5dx6sHcAy7o +0RBSBADpf5eWfni8Awfcwq7yyGgJFhAAgkoDKAHBj4OepVKhcnCe8+78VpqWtZ9p +e45AL/5nhl6CceWWZfCYXgv2Zm8CUnUwxb6XKuGOGJagtRT9d0fQFeEXFlSPE5HA +JCXkhbcQpZq1YzyjKMeExBfM5w4XaEhfQ652pjXQieyWETjd17QtUmFpbmVyIFdp +Y2htYW5uIDxyd2ljaG1hbm5AaHMudW5pLWhhbWJ1cmcuZGU+iFUEExECABUFAjgc +fd0DCwoDAxUDAgMWAgECF4AACgkQGq0myA9XH2y7FwCdEIZRr4gI9vlS7DgcS8mY +FjveBncAoLiNO3tE00J4r6LEWm4IpYYUiRUFiQEcBBMBAgAGBQI+UjZjAAoJEAbp +c/N5kkHBNjwH/138Qk7NcZT2ar5t4MOyaHM7gaIOaywZHXaGEx7wrvpmD3ImoerE +psp19+JqOfzhgpGI8Z37nh+HR5vIYERrMrIBLoHMwyNkJxqRiqNVfZ3AxpZWvKTl +AJlwIvPGF6FfR2f05Lvaw06UoOLpIjmzb8rXQ6bvbqSXtgUEU+pmwfjQOPidwNjW +ovUTkCpv2LWQxwapYgOZilne+7Zad+nf/asCGfqL9V9WIblrwoFkSlP13UwF4j5f +m7iTM9ZAXFUUFvarN2Mz0RP4+58rceb6bRM+agL+dpd5AqgwBgtGYmeO/G4/E/WY +PYBLTh+ZbupmvykgdnKR0E0w72KXnLg11M2JARwEEwECAAYFAj5SNakACgkQBz/7 +hK/ULUUktggAgbbW4uM9B8jQeavzdMmV3WiF2owqr1MiS+oiWKBK3U6O0xJP5G9Q +h5Zj80NEdopDV0G8z1KOFn4v4SMlzSjvq6938end+zvgaPGEGaE94iHp5aI6TMhF +ezmbM2MfNphfn2yxmzQefEj8VaJbi+du4n1YmnkMJDkpw+6927/99Sj3A0jNvUxC +B5YM9K/t6xI89qlKZlCDHjgEHARAxNWRyE5YSqRkXWgxcHPKkF1oKifD4/eNyQw2 +OZnRTFRsk28uEJTysnjsiIUbP13LR6m1VfZQrEpk0RjnlGKVRwy42WWDnOsCXOnM +Sy2+a9gYa+ayCGI+NTuUUecvZ7VVxKCHIYhGBBMRAgAGBQI+UjYnAAoJEA86uzhI +KF65WpIAn0p+PQe7WaHp15qul2E7AoDD7uuzAJ486FDSWZi92crLJNPnyPi9HXbi +DIhGBBMRAgAGBQI+S5Q1AAoJEBwB7TX3s/Rm2QcAn2zwg7uup1JMGqTxSaQ+sjWR +0vEqAJ9xvhAZMOrk51/6T7Oq/DzaZGwT3IhGBBARAgAGBQI4XqDdAAoJEB3kOh0g +CZVMC8cAn04Ph20EZH5vbPvVQN9+KdketxyHAKCIhQvT2DiNsadeI7fQwRssLn7a +xohGBBMRAgAGBQI+S5NzAAoJEG48dKkHK3yJ8/YAnRTCT5OhC9jPOxL26UKTF/YT +t46kAJ9WI3vfQrbKgu32s6E5UTgQS/U4hokBHAQTAQIABgUCPlIpcQAKCRB4oTZL +RAPrMfOcCACxIuPyBAxDIDvP3xWzMdlN4AhLIQ1myMHlwA7X90RVKW+saR+gU3QI +hBVahKfC7OEXhH/dCft1c64Vy3lZT5vl9W6m0ZukdVSKTVKZYaRk+iGej3+zzD8W +CzwDvMvkDGa1/VuOZDvx3byj866/L3Y4n8Qa+66KkqNG3sMgjOfMoxGTvZuxL3Zz +YdQWUovd9KcmOl7etDB8rhkz4cBPxXxcIbDhDPJNgDoViby4Bgs1nmfvhPq+RNvK +fKysRo9XYWfTRjwqicSMhSTRdgMS1GHCMY3U183p+njorU9gxvxmZhxzop41vwh2 +ps6CVpUo9u+fpiDkfWeZIBzdl6+pz8TkiQEcBBMBAgAGBQI+S5OYAAoJEH641Vr2 +yhx/sVIH/3MXz2dFzTze2eM9jj8DMJhM6wsuXIxKnGxl7Vd0i/T3jlh+UAQBueHz +KtsmyE7xZ8OnoBfC9U4+ypyuKdnd0oULOTChDpY2a0Dv4gp4HZGoO3BR1qcf7LFy +3Ibn37siiJ4WmvgqPx9v1sFZAr+rKeSqhxnD7+GosbyD7qNQTATsorAMgYAdWCAC +MsnLdP0K7yTW3X4JGgnRNjVJbYkFVC/j3qedT/Or0iUDDZdzID+vxxlwxa8Y+UTS +wR75IPJEw7UObjQMdUixwUsb04rCI5CtPvMdO7nSvC1RvfP5TTSY5Ypu7bO6ArMT +iYQfWhz2YCE/ikB8jeT6OovpqXiSKFaInAQTAQIABgUCPkuS/gAKCRCMWj5dyq7Z +nSSwBAC2Zbo6lkfoq+ZPYj4hXs+C83aaVwEDEY4MqcEONPlt5tno6Tipt1aE7utf +aCT2az5qLcns4cb+UckchEfcqmJc3+YTX97h6Iz55OsFYIXtUkYyys7Q3VmSqDZg +Xz2N3YGBR0ttRk/qTNd3BoIWzdlqaLFfkFf5EgdIO5UIB8KPLYkBHAQQAQIABgUC +PnHPRAAKCRB7Id4BrmYkJQOVCACpVqEZXDSU/LA1B1y7OtbQvuLOBqkKYvJ6QY+b +SUnQA4pIWm1tZuGXckuo7Th/2zUqu+Jthso6zNRzz+FXIPOamHVRqxjbihPCsLA7 +1MfVax7shaXswrHbKDt4Ou9834+KY2/G7XFdym2IezSeOrmsSicgQNsqdOIlmgMX +YaG/4ddRvbB4V5PomPCz+tKDALXrkRoiS2akyfMgwsMOo9xfXA6j6bHJwHjar6eD +ZiWcG24KXbiRYsyXw8v/piuG6rer7VuTFuaJwEAUvZYxAvFtISmxDAysHKwHXK1g +ijK3Dh0JSkZrEH3LofAzRtcw+MQUkiD5sBDJ0E6QOr9bk14FiEYEEBECAAYFAj5x +0GwACgkQhfcxbPQmVn3FQACg1wSQt5mdfpwN74PFs6SVpoQ3kFMAoNJORjgHXFyF +Gc+2DXq1KFXEUKAtiQEcBBMBAgAGBQI+cc0RAAoJEO67Mb58Bv0ljgYH/RVSwmd+ +BufOXhZNfozT8p2M6xVgsEQ1nzdHtAVo+tr00xyHHwLQj1phDXSZtK1iRvLY6GXg +Dp0VAGjkjUilR8adfT7uvgu9br32zCx7EZkAOQXp51tPWnD4JDcWB0adJEWwfVo9 ++abC/84/Xy0c+IOdNLEePLxlYlezynXTCEgTXMeeROKOQMog/vB8obNi3rYjUKC/ +eypJCuMtmnLKhHhbezvJMy+N10iWajpOYInQLP+uee48/ytmbnb+8klx8j3rJ1Ew +r4KU+7ewm2eHPzJl1xCbuqePoxciptgtjdwtmGQH+VHDPRAcF+FfoNtF1Fc1p6+8 +7qznfNJoLHWsde+JARwEEwECAAYFAj5xzSAACgkQKBTThimyUAFD9gf/RUY5fwxN +Qv2N2bnSqmisUEx8XrOGGmzPNKvL1TdIwcc+votQ98nOBEv6De17+HD/jPVD3ReS +71sB1gI5/Duni5h8nx2L2siQxOqNE2YI2oSn8f4ign91ruFSEwPR+nFUDtbuMk4C +0df16i7asVXiKq3GW7Tv20iXnTvjQZCVSFtXxU00pdtmf0FpRSPp7YonQMLv6vCH +iZ6j74kkn4+EwroXmWF5nb9/HZOJiZnTv6+vGpFYiI/gAGkOA4SBipUWm2B2E4AV +MTo2MeXe+/wbirL43PDiG2kbeet7KH5M+/BTceUjl0alIFeZizYaluvouWo7NahA +MLz89pUD25hpl4hGBBIRAgAGBQI+dJKeAAoJEI47c57dK8ydsAoAmwXDmPsbM0Ao +0VkY1q8anK5lhJMqAKDQOIimB3yzFt7koY9MUgFgHX77rYhGBBARAgAGBQI+hde4 +AAoJEHFOxoebS5syXOMAn3xCJVsb0IRb42q25sLpHVXvc8+TAJ9Q3RBxdagtPVPx +m58Uf4bhGLuBdohGBBMRAgAGBQI+iDOzAAoJEJJVvZ/mhE25CQYAn0j2H3sUfjao +iTML5QF057ZfwzwoAKDBulEh0SChQQ2KbHdlpAVP+Io+U4g/AwUQPtSY59vSRfyz +sqEsEQIDSQCfVPYWXSS2qbCI0BZm1jNI/D3WndIAoLmDomrFc+B+9Hp6id8B8kxy +/IRdiEYEEBECAAYFAj74SAgACgkQ36XkltcZWyKb6ACg6XOdq03pvSlA0AqBZLQV +wmeItVcAnRpHJt7znvfrxPpI4vfnkRR1Lt/yiEYEExECAAYFAj+f3koACgkQxcDF +xyGNGNeCuwCfRP034939xTTTLWp+hQUE/O6NfbIAoJ7IbYA3YQmfDQukotNGypzH +uo1aiEYEExECAAYFAkBbXgcACgkQ01u8mbx9Agqs9QCfTRKAxpfPhFz0kL2cODz6 +Eo/TbMUAoIyztog7I3BTwu22eTPv6pXUTQEliEYEExECAAYFAkBbJ/0ACgkQSvFU +KpY6VLBbHwCdHlFGr+t5aNg9SWqFfLs2N38awXkAoIW0bSz0MOPCkUHtY1o+wfjo +J+DPiEYEExECAAYFAkBqj9AACgkQECqmVFXwdrOgIgCeNTva96TnQPlkIcpRE2hs +oHITahAAoIEk77c6+Cr9CsS46WGvf1ePJW0yiEYEExECAAYFAkBytVYACgkQGyfX +UvpJphr6dwCgkB330qWc6xjgounXSXbCvR7Dry4An3MzbcU/YS/OH7IBZMopWJbo +Vr6KiEYEExECAAYFAkByunAACgkQA5e1oKh+NRxEmgCbBOyZmLeti3aysxi6yYEz +JRkBGe4AmgPMOK8nxNjqa2KTrvsdH+XJSnGOiEYEExECAAYFAkB0A6AACgkQzAoJ +I8gDfT8aMgCcCqTKT9sTVsk6UYIvYB6aBbmQIvYAn1gYeX6HTIo4+CfPC2c6bc80 +iO+ViEYEExECAAYFAkB0ZUsACgkQr/RnCw96jQEetgCgnJatrM9Co+6JunHUl58L +PswEAdAAoIFqNka9tvPrk8ZOJkfxJJEujrIgiEYEEBECAAYFAkCKrbQACgkQ9yNf +So1Tr57J0wCfdZB/pGW/wyjHP2rpEQ/xV8bc/94AoKnbj0KC+glYM3pDOwjKbEZH +/WAfiEYEEhECAAYFAkBzpsUACgkQ78vN/2HwW4wcDwCfYPlVzDJ0jfI+mMR+tHP8 +n6Guj98An252IGC/eIB1I4nCi5TqqeVEvIeZtChSYWluZXIgV2ljaG1hbm4gPHJ3 +aWNobWFubkBsYS1zYW1obmEuZGU+iFYEExECABYFAjoDPmkECwoEAwMVAwIDFgIB +AheAAAoJEBqtJsgPVx9sNHAAoOPNgUXL+qRFyHU8wyDEeOHWALErAJoD2eIs0r7R +4UH+q+3J+v2EDbrHQYkBHAQTAQIABgUCPlI2awAKCRAG6XPzeZJBwcA2B/4sQlDm +NMykYdYPY/MZ2b/O6S/2rZts+W3htjMEMvSzTM96koCJEpJCaHbmMehqZGUh/V97 +oj4+rTfeKtKQBSVaBU2Bj8Zy2YjlqBUs2ShilVMR14RSOgmKr8FSvJVSegWf62T+ +yFisLZdhQMTImSkKMB2oWkZPS9Su9dtk7j9gfHKwPIx3O8MCNf2dnaksHCpUMa3o +AcXBZprMYE31zbrre2pi9E1jRFyq2zr0Ywkw1/LO4GUi3Zstg1gffLEku+ZpIBaw +NH+WO+kkfoNmS03Ffxoo+Y5LLXAkm/dfn/KsbVy/WKHCiXfhWnyAxGxZhUAcgMwW +VFcN53kQ1Twq8S3HiQEcBBMBAgAGBQI+UjWwAAoJEAc/+4Sv1C1FzQUH/j03htOj +wiBSi/S3KcRCjrX9gem3RwCVTVbOKoGhAuA2cd45ZlT3E1ivvPAg2MzNzGQt1Fai +CsQ/3Xy/1JzfnwVijHGXDZFrV7/ZClA4sj/bO36KNSoVNHeE7n1dsrfd1N2s9WgT +JkB/LdRCcTqiUubxy+pWghdAEpSOAO/KacxhZ9Bbf1cjOcWJBbMWZSMLBTddUCcx +cxzi3hpIfNOjwuZwYWlIe7KLI6YdjrdNUQZHPBTivTiZMzQ2kc7jPoSS/h5s9cvo +hLa/9QqARih0V+ilTl8RFwYuPFWvIy4aTCSHWkzYO110KiLhz54Z1P0z5nWe/IfS +XJRFgrAd2xKkpd+IRgQTEQIABgUCPlI2TwAKCRAPOrs4SCheuVwuAJ9q/3m2ZuG/ +RpbNISA1zTi1239CbwCghqx5M2MClODQ4YRF+I/be6j8ub+IRQQTEQIABgUCPkuU +OgAKCRAcAe0197P0Zp3gAJjpxPKU0GFcYhaE/ED/jI+h65HKAJwOwYPmGuU4dR3I +nN+iHBnqY/9s2ohGBBMRAgAGBQI+S5N5AAoJEG48dKkHK3yJd5sAnjIKbVSpWM6v +aEYdrWKF55rlXwo1AJ99RNP00MRpBa7IiVcXBR3KOurRsIkBHAQTAQIABgUCPlIp +eAAKCRB4oTZLRAPrMUAfCADAz95sXsxdUYAS+jejVuf1EYA+5TEgSIi5uhSOlgdu +WyUAzGuWSplc6kjoqwysUmnwthJON5Y4DSIes5YsDs93k+X0bZxDkzghqiFU5LWE +266bN7MvWmYXh7DfAz3V262dqa2IvvxSHtxmiYLPn5mZ2pLsXnWYTZUBZ4BSdArB +t0pfHOOjZaixqfK7DYzyripm9259552aYOrmso8lSnAq2a+ekD9tQ9e2m8gkPbei +5sF1kawoYkyedEr+r4j0h1Sf24LVJinLPnavtDGUynt+v0NobzqBUHgI5lnSmlDt +WWUU23YvAko73aJwlW1cDkRfcsR+TdA+IiECbFcipOd1iQEcBBMBAgAGBQI+S5Op +AAoJEH641Vr2yhx/sN0H/1kWbhVnnkqC1LvOdqP9bx7S3UDUkQw0xEf1DC2lUALV +zioDt9PvarRh47bcaUis+x/9k9AYsPFDhBiYPYek6VcxT86LPVUKz/gELOmHNcAq +3aUl35NKC97JVxYqMix1+hS8UY+m5zezSDdLAz1G8UKZ1d6tx3daikOPzKmpIY50 +wMBdA3jITr6J4eWZ/ptfL0GDdlXFOVKFURMIn6t5AAjKdqQHYySxhuWn+S3QQxDz +Ulv9vAUW4VS+6lzWB1thmRxwawbfJ+05kO/hGD+alWiJxyW/PXRwEiqdVzAIIocM +mHmGtEIONcNyRdjIsDIyZTMavFJOE0hMHftp8a7vbTuInAQTAQIABgUCPkuTAwAK +CRCMWj5dyq7ZncE6A/9tzn5ZST0cgPqQEywAcTeQeja7Qxxl7/CJ3gHqnK8eZu2D +MmSINdRgPjDknn9hWhKu2aDjfhl/a/sIbD8cHtvWza0Z9a12tZZ5+kDOand/U3rn +RLRUO8MnhLxHif5vEtQvC54jxmpOl05J2o5QT0pFs9BHW3tDGlR4CWPrwUC2W4kB +HAQQAQIABgUCPnHPTAAKCRB7Id4BrmYkJaWCB/41LdB1IdcPLraASItBLqfKb46+ +fOoU1teYrM3J7zE5r1z79Mu7slT5JRP3i5iD+TjbqDI4LitZ2lrbmGTI/uQ0R9T8 +PBWcs+SBroVCDziCO2nTVQldvqtmXCx0Rpu8iZacKotEz9nVQxouUiskgNn/v0p2 +Ng1gUK5g3CripcYXUpkEpmYkyTYAbokeeKsF3cCe9czVT9l/nB/OJIus31eKa8x0 +9+1EMdu/GJIxa/tDQh7vkNKSP09qtKrCsSxzpfmwIj1PBTT8oDkBkheuTaKTTWPE +0jWP3aNMTHZUkLpRVNf1htus7utSm1O+W6hTYQLL0OPMylBTWZ33vN2Nb0fliEYE +EBECAAYFAj5x0HIACgkQhfcxbPQmVn3c8ACgyIVKF4Fjl2vCc3VgAcPvNZ8p5lYA +nj2/t1pja5FPd89R7I1ZS4Ctb12uiQEcBBMBAgAGBQI+cc0VAAoJEO67Mb58Bv0l +t48IAIWzONERcs+QPNZ3NbMU3Um5s43XxZcql6mOIc0I7eBLl/bn+UTh4F5PuAbh +mgTkVR5l9KF1PKswHfbzYxDSGTYqSXOCXRnbU4sByoSaV6xlGJAM9ivi/vEom6uE +v6pQEZslNDNt4IfYx35+8WLhjXb7OM0HF5ZqpLqXF5BGAYGx9vDKs4SEo5HNslTT +q1JgDMJNXKVyQxOAewICq+VaqbztwGf8nhcNz5Di4G5IbKi6BKOvlkPt4TkRsppJ +Gq+1rAM6Fh34FqaKshuubOuoZwXKrmMHGEYgoE7XLXW5998GmE4dZh8fO7iaPjH4 +3f/qcmn5joko+HQw9visZymSxgiJARwEEwECAAYFAj5xzSQACgkQKBTThimyUAFv +NQgAthIAnR7+dtVcrH51R4J+8Li30yi04E0VGLhJ6KnGCpzv8eSp2HMiaRe1JAss +Zy7S+dpcL6MDjcYR6HaNP49V9RtTfiARFgZWQ6SD5nOdmMe3Nb6kmfYnZO3YHwiW +NXtncNHHnvSS1bDM5o3hitEPHvnQbOB/k6BpilsKzPl/bvRa8hT1/b4hQjhmv5Hf +LxI6suLyOqz6ESWL2enFXTmthOOAan0yLkhLNvIsHZue3Kd7OP7+7uzmCF+mEIL7 +eL9EheCa+4hWUEltdEdBtX5kcgJdTJQZZCuyz7aZ1JSZwr0G+4x6K5J9WAzI7BzI +TD0rZ0LSOilyuDTYQChRDJPe8ohGBBIRAgAGBQI+dJKhAAoJEI47c57dK8ydmcAA +oJa36CvpFHhq9VH0BRAgk6whGRFpAJ9J+VP1AmA3tjmzV3R7Ls5TMJRs4YhGBBAR +AgAGBQI+hyNZAAoJEHFOxoebS5syxQEAn0XqPZdIJqSzqFq7ElQMK7khAxuwAKCA +qlcHbWvhqxN7mAmC/wfYebKbZ4hGBBMRAgAGBQI+iDO2AAoJEJJVvZ/mhE25bioA +ni6Vz0lqdlCdJG9KpeWUGtPcwUFDAJ9281Qpt6+9PW5TJOrcBO7OJW8UIokBHAQT +AQIABgUCPsoYKQAKCRAcU5jLRuk3pDzVB/wP5SA6Dq168ItTQoOhNmx4k4sm5sJP +bbPPFOKjYhPjnBKSNmU2l+Z4lNrI9BxEhTwGCc3NpTV8E7G5I6PtWaeTgFgdd2B/ +eZCSui82yQmBOh/CFk5WW8deB4Bd4MDCCjhx2nZz7ivB0Dv9FlMyLqChjARrJQGD +u2XfAvYyXhW+4UNOPI0D/SkJgeCRoVQi8ASbgt6SlHn7wkdvrDltJy1CfbqiYBr3 +Y5TG4JaGceW8vfMCEdbw21MxPK/nP08J7ES5oMRcFHCA82+TvuCOErOnq/naPqHC +vjpbpLqYl5qtv8cN7kV/eb/sAXBL41AM0bQoM/KY7Bv/Qldk0R7w/4XmiD8DBRA+ +1Jj029JF/LOyoSwRAmdiAJ4iGUh4PlFl2QLC2HBdOk+gnZdFSQCeOTZ5bFIRg0YU +OCpuvgkifys5L2mIRgQQEQIABgUCPvhICgAKCRDfpeSW1xlbIibpAKCfTI1e8MXw +BbGPVPYGPEWfF5Dl2wCffBaai8FxqWhzHRek00rxLgEqCfiIRgQSEQIABgUCP51G +YwAKCRAdqzxE2iYyGBerAJ9utXaBGuKbOLW1N3EAFVPUsMl1pwCeJWmBUvaZ6Z18 +UitAdRn+c3tcEE2IRgQTEQIABgUCP5/eRgAKCRDFwMXHIY0Y17qSAKCoOhCWYphZ +tuwgAiglspzyXyUPGgCg0Fjhhq8KfNQujv5LJEKgP5EUrv6IRgQTEQIABgUCQFsn ++QAKCRBK8VQqljpUsEajAKCRBtUxFnh+w5YdYU971cbT54sQQACfVg1gozhfClAw +XhPGML85ne/WatuIRgQTEQIABgUCQFteAwAKCRDTW7yZvH0CCn+BAJ4959iKUXvk +dYpmtNKZyulsCGj9ygCgxA8Qo/1WffxrWeCnL9jK106qkMuIRgQTEQIABgUCQGqP +yAAKCRAQKqZUVfB2s5CAAKCYZGG8v9mlYwGZd62fLcuqh28kvgCcCzpEb0xQaoTV +Y1LdcKlnrQyLg9qIRgQTEQIABgUCQHK1UwAKCRAbJ9dS+kmmGjF1AKCdX/0pvL7J +Q9QIpk37clvuTjdk9ACfW5CPmsBTo4QebFLvrXjPA2BS2OyIRgQTEQIABgUCQHK6 +ZgAKCRADl7WgqH41HMhvAKCHhiRvXGhAd7DS5nvCURhUde6/QgCfZQgEtHFSLhpj +KacnyMkg6xF2dSeIRgQTEQIABgUCQHQDnQAKCRDMCgkjyAN9P+W9AJ9OQZ3++gB1 +KDNRxmsj/W/KHLQ2SQCdHUEhkuCKURe7upjXUOhExaIKTdKIRgQTEQIABgUCQHRl +RwAKCRCv9GcLD3qNAWt5AJ9t8EbD+ZoZP6ZcJRIH0byTXSvaIACgtcC7OUBQayGD +eKpkyyTpUTTJFpyIRgQQEQIABgUCQIqtrgAKCRD3I19KjVOvnhkdAKCLJygVD/kJ +lQWaJkxgU5ykneSklQCeN8508dGDEY0gmq+uJPtdgDCusy6IRgQSEQIABgUCQHOm +twAKCRDvy83/YfBbjGClAJ9kF+WHOy0ctth6wvisP04IH8YCBwCeLYt5p8KLLZ9v +T/+kn5KNrNmZJay5AQ0EOBx96RAEAMnQiAMYTglVoIciiw5l0YIuE/Uh4KSPhf1X +TY4CqZrjpv56QSlhndyM5Q9vhC/bpnzMCl4A1YCb2MPMO5QYD1URI13KkG7HX6hz +eW/ANfs/DJ6o1odOu3deSIzgb/TEqLV6rr7IcY/hkn3IuAiBCrMR/3kKx5AkyKOQ +ZNsd40sHAAMFA/4jrzq9HoWmeEFG25U7s43NvoDFtrlt8IaS/BVdVCx599yT+BPT +RmwRfpkV7TAKghgXp0SKYgo1Bp6tdyymTiZ8Ly14CUiuPYBOBifjsFoeVXWj1arW +FmmQWd4d59scGoITMh39f0XTxpgGjVVxNbdqSMS+khzP5acQ27DsFMbtMIhGBBgR +AgAGBQI4HH3pAAoJEBqtJsgPVx9stTUAnikTmI5ST+k6VhT2gltex+sDmr6NAJoC +qkfo4qjAQCyqTx5Eg3NKuxafqQ== +=jITK +-----END PGP PUBLIC KEY BLOCK----- Index: /tags/2.5.0/dsys/comBUILD =================================================================== --- /tags/2.5.0/dsys/comBUILD (revision 189) +++ /tags/2.5.0/dsys/comBUILD (revision 189) @@ -0,0 +1,253 @@ +######################################################################### +# +# Subroutine for the 'build' command +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +commandBUILD() { + printINFO "About to run \"$action\"" + + if test -d "${basedir}/archpkg/${arch}" + then + : + else + if test -d "${basedir}/archpkg" + then + if test x"$simulate" = x0 + then + mkdir "${basedir}/archpkg/${arch}" + else + printINFO "mkdir ${basedir}/archpkg/${arch}" + fi + else + if test x"$simulate" = x0 + then + mkdir "${basedir}/archpkg" && mkdir "${basedir}/archpkg/${arch}" + else + printINFO "mkdir ${basedir}/archpkg && mkdir ${basedir}/archpkg/${arch}" + fi + fi + fi + + if test -f "${basedir}/configs/${arch}.configure" + then + : + else + printFATAL "Configure options file ${basedir}/configs/${arch}.configure not found." + fi + + local_test=`cat "${basedir}/configs/${arch}.configure" | tr -d '\n' | egrep "^ *'?--with-logserver=FQDN_MISSING"` + if test x"${local_test}" = x + then + : + else + printFATAL "Your configuration file has a bad --with-logserver option." + fi + + if test x"$bd_packed" = x + then + printINFO "Building version: ${src_version}, host: ${host}, os: ${arch}, format: ${format}" + else + printINFO "Building version: ${src_version}, host: ${host}, os: ${arch}, format: ${format}, packed: password=${bd_packed}" + fi + + tmpdir=`eval echo "/tmp/sh_${src_version}_${arch}_${format}_$$"` + + #--------------------------------------------------------------------- + # Create temporary build directory on build host. + #--------------------------------------------------------------------- + if test x"$simulate" = x0 + then + ssh -x -l "${bd_user}" "${host}" '(umask 0077; mkdir "'${tmpdir}'")' + else + printINFO "ssh -x -l ${bd_user} ${host} (umask 0077; mkdir ${tmpdir})" + fi + if test x"$?" != x0 + then + printFATAL "Could not create temporary build directory on host ${host}." + else + printLOG "Build directory ${tmpdir} created on host ${host}" + fi + + #--------------------------------------------------------------------- + # Copy source tarball to build host. + #--------------------------------------------------------------------- + if test x"$simulate" = x0 + then + rm -f "${basedir}/tmp/samhain-${src_version}.tar" + gunzip -c "${basedir}/source/samhain-${src_version}.tar.gz" > "${basedir}/tmp/samhain-${src_version}.tar" + else + printINFO "rm -f ${basedir}/tmp/samhain-${src_version}.tar" + printINFO "gunzip -c ${basedir}/source/samhain-${src_version}.tar.gz > ${basedir}/tmp/samhain-${src_version}.tar" + fi + if test x"$?" != x0 + then + printFATAL "Could not gunzip source to ${basedir}/tmp/samhain-${src_version}.tar." + fi + + if test x"$simulate" = x0 + then + if test x"$silent" = x0 + then + scp "${basedir}/tmp/samhain-${src_version}.tar" "${bd_user}@${host}:${tmpdir}/" + else + scp -q "${basedir}/tmp/samhain-${src_version}.tar" "${bd_user}@${host}:${tmpdir}/" + fi + else + if test x"$silent" = x0 + then + printINFO "scp ${basedir}/tmp/samhain-${src_version}.tar ${bd_user}@${host}:${tmpdir}/" + else + printINFO "scp -q ${basedir}/tmp/samhain-${src_version}.tar ${bd_user}@${host}:${tmpdir}/" + fi + fi + if test x"$?" != x0 + then + printFATAL "Could not copy source to host ${host}." + else + printINFO "Source copied to host ${host}." + fi + + #--------------------------------------------------------------------- + # Build the package. + #--------------------------------------------------------------------- + if test x"$silent" = x0 + then + config_com='./configure' + else + config_com='./configure --silent' + fi + + if test -f "${basedir}/configs/${arch}.configure" + then + while read line + do + if test -z "`echo $line | awk '/^#/'`" + then + nline=`echo ${line} | tr -d '\n'` + config_com="${config_com} ${nline}" + fi + done <"${basedir}/configs/${arch}.configure" + else + printFATAL "Configure options file ${basedir}/configs/${arch}.configure not found." + fi + + printINFO "configure command is ${config_com}" + if test x"$bd_packed" = x + then + command="make clean" + else + command="make CLIENTPASSWD=${bd_packed} samhain-packed" + fi + + + command=`eval echo $command`; + + if test x"$simulate" = x0 + then + if test $silent -lt 2 + then + ssh -x -l "${bd_user}" "${host}" /bin/sh -c \''(PATH="'/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:${PATH}:${bd_addpath}'" && export PATH && cd "'${tmpdir}'" && tar -xf "'samhain-${src_version}.tar'" && cd "'samhain-${src_version}'" && eval "'${config_com}'" && eval "'${command}'" && make "'${format}-light'")'\' + else + ssh -x -l "${bd_user}" "${host}" /bin/sh -c \''(PATH="'/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:${PATH}:${bd_addpath}'" && export PATH && cd "'${tmpdir}'" && tar -xf "'samhain-${src_version}.tar'" && cd "'samhain-${src_version}'" && eval "'${config_com}'" && eval "'${command}'" && make "'${format}-light'") >/dev/null'\' + fi + else + if test $silent -lt 2 + then + printINFO "ssh -x -l ${bd_user} ${host} /bin/sh -c '(PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:\${PATH}:${bd_addpath} && export PATH && cd ${tmpdir} && tar -xf samhain-${src_version}.tar && cd samhain-${src_version} && eval ${config_com} && eval ${command} && make ${format}-light)'" + else + printINFO "ssh -x -l ${bd_user} ${host} /bin/sh -c '(PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:\${PATH}:${bd_addpath} && export PATH && cd ${tmpdir} && tar -xf samhain-${src_version}.tar && cd samhain-${src_version} && eval ${config_com} && eval ${command} && make ${format}-light) >/dev/null'" + fi + fi + + if test x"$?" != x0 + then + printFATAL "Could not build package on host ${host}." + else + printINFO "Source compiled." + fi + + #--------------------------------------------------------------------- + # Fetch package and remove temporary build directory on build host. + #--------------------------------------------------------------------- + realformat=`echo $format | sed s,solaris-,,` + + if test x"$simulate" = x0 + then + ssh -x -l "${bd_user}" "${host}" '(cat "'${tmpdir}/samhain-${src_version}/samhain-install.sh'")' >"${basedir}/archpkg/${arch}/install-${src_version}.${realformat}" + else + printINFO "ssh -x -l ${bd_user} ${host} (cat ${tmpdir}/samhain-${src_version}/samhain-install.sh) >${basedir}/archpkg/${arch}/install-${src_version}.${realformat}" + fi + + if test x"$?" != x0 + then + printFATAL "Could not fetch samhain-install.sh script from host ${host}." + fi + chmod +x "${basedir}/archpkg/${arch}/install-${src_version}.${realformat}" + + if test x"$simulate" = x0 + then + ssh -x -l "${bd_user}" "${host}" '(cat "'${tmpdir}/samhain-${src_version}/samhain-${src_version}.${realformat}'" && rm -rf "'${tmpdir}'")' >"${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat}" + else + printINFO "ssh -x -l ${bd_user} ${host} (cat ${tmpdir}/samhain-${src_version}/samhain-${src_version}.${realformat} && rm -rf ${tmpdir}) >${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat}" + fi + if test x"$?" != x0 + then + printFATAL "Could not fetch package samhain-${src_version}.${realformat} from host ${host}." + else + printLOG "Build directory ${tmpdir} deleted on host ${host}." + fi + chmod +x "${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat}" + + if test x"$simulate" = x0 + then + pkgsize=`ls -l "${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat}" | awk '{print $5}'` + if test "x$pkgsize" = "x0"; then + printFATAL "Returned package file is empty." + fi + else + printINFO "ls -l ${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat} | awk '{print $5}'" + fi + + # >> Save password + # + if test x"$bd_packed" = x + then + : + else + if test x"$simulate" = x0 + then + echo "$bd_packed" >"${basedir}/archpkg/${arch}/PASSWD-${src_version}.${realformat}" + fi + fi + + # >> Save configure options + # + if test x"$simulate" = x0 + then + cp "${basedir}/configs/${arch}.configure" "${basedir}/archpkg/${arch}/configure-${src_version}.${realformat}" + else + printINFO "cp ${basedir}/configs/${arch}.configure ${basedir}/archpkg/${arch}/configure-${src_version}.${realformat}" + fi + + printLOG "New package: ${arch}/samhain-${src_version}.${realformat}." +} + Index: /tags/2.5.0/dsys/comCHECKSRC =================================================================== --- /tags/2.5.0/dsys/comCHECKSRC (revision 189) +++ /tags/2.5.0/dsys/comCHECKSRC (revision 189) @@ -0,0 +1,120 @@ +######################################################################### +# +# Subroutine for the 'checksrc' command +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +commandCHECKSRC() { + printINFO "About to run \"$action\"" + + needEXE ls gpg + + + cd "${basedir}/source" || printFATAL "could not cd to ${basedir}/source" + + LIST=`ls samhain*.tar.gz 2>/dev/null` + if test x$? != x0 + then + printINFO "No sources available." + fi + + for ff in $LIST + do + sh_version=`echo "$ff" | sed 's/.*samhain\-//g' | sed 's/\.tar\.gz//g'` + if test x"${sh_version}" = x + then + printFATAL "Cannot determine version for $ff" + fi + + if test "$ff" != "samhain-${sh_version}.tar.gz" + then + printFATAL "Version number not correctly extracted from $ff" + fi + + if test -f "samhain-${sh_version}.tar.gz.asc" + then + : + else + printWARNING "No detached signature for $ff found" + if test x"$cs_delete" = x1 + then + if test x"$simulate" = x0 + then + printLOG "REMOVE $ff: No detached signature found." + rm -f "$ff" + else + printLOG "REMOVE $ff: No detached signature found." + printINFO "rm -f $ff" + fi + else + printLOG "BAD: $ff (no signature)" + fi + continue + fi + + sig_lines=`(LANG="C"; gpg --status-fd 1 --verify "samhain-${sh_version}.tar.gz.asc" "samhain-${sh_version}.tar.gz" 2>/dev/null)` + sig_ok=`echo ${sig_lines} | grep 'GOODSIG'` + sig_nokey=`echo ${sig_lines} | grep 'NO_PUBKEY'` + + if test x"${sig_nokey}" != x + then + printWARNING "Public key (ID 0F571F6C) not found, trying to import it." + gpg --import ${basedir}/private/0F571F6C.asc 2>&5 + sig_lines=`(LANG="C"; gpg --status-fd 1 --verify "samhain-${sh_version}.tar.gz.asc" "samhain-${sh_version}.tar.gz" 2>/dev/null)` + sig_ok=`echo ${sig_lines} | grep 'GOODSIG'` + sig_nokey=`echo ${sig_lines} | grep 'NO_PUBKEY'` + fi + + if test x"${sig_nokey}" != x + then + printFATAL "Importing public key failed." + fi + + if test x"${sig_ok}" = x + then + printWARNING "File $ff has no good signature" + if test x"$cs_delete" = x1 + then + if test x"$simulate" = x0 + then + printLOG "REMOVE $ff: No good signature found." + rm -f "$ff" + else + printLOG "REMOVE $ff: No good signature found." + printINFO "rm -f $ff" + fi + else + printLOG "BAD: $ff (invalid signature)" + fi + continue + fi + printLOG "OK: $ff" + + done + + if test x"$cs_delete" = x1 + then + printLOG "Checked sources in ${basedir}/source/ (delete=on)" + else + printLOG "Checked sources in ${basedir}/source/ (delete=off)" + fi + return 0 +} Index: /tags/2.5.0/dsys/comCLEAN =================================================================== --- /tags/2.5.0/dsys/comCLEAN (revision 189) +++ /tags/2.5.0/dsys/comCLEAN (revision 189) @@ -0,0 +1,79 @@ +######################################################################### +# +# Subroutine for the 'clean' command +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +commandCLEAN() { + printINFO "About to run \"$action\"" + + cd "${basedir}/source" || printFATAL "could not cd to ${basedir}/source" + + LIST=`ls samhain*.tar.gz 2>/dev/null` + if test x$? != x0 + then + printINFO "No sources available." + fi + + for ff in $LIST + do + sh_version=`echo "$ff" | sed 's/.*samhain\-//g' | sed 's/\.tar\.gz//g'` + if test x"${sh_version}" = x + then + printFATAL "Cannot determine version for $ff" + fi + + if test "$ff" != "samhain-${sh_version}.tar.gz" + then + printFATAL "Version number not correctly extracted from $ff" + fi + + if test -f "samhain-${sh_version}.tar.gz.asc" + then + printINFO "REMOVE samhain-${sh_version}.tar.gz.asc" + if test x"$simulate" = x0 + then + rm -f "samhain-${sh_version}.tar.gz.asc" + else + printINFO "rm -f samhain-${sh_version}.tar.gz.asc" + fi + fi + + if test -f "samhain-${sh_version}.tar.gz" + then + printINFO "REMOVE samhain-${sh_version}.tar.gz" + if test x"$simulate" = x0 + then + rm -f "samhain-${sh_version}.tar.gz" + else + printINFO "rm -f samhain-${sh_version}.tar.gz" + fi + fi + done + + printLOG "Cleaned sources in ${basedir}/source/" + + dbSHOWPKG dontshow delete + + printLOG "Cleaned unused packages in ${basedir}/archpkg/" + + return 0 +} Index: /tags/2.5.0/dsys/comDOWNLOAD =================================================================== --- /tags/2.5.0/dsys/comDOWNLOAD (revision 189) +++ /tags/2.5.0/dsys/comDOWNLOAD (revision 189) @@ -0,0 +1,280 @@ +######################################################################### +# +# Subroutine for the 'download' command +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +commandDOWNLOAD() { + printINFO "About to run \"$action\" for samhain version \"$src_version\"" + + needEXE du gunzip tar gpg + + + if test x"$simulate" = x0 + then + cd "${basedir}/tmp" || printFATAL "could not cd to ${basedir}/tmp" + rm -f "samhain-${src_version}.tar.gz" + else + # + # -- Simulate only: print what would be done + # + printINFO "cd ${basedir}/tmp" + printINFO "rm -f samhain-${src_version}.tar.gz" + fi + + command="" + + if test -z "$command" + then + findEXE wget + if test -n "$EXECUTABLE" + then + command="$EXECUTABLE" + opt1="--quiet" + opt2="-O" + opt3="-" + fi + fi + + if test -z "$command" + then + findEXE curl + if test -n "$EXECUTABLE" + then + command="$EXECUTABLE" + opt1="--silent" + opt2="--show-error" + opt3="--fail" + fi + fi + + if test -z "$command" + then + findEXE lynx + if test -n "$EXECUTABLE" + then + command="$EXECUTABLE" + opt1="-source" + opt2="" + opt3="" + fi + fi + + if test -z "$command" + then + findEXE links + if test -n "$EXECUTABLE" + then + command="$EXECUTABLE" + opt1="-source" + opt2="" + opt3="" + fi + fi + + if test -z "$command" + then + findEXE lwp-request + if test -n "$EXECUTABLE" + then + command="$EXECUTABLE" + opt1="" + opt2="" + opt3="" + fi + fi + + if test -z "$command" + then + findEXE fetch + if test -n "$EXECUTABLE" + then + command="$EXECUTABLE" + opt1="-q" + opt2="-o" + opt3="-" + fi + fi + + if test -z "$command" + then + findEXE fget + if test -n "$EXECUTABLE" + then + command="$EXECUTABLE" + opt1="" + opt2="" + opt3="" + fi + fi + + if test -z "$command" + then + printFATAL "No wget, curl, lynx, links, lwp-request, fetch, fget in your \$PATH, cannot download" + fi + + if test x"${src_version}" = xcurrent + then + location="http://la-samhna.de/samhain/samhain-current.tar.gz" + if test -f /usr/bin/md5sum && test -f /bin/hostname + then + # + # for testing + # + dl_tmp_hna=`/bin/hostname -f 2>/dev/null` + dl_tmp_md5=`echo "x${dl_tmp_hna}" | md5sum` + if test x"$dl_tmp_md5" = "xc5f41bf28a7baf12c763f1be27a9b863" + then + location="http://localhost/samhain-current.tar.gz" + fi + fi + else + location="http://la-samhna.de/archive/samhain_signed-${src_version}.tar.gz" + if test -f /usr/bin/md5sum && test -f /bin/hostname + then + # + # for testing + # + dl_tmp_hna=`/bin/hostname -f 2>/dev/null` + dl_tmp_md5=`echo "x${dl_tmp_hna}" | /usr/bin/md5sum 2>/dev/null` + if test x"$dl_tmp_md5" = "xc5f41bf28a7baf12c763f1be27a9b863" + then + location="http://localhost/samhain_signed-${src_version}.tar.gz" + fi + fi + fi + + + printINFO "Executing $command $opt1 $opt2 $opt3 $location" + + if test x"$simulate" = x0 + then + eval "$command" "$opt1" "$opt2" "$opt3" "$location" 1>"samhain-${src_version}.tar.gz" 2>/dev/null + else + printINFO "$command" "$opt1" "$opt2" "$opt3" "$location" 1>"samhain-${src_version}.tar.gz" + printINFO "du -s -k samhain-${src_version}.tar.gz | awk '{ print $1 }'" + printLOG "Downloaded to samhain-${src_version}.tar.gz (XXX kB)" + printINFO "gunzip -c samhain-${src_version}.tar.gz | tar -tvf - " + printINFO "Source in tarball is version X.X.X" + printINFO "Unpacking to ${tmpD}" + printINFO "cd ${tmpD}" + printINFO "gunzip -c ${basedir}/tmp/samhain-${src_version}.tar.gz | tar -xf -" + printINFO "rm -f ${basedir}/tmp/samhain-${src_version}.tar.gz" + printINFO "Checking PGP signature" + printINFO "(LANG=C; gpg --status-fd 1 --verify samhain-X.X.X.tar.gz.asc samhain-X.X.X.tar.gz 2>&1 | grep 'GOODSIG')" + printINFO "cp samhain-X.X.X.tar.gz.asc samhain-X.X.X.tar.gz ${basedir}/source" + printLOG "Installed samhain (X.X.X) source" + return 0 + fi + + if test -f "samhain-${src_version}.tar.gz" + then + : + else + printFATAL "failed: $command $location" + fi + + size=`du -s -k "samhain-${src_version}.tar.gz" | awk '{ print $1 }'` + + if test $size -lt 100 + then + rm -f "samhain-${src_version}.tar.gz" + printFATAL "failed: $command $location" + else + printLOG "Downloaded to samhain-${src_version}.tar.gz (${size} kB)" + fi + + files=`gunzip -c "samhain-${src_version}.tar.gz" | tar -tvf - 2>/dev/null` + sig=`echo $files | egrep ' samhain.*tar\.gz\.asc$' 2>/dev/null` + sig_version=`echo $files | egrep ' samhain.*tar\.gz\.asc$' 2>/dev/null | sed 's/.*samhain\-//g' | sed 's/\.tar\.gz\.asc//g'` + if test x"$sig" = x + then + rm -f "samhain-${src_version}.tar.gz" + printFATAL "downloaded file does not contain a PGP signature" + fi + + if test x"${sig_version}" = x + then + rm -f "samhain-${src_version}.tar.gz" + printFATAL "cannot determine samhain version from downloaded file" + fi + + if test x"${src_version}" != xcurrent + then + if test x"${src_version}" != x"${sig_version}" + then + rm -f "samhain-${src_version}.tar.gz" + printFATAL "downloaded version (${sig_version}) != requested version (${src_version})" + fi + fi + + printINFO "Source in tarball is version ${sig_version}" + printINFO "Unpacking to ${basedir}/source" + + cd "${tmpD}" || { + rm -f "${basedir}/tmp/samhain-${src_version}.tar.gz" + printFATAL "could not cd to ${tmpD}" + } + + gunzip -c "${basedir}/tmp/samhain-${src_version}.tar.gz" | tar -xf - + + rm -f "${basedir}/tmp/samhain-${src_version}.tar.gz" + + if test -f "samhain-${sig_version}.tar.gz" + then + if test -f "samhain-${sig_version}.tar.gz.asc" + then + : + else + printFATAL "not found in source: PGP signature samhain-${sig_version}.tar.gz.asc" + fi + else + printFATAL "not found in source: samhain-${sig_version}.tar.gz" + fi + + + printINFO "Checking PGP signature" + sig_lines=`(LANG="C"; gpg --status-fd 1 --verify "samhain-${sig_version}.tar.gz.asc" "samhain-${sig_version}.tar.gz" 2>/dev/null)` + sig_ok=`echo ${sig_lines} | grep 'GOODSIG'` + + sig_nokey=`echo ${sig_lines} | grep 'NO_PUBKEY'` + + if test x"${sig_nokey}" != x + then + printWARNING "Public key (ID 0F571F6C) not found, trying to import it." + gpg --import ${basedir}/private/0F571F6C.asc 2>&5 + sig_ok=`(LANG="C"; gpg --status-fd 1 --verify "samhain-${sig_version}.tar.gz.asc" "samhain-${sig_version}.tar.gz" 2>/dev/null | grep 'GOODSIG')` + fi + + if test x"${sig_ok}" = x + then + (LANG="C"; gpg --verify "samhain-${sig_version}.tar.gz.asc" "samhain-${sig_version}.tar.gz") + printFATAL "no good signature" + fi + + cp "samhain-${sig_version}.tar.gz" "samhain-${sig_version}.tar.gz.asc" \ + ${basedir}/source/ || \ + printFATAL "failed: cp samhain-${sig_version}.tar.gz samhain-${sig_version}.tar.gz.asc ${basedir}/source/" + + printLOG "Installed samhain source (version=${sig_version})" + + return 0 +} Index: /tags/2.5.0/dsys/comINSTALL =================================================================== --- /tags/2.5.0/dsys/comINSTALL (revision 189) +++ /tags/2.5.0/dsys/comINSTALL (revision 189) @@ -0,0 +1,643 @@ +######################################################################### +# +# Subroutine for the 'install' command +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +commandINSTALL() { + + printINFO "About to run \"$action\" on host \"$host\"" + # + # configuration options we should know about + # + is_packed=0 + is_nocl="start" + is_xor="no" + + + if test -f "${basedir}/configs/${arch}.configure" + then + : + else + printFATAL "Configure options ${basedir}/configs/${arch}.configure missing." + fi + + if test -f "${basedir}/configs/${arch}.samhainrc" + then + : + else + printFATAL "Configuration file ${basedir}/configs/${arch}.samhainrc missing." + fi + + realformat=`echo $format | sed s,solaris-,,`; export realformat + + if test -f "${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat}" + then + : + else + printFATAL "Binary package OS: ${arch}, version: ${src_version}, format ${format} does not exist." + fi + + if test -f "${basedir}/archpkg/${arch}/install-${src_version}.${realformat}" + then + : + else + printFATAL "Binary package OS: ${arch}, version: ${src_version}, format ${format} is incomplete and cannot be installed." + fi + + + if test -f "${basedir}/archpkg/${arch}/PASSWD-${src_version}.${realformat}" + then + printINFO "Binary package OS: ${arch}, version: ${src_version}, format ${format} is packed." + is_packed=1 + is_passwd=`cat "${basedir}/archpkg/${arch}/PASSWD-${src_version}.${realformat}" | tr -d '\n'` + else + is_passwd=`eval "${yule_exec}" -G` + if test x$? != x0 + then + printFATAL "Could not generate password. Is yule in your PATH ?" + fi + fi + + if test -f "${basedir}/configs/${arch}.preinstall" + then + cp "${basedir}/configs/${arch}.preinstall" "${tmpD}/preinstall" || \ + printFATAL "Could not copy ${basedir}/configs/${arch}.preinstall to ${tmpD}/preinstall" + is_preinstall_full="${tmpD}/preinstall" + else + is_preinstall_full="${basedir}/libexec/preinstall" + fi + + if test -f "${basedir}/configs/${arch}.postinstall" + then + cp "${basedir}/configs/${arch}.postinstall" "${tmpD}/postinstall" || \ + printFATAL "Could not copy ${basedir}/configs/${arch}.postinstall to ${tmpD}/postinstall" + is_postinstall_full="${tmpD}/postinstall" + else + is_postinstall_full="${basedir}/libexec/postinstall" + fi + + if test -f "${basedir}/configs/${arch}.initscript" + then + cp "${basedir}/configs/${arch}.initscript" "${tmpD}/initscript" || \ + printFATAL "Could not copy ${basedir}/configs/${arch}.initscript to ${tmpD}/initscript" + is_initscript_full="${tmpD}/initscript" + else + is_initscript_full="${basedir}/libexec/initscript" + fi + + #--------------------------------------------------------------------- + # Get important configuration options. + #--------------------------------------------------------------------- + + getconfopts "${basedir}/archpkg/${arch}/configure-${src_version}.${realformat}" || printFATAL "Could not check config file ${basedir}/archpkg/${arch}/configure-${src_version}.${realformat}" + + + #--------------------------------------------------------------------- + # Prepare the configuration file + #--------------------------------------------------------------------- + + if test -f "${basedir}/hosts/${host}/${arch}.samhainrc" + then + hostconfig="${basedir}/hosts/${host}/${arch}.samhainrc" + elif test -f "${basedir}/hosts/${host}/samhainrc" + then + hostconfig="${basedir}/hosts/${host}/samhainrc" + else + hostconfig="${basedir}/configs/${arch}.samhainrc" + fi + + test -f "${hostconfig}" || printFATAL "Configuration file ${hostconfig} missing." + + # Handle the '--enable-stealth' option + # + if test x"${is_xor}" = xno + then + : + else + test -f "${basedir}/private/stealth_template.ps" || \ + printFATAL "${basedir}/private/stealth_template.ps not available." + ${basedir}/libexec/samhain_stealth -o "${hostconfig}" >/dev/null ||\ + printFATAL "Problem reading ${hostconfig}". + ccount=`${basedir}/libexec/samhain_stealth -o "${hostconfig}" 2>&1 | awk '{ print $1 }'` + ${basedir}/libexec/samhain_stealth -i "${basedir}/private/stealth_template.ps" >/dev/null || \ + printFATAL "Problem reading ${basedir}/private/stealth_template.ps" + mcount=`${basedir}/libexec/samhain_stealth -i "${basedir}/private/stealth_template.ps" 2>&1 | awk '{ print $7 }'` + + if test ${mcount} -lt ${ccount} + then + printFATAL "Configuration file ${hostconfig} too big." + fi + + cp "${basedir}/private/stealth_template.ps" "$tmpD" || \ + printFATAL "Could not copy ${basedir}/private/stealth_template.ps to ${tmpD}/" + ${basedir}/libexec/samhain_stealth -s "${tmpD}/stealth_template.ps" "${hostconfig}" >/dev/null + if test "x$?" = x0 + then + printINFO "Configuration file hidden into stealth_template.ps" + hostconfig="${tmpD}/stealth_template.ps" + else + printFATAL "Could not run ${basedir}/libexec/samhain_stealth -s ${tmpD}/stealth_template.ps ${hostconfig}" + fi + fi + + rm -f "${tmpD}/prepared_samhainrc" + cp "${hostconfig}" "${tmpD}/prepared_samhainrc" || \ + printFATAL "Could not copy ${hostconfig} to ${tmpD}/prepared_samhainrc" + hostconfig="${tmpD}/prepared_samhainrc" + + #--------------------------------------------------------------------- + # Create temporary directory on host. + #--------------------------------------------------------------------- + + tmpdir=`eval echo "/tmp/sh_${src_version}_${arch}_${format}_$$"` + + if test x"$simulate" = x0 + then + ssh -x -l "root" "${host}" '(umask 0077; mkdir "'${tmpdir}'")' + else + printINFO "ssh -x -l root ${host} (umask 0077; mkdir ${tmpdir})" + fi + if test x"$?" != x0 + then + printFATAL "Could not create temporary directory ${tmpdir} on host ${host}." + else + printLOG "Directory ${tmpdir} created on host ${host}." + fi + + #--------------------------------------------------------------------- + # Copy to host. + #--------------------------------------------------------------------- + if test x"$simulate" = x0 + then + if test x"$silent" = x0 + then + scp "${is_initscript_full}" "${is_preinstall_full}" "${is_postinstall_full}" "${hostconfig}" "${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat}" "${basedir}/archpkg/${arch}/install-${src_version}.${realformat}" "root@${host}:${tmpdir}/" + else + scp -q "${is_initscript_full}" "${is_preinstall_full}" "${is_postinstall_full}" "${hostconfig}" "${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat}" "${basedir}/archpkg/${arch}/install-${src_version}.${realformat}" "root@${host}:${tmpdir}/" + fi + else + if test x"$silent" = x0 + then + printINFO "scp ${is_initscript_full} ${is_preinstall_full} ${is_postinstall_full} ${hostconfig} ${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat} ${basedir}/archpkg/${arch}/install-${src_version}.${realformat} root@${host}:${tmpdir}/" + else + printINFO "scp -q ${is_initscript_full} ${is_preinstall_full} ${is_postinstall_full} ${hostconfig} ${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat} ${basedir}/archpkg/${arch}/install-${src_version}.${realformat} root@${host}:${tmpdir}/" + fi + fi + if test x"$?" != x0 + then + printFATAL "Could not copy package to host ${host}." + else + printINFO "Package copied to host ${host}." + fi + + #--------------------------------------------------------------------- + # Run preinstall script. + #--------------------------------------------------------------------- + if test x"$simulate" = x0 + then + ssh -x -l "root" "${host}" '(cd "'${tmpdir}'" && cp "'install-${src_version}.${realformat}'" samhain-install.sh && chmod +x samhain-install.sh && chmod +x preinstall && ./preinstall)' + else + printINFO "ssh -x -l root ${host} (cd ${tmpdir} && cp install-${src_version}.${realformat} samhain-install.sh && chmod +x samhain-install.sh && chmod +x preinstall && ./preinstall)" + fi + if test x"$?" != x0 + then + printFATAL "Could not run preinstall script on host ${host}." + else + printLOG "Preinstall script executed on host ${host}" + fi + + #--------------------------------------------------------------------- + # Install. + #--------------------------------------------------------------------- + + if test "x$format" = "xrun"; then + is_command="/bin/sh" + elif test "x$format" = "xdeb"; then + is_command="dpkg --install --force-downgrade --force-confnew" + elif test "x$format" = "xrpm"; then + is_command="rpm --upgrade --quiet --oldpackage" + elif test "x$format" = "xtbz2"; then + is_command="emerge -K" + elif test "x$format" = "xsolaris-pkg"; then + is_command="pkgadd -n -d" + elif test "x$format" = "xdepot"; then + is_command="/usr/sbin/swinstall -x fix_explicit_directories=false -v -s " + else + printFATAL "Don't know how to install package format ${format}" + fi + + if test "x$format" = "xdepot" + then + tmp_iname=`/bin/sh ${basedir}/archpkg/${arch}/install-${src_version}.${realformat} --print-config name` + if test x"$simulate" = x0 + then + ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && PATH="'/usr/local/sbin:/usr/sbin:/sbin:$PATH'" && export PATH && eval "'${is_command}'" "'${tmpdir}/samhain-${src_version}.${realformat}'" "'${tmp_iname}'") >/dev/null '\' + else + printINFO "ssh -x -l root ${host} /bin/sh -c '(cd ${tmpdir} && eval ${is_command} ${tmpdir}/samhain-${src_version}.${realformat} ${tmp_iname})'" + fi + elif test "x$format" = "xsolaris-pkg" + then + if test x"$simulate" = x0 + then + ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && PATH="'/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:$PATH'" && export PATH && eval "'${is_command}'" "'samhain-${src_version}.${realformat} all'") >/dev/null '\' + else + printINFO "ssh -x -l root ${host} /bin/sh -c '(cd ${tmpdir} && eval ${is_command} samhain-${src_version}.${realformat}) all'" + fi + elif test "x$format" = "xtbz2" + then + # Gentoo is a PITA + # + tmp_iname=`/bin/sh ${basedir}/archpkg/${arch}/install-${src_version}.${realformat} --print-config name` + if test x"$simulate" = x0 + then + ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && PATH="'/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:$PATH'" && export PATH && cp "'samhain-${src_version}.${realformat}'" "'/usr/portage/packages/All/${tmp_iname}-${src_version}.tbz2'" && eval "'${is_command}'" "'${tmp_iname}-${src_version}.${realformat}'") >/dev/null '\' + else + printINFO "ssh -x -l root ${host} /bin/sh -c '(cd ${tmpdir} && cp samhain-${src_version}.${realformat} /usr/portage/packages/${tmp_iname}-${src_version}.tbz2 && eval ${is_command} ${tmp_iname}-${src_version}.${realformat})'" + fi + else + if test x"$simulate" = x0 + then + ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && PATH="'/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:$PATH'" && export PATH && eval "'${is_command}'" "'samhain-${src_version}.${realformat}'") >/dev/null '\' + else + printINFO "ssh -x -l root ${host} /bin/sh -c '(cd ${tmpdir} && eval ${is_command} samhain-${src_version}.${realformat})'" + fi + fi + + if test x"$?" != x0 + then + printFATAL "Could not install package on host ${host}." + else + printLOG "Package installed on host ${host}" + fi + + + #--------------------------------------------------------------------- + # Run postinstall script to fix the client password. + #--------------------------------------------------------------------- + if test x"$simulate" = x0 + then + if test "x${is_packed}" = "x0" + then + ssh -x -l "root" "${host}" '(cd "'${tmpdir}'" && chmod +x postinstall && ./postinstall "'${is_passwd}'") >/dev/null' + else + # Dummy argument + ssh -x -l "root" "${host}" '(cd "'${tmpdir}'" && chmod +x postinstall && ./postinstall DUMMY ) >/dev/null' + fi + else + if test "x${is_packed}" = "x0" + then + printINFO "ssh -x -l root ${host} (cd ${tmpdir} && chmod +x postinstall && ./postinstall ${is_passwd})" + else + # Dummy argument + printINFO "ssh -x -l root ${host} (cd ${tmpdir} && chmod +x postinstall && ./postinstall DUMMY )" + fi + fi + + if test x"$?" != x0 + then + printFATAL "Could not run postinstall script on host ${host}." + else + printLOG "Postinstall script executed on host ${host}" + fi + + #--------------------------------------------------------------------- + # Update the rc file + #--------------------------------------------------------------------- + + if test "x${is_rcfile}" = xy + then + mytest_file=`ls -1 "${yule_data}/rc*" 2>/dev/null | tail -n 1 2>/dev/null` + if test "x$mytest_file" = x; then + rcfile_perm=640; + xgid=`(cat /etc/group; ypcat group) 2>/dev/null |\ + grep "^samhain:" | awk -F: '{ print $3; }'` + if test "x$xgid" = x; then + rcfile_owner=`ls -ld ${yule_data} | awk '{print $3 }'` + rcfile_group=`ls -ld ${yule_data} | awk '{print $4 }'` + else + rcfile_owner=`ls -ld ${yule_data} | awk '{print $3 }'` + rcfile_group=samhain + fi + else + mytest_file=`basename $mytest_file` + rcfile_perm=`ls -l "${yule_data}/${mytest_file}" | \ + awk '{ u= substr($1,2,3); g=substr($1,5,3); o=substr($1,8,3); \ + gsub("-","",u); gsub("-","",g); gsub("-","",o); \ + print "u=" u ",g=" g ",o=" o; }'` + rcfile_perm=`echo ${rcfile_perm} | sed s%g=,%g-rwx,% | sed s%,o=$%,o-rwx%` + rcfile_owner=`ls -l "${yule_data}/${mytest_file}" | \ + awk '{print $3 }'` + rcfile_group=`ls -l "${yule_data}/${mytest_file}" | \ + awk '{print $4 }'` + fi + + if test -f "${hostconfig}" + then + if test x"$simulate" = x0 + then + ageFILE "${yule_data}/rc.${host}" || printFATAL "Could not backup ${yule_data}/rc.${host}." + cp "${hostconfig}" "${yule_data}/rc.${host}" || printFATAL "Could not copy ${hostconfig} to ${yule_data}/rc.${host}" + chown ${rcfile_owner}:${rcfile_group} "${yule_data}/rc.${host}" || printFATAL "Could not chown ${rcfile_owner}:${rcfile_group} ${yule_data}/rc.${host}" + chmod ${rcfile_perm} "${yule_data}/rc.${host}" || printFATAL "Could not chmod ${rcfile_perm} ${yule_data}/rc.${host}" + else + printINFO "Backup existing ${yule_data}/rc.${host}" + printINFO "Copy ${hostconfig} to ${yule_data}/rc.${host}" + fi + else + printFATAL "${hostconfig} is missing." + fi + printLOG "Server-side config file ${yule_data}/rc.${host} copied from ${hostconfig}." + fi + + #--------------------------------------------------------------------- + # Server entry and restart + #--------------------------------------------------------------------- + + instlock="${yule_conf}.lockdir"; + trap "rm -rf ${instlock}" 1 2 13 15 + + if test x"$simulate" = x0 + then + # + # A lockfile will not work, because 'root' can write anyway. + # However, 'mkdir' an existing directory will fail even for root + # + until (umask 222; mkdir "${instlock}") 2>/dev/null # test & set + do + printINFO "Waiting for lock" + sleep 1 + done + fi + + Replace=`"${yule_exec}" -P "${is_passwd}" | sed s%HOSTNAME%${host}%g` + if test "x$Replace" = x + then + rm -rf "${instlock}" + printFATAL "Could not execute ${yule_exec} -P ${is_passwd}." + fi + SearchString="Client=${host}@" + Seen=n + echo >"$tmpF" || printFATAL "Cannot write new server configuration." + while read line + do + if test "x$Seen" = xn + then + echo "$line" >>"$tmpF" + if test -n "`echo $line | awk '/^\[Clients\]/'`" + then + Seen=y + echo "$Replace" >>"$tmpF" + if [ $? -ne 0 ]; then + rm -rf "${instlock}" + printFATAL "Cannot write new server configuration." + fi + fi + else + if test -n "`echo $line | awk '/^'${SearchString}'/'`" + then + : + else + echo "$line" >>"$tmpF" + if [ $? -ne 0 ]; then + rm -rf "${instlock}" + printFATAL "Cannot write new server configuration." + fi + fi + fi + done <"${yule_conf}" + + rcfile_perm=`ls -l "${yule_conf}" | \ + awk '{ u= substr($1,2,3); g=substr($1,5,3); o=substr($1,8,3); \ + gsub("-","",u); gsub("-","",g); gsub("-","",o); \ + print "u=" u ",g=" g ",o=" o; }'` + rcfile_perm=`echo ${rcfile_perm} | sed s%g=,%g-rwx,% | sed s%,o=$%,o-rwx%` + rcfile_owner=`ls -l "${yule_conf}" | \ + awk '{print $3 }'` + rcfile_group=`ls -l "${yule_conf}" | \ + awk '{print $4 }'` + + if test x"$simulate" = x0 + then + ageFILE "${yule_conf}" + if [ $? -ne 0 ]; then + rm -rf "${instlock}" + printFATAL "Could not backup ${yule_conf}" + fi + + rm -f "${yule_conf}" && cp "$tmpF" "${yule_conf}" + if [ $? -ne 0 ]; then + rm -rf "${instlock}" + printFATAL "Could not write new server config. Backup is ${yule_conf}.1" + fi + + chown ${rcfile_owner}:${rcfile_group} "${yule_conf}" + if [ $? -ne 0 ]; then + rm -rf "${instlock}" + printFATAL "Could not chown ${rcfile_owner}:${rcfile_group} ${yule_conf}" + fi + + chmod ${rcfile_perm} "${yule_conf}" + if [ $? -ne 0 ]; then + rm -rf "${instlock}" + printFATAL "Could not chmod ${rcfile_perm} ${yule_conf}" + fi + else + printINFO "Backup and update ${yule_conf}" + fi + + if test "x${local_command}" = x + then + : + else + if test x"$simulate" = x0 + then + eval "${local_command}" "${host}" "${arch}" "${basedir}" "${yule_data}" "first" + else + printINFO "eval ${local_command} ${host} ${arch} ${basedir} ${yule_data} first" + fi + fi + + yule_name=`basename "${yule_exec}"` + + if test x"$simulate" = x0 + then + if test -f "/etc/init.d/${yule_name}" + then + eval "/etc/init.d/${yule_name}" reload + if test x"$?" != x0 + then + printWARNING "Could not reload server using: /etc/init.d/${yule_name} reload." + fi + else + eval "${yule_exec}" reload + if test x"$?" != x0 + then + printWARNING "Could not reload server using: ${yule_exec} reload." + fi + fi + # + # wait for the server to pick up the new configuration + # + sleep 5 + # + rm -rf "${instlock}" + else + printINFO "Reloading server configuration." + fi + + printLOG "Server configuration updated and reloaded." + + + #--------------------------------------------------------------------- + # Write/update client database + #--------------------------------------------------------------------- + + SH_NAME=`/bin/sh ${basedir}/archpkg/${arch}/install-${src_version}.${realformat} --print-config name`; export SH_NAME + SH_PREFIX=`/bin/sh ${basedir}/archpkg/${arch}/install-${src_version}.${realformat} --print-config prefix`; export SH_PREFIX + + if test x"$simulate" = x0 + then + updateDB + else + printINFO "Updating client database." + fi + + #--------------------------------------------------------------------- + # Initialize and fetch database + #--------------------------------------------------------------------- + + if test "x${is_init}" = xy + then + if test x"$simulate" = x0 + then + if test x"$silent" != x0 + then + ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && chmod +x initscript && ./initscript ${is_nocl} >/dev/null 2>&1 )'\' + else + ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && chmod +x initscript && ./initscript ${is_nocl} >/dev/null 2>&1 )'\' + fi + if test x"$?" != x0 + then + printFATAL "Could not initialize database on host ${host}." + else + printLOG "Database initialized on host ${host}" + fi + scp -q "root@${host}:${tmpdir}/data" "$tmpD" || \ + printFATAL "Could not retrieve database file root@${host}:${tmpdir}/data" + else + printINFO "ssh -x -l root ${host} /bin/sh -c '(cd ${tmpdir} && chmod +x initscript && ./initscript ${is_nocl})'" + printLOG "Database initialized on host ${host}" + printINFO "scp -q root@${host}:${tmpdir}/data $tmpD" + fi + + mytest_file=`ls -1 "${yule_data}/file*" 2>/dev/null | tail -n 1 2>/dev/null` + if test "x$mytest_file" = x; then + rcfile_perm=640; + xgid=`(cat /etc/group; ypcat group) 2>/dev/null |\ + grep "^samhain:" | awk -F: '{ print $3; }'` + if test "x$xgid" = x; then + rcfile_owner=`ls -ld ${yule_data} | awk '{print $3 }'` + rcfile_group=`ls -ld ${yule_data} | awk '{print $4 }'` + else + rcfile_owner=`ls -ld ${yule_data} | awk '{print $3 }'` + rcfile_group=samhain + fi + else + mytest_file=`basename $mytest_file` + rcfile_perm=`ls -l "${yule_data}/${mytest_file}" | \ + awk '{ u= substr($1,2,3); g=substr($1,5,3); o=substr($1,8,3); \ + gsub("-","",u); gsub("-","",g); gsub("-","",o); \ + print "u=" u ",g=" g ",o=" o; }'` + rcfile_perm=`echo ${rcfile_perm} | sed s%g=,%g-rwx,% | sed s%,o=$%,o-rwx%` + rcfile_owner=`ls -l "${yule_data}/${mytest_file}" | \ + awk '{print $3 }'` + rcfile_group=`ls -l "${yule_data}/${mytest_file}" | \ + awk '{print $4 }'` + fi + + if test x"$simulate" = x0 + then + if test -f "$tmpD/data" + then + ageFILE "${yule_data}/file.${host}" || printFATAL "Could not backup ${yule_conf}." + mv "$tmpD/data" "${yule_data}/file.${host}" || printFATAL "Could not move database file to ${yule_data}/file.${host}" + chown ${rcfile_owner}:${rcfile_group} "${yule_data}/file.${host}" || printFATAL "Could not chown ${rcfile_owner}:${rcfile_group} ${yule_data}/file.${host}" + chmod ${rcfile_perm} "${yule_data}/file.${host}" || printFATAL "Could not chmod ${rcfile_perm} ${yule_data}/file.${host}" + else + printFATAL "Database file not downloaded from host ${host}" + fi + else + printINFO "Backup and replace ${yule_data}/file.${host}" + fi + fi + + #--------------------------------------------------------------------- + # Start up. + #--------------------------------------------------------------------- + + if test "x${local_command}" = x + then + : + else + if test x"$simulate" = x0 + then + eval "${local_command}" "${host}" "${arch}" "${basedir}" "${yule_data}" "second" + else + printINFO "eval ${local_command} ${host} ${arch} ${basedir} ${yule_data} second" + fi + fi + + if test "x${is_startup}" = xy + then + if test x"$simulate" = x0 + then + ssh -x -l "root" "${host}" '(cd "'${tmpdir}'" && chmod +x initscript && eval "'./initscript ${is_nocl} start'")' + else + printINFO "Starting remote client now." + fi + if test x"$?" != x0 + then + printFATAL "Could not start client on host ${host}." + else + printLOG "Client started on host ${host}." + fi + fi + + #--------------------------------------------------------------------- + # Clean up. + #--------------------------------------------------------------------- + + if test x"$simulate" = x0 + then + ssh -x -l "root" "${host}" '(rm -rf "'${tmpdir}'")' + else + printINFO "ssh -x -l root ${host} (rm -rf ${tmpdir})" + fi + if test x"$?" != x0 + then + printFATAL "Could not remove temporary directory ${tmpdir} on host ${host}." + else + printLOG "Directory ${tmpdir} deleted on host ${host}." + fi + +} + Index: /tags/2.5.0/dsys/comUNINSTALL =================================================================== --- /tags/2.5.0/dsys/comUNINSTALL (revision 189) +++ /tags/2.5.0/dsys/comUNINSTALL (revision 189) @@ -0,0 +1,188 @@ +######################################################################### +# +# Subroutine for the 'uninstall' command +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +commandUNINSTALL() { + + printINFO "About to run \"$action\" on host \"$host\"" + + format=`setupFORMAT ${DB_version}` + realformat="$format" + + src_version=`setupVERSION ${DB_version}` + + test -f "${basedir}/archpkg/${DB_arch}/install-${DB_version}" || \ + printFATAL "Install script ${DB_arch}/install-${DB_version} not found" + + name=`/bin/sh "${basedir}/archpkg/${DB_arch}/install-${DB_version}" '--print-config' 'name'` + + test x"$name" = x"${DB_name}" || \ + printFATAL "Client database and installer files are inconsistent" + + arch="${DB_arch}" + + #--------------------------------------------------------------------- + # Uninstall. + #--------------------------------------------------------------------- + + if test "x$format" = "xrun"; then + is_command="./samhain-install.sh --force --express purge" + target="uninstall" + elif test "x$format" = "xdeb"; then + is_command="dpkg --purge" + target="${DB_name}" + elif test "x$format" = "xrpm"; then + is_command="rpm --erase" + target="${DB_name}" + elif test "x$format" = "xtbz2"; then + is_command="emerge unmerge" + target="${DB_name}" + elif test "x$realformat" = "xpkg"; then + is_command="pkgremove" + target="${DB_name}" + elif test "x$realformat" = "xdepot"; then + is_command="/usr/sbin/swremove" + target="${DB_name}" + else + printFATAL "Don't know how to uninstall package format ${format}" + fi + + if test x"$silent" = x0 + then + is_rmboot="./samhain-install.sh --force --express uninstall-boot" + else + is_rmboot="./samhain-install.sh --force --express --verbose uninstall-boot" + fi + + #--------------------------------------------------------------------- + # Create temporary directory on host. + #--------------------------------------------------------------------- + + tmpdir=`eval echo "/tmp/sh_${src_version}_${arch}_${format}_$$"` + + if test x"$simulate" = x0 + then + ssh -x -l "root" "${host}" '(umask 0077; mkdir "'${tmpdir}'")' + else + printINFO "ssh -x -l root ${host} (umask 0077; mkdir ${tmpdir})" + fi + if test x"$?" != x0 + then + printFATAL "Could not create temporary directory ${tmpdir} on host ${host}." + else + printLOG "Directory ${tmpdir} created on host ${host}." + fi + + #--------------------------------------------------------------------- + # Copy to host. + #--------------------------------------------------------------------- + + if test -f "${basedir}/configs/${arch}.initscript" + then + cp "${basedir}/configs/${arch}.initscript" "${tmpD}/initscript" || \ + printFATAL "Could not copy ${basedir}/configs/${arch}.initscript to ${tmpD}/initscript" + is_initscript_full="${tmpD}/initscript" + else + is_initscript_full="${basedir}/libexec/initscript" + fi + + if test x"$simulate" = x0 + then + if test x"$silent" = x0 + then + scp "${is_initscript_full}" "${basedir}/archpkg/${arch}/install-${src_version}.${format}" "root@${host}:${tmpdir}/" + else + scp -q "${is_initscript_full}" "${basedir}/archpkg/${arch}/install-${src_version}.${format}" "root@${host}:${tmpdir}/" + fi + else + if test x"$silent" = x0 + then + printINFO "scp ${is_initscript_full} ${basedir}/archpkg/${arch}/install-${src_version}.${format} root@${host}:${tmpdir}/" + else + printINFO "scp -q ${is_initscript_full} ${basedir}/archpkg/${arch}/install-${src_version}.${format} root@${host}:${tmpdir}/" + fi + fi + if test x"$?" != x0 + then + printFATAL "Could not copy uninstall script to host ${host}." + else + printINFO "Script copied to host ${host}." + fi + + + #--------------------------------------------------------------------- + # Run uninstall script. + #--------------------------------------------------------------------- + if test x"$simulate" = x0 + then + # + # No, this is not a bug; the first 'start' argument to 'initscript' + # is a required dummy argument. + # + if test x"$silent" = x0 + then + ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && PATH="'/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:$PATH'" && export PATH && cp "'install-${src_version}.${format}'" samhain-install.sh && chmod +x samhain-install.sh && chmod +x initscript && ./initscript start stop; eval "'${is_command}'" "'${target}'"; eval "'${is_rmboot}'")'\' + else + ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && PATH="'/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:$PATH'" && export PATH && cp "'install-${src_version}.${format}'" samhain-install.sh && chmod +x samhain-install.sh && chmod +x initscript && ./initscript start stop; eval "'${is_command}'" "'${target}'"; eval "'${is_rmboot}'") >/dev/null'\' + fi + else + printINFO "ssh -x -l root ${host} (cd ${tmpdir} && && PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:\$PATH && export PATH cp install-${src_version}.${realformat} samhain-install.sh && chmod +x samhain-install.sh && chmod +x initscript && ./initscript start stop; eval "${is_command}" "${target}"; eval "${is_rmboot}")" + fi + if test x"$?" != x0 + then + printFATAL "Could not complete uninstall on host ${host}." + else + printLOG "Uninstall executed on host ${host}" + fi + + #--------------------------------------------------------------------- + # Clean up. + #--------------------------------------------------------------------- + + if test x"$simulate" = x0 + then + ssh -x -l "root" "${host}" '(rm -rf "'${tmpdir}'")' + else + printINFO "ssh -x -l root ${host} (rm -rf ${tmpdir})" + fi + if test x"$?" != x0 + then + printFATAL "Could not remove temporary directory ${tmpdir} on host ${host}." + else + printLOG "Directory ${tmpdir} deleted on host ${host}." + fi + + #--------------------------------------------------------------------- + # Write/update client database + #--------------------------------------------------------------------- + + SH_NAME="$name"; export SH_NAME + SH_PREFIX=`/bin/sh ${basedir}/archpkg/${DB_arch}/install-${DB_version} --print-config prefix`; export SH_PREFIX + + if test x"$simulate" = x0 + then + updateDB D2_removed + else + printINFO "Updating client database." + fi +} Index: /tags/2.5.0/dsys/funcBUILD =================================================================== --- /tags/2.5.0/dsys/funcBUILD (revision 189) +++ /tags/2.5.0/dsys/funcBUILD (revision 189) @@ -0,0 +1,251 @@ +######################################################################### +# +# Subroutine for bulding from source +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +#------------------------------------------------------------------------ +# List available sources +#------------------------------------------------------------------------ +listSRC() { + + + OKSRCLIST=""; export OKSRCLIST + + echo > $tmpF; + + needEXE ls gpg + + cd "${basedir}/source" || printFATAL "could not cd to ${basedir}/source" + + LIST=`ls samhain*.tar.gz 2>/dev/null` + + if test x"$LIST" = x + then + printFATAL "No source tarball found in ${basedir}/source. Please use 'deploy.sh download'." + fi + + for ff in $LIST + do + sh_version=`echo "$ff" | sed 's/.*samhain\-//g' | sed 's/\.tar\.gz//g'` + if test x"${sh_version}" = x + then + printFATAL "Cannot determine version for $ff" + fi + + if test "$ff" != "samhain-${sh_version}.tar.gz" + then + printFATAL "Version number not correctly extracted from $ff" + fi + + if test -f "samhain-${sh_version}.tar.gz.asc" + then + : + else + printWARNING "No detached signature for $ff found" + continue + fi + + sig_lines=`(LANG="C"; gpg --status-fd 1 --verify "samhain-${sh_version}.tar.gz.asc" "samhain-${sh_version}.tar.gz" 2>/dev/null)` + sig_ok=`echo ${sig_lines} | grep 'GOODSIG'` + sig_nokey=`echo ${sig_lines} | grep 'NO_PUBKEY'` + + if test x"${sig_nokey}" != x + then + printWARNING "Public key (ID 0F571F6C) not found, trying to import it." + gpg --import ${basedir}/private/0F571F6C.asc 2>&5 + sig_lines=`(LANG="C"; gpg --status-fd 1 --verify "samhain-${sh_version}.tar.gz.asc" "samhain-${sh_version}.tar.gz" 2>/dev/null)` + sig_ok=`echo ${sig_lines} | grep 'GOODSIG'` + sig_nokey=`echo ${sig_lines} | grep 'NO_PUBKEY'` + fi + + if test x"${sig_nokey}" != x + then + printFATAL "Importing public key failed." + fi + + if test x"${sig_ok}" = x + then + printWARNING "File $ff has no good signature" + continue + fi + + if test x"$1" = x + then + OKSRCLIST="$OKSRCLIST ${sh_version}" + else + if test x"$1" = x"${sh_version}" + then + OKSRCLIST="${sh_version}" + return 0 + fi + fi + done + + if test x"$OKSRCLIST" = x + then + printFATAL "No source tarball found. Please use 'deploy.sh download'." + fi + + for dd in $OKSRCLIST + do + echo $dd >> "$tmpF" + done + + OKSRCLIST=`cat "$tmpF" | sort -r | sed 9q` + export OKSRCLIST + + rm -f "$tmpF" && touch "$tmpF" + echo $OKSRCLIST > "$tmpF" + + return 0 +} + +selBVERSION() { + #--------------------------------------------------------------------- + # Select version to build + #--------------------------------------------------------------------- + if test x"$src_version" = x + then + if test x"$assumeyes" = x1 + then + printFATAL "No version selected, aborting." + fi + + promptINFO "Checking which versions are available" + + ((listSRC | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ + tee -a "$lastlog") 6>&1 1>&2 2>&6 + OKSRCLIST=`cat "$tmpF"` + n=0 + for word in $OKSRCLIST + do + n=`expr $n + 1` + eval part$n="$word" + done + + command="promptMENU 'Please select version to build' " + for word in $OKSRCLIST + do + command="$command '${word}'" + done + eval ${command} + m=$? + if test x$m = x1 + then + (exit 0); exit 0; + elif test x$m = "x-1" + then + printFATAL "Something went wrong !" + else + src_version="$MENU"; export src_version + fi + + else + ((listSRC "$src_version" | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ + tee -a "$lastlog") 6>&1 1>&2 2>&6 + fi +} + +selBARCH() { + #--------------------------------------------------------------------- + # Select arch to build + #--------------------------------------------------------------------- + if test x"$arch" = x + then + if test x"$assumeyes" = x1 + then + printFATAL "No operating system selected, aborting." + fi + cd "$basedir"/configs || printFATAL "Cannot cd to $basedir/configs !" + LIST=`ls *.configure 2>/dev/null` + if test x"$LIST" = x + then + printFATAL "No config files found in ${basedir}/configs." + fi + + n=0 + command="promptMENU 'Please select operating system of build host' " + ALIST="" + FLIST="" + for ff in $LIST + do + n=`expr $n + 1` + osp=`echo $ff | sed s/\.configure//` + ALIST="$ALIST $osp" + FLIST="$FLIST $osp" + if test $n -lt 8 + then + command="$command '${osp}'" + fi + done + command="$command other" + + eval ${command} + m=$? + if test x$m = x1 + then + (exit 0); exit 0; + elif test x$m = "x-1" + then + printFATAL "Something went wrong !" + else + arch="$MENU"; export arch + if test x"$arch" = xother + then + promptINPUT "Please select operating system of build host from $FLIST or enter new one" + if test x$m = x1 + then + (exit 0); exit 0; + elif test x$m = "x-1" + then + printFATAL "Something went wrong !" + else + found=`echo $FLIST | sed -n /$INPUT/p 2>/dev/null` + if test x"$found" = x + then + printLOG "Copy configuration for $INPUT from generic" + cp generic.configure "${INPUT}.configure" + fi + arch="$INPUT"; export arch + fi + fi + fi + + fi + # arch selected or exited +} + +selBFORMAT() { + if test x"$format" = x + then + promptMENU "Please select format of binary package" "run" "rpm" "deb" "tbz2" "solaris-pkg" "depot" + if test x$m = x1 + then + (exit 0); exit 0 + elif test x$m = "x-1" + then + printFATAL "Something went wrong !" + else + format="$MENU"; export format + fi + fi +} Index: /tags/2.5.0/dsys/funcDB =================================================================== --- /tags/2.5.0/dsys/funcDB (revision 189) +++ /tags/2.5.0/dsys/funcDB (revision 189) @@ -0,0 +1,311 @@ +######################################################################### +# +# More subroutines for client DB +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +DBFTEST=0 + +dbSETFLAG() { + case "$line" in + *\*) + DBFTEST=0; + return 0; + ;; + + *\${DB_host}\*) + DBFTEST=1; + return 1; + ;; + + *) + return ${DBFTEST}; + ;; + esac +} + + +DB_arch=""; export DB_arch; +DB_status=""; export DB_status; +DB_version=""; export DB_version; +DB_date=""; export DB_date; +DB_name=""; export DB_name; + +dbINFO() { + + if test "x$1" = x + then + printFATAL "No host specified, aborting" + else + DB_host="$1" + fi + + DB_arch=""; export DB_arch; + DB_status=""; export DB_status; + DB_version=""; export DB_version; + DB_date=""; export DB_date; + DB_name=""; export DB_name; + + if test x"$DATABASE" = x + then + DATABASE="${basedir}/${defdatabase}" + fi + + if test -f "${DATABASE}" + then + SStr1=`grep '' "${DATABASE}"` + if test "x${SStr1}" != "x" + then + + SStr2=`grep "${DB_host}" "${DATABASE}"` + + SStr3= + + if test "x${SStr2}" != "x" + then + exec 3<&0 <"${DATABASE}" + while + read line + do + # for some reason, var=xx only works in a function call (why?) + # + # here we test if we are still in the same client block + # (set_flag will return 0 for and following) + dbSETFLAG "$line" + + if test "x$?" = "x1" + then + case "$line" in + *\*\) + DB_arch=`echo "$line" | sed '/^\(.*\)\([0-9a-zA-Z_-]*\)<\/client_os_machine>\(.*\)$/{ s//\2/; q; }'` + export DB_arch + ;; + + *\*\) + DB_status=`echo "$line" | sed '/^\(.*\)\([0-9a-zA-Z_-]*\)<\/client_install_status>\(.*\)$/{ s//\2/; q; }'` + export DB_status + ;; + + *\*\) + DB_date=`echo "$line" | sed '/^\(.*\)\([ 0-9a-zA-Z_.:,-]*\)<\/client_install_date>\(.*\)$/{ s//\2/; q; }'` + export DB_date + ;; + + *\*\) + DB_name=`echo "$line" | sed '/^\(.*\)\([0-9a-zA-Z_-]*\)<\/client_install_name>\(.*\)$/{ s//\2/; q; }'` + export DB_name + ;; + + *\*\) + ;; + + *\*\) + DB_version=`echo "$line" | sed '/^\(.*\)\([0-9a-zA-Z_.-]*\)<\/client_install_version>\(.*\)$/{ s//\2/; q; }'` + export DB_version + ;; + + *) + ;; + + esac + else + : + fi + done + exec 0<&3 3<&- + return 0 + else + printINFO "Host ${DB_host} not found in client database" + return 1 + fi + else + printINFO "Client database ${DATABASE} in bad shape" + return 1 + fi + else + printINFO "Client database ${DATABASE} not available" + return 1 + fi +} + +DB_hostlist=""; export DB_hostlist + +dbHOSTLIST() { + + DB_hostlist=""; export DB_hostlist + + if test x"$DATABASE" = x + then + DATABASE="${basedir}/${defdatabase}" + fi + + if test -f "${DATABASE}" + then + DB_hostlist=`cat "${DATABASE}" | grep 'client_host' | sed '/^\(.*\)\([0-9a-zA-Z.-]*\)<\/client_host>\(.*\)$/{ s//\2/; }' | sort` + export DB_hostlist + return 0 + else + printINFO "Client database ${DATABASE} not available" + return 1 + fi +} + +dbSHOWHOSTS() { + + if test "x$1" = x + then + dbHOSTLIST + else + DB_hostlist="$1" + fi + + if test "x$?" = x1 + then + printLOG "No known hosts - database unavailable" + fi + if test "x${DB_hostlist}" = x + then + printLOG "No known hosts - database unavailable, empty, or corrupt" + fi + + for ff in ${DB_hostlist} + do + dbINFO "$ff" + + + if test "x$?" = x1 + then + : + else + test -z "${DB_date}" && DB_date="INDEF" + test -z "${DB_arch}" && DB_arch="INDEF" + test -z "${DB_version}" && DB_version="INDEF" + + tmp_status="-" + if test "x$DB_status" = xinstalled + then + tmp_status="o" + elif test "x$DB_status" = xD2_installed + then + tmp_status="i" + elif test "x$DB_status" = xD2_removed + then + tmp_status="u" + fi + out=`echo | awk '{ printf "%1s %14s %-11s %19s %s\n", "'"${tmp_status}"'", "'"${DB_arch}"'", "'"${DB_version}"'", "'"${DB_date}"'", "'"${ff}"'" }'` + printINFO "${out}" + fi + done +} + + +dbSHOWPKG() { + + delete=no + show=no + + if test x"$1" = xshow + then + show=yes + fi + if test x"$2" = xdelete + then + delete=yes + fi + + cd "${basedir}/archpkg" || printFATAL "Cannot cd to ${basedir}/archpkg" + + dbHOSTLIST + + if test x"$DATABASE" = x + then + DATABASE="${basedir}/${defdatabase}" + fi + + LIST=`ls` + this_dir=`pwd` + + for dd in $LIST + do + if test -d "$dd" + then + cd "$dd" + + PKGLIST=`ls samhain-* 2>/dev/null` + + for ff in $PKGLIST + do + if test -f "$ff" + then + version=`echo "$ff" | sed -e 's%samhain-%%'` + + tmp_status="-" + + grep "$version" "${DATABASE}" >/dev/null 2>&1 + if test "x$?" = x0 + then + for hh in ${DB_hostlist} + do + dbINFO "$hh" + if test x"${DB_arch}" = x"${dd}" && \ + test x"${DB_version}" = x"${version}" + then + tmp_status="-" + if test "x$DB_status" = xinstalled + then + tmp_status="o" + elif test "x$DB_status" = xD2_installed + then + tmp_status="i" + fi + break + fi + done + else + tmp_status="-" + fi + + if test x"${show}" = xyes + then + printINFO "${tmp_status} ${dd}/${version}" + fi + + if test x"${delete}" = xyes && test x"${tmp_status}" = "x-" + then + printLOG "REMOVE ${dd}/${version}" + + if test x"$simulate" = x0 + then + rm -f "samhain-${version}" + rm -f "install-${version}" + rm -f "configure-${version}" + else + printINFO "rm -f ${dd}/samhain-${version}" + printINFO "rm -f ${dd}/install-${version}" + printINFO "rm -f ${dd}/configure-${version}" + fi + fi + fi + done + cd "${this_dir}" + fi + done +} Index: /tags/2.5.0/dsys/funcDIALOG =================================================================== --- /tags/2.5.0/dsys/funcDIALOG (revision 189) +++ /tags/2.5.0/dsys/funcDIALOG (revision 189) @@ -0,0 +1,354 @@ +######################################################################### +# +# Interaction Subroutines +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +# print without newline +# +printASK() { + echo $ECHO_N "$@ $ECHO_C" +} + +# find a 'dialog' program +# +findDIALOG() { + + if test x"$DIALOG" = xno + then + DIALOG=""; return 0 + elif test -n "$DIALOG" + then + return 0 + fi + + PATH=/usr/local/bin:/usr/local/sbin:$PATH; export PATH + X="$PATH" + progs="dialog"; + OLD_IFS=${IFS} + IFS=':'; export IFS + for dir in $X; do + for dia in $progs; do + dialog="$dir/$dia" + if (test -f "$dialog" || test -f "$dialog.exe") + then + if "$dialog" 2>&1 | grep tailbox >/dev/null 2>&1 + then + IFS=${OLD_IFS}; export IFS + DIALOG="$dialog"; export DIALOG + return 0 + fi + fi + done + done + IFS=${OLD_IFS}; export IFS + DIALOG=""; export DIALOG +} + + +# prompt user for yes/no +# +promptYESNO() { + if test $# -lt 1 + then + printFATAL "promptYESNO: insufficient arguments" + fi + + if test $silent -gt 1 + then + YESNO=y; export YESNO + return 0 + fi + + DEFAULT="" + case "$2" in + [yY]|[yY][eE][sS]) + DEFAULT=y ;; + [nN]|[nN][oO]) + DEFAULT=n ;; + esac + + YESNO="" + + if test -n "$DIALOG" + then + + if test x"$assumeyes" = x1 + then + YESNO="$DEFAULT"; export YESNO + return 0 + fi + + "$DIALOG" --title "deploy.sh $version" --yesno "$1" 10 75 2>"$tmpF" + mtest=$? + if test x"$mtest" = "x-1" + then + printFATAL "promptYESNO: something went wrong" + elif test x"$mtest" = x0 + then + YESNO=y + else + YESNO=n + fi + else + while : + do + if test x"$DEFAULT" = xy + then + printASK "$1 (Y/n) ?" + elif test x"$DEFAULT" = xn + then + printASK "$1 (N/y) ?" + else + printASK "$1 (y/n) ?" + fi + + if test x"$assumeyes" = x1 + then + YESNO="$DEFAULT"; export YESNO + echo "$DEFAULT" + return 0 + fi + + read YESNO + if test -z "$YESNO" + then + YESNO="$DEFAULT" + fi + + case "$YESNO" in + [yY]|[yY][eE][sS]) + YESNO=y; break ;; + [nN]|[nN][oO]) + YESNO=n; break ;; + *) + YESNO="" ;; + esac + done + fi + export YESNO + return 0 +} + +# get user input from tmp file +# +getINPUT() { + INPUT=`cat $tmpF` + export INPUT + return 0 +} + +# info box +# +promptINFO() { + if test $# -lt 1 + then + printFATAL "promptINPUT: insufficient arguments" + fi + + if test x"$silent" != x0 + then + return 0 + fi + + if test -n "$DIALOG" + then + "$DIALOG" --title "deploy.sh $version" --sleep 2 --infobox "$1" 8 75 + else + echo $1 + fi + return 0 +} + +# prompt user for input +# +promptINPUT() { + if test $# -lt 1 + then + printFATAL "promptINPUT: insufficient arguments" + fi + + if test $assumeyes -gt 0 + then + printFATAL "promptINPUT: user interaction required" + fi + + INPUT="" + DEFAULT="$2" + + if test -n "$DIALOG" + then + "$DIALOG" --title "deploy.sh $version" --inputbox "$1" 16 75 "$2" 2>"$tmpF" + mtest=$? + if test x"$mtest" = "x1" + then + # cancel button + (exit 0); exit 0; + fi + if test x"$mtest" = "x-1" + then + printFATAL "promptINPUT: something went wrong" + else + getINPUT + fi + else + + while : + do + if test -z "$DEFAULT" + then + printASK "$1 ?" + else + printASK "$1 ? $DEFAULT" + fi + + read INPUT + + if test -z "$INPUT" + then + if test -n "$DEFAULT" + then + locINPUT="$DEFAULT" + break + fi + elif test -n "$INPUT" + then + break + fi + done + export INPUT + fi + return 0 +} + +# get MENU from tmp file +# +getMENU() { + MENU=`cat $tmpF` + export MENU + return 0 +} + +# prompt user for options from menu +# +promptMENU() { + if test $# -lt 2 + then + printFATAL "promptMENU: insufficient arguments" + fi + + if test $assumeyes -gt 0 + then + printFATAL "promptMENU: user interaction required" + fi + + TITLE="$1" + shift + + if test -n "$DIALOG" + then + #command="'$DIALOG' '--title' \\'deploy.sh $version\\' '--backtitle'" + #command="$command \'$TITLE\' '--menu' \'$TITLE\' '16' '75' '$#'" + + argc=$# + if test $argc -gt 7 + then + argc=7 + fi + + command="'$1' '' 'on'" + shift + + for item + do + command="$command '$item' '' 'off'" + done + + command="$command " + + # printFATAL "$command" + eval $DIALOG '--title' \'deploy.sh $version\' '--backtitle' \'$TITLE\' '--radiolist' \'$TITLE\' '16' '75' $argc $command 2>"$tmpF" + + mtest=$? + + if test x"$mtest" = "x1" + then + # cancel button + (exit 0); exit 0; + fi + if test x"$mtest" = "x-1"; then + printFATAL "promptMENU: something went wrong" + else + getMENU + fi + else + + MENU="" + INPUT="" + + while : + do + clear + echo + echo "$TITLE" + echo + echo " 1) $1" + test -n "$2" && echo " 2) $2" + test -n "$3" && echo " 3) $3" + test -n "$4" && echo " 4) $4" + test -n "$5" && echo " 5) $5" + test -n "$6" && echo " 6) $6" + test -n "$7" && echo " 7) $7" + test -n "$8" && echo " 8) $8" + test -n "$9" && echo " 9) $9" + echo + printASK "Please enter your choice: " + + read INPUT + + if echo "$INPUT" | grep '[^0123456789]' >/dev/null 2>&1 + then + : + elif test $INPUT -gt $# + then + : + else + break + fi + done + + case "$INPUT" in + 1) MENU="$1"; break ;; + 2) MENU="$2"; break ;; + 3) MENU="$3"; break ;; + 4) MENU="$4"; break ;; + 5) MENU="$5"; break ;; + 6) MENU="$6"; break ;; + 7) MENU="$7"; break ;; + 8) MENU="$8"; break ;; + 9) MENU="$9"; break ;; + esac + + export MENU + fi + return 0 +} + Index: /tags/2.5.0/dsys/funcEXE =================================================================== --- /tags/2.5.0/dsys/funcEXE (revision 189) +++ /tags/2.5.0/dsys/funcEXE (revision 189) @@ -0,0 +1,57 @@ +######################################################################### +# +# Subroutines for determining existence of / path to executables +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +findEXE() { + if test $# -lt 1 + then + printFATAL "findEXE: insufficient arguments" + fi + + X="$PATH"; + prog="$1"; + OLD_IFS=${IFS} + IFS=':'; export IFS + for dir in $X; do + exe="$dir/$1" + if (test -f "$exe" || test -f "${exe}.exe") + then + EXECUTABLE="$exe"; export EXECUTABLE + IFS=${OLD_IFS}; export IFS + return 0 + fi + done + IFS=${OLD_IFS}; export IFS + printINFO "Command $1 not found in \$PATH" + EXECUTABLE=""; export EXECUTABLE +} + +needEXE() { + # printINFO "Checking for $@" + for arg + do + findEXE "$arg" + test -z "$EXECUTABLE" && printFATAL "Need \"$arg\" in \$PATH" + done + return 0 +} Index: /tags/2.5.0/dsys/funcINSTALL =================================================================== --- /tags/2.5.0/dsys/funcINSTALL (revision 189) +++ /tags/2.5.0/dsys/funcINSTALL (revision 189) @@ -0,0 +1,509 @@ +######################################################################### +# +# Subroutines for installing +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +getconfopts () { + fconf="$1" + + if test -f "$fconf" + then + # + # check if readable + # + cat "$fconf" >/dev/null 2>&1 || return 1 + # + # empty string if no --enable-nocl=..., else password + # + is_nocl=`cat "$fconf" | tr -d '\n' | egrep "^ *'?--enable-nocl=" | sed -e "s%^ *%%" | sed -e "s%^'%%" | sed -e "s%^--enable-nocl=%%" | sed -e "s% *$%%" | sed -e "s%'$%%"` + if test x"${is_nocl}" = x + then + is_nocl="start" + else + printINFO "Option --enable-nocl=${is_nocl} used." + fi + # + # + # + is_xor=`cat "$fconf" | tr -d '\n' | egrep "^ *'?--enable-stealth=" | sed -e "s%^ *%%" | sed -e "s%^'%%" | sed -e "s%^--enable-nocl=%%" | sed -e "s% *$%%" | sed -e "s%'$%%"` + if test x"${is_xor}" = x + then + is_xor="no" + else + printINFO "Option --enable-stealth=${is_xor} used." + fi + return 0 + else + return 1 + fi +} + +writerecord () { + IDATE=`date +"%Y-%m-%d %H:%M:%S"` + echo " " + echo " ${host}" + echo " ${hostgroup}" + echo " ${arch}" + echo " ${install_entry}" + echo " ${IDATE}" + echo " ${SH_NAME}" + echo " ${SH_PREFIX}" + echo " ${src_version}.${realformat}" + echo " " +} + +FTEST=0 + +set_flag () { + case "$line" in + *\*) + FTEST=0; + return 0; + ;; + + *\${host}\*) + FTEST=1; + return 1; + ;; + + *) + return ${FTEST}; + ;; + esac +} + + +#------------------------------------------------------------------------ +# Update client db +#------------------------------------------------------------------------ +updateDB() { + + if test "x$1" = x + then + install_entry="D2_installed" + else + install_entry="$1" + fi + export install_entry + + if test x"$DATABASE" = x + then + DATABASE="${basedir}/${defdatabase}" + fi + + updlock="${DATABASE}.lockdir" + trap "rm -rf ${updlock}" 1 2 13 15 + + # + # A lockfile will not work, because 'root' can write anyway. + # However, 'mkdir' an existing directory will fail even for root + # + until (umask 222; mkdir "${updlock}") 2>/dev/null # test & set + do + printINFO "Waiting for lock" + sleep 1 + done + + + IDATE=`date +"%Y-%m-%d %H:%M:%S"` + rm -f "$tmpF"; touch "$tmpF" + + if test -f "$DATABASE"; then + rcfile_perm=`ls -l "${DATABASE}" | \ + awk '{ u= substr($1,2,3); g=substr($1,5,3); o=substr($1,8,3); \ + gsub("-","",u); gsub("-","",g); gsub("-","",o); \ + print "u=" u ",g=" g ",o=" o; }'` + rcfile_perm=`echo ${rcfile_perm} | sed s%g=,%g-rwx,% | sed s%,o=$%,o-rwx%` + rcfile_owner=`ls -l "${DATABASE}" | \ + awk '{print $3 }'` + rcfile_group=`ls -l "${DATABASE}" | \ + awk '{print $4 }'` + else + rcfile_perm=640; + rcfile_owner=`ls -ld ${basedir} | awk '{print $3 }'` + rcfile_group=`ls -ld ${basedir} | awk '{print $4 }'` + fi + + + if test -f "${DATABASE}" + then + SStr1=`grep '' "${DATABASE}"` + if test "x${SStr1}" != "x" + then + + SStr2=`grep "${host}" "${DATABASE}"` + + SStr3= + + if test "x${SStr2}" != "x" + then + # REPLACE + + printINFO "Replace ${host} in ${DATABASE}" + + exec 3<&0 <"${DATABASE}" + while + read line + do + # for some reason, var=xx only works in a function call (why?) + # + # here we test if we are still in the same client block + # (set_flag will return 0 for and following) + set_flag "$line" + + if test "x$?" = "x1" + then + # + # Write the full entry when client_os_machine is found + # + case "$line" in + *\*\) + echo " ${hostgroup}" >>"${tmpF}" + echo " ${arch}" >>"${tmpF}" + echo " ${install_entry}" >>"${tmpF}" + echo " ${IDATE}" >>"${tmpF}" + echo " ${SH_NAME}" >>"${tmpF}" + echo " ${SH_PREFIX}" >>"${tmpF}" + echo " ${src_version}.${realformat}" >>"${tmpF}" + ;; + + *\*\) + : + ;; + + *\*\) + : + ;; + + *\*\) + : + ;; + + *\*\) + : + ;; + + *\*\) + : + ;; + + *\*\) + : + ;; + + *) + echo "$line" >>"${tmpF}" + ;; + + esac + else + echo "$line" >>"${tmpF}" + fi + + done + exec 0<&3 3<&- + cp "${tmpF}" "${DATABASE}" + else + # WRITE NEW CLIENT RECORD + + printINFO "Write record for ${host} in ${DATABASE}" + + exec 3<&0 <"${DATABASE}" + while + read line + do + if test "x$line" = "x" + then + echo "$line" >>"${tmpF}" + writerecord >>"${tmpF}" + else + echo "$line" >>"${tmpF}" + fi + done + exec 0<&3 3<&- + cp "${tmpF}" "${DATABASE}" + fi + else + # COMPLAIN + printLOG "File ${DATABASE} exists, but has wrong format"; + fi + else + # WRITE XML FROM SCRATCH + printINFO "Write ${DATABASE} from scratch" + echo '' >"${tmpF}" + echo '' \ + >>"${tmpF}" + echo "" >>"${tmpF}" + writerecord >>"${tmpF}" + echo "" >>"${tmpF}" + cp "${tmpF}" "${DATABASE}" + fi + + chown ${rcfile_owner}:${rcfile_group} "${DATABASE}" + if [ $? -ne 0 ]; then + rm -rf "${updlock}" + printFATAL "Could not chown ${rcfile_owner}:${rcfile_group} ${DATABASE}" + fi + chmod ${rcfile_perm} "${DATABASE}" + if [ $? -ne 0 ]; then + rm -rf "${updlock}" + printFATAL "Could not chmod ${rcfile_perm} ${DATABASE}" + fi + + rm -rf "${updlock}" +} + + +ageFILE() { + file="$1" + + if test -f "${file}" + then + test -f "${file}.9" && { rm -f "${file}.9" || printFATAL "rm -f ${file}.9 failed."; } + test -f "${file}.8" && { mv "${file}.8" "${file}.9" || printFATAL "mv ${file}.8 ${file}.9 failed."; } + test -f "${file}.7" && { mv "${file}.7" "${file}.8" || printFATAL "mv ${file}.7 ${file}.8 failed."; } + test -f "${file}.6" && { mv "${file}.6" "${file}.7" || printFATAL "mv ${file}.6 ${file}.7 failed."; } + test -f "${file}.5" && { mv "${file}.5" "${file}.6" || printFATAL "mv ${file}.5 ${file}.6 failed."; } + test -f "${file}.4" && { mv "${file}.4" "${file}.5" || printFATAL "mv ${file}.4 ${file}.5 failed."; } + test -f "${file}.3" && { mv "${file}.3" "${file}.4" || printFATAL "mv ${file}.3 ${file}.4 failed."; } + test -f "${file}.2" && { mv "${file}.2" "${file}.3" || printFATAL "mv ${file}.2 ${file}.3 failed."; } + test -f "${file}.1" && { mv "${file}.1" "${file}.2" || printFATAL "mv ${file}.1 ${file}.2 failed."; } + test -f "${file}" && { mv "${file}" "${file}.1" || printFATAL "mv ${file} ${file}.1 failed."; } + fi + return 0; +} + +#------------------------------------------------------------------------ +# The path to yule data +#------------------------------------------------------------------------ +pathYDATA() { + if test "x${yule_data}" = x + then + promptINPUT "Please enter the path to your yule executable" + yule_data="$INPUT"; export yule_data + fi + if test -d "${yule_data}" + then + : + else + printFATAL "Path to yule data directory not given." + fi +} + +#------------------------------------------------------------------------ +# The path to yule +#------------------------------------------------------------------------ +pathYULE() { + + if test "x${yule_exec}" = x + then + findEXE yule + if test -n "$EXECUTABLE" + then + yule_exec="$EXECUTABLE" + export yule_exec + fi + else + if test -f "${yule_exec}" + then + : + else + yule_exec="" + findEXE yule + if test -n "$EXECUTABLE" + then + yule_exec="$EXECUTABLE" + export yule_exec + fi + fi + fi + if test "x${yule_exec}" = x + then + promptINPUT "Please enter the path to your yule executable" + yule_exec="$INPUT"; export yule_exec + fi + if test -f "${yule_exec}" + then + if "${yule_exec}" --help 2>&1 | grep qualified >/dev/null 2>&1 + then + : + else + printFATAL "${yule_exec} is not Yule, or not executable." + fi + else + printFATAL "Path to yule executable directory not given." + fi +} + +#------------------------------------------------------------------------ +# Select operating system +#------------------------------------------------------------------------ +selbinARCH() { + #--------------------------------------------------------------------- + # Select arch to build + #--------------------------------------------------------------------- + if test x"$arch" = x + then + if test x"$assumeyes" = x1 + then + printFATAL "No operating system selected, aborting." + fi + cd "$basedir/archpkg" || printFATAL "Cannot cd to $basedir/archpkg !" + LIST=`ls 2>/dev/null` + if test x"$LIST" = x + then + printFATAL "No OS directories found in ${basedir}/archpkg." + fi + + n=0 + command="promptMENU 'Please select operating system of host' " + ALIST="" + FLIST="" + for ff in $LIST + do + haspkg=`ls $ff/samhain-* 2>/dev/null` + if test x"$haspkg" = x + then + : + else + n=`expr $n + 1` + osp="$ff" + ALIST="$ALIST $ff" + FLIST="$FLIST $ff" + if test $n -lt 8 + then + command="$command '${ff}'" + fi + fi + done + if test $n -ge 8 + then + command="$command other" + fi + + eval ${command} + m=$? + if test x$m = x1 + then + (exit 0); exit 0; + elif test x$m = "x-1" + then + printFATAL "Something went wrong !" + else + arch="$MENU"; export arch + if test x"$arch" = xother + then + promptINPUT "Please select operating system of host from $FLIST" + if test x$m = x1 + then + (exit 0); exit 0; + elif test x$m = "x-1" + then + printFATAL "Something went wrong !" + else + found=`echo $FLIST | sed -n /$INPUT/p 2>/dev/null` + if test x"$found" = x + then + printFATAL "There is no package for $INPUT" + fi + arch="$INPUT"; export arch + fi + fi + fi + fi + # arch selected or exited +} + +selbinVERSION() { + + OKVERLIST="" + + #--------------------------------------------------------------------- + # Select version + #--------------------------------------------------------------------- + if test x"$src_version" = x + then + if test x"$assumeyes" = x1 + then + printFATAL "No version selected, aborting." + fi + cd "${basedir}/archpkg/${arch}" || printFATAL "Cannot cd to ${basedir}/archpkg/${arch} !" + LIST=`ls samhain-* 2>/dev/null` + if test x"$LIST" = x + then + printFATAL "No binary package found in ${basedir}/archpkg/${arch}." + fi + + # -------------------------------------------------- + # Build a list of ${version}.${format} + # -------------------------------------------------- + + for ff in $LIST + do + sh_version=`echo "$ff" | sed 's/samhain\-//g'` + if test -f "install-${sh_version}" + then + OKVERLIST="$OKVERLIST ${sh_version}" + fi + done + + rm -f "$tmpF" && touch "$tmpF" + + for dd in $OKVERLIST + do + echo "$dd" >>"$tmpF" + done + + OKVERLIST=`cat "$tmpF" | sort -r` + + rm -f "$tmpF" && touch "$tmpF" + + command="promptMENU 'Please select version to install' " + for word in $OKVERLIST + do + command="$command '${word}'" + done + + eval ${command} + m=$? + if test x$m = x1 + then + (exit 0); exit 0; + elif test x$m = "x-1" + then + printFATAL "Something went wrong !" + else + first_version="$MENU"; + fi + + src_version=`echo ${first_version} | sed s%\.run%% | sed s%\.rpm%% | sed s%\.deb%% | sed s%\.tbz2%% | sed s%\.depot%% | sed s%\.pkg%%` + export src_version + + format=`echo ${first_version} | sed '/^\(.*\)\.\([0-9a-zA-Z]*\)$/{ s//\2/; q; }'` + if test "x$format" = xpkg + then + format="solaris-pkg" + fi + export format + + fi +} Index: /tags/2.5.0/dsys/funcPRINT =================================================================== --- /tags/2.5.0/dsys/funcPRINT (revision 189) +++ /tags/2.5.0/dsys/funcPRINT (revision 189) @@ -0,0 +1,84 @@ +######################################################################### +# +# Printing/logging Subroutines +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +# Fatal error +# +printFATAL() { + printERROR ${1+"$@"} + main_exit_status=1 + echo '1' > "$tmpERR" + (exit 1); exit 1; +} + +# Print a message to stderr +# +printERROR() { + echo "ERROR:" ${1+"$@"} >&2 +} + +# Print a message to stderr +# +printWARNING() { + echo "WARNING:" ${1+"$@"} >&2 +} + +# Print a message to stdout +# +printLOG() { + if test $silent -lt 2 + then + now=`date` + if test -z "$logfile" + then + if test x"$simulate" = x0 + then + echo "${now}:" ${1+"$@"} + else + echo "${now}: (simulate)" ${1+"$@"} + fi + else + if test x"$simulate" = x0 + then + echo "${now}:" ${1+"$@"} >"$logfile" + else + echo "${now}: (simulate)" ${1+"$@"} >"$logfile" + fi + fi + fi +} + +# Print a message to stdout +# +printINFO() { + if test x"$silent" = x0 + then + if test x"$simulate" = x0 + then + echo ${1+"$@"} + else + echo "(simulate)" ${1+"$@"} + fi + fi +} + Index: /tags/2.5.0/dsys/funcSETUP =================================================================== --- /tags/2.5.0/dsys/funcSETUP (revision 189) +++ /tags/2.5.0/dsys/funcSETUP (revision 189) @@ -0,0 +1,63 @@ +######################################################################### +# +# Setup test Subroutines +# +######################################################################### +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +# test setup +# +testSETUP1() { + test -d "$basedir" || printFATAL "Basedir $basedir does not exist" + test -d "$basedir/tmp" || printFATAL "Tmpdir $basedir/tmp does not exist" + tmpdir="$basedir/tmp"; export tmpdir + return 0 +} + +# test setup +# +testSETUP2() { + test -z "$action" && + { + promptMENU "Which action do you want to perform" "install" "build" "download" "checksrc" "clean" "info" "uninstall"; + action="$MENU"; export action; + } + if (test x"$action" = xbuild || test x"$action" = xinstall || test x"$action" = xuninstall) + then + test -z "$host" && + { + promptINPUT "On which host do you want to $action"; + host="$INPUT"; export host; + } + fi + return 0 +} + +setupFORMAT() { + + tmp_format=`echo "${1}" | sed '/^\(.*\)\.\([0-9a-zA-Z]*\)$/{ s//\2/; q; }'` + echo "${tmp_format}" +} + +setupVERSION() { + tmp_version=`echo ${DB_version} | sed s%\.run%% | sed s%\.rpm%% | sed s%\.depot%% | sed s%\.deb%% | sed s%\.tbz2%% | sed s%\.pkg%%` + echo "${tmp_version}" + +} Index: /tags/2.5.0/dsys/initscript =================================================================== --- /tags/2.5.0/dsys/initscript (revision 189) +++ /tags/2.5.0/dsys/initscript (revision 189) @@ -0,0 +1,166 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +startup=no + +# arg1: the --enable-nocl=password password (use 'start' for none) +# arg2(optional): if 'startup', start the client and exit +# +# +# 'nocl' is used to handle the --enable-nocl=password option. 'start' is a +# reserved word, hence cannot be the password. +# We are called with one argument, which may be 'start' to indicate that +# the --enable-nocl=password option is not used. +# +if test "x$1" = x +then + nocl=start +else + nocl="$1" +fi + +if test "x$2" = x +then + command="data" +else + command="$2" +fi + +name=`./samhain-install.sh --print-config name` +sbin=`./samhain-install.sh --print-config sbin_dir` + +# execute and exit for start|stop|restart|reload|status, else fallthrough +case $command in + start | stop) + MONIT="" + test -f /usr/local/bin/monit && MONIT="/usr/local/bin/monit" + if test x"$MONIT" = x + then + test -f /usr/bin/monit && MONIT="/usr/bin/monit" + if test x"$MONIT" = x + then + : + else + zz=`/usr/bin/monit status | grep ${name}` + if test x"$zz" = x + then + : + else + ${MONIT} "${command}" "${name}" + exit 0 + fi + fi + fi + + retval=0 + + if test -f /etc/init.d/${name} + then + /etc/init.d/${name} ${command} + retval=$? + elif test -f /etc/rc.d/init.d/${name} + then + /etc/rc.d/init.d/${name} ${command} + retval=$? + elif test -f "$sbin/$name" + then + $sbin/$name ${command} + retval=$? + else + exit 1 + fi + if test x"$command" = xstop + then + exit 0 + fi + exit $retval + ;; + + reload | restart | status ) + if test -f /etc/init.d/${name} + then + /etc/init.d/${name} ${command} + elif test -f /etc/rc.d/init.d/${name} + then + /etc/rc.d/init.d/${name} ${command} + elif test -f "$sbin/$name" + then + $sbin/$name ${command} + else + exit 1 + fi + exit $? + ;; + + *) + ;; +esac + +data=`./samhain-install.sh --print-config data_file` +ddir=`./samhain-install.sh --print-config data_dir` + +remfile=no +remdir=no + +if test -d "$ddir" +then + test -f "$data" || remfile=yes +else + ./samhain-install.sh --mkinstalldirs "$ddir" + remdir=yes +fi + +if test -f "$sbin/$name" +then + if test -f "$data" + then + rm "$data" || exit 1 + fi + + if test x"$nocl" = xstart + then + $sbin/$name -t init -p err + else + echo '-t init -p err' | $sbin/$name "$nocl" + fi +else + echo "$sbin/$name not found" >&2 + exit 1 +fi + +if test -f "$data" +then + cp "$data" ./data +else + echo "$data not found" >&2 + exit 1 +fi + +if test x"$remdir" = xyes +then + rm -rf "$ddir" +elif test x"$remfile" = xyes +then + rm -f "$data" +fi + +exit 0 + Index: /tags/2.5.0/dsys/postinstall =================================================================== --- /tags/2.5.0/dsys/postinstall (revision 189) +++ /tags/2.5.0/dsys/postinstall (revision 189) @@ -0,0 +1,58 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +name=`./samhain-install.sh --print-config name` +sbin=`./samhain-install.sh --print-config sbin_dir` +rcfi=`./samhain-install.sh --print-config config_file` +passwd=$1 + +setpwd="./${name}_setpwd" + +# Install the prepared configuration file. +# +test -f ./prepared_samhainrc || exit 1 +./samhain-install.sh --install-sh -m 600 ./prepared_samhainrc "$rcfi" || exit 1 + +# Gentoo noise +# +rm -f /etc/init.d/._cfg????_${name} +rm -f /etc/._cfg????_${name}rc + +# Set the password within the executable. +# +if test "x${passwd}" = "xDUMMY" +then + rm -f "$sbin/${name}_setpwd" +else + current=`pwd` + cd "$sbin" || exit 1 + eval "$setpwd" "$name" new "$passwd" || exit 1 + if test -f "${name}.new" + then + rm "$name" || exit 1 + mv "${name}.new" "$name" || exit 1 + rm -f "./${name}_setpwd" + fi + cd "$current" +fi + +exit 0 + Index: /tags/2.5.0/dsys/preinstall =================================================================== --- /tags/2.5.0/dsys/preinstall (revision 189) +++ /tags/2.5.0/dsys/preinstall (revision 189) @@ -0,0 +1,57 @@ +#! /bin/sh +# +# Copyright Rainer Wichmann (2005) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +name=`./samhain-install.sh --print-config name` +sbin=`./samhain-install.sh --print-config sbin_dir` + +MONIT="" +test -f /usr/local/bin/monit && MONIT="/usr/local/bin/monit" +if test x"$MONIT" = x +then + test -f /usr/bin/monit && MONIT="/usr/bin/monit" + if test x"$MONIT" = x + then + : + else + zz=`/usr/bin/monit status | grep ${name}` + if test x"$zz" = x + then + : + else + ${MONIT} stop "${name}" + exit 0 + fi + fi +fi + +if test -f /etc/init.d/${name} +then + /etc/init.d/${name} stop +elif test -f /etc/rc.d/init.d/${name} +then + /etc/rc.d/init.d/${name} stop +else + if test -f $sbin/$name + then + $sbin/$name stop + fi +fi + +exit 0 Index: /tags/2.5.0/hp_ux.psf.in =================================================================== --- /tags/2.5.0/hp_ux.psf.in (revision 189) +++ /tags/2.5.0/hp_ux.psf.in (revision 189) @@ -0,0 +1,75 @@ +# PSF +depot + layout_version 1.0 +# Product definition: +product + tag @install_name@ + revision @VERSION@ + is_patch false + title @install_name@ Client + description "Client for the @install_name@ system" + machine_type * + os_name HP-UX + os_release ?.11.* + os_version ? + directory / + is_locatable false + +# Dummy for configure warning +# datarootdir = @datarootdir@ + +# Specify a checkremove script that executes during the +# swremove analysis phase. (This script prevents the +# removal of the SD product and returns an ERROR. +# checkremove scripts/checkremove.sd + + configure ./sc/configure + unconfigure ./sc/unconfigure + preremove ./sc/preremove + + # Fileset definitions: + fileset + tag basic + title Core system + revision @VERSION@ + file_permissions -m 0700 -o root -g sys + # + # Files: +# + directory ./sbin/init.d=/sbin/init.d + file -m 0555 -o bin -g bin @install_name@ +# + directory .@prefix@=@prefix@ + file -m 0555 -o bin -g bin . +# + directory .@sysconfdir@=@sysconfdir@ + file -v -m 0600 @install_name@rc + file -m 0555 -o bin -g bin . +# + directory .@sbindir@=@sbindir@ + file * + file -m 0555 -o bin -g bin . + file -m 0750 -o bin -g bin @install_name@ +# + directory .@mydataroot@=@mydataroot@ + file -m 0555 -o bin -g bin . +# + directory .@mylogdir@=@mylogdir@ + file -m 0755 -o adm -g adm . +# + directory .@mylockdir@=@mylockdir@ + file -m 0555 -o bin -g bin . + end + # Manpage fileset definitions: + #fileset + # tag man + # title Manual pages for samhain + # revision 2.05 + # directory .@mandir@/man8=@mandir@/man8 + # file * + # directory .@mandir@/man5=@mandir@/man5 + # file * + #end + #man +end +# Index: /tags/2.5.0/include/CuTest.h =================================================================== --- /tags/2.5.0/include/CuTest.h (revision 189) +++ /tags/2.5.0/include/CuTest.h (revision 189) @@ -0,0 +1,138 @@ +/******************* + +LICENSE + +Copyright (c) 2003 Asim Jalis + +This software is provided 'as-is', without any express or implied +warranty. In no event will the authors be held liable for any damages +arising from the use of this software. + +Permission is granted to anyone to use this software for any purpose, +including commercial applications, and to alter it and redistribute it +freely, subject to the following restrictions: + +1. The origin of this software must not be misrepresented; you must not +claim that you wrote the original software. If you use this software in +a product, an acknowledgment in the product documentation would be +appreciated but is not required. + +2. Altered source versions must be plainly marked as such, and must not +be misrepresented as being the original software. + +3. This notice may not be removed or altered from any source +distribution. + +**********************/ + +#ifndef CU_TEST_H +#define CU_TEST_H + +#include +#include + +/* CuString */ + +char* CuStrAlloc(int size); +char* CuStrCopy(const char* old); + +#define CU_ALLOC(TYPE) ((TYPE*) malloc(sizeof(TYPE))) + +#define HUGE_STRING_LEN 8192 +#define STRING_MAX 256 +#define STRING_INC 256 + +typedef struct +{ + int length; + int size; + char* buffer; +} CuString; + +void CuStringInit(CuString* str); +CuString* CuStringNew(void); +void CuStringRead(CuString* str, const char* path); +void CuStringAppend(CuString* str, const char* text); +void CuStringAppendChar(CuString* str, char ch); +void CuStringAppendFormat(CuString* str, const char* format, ...); +void CuStringInsert(CuString* str, const char* text, int pos); +void CuStringResize(CuString* str, int newSize); + +/* CuTest */ + +typedef struct CuTest CuTest; + +typedef void (*TestFunction)(CuTest *); + +struct CuTest +{ + const char* name; + TestFunction function; + int failed; + int ran; + const char* message; + jmp_buf *jumpBuf; +}; + +void CuTestInit(CuTest* t, const char* name, TestFunction function); +CuTest* CuTestNew(const char* name, TestFunction function); +void CuTestRun(CuTest* tc); + +/* Internal versions of assert functions -- use the public versions */ +void CuFail_Line(CuTest* tc, const char* file, int line, const char* message2, const char* message); +void CuAssert_Line(CuTest* tc, const char* file, int line, const char* message, int condition); +void CuAssertStrEquals_LineMsg(CuTest* tc, + const char* file, int line, const char* message, + const char* expected, const char* actual); +void CuAssertIntEquals_LineMsg(CuTest* tc, + const char* file, int line, const char* message, + int expected, int actual); +void CuAssertDblEquals_LineMsg(CuTest* tc, + const char* file, int line, const char* message, + double expected, double actual, double delta); +void CuAssertPtrEquals_LineMsg(CuTest* tc, + const char* file, int line, const char* message, + void* expected, void* actual); + +/* public assert functions */ + +#define CuFail(tc, ms) CuFail_Line( (tc), __FILE__, __LINE__, NULL, (ms)) +#define CuAssert(tc, ms, cond) CuAssert_Line((tc), __FILE__, __LINE__, (ms), (cond)) +#define CuAssertTrue(tc, cond) CuAssert_Line((tc), __FILE__, __LINE__, "assert failed", (cond)) + +#define CuAssertStrEquals(tc,ex,ac) CuAssertStrEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac)) +#define CuAssertStrEquals_Msg(tc,ms,ex,ac) CuAssertStrEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac)) +#define CuAssertIntEquals(tc,ex,ac) CuAssertIntEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac)) +#define CuAssertIntEquals_Msg(tc,ms,ex,ac) CuAssertIntEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac)) +#define CuAssertDblEquals(tc,ex,ac,dl) CuAssertDblEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac),(dl)) +#define CuAssertDblEquals_Msg(tc,ms,ex,ac,dl) CuAssertDblEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac),(dl)) +#define CuAssertPtrEquals(tc,ex,ac) CuAssertPtrEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac)) +#define CuAssertPtrEquals_Msg(tc,ms,ex,ac) CuAssertPtrEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac)) + +#define CuAssertPtrNotNull(tc,p) CuAssert_Line((tc),__FILE__,__LINE__,"null pointer unexpected",(p != NULL)) +#define CuAssertPtrNotNullMsg(tc,msg,p) CuAssert_Line((tc),__FILE__,__LINE__,(msg),(p != NULL)) + +/* CuSuite */ + +#define MAX_TEST_CASES 1024 + +#define SUITE_ADD_TEST(SUITE,TEST) CuSuiteAdd(SUITE, CuTestNew(#TEST, TEST)) + +typedef struct +{ + int count; + CuTest* list[MAX_TEST_CASES]; + int failCount; + +} CuSuite; + + +void CuSuiteInit(CuSuite* testSuite); +CuSuite* CuSuiteNew(void); +void CuSuiteAdd(CuSuite* testSuite, CuTest *testCase); +void CuSuiteAddSuite(CuSuite* testSuite, CuSuite* testSuite2); +void CuSuiteRun(CuSuite* testSuite); +void CuSuiteSummary(CuSuite* testSuite, CuString* summary); +void CuSuiteDetails(CuSuite* testSuite, CuString* details); + +#endif /* CU_TEST_H */ Index: /tags/2.5.0/include/bignum.h =================================================================== --- /tags/2.5.0/include/bignum.h (revision 189) +++ /tags/2.5.0/include/bignum.h (revision 189) @@ -0,0 +1,85 @@ +#ifndef _BIGNUM_H_ +#define _BIGNUM_H_ + +#include "internal.h" + +typedef struct big_struct bignum; + +#define BIG_SIGN_0 0 +#define BIG_SIGN_PLUS 1 +#define BIG_SIGN_MINUS -1 + +#define BIG_OK 0 +#define BIG_MEMERR 1 +#define BIG_DIV_ZERO 2 +#define BIG_ARGERR 3 + +#ifdef BIG_SHORT_NAMES +#define big_set_big big_sb +#define big_set_long big_sl +#define big_set_ulong big_usl +#define big_string big_rs +#define big_leqp big_lq +#define big_expt big_x +#endif + +/* External variables to take care about when using the bignums */ +typedef int bigerr_t; +extern int big_errno; +extern char *big_end_string; + +/* External functions to enable use of bignums */ +extern bigerr_t big_init_pkg(void); +extern void big_release_pkg(void); + +extern bigerr_t big_create(bignum *a); +extern void big_destroy(bignum *a); + +extern unsigned long big_bitcount(bignum *a); + +extern bigerr_t big_set_big(bignum *a, bignum *b); +extern void big_set_long(long n, bignum *a); +extern void big_set_ulong(unsigned long n, bignum *a); +extern bigerr_t big_set_string(char *numstr, int base, bignum *a); + +extern int big_long(bignum *a, long *n); +extern int big_ulong(bignum *a, unsigned long *n); +extern char *big_string(bignum *a, int base); + +extern int big_sign(bignum *a); +extern bigerr_t big_abs(bignum *a, bignum *b); + +extern bigerr_t big_negate(bignum *a, bignum *b); + +extern int big_compare(bignum *a, bignum *b); +extern int big_lessp(bignum *a, bignum *b); +extern int big_leqp(bignum *a, bignum *b); +extern int big_equalp(bignum *a, bignum *b); +extern int big_geqp(bignum *a, bignum *b); +extern int big_greaterp(bignum *a, bignum *b); + +extern int big_zerop(bignum *a); +extern int big_evenp(bignum *a); +extern int big_oddp(bignum *a); + +extern bigerr_t big_add(bignum *a, bignum *b, bignum *c); +extern bigerr_t big_sub(bignum *a, bignum *b, bignum *c); + +extern bigerr_t big_mul(bignum *a, bignum *b, bignum *c); + +extern bigerr_t big_trunc(bignum *a, bignum *b, bignum *c, bignum *r); +extern bigerr_t big_floor(bignum *a, bignum *b, bignum *c, bignum *r); +extern bigerr_t big_ceil(bignum *a, bignum *b, bignum *c, bignum *r); +extern bigerr_t big_round(bignum *a, bignum *b, bignum *c, bignum *r); + +extern bigerr_t big_random(bignum *a, bignum *b); + +extern bigerr_t big_expt(bignum *a, unsigned long z, bignum *x); +extern bigerr_t big_exptmod(bignum *a_in, bignum *z_in, bignum *n, bignum *x); +extern bigerr_t big_gcd(bignum *a, bignum *b, bignum *g); + +#ifndef NULL +#define NULL 0 +#endif + +#endif /* _BIGNUM_H_ */ Index: /tags/2.5.0/include/kern_head.h =================================================================== --- /tags/2.5.0/include/kern_head.h (revision 189) +++ /tags/2.5.0/include/kern_head.h (revision 189) @@ -0,0 +1,1645 @@ + + +/* i386 sys_call_table for kernel 2.4.x + */ +char * callz_2p4[] = { + "sys_ni_syscall", /* 0 - old setup() system call*/ + "sys_exit", + "sys_fork", + "sys_read", + "sys_write", + "sys_open", /* 5 */ + "sys_close", + "sys_waitpid", + "sys_creat", + "sys_link", + "sys_unlink", /* 10 */ + "sys_execve", + "sys_chdir", + "sys_time", + "sys_mknod", + "sys_chmod", /* 15 */ + "sys_lchown16", + "sys_ni_syscall", /* old break syscall holder */ + "sys_stat", + "sys_lseek", + "sys_getpid", /* 20 */ + "sys_mount", + "sys_oldumount", + "sys_setuid16", + "sys_getuid16", + "sys_stime", /* 25 */ + "sys_ptrace", + "sys_alarm", + "sys_fstat", + "sys_pause", + "sys_utime", /* 30 */ + "sys_ni_syscall", /* old stty syscall holder */ + "sys_ni_syscall", /* old gtty syscall holder */ + "sys_access", + "sys_nice", + "sys_ni_syscall", /* 35 */ /* old ftime syscall holder */ + "sys_sync", + "sys_kill", + "sys_rename", + "sys_mkdir", + "sys_rmdir", /* 40 */ + "sys_dup", + "sys_pipe", + "sys_times", + "sys_ni_syscall", /* old prof syscall holder */ + "sys_brk", /* 45 */ + "sys_setgid16", + "sys_getgid16", + "sys_signal", + "sys_geteuid16", + "sys_getegid16", /* 50 */ + "sys_acct", + "sys_umount", /* recycled never used phys() */ + "sys_ni_syscall", /* old lock syscall holder */ + "sys_ioctl", + "sys_fcntl", /* 55 */ + "sys_ni_syscall", /* old mpx syscall holder */ + "sys_setpgid", + "sys_ni_syscall", /* old ulimit syscall holder */ + "sys_olduname", + "sys_umask", /* 60 */ + "sys_chroot", + "sys_ustat", + "sys_dup2", + "sys_getppid", + "sys_getpgrp", /* 65 */ + "sys_setsid", + "sys_sigaction", + "sys_sgetmask", + "sys_ssetmask", + "sys_setreuid16", /* 70 */ + "sys_setregid16", + "sys_sigsuspend", + "sys_sigpending", + "sys_sethostname", + "sys_setrlimit", /* 75 */ + "sys_old_getrlimit", + "sys_getrusage", + "sys_gettimeofday", + "sys_settimeofday", + "sys_getgroups16", /* 80 */ + "sys_setgroups16", + "old_select", + "sys_symlink", + "sys_lstat", + "sys_readlink", /* 85 */ + "sys_uselib", + "sys_swapon", + "sys_reboot", + "old_readdir", + "old_mmap", /* 90 */ + "sys_munmap", + "sys_truncate", + "sys_ftruncate", + "sys_fchmod", + "sys_fchown16", /* 95 */ + "sys_getpriority", + "sys_setpriority", + "sys_ni_syscall", /* old profil syscall holder */ + "sys_statfs", + "sys_fstatfs", /* 100 */ + "sys_ioperm", + "sys_socketcall", + "sys_syslog", + "sys_setitimer", + "sys_getitimer", /* 105 */ + "sys_newstat", + "sys_newlstat", + "sys_newfstat", + "sys_uname", + "sys_iopl", /* 110 */ + "sys_vhangup", + "sys_ni_syscall", /* old idle system call */ + "sys_vm86old", + "sys_wait4", + "sys_swapoff", /* 115 */ + "sys_sysinfo", + "sys_ipc", + "sys_fsync", + "sys_sigreturn", + "sys_clone", /* 120 */ + "sys_setdomainname", + "sys_newuname", + "sys_modify_ldt", + "sys_adjtimex", + "sys_mprotect", /* 125 */ + "sys_sigprocmask", + "sys_create_module", + "sys_init_module", + "sys_delete_module", + "sys_get_kernel_syms", /* 130 */ + "sys_quotactl", + "sys_getpgid", + "sys_fchdir", + "sys_bdflush", + "sys_sysfs", /* 135 */ + "sys_personality", + "sys_ni_syscall", /* for afs_syscall */ + "sys_setfsuid16", + "sys_setfsgid16", + "sys_llseek", /* 140 */ + "sys_getdents", + "sys_select", + "sys_flock", + "sys_msync", + "sys_readv", /* 145 */ + "sys_writev", + "sys_getsid", + "sys_fdatasync", + "sys_sysctl", + "sys_mlock", /* 150 */ + "sys_munlock", + "sys_mlockall", + "sys_munlockall", + "sys_sched_setparam", + "sys_sched_getparam", /* 155 */ + "sys_sched_setscheduler", + "sys_sched_getscheduler", + "sys_sched_yield", + "sys_sched_get_priority_max", + "sys_sched_get_priority_min", /* 160 */ + "sys_sched_rr_get_interval", + "sys_nanosleep", + "sys_mremap", + "sys_setresuid16", + "sys_getresuid16", /* 165 */ + "sys_vm86", + "sys_query_module", + "sys_poll", + "sys_nfsservctl", + "sys_setresgid16", /* 170 */ + "sys_getresgid16", + "sys_prctl", + "sys_rt_sigreturn", + "sys_rt_sigaction", + "sys_rt_sigprocmask", /* 175 */ + "sys_rt_sigpending", + "sys_rt_sigtimedwait", + "sys_rt_sigqueueinfo", + "sys_rt_sigsuspend", + "sys_pread", /* 180 */ + "sys_pwrite", + "sys_chown16", + "sys_getcwd", + "sys_capget", + "sys_capset", /* 185 */ + "sys_sigaltstack", + "sys_sendfile", + "sys_getpmsg", /* streams1 */ + "sys_putpmsg", /* streams2 */ + "sys_vfork", /* 190 */ + "sys_getrlimit", + "sys_mmap2", + "sys_truncate64", + "sys_ftruncate64", + "sys_stat64", /* 195 */ + "sys_lstat64", + "sys_fstat64", + "sys_lchown", + "sys_getuid", + "sys_getgid", /* 200 */ + "sys_geteuid", + "sys_getegid", + "sys_setreuid", + "sys_setregid", + "sys_getgroups", /* 205 */ + "sys_setgroups", + "sys_fchown", + "sys_setresuid", + "sys_getresuid", + "sys_setresgid", /* 210 */ + "sys_getresgid", + "sys_chown", + "sys_setuid", + "sys_setgid", + "sys_setfsuid", /* 215 */ + "sys_setfsgid", + "sys_pivot_root", + "sys_mincore", + "sys_madvise", + "sys_getdents64", /* 220 */ + "sys_fcntl64", + "sys_tux", /* reserved for TUX */ + "sys_security", + "sys_gettid", + "sys_readahead", /* 225 */ + "sys_setxattr", + "sys_lsetxattr", + "sys_fsetxattr", + "sys_getxattr", + "sys_lgetxattr", /* 230 */ + "sys_fgetxattr", + "sys_listxattr", + "sys_llistxattr", + "sys_flistxattr", + "sys_removexattr", /* 235 */ + "sys_lremovexattr", + "sys_fremovexattr", + "sys_tkill", + "sys_sendfile64", + "sys_futex", /* 240 */ + "sys_sched_setaffinity", + "sys_sched_getaffinity", + "sys_set_thread_area", + "sys_get_thread_area", + "sys_io_setup", /* 245 */ + "sys_io_destroy", + "sys_io_getevents", + "sys_io_submit", + "sys_io_cancel", + "sys_alloc_hugepages", /* 250 */ + "sys_free_hugepages", + "sys_exit_group", + "sys_lookup_dcookie", /* 2.6 */ + "sys_epoll_create", + "sys_epoll_ctl", /* 255 */ + "sys_epoll_wait", + "sys_remap_file_pages", + "sys_set_tid_address", + "sys_timer_create", + "sys_timer_settime", /* 260 */ + "sys_timer_gettime", + "sys_timer_getoverrun", + "sys_timer_delete", + "sys_clock_settime", + "sys_clock_gettime", /* 265 */ + "sys_clock_getres", + "sys_clock_nanosleep", + "sys_statfs64", + "sys_fstatfs64", + "sys_tgkill", /* 270 */ + "sys_utimes", + "sys_fadvise64_64", + "sys_vserver", + NULL +}; + + + +/* i386 sys_call_table for kernel 2.2.x + */ +char * callz_2p2[]={ + "sys_ni_syscall", /* 0 */ + "sys_exit", + "sys_fork", + "sys_read", + "sys_write", + "sys_open", /* 5 */ + "sys_close", + "sys_waitpid", + "sys_creat", + "sys_link", + "sys_unlink", /* 10 */ + "sys_execve", + "sys_chdir", + "sys_time", + "sys_mknod", + "sys_chmod", /* 15 */ + "sys_lchown", + "sys_ni_syscall", + "sys_stat", + "sys_lseek", + "sys_getpid", /* 20 */ + "sys_mount", + "sys_oldumount", + "sys_setuid", + "sys_getuid", + "sys_stime", /* 25 */ + "sys_ptrace", + "sys_alarm", + "sys_fstat", + "sys_pause", + "sys_utime", /* 30 */ + "sys_ni_syscall", + "sys_ni_syscall", + "sys_access", + "sys_nice", + "sys_ni_syscall", /* 35 */ + "sys_sync", + "sys_kill", + "sys_rename", + "sys_mkdir", + "sys_rmdir", /* 40 */ + "sys_dup", + "sys_pipe", + "sys_times", + "sys_ni_syscall", + "sys_brk", /* 45 */ + "sys_setgid", + "sys_getgid", + "sys_signal", + "sys_geteuid", + "sys_getegid", /* 50 */ + "sys_acct", + "sys_umount", + "sys_ni_syscall", + "sys_ioctl", + "sys_fcntl", /* 55 */ + "sys_ni_syscall", + "sys_setpgid", + "sys_ni_syscall", + "sys_olduname", + "sys_umask", /* 60 */ + "sys_chroot", + "sys_ustat", + "sys_dup2", + "sys_getppid", + "sys_getpgrp", /* 65 */ + "sys_setsid", + "sys_sigaction", + "sys_sgetmask", + "sys_ssetmask", + "sys_setreuid", /* 70 */ + "sys_setregid", + "sys_sigsuspend", + "sys_sigpending", + "sys_sethostname", + "sys_setrlimit", /* 75 */ + "sys_getrlimit", + "sys_getrusage", + "sys_gettimeofday", + "sys_settimeofday", + "sys_getgroups", /* 80 */ + "sys_setgroups", + "old_select", + "sys_symlink", + "sys_lstat", + "sys_readlink", /* 85 */ + "sys_uselib", + "sys_swapon", + "sys_reboot", + "old_readdir", + "old_mmap", /* 90 */ + "sys_munmap", + "sys_truncate", + "sys_ftruncate", + "sys_fchmod", + "sys_fchown", /* 95 */ + "sys_getpriority", + "sys_setpriority", + "sys_ni_syscall", + "sys_statfs", + "sys_fstatfs", /* 100 */ + "sys_ioperm", + "sys_socketcall", + "sys_syslog", + "sys_setitimer", + "sys_getitimer", /* 105 */ + "sys_newstat", + "sys_newlstat", + "sys_newfstat", + "sys_uname", + "sys_iopl", /* 110 */ + "sys_vhangup", + "sys_idle", + "sys_vm86old", + "sys_wait4", + "sys_swapoff", /* 115 */ + "sys_sysinfo", + "sys_ipc", + "sys_fsync", + "sys_sigreturn", + "sys_clone", /* 120 */ + "sys_setdomainname", + "sys_newuname", + "sys_modify_ldt", + "sys_adjtimex", + "sys_mprotect", /* 125 */ + "sys_sigprocmask", + "sys_create_module", + "sys_init_module", + "sys_delete_module", + "sys_get_kernel_syms", /* 130 */ + "sys_quotactl", + "sys_getpgid", + "sys_fchdir", + "sys_bdflush", + "sys_sysfs", /* 135 */ + "sys_personality", + "sys_ni_syscall", + "sys_setfsuid", + "sys_setfsgid", + "sys_llseek", /* 140 */ + "sys_getdents", + "sys_select", + "sys_flock", + "sys_msync", + "sys_readv", /* 145 */ + "sys_writev", + "sys_getsid", + "sys_fdatasync", + "sys_sysctl", + "sys_mlock", /* 150 */ + "sys_munlock", + "sys_mlockall", + "sys_munlockall", + "sys_sched_setparam", + "sys_sched_getparam", /* 155 */ + "sys_sched_setscheduler", + "sys_sched_getscheduler", + "sys_sched_yield", + "sys_sched_get_priority_max", + "sys_sched_get_priority_min", /* 160 */ + "sys_sched_rr_get_interval", + "sys_nanosleep", + "sys_mremap", + "sys_setresuid", + "sys_getresuid", /* 165 */ + "sys_vm86", + "sys_query_module", + "sys_poll", + "sys_nfsservctl", + "sys_setresgid", /* 170 */ + "sys_getresgid", + "sys_prctl", + "sys_rt_sigreturn", + "sys_rt_sigaction", + "sys_rt_sigprocmask", /* 175 */ + "sys_rt_sigpending", + "sys_rt_sigtimedwait", + "sys_rt_sigqueueinfo", + "sys_rt_sigsuspend", + "sys_pread", /* 180 */ + "sys_pwrite", + "sys_chown", + "sys_getcwd", + "sys_capget", + "sys_capset", /* 185 */ + "sys_sigaltstack", + "sys_sendfile", + "sys_ni_syscall", + "sys_ni_syscall", + "sys_vfork", /* 190 */ + NULL +}; + +/* i386 sys_call_table for openbsd + */ +char * callz_obsd[]={ + "_nosys", /* 0 */ + "_sys_exit", + "_sys_fork", + "_sys_read", + "_sys_write", + "_sys_open", /* 5 */ + "_sys_close", + "_sys_wait4", + "_compat_43_sys_creat", + "_sys_link", + "_sys_unlink", /* 10 */ + "_sys_nosys", + "_sys_chdir", + "_sys_fchdir", + "_sys_mknod", + "_sys_chmod", /* 15 */ + "_sys_chown", + "_sys_break", + "_nosys", + "_compat_43_sys_lseek", + "_sys_getpid", /* 20 */ + "_sys_mount", + "_sys_unmount", + "_sys_setuid", + "_sys_getuid", + "_sys_geteuid", /* 25 */ + "_sys_ptrace", + "_sys_recvmsg", /* 27 */ + "_sys_sendmsg", /* 28 */ + "_sys_recvfrom", /* 29 */ + "_sys_accept", /* 30 */ + "_sys_getpeername", /* 31 */ + "_sys_getsockname", /* 32 */ + "_sys_access", /* 33 */ + "_sys_chflags", /* 34 */ + "_sys_fchflags", /* 35 */ + "_sys_sync", /* 36 */ + "_sys_kill", /* 37 */ + "_compat_43_sys_stat", /* 38 is old stat */ + "_sys_getppid", /* 39 */ + "_compat_43_sys_lstat", /* 40 is old lstat */ + "_sys_dup", /* 41 */ + "_sys_opipe", /* 42 */ + "_sys_getegid", /* 43 */ + "_sys_profil", /* 44 */ + "_sys_ktrace", /* 45 */ + "_sys_sigaction",/* 46 */ + "_sys_getgid", /* 47 */ + "_sys_sigprocmask", + "_sys_getlogin", /* 49 */ + "_sys_setlogin", /* 50 */ + "_sys_acct", /* 51 */ + "_sys_sigpending", + "_sys_osigaltstack", /* 53 */ + "_sys_ioctl", /* 54 */ + "_sys_reboot", /* 55 */ + "_sys_revoke", /* 56 */ + "_sys_symlink", /* 57 */ + "_sys_readlink", /* 58 */ + "_sys_execve", /* 59 */ + "_sys_umask", /* 60 */ + "_sys_chroot", /* 61 */ + "_compat_43_sys_fstat", /* 62 is old fstat */ + "_compat_43_sys_getkerninfo", /* 63 is old ogetkerninfo */ + "_compat_43_sys_getpagesize", /* 64 is old ogetpagesize */ + "_nosys", /* 65 is omsync */ + "_sys_vfork", /* 66 */ + "_nosys", /* 67 is obsolete vread */ + "_nosys", /* 68 is obsolete vwrite */ + "_sys_sbrk", /* 69 */ + "_sys_sstk", /* 70 */ + "_compat_43_sys_mmap", /* 71 is ommap */ + "_sys_ovadvise", /* 72 */ + "_sys_munmap", /* 73 */ + "_sys_mprotect", /* 74 */ + "_sys_madvise", /* 75 */ + "_nosys", /* 76 is obsolete vhangup */ + "_nosys", /* 77 is obsolete vlimit */ + "_sys_mincore", /* 78 */ + "_sys_getgroups",/* 79 */ + "_sys_setgroups",/* 80 */ + "_sys_getpgrp", /* 81 */ + "_sys_setpgid", /* 82 */ + "_sys_setitimer",/* 83 */ + "_compat_43_sys_wait", /* 84 is owait */ + "_nosys", /* 85 is swapon */ + "_sys_getitimer",/* 86 */ + "_compat_43_sys_gethostname", /* 87 is ogethostname */ + "_compat_43_sys_sethostname", /* 88 is osethostname */ + "_compat_43_sys_getdtablesize", /* 89 os ogetdtablesize */ + "_sys_dup2", /* 90 */ + "_nosys", /* 91 is ??? */ + "_sys_fcntl", /* 92 */ + "_sys_select", /* 93 */ + "_nosys", /* 94 is ??? */ + "_sys_fsync", /* 95 */ + "_sys_setpriority", /* 96 */ + "_sys_socket", /* 97 */ + "_sys_connect", /* 98 */ + "_compat_43_sys_accept", /* 99 is oaccept */ + "_sys_getpriority", /* 100 */ + "_compat_43_sys_send", /* 101 is osend */ + "_compat_43_sys_recv", /* 102 is orecv */ + "_sys_sigreturn", + "_sys_bind", /* 104 */ + "_sys_setsockopt", /* 105 */ + "_sys_listen", /* 106 */ + "_nosys", /* 107 is obsolete vtimes */ + "_compat_43_sys_sigvec", /* 108 is osigvec */ + "_compat_43_sys_sigblock", /* 109 is osigblock */ + "_compat_43_sys_sigsetmask", /* 110 is osigsetmask */ + "_sys_sigsuspend", + "_compat_43_sys_sigstack", /* 112 is osigstack */ + "_compat_43_sys_recvmsg", /* 113 is orecvmsg */ + "_compat_43_sys_sendmsg", /* 114 is osendmsg */ + "_nosys", /* 115 is obsolete vtrace */ + "_sys_gettimeofday", /* 116 */ + "_sys_getrusage", /* 117 */ + "_sys_getsockopt", /* 118 */ + "_nosys", /* 119 is obsolete resuba */ + "_sys_readv", /* 120 */ + "_sys_writev", /* 121 */ + "_sys_settimeofday", /* 122 */ + "_sys_fchown", /* 123 */ + "_sys_fchmod", /* 124 */ + "_compat_43_sys_recvfrom", /* 125 is orecvfrom */ + "_sys_setreuid", /* 126 */ + "_sys_setregid", /* 127 */ + "_sys_rename", /* 128 */ + "_compat_43_sys_truncate", /* 129 is old truncate */ + "_compat_43_sys_ftruncate", /* 130 is old ftruncate */ + "_sys_flock", /* 131 */ + "_sys_mkfifo", /* 132 */ + "_sys_sendto", /* 133 */ + "_sys_shutdown", /* 134 */ + "_sys_socketpair", /* 135 */ + "_sys_mkdir", /* 136 */ + "_sys_rmdir", /* 137 */ + "_sys_utimes", /* 138 */ + "_nosys", /* 139 is obsolete 4.2 sigreturn */ + "_sys_adjtime", /* 140 */ + "_compat_43_sys_getpeername", /* 141 is ogetpeername */ + "_compat_43_sys_gethostid", /* 142 is ogethostid */ + "_compat_43_sys_sethostid", /* 143 is osethostid */ + "_compat_43_sys_getrlimit", /* 144 is ogetrlimit */ + "_compat_43_sys_setrlimit", /* 145 is osetrlimit */ + "_compat_43_sys_killpg", /* 146 is okillpg */ + "_sys_setsid", /* 147 */ + "_sys_quotactl", /* 148 */ + "_compat_43_sys_quota", /* 149 is oquota */ + "_compat_43_sys_getsockname", /* 150 is ogetsockname */ + "_nosys", /* 151 is ??? */ + "_nosys", /* 152 is ??? */ + "_nosys", /* 153 is ??? */ + "_nosys", /* 154 is ??? */ + "_sys_nfssvc", /* 155 */ + "_compat_43_sys_getdirentries", /* 156 is ogetdirentries */ + "_nosys", /* 157 is ostatfs */ + "_nosys", /* 158 is ofstatfs */ + "_nosys", /* 159 is ??? */ + "_nosys", /* 160 is ??? */ + "_sys_getfh", /* 161 */ + "_nosys", /* 162 is ogetdomainname */ + "_nosys", /* 163 is osetdomainname */ + "_nosys", /* 164 is ouname */ + "_sys_sysarch", /* 165 */ + "_nosys", + "_nosys", /* 167 is ??? */ + "_nosys", /* 168 is ??? */ + "_nosys", /* 169 is compat_10 osemsys */ + "_nosys", /* 170 is compat_10 omsgsys */ + "_nosys", /* 171 is compat_10 oshmsys */ + "_nosys", /* 172 is ??? */ + "_sys_pread", /* 173 */ + "_sys_pwrite", /* 174 */ + "_nosys", /* 175 is ??? */ + "_nosys", /* 176 is ??? */ + "_nosys", /* 177 is ??? */ + "_nosys", /* 178 is ??? */ + "_nosys", /* 179 is ??? */ + "_nosys", /* 180 is ??? */ + "_sys_setgid", /* 181 */ + "_sys_setegid", /* 182 */ + "_sys_seteuid", /* 183 */ + "_sys_bmapv", /* 184 */ + "_sys_markv", /* 185 */ + "_sys_segclean", /* 186 */ + "_sys_segwait", /* 187 */ + "_compat_35_sys_stat", /* 188 is compat_35 stat35 */ + "_compat_35_sys_fstat", /* 189 is compat_35 fstat35 */ + "_compat_35_sys_lstat", /* 190 is compat_35 lstat35 */ + "_sys_pathconf", /* 191 */ + "_sys_fpathconf", /* 192 */ + "_sys_swapctl", /* 193 */ + "_sys_getrlimit", /* 194 */ + "_sys_setrlimit", /* 195 */ + "_sys_getdirentries", /* 196 */ + "_sys_mmap", /* 197 */ + "_sys___syscall", /* 198 */ + "_sys_lseek", /* 199 */ + "_sys_truncate", /* 200 */ + "_sys_ftruncate", /* 201 */ + "_sys___sysctl", /* 202 */ + "_sys_mlock", /* 203 */ + "_sys_munlock", /* 204 */ + "_sys_undelete", /* 205 */ + "_sys_futimes", /* 206 */ + "_sys_getpgid", /* 207 */ + "_sys_xfspioctl", /* 208 */ + "_nosys", /* 209 is ??? */ + "_nosys", /* 210 is ??? */ + "_nosys", /* 211 is ??? */ + "_nosys", /* 212 is ??? */ + "_nosys", /* 213 is ??? */ + "_nosys", /* 214 is ??? */ + "_nosys", /* 215 is ??? */ + "_nosys", /* 216 is ??? */ + "_nosys", /* 217 is ??? */ + "_nosys", /* 218 is ??? */ + "_nosys", /* 219 is ??? */ + "_nosys", /* 220 is ??? */ + "_sys_semget", /* 221 */ + "_compat_35_sys_semop", /* 222 is compat_35 semop */ + "_nosys", /* 223 is obsolete sys_semconfig */ + "_nosys", /* 224 is compat_23 msgctl23 */ + "_sys_msgget", /* 225 */ + "_sys_msgsnd", /* 226 */ + "_sys_msgrcv", /* 227 */ + "_sys_shmat", /* 228 */ + "_nosys", /* 229 is compat_23 shmctl23 */ + "_sys_shmdt", /* 230 */ + "_compat_35_sys_shmget", /* 231 is compat_35 shmget */ + "_sys_clock_gettime", /* 232 */ + "_sys_clock_settime", /* 233 */ + "_sys_clock_getres", /* 234 */ + "_nosys", /* 235 is ??? */ + "_nosys", /* 236 is ??? */ + "_nosys", /* 237 is ??? */ + "_nosys", /* 238 is ??? */ + "_nosys", /* 239 is ??? */ + "_sys_nanosleep", /* 240 */ + "_nosys", /* 241 is ??? */ + "_nosys", /* 242 is ??? */ + "_nosys", /* 243 is ??? */ + "_nosys", /* 244 is ??? */ + "_nosys", /* 245 is ??? */ + "_nosys", /* 246 is ??? */ + "_nosys", /* 247 is ??? */ + "_nosys", /* 248 is ??? */ + "_nosys", /* 249 is ??? */ + "_sys_minherit", /* 250 */ + "_sys_rfork", /* 251 */ + "_sys_poll", /* 252 */ + "_sys_issetugid", /* 253 */ + "_sys_lchown", /* 254 */ + "_sys_getsid", /* 255 */ + "_sys_msync", /* 256 */ + "_compat_35_sys___semctl", /* 257 is compat_35 semctl35 */ + "_compat_35_sys_shmctl", /* 258 is is compat_35 shmctl35 */ + "_compat_35_sys_msgctl", /* 259 is is compat_35 msgctl35 */ + "_sys_getfsstat", /* 260 */ + "_sys_statfs", /* 261 */ + "_sys_fstatfs", /* 262 */ + "_sys_pipe", /* 263 */ + "_sys_fhopen", /* 264 */ + "_compat_35_sys_fhstat", /* 265 is compat_35 fhstat */ + "_sys_fhstatfs", /* 266 */ + "_sys_preadv", /* 267 */ + "_sys_pwritev", /* 268 */ + "_sys_kqueue", /* 269 */ + "_sys_kevent", /* 270 */ + "_sys_mlockall", /* 271 */ + "_sys_munlockall", /* 272 */ + "_sys_getpeereid", /* 273 */ + "_nosys", /* 274 */ + "_nosys", /* 275 */ + "_nosys", /* 276 */ + "_nosys", /* 277 */ + "_nosys", /* 278 */ + "_nosys", /* 279 */ + "_nosys", /* 280 */ + "_sys_getresuid", /* 281 */ + "_sys_setresuid", /* 282 */ + "_sys_getresgid", /* 283 */ + "_sys_setresgid", /* 284 */ + "_nosys", /* 285 is ??? */ + "_sys_mquery", /* 286 */ + "_sys_closefrom", /* 287 */ + "_sys_sigaltstack", /* 288 */ + "_sys_shmget", /* 289 */ + "_sys_semop", /* 290 */ + "_sys_stat", /* 291 */ + "_sys_fstat", /* 292 */ + "_sys_lstat", /* 293 */ + "_sys_fhstat", /* 294 */ + "_sys___semctl", /* 295 */ + "_sys_shmctl", /* 296 */ + "_sys_msgctl", /* 297 */ + "_sys_sched_yield", /* 298 */ + "_sys_getthrid", /* 299 */ + "_sys_thrsleep", /* 300 */ + "_sys_thrwakeup", /* 301 */ + "_sys_threxit", /* 302 */ + "_sys_thrsigdivert", /* 303 */ + "_sys___getcwd", /* 304 */ + NULL +}; + + + +/* i386 sys_call_table for freebsd + */ +char * callz_fbsd[]={ + "_syscall", /* 0 */ + "sys_exit", /* 1 */ + "_fork", /* 2 */ + "_read", /* 3 */ + "_write", /* 4 */ + "_open", /* 5 */ + "_close", /* 6 */ + "_wait4", /* 7 */ + "_nosys", /* 8 is old creat */ + "_link", /* 9 */ + "_unlink", /* 10 */ + "_nosys", /* 11 is obsolete execv */ + "_chdir", /* 12 */ + "_fchdir", /* 13 */ + "_mknod", /* 14 */ + "_chmod", /* 15 */ + "_chown", /* 16 */ + "_break", /* 17 */ + "_getfsstat",/* 18 */ + "_nosys", /* 19 is old lseek */ + "_getpid", /* 20 */ + "_mount", /* 21 */ + "_unmount", /* 22 */ + "_setuid", /* 23 */ + "_getuid", /* 24 */ + "_geteuid", /* 25 */ + "_ptrace", /* 26 */ + "_recvmsg", /* 27 */ + "_sendmsg", /* 28 */ + "_recvfrom", /* 29 */ + "_accept", /* 30 */ + "_getpeername", /* 31 */ + "_getsockname", /* 32 */ + "_access", /* 33 */ + "_chflags", /* 34 */ + "_fchflags", /* 35 */ + "_sync", /* 36 */ + "_kill", /* 37 */ + "_nosys", /* 38 is old stat */ + "_getppid", /* 39 */ + "_nosys", /* 40 is old lstat */ + "_dup", /* 41 */ + "_pipe", /* 42 */ + "_getegid", /* 43 */ + "_profil", /* 44 */ + "_ktrace", /* 45 */ + "_nosys", /* 46 is old sigaction */ + "_getgid", /* 47 */ + "_nosys", /* 48 is old sigprocmask */ + "_getlogin", /* 49 */ + "_setlogin", /* 50 */ + "_acct", /* 51 */ + "_nosys", /* 52 is old sigpending */ + "_sigaltstack", /* 53 */ + "_ioctl", /* 54 */ + "_reboot", /* 55 */ + "_revoke", /* 56 */ + "_symlink", /* 57 */ + "_readlink", /* 58 */ + "_execve", /* 59 */ + "_umask", /* 60 */ + "_chroot", /* 61 */ + "_nosys", /* 62 is old fstat */ + "_nosys", /* 63 is old getkerninfo */ + "_nosys", /* 64 is old getpagesize */ + "_msync", /* 65 */ + "_vfork", /* 66 */ + "_nosys", /* 67 is obsolete vread */ + "_nosys", /* 68 is obsolete vwrite */ + "_sbrk", /* 69 */ + "_sstk", /* 70 */ + "_nosys", /* 71 is old mmap */ + "_vadvise", /* 72 */ + "_munmap", /* 73 */ + "_mprotect", /* 74 */ + "_madvise", /* 75 */ + "_nosys", /* 76 is obsolete vhangup */ + "_nosys", /* 77 is obsolete vlimit */ + "_mincore", /* 78 */ + "_getgroups",/* 79 */ + "_setgroups",/* 80 */ + "_getpgrp", /* 81 */ + "_setpgid", /* 82 */ + "_setitimer",/* 83 */ + "_nosys", /* 84 is old wait */ + "_swapon", /* 85 */ + "_getitimer",/* 86 */ + "_nosys", /* 87 is old gethostname */ + "_nosys", /* 88 is old sethostname */ + "_getdtablesize", /* 89 */ + "_dup2", /* 90 */ + "_nosys", /* 91 is ??? */ + "_fcntl", /* 92 */ + "_select", /* 93 */ + "_nosys", /* 94 is ??? */ + "_fsync", /* 95 */ + "_setpriority", /* 96 */ + "_socket", /* 97 */ + "_connect", /* 98 */ + "_nosys", /* 99 is old accept */ + "_getpriority", /* 100 */ + "_nosys", /* 101 is old send */ + "_nosys", /* 102 is old recv */ + "_nosys", /* 103 is old sigreturn */ + "_bind", /* 104 */ + "_setsockopt", /* 105 */ + "_listen", /* 106 */ + "_nosys", /* 107 is obsolete vtimes */ + "_nosys", /* 108 is old sigvec */ + "_nosys", /* 109 is old sigblock */ + "_nosys", /* 110 is old sigsetmask */ + "_nosys", /* 111 is old sigsuspend */ + "_nosys", /* 112 is old sigstack */ + "_nosys", /* 113 is old recvmsg */ + "_nosys", /* 114 is old sendmsg */ + "_nosys", /* 115 is obsolete vtrace */ + "_gettimeofday", /* 116 */ + "_getrusage", /* 117 */ + "_getsockopt", /* 118 */ + "_nosys", /* 119 is ??? */ + "_readv", /* 120 */ + "_writev", /* 121 */ + "_settimeofday", /* 122 */ + "_fchown", /* 123 */ + "_fchmod", /* 124 */ + "_nosys", /* 125 is old recvfrom */ + "_setreuid", /* 126 */ + "_setregid", /* 127 */ + "_rename", /* 128 */ + "_nosys", /* 129 is old truncate */ + "_nosys", /* 130 is old ftruncate */ + "_flock", /* 131 */ + "_mkfifo", /* 132 */ + "_sendto", /* 133 */ + "_shutdown", /* 134 */ + "_socketpair", /* 135 */ + "_mkdir", /* 136 */ + "_rmdir", /* 137 */ + "_utimes", /* 138 */ + "_nosys", /* 139 is obsolete 4.2 sigreturn */ + "_adjtime", /* 140 */ + "_nosys", /* 141 is old getpeername */ + "_nosys", /* 142 is old gethostid */ + "_nosys", /* 143 is old sethostid */ + "_nosys", /* 144 is old getrlimit */ + "_nosys", /* 145 is old setrlimit */ + "_nosys", /* 146 is old killpg */ + "_setsid", /* 147 */ + "_quotactl", /* 148 */ + "_nosys", /* 149 is old quota */ + "_nosys", /* 150 is old getsockname */ + "_nosys", /* 151 is ??? */ + "_nosys", /* 152 is ??? */ + "_nosys", /* 153 is ??? */ + "_nosys", /* 154 is ??? */ + "_nfssvc", /* 155 */ + "_nosys", /* 156 is old getdirentries */ + "_statfs", /* 157 */ + "_fstatfs", /* 158 */ + "_nosys", /* 159 is ??? */ + "_nosys", /* 160 is ??? */ + "_getfh", /* 161 */ + "_getdomainname", /* 162 */ + "_setdomainname", /* 163 */ + "_uname", /* 164 */ + "_sysarch", /* 165 */ + "_rtprio", /* 166 */ + "_nosys", /* 167 is ??? */ + "_nosys", /* 168 is ??? */ + "_semsys", /* 169 */ + "_msgsys", /* 170 */ + "_shmsys", /* 171 */ + "_nosys", /* 172 is ??? */ + "_pread", /* 173 */ + "_pwrite", /* 174 */ + "_nosys", /* 175 is ??? */ + "_ntp_adjtime", /* 176 */ + "_nosys", /* 177 is ??? */ + "_nosys", /* 178 is ??? */ + "_nosys", /* 179 is ??? */ + "_nosys", /* 180 is ??? */ + "_setgid", /* 181 */ + "_setegid", /* 182 */ + "_seteuid", /* 183 */ + "_nosys", /* 184 is ??? */ + "_nosys", /* 185 is ??? */ + "_nosys", /* 186 is ??? */ + "_nosys", /* 187 is ??? */ + "_stat", /* 188 */ + "_fstat", /* 189 */ + "_lstat", /* 190 */ + "_pathconf", /* 191 */ + "_fpathconf", /* 192 */ + "_nosys", /* 193 is ??? */ + "_getrlimit", /* 194 */ + "_setrlimit", /* 195 */ + "_getdirentries", /* 196 */ + "_mmap", /* 197 */ + "___syscall", /* 198 */ + "_lseek", /* 199 */ + "_truncate", /* 200 */ + "_ftruncate", /* 201 */ + "___sysctl", /* 202 */ + "_mlock", /* 203 */ + "_munlock", /* 204 */ + "_undelete", /* 205 */ + "_futimes", /* 206 */ + "_getpgid", /* 207 */ + "_nosys", /* 208 is ??? */ + "_poll", /* 209 */ + "_nosys", /* 210 is ??? */ + "_nosys", /* 211 is ??? */ + "_nosys", /* 212 is ??? */ + "_nosys", /* 213 is ??? */ + "_nosys", /* 214 is ??? */ + "_nosys", /* 215 is ??? */ + "_nosys", /* 216 is ??? */ + "_nosys", /* 217 is ??? */ + "_nosys", /* 218 is ??? */ + "_nosys", /* 219 is ??? */ + "___semctl", /* 220 */ + "_semget", /* 221 */ + "_semop", /* 222 */ + "_nosys", /* 223 is ??? */ + "_msgctl", /* 224 */ + "_msgget", /* 225 */ + "_msgsnd", /* 226 */ + "_msgrcv", /* 227 */ + "_shmat", /* 228 */ + "_shmctl", /* 229 */ + "_shmdt", /* 230 */ + "_shmget", /* 231 */ + "_clock_gettime", /* 232 */ + "_clock_settime", /* 233 */ + "_clock_getres", /* 234 */ + "_nosys", /* 235 is ??? */ + "_nosys", /* 236 is ??? */ + "_nosys", /* 237 is ??? */ + "_nosys", /* 238 is ??? */ + "_nosys", /* 239 is ??? */ + "_nanosleep", /* 240 */ + "_nosys", /* 241 is ??? */ + "_nosys", /* 242 is ??? */ + "_nosys", /* 243 is ??? */ + "_nosys", /* 244 is ??? */ + "_nosys", /* 245 is ??? */ + "_nosys", /* 246 is ??? */ + "_nosys", /* 247 is ??? */ + "_nosys", /* 248 is ??? */ + "_nosys", /* 249 is ??? */ + "_minherit", /* 250 */ + "_rfork", /* 251 */ + "_openbsd_poll", /* 252 */ + "_issetugid", /* 253 */ + "_lchown", /* 254 */ + "_nosys", /* 255 is ??? */ + "_nosys", /* 256 is ??? */ + "_nosys", /* 257 is ??? */ + "_nosys", /* 258 is ??? */ + "_nosys", /* 259 is ??? */ + "_nosys", /* 260 is ??? */ + "_nosys", /* 261 is ??? */ + "_nosys", /* 262 is ??? */ + "_nosys", /* 263 is ??? */ + "_nosys", /* 264 is ??? */ + "_nosys", /* 265 is ??? */ + "_nosys", /* 266 is ??? */ + "_nosys", /* 267 is ??? */ + "_nosys", /* 268 is ??? */ + "_nosys", /* 269 is ??? */ + "_nosys", /* 270 is ??? */ + "_nosys", /* 271 is ??? */ + "_getdents", /* 272 */ + "_nosys", /* 273 is ??? */ + "_lchmod", /* 274 */ + "_netbsd_lchown", /* 275 */ + "_lutimes", /* 276 */ + "_netbsd_msync", /* 277 */ + "_nstat", /* 278 */ + "_nfstat", /* 279 */ + "_nlstat", /* 280 */ + "_nosys", /* 281 is ??? */ + "_nosys", /* 282 is ??? */ + "_nosys", /* 283 is ??? */ + "_nosys", /* 284 is ??? */ + "_nosys", /* 285 is ??? */ + "_nosys", /* 286 is ??? */ + "_nosys", /* 287 is ??? */ + "_nosys", /* 288 is ??? */ + "_nosys", /* 289 is ??? */ + "_nosys", /* 290 is ??? */ + "_nosys", /* 291 is ??? */ + "_nosys", /* 292 is ??? */ + "_nosys", /* 293 is ??? */ + "_nosys", /* 294 is ??? */ + "_nosys", /* 295 is ??? */ + "_nosys", /* 296 is ??? */ + "_fhstatfs", /* 297 */ + "_fhopen", /* 298 */ + "_fhstat", /* 299 */ + "_modnext", /* 300 */ + "_modstat", /* 301 */ + "_modfnext", /* 302 */ + "_modfind", /* 303 */ + "_kldload", /* 304 */ + "_kldunload", /* 305 */ + "_kldfind", /* 306 */ + "_kldnext", /* 307 */ + "_kldstat", /* 308 */ + "_kldfirstmod", /* 309 */ + "_getsid", /* 310 */ + "_setresuid", /* 311 */ + "_setresgid", /* 312 */ + "_nosys", /* 313 is obsolete signanosleep */ + "_aio_return", /* 314 */ + "_aio_suspend", /* 315 */ + "_aio_cancel", /* 316 */ + "_aio_error", /* 317 */ + "_aio_read", /* 318 */ + "_aio_write", /* 319 */ + "_lio_listio", /* 320 */ + "_yield", /* 321 */ + "_thr_sleep", /* 322 */ + "_thr_wakeup", /* 323 */ + "_mlockall", /* 324 */ + "_munlockall", /* 325 */ + "___getcwd", /* 326 */ + "_sched_setparam", /* 327 */ + "_sched_getparam", /* 328 */ + "_sched_setscheduler", /* 329 */ + "_sched_getscheduler", /* 330 */ + "_sched_yield", /* 331 */ + "_sched_get_priority_max", /* 332 */ + "_sched_get_priority_min", /* 333 */ + "_sched_rr_get_interval", /* 334 */ + "_utrace", /* 335 */ + "_sendfile", /* 336 */ + "_kldsym", /* 337 */ + "_jail", /* 338 */ + "_nosys", /* 339 is ??? */ + "_sigprocmask", /* 340 */ + "_sigsuspend", /* 341 */ + "_sigaction", /* 342 */ + "_sigpending", /* 343 */ + "_sigreturn", /* 344 */ + "_nosys", /* 345 is ??? */ + "_nosys", /* 346 is ??? */ + "___acl_get_file", /* 347 */ + "___acl_set_file", /* 348 */ + "___acl_get_fd", /* 349 */ + "___acl_set_fd", /* 350 */ + "___acl_delete_file", /* 351 */ + "___acl_delete_fd", /* 352 */ + "___acl_aclcheck_file", /* 353 */ + "___acl_aclcheck_fd", /* 354 */ + "_extattrctl", /* 355 */ + "_extattr_set_file", /* 356 */ + "_extattr_get_file", /* 357 */ + "_extattr_delete_file", /* 358 */ + "_aio_waitcomplete", /* 359 */ + "_getresuid", /* 360 */ + "_getresgid", /* 361 */ + "_kqueue", /* 362 */ + "_kevent", /* 363 */ + "_nosys", /* 364 is ??? */ + "_nosys", /* 365 is ??? */ + "_nosys", /* 366 is ??? */ + "_nosys", /* 367 is ??? */ + "_nosys", /* 368 is ??? */ + "_nosys", /* 369 is ??? */ + "_nosys", /* 370 is ??? */ + "_nosys", /* 371 is ??? */ + "_nosys", /* 372 is ??? */ + "_nosys", /* 373 is ??? */ + "_nosys", /* 374 is ??? */ + "_nosys", /* 375 is ??? */ + "_nosys", /* 376 is ??? */ + "_nosys", /* 377 is ??? */ + "_nosys", /* 378 is ??? */ + "_nosys", /* 379 is ??? */ + "_nosys", /* 380 is ??? */ + "_nosys", /* 381 is ??? */ + "_nosys", /* 382 is ??? */ + "_nosys", /* 383 is ??? */ + "_nosys", /* 384 is ??? */ + "_nosys", /* 385 is ??? */ + "_nosys", /* 386 is ??? */ + "_nosys", /* 387 is ??? */ + "_nosys", /* 388 is ??? */ + "_nosys", /* 389 is ??? */ + "_nosys", /* 390 is ??? */ + "_nosys", /* 391 is ??? */ + "_nosys", /* 392 is ??? */ + "_sendfile", /* 393 */ + NULL +}; + +/* i386 sys_call_table for freebsd + */ +char * callz_fbsd5[]={ + "_syscall", /* 0 */ + "sys_exit", /* 1 */ + "_fork", /* 2 */ + "_read", /* 3 */ + "_write", /* 4 */ + "_open", /* 5 */ + "_close", /* 6 */ + "_wait4", /* 7 */ + "_nosys", /* 8 is old creat */ + "_link", /* 9 */ + "_unlink", /* 10 */ + "_nosys", /* 11 is obsolete execv */ + "_chdir", /* 12 */ + "_fchdir", /* 13 */ + "_mknod", /* 14 */ + "_chmod", /* 15 */ + "_chown", /* 16 */ + "_break", /* 17 */ + "_nosys", /* 18 is old getfsstat */ + "_nosys", /* 19 is old lseek */ + "_getpid", /* 20 */ + "_mount", /* 21 */ + "_unmount", /* 22 */ + "_setuid", /* 23 */ + "_getuid", /* 24 */ + "_geteuid", /* 25 */ + "_ptrace", /* 26 */ + "_recvmsg", /* 27 */ + "_sendmsg", /* 28 */ + "_recvfrom", /* 29 */ + "_accept", /* 30 */ + "_getpeername", /* 31 */ + "_getsockname", /* 32 */ + "_access", /* 33 */ + "_chflags", /* 34 */ + "_fchflags", /* 35 */ + "_sync", /* 36 */ + "_kill", /* 37 */ + "_nosys", /* 38 is old stat */ + "_getppid", /* 39 */ + "_nosys", /* 40 is old lstat */ + "_dup", /* 41 */ + "_pipe", /* 42 */ + "_getegid", /* 43 */ + "_profil", /* 44 */ + "_ktrace", /* 45 */ + "_nosys", /* 46 is old sigaction */ + "_getgid", /* 47 */ + "_nosys", /* 48 is old sigprocmask */ + "_getlogin", /* 49 */ + "_setlogin", /* 50 */ + "_acct", /* 51 */ + "_nosys", /* 52 is old sigpending */ + "_sigaltstack", /* 53 */ + "_ioctl", /* 54 */ + "_reboot", /* 55 */ + "_revoke", /* 56 */ + "_symlink", /* 57 */ + "_readlink", /* 58 */ + "_execve", /* 59 */ + "_umask", /* 60 */ + "_chroot", /* 61 */ + "_nosys", /* 62 is old fstat */ + "_nosys", /* 63 is old getkerninfo */ + "_nosys", /* 64 is old getpagesize */ + "_msync", /* 65 */ + "_vfork", /* 66 */ + "_nosys", /* 67 is obsolete vread */ + "_nosys", /* 68 is obsolete vwrite */ + "_sbrk", /* 69 */ + "_sstk", /* 70 */ + "_nosys", /* 71 is old mmap */ + "_vadvise", /* 72 */ + "_munmap", /* 73 */ + "_mprotect", /* 74 */ + "_madvise", /* 75 */ + "_nosys", /* 76 is obsolete vhangup */ + "_nosys", /* 77 is obsolete vlimit */ + "_mincore", /* 78 */ + "_getgroups",/* 79 */ + "_setgroups",/* 80 */ + "_getpgrp", /* 81 */ + "_setpgid", /* 82 */ + "_setitimer",/* 83 */ + "_nosys", /* 84 is old wait */ + "_swapon", /* 85 */ + "_getitimer",/* 86 */ + "_nosys", /* 87 is old gethostname */ + "_nosys", /* 88 is old sethostname */ + "_getdtablesize", /* 89 */ + "_dup2", /* 90 */ + "_nosys", /* 91 is ??? */ + "_fcntl", /* 92 */ + "_select", /* 93 */ + "_nosys", /* 94 is ??? */ + "_fsync", /* 95 */ + "_setpriority", /* 96 */ + "_socket", /* 97 */ + "_connect", /* 98 */ + "_nosys", /* 99 is old accept */ + "_getpriority", /* 100 */ + "_nosys", /* 101 is old send */ + "_nosys", /* 102 is old recv */ + "_nosys", /* 103 is old sigreturn */ + "_bind", /* 104 */ + "_setsockopt", /* 105 */ + "_listen", /* 106 */ + "_nosys", /* 107 is obsolete vtimes */ + "_nosys", /* 108 is old sigvec */ + "_nosys", /* 109 is old sigblock */ + "_nosys", /* 110 is old sigsetmask */ + "_nosys", /* 111 is old sigsuspend */ + "_nosys", /* 112 is old sigstack */ + "_nosys", /* 113 is old recvmsg */ + "_nosys", /* 114 is old sendmsg */ + "_nosys", /* 115 is obsolete vtrace */ + "_gettimeofday", /* 116 */ + "_getrusage", /* 117 */ + "_getsockopt", /* 118 */ + "_nosys", /* 119 is ??? */ + "_readv", /* 120 */ + "_writev", /* 121 */ + "_settimeofday", /* 122 */ + "_fchown", /* 123 */ + "_fchmod", /* 124 */ + "_nosys", /* 125 is old recvfrom */ + "_setreuid", /* 126 */ + "_setregid", /* 127 */ + "_rename", /* 128 */ + "_nosys", /* 129 is old truncate */ + "_nosys", /* 130 is old ftruncate */ + "_flock", /* 131 */ + "_mkfifo", /* 132 */ + "_sendto", /* 133 */ + "_shutdown", /* 134 */ + "_socketpair", /* 135 */ + "_mkdir", /* 136 */ + "_rmdir", /* 137 */ + "_utimes", /* 138 */ + "_nosys", /* 139 is obsolete 4.2 sigreturn */ + "_adjtime", /* 140 */ + "_nosys", /* 141 is old getpeername */ + "_nosys", /* 142 is old gethostid */ + "_nosys", /* 143 is old sethostid */ + "_nosys", /* 144 is old getrlimit */ + "_nosys", /* 145 is old setrlimit */ + "_nosys", /* 146 is old killpg */ + "_setsid", /* 147 */ + "_quotactl", /* 148 */ + "_nosys", /* 149 is old quota */ + "_nosys", /* 150 is old getsockname */ + "_nosys", /* 151 is ??? */ + "_nosys", /* 152 is ??? */ + "_nosys", /* 153 is ??? */ + "_nosys", /* 154 is ??? */ + "_nfssvc", /* 155 */ + "_nosys", /* 156 is old getdirentries */ + "_nosys", /* 157 is old statfs */ + "_nosys", /* 158 is old fstatfs */ + "_nosys", /* 159 is ??? */ + "_lgetfh", /* 160 */ + "_getfh", /* 161 */ + "_getdomainname", /* 162 */ + "_setdomainname", /* 163 */ + "_uname", /* 164 */ + "_sysarch", /* 165 */ + "_rtprio", /* 166 */ + "_nosys", /* 167 is ??? */ + "_nosys", /* 168 is ??? */ + "_semsys", /* 169 */ + "_msgsys", /* 170 */ + "_shmsys", /* 171 */ + "_nosys", /* 172 is ??? */ + "_pread", /* 173 */ + "_pwrite", /* 174 */ + "_nosys", /* 175 is ??? */ + "_ntp_adjtime", /* 176 */ + "_nosys", /* 177 is ??? */ + "_nosys", /* 178 is ??? */ + "_nosys", /* 179 is ??? */ + "_nosys", /* 180 is ??? */ + "_setgid", /* 181 */ + "_setegid", /* 182 */ + "_seteuid", /* 183 */ + "_nosys", /* 184 is ??? */ + "_nosys", /* 185 is ??? */ + "_nosys", /* 186 is ??? */ + "_nosys", /* 187 is ??? */ + "_stat", /* 188 */ + "_fstat", /* 189 */ + "_lstat", /* 190 */ + "_pathconf", /* 191 */ + "_fpathconf", /* 192 */ + "_nosys", /* 193 is ??? */ + "_getrlimit", /* 194 */ + "_setrlimit", /* 195 */ + "_getdirentries", /* 196 */ + "_mmap", /* 197 */ + "___syscall", /* 198 */ + "_lseek", /* 199 */ + "_truncate", /* 200 */ + "_ftruncate", /* 201 */ + "___sysctl", /* 202 */ + "_mlock", /* 203 */ + "_munlock", /* 204 */ + "_undelete", /* 205 */ + "_futimes", /* 206 */ + "_getpgid", /* 207 */ + "_nosys", /* 208 is ??? */ + "_poll", /* 209 */ + "_nosys", /* 210 is ??? */ + "_nosys", /* 211 is ??? */ + "_nosys", /* 212 is ??? */ + "_nosys", /* 213 is ??? */ + "_nosys", /* 214 is ??? */ + "_nosys", /* 215 is ??? */ + "_nosys", /* 216 is ??? */ + "_nosys", /* 217 is ??? */ + "_nosys", /* 218 is ??? */ + "_nosys", /* 219 is ??? */ + "___semctl", /* 220 */ + "_semget", /* 221 */ + "_semop", /* 222 */ + "_nosys", /* 223 is ??? */ + "_msgctl", /* 224 */ + "_msgget", /* 225 */ + "_msgsnd", /* 226 */ + "_msgrcv", /* 227 */ + "_shmat", /* 228 */ + "_shmctl", /* 229 */ + "_shmdt", /* 230 */ + "_shmget", /* 231 */ + "_clock_gettime", /* 232 */ + "_clock_settime", /* 233 */ + "_clock_getres", /* 234 */ + "_nosys", /* 235 is ??? */ + "_nosys", /* 236 is ??? */ + "_nosys", /* 237 is ??? */ + "_nosys", /* 238 is ??? */ + "_nosys", /* 239 is ??? */ + "_nanosleep", /* 240 */ + "_nosys", /* 241 is ??? */ + "_nosys", /* 242 is ??? */ + "_nosys", /* 243 is ??? */ + "_nosys", /* 244 is ??? */ + "_nosys", /* 245 is ??? */ + "_nosys", /* 246 is ??? */ + "_nosys", /* 247 is ??? */ + "_nosys", /* 248 is ??? */ + "_nosys", /* 249 is ??? */ + "_minherit", /* 250 */ + "_rfork", /* 251 */ + "_openbsd_poll", /* 252 */ + "_issetugid", /* 253 */ + "_lchown", /* 254 */ + "_nosys", /* 255 is ??? */ + "_nosys", /* 256 is ??? */ + "_nosys", /* 257 is ??? */ + "_nosys", /* 258 is ??? */ + "_nosys", /* 259 is ??? */ + "_nosys", /* 260 is ??? */ + "_nosys", /* 261 is ??? */ + "_nosys", /* 262 is ??? */ + "_nosys", /* 263 is ??? */ + "_nosys", /* 264 is ??? */ + "_nosys", /* 265 is ??? */ + "_nosys", /* 266 is ??? */ + "_nosys", /* 267 is ??? */ + "_nosys", /* 268 is ??? */ + "_nosys", /* 269 is ??? */ + "_nosys", /* 270 is ??? */ + "_nosys", /* 271 is ??? */ + "_getdents", /* 272 */ + "_nosys", /* 273 is ??? */ + "_lchmod", /* 274 */ + "_netbsd_lchown", /* 275 */ + "_lutimes", /* 276 */ + "_netbsd_msync", /* 277 */ + "_nstat", /* 278 */ + "_nfstat", /* 279 */ + "_nlstat", /* 280 */ + "_nosys", /* 281 is ??? */ + "_nosys", /* 282 is ??? */ + "_nosys", /* 283 is ??? */ + "_nosys", /* 284 is ??? */ + "_nosys", /* 285 is ??? */ + "_nosys", /* 286 is ??? */ + "_nosys", /* 287 is ??? */ + "_nosys", /* 288 is ??? */ + "_nosys", /* 289 is ??? */ + "_nosys", /* 290 is ??? */ + "_nosys", /* 291 is ??? */ + "_nosys", /* 292 is ??? */ + "_nosys", /* 293 is ??? */ + "_nosys", /* 294 is ??? */ + "_nosys", /* 295 is ??? */ + "_nosys", /* 296 is ??? */ + "_nosys", /* 297 is old fhstatfs */ + "_fhopen", /* 298 */ + "_fhstat", /* 299 */ + "_modnext", /* 300 */ + "_modstat", /* 301 */ + "_modfnext", /* 302 */ + "_modfind", /* 303 */ + "_kldload", /* 304 */ + "_kldunload", /* 305 */ + "_kldfind", /* 306 */ + "_kldnext", /* 307 */ + "_kldstat", /* 308 */ + "_kldfirstmod", /* 309 */ + "_getsid", /* 310 */ + "_setresuid", /* 311 */ + "_setresgid", /* 312 */ + "_nosys", /* 313 is obsolete signanosleep */ + "_aio_return", /* 314 */ + "_aio_suspend", /* 315 */ + "_aio_cancel", /* 316 */ + "_aio_error", /* 317 */ + "_aio_read", /* 318 */ + "_aio_write", /* 319 */ + "_lio_listio", /* 320 */ + "_yield", /* 321 */ + "_thr_sleep", /* 322 */ + "_thr_wakeup", /* 323 */ + "_mlockall", /* 324 */ + "_munlockall", /* 325 */ + "___getcwd", /* 326 */ + "_sched_setparam", /* 327 */ + "_sched_getparam", /* 328 */ + "_sched_setscheduler", /* 329 */ + "_sched_getscheduler", /* 330 */ + "_sched_yield", /* 331 */ + "_sched_get_priority_max", /* 332 */ + "_sched_get_priority_min", /* 333 */ + "_sched_rr_get_interval", /* 334 */ + "_utrace", /* 335 */ + "_nosys", /* 336 is old sendfile */ + "_kldsym", /* 337 */ + "_jail", /* 338 */ + "_nosys", /* 339 is ??? */ + "_sigprocmask", /* 340 */ + "_sigsuspend", /* 341 */ + "_nosys", /* 342 is old sigaction */ + "_sigpending", /* 343 */ + "_nosys", /* 344 is old sigreturn */ + "_sigtimedwait", /* 345 */ + "_sigwaitinfo", /* 346 */ + "___acl_get_file", /* 347 */ + "___acl_set_file", /* 348 */ + "___acl_get_fd", /* 349 */ + "___acl_set_fd", /* 350 */ + "___acl_delete_file", /* 351 */ + "___acl_delete_fd", /* 352 */ + "___acl_aclcheck_file", /* 353 */ + "___acl_aclcheck_fd", /* 354 */ + "_extattrctl", /* 355 */ + "_extattr_set_file", /* 356 */ + "_extattr_get_file", /* 357 */ + "_extattr_delete_file", /* 358 */ + "_aio_waitcomplete", /* 359 */ + "_getresuid", /* 360 */ + "_getresgid", /* 361 */ + "_kqueue", /* 362 */ + "_kevent", /* 363 */ + "_nosys", /* 364 is ??? */ + "_nosys", /* 365 is ??? */ + "_nosys", /* 366 is ??? */ + "_nosys", /* 367 is ??? */ + "_nosys", /* 368 is ??? */ + "_nosys", /* 369 is ??? */ + "_nosys", /* 370 is ??? */ + "_extattr_set_fd", /* 371 */ + "_extattr_get_fd", /* 372 */ + "_extattr_delete_fd", /* 373 */ + "___setugid", /* 374 */ + "_nfsclnt", /* 375 */ + "_eaccess", /* 376 */ + "_nosys", /* 377 is ??? */ + "_nmount", /* 378 */ + "_kse_exit", /* 379 */ + "_kse_wakeup", /* 380 */ + "_kse_create", /* 381 */ + "_kse_thr_interrupt", /* 382 */ + "_kse_release", /* 383 */ + "___mac_get_proc", /* 384 */ + "___mac_set_proc", /* 385 */ + "___mac_get_fd", /* 386 */ + "___mac_get_file", /* 387 */ + "___mac_set_fd", /* 388 */ + "___mac_set_file", /* 389 */ + "_kenv", /* 390 */ + "_lchflags", /* 391 */ + "_uuidgen", /* 392 */ + "_sendfile", /* 393 */ + "_mac_syscall", /* 394 */ + "_getfsstat", /* 395 */ + "_statfs", /* 396 */ + "_fstatfs", /* 397 */ + "_fhstatfs", /* 398 */ + "_nosys", /* 399 */ + "_ksem_close", /* 400 */ + "_ksem_post", /* 401 */ + "_ksem_wait", /* 402 */ + "_ksem_trywait", /* 403 */ + "_ksem_init", /* 404 */ + "_ksem_open", /* 405 */ + "_ksem_unlink", /* 406 */ + "_ksem_getvalue", /* 407 */ + "_ksem_destroy", /* 408 */ + "___mac_get_pid", /* 409 */ + "___mac_get_link", /* 410 */ + "___mac_set_link", /* 411 */ + "_extattr_set_link", /* 412 */ + "_extattr_get_link", /* 413 */ + "_extattr_delete_link", /* 414 */ + "___mac_execve", /* 415 */ + "_sigaction", /* 416 */ + "_sigreturn", /* 417 */ + "_nosys", /* 418 */ + "_nosys", /* 419 */ + "_nosys", /* 420 */ + "_getcontext", /* 421 */ + "_setcontext", /* 422 */ + "_swapcontext", /* 423 */ + "_swapoff", /* 424 */ + "___acl_get_link", /* 425 */ + "___acl_set_link", /* 426 */ + "___acl_delete_link", /* 427 */ + "___acl_aclcheck_link", /* 428 */ + "_sigwait", /* 429 */ + "_thr_create", /* 430 */ + "_thr_exit", /* 431 */ + "_thr_self", /* 432 */ + "_thr_kill", /* 433 */ + "__umtx_lock", /* 434 */ + "__umtx_unlock", /* 435 */ + "_jail_attach", /* 436 */ + "_extattr_list_fd", /* 437 */ + "_extattr_list_file", /* 438 */ + "_extattr_list_link", /* 439 */ + "_kse_switchin", /* 440 */ + "_ksem_timedwait", /* 441 */ + "_thr_suspend", /* 442 */ + "_thr_wake", /* 443 */ + "_kldunloadf", /* 444 */ + NULL +}; + Index: /tags/2.5.0/include/lzoconf.h =================================================================== --- /tags/2.5.0/include/lzoconf.h (revision 189) +++ /tags/2.5.0/include/lzoconf.h (revision 189) @@ -0,0 +1,379 @@ +/* lzoconf.h -- configuration for the LZO real-time data compression library + + This file is part of the LZO real-time data compression library. + + Copyright (C) 1999 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1998 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1997 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1996 Markus Franz Xaver Johannes Oberhumer + + The LZO library is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of + the License, or (at your option) any later version. + + The LZO library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with the LZO library; see the file COPYING. + If not, write to the Free Software Foundation, Inc., + 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + Markus F.X.J. Oberhumer + + http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html + */ + + +#ifndef __LZOCONF_H +#define __LZOCONF_H + +#define LZO_VERSION 0x1060 + +/* + * Unfortunately, these are somewhat counterproductive, as + * there should be no strings in the compiled executable. + * - Rainer Wichmann, 26. July 2000 - + * + * #define LZO_VERSION_STRING "1.06" + * #define LZO_VERSION_DATE "Nov 29 1999" + */ +#define LZO_VERSION_STRING "" +#define LZO_VERSION_DATE "" + + +/* internal Autoconf configuration file - only used when building LZO */ +#if defined(LZO_HAVE_CONFIG_H) +# include +#endif +#include + +#ifdef __cplusplus +extern "C" { +#endif + + +/*********************************************************************** +// LZO requires a conforming +************************************************************************/ + +#if !defined(CHAR_BIT) || (CHAR_BIT != 8) +# error "invalid CHAR_BIT" +#endif +#if !defined(UCHAR_MAX) || !defined(UINT_MAX) || !defined(ULONG_MAX) +# error "check your compiler installation" +#endif +#if (USHRT_MAX < 1 ) || (UINT_MAX < 1) || (ULONG_MAX < 1) +# error "your limits.h macros are broken" +#endif + +/* workaround a cpp bug under hpux 10.20 */ +#define LZO_0xffffffffL 4294967295ul + + +/*********************************************************************** +// architecture defines +************************************************************************/ + +#if !defined(__LZO_WIN) && !defined(__LZO_DOS) && !defined(__LZO_OS2) +# if defined(__WINDOWS__) || defined(_WINDOWS) || defined(_Windows) +# define __LZO_WIN +# elif defined(__WIN32__) || defined(_WIN32) || defined(WIN32) +# define __LZO_WIN +# elif defined(__NT__) || defined(__NT_DLL__) || defined(__WINDOWS_386__) +# define __LZO_WIN +# elif defined(__DOS__) || defined(__MSDOS__) || defined(MSDOS) +# define __LZO_DOS +# elif defined(__OS2__) || defined(__OS2V2__) || defined(OS2) +# define __LZO_OS2 +# elif defined(__palmos__) +# define __LZO_PALMOS +# elif defined(__TOS__) || defined(__atarist__) +# define __LZO_TOS +# endif +#endif + +#if (UINT_MAX < LZO_0xffffffffL) +# if defined(__LZO_WIN) +# define __LZO_WIN16 +# elif defined(__LZO_DOS) +# define __LZO_DOS16 +# elif defined(__LZO_PALMOS) +# define __LZO_PALMOS16 +# elif defined(__LZO_TOS) +# define __LZO_TOS16 +# elif defined(__C166__) +# else +# error "16-bit target not supported - contact me for porting hints" +# endif +#endif + +#if !defined(__LZO_i386) +# if defined(__LZO_DOS) || defined(__LZO_WIN16) +# define __LZO_i386 +# elif defined(__i386__) || defined(__386__) || defined(_M_IX86) +# define __LZO_i386 +# endif +#endif + +#if defined(__LZO_STRICT_16BIT) +# if (UINT_MAX < LZO_0xffffffffL) +# include +# endif +#endif + + +/*********************************************************************** +// integral and pointer types +************************************************************************/ + +/* Integral types with 32 bits or more */ +#if !defined(LZO_UINT32_MAX) +# if (UINT_MAX >= LZO_0xffffffffL) + typedef unsigned int lzo_uint32; + typedef int lzo_int32; +# define LZO_UINT32_MAX UINT_MAX +# define LZO_INT32_MAX INT_MAX +# define LZO_INT32_MIN INT_MIN +# elif (ULONG_MAX >= LZO_0xffffffffL) + typedef unsigned long lzo_uint32; + typedef long lzo_int32; +# define LZO_UINT32_MAX ULONG_MAX +# define LZO_INT32_MAX LONG_MAX +# define LZO_INT32_MIN LONG_MIN +# else +# error "lzo_uint32" +# endif +#endif + +/* lzo_uint is used like size_t */ +#if !defined(LZO_UINT_MAX) +# if (UINT_MAX >= LZO_0xffffffffL) + typedef unsigned int lzo_uint; + typedef int lzo_int; +# define LZO_UINT_MAX UINT_MAX +# define LZO_INT_MAX INT_MAX +# define LZO_INT_MIN INT_MIN +# elif (ULONG_MAX >= LZO_0xffffffffL) + typedef unsigned long lzo_uint; + typedef long lzo_int; +# define LZO_UINT_MAX ULONG_MAX +# define LZO_INT_MAX LONG_MAX +# define LZO_INT_MIN LONG_MIN +# else +# error "lzo_uint" +# endif +#endif + + +/* Memory model that allows to access memory at offsets of lzo_uint. */ +#if !defined(__LZO_MMODEL) +# if (LZO_UINT_MAX <= UINT_MAX) +# define __LZO_MMODEL +# elif defined(__LZO_DOS16) || defined(__LZO_WIN16) +# define __LZO_MMODEL __huge +# define LZO_999_UNSUPPORTED +# elif defined(__LZO_PALMOS16) || defined(__LZO_TOS16) +# define __LZO_MMODEL +# else +# error "__LZO_MMODEL" +# endif +#endif + +/* no typedef here because of const-pointer issues */ +#define lzo_byte unsigned char __LZO_MMODEL +#define lzo_bytep unsigned char __LZO_MMODEL * +#define lzo_charp char __LZO_MMODEL * +#define lzo_voidp void __LZO_MMODEL * +#define lzo_shortp short __LZO_MMODEL * +#define lzo_ushortp unsigned short __LZO_MMODEL * +#define lzo_uint32p lzo_uint32 __LZO_MMODEL * +#define lzo_int32p lzo_int32 __LZO_MMODEL * +#define lzo_uintp lzo_uint __LZO_MMODEL * +#define lzo_intp lzo_int __LZO_MMODEL * +#define lzo_voidpp lzo_voidp __LZO_MMODEL * +#define lzo_bytepp lzo_bytep __LZO_MMODEL * + +typedef int lzo_bool; + +#ifndef lzo_sizeof_dict_t +# define lzo_sizeof_dict_t sizeof(lzo_bytep) +#endif + + +/*********************************************************************** +// function types +************************************************************************/ + +/* linkage */ +#if !defined(__LZO_EXTERN_C) +# ifdef __cplusplus +# define __LZO_EXTERN_C extern "C" +# else +# define __LZO_EXTERN_C extern +# endif +#endif + +/* calling conventions */ +#if !defined(__LZO_CDECL) +# if defined(__LZO_DOS16) || defined(__LZO_WIN16) +# define __LZO_CDECL __far __cdecl +# elif defined(__LZO_i386) && defined(_MSC_VER) +# define __LZO_CDECL __cdecl +# elif defined(__LZO_i386) && defined(__WATCOMC__) +# define __LZO_CDECL __near __cdecl +# else +# define __LZO_CDECL +# endif +#endif +#if !defined(__LZO_ENTRY) +# define __LZO_ENTRY __LZO_CDECL +#endif + +/* DLL export information */ +#if !defined(__LZO_EXPORT1) +# define __LZO_EXPORT1 +#endif +#if !defined(__LZO_EXPORT2) +# define __LZO_EXPORT2 +#endif + +/* calling convention for C functions */ +#if !defined(LZO_PUBLIC) +# define LZO_PUBLIC(_rettype) __LZO_EXPORT1 _rettype __LZO_EXPORT2 __LZO_ENTRY +#endif +#if !defined(LZO_EXTERN) +# define LZO_EXTERN(_rettype) __LZO_EXTERN_C LZO_PUBLIC(_rettype) +#endif +#if !defined(LZO_PRIVATE) +# define LZO_PRIVATE(_rettype) static _rettype __LZO_ENTRY +#endif + +/* cdecl calling convention for assembler functions */ +#if !defined(LZO_PUBLIC_CDECL) +# define LZO_PUBLIC_CDECL(_rettype) \ + __LZO_EXPORT1 _rettype __LZO_EXPORT2 __LZO_CDECL +#endif +#if !defined(LZO_EXTERN_CDECL) +# define LZO_EXTERN_CDECL(_rettype) __LZO_EXTERN_C LZO_PUBLIC_CDECL(_rettype) +#endif + + +typedef int +(__LZO_ENTRY *lzo_compress_t) ( const lzo_byte *src, lzo_uint src_len, + lzo_byte *dst, lzo_uint *dst_len, + lzo_voidp wrkmem ); + +typedef int +(__LZO_ENTRY *lzo_decompress_t) ( const lzo_byte *src, lzo_uint src_len, + lzo_byte *dst, lzo_uint *dst_len, + lzo_voidp wrkmem ); + +typedef int +(__LZO_ENTRY *lzo_optimize_t) ( lzo_byte *src, lzo_uint src_len, + lzo_byte *dst, lzo_uint *dst_len, + lzo_voidp wrkmem ); + +typedef int +(__LZO_ENTRY *lzo_compress_dict_t)(const lzo_byte *src, lzo_uint src_len, + lzo_byte *dst, lzo_uint *dst_len, + lzo_voidp wrkmem, + const lzo_byte *dict, lzo_uint dict_len ); + +typedef int +(__LZO_ENTRY *lzo_decompress_dict_t)(const lzo_byte *src, lzo_uint src_len, + lzo_byte *dst, lzo_uint *dst_len, + lzo_voidp wrkmem, + const lzo_byte *dict, lzo_uint dict_len ); + + +/* a progress indicator callback function */ +typedef void (__LZO_ENTRY *lzo_progress_callback_t) (lzo_uint, lzo_uint); + + +/*********************************************************************** +// error codes and prototypes +************************************************************************/ + +/* Error codes for the compression/decompression functions. Negative + * values are errors, positive values will be used for special but + * normal events. + */ +#define LZO_E_OK 0 +#define LZO_E_ERROR (-1) +#define LZO_E_OUT_OF_MEMORY (-2) /* not used right now */ +#define LZO_E_NOT_COMPRESSIBLE (-3) /* not used right now */ +#define LZO_E_INPUT_OVERRUN (-4) +#define LZO_E_OUTPUT_OVERRUN (-5) +#define LZO_E_LOOKBEHIND_OVERRUN (-6) +#define LZO_E_EOF_NOT_FOUND (-7) +#define LZO_E_INPUT_NOT_CONSUMED (-8) + + +/* lzo_init() should be the first function you call. + * Check the return code ! + * + * lzo_init() is a macro to allow checking that the library and the + * compiler's view of various types are consistent. + */ +#define lzo_init() __lzo_init2(LZO_VERSION,(int)sizeof(short),(int)sizeof(int),\ + (int)sizeof(long),(int)sizeof(lzo_uint32),(int)sizeof(lzo_uint),\ + (int)lzo_sizeof_dict_t,(int)sizeof(char *),(int)sizeof(lzo_voidp),\ + (int)sizeof(lzo_compress_t)) +LZO_EXTERN(int) __lzo_init2(unsigned,int,int,int,int,int,int,int,int,int); + +/* version functions (useful for shared libraries) */ +LZO_EXTERN(unsigned) lzo_version(void); +LZO_EXTERN(const char *) lzo_version_string(void); +LZO_EXTERN(const char *) lzo_version_date(void); +LZO_EXTERN(const lzo_charp) _lzo_version_string(void); +LZO_EXTERN(const lzo_charp) _lzo_version_date(void); + +/* string functions */ +LZO_EXTERN(int) +lzo_memcmp(const lzo_voidp _s1, const lzo_voidp _s2, lzo_uint _len); +LZO_EXTERN(lzo_voidp) +lzo_memcpy(lzo_voidp _dest, const lzo_voidp _src, lzo_uint _len); +LZO_EXTERN(lzo_voidp) +lzo_memmove(lzo_voidp _dest, const lzo_voidp _src, lzo_uint _len); +LZO_EXTERN(lzo_voidp) +lzo_memset(lzo_voidp _s, int _c, lzo_uint _len); + +/* checksum functions */ +LZO_EXTERN(lzo_uint32) +lzo_adler32(lzo_uint32 _adler, const lzo_byte *_buf, lzo_uint _len); +LZO_EXTERN(lzo_uint32) +lzo_crc32(lzo_uint32 _c, const lzo_byte *_buf, lzo_uint _len); + +/* memory allocation functions */ +LZO_EXTERN(lzo_bytep) lzo_alloc(lzo_uint _nelems, lzo_uint _size); +LZO_EXTERN(lzo_bytep) lzo_malloc(lzo_uint _size); +LZO_EXTERN(void) lzo_free(lzo_voidp _ptr); + +extern lzo_bytep (__LZO_ENTRY *lzo_alloc_hook) (lzo_uint,lzo_uint); +extern void (__LZO_ENTRY *lzo_free_hook) (lzo_voidp); + +/* misc. */ +LZO_EXTERN(lzo_bool) lzo_assert(int _expr); +LZO_EXTERN(int) _lzo_config_check(void); +typedef union { lzo_bytep p; lzo_uint u; } __lzo_pu_u; +typedef union { lzo_bytep p; lzo_uint32 u32; } __lzo_pu32_u; + +/* align a char pointer on a boundary that is a multiple of `size' */ +LZO_EXTERN(unsigned) __lzo_align_gap(const lzo_voidp _ptr, lzo_uint _size); +#define LZO_PTR_ALIGN_UP(_ptr,_size) \ + ((_ptr) + (lzo_uint) __lzo_align_gap((const lzo_voidp)(_ptr),(lzo_uint)(_size))) + +/* deprecated - only for backward compatibility */ +#define LZO_ALIGN(_ptr,_size) LZO_PTR_ALIGN_UP(_ptr,_size) + + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* already included */ + Index: /tags/2.5.0/include/minilzo.h =================================================================== --- /tags/2.5.0/include/minilzo.h (revision 189) +++ /tags/2.5.0/include/minilzo.h (revision 189) @@ -0,0 +1,96 @@ +/* minilzo.h -- mini subset of the LZO real-time data compression library + + This file is part of the LZO real-time data compression library. + + Copyright (C) 1999 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1998 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1997 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1996 Markus Franz Xaver Johannes Oberhumer + + The LZO library is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of + the License, or (at your option) any later version. + + The LZO library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with the LZO library; see the file COPYING. + If not, write to the Free Software Foundation, Inc., + 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + Markus F.X.J. Oberhumer + + http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html + */ + +/* + * NOTE: + * the full LZO package can be found at + * http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html + */ + + +#ifndef __MINILZO_H +#define __MINILZO_H + +#define MINILZO_VERSION 0x1060 + +#ifdef __LZOCONF_H +# error "you cannot use both LZO and miniLZO" +#endif + +#undef LZO_HAVE_CONFIG_H +#include "lzoconf.h" + +#if !defined(LZO_VERSION) || (LZO_VERSION != MINILZO_VERSION) +# error "version mismatch in header files" +#endif + + +#ifdef __cplusplus +extern "C" { +#endif + + +/*********************************************************************** +// +************************************************************************/ + +/* Memory required for the wrkmem parameter. + * When the required size is 0, you can also pass a NULL pointer. + */ + +#define LZO1X_MEM_COMPRESS LZO1X_1_MEM_COMPRESS +#define LZO1X_1_MEM_COMPRESS ((lzo_uint32) (16384L * lzo_sizeof_dict_t)) +#define LZO1X_MEM_DECOMPRESS (0) + + +/* compression */ +LZO_EXTERN(int) +lzo1x_1_compress ( const lzo_byte *src, lzo_uint src_len, + lzo_byte *dst, lzo_uint *dst_len, + lzo_voidp wrkmem ); + +/* decompression */ +LZO_EXTERN(int) +lzo1x_decompress ( const lzo_byte *src, lzo_uint src_len, + lzo_byte *dst, lzo_uint *dst_len, + lzo_voidp wrkmem /* NOT USED */ ); + +/* safe decompression with overrun testing */ +LZO_EXTERN(int) +lzo1x_decompress_safe ( const lzo_byte *src, lzo_uint src_len, + lzo_byte *dst, lzo_uint *dst_len, + lzo_voidp wrkmem /* NOT USED */ ); + + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* already included */ + Index: /tags/2.5.0/include/rijndael-alg-fst.h =================================================================== --- /tags/2.5.0/include/rijndael-alg-fst.h (revision 189) +++ /tags/2.5.0/include/rijndael-alg-fst.h (revision 189) @@ -0,0 +1,41 @@ +/* + * rijndael-alg-fst.h v2.3 April '2000 + * + * Optimised ANSI C code + * + */ + +/*@-fixedformalarray@*/ + +#ifndef __RIJNDAEL_ALG_FST_H +#define __RIJNDAEL_ALG_FST_H + +#define MAXKC (256/32) +#define MAXROUNDS 14 + +/* USUAL_TYPES */ +#ifndef USUAL_TYPES +#define USUAL_TYPES +typedef unsigned char byte; +typedef unsigned char word8; +typedef unsigned short word16; +typedef unsigned int word32; +#endif + +#ifdef SH_ENCRYPT + +int rijndaelKeySched(word8 k[MAXKC][4], word8 rk[MAXROUNDS+1][4][4], int ROUNDS); + +int rijndaelKeyEncToDec(word8 W[MAXROUNDS+1][4][4], int ROUNDS); + +int rijndaelEncrypt(word8 a[16], word8 b[16], word8 rk[MAXROUNDS+1][4][4], int ROUNDS); + + +int rijndaelDecrypt(word8 a[16], word8 b[16], word8 rk[MAXROUNDS+1][4][4], int ROUNDS); + +/* SH_ENCRYPT */ +#endif + +/* __RIJNDAEL_ALG_FST_H */ +#endif + Index: /tags/2.5.0/include/rijndael-api-fst.h =================================================================== --- /tags/2.5.0/include/rijndael-api-fst.h (revision 189) +++ /tags/2.5.0/include/rijndael-api-fst.h (revision 189) @@ -0,0 +1,103 @@ +/* + * rijndael-api-fst.h v2.3 April '2000 + * + * Optimised ANSI C code + * + */ + +#ifndef __RIJNDAEL_API_FST_H +#define __RIJNDAEL_API_FST_H + +#include "rijndael-alg-fst.h" + +/* Defines: + Add any additional defines you need +*/ + +#define BNUM 1 +#define B_SIZ 16 +#define STRICT_ALIGN 1 /* For safety */ + + +#define DIR_ENCRYPT 0 /* Are we encrpyting? */ +#define DIR_DECRYPT 1 /* Are we decrpyting? */ +#define MODE_ECB 1 /* Are we ciphering in ECB mode? */ +#define MODE_CBC 2 /* Are we ciphering in CBC mode? */ +#define MODE_CFB1 3 /* Are we ciphering in 1-bit CFB mode? */ +#ifndef TRUE +#define TRUE 1 +#endif +#ifndef FALSE +#define FALSE 0 +#endif +#define BITSPERBLOCK 128 /* Default number of bits in a cipher block */ + +/* Error Codes - CHANGE POSSIBLE: inclusion of additional error codes */ + +#define BAD_KEY_DIR -1 /* Key direction is invalid, e.g., unknown value */ +#define BAD_KEY_MAT -2 /* Key material not of correct length */ +#define BAD_KEY_INSTANCE -3 /* Key passed is not valid */ +#define BAD_CIPHER_MODE -4 /* Params struct passed to cipherInit invalid */ +#define BAD_CIPHER_STATE -5 /* Cipher in wrong state (e.g., not initialized) */ +#define BAD_BLOCK_LENGTH -6 +#define BAD_CIPHER_INSTANCE -7 +#define BAD_DATA -8 /* Data contents are invalid, e.g., invalid padding */ +#define BAD_OTHER -9 /* Unknown error */ + +/* CHANGE POSSIBLE: inclusion of algorithm specific defines */ +#define MAX_KEY_SIZE 64 /* # of ASCII char's needed to represent a key */ +#define MAX_IV_SIZE 16 /* # bytes needed to represent an IV */ + +#ifdef SH_ENCRYPT + +/* Typedefs: + + Typedef'ed data storage elements. Add any algorithm specific +parameters at the bottom of the structs as appropriate. +*/ + +typedef unsigned char RIJ_BYTE; + +/* The structure for key information */ +typedef struct { + RIJ_BYTE direction; /* Key used for encrypting or decrypting? */ + int keyLen; /* Length of the key */ + char keyMaterial[MAX_KEY_SIZE+1]; /* Raw key data in ASCII, e.g., user input or KAT values */ + /* The following parameters are algorithm dependent, replace or add as necessary */ + int ROUNDS; /* key-length-dependent number of rounds */ + int blockLen; /* block length */ + word8 keySched[MAXROUNDS+1][4][4]; /* key schedule */ +} keyInstance; + +/* The structure for cipher information */ +typedef struct { /* changed order of the components */ + RIJ_BYTE mode; /* MODE_ECB, MODE_CBC, or MODE_CFB1 */ + RIJ_BYTE IV[MAX_IV_SIZE]; /* A possible Initialization Vector for ciphering */ + /* Add any algorithm specific parameters needed here */ + int blockLen; /* Sample: Handles non-128 bit block sizes (if available) */ +} cipherInstance; + +/* Function prototypes */ +/* CHANGED: nothing + TODO: implement the following extensions to setup 192-bit and 256-bit block lengths: + makeKeyEx(): parameter blockLen added + -- this parameter is absolutely necessary if you want to + setup the round keys in a variable block length setting + cipherInitEx(): parameter blockLen added (for obvious reasons) + */ + +int makeKey(keyInstance *key, RIJ_BYTE direction, int keyLen, char *keyMaterial); + +int cipherInit(cipherInstance *cipher, RIJ_BYTE mode, char *IV); + +int blockEncrypt(cipherInstance *cipher, keyInstance *key, + RIJ_BYTE *input, int inputLen, RIJ_BYTE *outBuffer); + +int blockDecrypt(cipherInstance *cipher, keyInstance *key, + RIJ_BYTE *input, int inputLen, RIJ_BYTE *outBuffer); + +/* SH_ENCRYPT */ +#endif + +/* __RIJNDAEL_API_FST_H */ +#endif Index: /tags/2.5.0/include/rijndael-boxes-fst.h =================================================================== --- /tags/2.5.0/include/rijndael-boxes-fst.h (revision 189) +++ /tags/2.5.0/include/rijndael-boxes-fst.h (revision 189) @@ -0,0 +1,914 @@ +word8 S[256] = { + 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118, +202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192, +183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21, + 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117, + 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132, + 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207, +208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168, + 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210, +205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115, + 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219, +224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, +231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8, +186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, +112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, +225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, +140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22 +}; + +#ifdef INTERMEDIATE_VALUE_KAT +word8 Si[256] = { + 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251, +124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203, + 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78, + 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37, +114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146, +108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132, +144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6, +208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107, + 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115, +150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110, + 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27, +252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244, + 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95, + 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239, +160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97, + 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125 +}; +#endif /* INTERMEDIATE_VALUE_KAT */ + +word8 T1[256][4] = { +{ 0xc6,0x63,0x63,0xa5},{ 0xf8,0x7c,0x7c,0x84},{ 0xee,0x77,0x77,0x99},{ 0xf6,0x7b,0x7b,0x8d}, +{ 0xff,0xf2,0xf2,0x0d},{ 0xd6,0x6b,0x6b,0xbd},{ 0xde,0x6f,0x6f,0xb1},{ 0x91,0xc5,0xc5,0x54}, +{ 0x60,0x30,0x30,0x50},{ 0x02,0x01,0x01,0x03},{ 0xce,0x67,0x67,0xa9},{ 0x56,0x2b,0x2b,0x7d}, +{ 0xe7,0xfe,0xfe,0x19},{ 0xb5,0xd7,0xd7,0x62},{ 0x4d,0xab,0xab,0xe6},{ 0xec,0x76,0x76,0x9a}, +{ 0x8f,0xca,0xca,0x45},{ 0x1f,0x82,0x82,0x9d},{ 0x89,0xc9,0xc9,0x40},{ 0xfa,0x7d,0x7d,0x87}, +{ 0xef,0xfa,0xfa,0x15},{ 0xb2,0x59,0x59,0xeb},{ 0x8e,0x47,0x47,0xc9},{ 0xfb,0xf0,0xf0,0x0b}, +{ 0x41,0xad,0xad,0xec},{ 0xb3,0xd4,0xd4,0x67},{ 0x5f,0xa2,0xa2,0xfd},{ 0x45,0xaf,0xaf,0xea}, +{ 0x23,0x9c,0x9c,0xbf},{ 0x53,0xa4,0xa4,0xf7},{ 0xe4,0x72,0x72,0x96},{ 0x9b,0xc0,0xc0,0x5b}, +{ 0x75,0xb7,0xb7,0xc2},{ 0xe1,0xfd,0xfd,0x1c},{ 0x3d,0x93,0x93,0xae},{ 0x4c,0x26,0x26,0x6a}, +{ 0x6c,0x36,0x36,0x5a},{ 0x7e,0x3f,0x3f,0x41},{ 0xf5,0xf7,0xf7,0x02},{ 0x83,0xcc,0xcc,0x4f}, +{ 0x68,0x34,0x34,0x5c},{ 0x51,0xa5,0xa5,0xf4},{ 0xd1,0xe5,0xe5,0x34},{ 0xf9,0xf1,0xf1,0x08}, +{ 0xe2,0x71,0x71,0x93},{ 0xab,0xd8,0xd8,0x73},{ 0x62,0x31,0x31,0x53},{ 0x2a,0x15,0x15,0x3f}, +{ 0x08,0x04,0x04,0x0c},{ 0x95,0xc7,0xc7,0x52},{ 0x46,0x23,0x23,0x65},{ 0x9d,0xc3,0xc3,0x5e}, +{ 0x30,0x18,0x18,0x28},{ 0x37,0x96,0x96,0xa1},{ 0x0a,0x05,0x05,0x0f},{ 0x2f,0x9a,0x9a,0xb5}, +{ 0x0e,0x07,0x07,0x09},{ 0x24,0x12,0x12,0x36},{ 0x1b,0x80,0x80,0x9b},{ 0xdf,0xe2,0xe2,0x3d}, +{ 0xcd,0xeb,0xeb,0x26},{ 0x4e,0x27,0x27,0x69},{ 0x7f,0xb2,0xb2,0xcd},{ 0xea,0x75,0x75,0x9f}, +{ 0x12,0x09,0x09,0x1b},{ 0x1d,0x83,0x83,0x9e},{ 0x58,0x2c,0x2c,0x74},{ 0x34,0x1a,0x1a,0x2e}, +{ 0x36,0x1b,0x1b,0x2d},{ 0xdc,0x6e,0x6e,0xb2},{ 0xb4,0x5a,0x5a,0xee},{ 0x5b,0xa0,0xa0,0xfb}, +{ 0xa4,0x52,0x52,0xf6},{ 0x76,0x3b,0x3b,0x4d},{ 0xb7,0xd6,0xd6,0x61},{ 0x7d,0xb3,0xb3,0xce}, +{ 0x52,0x29,0x29,0x7b},{ 0xdd,0xe3,0xe3,0x3e},{ 0x5e,0x2f,0x2f,0x71},{ 0x13,0x84,0x84,0x97}, +{ 0xa6,0x53,0x53,0xf5},{ 0xb9,0xd1,0xd1,0x68},{ 0x00,0x00,0x00,0x00},{ 0xc1,0xed,0xed,0x2c}, +{ 0x40,0x20,0x20,0x60},{ 0xe3,0xfc,0xfc,0x1f},{ 0x79,0xb1,0xb1,0xc8},{ 0xb6,0x5b,0x5b,0xed}, +{ 0xd4,0x6a,0x6a,0xbe},{ 0x8d,0xcb,0xcb,0x46},{ 0x67,0xbe,0xbe,0xd9},{ 0x72,0x39,0x39,0x4b}, +{ 0x94,0x4a,0x4a,0xde},{ 0x98,0x4c,0x4c,0xd4},{ 0xb0,0x58,0x58,0xe8},{ 0x85,0xcf,0xcf,0x4a}, +{ 0xbb,0xd0,0xd0,0x6b},{ 0xc5,0xef,0xef,0x2a},{ 0x4f,0xaa,0xaa,0xe5},{ 0xed,0xfb,0xfb,0x16}, +{ 0x86,0x43,0x43,0xc5},{ 0x9a,0x4d,0x4d,0xd7},{ 0x66,0x33,0x33,0x55},{ 0x11,0x85,0x85,0x94}, +{ 0x8a,0x45,0x45,0xcf},{ 0xe9,0xf9,0xf9,0x10},{ 0x04,0x02,0x02,0x06},{ 0xfe,0x7f,0x7f,0x81}, +{ 0xa0,0x50,0x50,0xf0},{ 0x78,0x3c,0x3c,0x44},{ 0x25,0x9f,0x9f,0xba},{ 0x4b,0xa8,0xa8,0xe3}, +{ 0xa2,0x51,0x51,0xf3},{ 0x5d,0xa3,0xa3,0xfe},{ 0x80,0x40,0x40,0xc0},{ 0x05,0x8f,0x8f,0x8a}, +{ 0x3f,0x92,0x92,0xad},{ 0x21,0x9d,0x9d,0xbc},{ 0x70,0x38,0x38,0x48},{ 0xf1,0xf5,0xf5,0x04}, +{ 0x63,0xbc,0xbc,0xdf},{ 0x77,0xb6,0xb6,0xc1},{ 0xaf,0xda,0xda,0x75},{ 0x42,0x21,0x21,0x63}, +{ 0x20,0x10,0x10,0x30},{ 0xe5,0xff,0xff,0x1a},{ 0xfd,0xf3,0xf3,0x0e},{ 0xbf,0xd2,0xd2,0x6d}, +{ 0x81,0xcd,0xcd,0x4c},{ 0x18,0x0c,0x0c,0x14},{ 0x26,0x13,0x13,0x35},{ 0xc3,0xec,0xec,0x2f}, +{ 0xbe,0x5f,0x5f,0xe1},{ 0x35,0x97,0x97,0xa2},{ 0x88,0x44,0x44,0xcc},{ 0x2e,0x17,0x17,0x39}, +{ 0x93,0xc4,0xc4,0x57},{ 0x55,0xa7,0xa7,0xf2},{ 0xfc,0x7e,0x7e,0x82},{ 0x7a,0x3d,0x3d,0x47}, +{ 0xc8,0x64,0x64,0xac},{ 0xba,0x5d,0x5d,0xe7},{ 0x32,0x19,0x19,0x2b},{ 0xe6,0x73,0x73,0x95}, +{ 0xc0,0x60,0x60,0xa0},{ 0x19,0x81,0x81,0x98},{ 0x9e,0x4f,0x4f,0xd1},{ 0xa3,0xdc,0xdc,0x7f}, +{ 0x44,0x22,0x22,0x66},{ 0x54,0x2a,0x2a,0x7e},{ 0x3b,0x90,0x90,0xab},{ 0x0b,0x88,0x88,0x83}, +{ 0x8c,0x46,0x46,0xca},{ 0xc7,0xee,0xee,0x29},{ 0x6b,0xb8,0xb8,0xd3},{ 0x28,0x14,0x14,0x3c}, +{ 0xa7,0xde,0xde,0x79},{ 0xbc,0x5e,0x5e,0xe2},{ 0x16,0x0b,0x0b,0x1d},{ 0xad,0xdb,0xdb,0x76}, +{ 0xdb,0xe0,0xe0,0x3b},{ 0x64,0x32,0x32,0x56},{ 0x74,0x3a,0x3a,0x4e},{ 0x14,0x0a,0x0a,0x1e}, +{ 0x92,0x49,0x49,0xdb},{ 0x0c,0x06,0x06,0x0a},{ 0x48,0x24,0x24,0x6c},{ 0xb8,0x5c,0x5c,0xe4}, +{ 0x9f,0xc2,0xc2,0x5d},{ 0xbd,0xd3,0xd3,0x6e},{ 0x43,0xac,0xac,0xef},{ 0xc4,0x62,0x62,0xa6}, +{ 0x39,0x91,0x91,0xa8},{ 0x31,0x95,0x95,0xa4},{ 0xd3,0xe4,0xe4,0x37},{ 0xf2,0x79,0x79,0x8b}, +{ 0xd5,0xe7,0xe7,0x32},{ 0x8b,0xc8,0xc8,0x43},{ 0x6e,0x37,0x37,0x59},{ 0xda,0x6d,0x6d,0xb7}, +{ 0x01,0x8d,0x8d,0x8c},{ 0xb1,0xd5,0xd5,0x64},{ 0x9c,0x4e,0x4e,0xd2},{ 0x49,0xa9,0xa9,0xe0}, +{ 0xd8,0x6c,0x6c,0xb4},{ 0xac,0x56,0x56,0xfa},{ 0xf3,0xf4,0xf4,0x07},{ 0xcf,0xea,0xea,0x25}, +{ 0xca,0x65,0x65,0xaf},{ 0xf4,0x7a,0x7a,0x8e},{ 0x47,0xae,0xae,0xe9},{ 0x10,0x08,0x08,0x18}, +{ 0x6f,0xba,0xba,0xd5},{ 0xf0,0x78,0x78,0x88},{ 0x4a,0x25,0x25,0x6f},{ 0x5c,0x2e,0x2e,0x72}, +{ 0x38,0x1c,0x1c,0x24},{ 0x57,0xa6,0xa6,0xf1},{ 0x73,0xb4,0xb4,0xc7},{ 0x97,0xc6,0xc6,0x51}, +{ 0xcb,0xe8,0xe8,0x23},{ 0xa1,0xdd,0xdd,0x7c},{ 0xe8,0x74,0x74,0x9c},{ 0x3e,0x1f,0x1f,0x21}, +{ 0x96,0x4b,0x4b,0xdd},{ 0x61,0xbd,0xbd,0xdc},{ 0x0d,0x8b,0x8b,0x86},{ 0x0f,0x8a,0x8a,0x85}, +{ 0xe0,0x70,0x70,0x90},{ 0x7c,0x3e,0x3e,0x42},{ 0x71,0xb5,0xb5,0xc4},{ 0xcc,0x66,0x66,0xaa}, +{ 0x90,0x48,0x48,0xd8},{ 0x06,0x03,0x03,0x05},{ 0xf7,0xf6,0xf6,0x01},{ 0x1c,0x0e,0x0e,0x12}, +{ 0xc2,0x61,0x61,0xa3},{ 0x6a,0x35,0x35,0x5f},{ 0xae,0x57,0x57,0xf9},{ 0x69,0xb9,0xb9,0xd0}, +{ 0x17,0x86,0x86,0x91},{ 0x99,0xc1,0xc1,0x58},{ 0x3a,0x1d,0x1d,0x27},{ 0x27,0x9e,0x9e,0xb9}, +{ 0xd9,0xe1,0xe1,0x38},{ 0xeb,0xf8,0xf8,0x13},{ 0x2b,0x98,0x98,0xb3},{ 0x22,0x11,0x11,0x33}, +{ 0xd2,0x69,0x69,0xbb},{ 0xa9,0xd9,0xd9,0x70},{ 0x07,0x8e,0x8e,0x89},{ 0x33,0x94,0x94,0xa7}, +{ 0x2d,0x9b,0x9b,0xb6},{ 0x3c,0x1e,0x1e,0x22},{ 0x15,0x87,0x87,0x92},{ 0xc9,0xe9,0xe9,0x20}, +{ 0x87,0xce,0xce,0x49},{ 0xaa,0x55,0x55,0xff},{ 0x50,0x28,0x28,0x78},{ 0xa5,0xdf,0xdf,0x7a}, +{ 0x03,0x8c,0x8c,0x8f},{ 0x59,0xa1,0xa1,0xf8},{ 0x09,0x89,0x89,0x80},{ 0x1a,0x0d,0x0d,0x17}, +{ 0x65,0xbf,0xbf,0xda},{ 0xd7,0xe6,0xe6,0x31},{ 0x84,0x42,0x42,0xc6},{ 0xd0,0x68,0x68,0xb8}, +{ 0x82,0x41,0x41,0xc3},{ 0x29,0x99,0x99,0xb0},{ 0x5a,0x2d,0x2d,0x77},{ 0x1e,0x0f,0x0f,0x11}, +{ 0x7b,0xb0,0xb0,0xcb},{ 0xa8,0x54,0x54,0xfc},{ 0x6d,0xbb,0xbb,0xd6},{ 0x2c,0x16,0x16,0x3a } +}; + +word8 T2[256][4] = { +{ 0xa5,0xc6,0x63,0x63},{ 0x84,0xf8,0x7c,0x7c},{ 0x99,0xee,0x77,0x77},{ 0x8d,0xf6,0x7b,0x7b}, +{ 0x0d,0xff,0xf2,0xf2},{ 0xbd,0xd6,0x6b,0x6b},{ 0xb1,0xde,0x6f,0x6f},{ 0x54,0x91,0xc5,0xc5}, +{ 0x50,0x60,0x30,0x30},{ 0x03,0x02,0x01,0x01},{ 0xa9,0xce,0x67,0x67},{ 0x7d,0x56,0x2b,0x2b}, +{ 0x19,0xe7,0xfe,0xfe},{ 0x62,0xb5,0xd7,0xd7},{ 0xe6,0x4d,0xab,0xab},{ 0x9a,0xec,0x76,0x76}, +{ 0x45,0x8f,0xca,0xca},{ 0x9d,0x1f,0x82,0x82},{ 0x40,0x89,0xc9,0xc9},{ 0x87,0xfa,0x7d,0x7d}, +{ 0x15,0xef,0xfa,0xfa},{ 0xeb,0xb2,0x59,0x59},{ 0xc9,0x8e,0x47,0x47},{ 0x0b,0xfb,0xf0,0xf0}, +{ 0xec,0x41,0xad,0xad},{ 0x67,0xb3,0xd4,0xd4},{ 0xfd,0x5f,0xa2,0xa2},{ 0xea,0x45,0xaf,0xaf}, +{ 0xbf,0x23,0x9c,0x9c},{ 0xf7,0x53,0xa4,0xa4},{ 0x96,0xe4,0x72,0x72},{ 0x5b,0x9b,0xc0,0xc0}, +{ 0xc2,0x75,0xb7,0xb7},{ 0x1c,0xe1,0xfd,0xfd},{ 0xae,0x3d,0x93,0x93},{ 0x6a,0x4c,0x26,0x26}, +{ 0x5a,0x6c,0x36,0x36},{ 0x41,0x7e,0x3f,0x3f},{ 0x02,0xf5,0xf7,0xf7},{ 0x4f,0x83,0xcc,0xcc}, +{ 0x5c,0x68,0x34,0x34},{ 0xf4,0x51,0xa5,0xa5},{ 0x34,0xd1,0xe5,0xe5},{ 0x08,0xf9,0xf1,0xf1}, +{ 0x93,0xe2,0x71,0x71},{ 0x73,0xab,0xd8,0xd8},{ 0x53,0x62,0x31,0x31},{ 0x3f,0x2a,0x15,0x15}, +{ 0x0c,0x08,0x04,0x04},{ 0x52,0x95,0xc7,0xc7},{ 0x65,0x46,0x23,0x23},{ 0x5e,0x9d,0xc3,0xc3}, +{ 0x28,0x30,0x18,0x18},{ 0xa1,0x37,0x96,0x96},{ 0x0f,0x0a,0x05,0x05},{ 0xb5,0x2f,0x9a,0x9a}, +{ 0x09,0x0e,0x07,0x07},{ 0x36,0x24,0x12,0x12},{ 0x9b,0x1b,0x80,0x80},{ 0x3d,0xdf,0xe2,0xe2}, +{ 0x26,0xcd,0xeb,0xeb},{ 0x69,0x4e,0x27,0x27},{ 0xcd,0x7f,0xb2,0xb2},{ 0x9f,0xea,0x75,0x75}, +{ 0x1b,0x12,0x09,0x09},{ 0x9e,0x1d,0x83,0x83},{ 0x74,0x58,0x2c,0x2c},{ 0x2e,0x34,0x1a,0x1a}, +{ 0x2d,0x36,0x1b,0x1b},{ 0xb2,0xdc,0x6e,0x6e},{ 0xee,0xb4,0x5a,0x5a},{ 0xfb,0x5b,0xa0,0xa0}, +{ 0xf6,0xa4,0x52,0x52},{ 0x4d,0x76,0x3b,0x3b},{ 0x61,0xb7,0xd6,0xd6},{ 0xce,0x7d,0xb3,0xb3}, +{ 0x7b,0x52,0x29,0x29},{ 0x3e,0xdd,0xe3,0xe3},{ 0x71,0x5e,0x2f,0x2f},{ 0x97,0x13,0x84,0x84}, +{ 0xf5,0xa6,0x53,0x53},{ 0x68,0xb9,0xd1,0xd1},{ 0x00,0x00,0x00,0x00},{ 0x2c,0xc1,0xed,0xed}, +{ 0x60,0x40,0x20,0x20},{ 0x1f,0xe3,0xfc,0xfc},{ 0xc8,0x79,0xb1,0xb1},{ 0xed,0xb6,0x5b,0x5b}, +{ 0xbe,0xd4,0x6a,0x6a},{ 0x46,0x8d,0xcb,0xcb},{ 0xd9,0x67,0xbe,0xbe},{ 0x4b,0x72,0x39,0x39}, +{ 0xde,0x94,0x4a,0x4a},{ 0xd4,0x98,0x4c,0x4c},{ 0xe8,0xb0,0x58,0x58},{ 0x4a,0x85,0xcf,0xcf}, +{ 0x6b,0xbb,0xd0,0xd0},{ 0x2a,0xc5,0xef,0xef},{ 0xe5,0x4f,0xaa,0xaa},{ 0x16,0xed,0xfb,0xfb}, +{ 0xc5,0x86,0x43,0x43},{ 0xd7,0x9a,0x4d,0x4d},{ 0x55,0x66,0x33,0x33},{ 0x94,0x11,0x85,0x85}, +{ 0xcf,0x8a,0x45,0x45},{ 0x10,0xe9,0xf9,0xf9},{ 0x06,0x04,0x02,0x02},{ 0x81,0xfe,0x7f,0x7f}, +{ 0xf0,0xa0,0x50,0x50},{ 0x44,0x78,0x3c,0x3c},{ 0xba,0x25,0x9f,0x9f},{ 0xe3,0x4b,0xa8,0xa8}, +{ 0xf3,0xa2,0x51,0x51},{ 0xfe,0x5d,0xa3,0xa3},{ 0xc0,0x80,0x40,0x40},{ 0x8a,0x05,0x8f,0x8f}, +{ 0xad,0x3f,0x92,0x92},{ 0xbc,0x21,0x9d,0x9d},{ 0x48,0x70,0x38,0x38},{ 0x04,0xf1,0xf5,0xf5}, +{ 0xdf,0x63,0xbc,0xbc},{ 0xc1,0x77,0xb6,0xb6},{ 0x75,0xaf,0xda,0xda},{ 0x63,0x42,0x21,0x21}, +{ 0x30,0x20,0x10,0x10},{ 0x1a,0xe5,0xff,0xff},{ 0x0e,0xfd,0xf3,0xf3},{ 0x6d,0xbf,0xd2,0xd2}, +{ 0x4c,0x81,0xcd,0xcd},{ 0x14,0x18,0x0c,0x0c},{ 0x35,0x26,0x13,0x13},{ 0x2f,0xc3,0xec,0xec}, +{ 0xe1,0xbe,0x5f,0x5f},{ 0xa2,0x35,0x97,0x97},{ 0xcc,0x88,0x44,0x44},{ 0x39,0x2e,0x17,0x17}, +{ 0x57,0x93,0xc4,0xc4},{ 0xf2,0x55,0xa7,0xa7},{ 0x82,0xfc,0x7e,0x7e},{ 0x47,0x7a,0x3d,0x3d}, +{ 0xac,0xc8,0x64,0x64},{ 0xe7,0xba,0x5d,0x5d},{ 0x2b,0x32,0x19,0x19},{ 0x95,0xe6,0x73,0x73}, +{ 0xa0,0xc0,0x60,0x60},{ 0x98,0x19,0x81,0x81},{ 0xd1,0x9e,0x4f,0x4f},{ 0x7f,0xa3,0xdc,0xdc}, +{ 0x66,0x44,0x22,0x22},{ 0x7e,0x54,0x2a,0x2a},{ 0xab,0x3b,0x90,0x90},{ 0x83,0x0b,0x88,0x88}, +{ 0xca,0x8c,0x46,0x46},{ 0x29,0xc7,0xee,0xee},{ 0xd3,0x6b,0xb8,0xb8},{ 0x3c,0x28,0x14,0x14}, +{ 0x79,0xa7,0xde,0xde},{ 0xe2,0xbc,0x5e,0x5e},{ 0x1d,0x16,0x0b,0x0b},{ 0x76,0xad,0xdb,0xdb}, +{ 0x3b,0xdb,0xe0,0xe0},{ 0x56,0x64,0x32,0x32},{ 0x4e,0x74,0x3a,0x3a},{ 0x1e,0x14,0x0a,0x0a}, +{ 0xdb,0x92,0x49,0x49},{ 0x0a,0x0c,0x06,0x06},{ 0x6c,0x48,0x24,0x24},{ 0xe4,0xb8,0x5c,0x5c}, +{ 0x5d,0x9f,0xc2,0xc2},{ 0x6e,0xbd,0xd3,0xd3},{ 0xef,0x43,0xac,0xac},{ 0xa6,0xc4,0x62,0x62}, +{ 0xa8,0x39,0x91,0x91},{ 0xa4,0x31,0x95,0x95},{ 0x37,0xd3,0xe4,0xe4},{ 0x8b,0xf2,0x79,0x79}, +{ 0x32,0xd5,0xe7,0xe7},{ 0x43,0x8b,0xc8,0xc8},{ 0x59,0x6e,0x37,0x37},{ 0xb7,0xda,0x6d,0x6d}, +{ 0x8c,0x01,0x8d,0x8d},{ 0x64,0xb1,0xd5,0xd5},{ 0xd2,0x9c,0x4e,0x4e},{ 0xe0,0x49,0xa9,0xa9}, +{ 0xb4,0xd8,0x6c,0x6c},{ 0xfa,0xac,0x56,0x56},{ 0x07,0xf3,0xf4,0xf4},{ 0x25,0xcf,0xea,0xea}, +{ 0xaf,0xca,0x65,0x65},{ 0x8e,0xf4,0x7a,0x7a},{ 0xe9,0x47,0xae,0xae},{ 0x18,0x10,0x08,0x08}, +{ 0xd5,0x6f,0xba,0xba},{ 0x88,0xf0,0x78,0x78},{ 0x6f,0x4a,0x25,0x25},{ 0x72,0x5c,0x2e,0x2e}, +{ 0x24,0x38,0x1c,0x1c},{ 0xf1,0x57,0xa6,0xa6},{ 0xc7,0x73,0xb4,0xb4},{ 0x51,0x97,0xc6,0xc6}, +{ 0x23,0xcb,0xe8,0xe8},{ 0x7c,0xa1,0xdd,0xdd},{ 0x9c,0xe8,0x74,0x74},{ 0x21,0x3e,0x1f,0x1f}, +{ 0xdd,0x96,0x4b,0x4b},{ 0xdc,0x61,0xbd,0xbd},{ 0x86,0x0d,0x8b,0x8b},{ 0x85,0x0f,0x8a,0x8a}, +{ 0x90,0xe0,0x70,0x70},{ 0x42,0x7c,0x3e,0x3e},{ 0xc4,0x71,0xb5,0xb5},{ 0xaa,0xcc,0x66,0x66}, +{ 0xd8,0x90,0x48,0x48},{ 0x05,0x06,0x03,0x03},{ 0x01,0xf7,0xf6,0xf6},{ 0x12,0x1c,0x0e,0x0e}, +{ 0xa3,0xc2,0x61,0x61},{ 0x5f,0x6a,0x35,0x35},{ 0xf9,0xae,0x57,0x57},{ 0xd0,0x69,0xb9,0xb9}, +{ 0x91,0x17,0x86,0x86},{ 0x58,0x99,0xc1,0xc1},{ 0x27,0x3a,0x1d,0x1d},{ 0xb9,0x27,0x9e,0x9e}, +{ 0x38,0xd9,0xe1,0xe1},{ 0x13,0xeb,0xf8,0xf8},{ 0xb3,0x2b,0x98,0x98},{ 0x33,0x22,0x11,0x11}, +{ 0xbb,0xd2,0x69,0x69},{ 0x70,0xa9,0xd9,0xd9},{ 0x89,0x07,0x8e,0x8e},{ 0xa7,0x33,0x94,0x94}, +{ 0xb6,0x2d,0x9b,0x9b},{ 0x22,0x3c,0x1e,0x1e},{ 0x92,0x15,0x87,0x87},{ 0x20,0xc9,0xe9,0xe9}, +{ 0x49,0x87,0xce,0xce},{ 0xff,0xaa,0x55,0x55},{ 0x78,0x50,0x28,0x28},{ 0x7a,0xa5,0xdf,0xdf}, +{ 0x8f,0x03,0x8c,0x8c},{ 0xf8,0x59,0xa1,0xa1},{ 0x80,0x09,0x89,0x89},{ 0x17,0x1a,0x0d,0x0d}, +{ 0xda,0x65,0xbf,0xbf},{ 0x31,0xd7,0xe6,0xe6},{ 0xc6,0x84,0x42,0x42},{ 0xb8,0xd0,0x68,0x68}, +{ 0xc3,0x82,0x41,0x41},{ 0xb0,0x29,0x99,0x99},{ 0x77,0x5a,0x2d,0x2d},{ 0x11,0x1e,0x0f,0x0f}, +{ 0xcb,0x7b,0xb0,0xb0},{ 0xfc,0xa8,0x54,0x54},{ 0xd6,0x6d,0xbb,0xbb},{ 0x3a,0x2c,0x16,0x16 } +}; + +word8 T3[256][4] = { +{ 0x63,0xa5,0xc6,0x63},{ 0x7c,0x84,0xf8,0x7c},{ 0x77,0x99,0xee,0x77},{ 0x7b,0x8d,0xf6,0x7b}, +{ 0xf2,0x0d,0xff,0xf2},{ 0x6b,0xbd,0xd6,0x6b},{ 0x6f,0xb1,0xde,0x6f},{ 0xc5,0x54,0x91,0xc5}, +{ 0x30,0x50,0x60,0x30},{ 0x01,0x03,0x02,0x01},{ 0x67,0xa9,0xce,0x67},{ 0x2b,0x7d,0x56,0x2b}, +{ 0xfe,0x19,0xe7,0xfe},{ 0xd7,0x62,0xb5,0xd7},{ 0xab,0xe6,0x4d,0xab},{ 0x76,0x9a,0xec,0x76}, +{ 0xca,0x45,0x8f,0xca},{ 0x82,0x9d,0x1f,0x82},{ 0xc9,0x40,0x89,0xc9},{ 0x7d,0x87,0xfa,0x7d}, +{ 0xfa,0x15,0xef,0xfa},{ 0x59,0xeb,0xb2,0x59},{ 0x47,0xc9,0x8e,0x47},{ 0xf0,0x0b,0xfb,0xf0}, +{ 0xad,0xec,0x41,0xad},{ 0xd4,0x67,0xb3,0xd4},{ 0xa2,0xfd,0x5f,0xa2},{ 0xaf,0xea,0x45,0xaf}, +{ 0x9c,0xbf,0x23,0x9c},{ 0xa4,0xf7,0x53,0xa4},{ 0x72,0x96,0xe4,0x72},{ 0xc0,0x5b,0x9b,0xc0}, +{ 0xb7,0xc2,0x75,0xb7},{ 0xfd,0x1c,0xe1,0xfd},{ 0x93,0xae,0x3d,0x93},{ 0x26,0x6a,0x4c,0x26}, +{ 0x36,0x5a,0x6c,0x36},{ 0x3f,0x41,0x7e,0x3f},{ 0xf7,0x02,0xf5,0xf7},{ 0xcc,0x4f,0x83,0xcc}, +{ 0x34,0x5c,0x68,0x34},{ 0xa5,0xf4,0x51,0xa5},{ 0xe5,0x34,0xd1,0xe5},{ 0xf1,0x08,0xf9,0xf1}, +{ 0x71,0x93,0xe2,0x71},{ 0xd8,0x73,0xab,0xd8},{ 0x31,0x53,0x62,0x31},{ 0x15,0x3f,0x2a,0x15}, +{ 0x04,0x0c,0x08,0x04},{ 0xc7,0x52,0x95,0xc7},{ 0x23,0x65,0x46,0x23},{ 0xc3,0x5e,0x9d,0xc3}, +{ 0x18,0x28,0x30,0x18},{ 0x96,0xa1,0x37,0x96},{ 0x05,0x0f,0x0a,0x05},{ 0x9a,0xb5,0x2f,0x9a}, +{ 0x07,0x09,0x0e,0x07},{ 0x12,0x36,0x24,0x12},{ 0x80,0x9b,0x1b,0x80},{ 0xe2,0x3d,0xdf,0xe2}, +{ 0xeb,0x26,0xcd,0xeb},{ 0x27,0x69,0x4e,0x27},{ 0xb2,0xcd,0x7f,0xb2},{ 0x75,0x9f,0xea,0x75}, +{ 0x09,0x1b,0x12,0x09},{ 0x83,0x9e,0x1d,0x83},{ 0x2c,0x74,0x58,0x2c},{ 0x1a,0x2e,0x34,0x1a}, +{ 0x1b,0x2d,0x36,0x1b},{ 0x6e,0xb2,0xdc,0x6e},{ 0x5a,0xee,0xb4,0x5a},{ 0xa0,0xfb,0x5b,0xa0}, +{ 0x52,0xf6,0xa4,0x52},{ 0x3b,0x4d,0x76,0x3b},{ 0xd6,0x61,0xb7,0xd6},{ 0xb3,0xce,0x7d,0xb3}, +{ 0x29,0x7b,0x52,0x29},{ 0xe3,0x3e,0xdd,0xe3},{ 0x2f,0x71,0x5e,0x2f},{ 0x84,0x97,0x13,0x84}, +{ 0x53,0xf5,0xa6,0x53},{ 0xd1,0x68,0xb9,0xd1},{ 0x00,0x00,0x00,0x00},{ 0xed,0x2c,0xc1,0xed}, +{ 0x20,0x60,0x40,0x20},{ 0xfc,0x1f,0xe3,0xfc},{ 0xb1,0xc8,0x79,0xb1},{ 0x5b,0xed,0xb6,0x5b}, +{ 0x6a,0xbe,0xd4,0x6a},{ 0xcb,0x46,0x8d,0xcb},{ 0xbe,0xd9,0x67,0xbe},{ 0x39,0x4b,0x72,0x39}, +{ 0x4a,0xde,0x94,0x4a},{ 0x4c,0xd4,0x98,0x4c},{ 0x58,0xe8,0xb0,0x58},{ 0xcf,0x4a,0x85,0xcf}, +{ 0xd0,0x6b,0xbb,0xd0},{ 0xef,0x2a,0xc5,0xef},{ 0xaa,0xe5,0x4f,0xaa},{ 0xfb,0x16,0xed,0xfb}, +{ 0x43,0xc5,0x86,0x43},{ 0x4d,0xd7,0x9a,0x4d},{ 0x33,0x55,0x66,0x33},{ 0x85,0x94,0x11,0x85}, +{ 0x45,0xcf,0x8a,0x45},{ 0xf9,0x10,0xe9,0xf9},{ 0x02,0x06,0x04,0x02},{ 0x7f,0x81,0xfe,0x7f}, +{ 0x50,0xf0,0xa0,0x50},{ 0x3c,0x44,0x78,0x3c},{ 0x9f,0xba,0x25,0x9f},{ 0xa8,0xe3,0x4b,0xa8}, +{ 0x51,0xf3,0xa2,0x51},{ 0xa3,0xfe,0x5d,0xa3},{ 0x40,0xc0,0x80,0x40},{ 0x8f,0x8a,0x05,0x8f}, +{ 0x92,0xad,0x3f,0x92},{ 0x9d,0xbc,0x21,0x9d},{ 0x38,0x48,0x70,0x38},{ 0xf5,0x04,0xf1,0xf5}, +{ 0xbc,0xdf,0x63,0xbc},{ 0xb6,0xc1,0x77,0xb6},{ 0xda,0x75,0xaf,0xda},{ 0x21,0x63,0x42,0x21}, +{ 0x10,0x30,0x20,0x10},{ 0xff,0x1a,0xe5,0xff},{ 0xf3,0x0e,0xfd,0xf3},{ 0xd2,0x6d,0xbf,0xd2}, +{ 0xcd,0x4c,0x81,0xcd},{ 0x0c,0x14,0x18,0x0c},{ 0x13,0x35,0x26,0x13},{ 0xec,0x2f,0xc3,0xec}, +{ 0x5f,0xe1,0xbe,0x5f},{ 0x97,0xa2,0x35,0x97},{ 0x44,0xcc,0x88,0x44},{ 0x17,0x39,0x2e,0x17}, +{ 0xc4,0x57,0x93,0xc4},{ 0xa7,0xf2,0x55,0xa7},{ 0x7e,0x82,0xfc,0x7e},{ 0x3d,0x47,0x7a,0x3d}, +{ 0x64,0xac,0xc8,0x64},{ 0x5d,0xe7,0xba,0x5d},{ 0x19,0x2b,0x32,0x19},{ 0x73,0x95,0xe6,0x73}, +{ 0x60,0xa0,0xc0,0x60},{ 0x81,0x98,0x19,0x81},{ 0x4f,0xd1,0x9e,0x4f},{ 0xdc,0x7f,0xa3,0xdc}, +{ 0x22,0x66,0x44,0x22},{ 0x2a,0x7e,0x54,0x2a},{ 0x90,0xab,0x3b,0x90},{ 0x88,0x83,0x0b,0x88}, +{ 0x46,0xca,0x8c,0x46},{ 0xee,0x29,0xc7,0xee},{ 0xb8,0xd3,0x6b,0xb8},{ 0x14,0x3c,0x28,0x14}, +{ 0xde,0x79,0xa7,0xde},{ 0x5e,0xe2,0xbc,0x5e},{ 0x0b,0x1d,0x16,0x0b},{ 0xdb,0x76,0xad,0xdb}, +{ 0xe0,0x3b,0xdb,0xe0},{ 0x32,0x56,0x64,0x32},{ 0x3a,0x4e,0x74,0x3a},{ 0x0a,0x1e,0x14,0x0a}, +{ 0x49,0xdb,0x92,0x49},{ 0x06,0x0a,0x0c,0x06},{ 0x24,0x6c,0x48,0x24},{ 0x5c,0xe4,0xb8,0x5c}, +{ 0xc2,0x5d,0x9f,0xc2},{ 0xd3,0x6e,0xbd,0xd3},{ 0xac,0xef,0x43,0xac},{ 0x62,0xa6,0xc4,0x62}, +{ 0x91,0xa8,0x39,0x91},{ 0x95,0xa4,0x31,0x95},{ 0xe4,0x37,0xd3,0xe4},{ 0x79,0x8b,0xf2,0x79}, +{ 0xe7,0x32,0xd5,0xe7},{ 0xc8,0x43,0x8b,0xc8},{ 0x37,0x59,0x6e,0x37},{ 0x6d,0xb7,0xda,0x6d}, +{ 0x8d,0x8c,0x01,0x8d},{ 0xd5,0x64,0xb1,0xd5},{ 0x4e,0xd2,0x9c,0x4e},{ 0xa9,0xe0,0x49,0xa9}, +{ 0x6c,0xb4,0xd8,0x6c},{ 0x56,0xfa,0xac,0x56},{ 0xf4,0x07,0xf3,0xf4},{ 0xea,0x25,0xcf,0xea}, +{ 0x65,0xaf,0xca,0x65},{ 0x7a,0x8e,0xf4,0x7a},{ 0xae,0xe9,0x47,0xae},{ 0x08,0x18,0x10,0x08}, +{ 0xba,0xd5,0x6f,0xba},{ 0x78,0x88,0xf0,0x78},{ 0x25,0x6f,0x4a,0x25},{ 0x2e,0x72,0x5c,0x2e}, +{ 0x1c,0x24,0x38,0x1c},{ 0xa6,0xf1,0x57,0xa6},{ 0xb4,0xc7,0x73,0xb4},{ 0xc6,0x51,0x97,0xc6}, +{ 0xe8,0x23,0xcb,0xe8},{ 0xdd,0x7c,0xa1,0xdd},{ 0x74,0x9c,0xe8,0x74},{ 0x1f,0x21,0x3e,0x1f}, +{ 0x4b,0xdd,0x96,0x4b},{ 0xbd,0xdc,0x61,0xbd},{ 0x8b,0x86,0x0d,0x8b},{ 0x8a,0x85,0x0f,0x8a}, +{ 0x70,0x90,0xe0,0x70},{ 0x3e,0x42,0x7c,0x3e},{ 0xb5,0xc4,0x71,0xb5},{ 0x66,0xaa,0xcc,0x66}, +{ 0x48,0xd8,0x90,0x48},{ 0x03,0x05,0x06,0x03},{ 0xf6,0x01,0xf7,0xf6},{ 0x0e,0x12,0x1c,0x0e}, +{ 0x61,0xa3,0xc2,0x61},{ 0x35,0x5f,0x6a,0x35},{ 0x57,0xf9,0xae,0x57},{ 0xb9,0xd0,0x69,0xb9}, +{ 0x86,0x91,0x17,0x86},{ 0xc1,0x58,0x99,0xc1},{ 0x1d,0x27,0x3a,0x1d},{ 0x9e,0xb9,0x27,0x9e}, +{ 0xe1,0x38,0xd9,0xe1},{ 0xf8,0x13,0xeb,0xf8},{ 0x98,0xb3,0x2b,0x98},{ 0x11,0x33,0x22,0x11}, +{ 0x69,0xbb,0xd2,0x69},{ 0xd9,0x70,0xa9,0xd9},{ 0x8e,0x89,0x07,0x8e},{ 0x94,0xa7,0x33,0x94}, +{ 0x9b,0xb6,0x2d,0x9b},{ 0x1e,0x22,0x3c,0x1e},{ 0x87,0x92,0x15,0x87},{ 0xe9,0x20,0xc9,0xe9}, +{ 0xce,0x49,0x87,0xce},{ 0x55,0xff,0xaa,0x55},{ 0x28,0x78,0x50,0x28},{ 0xdf,0x7a,0xa5,0xdf}, +{ 0x8c,0x8f,0x03,0x8c},{ 0xa1,0xf8,0x59,0xa1},{ 0x89,0x80,0x09,0x89},{ 0x0d,0x17,0x1a,0x0d}, +{ 0xbf,0xda,0x65,0xbf},{ 0xe6,0x31,0xd7,0xe6},{ 0x42,0xc6,0x84,0x42},{ 0x68,0xb8,0xd0,0x68}, +{ 0x41,0xc3,0x82,0x41},{ 0x99,0xb0,0x29,0x99},{ 0x2d,0x77,0x5a,0x2d},{ 0x0f,0x11,0x1e,0x0f}, +{ 0xb0,0xcb,0x7b,0xb0},{ 0x54,0xfc,0xa8,0x54},{ 0xbb,0xd6,0x6d,0xbb},{ 0x16,0x3a,0x2c,0x16 } +}; + +word8 T4[256][4] = { +{ 0x63,0x63,0xa5,0xc6},{ 0x7c,0x7c,0x84,0xf8},{ 0x77,0x77,0x99,0xee},{ 0x7b,0x7b,0x8d,0xf6}, +{ 0xf2,0xf2,0x0d,0xff},{ 0x6b,0x6b,0xbd,0xd6},{ 0x6f,0x6f,0xb1,0xde},{ 0xc5,0xc5,0x54,0x91}, +{ 0x30,0x30,0x50,0x60},{ 0x01,0x01,0x03,0x02},{ 0x67,0x67,0xa9,0xce},{ 0x2b,0x2b,0x7d,0x56}, +{ 0xfe,0xfe,0x19,0xe7},{ 0xd7,0xd7,0x62,0xb5},{ 0xab,0xab,0xe6,0x4d},{ 0x76,0x76,0x9a,0xec}, +{ 0xca,0xca,0x45,0x8f},{ 0x82,0x82,0x9d,0x1f},{ 0xc9,0xc9,0x40,0x89},{ 0x7d,0x7d,0x87,0xfa}, +{ 0xfa,0xfa,0x15,0xef},{ 0x59,0x59,0xeb,0xb2},{ 0x47,0x47,0xc9,0x8e},{ 0xf0,0xf0,0x0b,0xfb}, +{ 0xad,0xad,0xec,0x41},{ 0xd4,0xd4,0x67,0xb3},{ 0xa2,0xa2,0xfd,0x5f},{ 0xaf,0xaf,0xea,0x45}, +{ 0x9c,0x9c,0xbf,0x23},{ 0xa4,0xa4,0xf7,0x53},{ 0x72,0x72,0x96,0xe4},{ 0xc0,0xc0,0x5b,0x9b}, +{ 0xb7,0xb7,0xc2,0x75},{ 0xfd,0xfd,0x1c,0xe1},{ 0x93,0x93,0xae,0x3d},{ 0x26,0x26,0x6a,0x4c}, +{ 0x36,0x36,0x5a,0x6c},{ 0x3f,0x3f,0x41,0x7e},{ 0xf7,0xf7,0x02,0xf5},{ 0xcc,0xcc,0x4f,0x83}, +{ 0x34,0x34,0x5c,0x68},{ 0xa5,0xa5,0xf4,0x51},{ 0xe5,0xe5,0x34,0xd1},{ 0xf1,0xf1,0x08,0xf9}, +{ 0x71,0x71,0x93,0xe2},{ 0xd8,0xd8,0x73,0xab},{ 0x31,0x31,0x53,0x62},{ 0x15,0x15,0x3f,0x2a}, +{ 0x04,0x04,0x0c,0x08},{ 0xc7,0xc7,0x52,0x95},{ 0x23,0x23,0x65,0x46},{ 0xc3,0xc3,0x5e,0x9d}, +{ 0x18,0x18,0x28,0x30},{ 0x96,0x96,0xa1,0x37},{ 0x05,0x05,0x0f,0x0a},{ 0x9a,0x9a,0xb5,0x2f}, +{ 0x07,0x07,0x09,0x0e},{ 0x12,0x12,0x36,0x24},{ 0x80,0x80,0x9b,0x1b},{ 0xe2,0xe2,0x3d,0xdf}, +{ 0xeb,0xeb,0x26,0xcd},{ 0x27,0x27,0x69,0x4e},{ 0xb2,0xb2,0xcd,0x7f},{ 0x75,0x75,0x9f,0xea}, +{ 0x09,0x09,0x1b,0x12},{ 0x83,0x83,0x9e,0x1d},{ 0x2c,0x2c,0x74,0x58},{ 0x1a,0x1a,0x2e,0x34}, +{ 0x1b,0x1b,0x2d,0x36},{ 0x6e,0x6e,0xb2,0xdc},{ 0x5a,0x5a,0xee,0xb4},{ 0xa0,0xa0,0xfb,0x5b}, +{ 0x52,0x52,0xf6,0xa4},{ 0x3b,0x3b,0x4d,0x76},{ 0xd6,0xd6,0x61,0xb7},{ 0xb3,0xb3,0xce,0x7d}, +{ 0x29,0x29,0x7b,0x52},{ 0xe3,0xe3,0x3e,0xdd},{ 0x2f,0x2f,0x71,0x5e},{ 0x84,0x84,0x97,0x13}, +{ 0x53,0x53,0xf5,0xa6},{ 0xd1,0xd1,0x68,0xb9},{ 0x00,0x00,0x00,0x00},{ 0xed,0xed,0x2c,0xc1}, +{ 0x20,0x20,0x60,0x40},{ 0xfc,0xfc,0x1f,0xe3},{ 0xb1,0xb1,0xc8,0x79},{ 0x5b,0x5b,0xed,0xb6}, +{ 0x6a,0x6a,0xbe,0xd4},{ 0xcb,0xcb,0x46,0x8d},{ 0xbe,0xbe,0xd9,0x67},{ 0x39,0x39,0x4b,0x72}, +{ 0x4a,0x4a,0xde,0x94},{ 0x4c,0x4c,0xd4,0x98},{ 0x58,0x58,0xe8,0xb0},{ 0xcf,0xcf,0x4a,0x85}, +{ 0xd0,0xd0,0x6b,0xbb},{ 0xef,0xef,0x2a,0xc5},{ 0xaa,0xaa,0xe5,0x4f},{ 0xfb,0xfb,0x16,0xed}, +{ 0x43,0x43,0xc5,0x86},{ 0x4d,0x4d,0xd7,0x9a},{ 0x33,0x33,0x55,0x66},{ 0x85,0x85,0x94,0x11}, +{ 0x45,0x45,0xcf,0x8a},{ 0xf9,0xf9,0x10,0xe9},{ 0x02,0x02,0x06,0x04},{ 0x7f,0x7f,0x81,0xfe}, +{ 0x50,0x50,0xf0,0xa0},{ 0x3c,0x3c,0x44,0x78},{ 0x9f,0x9f,0xba,0x25},{ 0xa8,0xa8,0xe3,0x4b}, +{ 0x51,0x51,0xf3,0xa2},{ 0xa3,0xa3,0xfe,0x5d},{ 0x40,0x40,0xc0,0x80},{ 0x8f,0x8f,0x8a,0x05}, +{ 0x92,0x92,0xad,0x3f},{ 0x9d,0x9d,0xbc,0x21},{ 0x38,0x38,0x48,0x70},{ 0xf5,0xf5,0x04,0xf1}, +{ 0xbc,0xbc,0xdf,0x63},{ 0xb6,0xb6,0xc1,0x77},{ 0xda,0xda,0x75,0xaf},{ 0x21,0x21,0x63,0x42}, +{ 0x10,0x10,0x30,0x20},{ 0xff,0xff,0x1a,0xe5},{ 0xf3,0xf3,0x0e,0xfd},{ 0xd2,0xd2,0x6d,0xbf}, +{ 0xcd,0xcd,0x4c,0x81},{ 0x0c,0x0c,0x14,0x18},{ 0x13,0x13,0x35,0x26},{ 0xec,0xec,0x2f,0xc3}, +{ 0x5f,0x5f,0xe1,0xbe},{ 0x97,0x97,0xa2,0x35},{ 0x44,0x44,0xcc,0x88},{ 0x17,0x17,0x39,0x2e}, +{ 0xc4,0xc4,0x57,0x93},{ 0xa7,0xa7,0xf2,0x55},{ 0x7e,0x7e,0x82,0xfc},{ 0x3d,0x3d,0x47,0x7a}, +{ 0x64,0x64,0xac,0xc8},{ 0x5d,0x5d,0xe7,0xba},{ 0x19,0x19,0x2b,0x32},{ 0x73,0x73,0x95,0xe6}, +{ 0x60,0x60,0xa0,0xc0},{ 0x81,0x81,0x98,0x19},{ 0x4f,0x4f,0xd1,0x9e},{ 0xdc,0xdc,0x7f,0xa3}, +{ 0x22,0x22,0x66,0x44},{ 0x2a,0x2a,0x7e,0x54},{ 0x90,0x90,0xab,0x3b},{ 0x88,0x88,0x83,0x0b}, +{ 0x46,0x46,0xca,0x8c},{ 0xee,0xee,0x29,0xc7},{ 0xb8,0xb8,0xd3,0x6b},{ 0x14,0x14,0x3c,0x28}, +{ 0xde,0xde,0x79,0xa7},{ 0x5e,0x5e,0xe2,0xbc},{ 0x0b,0x0b,0x1d,0x16},{ 0xdb,0xdb,0x76,0xad}, +{ 0xe0,0xe0,0x3b,0xdb},{ 0x32,0x32,0x56,0x64},{ 0x3a,0x3a,0x4e,0x74},{ 0x0a,0x0a,0x1e,0x14}, +{ 0x49,0x49,0xdb,0x92},{ 0x06,0x06,0x0a,0x0c},{ 0x24,0x24,0x6c,0x48},{ 0x5c,0x5c,0xe4,0xb8}, +{ 0xc2,0xc2,0x5d,0x9f},{ 0xd3,0xd3,0x6e,0xbd},{ 0xac,0xac,0xef,0x43},{ 0x62,0x62,0xa6,0xc4}, +{ 0x91,0x91,0xa8,0x39},{ 0x95,0x95,0xa4,0x31},{ 0xe4,0xe4,0x37,0xd3},{ 0x79,0x79,0x8b,0xf2}, +{ 0xe7,0xe7,0x32,0xd5},{ 0xc8,0xc8,0x43,0x8b},{ 0x37,0x37,0x59,0x6e},{ 0x6d,0x6d,0xb7,0xda}, +{ 0x8d,0x8d,0x8c,0x01},{ 0xd5,0xd5,0x64,0xb1},{ 0x4e,0x4e,0xd2,0x9c},{ 0xa9,0xa9,0xe0,0x49}, +{ 0x6c,0x6c,0xb4,0xd8},{ 0x56,0x56,0xfa,0xac},{ 0xf4,0xf4,0x07,0xf3},{ 0xea,0xea,0x25,0xcf}, +{ 0x65,0x65,0xaf,0xca},{ 0x7a,0x7a,0x8e,0xf4},{ 0xae,0xae,0xe9,0x47},{ 0x08,0x08,0x18,0x10}, +{ 0xba,0xba,0xd5,0x6f},{ 0x78,0x78,0x88,0xf0},{ 0x25,0x25,0x6f,0x4a},{ 0x2e,0x2e,0x72,0x5c}, +{ 0x1c,0x1c,0x24,0x38},{ 0xa6,0xa6,0xf1,0x57},{ 0xb4,0xb4,0xc7,0x73},{ 0xc6,0xc6,0x51,0x97}, +{ 0xe8,0xe8,0x23,0xcb},{ 0xdd,0xdd,0x7c,0xa1},{ 0x74,0x74,0x9c,0xe8},{ 0x1f,0x1f,0x21,0x3e}, +{ 0x4b,0x4b,0xdd,0x96},{ 0xbd,0xbd,0xdc,0x61},{ 0x8b,0x8b,0x86,0x0d},{ 0x8a,0x8a,0x85,0x0f}, +{ 0x70,0x70,0x90,0xe0},{ 0x3e,0x3e,0x42,0x7c},{ 0xb5,0xb5,0xc4,0x71},{ 0x66,0x66,0xaa,0xcc}, +{ 0x48,0x48,0xd8,0x90},{ 0x03,0x03,0x05,0x06},{ 0xf6,0xf6,0x01,0xf7},{ 0x0e,0x0e,0x12,0x1c}, +{ 0x61,0x61,0xa3,0xc2},{ 0x35,0x35,0x5f,0x6a},{ 0x57,0x57,0xf9,0xae},{ 0xb9,0xb9,0xd0,0x69}, +{ 0x86,0x86,0x91,0x17},{ 0xc1,0xc1,0x58,0x99},{ 0x1d,0x1d,0x27,0x3a},{ 0x9e,0x9e,0xb9,0x27}, +{ 0xe1,0xe1,0x38,0xd9},{ 0xf8,0xf8,0x13,0xeb},{ 0x98,0x98,0xb3,0x2b},{ 0x11,0x11,0x33,0x22}, +{ 0x69,0x69,0xbb,0xd2},{ 0xd9,0xd9,0x70,0xa9},{ 0x8e,0x8e,0x89,0x07},{ 0x94,0x94,0xa7,0x33}, +{ 0x9b,0x9b,0xb6,0x2d},{ 0x1e,0x1e,0x22,0x3c},{ 0x87,0x87,0x92,0x15},{ 0xe9,0xe9,0x20,0xc9}, +{ 0xce,0xce,0x49,0x87},{ 0x55,0x55,0xff,0xaa},{ 0x28,0x28,0x78,0x50},{ 0xdf,0xdf,0x7a,0xa5}, +{ 0x8c,0x8c,0x8f,0x03},{ 0xa1,0xa1,0xf8,0x59},{ 0x89,0x89,0x80,0x09},{ 0x0d,0x0d,0x17,0x1a}, +{ 0xbf,0xbf,0xda,0x65},{ 0xe6,0xe6,0x31,0xd7},{ 0x42,0x42,0xc6,0x84},{ 0x68,0x68,0xb8,0xd0}, +{ 0x41,0x41,0xc3,0x82},{ 0x99,0x99,0xb0,0x29},{ 0x2d,0x2d,0x77,0x5a},{ 0x0f,0x0f,0x11,0x1e}, +{ 0xb0,0xb0,0xcb,0x7b},{ 0x54,0x54,0xfc,0xa8},{ 0xbb,0xbb,0xd6,0x6d},{ 0x16,0x16,0x3a,0x2c } +}; + +word8 T5[256][4] = { +{ 0x51,0xf4,0xa7,0x50},{ 0x7e,0x41,0x65,0x53},{ 0x1a,0x17,0xa4,0xc3},{ 0x3a,0x27,0x5e,0x96}, +{ 0x3b,0xab,0x6b,0xcb},{ 0x1f,0x9d,0x45,0xf1},{ 0xac,0xfa,0x58,0xab},{ 0x4b,0xe3,0x03,0x93}, +{ 0x20,0x30,0xfa,0x55},{ 0xad,0x76,0x6d,0xf6},{ 0x88,0xcc,0x76,0x91},{ 0xf5,0x02,0x4c,0x25}, +{ 0x4f,0xe5,0xd7,0xfc},{ 0xc5,0x2a,0xcb,0xd7},{ 0x26,0x35,0x44,0x80},{ 0xb5,0x62,0xa3,0x8f}, +{ 0xde,0xb1,0x5a,0x49},{ 0x25,0xba,0x1b,0x67},{ 0x45,0xea,0x0e,0x98},{ 0x5d,0xfe,0xc0,0xe1}, +{ 0xc3,0x2f,0x75,0x02},{ 0x81,0x4c,0xf0,0x12},{ 0x8d,0x46,0x97,0xa3},{ 0x6b,0xd3,0xf9,0xc6}, +{ 0x03,0x8f,0x5f,0xe7},{ 0x15,0x92,0x9c,0x95},{ 0xbf,0x6d,0x7a,0xeb},{ 0x95,0x52,0x59,0xda}, +{ 0xd4,0xbe,0x83,0x2d},{ 0x58,0x74,0x21,0xd3},{ 0x49,0xe0,0x69,0x29},{ 0x8e,0xc9,0xc8,0x44}, +{ 0x75,0xc2,0x89,0x6a},{ 0xf4,0x8e,0x79,0x78},{ 0x99,0x58,0x3e,0x6b},{ 0x27,0xb9,0x71,0xdd}, +{ 0xbe,0xe1,0x4f,0xb6},{ 0xf0,0x88,0xad,0x17},{ 0xc9,0x20,0xac,0x66},{ 0x7d,0xce,0x3a,0xb4}, +{ 0x63,0xdf,0x4a,0x18},{ 0xe5,0x1a,0x31,0x82},{ 0x97,0x51,0x33,0x60},{ 0x62,0x53,0x7f,0x45}, +{ 0xb1,0x64,0x77,0xe0},{ 0xbb,0x6b,0xae,0x84},{ 0xfe,0x81,0xa0,0x1c},{ 0xf9,0x08,0x2b,0x94}, +{ 0x70,0x48,0x68,0x58},{ 0x8f,0x45,0xfd,0x19},{ 0x94,0xde,0x6c,0x87},{ 0x52,0x7b,0xf8,0xb7}, +{ 0xab,0x73,0xd3,0x23},{ 0x72,0x4b,0x02,0xe2},{ 0xe3,0x1f,0x8f,0x57},{ 0x66,0x55,0xab,0x2a}, +{ 0xb2,0xeb,0x28,0x07},{ 0x2f,0xb5,0xc2,0x03},{ 0x86,0xc5,0x7b,0x9a},{ 0xd3,0x37,0x08,0xa5}, +{ 0x30,0x28,0x87,0xf2},{ 0x23,0xbf,0xa5,0xb2},{ 0x02,0x03,0x6a,0xba},{ 0xed,0x16,0x82,0x5c}, +{ 0x8a,0xcf,0x1c,0x2b},{ 0xa7,0x79,0xb4,0x92},{ 0xf3,0x07,0xf2,0xf0},{ 0x4e,0x69,0xe2,0xa1}, +{ 0x65,0xda,0xf4,0xcd},{ 0x06,0x05,0xbe,0xd5},{ 0xd1,0x34,0x62,0x1f},{ 0xc4,0xa6,0xfe,0x8a}, +{ 0x34,0x2e,0x53,0x9d},{ 0xa2,0xf3,0x55,0xa0},{ 0x05,0x8a,0xe1,0x32},{ 0xa4,0xf6,0xeb,0x75}, +{ 0x0b,0x83,0xec,0x39},{ 0x40,0x60,0xef,0xaa},{ 0x5e,0x71,0x9f,0x06},{ 0xbd,0x6e,0x10,0x51}, +{ 0x3e,0x21,0x8a,0xf9},{ 0x96,0xdd,0x06,0x3d},{ 0xdd,0x3e,0x05,0xae},{ 0x4d,0xe6,0xbd,0x46}, +{ 0x91,0x54,0x8d,0xb5},{ 0x71,0xc4,0x5d,0x05},{ 0x04,0x06,0xd4,0x6f},{ 0x60,0x50,0x15,0xff}, +{ 0x19,0x98,0xfb,0x24},{ 0xd6,0xbd,0xe9,0x97},{ 0x89,0x40,0x43,0xcc},{ 0x67,0xd9,0x9e,0x77}, +{ 0xb0,0xe8,0x42,0xbd},{ 0x07,0x89,0x8b,0x88},{ 0xe7,0x19,0x5b,0x38},{ 0x79,0xc8,0xee,0xdb}, +{ 0xa1,0x7c,0x0a,0x47},{ 0x7c,0x42,0x0f,0xe9},{ 0xf8,0x84,0x1e,0xc9},{ 0x00,0x00,0x00,0x00}, +{ 0x09,0x80,0x86,0x83},{ 0x32,0x2b,0xed,0x48},{ 0x1e,0x11,0x70,0xac},{ 0x6c,0x5a,0x72,0x4e}, +{ 0xfd,0x0e,0xff,0xfb},{ 0x0f,0x85,0x38,0x56},{ 0x3d,0xae,0xd5,0x1e},{ 0x36,0x2d,0x39,0x27}, +{ 0x0a,0x0f,0xd9,0x64},{ 0x68,0x5c,0xa6,0x21},{ 0x9b,0x5b,0x54,0xd1},{ 0x24,0x36,0x2e,0x3a}, +{ 0x0c,0x0a,0x67,0xb1},{ 0x93,0x57,0xe7,0x0f},{ 0xb4,0xee,0x96,0xd2},{ 0x1b,0x9b,0x91,0x9e}, +{ 0x80,0xc0,0xc5,0x4f},{ 0x61,0xdc,0x20,0xa2},{ 0x5a,0x77,0x4b,0x69},{ 0x1c,0x12,0x1a,0x16}, +{ 0xe2,0x93,0xba,0x0a},{ 0xc0,0xa0,0x2a,0xe5},{ 0x3c,0x22,0xe0,0x43},{ 0x12,0x1b,0x17,0x1d}, +{ 0x0e,0x09,0x0d,0x0b},{ 0xf2,0x8b,0xc7,0xad},{ 0x2d,0xb6,0xa8,0xb9},{ 0x14,0x1e,0xa9,0xc8}, +{ 0x57,0xf1,0x19,0x85},{ 0xaf,0x75,0x07,0x4c},{ 0xee,0x99,0xdd,0xbb},{ 0xa3,0x7f,0x60,0xfd}, +{ 0xf7,0x01,0x26,0x9f},{ 0x5c,0x72,0xf5,0xbc},{ 0x44,0x66,0x3b,0xc5},{ 0x5b,0xfb,0x7e,0x34}, +{ 0x8b,0x43,0x29,0x76},{ 0xcb,0x23,0xc6,0xdc},{ 0xb6,0xed,0xfc,0x68},{ 0xb8,0xe4,0xf1,0x63}, +{ 0xd7,0x31,0xdc,0xca},{ 0x42,0x63,0x85,0x10},{ 0x13,0x97,0x22,0x40},{ 0x84,0xc6,0x11,0x20}, +{ 0x85,0x4a,0x24,0x7d},{ 0xd2,0xbb,0x3d,0xf8},{ 0xae,0xf9,0x32,0x11},{ 0xc7,0x29,0xa1,0x6d}, +{ 0x1d,0x9e,0x2f,0x4b},{ 0xdc,0xb2,0x30,0xf3},{ 0x0d,0x86,0x52,0xec},{ 0x77,0xc1,0xe3,0xd0}, +{ 0x2b,0xb3,0x16,0x6c},{ 0xa9,0x70,0xb9,0x99},{ 0x11,0x94,0x48,0xfa},{ 0x47,0xe9,0x64,0x22}, +{ 0xa8,0xfc,0x8c,0xc4},{ 0xa0,0xf0,0x3f,0x1a},{ 0x56,0x7d,0x2c,0xd8},{ 0x22,0x33,0x90,0xef}, +{ 0x87,0x49,0x4e,0xc7},{ 0xd9,0x38,0xd1,0xc1},{ 0x8c,0xca,0xa2,0xfe},{ 0x98,0xd4,0x0b,0x36}, +{ 0xa6,0xf5,0x81,0xcf},{ 0xa5,0x7a,0xde,0x28},{ 0xda,0xb7,0x8e,0x26},{ 0x3f,0xad,0xbf,0xa4}, +{ 0x2c,0x3a,0x9d,0xe4},{ 0x50,0x78,0x92,0x0d},{ 0x6a,0x5f,0xcc,0x9b},{ 0x54,0x7e,0x46,0x62}, +{ 0xf6,0x8d,0x13,0xc2},{ 0x90,0xd8,0xb8,0xe8},{ 0x2e,0x39,0xf7,0x5e},{ 0x82,0xc3,0xaf,0xf5}, +{ 0x9f,0x5d,0x80,0xbe},{ 0x69,0xd0,0x93,0x7c},{ 0x6f,0xd5,0x2d,0xa9},{ 0xcf,0x25,0x12,0xb3}, +{ 0xc8,0xac,0x99,0x3b},{ 0x10,0x18,0x7d,0xa7},{ 0xe8,0x9c,0x63,0x6e},{ 0xdb,0x3b,0xbb,0x7b}, +{ 0xcd,0x26,0x78,0x09},{ 0x6e,0x59,0x18,0xf4},{ 0xec,0x9a,0xb7,0x01},{ 0x83,0x4f,0x9a,0xa8}, +{ 0xe6,0x95,0x6e,0x65},{ 0xaa,0xff,0xe6,0x7e},{ 0x21,0xbc,0xcf,0x08},{ 0xef,0x15,0xe8,0xe6}, +{ 0xba,0xe7,0x9b,0xd9},{ 0x4a,0x6f,0x36,0xce},{ 0xea,0x9f,0x09,0xd4},{ 0x29,0xb0,0x7c,0xd6}, +{ 0x31,0xa4,0xb2,0xaf},{ 0x2a,0x3f,0x23,0x31},{ 0xc6,0xa5,0x94,0x30},{ 0x35,0xa2,0x66,0xc0}, +{ 0x74,0x4e,0xbc,0x37},{ 0xfc,0x82,0xca,0xa6},{ 0xe0,0x90,0xd0,0xb0},{ 0x33,0xa7,0xd8,0x15}, +{ 0xf1,0x04,0x98,0x4a},{ 0x41,0xec,0xda,0xf7},{ 0x7f,0xcd,0x50,0x0e},{ 0x17,0x91,0xf6,0x2f}, +{ 0x76,0x4d,0xd6,0x8d},{ 0x43,0xef,0xb0,0x4d},{ 0xcc,0xaa,0x4d,0x54},{ 0xe4,0x96,0x04,0xdf}, +{ 0x9e,0xd1,0xb5,0xe3},{ 0x4c,0x6a,0x88,0x1b},{ 0xc1,0x2c,0x1f,0xb8},{ 0x46,0x65,0x51,0x7f}, +{ 0x9d,0x5e,0xea,0x04},{ 0x01,0x8c,0x35,0x5d},{ 0xfa,0x87,0x74,0x73},{ 0xfb,0x0b,0x41,0x2e}, +{ 0xb3,0x67,0x1d,0x5a},{ 0x92,0xdb,0xd2,0x52},{ 0xe9,0x10,0x56,0x33},{ 0x6d,0xd6,0x47,0x13}, +{ 0x9a,0xd7,0x61,0x8c},{ 0x37,0xa1,0x0c,0x7a},{ 0x59,0xf8,0x14,0x8e},{ 0xeb,0x13,0x3c,0x89}, +{ 0xce,0xa9,0x27,0xee},{ 0xb7,0x61,0xc9,0x35},{ 0xe1,0x1c,0xe5,0xed},{ 0x7a,0x47,0xb1,0x3c}, +{ 0x9c,0xd2,0xdf,0x59},{ 0x55,0xf2,0x73,0x3f},{ 0x18,0x14,0xce,0x79},{ 0x73,0xc7,0x37,0xbf}, +{ 0x53,0xf7,0xcd,0xea},{ 0x5f,0xfd,0xaa,0x5b},{ 0xdf,0x3d,0x6f,0x14},{ 0x78,0x44,0xdb,0x86}, +{ 0xca,0xaf,0xf3,0x81},{ 0xb9,0x68,0xc4,0x3e},{ 0x38,0x24,0x34,0x2c},{ 0xc2,0xa3,0x40,0x5f}, +{ 0x16,0x1d,0xc3,0x72},{ 0xbc,0xe2,0x25,0x0c},{ 0x28,0x3c,0x49,0x8b},{ 0xff,0x0d,0x95,0x41}, +{ 0x39,0xa8,0x01,0x71},{ 0x08,0x0c,0xb3,0xde},{ 0xd8,0xb4,0xe4,0x9c},{ 0x64,0x56,0xc1,0x90}, +{ 0x7b,0xcb,0x84,0x61},{ 0xd5,0x32,0xb6,0x70},{ 0x48,0x6c,0x5c,0x74},{ 0xd0,0xb8,0x57,0x42 } +}; + +word8 T6[256][4] = { +{ 0x50,0x51,0xf4,0xa7},{ 0x53,0x7e,0x41,0x65},{ 0xc3,0x1a,0x17,0xa4},{ 0x96,0x3a,0x27,0x5e}, +{ 0xcb,0x3b,0xab,0x6b},{ 0xf1,0x1f,0x9d,0x45},{ 0xab,0xac,0xfa,0x58},{ 0x93,0x4b,0xe3,0x03}, +{ 0x55,0x20,0x30,0xfa},{ 0xf6,0xad,0x76,0x6d},{ 0x91,0x88,0xcc,0x76},{ 0x25,0xf5,0x02,0x4c}, +{ 0xfc,0x4f,0xe5,0xd7},{ 0xd7,0xc5,0x2a,0xcb},{ 0x80,0x26,0x35,0x44},{ 0x8f,0xb5,0x62,0xa3}, +{ 0x49,0xde,0xb1,0x5a},{ 0x67,0x25,0xba,0x1b},{ 0x98,0x45,0xea,0x0e},{ 0xe1,0x5d,0xfe,0xc0}, +{ 0x02,0xc3,0x2f,0x75},{ 0x12,0x81,0x4c,0xf0},{ 0xa3,0x8d,0x46,0x97},{ 0xc6,0x6b,0xd3,0xf9}, +{ 0xe7,0x03,0x8f,0x5f},{ 0x95,0x15,0x92,0x9c},{ 0xeb,0xbf,0x6d,0x7a},{ 0xda,0x95,0x52,0x59}, +{ 0x2d,0xd4,0xbe,0x83},{ 0xd3,0x58,0x74,0x21},{ 0x29,0x49,0xe0,0x69},{ 0x44,0x8e,0xc9,0xc8}, +{ 0x6a,0x75,0xc2,0x89},{ 0x78,0xf4,0x8e,0x79},{ 0x6b,0x99,0x58,0x3e},{ 0xdd,0x27,0xb9,0x71}, +{ 0xb6,0xbe,0xe1,0x4f},{ 0x17,0xf0,0x88,0xad},{ 0x66,0xc9,0x20,0xac},{ 0xb4,0x7d,0xce,0x3a}, +{ 0x18,0x63,0xdf,0x4a},{ 0x82,0xe5,0x1a,0x31},{ 0x60,0x97,0x51,0x33},{ 0x45,0x62,0x53,0x7f}, +{ 0xe0,0xb1,0x64,0x77},{ 0x84,0xbb,0x6b,0xae},{ 0x1c,0xfe,0x81,0xa0},{ 0x94,0xf9,0x08,0x2b}, +{ 0x58,0x70,0x48,0x68},{ 0x19,0x8f,0x45,0xfd},{ 0x87,0x94,0xde,0x6c},{ 0xb7,0x52,0x7b,0xf8}, +{ 0x23,0xab,0x73,0xd3},{ 0xe2,0x72,0x4b,0x02},{ 0x57,0xe3,0x1f,0x8f},{ 0x2a,0x66,0x55,0xab}, +{ 0x07,0xb2,0xeb,0x28},{ 0x03,0x2f,0xb5,0xc2},{ 0x9a,0x86,0xc5,0x7b},{ 0xa5,0xd3,0x37,0x08}, +{ 0xf2,0x30,0x28,0x87},{ 0xb2,0x23,0xbf,0xa5},{ 0xba,0x02,0x03,0x6a},{ 0x5c,0xed,0x16,0x82}, +{ 0x2b,0x8a,0xcf,0x1c},{ 0x92,0xa7,0x79,0xb4},{ 0xf0,0xf3,0x07,0xf2},{ 0xa1,0x4e,0x69,0xe2}, +{ 0xcd,0x65,0xda,0xf4},{ 0xd5,0x06,0x05,0xbe},{ 0x1f,0xd1,0x34,0x62},{ 0x8a,0xc4,0xa6,0xfe}, +{ 0x9d,0x34,0x2e,0x53},{ 0xa0,0xa2,0xf3,0x55},{ 0x32,0x05,0x8a,0xe1},{ 0x75,0xa4,0xf6,0xeb}, +{ 0x39,0x0b,0x83,0xec},{ 0xaa,0x40,0x60,0xef},{ 0x06,0x5e,0x71,0x9f},{ 0x51,0xbd,0x6e,0x10}, +{ 0xf9,0x3e,0x21,0x8a},{ 0x3d,0x96,0xdd,0x06},{ 0xae,0xdd,0x3e,0x05},{ 0x46,0x4d,0xe6,0xbd}, +{ 0xb5,0x91,0x54,0x8d},{ 0x05,0x71,0xc4,0x5d},{ 0x6f,0x04,0x06,0xd4},{ 0xff,0x60,0x50,0x15}, +{ 0x24,0x19,0x98,0xfb},{ 0x97,0xd6,0xbd,0xe9},{ 0xcc,0x89,0x40,0x43},{ 0x77,0x67,0xd9,0x9e}, +{ 0xbd,0xb0,0xe8,0x42},{ 0x88,0x07,0x89,0x8b},{ 0x38,0xe7,0x19,0x5b},{ 0xdb,0x79,0xc8,0xee}, +{ 0x47,0xa1,0x7c,0x0a},{ 0xe9,0x7c,0x42,0x0f},{ 0xc9,0xf8,0x84,0x1e},{ 0x00,0x00,0x00,0x00}, +{ 0x83,0x09,0x80,0x86},{ 0x48,0x32,0x2b,0xed},{ 0xac,0x1e,0x11,0x70},{ 0x4e,0x6c,0x5a,0x72}, +{ 0xfb,0xfd,0x0e,0xff},{ 0x56,0x0f,0x85,0x38},{ 0x1e,0x3d,0xae,0xd5},{ 0x27,0x36,0x2d,0x39}, +{ 0x64,0x0a,0x0f,0xd9},{ 0x21,0x68,0x5c,0xa6},{ 0xd1,0x9b,0x5b,0x54},{ 0x3a,0x24,0x36,0x2e}, +{ 0xb1,0x0c,0x0a,0x67},{ 0x0f,0x93,0x57,0xe7},{ 0xd2,0xb4,0xee,0x96},{ 0x9e,0x1b,0x9b,0x91}, +{ 0x4f,0x80,0xc0,0xc5},{ 0xa2,0x61,0xdc,0x20},{ 0x69,0x5a,0x77,0x4b},{ 0x16,0x1c,0x12,0x1a}, +{ 0x0a,0xe2,0x93,0xba},{ 0xe5,0xc0,0xa0,0x2a},{ 0x43,0x3c,0x22,0xe0},{ 0x1d,0x12,0x1b,0x17}, +{ 0x0b,0x0e,0x09,0x0d},{ 0xad,0xf2,0x8b,0xc7},{ 0xb9,0x2d,0xb6,0xa8},{ 0xc8,0x14,0x1e,0xa9}, +{ 0x85,0x57,0xf1,0x19},{ 0x4c,0xaf,0x75,0x07},{ 0xbb,0xee,0x99,0xdd},{ 0xfd,0xa3,0x7f,0x60}, +{ 0x9f,0xf7,0x01,0x26},{ 0xbc,0x5c,0x72,0xf5},{ 0xc5,0x44,0x66,0x3b},{ 0x34,0x5b,0xfb,0x7e}, +{ 0x76,0x8b,0x43,0x29},{ 0xdc,0xcb,0x23,0xc6},{ 0x68,0xb6,0xed,0xfc},{ 0x63,0xb8,0xe4,0xf1}, +{ 0xca,0xd7,0x31,0xdc},{ 0x10,0x42,0x63,0x85},{ 0x40,0x13,0x97,0x22},{ 0x20,0x84,0xc6,0x11}, +{ 0x7d,0x85,0x4a,0x24},{ 0xf8,0xd2,0xbb,0x3d},{ 0x11,0xae,0xf9,0x32},{ 0x6d,0xc7,0x29,0xa1}, +{ 0x4b,0x1d,0x9e,0x2f},{ 0xf3,0xdc,0xb2,0x30},{ 0xec,0x0d,0x86,0x52},{ 0xd0,0x77,0xc1,0xe3}, +{ 0x6c,0x2b,0xb3,0x16},{ 0x99,0xa9,0x70,0xb9},{ 0xfa,0x11,0x94,0x48},{ 0x22,0x47,0xe9,0x64}, +{ 0xc4,0xa8,0xfc,0x8c},{ 0x1a,0xa0,0xf0,0x3f},{ 0xd8,0x56,0x7d,0x2c},{ 0xef,0x22,0x33,0x90}, +{ 0xc7,0x87,0x49,0x4e},{ 0xc1,0xd9,0x38,0xd1},{ 0xfe,0x8c,0xca,0xa2},{ 0x36,0x98,0xd4,0x0b}, +{ 0xcf,0xa6,0xf5,0x81},{ 0x28,0xa5,0x7a,0xde},{ 0x26,0xda,0xb7,0x8e},{ 0xa4,0x3f,0xad,0xbf}, +{ 0xe4,0x2c,0x3a,0x9d},{ 0x0d,0x50,0x78,0x92},{ 0x9b,0x6a,0x5f,0xcc},{ 0x62,0x54,0x7e,0x46}, +{ 0xc2,0xf6,0x8d,0x13},{ 0xe8,0x90,0xd8,0xb8},{ 0x5e,0x2e,0x39,0xf7},{ 0xf5,0x82,0xc3,0xaf}, +{ 0xbe,0x9f,0x5d,0x80},{ 0x7c,0x69,0xd0,0x93},{ 0xa9,0x6f,0xd5,0x2d},{ 0xb3,0xcf,0x25,0x12}, +{ 0x3b,0xc8,0xac,0x99},{ 0xa7,0x10,0x18,0x7d},{ 0x6e,0xe8,0x9c,0x63},{ 0x7b,0xdb,0x3b,0xbb}, +{ 0x09,0xcd,0x26,0x78},{ 0xf4,0x6e,0x59,0x18},{ 0x01,0xec,0x9a,0xb7},{ 0xa8,0x83,0x4f,0x9a}, +{ 0x65,0xe6,0x95,0x6e},{ 0x7e,0xaa,0xff,0xe6},{ 0x08,0x21,0xbc,0xcf},{ 0xe6,0xef,0x15,0xe8}, +{ 0xd9,0xba,0xe7,0x9b},{ 0xce,0x4a,0x6f,0x36},{ 0xd4,0xea,0x9f,0x09},{ 0xd6,0x29,0xb0,0x7c}, +{ 0xaf,0x31,0xa4,0xb2},{ 0x31,0x2a,0x3f,0x23},{ 0x30,0xc6,0xa5,0x94},{ 0xc0,0x35,0xa2,0x66}, +{ 0x37,0x74,0x4e,0xbc},{ 0xa6,0xfc,0x82,0xca},{ 0xb0,0xe0,0x90,0xd0},{ 0x15,0x33,0xa7,0xd8}, +{ 0x4a,0xf1,0x04,0x98},{ 0xf7,0x41,0xec,0xda},{ 0x0e,0x7f,0xcd,0x50},{ 0x2f,0x17,0x91,0xf6}, +{ 0x8d,0x76,0x4d,0xd6},{ 0x4d,0x43,0xef,0xb0},{ 0x54,0xcc,0xaa,0x4d},{ 0xdf,0xe4,0x96,0x04}, +{ 0xe3,0x9e,0xd1,0xb5},{ 0x1b,0x4c,0x6a,0x88},{ 0xb8,0xc1,0x2c,0x1f},{ 0x7f,0x46,0x65,0x51}, +{ 0x04,0x9d,0x5e,0xea},{ 0x5d,0x01,0x8c,0x35},{ 0x73,0xfa,0x87,0x74},{ 0x2e,0xfb,0x0b,0x41}, +{ 0x5a,0xb3,0x67,0x1d},{ 0x52,0x92,0xdb,0xd2},{ 0x33,0xe9,0x10,0x56},{ 0x13,0x6d,0xd6,0x47}, +{ 0x8c,0x9a,0xd7,0x61},{ 0x7a,0x37,0xa1,0x0c},{ 0x8e,0x59,0xf8,0x14},{ 0x89,0xeb,0x13,0x3c}, +{ 0xee,0xce,0xa9,0x27},{ 0x35,0xb7,0x61,0xc9},{ 0xed,0xe1,0x1c,0xe5},{ 0x3c,0x7a,0x47,0xb1}, +{ 0x59,0x9c,0xd2,0xdf},{ 0x3f,0x55,0xf2,0x73},{ 0x79,0x18,0x14,0xce},{ 0xbf,0x73,0xc7,0x37}, +{ 0xea,0x53,0xf7,0xcd},{ 0x5b,0x5f,0xfd,0xaa},{ 0x14,0xdf,0x3d,0x6f},{ 0x86,0x78,0x44,0xdb}, +{ 0x81,0xca,0xaf,0xf3},{ 0x3e,0xb9,0x68,0xc4},{ 0x2c,0x38,0x24,0x34},{ 0x5f,0xc2,0xa3,0x40}, +{ 0x72,0x16,0x1d,0xc3},{ 0x0c,0xbc,0xe2,0x25},{ 0x8b,0x28,0x3c,0x49},{ 0x41,0xff,0x0d,0x95}, +{ 0x71,0x39,0xa8,0x01},{ 0xde,0x08,0x0c,0xb3},{ 0x9c,0xd8,0xb4,0xe4},{ 0x90,0x64,0x56,0xc1}, +{ 0x61,0x7b,0xcb,0x84},{ 0x70,0xd5,0x32,0xb6},{ 0x74,0x48,0x6c,0x5c},{ 0x42,0xd0,0xb8,0x57 } +}; + +word8 T7[256][4] = { +{ 0xa7,0x50,0x51,0xf4},{ 0x65,0x53,0x7e,0x41},{ 0xa4,0xc3,0x1a,0x17},{ 0x5e,0x96,0x3a,0x27}, +{ 0x6b,0xcb,0x3b,0xab},{ 0x45,0xf1,0x1f,0x9d},{ 0x58,0xab,0xac,0xfa},{ 0x03,0x93,0x4b,0xe3}, +{ 0xfa,0x55,0x20,0x30},{ 0x6d,0xf6,0xad,0x76},{ 0x76,0x91,0x88,0xcc},{ 0x4c,0x25,0xf5,0x02}, +{ 0xd7,0xfc,0x4f,0xe5},{ 0xcb,0xd7,0xc5,0x2a},{ 0x44,0x80,0x26,0x35},{ 0xa3,0x8f,0xb5,0x62}, +{ 0x5a,0x49,0xde,0xb1},{ 0x1b,0x67,0x25,0xba},{ 0x0e,0x98,0x45,0xea},{ 0xc0,0xe1,0x5d,0xfe}, +{ 0x75,0x02,0xc3,0x2f},{ 0xf0,0x12,0x81,0x4c},{ 0x97,0xa3,0x8d,0x46},{ 0xf9,0xc6,0x6b,0xd3}, +{ 0x5f,0xe7,0x03,0x8f},{ 0x9c,0x95,0x15,0x92},{ 0x7a,0xeb,0xbf,0x6d},{ 0x59,0xda,0x95,0x52}, +{ 0x83,0x2d,0xd4,0xbe},{ 0x21,0xd3,0x58,0x74},{ 0x69,0x29,0x49,0xe0},{ 0xc8,0x44,0x8e,0xc9}, +{ 0x89,0x6a,0x75,0xc2},{ 0x79,0x78,0xf4,0x8e},{ 0x3e,0x6b,0x99,0x58},{ 0x71,0xdd,0x27,0xb9}, +{ 0x4f,0xb6,0xbe,0xe1},{ 0xad,0x17,0xf0,0x88},{ 0xac,0x66,0xc9,0x20},{ 0x3a,0xb4,0x7d,0xce}, +{ 0x4a,0x18,0x63,0xdf},{ 0x31,0x82,0xe5,0x1a},{ 0x33,0x60,0x97,0x51},{ 0x7f,0x45,0x62,0x53}, +{ 0x77,0xe0,0xb1,0x64},{ 0xae,0x84,0xbb,0x6b},{ 0xa0,0x1c,0xfe,0x81},{ 0x2b,0x94,0xf9,0x08}, +{ 0x68,0x58,0x70,0x48},{ 0xfd,0x19,0x8f,0x45},{ 0x6c,0x87,0x94,0xde},{ 0xf8,0xb7,0x52,0x7b}, +{ 0xd3,0x23,0xab,0x73},{ 0x02,0xe2,0x72,0x4b},{ 0x8f,0x57,0xe3,0x1f},{ 0xab,0x2a,0x66,0x55}, +{ 0x28,0x07,0xb2,0xeb},{ 0xc2,0x03,0x2f,0xb5},{ 0x7b,0x9a,0x86,0xc5},{ 0x08,0xa5,0xd3,0x37}, +{ 0x87,0xf2,0x30,0x28},{ 0xa5,0xb2,0x23,0xbf},{ 0x6a,0xba,0x02,0x03},{ 0x82,0x5c,0xed,0x16}, +{ 0x1c,0x2b,0x8a,0xcf},{ 0xb4,0x92,0xa7,0x79},{ 0xf2,0xf0,0xf3,0x07},{ 0xe2,0xa1,0x4e,0x69}, +{ 0xf4,0xcd,0x65,0xda},{ 0xbe,0xd5,0x06,0x05},{ 0x62,0x1f,0xd1,0x34},{ 0xfe,0x8a,0xc4,0xa6}, +{ 0x53,0x9d,0x34,0x2e},{ 0x55,0xa0,0xa2,0xf3},{ 0xe1,0x32,0x05,0x8a},{ 0xeb,0x75,0xa4,0xf6}, +{ 0xec,0x39,0x0b,0x83},{ 0xef,0xaa,0x40,0x60},{ 0x9f,0x06,0x5e,0x71},{ 0x10,0x51,0xbd,0x6e}, +{ 0x8a,0xf9,0x3e,0x21},{ 0x06,0x3d,0x96,0xdd},{ 0x05,0xae,0xdd,0x3e},{ 0xbd,0x46,0x4d,0xe6}, +{ 0x8d,0xb5,0x91,0x54},{ 0x5d,0x05,0x71,0xc4},{ 0xd4,0x6f,0x04,0x06},{ 0x15,0xff,0x60,0x50}, +{ 0xfb,0x24,0x19,0x98},{ 0xe9,0x97,0xd6,0xbd},{ 0x43,0xcc,0x89,0x40},{ 0x9e,0x77,0x67,0xd9}, +{ 0x42,0xbd,0xb0,0xe8},{ 0x8b,0x88,0x07,0x89},{ 0x5b,0x38,0xe7,0x19},{ 0xee,0xdb,0x79,0xc8}, +{ 0x0a,0x47,0xa1,0x7c},{ 0x0f,0xe9,0x7c,0x42},{ 0x1e,0xc9,0xf8,0x84},{ 0x00,0x00,0x00,0x00}, +{ 0x86,0x83,0x09,0x80},{ 0xed,0x48,0x32,0x2b},{ 0x70,0xac,0x1e,0x11},{ 0x72,0x4e,0x6c,0x5a}, +{ 0xff,0xfb,0xfd,0x0e},{ 0x38,0x56,0x0f,0x85},{ 0xd5,0x1e,0x3d,0xae},{ 0x39,0x27,0x36,0x2d}, +{ 0xd9,0x64,0x0a,0x0f},{ 0xa6,0x21,0x68,0x5c},{ 0x54,0xd1,0x9b,0x5b},{ 0x2e,0x3a,0x24,0x36}, +{ 0x67,0xb1,0x0c,0x0a},{ 0xe7,0x0f,0x93,0x57},{ 0x96,0xd2,0xb4,0xee},{ 0x91,0x9e,0x1b,0x9b}, +{ 0xc5,0x4f,0x80,0xc0},{ 0x20,0xa2,0x61,0xdc},{ 0x4b,0x69,0x5a,0x77},{ 0x1a,0x16,0x1c,0x12}, +{ 0xba,0x0a,0xe2,0x93},{ 0x2a,0xe5,0xc0,0xa0},{ 0xe0,0x43,0x3c,0x22},{ 0x17,0x1d,0x12,0x1b}, +{ 0x0d,0x0b,0x0e,0x09},{ 0xc7,0xad,0xf2,0x8b},{ 0xa8,0xb9,0x2d,0xb6},{ 0xa9,0xc8,0x14,0x1e}, +{ 0x19,0x85,0x57,0xf1},{ 0x07,0x4c,0xaf,0x75},{ 0xdd,0xbb,0xee,0x99},{ 0x60,0xfd,0xa3,0x7f}, +{ 0x26,0x9f,0xf7,0x01},{ 0xf5,0xbc,0x5c,0x72},{ 0x3b,0xc5,0x44,0x66},{ 0x7e,0x34,0x5b,0xfb}, +{ 0x29,0x76,0x8b,0x43},{ 0xc6,0xdc,0xcb,0x23},{ 0xfc,0x68,0xb6,0xed},{ 0xf1,0x63,0xb8,0xe4}, +{ 0xdc,0xca,0xd7,0x31},{ 0x85,0x10,0x42,0x63},{ 0x22,0x40,0x13,0x97},{ 0x11,0x20,0x84,0xc6}, +{ 0x24,0x7d,0x85,0x4a},{ 0x3d,0xf8,0xd2,0xbb},{ 0x32,0x11,0xae,0xf9},{ 0xa1,0x6d,0xc7,0x29}, +{ 0x2f,0x4b,0x1d,0x9e},{ 0x30,0xf3,0xdc,0xb2},{ 0x52,0xec,0x0d,0x86},{ 0xe3,0xd0,0x77,0xc1}, +{ 0x16,0x6c,0x2b,0xb3},{ 0xb9,0x99,0xa9,0x70},{ 0x48,0xfa,0x11,0x94},{ 0x64,0x22,0x47,0xe9}, +{ 0x8c,0xc4,0xa8,0xfc},{ 0x3f,0x1a,0xa0,0xf0},{ 0x2c,0xd8,0x56,0x7d},{ 0x90,0xef,0x22,0x33}, +{ 0x4e,0xc7,0x87,0x49},{ 0xd1,0xc1,0xd9,0x38},{ 0xa2,0xfe,0x8c,0xca},{ 0x0b,0x36,0x98,0xd4}, +{ 0x81,0xcf,0xa6,0xf5},{ 0xde,0x28,0xa5,0x7a},{ 0x8e,0x26,0xda,0xb7},{ 0xbf,0xa4,0x3f,0xad}, +{ 0x9d,0xe4,0x2c,0x3a},{ 0x92,0x0d,0x50,0x78},{ 0xcc,0x9b,0x6a,0x5f},{ 0x46,0x62,0x54,0x7e}, +{ 0x13,0xc2,0xf6,0x8d},{ 0xb8,0xe8,0x90,0xd8},{ 0xf7,0x5e,0x2e,0x39},{ 0xaf,0xf5,0x82,0xc3}, +{ 0x80,0xbe,0x9f,0x5d},{ 0x93,0x7c,0x69,0xd0},{ 0x2d,0xa9,0x6f,0xd5},{ 0x12,0xb3,0xcf,0x25}, +{ 0x99,0x3b,0xc8,0xac},{ 0x7d,0xa7,0x10,0x18},{ 0x63,0x6e,0xe8,0x9c},{ 0xbb,0x7b,0xdb,0x3b}, +{ 0x78,0x09,0xcd,0x26},{ 0x18,0xf4,0x6e,0x59},{ 0xb7,0x01,0xec,0x9a},{ 0x9a,0xa8,0x83,0x4f}, +{ 0x6e,0x65,0xe6,0x95},{ 0xe6,0x7e,0xaa,0xff},{ 0xcf,0x08,0x21,0xbc},{ 0xe8,0xe6,0xef,0x15}, +{ 0x9b,0xd9,0xba,0xe7},{ 0x36,0xce,0x4a,0x6f},{ 0x09,0xd4,0xea,0x9f},{ 0x7c,0xd6,0x29,0xb0}, +{ 0xb2,0xaf,0x31,0xa4},{ 0x23,0x31,0x2a,0x3f},{ 0x94,0x30,0xc6,0xa5},{ 0x66,0xc0,0x35,0xa2}, +{ 0xbc,0x37,0x74,0x4e},{ 0xca,0xa6,0xfc,0x82},{ 0xd0,0xb0,0xe0,0x90},{ 0xd8,0x15,0x33,0xa7}, +{ 0x98,0x4a,0xf1,0x04},{ 0xda,0xf7,0x41,0xec},{ 0x50,0x0e,0x7f,0xcd},{ 0xf6,0x2f,0x17,0x91}, +{ 0xd6,0x8d,0x76,0x4d},{ 0xb0,0x4d,0x43,0xef},{ 0x4d,0x54,0xcc,0xaa},{ 0x04,0xdf,0xe4,0x96}, +{ 0xb5,0xe3,0x9e,0xd1},{ 0x88,0x1b,0x4c,0x6a},{ 0x1f,0xb8,0xc1,0x2c},{ 0x51,0x7f,0x46,0x65}, +{ 0xea,0x04,0x9d,0x5e},{ 0x35,0x5d,0x01,0x8c},{ 0x74,0x73,0xfa,0x87},{ 0x41,0x2e,0xfb,0x0b}, +{ 0x1d,0x5a,0xb3,0x67},{ 0xd2,0x52,0x92,0xdb},{ 0x56,0x33,0xe9,0x10},{ 0x47,0x13,0x6d,0xd6}, +{ 0x61,0x8c,0x9a,0xd7},{ 0x0c,0x7a,0x37,0xa1},{ 0x14,0x8e,0x59,0xf8},{ 0x3c,0x89,0xeb,0x13}, +{ 0x27,0xee,0xce,0xa9},{ 0xc9,0x35,0xb7,0x61},{ 0xe5,0xed,0xe1,0x1c},{ 0xb1,0x3c,0x7a,0x47}, +{ 0xdf,0x59,0x9c,0xd2},{ 0x73,0x3f,0x55,0xf2},{ 0xce,0x79,0x18,0x14},{ 0x37,0xbf,0x73,0xc7}, +{ 0xcd,0xea,0x53,0xf7},{ 0xaa,0x5b,0x5f,0xfd},{ 0x6f,0x14,0xdf,0x3d},{ 0xdb,0x86,0x78,0x44}, +{ 0xf3,0x81,0xca,0xaf},{ 0xc4,0x3e,0xb9,0x68},{ 0x34,0x2c,0x38,0x24},{ 0x40,0x5f,0xc2,0xa3}, +{ 0xc3,0x72,0x16,0x1d},{ 0x25,0x0c,0xbc,0xe2},{ 0x49,0x8b,0x28,0x3c},{ 0x95,0x41,0xff,0x0d}, +{ 0x01,0x71,0x39,0xa8},{ 0xb3,0xde,0x08,0x0c},{ 0xe4,0x9c,0xd8,0xb4},{ 0xc1,0x90,0x64,0x56}, +{ 0x84,0x61,0x7b,0xcb},{ 0xb6,0x70,0xd5,0x32},{ 0x5c,0x74,0x48,0x6c},{ 0x57,0x42,0xd0,0xb8 } +}; + +word8 T8[256][4] = { +{ 0xf4,0xa7,0x50,0x51},{ 0x41,0x65,0x53,0x7e},{ 0x17,0xa4,0xc3,0x1a},{ 0x27,0x5e,0x96,0x3a}, +{ 0xab,0x6b,0xcb,0x3b},{ 0x9d,0x45,0xf1,0x1f},{ 0xfa,0x58,0xab,0xac},{ 0xe3,0x03,0x93,0x4b}, +{ 0x30,0xfa,0x55,0x20},{ 0x76,0x6d,0xf6,0xad},{ 0xcc,0x76,0x91,0x88},{ 0x02,0x4c,0x25,0xf5}, +{ 0xe5,0xd7,0xfc,0x4f},{ 0x2a,0xcb,0xd7,0xc5},{ 0x35,0x44,0x80,0x26},{ 0x62,0xa3,0x8f,0xb5}, +{ 0xb1,0x5a,0x49,0xde},{ 0xba,0x1b,0x67,0x25},{ 0xea,0x0e,0x98,0x45},{ 0xfe,0xc0,0xe1,0x5d}, +{ 0x2f,0x75,0x02,0xc3},{ 0x4c,0xf0,0x12,0x81},{ 0x46,0x97,0xa3,0x8d},{ 0xd3,0xf9,0xc6,0x6b}, +{ 0x8f,0x5f,0xe7,0x03},{ 0x92,0x9c,0x95,0x15},{ 0x6d,0x7a,0xeb,0xbf},{ 0x52,0x59,0xda,0x95}, +{ 0xbe,0x83,0x2d,0xd4},{ 0x74,0x21,0xd3,0x58},{ 0xe0,0x69,0x29,0x49},{ 0xc9,0xc8,0x44,0x8e}, +{ 0xc2,0x89,0x6a,0x75},{ 0x8e,0x79,0x78,0xf4},{ 0x58,0x3e,0x6b,0x99},{ 0xb9,0x71,0xdd,0x27}, +{ 0xe1,0x4f,0xb6,0xbe},{ 0x88,0xad,0x17,0xf0},{ 0x20,0xac,0x66,0xc9},{ 0xce,0x3a,0xb4,0x7d}, +{ 0xdf,0x4a,0x18,0x63},{ 0x1a,0x31,0x82,0xe5},{ 0x51,0x33,0x60,0x97},{ 0x53,0x7f,0x45,0x62}, +{ 0x64,0x77,0xe0,0xb1},{ 0x6b,0xae,0x84,0xbb},{ 0x81,0xa0,0x1c,0xfe},{ 0x08,0x2b,0x94,0xf9}, +{ 0x48,0x68,0x58,0x70},{ 0x45,0xfd,0x19,0x8f},{ 0xde,0x6c,0x87,0x94},{ 0x7b,0xf8,0xb7,0x52}, +{ 0x73,0xd3,0x23,0xab},{ 0x4b,0x02,0xe2,0x72},{ 0x1f,0x8f,0x57,0xe3},{ 0x55,0xab,0x2a,0x66}, +{ 0xeb,0x28,0x07,0xb2},{ 0xb5,0xc2,0x03,0x2f},{ 0xc5,0x7b,0x9a,0x86},{ 0x37,0x08,0xa5,0xd3}, +{ 0x28,0x87,0xf2,0x30},{ 0xbf,0xa5,0xb2,0x23},{ 0x03,0x6a,0xba,0x02},{ 0x16,0x82,0x5c,0xed}, +{ 0xcf,0x1c,0x2b,0x8a},{ 0x79,0xb4,0x92,0xa7},{ 0x07,0xf2,0xf0,0xf3},{ 0x69,0xe2,0xa1,0x4e}, +{ 0xda,0xf4,0xcd,0x65},{ 0x05,0xbe,0xd5,0x06},{ 0x34,0x62,0x1f,0xd1},{ 0xa6,0xfe,0x8a,0xc4}, +{ 0x2e,0x53,0x9d,0x34},{ 0xf3,0x55,0xa0,0xa2},{ 0x8a,0xe1,0x32,0x05},{ 0xf6,0xeb,0x75,0xa4}, +{ 0x83,0xec,0x39,0x0b},{ 0x60,0xef,0xaa,0x40},{ 0x71,0x9f,0x06,0x5e},{ 0x6e,0x10,0x51,0xbd}, +{ 0x21,0x8a,0xf9,0x3e},{ 0xdd,0x06,0x3d,0x96},{ 0x3e,0x05,0xae,0xdd},{ 0xe6,0xbd,0x46,0x4d}, +{ 0x54,0x8d,0xb5,0x91},{ 0xc4,0x5d,0x05,0x71},{ 0x06,0xd4,0x6f,0x04},{ 0x50,0x15,0xff,0x60}, +{ 0x98,0xfb,0x24,0x19},{ 0xbd,0xe9,0x97,0xd6},{ 0x40,0x43,0xcc,0x89},{ 0xd9,0x9e,0x77,0x67}, +{ 0xe8,0x42,0xbd,0xb0},{ 0x89,0x8b,0x88,0x07},{ 0x19,0x5b,0x38,0xe7},{ 0xc8,0xee,0xdb,0x79}, +{ 0x7c,0x0a,0x47,0xa1},{ 0x42,0x0f,0xe9,0x7c},{ 0x84,0x1e,0xc9,0xf8},{ 0x00,0x00,0x00,0x00}, +{ 0x80,0x86,0x83,0x09},{ 0x2b,0xed,0x48,0x32},{ 0x11,0x70,0xac,0x1e},{ 0x5a,0x72,0x4e,0x6c}, +{ 0x0e,0xff,0xfb,0xfd},{ 0x85,0x38,0x56,0x0f},{ 0xae,0xd5,0x1e,0x3d},{ 0x2d,0x39,0x27,0x36}, +{ 0x0f,0xd9,0x64,0x0a},{ 0x5c,0xa6,0x21,0x68},{ 0x5b,0x54,0xd1,0x9b},{ 0x36,0x2e,0x3a,0x24}, +{ 0x0a,0x67,0xb1,0x0c},{ 0x57,0xe7,0x0f,0x93},{ 0xee,0x96,0xd2,0xb4},{ 0x9b,0x91,0x9e,0x1b}, +{ 0xc0,0xc5,0x4f,0x80},{ 0xdc,0x20,0xa2,0x61},{ 0x77,0x4b,0x69,0x5a},{ 0x12,0x1a,0x16,0x1c}, +{ 0x93,0xba,0x0a,0xe2},{ 0xa0,0x2a,0xe5,0xc0},{ 0x22,0xe0,0x43,0x3c},{ 0x1b,0x17,0x1d,0x12}, +{ 0x09,0x0d,0x0b,0x0e},{ 0x8b,0xc7,0xad,0xf2},{ 0xb6,0xa8,0xb9,0x2d},{ 0x1e,0xa9,0xc8,0x14}, +{ 0xf1,0x19,0x85,0x57},{ 0x75,0x07,0x4c,0xaf},{ 0x99,0xdd,0xbb,0xee},{ 0x7f,0x60,0xfd,0xa3}, +{ 0x01,0x26,0x9f,0xf7},{ 0x72,0xf5,0xbc,0x5c},{ 0x66,0x3b,0xc5,0x44},{ 0xfb,0x7e,0x34,0x5b}, +{ 0x43,0x29,0x76,0x8b},{ 0x23,0xc6,0xdc,0xcb},{ 0xed,0xfc,0x68,0xb6},{ 0xe4,0xf1,0x63,0xb8}, +{ 0x31,0xdc,0xca,0xd7},{ 0x63,0x85,0x10,0x42},{ 0x97,0x22,0x40,0x13},{ 0xc6,0x11,0x20,0x84}, +{ 0x4a,0x24,0x7d,0x85},{ 0xbb,0x3d,0xf8,0xd2},{ 0xf9,0x32,0x11,0xae},{ 0x29,0xa1,0x6d,0xc7}, +{ 0x9e,0x2f,0x4b,0x1d},{ 0xb2,0x30,0xf3,0xdc},{ 0x86,0x52,0xec,0x0d},{ 0xc1,0xe3,0xd0,0x77}, +{ 0xb3,0x16,0x6c,0x2b},{ 0x70,0xb9,0x99,0xa9},{ 0x94,0x48,0xfa,0x11},{ 0xe9,0x64,0x22,0x47}, +{ 0xfc,0x8c,0xc4,0xa8},{ 0xf0,0x3f,0x1a,0xa0},{ 0x7d,0x2c,0xd8,0x56},{ 0x33,0x90,0xef,0x22}, +{ 0x49,0x4e,0xc7,0x87},{ 0x38,0xd1,0xc1,0xd9},{ 0xca,0xa2,0xfe,0x8c},{ 0xd4,0x0b,0x36,0x98}, +{ 0xf5,0x81,0xcf,0xa6},{ 0x7a,0xde,0x28,0xa5},{ 0xb7,0x8e,0x26,0xda},{ 0xad,0xbf,0xa4,0x3f}, +{ 0x3a,0x9d,0xe4,0x2c},{ 0x78,0x92,0x0d,0x50},{ 0x5f,0xcc,0x9b,0x6a},{ 0x7e,0x46,0x62,0x54}, +{ 0x8d,0x13,0xc2,0xf6},{ 0xd8,0xb8,0xe8,0x90},{ 0x39,0xf7,0x5e,0x2e},{ 0xc3,0xaf,0xf5,0x82}, +{ 0x5d,0x80,0xbe,0x9f},{ 0xd0,0x93,0x7c,0x69},{ 0xd5,0x2d,0xa9,0x6f},{ 0x25,0x12,0xb3,0xcf}, +{ 0xac,0x99,0x3b,0xc8},{ 0x18,0x7d,0xa7,0x10},{ 0x9c,0x63,0x6e,0xe8},{ 0x3b,0xbb,0x7b,0xdb}, +{ 0x26,0x78,0x09,0xcd},{ 0x59,0x18,0xf4,0x6e},{ 0x9a,0xb7,0x01,0xec},{ 0x4f,0x9a,0xa8,0x83}, +{ 0x95,0x6e,0x65,0xe6},{ 0xff,0xe6,0x7e,0xaa},{ 0xbc,0xcf,0x08,0x21},{ 0x15,0xe8,0xe6,0xef}, +{ 0xe7,0x9b,0xd9,0xba},{ 0x6f,0x36,0xce,0x4a},{ 0x9f,0x09,0xd4,0xea},{ 0xb0,0x7c,0xd6,0x29}, +{ 0xa4,0xb2,0xaf,0x31},{ 0x3f,0x23,0x31,0x2a},{ 0xa5,0x94,0x30,0xc6},{ 0xa2,0x66,0xc0,0x35}, +{ 0x4e,0xbc,0x37,0x74},{ 0x82,0xca,0xa6,0xfc},{ 0x90,0xd0,0xb0,0xe0},{ 0xa7,0xd8,0x15,0x33}, +{ 0x04,0x98,0x4a,0xf1},{ 0xec,0xda,0xf7,0x41},{ 0xcd,0x50,0x0e,0x7f},{ 0x91,0xf6,0x2f,0x17}, +{ 0x4d,0xd6,0x8d,0x76},{ 0xef,0xb0,0x4d,0x43},{ 0xaa,0x4d,0x54,0xcc},{ 0x96,0x04,0xdf,0xe4}, +{ 0xd1,0xb5,0xe3,0x9e},{ 0x6a,0x88,0x1b,0x4c},{ 0x2c,0x1f,0xb8,0xc1},{ 0x65,0x51,0x7f,0x46}, +{ 0x5e,0xea,0x04,0x9d},{ 0x8c,0x35,0x5d,0x01},{ 0x87,0x74,0x73,0xfa},{ 0x0b,0x41,0x2e,0xfb}, +{ 0x67,0x1d,0x5a,0xb3},{ 0xdb,0xd2,0x52,0x92},{ 0x10,0x56,0x33,0xe9},{ 0xd6,0x47,0x13,0x6d}, +{ 0xd7,0x61,0x8c,0x9a},{ 0xa1,0x0c,0x7a,0x37},{ 0xf8,0x14,0x8e,0x59},{ 0x13,0x3c,0x89,0xeb}, +{ 0xa9,0x27,0xee,0xce},{ 0x61,0xc9,0x35,0xb7},{ 0x1c,0xe5,0xed,0xe1},{ 0x47,0xb1,0x3c,0x7a}, +{ 0xd2,0xdf,0x59,0x9c},{ 0xf2,0x73,0x3f,0x55},{ 0x14,0xce,0x79,0x18},{ 0xc7,0x37,0xbf,0x73}, +{ 0xf7,0xcd,0xea,0x53},{ 0xfd,0xaa,0x5b,0x5f},{ 0x3d,0x6f,0x14,0xdf},{ 0x44,0xdb,0x86,0x78}, +{ 0xaf,0xf3,0x81,0xca},{ 0x68,0xc4,0x3e,0xb9},{ 0x24,0x34,0x2c,0x38},{ 0xa3,0x40,0x5f,0xc2}, +{ 0x1d,0xc3,0x72,0x16},{ 0xe2,0x25,0x0c,0xbc},{ 0x3c,0x49,0x8b,0x28},{ 0x0d,0x95,0x41,0xff}, +{ 0xa8,0x01,0x71,0x39},{ 0x0c,0xb3,0xde,0x08},{ 0xb4,0xe4,0x9c,0xd8},{ 0x56,0xc1,0x90,0x64}, +{ 0xcb,0x84,0x61,0x7b},{ 0x32,0xb6,0x70,0xd5},{ 0x6c,0x5c,0x74,0x48},{ 0xb8,0x57,0x42,0xd0 } +}; + +word8 S5[256] = { +0x52,0x09,0x6a,0xd5, +0x30,0x36,0xa5,0x38, +0xbf,0x40,0xa3,0x9e, +0x81,0xf3,0xd7,0xfb, +0x7c,0xe3,0x39,0x82, +0x9b,0x2f,0xff,0x87, +0x34,0x8e,0x43,0x44, +0xc4,0xde,0xe9,0xcb, +0x54,0x7b,0x94,0x32, +0xa6,0xc2,0x23,0x3d, +0xee,0x4c,0x95,0x0b, +0x42,0xfa,0xc3,0x4e, +0x08,0x2e,0xa1,0x66, +0x28,0xd9,0x24,0xb2, +0x76,0x5b,0xa2,0x49, +0x6d,0x8b,0xd1,0x25, +0x72,0xf8,0xf6,0x64, +0x86,0x68,0x98,0x16, +0xd4,0xa4,0x5c,0xcc, +0x5d,0x65,0xb6,0x92, +0x6c,0x70,0x48,0x50, +0xfd,0xed,0xb9,0xda, +0x5e,0x15,0x46,0x57, +0xa7,0x8d,0x9d,0x84, +0x90,0xd8,0xab,0x00, +0x8c,0xbc,0xd3,0x0a, +0xf7,0xe4,0x58,0x05, +0xb8,0xb3,0x45,0x06, +0xd0,0x2c,0x1e,0x8f, +0xca,0x3f,0x0f,0x02, +0xc1,0xaf,0xbd,0x03, +0x01,0x13,0x8a,0x6b, +0x3a,0x91,0x11,0x41, +0x4f,0x67,0xdc,0xea, +0x97,0xf2,0xcf,0xce, +0xf0,0xb4,0xe6,0x73, +0x96,0xac,0x74,0x22, +0xe7,0xad,0x35,0x85, +0xe2,0xf9,0x37,0xe8, +0x1c,0x75,0xdf,0x6e, +0x47,0xf1,0x1a,0x71, +0x1d,0x29,0xc5,0x89, +0x6f,0xb7,0x62,0x0e, +0xaa,0x18,0xbe,0x1b, +0xfc,0x56,0x3e,0x4b, +0xc6,0xd2,0x79,0x20, +0x9a,0xdb,0xc0,0xfe, +0x78,0xcd,0x5a,0xf4, +0x1f,0xdd,0xa8,0x33, +0x88,0x07,0xc7,0x31, +0xb1,0x12,0x10,0x59, +0x27,0x80,0xec,0x5f, +0x60,0x51,0x7f,0xa9, +0x19,0xb5,0x4a,0x0d, +0x2d,0xe5,0x7a,0x9f, +0x93,0xc9,0x9c,0xef, +0xa0,0xe0,0x3b,0x4d, +0xae,0x2a,0xf5,0xb0, +0xc8,0xeb,0xbb,0x3c, +0x83,0x53,0x99,0x61, +0x17,0x2b,0x04,0x7e, +0xba,0x77,0xd6,0x26, +0xe1,0x69,0x14,0x63, +0x55,0x21,0x0c,0x7d +}; + +word8 U1[256][4] = { +{ 0x00,0x00,0x00,0x00},{ 0x0e,0x09,0x0d,0x0b},{ 0x1c,0x12,0x1a,0x16},{ 0x12,0x1b,0x17,0x1d}, +{ 0x38,0x24,0x34,0x2c},{ 0x36,0x2d,0x39,0x27},{ 0x24,0x36,0x2e,0x3a},{ 0x2a,0x3f,0x23,0x31}, +{ 0x70,0x48,0x68,0x58},{ 0x7e,0x41,0x65,0x53},{ 0x6c,0x5a,0x72,0x4e},{ 0x62,0x53,0x7f,0x45}, +{ 0x48,0x6c,0x5c,0x74},{ 0x46,0x65,0x51,0x7f},{ 0x54,0x7e,0x46,0x62},{ 0x5a,0x77,0x4b,0x69}, +{ 0xe0,0x90,0xd0,0xb0},{ 0xee,0x99,0xdd,0xbb},{ 0xfc,0x82,0xca,0xa6},{ 0xf2,0x8b,0xc7,0xad}, +{ 0xd8,0xb4,0xe4,0x9c},{ 0xd6,0xbd,0xe9,0x97},{ 0xc4,0xa6,0xfe,0x8a},{ 0xca,0xaf,0xf3,0x81}, +{ 0x90,0xd8,0xb8,0xe8},{ 0x9e,0xd1,0xb5,0xe3},{ 0x8c,0xca,0xa2,0xfe},{ 0x82,0xc3,0xaf,0xf5}, +{ 0xa8,0xfc,0x8c,0xc4},{ 0xa6,0xf5,0x81,0xcf},{ 0xb4,0xee,0x96,0xd2},{ 0xba,0xe7,0x9b,0xd9}, +{ 0xdb,0x3b,0xbb,0x7b},{ 0xd5,0x32,0xb6,0x70},{ 0xc7,0x29,0xa1,0x6d},{ 0xc9,0x20,0xac,0x66}, +{ 0xe3,0x1f,0x8f,0x57},{ 0xed,0x16,0x82,0x5c},{ 0xff,0x0d,0x95,0x41},{ 0xf1,0x04,0x98,0x4a}, +{ 0xab,0x73,0xd3,0x23},{ 0xa5,0x7a,0xde,0x28},{ 0xb7,0x61,0xc9,0x35},{ 0xb9,0x68,0xc4,0x3e}, +{ 0x93,0x57,0xe7,0x0f},{ 0x9d,0x5e,0xea,0x04},{ 0x8f,0x45,0xfd,0x19},{ 0x81,0x4c,0xf0,0x12}, +{ 0x3b,0xab,0x6b,0xcb},{ 0x35,0xa2,0x66,0xc0},{ 0x27,0xb9,0x71,0xdd},{ 0x29,0xb0,0x7c,0xd6}, +{ 0x03,0x8f,0x5f,0xe7},{ 0x0d,0x86,0x52,0xec},{ 0x1f,0x9d,0x45,0xf1},{ 0x11,0x94,0x48,0xfa}, +{ 0x4b,0xe3,0x03,0x93},{ 0x45,0xea,0x0e,0x98},{ 0x57,0xf1,0x19,0x85},{ 0x59,0xf8,0x14,0x8e}, +{ 0x73,0xc7,0x37,0xbf},{ 0x7d,0xce,0x3a,0xb4},{ 0x6f,0xd5,0x2d,0xa9},{ 0x61,0xdc,0x20,0xa2}, +{ 0xad,0x76,0x6d,0xf6},{ 0xa3,0x7f,0x60,0xfd},{ 0xb1,0x64,0x77,0xe0},{ 0xbf,0x6d,0x7a,0xeb}, +{ 0x95,0x52,0x59,0xda},{ 0x9b,0x5b,0x54,0xd1},{ 0x89,0x40,0x43,0xcc},{ 0x87,0x49,0x4e,0xc7}, +{ 0xdd,0x3e,0x05,0xae},{ 0xd3,0x37,0x08,0xa5},{ 0xc1,0x2c,0x1f,0xb8},{ 0xcf,0x25,0x12,0xb3}, +{ 0xe5,0x1a,0x31,0x82},{ 0xeb,0x13,0x3c,0x89},{ 0xf9,0x08,0x2b,0x94},{ 0xf7,0x01,0x26,0x9f}, +{ 0x4d,0xe6,0xbd,0x46},{ 0x43,0xef,0xb0,0x4d},{ 0x51,0xf4,0xa7,0x50},{ 0x5f,0xfd,0xaa,0x5b}, +{ 0x75,0xc2,0x89,0x6a},{ 0x7b,0xcb,0x84,0x61},{ 0x69,0xd0,0x93,0x7c},{ 0x67,0xd9,0x9e,0x77}, +{ 0x3d,0xae,0xd5,0x1e},{ 0x33,0xa7,0xd8,0x15},{ 0x21,0xbc,0xcf,0x08},{ 0x2f,0xb5,0xc2,0x03}, +{ 0x05,0x8a,0xe1,0x32},{ 0x0b,0x83,0xec,0x39},{ 0x19,0x98,0xfb,0x24},{ 0x17,0x91,0xf6,0x2f}, +{ 0x76,0x4d,0xd6,0x8d},{ 0x78,0x44,0xdb,0x86},{ 0x6a,0x5f,0xcc,0x9b},{ 0x64,0x56,0xc1,0x90}, +{ 0x4e,0x69,0xe2,0xa1},{ 0x40,0x60,0xef,0xaa},{ 0x52,0x7b,0xf8,0xb7},{ 0x5c,0x72,0xf5,0xbc}, +{ 0x06,0x05,0xbe,0xd5},{ 0x08,0x0c,0xb3,0xde},{ 0x1a,0x17,0xa4,0xc3},{ 0x14,0x1e,0xa9,0xc8}, +{ 0x3e,0x21,0x8a,0xf9},{ 0x30,0x28,0x87,0xf2},{ 0x22,0x33,0x90,0xef},{ 0x2c,0x3a,0x9d,0xe4}, +{ 0x96,0xdd,0x06,0x3d},{ 0x98,0xd4,0x0b,0x36},{ 0x8a,0xcf,0x1c,0x2b},{ 0x84,0xc6,0x11,0x20}, +{ 0xae,0xf9,0x32,0x11},{ 0xa0,0xf0,0x3f,0x1a},{ 0xb2,0xeb,0x28,0x07},{ 0xbc,0xe2,0x25,0x0c}, +{ 0xe6,0x95,0x6e,0x65},{ 0xe8,0x9c,0x63,0x6e},{ 0xfa,0x87,0x74,0x73},{ 0xf4,0x8e,0x79,0x78}, +{ 0xde,0xb1,0x5a,0x49},{ 0xd0,0xb8,0x57,0x42},{ 0xc2,0xa3,0x40,0x5f},{ 0xcc,0xaa,0x4d,0x54}, +{ 0x41,0xec,0xda,0xf7},{ 0x4f,0xe5,0xd7,0xfc},{ 0x5d,0xfe,0xc0,0xe1},{ 0x53,0xf7,0xcd,0xea}, +{ 0x79,0xc8,0xee,0xdb},{ 0x77,0xc1,0xe3,0xd0},{ 0x65,0xda,0xf4,0xcd},{ 0x6b,0xd3,0xf9,0xc6}, +{ 0x31,0xa4,0xb2,0xaf},{ 0x3f,0xad,0xbf,0xa4},{ 0x2d,0xb6,0xa8,0xb9},{ 0x23,0xbf,0xa5,0xb2}, +{ 0x09,0x80,0x86,0x83},{ 0x07,0x89,0x8b,0x88},{ 0x15,0x92,0x9c,0x95},{ 0x1b,0x9b,0x91,0x9e}, +{ 0xa1,0x7c,0x0a,0x47},{ 0xaf,0x75,0x07,0x4c},{ 0xbd,0x6e,0x10,0x51},{ 0xb3,0x67,0x1d,0x5a}, +{ 0x99,0x58,0x3e,0x6b},{ 0x97,0x51,0x33,0x60},{ 0x85,0x4a,0x24,0x7d},{ 0x8b,0x43,0x29,0x76}, +{ 0xd1,0x34,0x62,0x1f},{ 0xdf,0x3d,0x6f,0x14},{ 0xcd,0x26,0x78,0x09},{ 0xc3,0x2f,0x75,0x02}, +{ 0xe9,0x10,0x56,0x33},{ 0xe7,0x19,0x5b,0x38},{ 0xf5,0x02,0x4c,0x25},{ 0xfb,0x0b,0x41,0x2e}, +{ 0x9a,0xd7,0x61,0x8c},{ 0x94,0xde,0x6c,0x87},{ 0x86,0xc5,0x7b,0x9a},{ 0x88,0xcc,0x76,0x91}, +{ 0xa2,0xf3,0x55,0xa0},{ 0xac,0xfa,0x58,0xab},{ 0xbe,0xe1,0x4f,0xb6},{ 0xb0,0xe8,0x42,0xbd}, +{ 0xea,0x9f,0x09,0xd4},{ 0xe4,0x96,0x04,0xdf},{ 0xf6,0x8d,0x13,0xc2},{ 0xf8,0x84,0x1e,0xc9}, +{ 0xd2,0xbb,0x3d,0xf8},{ 0xdc,0xb2,0x30,0xf3},{ 0xce,0xa9,0x27,0xee},{ 0xc0,0xa0,0x2a,0xe5}, +{ 0x7a,0x47,0xb1,0x3c},{ 0x74,0x4e,0xbc,0x37},{ 0x66,0x55,0xab,0x2a},{ 0x68,0x5c,0xa6,0x21}, +{ 0x42,0x63,0x85,0x10},{ 0x4c,0x6a,0x88,0x1b},{ 0x5e,0x71,0x9f,0x06},{ 0x50,0x78,0x92,0x0d}, +{ 0x0a,0x0f,0xd9,0x64},{ 0x04,0x06,0xd4,0x6f},{ 0x16,0x1d,0xc3,0x72},{ 0x18,0x14,0xce,0x79}, +{ 0x32,0x2b,0xed,0x48},{ 0x3c,0x22,0xe0,0x43},{ 0x2e,0x39,0xf7,0x5e},{ 0x20,0x30,0xfa,0x55}, +{ 0xec,0x9a,0xb7,0x01},{ 0xe2,0x93,0xba,0x0a},{ 0xf0,0x88,0xad,0x17},{ 0xfe,0x81,0xa0,0x1c}, +{ 0xd4,0xbe,0x83,0x2d},{ 0xda,0xb7,0x8e,0x26},{ 0xc8,0xac,0x99,0x3b},{ 0xc6,0xa5,0x94,0x30}, +{ 0x9c,0xd2,0xdf,0x59},{ 0x92,0xdb,0xd2,0x52},{ 0x80,0xc0,0xc5,0x4f},{ 0x8e,0xc9,0xc8,0x44}, +{ 0xa4,0xf6,0xeb,0x75},{ 0xaa,0xff,0xe6,0x7e},{ 0xb8,0xe4,0xf1,0x63},{ 0xb6,0xed,0xfc,0x68}, +{ 0x0c,0x0a,0x67,0xb1},{ 0x02,0x03,0x6a,0xba},{ 0x10,0x18,0x7d,0xa7},{ 0x1e,0x11,0x70,0xac}, +{ 0x34,0x2e,0x53,0x9d},{ 0x3a,0x27,0x5e,0x96},{ 0x28,0x3c,0x49,0x8b},{ 0x26,0x35,0x44,0x80}, +{ 0x7c,0x42,0x0f,0xe9},{ 0x72,0x4b,0x02,0xe2},{ 0x60,0x50,0x15,0xff},{ 0x6e,0x59,0x18,0xf4}, +{ 0x44,0x66,0x3b,0xc5},{ 0x4a,0x6f,0x36,0xce},{ 0x58,0x74,0x21,0xd3},{ 0x56,0x7d,0x2c,0xd8}, +{ 0x37,0xa1,0x0c,0x7a},{ 0x39,0xa8,0x01,0x71},{ 0x2b,0xb3,0x16,0x6c},{ 0x25,0xba,0x1b,0x67}, +{ 0x0f,0x85,0x38,0x56},{ 0x01,0x8c,0x35,0x5d},{ 0x13,0x97,0x22,0x40},{ 0x1d,0x9e,0x2f,0x4b}, +{ 0x47,0xe9,0x64,0x22},{ 0x49,0xe0,0x69,0x29},{ 0x5b,0xfb,0x7e,0x34},{ 0x55,0xf2,0x73,0x3f}, +{ 0x7f,0xcd,0x50,0x0e},{ 0x71,0xc4,0x5d,0x05},{ 0x63,0xdf,0x4a,0x18},{ 0x6d,0xd6,0x47,0x13}, +{ 0xd7,0x31,0xdc,0xca},{ 0xd9,0x38,0xd1,0xc1},{ 0xcb,0x23,0xc6,0xdc},{ 0xc5,0x2a,0xcb,0xd7}, +{ 0xef,0x15,0xe8,0xe6},{ 0xe1,0x1c,0xe5,0xed},{ 0xf3,0x07,0xf2,0xf0},{ 0xfd,0x0e,0xff,0xfb}, +{ 0xa7,0x79,0xb4,0x92},{ 0xa9,0x70,0xb9,0x99},{ 0xbb,0x6b,0xae,0x84},{ 0xb5,0x62,0xa3,0x8f}, +{ 0x9f,0x5d,0x80,0xbe},{ 0x91,0x54,0x8d,0xb5},{ 0x83,0x4f,0x9a,0xa8},{ 0x8d,0x46,0x97,0xa3 } +}; + +word8 U2[256][4] = { +{ 0x00,0x00,0x00,0x00},{ 0x0b,0x0e,0x09,0x0d},{ 0x16,0x1c,0x12,0x1a},{ 0x1d,0x12,0x1b,0x17}, +{ 0x2c,0x38,0x24,0x34},{ 0x27,0x36,0x2d,0x39},{ 0x3a,0x24,0x36,0x2e},{ 0x31,0x2a,0x3f,0x23}, +{ 0x58,0x70,0x48,0x68},{ 0x53,0x7e,0x41,0x65},{ 0x4e,0x6c,0x5a,0x72},{ 0x45,0x62,0x53,0x7f}, +{ 0x74,0x48,0x6c,0x5c},{ 0x7f,0x46,0x65,0x51},{ 0x62,0x54,0x7e,0x46},{ 0x69,0x5a,0x77,0x4b}, +{ 0xb0,0xe0,0x90,0xd0},{ 0xbb,0xee,0x99,0xdd},{ 0xa6,0xfc,0x82,0xca},{ 0xad,0xf2,0x8b,0xc7}, +{ 0x9c,0xd8,0xb4,0xe4},{ 0x97,0xd6,0xbd,0xe9},{ 0x8a,0xc4,0xa6,0xfe},{ 0x81,0xca,0xaf,0xf3}, +{ 0xe8,0x90,0xd8,0xb8},{ 0xe3,0x9e,0xd1,0xb5},{ 0xfe,0x8c,0xca,0xa2},{ 0xf5,0x82,0xc3,0xaf}, +{ 0xc4,0xa8,0xfc,0x8c},{ 0xcf,0xa6,0xf5,0x81},{ 0xd2,0xb4,0xee,0x96},{ 0xd9,0xba,0xe7,0x9b}, +{ 0x7b,0xdb,0x3b,0xbb},{ 0x70,0xd5,0x32,0xb6},{ 0x6d,0xc7,0x29,0xa1},{ 0x66,0xc9,0x20,0xac}, +{ 0x57,0xe3,0x1f,0x8f},{ 0x5c,0xed,0x16,0x82},{ 0x41,0xff,0x0d,0x95},{ 0x4a,0xf1,0x04,0x98}, +{ 0x23,0xab,0x73,0xd3},{ 0x28,0xa5,0x7a,0xde},{ 0x35,0xb7,0x61,0xc9},{ 0x3e,0xb9,0x68,0xc4}, +{ 0x0f,0x93,0x57,0xe7},{ 0x04,0x9d,0x5e,0xea},{ 0x19,0x8f,0x45,0xfd},{ 0x12,0x81,0x4c,0xf0}, +{ 0xcb,0x3b,0xab,0x6b},{ 0xc0,0x35,0xa2,0x66},{ 0xdd,0x27,0xb9,0x71},{ 0xd6,0x29,0xb0,0x7c}, +{ 0xe7,0x03,0x8f,0x5f},{ 0xec,0x0d,0x86,0x52},{ 0xf1,0x1f,0x9d,0x45},{ 0xfa,0x11,0x94,0x48}, +{ 0x93,0x4b,0xe3,0x03},{ 0x98,0x45,0xea,0x0e},{ 0x85,0x57,0xf1,0x19},{ 0x8e,0x59,0xf8,0x14}, +{ 0xbf,0x73,0xc7,0x37},{ 0xb4,0x7d,0xce,0x3a},{ 0xa9,0x6f,0xd5,0x2d},{ 0xa2,0x61,0xdc,0x20}, +{ 0xf6,0xad,0x76,0x6d},{ 0xfd,0xa3,0x7f,0x60},{ 0xe0,0xb1,0x64,0x77},{ 0xeb,0xbf,0x6d,0x7a}, +{ 0xda,0x95,0x52,0x59},{ 0xd1,0x9b,0x5b,0x54},{ 0xcc,0x89,0x40,0x43},{ 0xc7,0x87,0x49,0x4e}, +{ 0xae,0xdd,0x3e,0x05},{ 0xa5,0xd3,0x37,0x08},{ 0xb8,0xc1,0x2c,0x1f},{ 0xb3,0xcf,0x25,0x12}, +{ 0x82,0xe5,0x1a,0x31},{ 0x89,0xeb,0x13,0x3c},{ 0x94,0xf9,0x08,0x2b},{ 0x9f,0xf7,0x01,0x26}, +{ 0x46,0x4d,0xe6,0xbd},{ 0x4d,0x43,0xef,0xb0},{ 0x50,0x51,0xf4,0xa7},{ 0x5b,0x5f,0xfd,0xaa}, +{ 0x6a,0x75,0xc2,0x89},{ 0x61,0x7b,0xcb,0x84},{ 0x7c,0x69,0xd0,0x93},{ 0x77,0x67,0xd9,0x9e}, +{ 0x1e,0x3d,0xae,0xd5},{ 0x15,0x33,0xa7,0xd8},{ 0x08,0x21,0xbc,0xcf},{ 0x03,0x2f,0xb5,0xc2}, +{ 0x32,0x05,0x8a,0xe1},{ 0x39,0x0b,0x83,0xec},{ 0x24,0x19,0x98,0xfb},{ 0x2f,0x17,0x91,0xf6}, +{ 0x8d,0x76,0x4d,0xd6},{ 0x86,0x78,0x44,0xdb},{ 0x9b,0x6a,0x5f,0xcc},{ 0x90,0x64,0x56,0xc1}, +{ 0xa1,0x4e,0x69,0xe2},{ 0xaa,0x40,0x60,0xef},{ 0xb7,0x52,0x7b,0xf8},{ 0xbc,0x5c,0x72,0xf5}, +{ 0xd5,0x06,0x05,0xbe},{ 0xde,0x08,0x0c,0xb3},{ 0xc3,0x1a,0x17,0xa4},{ 0xc8,0x14,0x1e,0xa9}, +{ 0xf9,0x3e,0x21,0x8a},{ 0xf2,0x30,0x28,0x87},{ 0xef,0x22,0x33,0x90},{ 0xe4,0x2c,0x3a,0x9d}, +{ 0x3d,0x96,0xdd,0x06},{ 0x36,0x98,0xd4,0x0b},{ 0x2b,0x8a,0xcf,0x1c},{ 0x20,0x84,0xc6,0x11}, +{ 0x11,0xae,0xf9,0x32},{ 0x1a,0xa0,0xf0,0x3f},{ 0x07,0xb2,0xeb,0x28},{ 0x0c,0xbc,0xe2,0x25}, +{ 0x65,0xe6,0x95,0x6e},{ 0x6e,0xe8,0x9c,0x63},{ 0x73,0xfa,0x87,0x74},{ 0x78,0xf4,0x8e,0x79}, +{ 0x49,0xde,0xb1,0x5a},{ 0x42,0xd0,0xb8,0x57},{ 0x5f,0xc2,0xa3,0x40},{ 0x54,0xcc,0xaa,0x4d}, +{ 0xf7,0x41,0xec,0xda},{ 0xfc,0x4f,0xe5,0xd7},{ 0xe1,0x5d,0xfe,0xc0},{ 0xea,0x53,0xf7,0xcd}, +{ 0xdb,0x79,0xc8,0xee},{ 0xd0,0x77,0xc1,0xe3},{ 0xcd,0x65,0xda,0xf4},{ 0xc6,0x6b,0xd3,0xf9}, +{ 0xaf,0x31,0xa4,0xb2},{ 0xa4,0x3f,0xad,0xbf},{ 0xb9,0x2d,0xb6,0xa8},{ 0xb2,0x23,0xbf,0xa5}, +{ 0x83,0x09,0x80,0x86},{ 0x88,0x07,0x89,0x8b},{ 0x95,0x15,0x92,0x9c},{ 0x9e,0x1b,0x9b,0x91}, +{ 0x47,0xa1,0x7c,0x0a},{ 0x4c,0xaf,0x75,0x07},{ 0x51,0xbd,0x6e,0x10},{ 0x5a,0xb3,0x67,0x1d}, +{ 0x6b,0x99,0x58,0x3e},{ 0x60,0x97,0x51,0x33},{ 0x7d,0x85,0x4a,0x24},{ 0x76,0x8b,0x43,0x29}, +{ 0x1f,0xd1,0x34,0x62},{ 0x14,0xdf,0x3d,0x6f},{ 0x09,0xcd,0x26,0x78},{ 0x02,0xc3,0x2f,0x75}, +{ 0x33,0xe9,0x10,0x56},{ 0x38,0xe7,0x19,0x5b},{ 0x25,0xf5,0x02,0x4c},{ 0x2e,0xfb,0x0b,0x41}, +{ 0x8c,0x9a,0xd7,0x61},{ 0x87,0x94,0xde,0x6c},{ 0x9a,0x86,0xc5,0x7b},{ 0x91,0x88,0xcc,0x76}, +{ 0xa0,0xa2,0xf3,0x55},{ 0xab,0xac,0xfa,0x58},{ 0xb6,0xbe,0xe1,0x4f},{ 0xbd,0xb0,0xe8,0x42}, +{ 0xd4,0xea,0x9f,0x09},{ 0xdf,0xe4,0x96,0x04},{ 0xc2,0xf6,0x8d,0x13},{ 0xc9,0xf8,0x84,0x1e}, +{ 0xf8,0xd2,0xbb,0x3d},{ 0xf3,0xdc,0xb2,0x30},{ 0xee,0xce,0xa9,0x27},{ 0xe5,0xc0,0xa0,0x2a}, +{ 0x3c,0x7a,0x47,0xb1},{ 0x37,0x74,0x4e,0xbc},{ 0x2a,0x66,0x55,0xab},{ 0x21,0x68,0x5c,0xa6}, +{ 0x10,0x42,0x63,0x85},{ 0x1b,0x4c,0x6a,0x88},{ 0x06,0x5e,0x71,0x9f},{ 0x0d,0x50,0x78,0x92}, +{ 0x64,0x0a,0x0f,0xd9},{ 0x6f,0x04,0x06,0xd4},{ 0x72,0x16,0x1d,0xc3},{ 0x79,0x18,0x14,0xce}, +{ 0x48,0x32,0x2b,0xed},{ 0x43,0x3c,0x22,0xe0},{ 0x5e,0x2e,0x39,0xf7},{ 0x55,0x20,0x30,0xfa}, +{ 0x01,0xec,0x9a,0xb7},{ 0x0a,0xe2,0x93,0xba},{ 0x17,0xf0,0x88,0xad},{ 0x1c,0xfe,0x81,0xa0}, +{ 0x2d,0xd4,0xbe,0x83},{ 0x26,0xda,0xb7,0x8e},{ 0x3b,0xc8,0xac,0x99},{ 0x30,0xc6,0xa5,0x94}, +{ 0x59,0x9c,0xd2,0xdf},{ 0x52,0x92,0xdb,0xd2},{ 0x4f,0x80,0xc0,0xc5},{ 0x44,0x8e,0xc9,0xc8}, +{ 0x75,0xa4,0xf6,0xeb},{ 0x7e,0xaa,0xff,0xe6},{ 0x63,0xb8,0xe4,0xf1},{ 0x68,0xb6,0xed,0xfc}, +{ 0xb1,0x0c,0x0a,0x67},{ 0xba,0x02,0x03,0x6a},{ 0xa7,0x10,0x18,0x7d},{ 0xac,0x1e,0x11,0x70}, +{ 0x9d,0x34,0x2e,0x53},{ 0x96,0x3a,0x27,0x5e},{ 0x8b,0x28,0x3c,0x49},{ 0x80,0x26,0x35,0x44}, +{ 0xe9,0x7c,0x42,0x0f},{ 0xe2,0x72,0x4b,0x02},{ 0xff,0x60,0x50,0x15},{ 0xf4,0x6e,0x59,0x18}, +{ 0xc5,0x44,0x66,0x3b},{ 0xce,0x4a,0x6f,0x36},{ 0xd3,0x58,0x74,0x21},{ 0xd8,0x56,0x7d,0x2c}, +{ 0x7a,0x37,0xa1,0x0c},{ 0x71,0x39,0xa8,0x01},{ 0x6c,0x2b,0xb3,0x16},{ 0x67,0x25,0xba,0x1b}, +{ 0x56,0x0f,0x85,0x38},{ 0x5d,0x01,0x8c,0x35},{ 0x40,0x13,0x97,0x22},{ 0x4b,0x1d,0x9e,0x2f}, +{ 0x22,0x47,0xe9,0x64},{ 0x29,0x49,0xe0,0x69},{ 0x34,0x5b,0xfb,0x7e},{ 0x3f,0x55,0xf2,0x73}, +{ 0x0e,0x7f,0xcd,0x50},{ 0x05,0x71,0xc4,0x5d},{ 0x18,0x63,0xdf,0x4a},{ 0x13,0x6d,0xd6,0x47}, +{ 0xca,0xd7,0x31,0xdc},{ 0xc1,0xd9,0x38,0xd1},{ 0xdc,0xcb,0x23,0xc6},{ 0xd7,0xc5,0x2a,0xcb}, +{ 0xe6,0xef,0x15,0xe8},{ 0xed,0xe1,0x1c,0xe5},{ 0xf0,0xf3,0x07,0xf2},{ 0xfb,0xfd,0x0e,0xff}, +{ 0x92,0xa7,0x79,0xb4},{ 0x99,0xa9,0x70,0xb9},{ 0x84,0xbb,0x6b,0xae},{ 0x8f,0xb5,0x62,0xa3}, +{ 0xbe,0x9f,0x5d,0x80},{ 0xb5,0x91,0x54,0x8d},{ 0xa8,0x83,0x4f,0x9a},{ 0xa3,0x8d,0x46,0x97 } +}; + +word8 U3[256][4] = { +{ 0x00,0x00,0x00,0x00},{ 0x0d,0x0b,0x0e,0x09},{ 0x1a,0x16,0x1c,0x12},{ 0x17,0x1d,0x12,0x1b}, +{ 0x34,0x2c,0x38,0x24},{ 0x39,0x27,0x36,0x2d},{ 0x2e,0x3a,0x24,0x36},{ 0x23,0x31,0x2a,0x3f}, +{ 0x68,0x58,0x70,0x48},{ 0x65,0x53,0x7e,0x41},{ 0x72,0x4e,0x6c,0x5a},{ 0x7f,0x45,0x62,0x53}, +{ 0x5c,0x74,0x48,0x6c},{ 0x51,0x7f,0x46,0x65},{ 0x46,0x62,0x54,0x7e},{ 0x4b,0x69,0x5a,0x77}, +{ 0xd0,0xb0,0xe0,0x90},{ 0xdd,0xbb,0xee,0x99},{ 0xca,0xa6,0xfc,0x82},{ 0xc7,0xad,0xf2,0x8b}, +{ 0xe4,0x9c,0xd8,0xb4},{ 0xe9,0x97,0xd6,0xbd},{ 0xfe,0x8a,0xc4,0xa6},{ 0xf3,0x81,0xca,0xaf}, +{ 0xb8,0xe8,0x90,0xd8},{ 0xb5,0xe3,0x9e,0xd1},{ 0xa2,0xfe,0x8c,0xca},{ 0xaf,0xf5,0x82,0xc3}, +{ 0x8c,0xc4,0xa8,0xfc},{ 0x81,0xcf,0xa6,0xf5},{ 0x96,0xd2,0xb4,0xee},{ 0x9b,0xd9,0xba,0xe7}, +{ 0xbb,0x7b,0xdb,0x3b},{ 0xb6,0x70,0xd5,0x32},{ 0xa1,0x6d,0xc7,0x29},{ 0xac,0x66,0xc9,0x20}, +{ 0x8f,0x57,0xe3,0x1f},{ 0x82,0x5c,0xed,0x16},{ 0x95,0x41,0xff,0x0d},{ 0x98,0x4a,0xf1,0x04}, +{ 0xd3,0x23,0xab,0x73},{ 0xde,0x28,0xa5,0x7a},{ 0xc9,0x35,0xb7,0x61},{ 0xc4,0x3e,0xb9,0x68}, +{ 0xe7,0x0f,0x93,0x57},{ 0xea,0x04,0x9d,0x5e},{ 0xfd,0x19,0x8f,0x45},{ 0xf0,0x12,0x81,0x4c}, +{ 0x6b,0xcb,0x3b,0xab},{ 0x66,0xc0,0x35,0xa2},{ 0x71,0xdd,0x27,0xb9},{ 0x7c,0xd6,0x29,0xb0}, +{ 0x5f,0xe7,0x03,0x8f},{ 0x52,0xec,0x0d,0x86},{ 0x45,0xf1,0x1f,0x9d},{ 0x48,0xfa,0x11,0x94}, +{ 0x03,0x93,0x4b,0xe3},{ 0x0e,0x98,0x45,0xea},{ 0x19,0x85,0x57,0xf1},{ 0x14,0x8e,0x59,0xf8}, +{ 0x37,0xbf,0x73,0xc7},{ 0x3a,0xb4,0x7d,0xce},{ 0x2d,0xa9,0x6f,0xd5},{ 0x20,0xa2,0x61,0xdc}, +{ 0x6d,0xf6,0xad,0x76},{ 0x60,0xfd,0xa3,0x7f},{ 0x77,0xe0,0xb1,0x64},{ 0x7a,0xeb,0xbf,0x6d}, +{ 0x59,0xda,0x95,0x52},{ 0x54,0xd1,0x9b,0x5b},{ 0x43,0xcc,0x89,0x40},{ 0x4e,0xc7,0x87,0x49}, +{ 0x05,0xae,0xdd,0x3e},{ 0x08,0xa5,0xd3,0x37},{ 0x1f,0xb8,0xc1,0x2c},{ 0x12,0xb3,0xcf,0x25}, +{ 0x31,0x82,0xe5,0x1a},{ 0x3c,0x89,0xeb,0x13},{ 0x2b,0x94,0xf9,0x08},{ 0x26,0x9f,0xf7,0x01}, +{ 0xbd,0x46,0x4d,0xe6},{ 0xb0,0x4d,0x43,0xef},{ 0xa7,0x50,0x51,0xf4},{ 0xaa,0x5b,0x5f,0xfd}, +{ 0x89,0x6a,0x75,0xc2},{ 0x84,0x61,0x7b,0xcb},{ 0x93,0x7c,0x69,0xd0},{ 0x9e,0x77,0x67,0xd9}, +{ 0xd5,0x1e,0x3d,0xae},{ 0xd8,0x15,0x33,0xa7},{ 0xcf,0x08,0x21,0xbc},{ 0xc2,0x03,0x2f,0xb5}, +{ 0xe1,0x32,0x05,0x8a},{ 0xec,0x39,0x0b,0x83},{ 0xfb,0x24,0x19,0x98},{ 0xf6,0x2f,0x17,0x91}, +{ 0xd6,0x8d,0x76,0x4d},{ 0xdb,0x86,0x78,0x44},{ 0xcc,0x9b,0x6a,0x5f},{ 0xc1,0x90,0x64,0x56}, +{ 0xe2,0xa1,0x4e,0x69},{ 0xef,0xaa,0x40,0x60},{ 0xf8,0xb7,0x52,0x7b},{ 0xf5,0xbc,0x5c,0x72}, +{ 0xbe,0xd5,0x06,0x05},{ 0xb3,0xde,0x08,0x0c},{ 0xa4,0xc3,0x1a,0x17},{ 0xa9,0xc8,0x14,0x1e}, +{ 0x8a,0xf9,0x3e,0x21},{ 0x87,0xf2,0x30,0x28},{ 0x90,0xef,0x22,0x33},{ 0x9d,0xe4,0x2c,0x3a}, +{ 0x06,0x3d,0x96,0xdd},{ 0x0b,0x36,0x98,0xd4},{ 0x1c,0x2b,0x8a,0xcf},{ 0x11,0x20,0x84,0xc6}, +{ 0x32,0x11,0xae,0xf9},{ 0x3f,0x1a,0xa0,0xf0},{ 0x28,0x07,0xb2,0xeb},{ 0x25,0x0c,0xbc,0xe2}, +{ 0x6e,0x65,0xe6,0x95},{ 0x63,0x6e,0xe8,0x9c},{ 0x74,0x73,0xfa,0x87},{ 0x79,0x78,0xf4,0x8e}, +{ 0x5a,0x49,0xde,0xb1},{ 0x57,0x42,0xd0,0xb8},{ 0x40,0x5f,0xc2,0xa3},{ 0x4d,0x54,0xcc,0xaa}, +{ 0xda,0xf7,0x41,0xec},{ 0xd7,0xfc,0x4f,0xe5},{ 0xc0,0xe1,0x5d,0xfe},{ 0xcd,0xea,0x53,0xf7}, +{ 0xee,0xdb,0x79,0xc8},{ 0xe3,0xd0,0x77,0xc1},{ 0xf4,0xcd,0x65,0xda},{ 0xf9,0xc6,0x6b,0xd3}, +{ 0xb2,0xaf,0x31,0xa4},{ 0xbf,0xa4,0x3f,0xad},{ 0xa8,0xb9,0x2d,0xb6},{ 0xa5,0xb2,0x23,0xbf}, +{ 0x86,0x83,0x09,0x80},{ 0x8b,0x88,0x07,0x89},{ 0x9c,0x95,0x15,0x92},{ 0x91,0x9e,0x1b,0x9b}, +{ 0x0a,0x47,0xa1,0x7c},{ 0x07,0x4c,0xaf,0x75},{ 0x10,0x51,0xbd,0x6e},{ 0x1d,0x5a,0xb3,0x67}, +{ 0x3e,0x6b,0x99,0x58},{ 0x33,0x60,0x97,0x51},{ 0x24,0x7d,0x85,0x4a},{ 0x29,0x76,0x8b,0x43}, +{ 0x62,0x1f,0xd1,0x34},{ 0x6f,0x14,0xdf,0x3d},{ 0x78,0x09,0xcd,0x26},{ 0x75,0x02,0xc3,0x2f}, +{ 0x56,0x33,0xe9,0x10},{ 0x5b,0x38,0xe7,0x19},{ 0x4c,0x25,0xf5,0x02},{ 0x41,0x2e,0xfb,0x0b}, +{ 0x61,0x8c,0x9a,0xd7},{ 0x6c,0x87,0x94,0xde},{ 0x7b,0x9a,0x86,0xc5},{ 0x76,0x91,0x88,0xcc}, +{ 0x55,0xa0,0xa2,0xf3},{ 0x58,0xab,0xac,0xfa},{ 0x4f,0xb6,0xbe,0xe1},{ 0x42,0xbd,0xb0,0xe8}, +{ 0x09,0xd4,0xea,0x9f},{ 0x04,0xdf,0xe4,0x96},{ 0x13,0xc2,0xf6,0x8d},{ 0x1e,0xc9,0xf8,0x84}, +{ 0x3d,0xf8,0xd2,0xbb},{ 0x30,0xf3,0xdc,0xb2},{ 0x27,0xee,0xce,0xa9},{ 0x2a,0xe5,0xc0,0xa0}, +{ 0xb1,0x3c,0x7a,0x47},{ 0xbc,0x37,0x74,0x4e},{ 0xab,0x2a,0x66,0x55},{ 0xa6,0x21,0x68,0x5c}, +{ 0x85,0x10,0x42,0x63},{ 0x88,0x1b,0x4c,0x6a},{ 0x9f,0x06,0x5e,0x71},{ 0x92,0x0d,0x50,0x78}, +{ 0xd9,0x64,0x0a,0x0f},{ 0xd4,0x6f,0x04,0x06},{ 0xc3,0x72,0x16,0x1d},{ 0xce,0x79,0x18,0x14}, +{ 0xed,0x48,0x32,0x2b},{ 0xe0,0x43,0x3c,0x22},{ 0xf7,0x5e,0x2e,0x39},{ 0xfa,0x55,0x20,0x30}, +{ 0xb7,0x01,0xec,0x9a},{ 0xba,0x0a,0xe2,0x93},{ 0xad,0x17,0xf0,0x88},{ 0xa0,0x1c,0xfe,0x81}, +{ 0x83,0x2d,0xd4,0xbe},{ 0x8e,0x26,0xda,0xb7},{ 0x99,0x3b,0xc8,0xac},{ 0x94,0x30,0xc6,0xa5}, +{ 0xdf,0x59,0x9c,0xd2},{ 0xd2,0x52,0x92,0xdb},{ 0xc5,0x4f,0x80,0xc0},{ 0xc8,0x44,0x8e,0xc9}, +{ 0xeb,0x75,0xa4,0xf6},{ 0xe6,0x7e,0xaa,0xff},{ 0xf1,0x63,0xb8,0xe4},{ 0xfc,0x68,0xb6,0xed}, +{ 0x67,0xb1,0x0c,0x0a},{ 0x6a,0xba,0x02,0x03},{ 0x7d,0xa7,0x10,0x18},{ 0x70,0xac,0x1e,0x11}, +{ 0x53,0x9d,0x34,0x2e},{ 0x5e,0x96,0x3a,0x27},{ 0x49,0x8b,0x28,0x3c},{ 0x44,0x80,0x26,0x35}, +{ 0x0f,0xe9,0x7c,0x42},{ 0x02,0xe2,0x72,0x4b},{ 0x15,0xff,0x60,0x50},{ 0x18,0xf4,0x6e,0x59}, +{ 0x3b,0xc5,0x44,0x66},{ 0x36,0xce,0x4a,0x6f},{ 0x21,0xd3,0x58,0x74},{ 0x2c,0xd8,0x56,0x7d}, +{ 0x0c,0x7a,0x37,0xa1},{ 0x01,0x71,0x39,0xa8},{ 0x16,0x6c,0x2b,0xb3},{ 0x1b,0x67,0x25,0xba}, +{ 0x38,0x56,0x0f,0x85},{ 0x35,0x5d,0x01,0x8c},{ 0x22,0x40,0x13,0x97},{ 0x2f,0x4b,0x1d,0x9e}, +{ 0x64,0x22,0x47,0xe9},{ 0x69,0x29,0x49,0xe0},{ 0x7e,0x34,0x5b,0xfb},{ 0x73,0x3f,0x55,0xf2}, +{ 0x50,0x0e,0x7f,0xcd},{ 0x5d,0x05,0x71,0xc4},{ 0x4a,0x18,0x63,0xdf},{ 0x47,0x13,0x6d,0xd6}, +{ 0xdc,0xca,0xd7,0x31},{ 0xd1,0xc1,0xd9,0x38},{ 0xc6,0xdc,0xcb,0x23},{ 0xcb,0xd7,0xc5,0x2a}, +{ 0xe8,0xe6,0xef,0x15},{ 0xe5,0xed,0xe1,0x1c},{ 0xf2,0xf0,0xf3,0x07},{ 0xff,0xfb,0xfd,0x0e}, +{ 0xb4,0x92,0xa7,0x79},{ 0xb9,0x99,0xa9,0x70},{ 0xae,0x84,0xbb,0x6b},{ 0xa3,0x8f,0xb5,0x62}, +{ 0x80,0xbe,0x9f,0x5d},{ 0x8d,0xb5,0x91,0x54},{ 0x9a,0xa8,0x83,0x4f},{ 0x97,0xa3,0x8d,0x46 } +}; + +word8 U4[256][4] = { +{ 0x00,0x00,0x00,0x00},{ 0x09,0x0d,0x0b,0x0e},{ 0x12,0x1a,0x16,0x1c},{ 0x1b,0x17,0x1d,0x12}, +{ 0x24,0x34,0x2c,0x38},{ 0x2d,0x39,0x27,0x36},{ 0x36,0x2e,0x3a,0x24},{ 0x3f,0x23,0x31,0x2a}, +{ 0x48,0x68,0x58,0x70},{ 0x41,0x65,0x53,0x7e},{ 0x5a,0x72,0x4e,0x6c},{ 0x53,0x7f,0x45,0x62}, +{ 0x6c,0x5c,0x74,0x48},{ 0x65,0x51,0x7f,0x46},{ 0x7e,0x46,0x62,0x54},{ 0x77,0x4b,0x69,0x5a}, +{ 0x90,0xd0,0xb0,0xe0},{ 0x99,0xdd,0xbb,0xee},{ 0x82,0xca,0xa6,0xfc},{ 0x8b,0xc7,0xad,0xf2}, +{ 0xb4,0xe4,0x9c,0xd8},{ 0xbd,0xe9,0x97,0xd6},{ 0xa6,0xfe,0x8a,0xc4},{ 0xaf,0xf3,0x81,0xca}, +{ 0xd8,0xb8,0xe8,0x90},{ 0xd1,0xb5,0xe3,0x9e},{ 0xca,0xa2,0xfe,0x8c},{ 0xc3,0xaf,0xf5,0x82}, +{ 0xfc,0x8c,0xc4,0xa8},{ 0xf5,0x81,0xcf,0xa6},{ 0xee,0x96,0xd2,0xb4},{ 0xe7,0x9b,0xd9,0xba}, +{ 0x3b,0xbb,0x7b,0xdb},{ 0x32,0xb6,0x70,0xd5},{ 0x29,0xa1,0x6d,0xc7},{ 0x20,0xac,0x66,0xc9}, +{ 0x1f,0x8f,0x57,0xe3},{ 0x16,0x82,0x5c,0xed},{ 0x0d,0x95,0x41,0xff},{ 0x04,0x98,0x4a,0xf1}, +{ 0x73,0xd3,0x23,0xab},{ 0x7a,0xde,0x28,0xa5},{ 0x61,0xc9,0x35,0xb7},{ 0x68,0xc4,0x3e,0xb9}, +{ 0x57,0xe7,0x0f,0x93},{ 0x5e,0xea,0x04,0x9d},{ 0x45,0xfd,0x19,0x8f},{ 0x4c,0xf0,0x12,0x81}, +{ 0xab,0x6b,0xcb,0x3b},{ 0xa2,0x66,0xc0,0x35},{ 0xb9,0x71,0xdd,0x27},{ 0xb0,0x7c,0xd6,0x29}, +{ 0x8f,0x5f,0xe7,0x03},{ 0x86,0x52,0xec,0x0d},{ 0x9d,0x45,0xf1,0x1f},{ 0x94,0x48,0xfa,0x11}, +{ 0xe3,0x03,0x93,0x4b},{ 0xea,0x0e,0x98,0x45},{ 0xf1,0x19,0x85,0x57},{ 0xf8,0x14,0x8e,0x59}, +{ 0xc7,0x37,0xbf,0x73},{ 0xce,0x3a,0xb4,0x7d},{ 0xd5,0x2d,0xa9,0x6f},{ 0xdc,0x20,0xa2,0x61}, +{ 0x76,0x6d,0xf6,0xad},{ 0x7f,0x60,0xfd,0xa3},{ 0x64,0x77,0xe0,0xb1},{ 0x6d,0x7a,0xeb,0xbf}, +{ 0x52,0x59,0xda,0x95},{ 0x5b,0x54,0xd1,0x9b},{ 0x40,0x43,0xcc,0x89},{ 0x49,0x4e,0xc7,0x87}, +{ 0x3e,0x05,0xae,0xdd},{ 0x37,0x08,0xa5,0xd3},{ 0x2c,0x1f,0xb8,0xc1},{ 0x25,0x12,0xb3,0xcf}, +{ 0x1a,0x31,0x82,0xe5},{ 0x13,0x3c,0x89,0xeb},{ 0x08,0x2b,0x94,0xf9},{ 0x01,0x26,0x9f,0xf7}, +{ 0xe6,0xbd,0x46,0x4d},{ 0xef,0xb0,0x4d,0x43},{ 0xf4,0xa7,0x50,0x51},{ 0xfd,0xaa,0x5b,0x5f}, +{ 0xc2,0x89,0x6a,0x75},{ 0xcb,0x84,0x61,0x7b},{ 0xd0,0x93,0x7c,0x69},{ 0xd9,0x9e,0x77,0x67}, +{ 0xae,0xd5,0x1e,0x3d},{ 0xa7,0xd8,0x15,0x33},{ 0xbc,0xcf,0x08,0x21},{ 0xb5,0xc2,0x03,0x2f}, +{ 0x8a,0xe1,0x32,0x05},{ 0x83,0xec,0x39,0x0b},{ 0x98,0xfb,0x24,0x19},{ 0x91,0xf6,0x2f,0x17}, +{ 0x4d,0xd6,0x8d,0x76},{ 0x44,0xdb,0x86,0x78},{ 0x5f,0xcc,0x9b,0x6a},{ 0x56,0xc1,0x90,0x64}, +{ 0x69,0xe2,0xa1,0x4e},{ 0x60,0xef,0xaa,0x40},{ 0x7b,0xf8,0xb7,0x52},{ 0x72,0xf5,0xbc,0x5c}, +{ 0x05,0xbe,0xd5,0x06},{ 0x0c,0xb3,0xde,0x08},{ 0x17,0xa4,0xc3,0x1a},{ 0x1e,0xa9,0xc8,0x14}, +{ 0x21,0x8a,0xf9,0x3e},{ 0x28,0x87,0xf2,0x30},{ 0x33,0x90,0xef,0x22},{ 0x3a,0x9d,0xe4,0x2c}, +{ 0xdd,0x06,0x3d,0x96},{ 0xd4,0x0b,0x36,0x98},{ 0xcf,0x1c,0x2b,0x8a},{ 0xc6,0x11,0x20,0x84}, +{ 0xf9,0x32,0x11,0xae},{ 0xf0,0x3f,0x1a,0xa0},{ 0xeb,0x28,0x07,0xb2},{ 0xe2,0x25,0x0c,0xbc}, +{ 0x95,0x6e,0x65,0xe6},{ 0x9c,0x63,0x6e,0xe8},{ 0x87,0x74,0x73,0xfa},{ 0x8e,0x79,0x78,0xf4}, +{ 0xb1,0x5a,0x49,0xde},{ 0xb8,0x57,0x42,0xd0},{ 0xa3,0x40,0x5f,0xc2},{ 0xaa,0x4d,0x54,0xcc}, +{ 0xec,0xda,0xf7,0x41},{ 0xe5,0xd7,0xfc,0x4f},{ 0xfe,0xc0,0xe1,0x5d},{ 0xf7,0xcd,0xea,0x53}, +{ 0xc8,0xee,0xdb,0x79},{ 0xc1,0xe3,0xd0,0x77},{ 0xda,0xf4,0xcd,0x65},{ 0xd3,0xf9,0xc6,0x6b}, +{ 0xa4,0xb2,0xaf,0x31},{ 0xad,0xbf,0xa4,0x3f},{ 0xb6,0xa8,0xb9,0x2d},{ 0xbf,0xa5,0xb2,0x23}, +{ 0x80,0x86,0x83,0x09},{ 0x89,0x8b,0x88,0x07},{ 0x92,0x9c,0x95,0x15},{ 0x9b,0x91,0x9e,0x1b}, +{ 0x7c,0x0a,0x47,0xa1},{ 0x75,0x07,0x4c,0xaf},{ 0x6e,0x10,0x51,0xbd},{ 0x67,0x1d,0x5a,0xb3}, +{ 0x58,0x3e,0x6b,0x99},{ 0x51,0x33,0x60,0x97},{ 0x4a,0x24,0x7d,0x85},{ 0x43,0x29,0x76,0x8b}, +{ 0x34,0x62,0x1f,0xd1},{ 0x3d,0x6f,0x14,0xdf},{ 0x26,0x78,0x09,0xcd},{ 0x2f,0x75,0x02,0xc3}, +{ 0x10,0x56,0x33,0xe9},{ 0x19,0x5b,0x38,0xe7},{ 0x02,0x4c,0x25,0xf5},{ 0x0b,0x41,0x2e,0xfb}, +{ 0xd7,0x61,0x8c,0x9a},{ 0xde,0x6c,0x87,0x94},{ 0xc5,0x7b,0x9a,0x86},{ 0xcc,0x76,0x91,0x88}, +{ 0xf3,0x55,0xa0,0xa2},{ 0xfa,0x58,0xab,0xac},{ 0xe1,0x4f,0xb6,0xbe},{ 0xe8,0x42,0xbd,0xb0}, +{ 0x9f,0x09,0xd4,0xea},{ 0x96,0x04,0xdf,0xe4},{ 0x8d,0x13,0xc2,0xf6},{ 0x84,0x1e,0xc9,0xf8}, +{ 0xbb,0x3d,0xf8,0xd2},{ 0xb2,0x30,0xf3,0xdc},{ 0xa9,0x27,0xee,0xce},{ 0xa0,0x2a,0xe5,0xc0}, +{ 0x47,0xb1,0x3c,0x7a},{ 0x4e,0xbc,0x37,0x74},{ 0x55,0xab,0x2a,0x66},{ 0x5c,0xa6,0x21,0x68}, +{ 0x63,0x85,0x10,0x42},{ 0x6a,0x88,0x1b,0x4c},{ 0x71,0x9f,0x06,0x5e},{ 0x78,0x92,0x0d,0x50}, +{ 0x0f,0xd9,0x64,0x0a},{ 0x06,0xd4,0x6f,0x04},{ 0x1d,0xc3,0x72,0x16},{ 0x14,0xce,0x79,0x18}, +{ 0x2b,0xed,0x48,0x32},{ 0x22,0xe0,0x43,0x3c},{ 0x39,0xf7,0x5e,0x2e},{ 0x30,0xfa,0x55,0x20}, +{ 0x9a,0xb7,0x01,0xec},{ 0x93,0xba,0x0a,0xe2},{ 0x88,0xad,0x17,0xf0},{ 0x81,0xa0,0x1c,0xfe}, +{ 0xbe,0x83,0x2d,0xd4},{ 0xb7,0x8e,0x26,0xda},{ 0xac,0x99,0x3b,0xc8},{ 0xa5,0x94,0x30,0xc6}, +{ 0xd2,0xdf,0x59,0x9c},{ 0xdb,0xd2,0x52,0x92},{ 0xc0,0xc5,0x4f,0x80},{ 0xc9,0xc8,0x44,0x8e}, +{ 0xf6,0xeb,0x75,0xa4},{ 0xff,0xe6,0x7e,0xaa},{ 0xe4,0xf1,0x63,0xb8},{ 0xed,0xfc,0x68,0xb6}, +{ 0x0a,0x67,0xb1,0x0c},{ 0x03,0x6a,0xba,0x02},{ 0x18,0x7d,0xa7,0x10},{ 0x11,0x70,0xac,0x1e}, +{ 0x2e,0x53,0x9d,0x34},{ 0x27,0x5e,0x96,0x3a},{ 0x3c,0x49,0x8b,0x28},{ 0x35,0x44,0x80,0x26}, +{ 0x42,0x0f,0xe9,0x7c},{ 0x4b,0x02,0xe2,0x72},{ 0x50,0x15,0xff,0x60},{ 0x59,0x18,0xf4,0x6e}, +{ 0x66,0x3b,0xc5,0x44},{ 0x6f,0x36,0xce,0x4a},{ 0x74,0x21,0xd3,0x58},{ 0x7d,0x2c,0xd8,0x56}, +{ 0xa1,0x0c,0x7a,0x37},{ 0xa8,0x01,0x71,0x39},{ 0xb3,0x16,0x6c,0x2b},{ 0xba,0x1b,0x67,0x25}, +{ 0x85,0x38,0x56,0x0f},{ 0x8c,0x35,0x5d,0x01},{ 0x97,0x22,0x40,0x13},{ 0x9e,0x2f,0x4b,0x1d}, +{ 0xe9,0x64,0x22,0x47},{ 0xe0,0x69,0x29,0x49},{ 0xfb,0x7e,0x34,0x5b},{ 0xf2,0x73,0x3f,0x55}, +{ 0xcd,0x50,0x0e,0x7f},{ 0xc4,0x5d,0x05,0x71},{ 0xdf,0x4a,0x18,0x63},{ 0xd6,0x47,0x13,0x6d}, +{ 0x31,0xdc,0xca,0xd7},{ 0x38,0xd1,0xc1,0xd9},{ 0x23,0xc6,0xdc,0xcb},{ 0x2a,0xcb,0xd7,0xc5}, +{ 0x15,0xe8,0xe6,0xef},{ 0x1c,0xe5,0xed,0xe1},{ 0x07,0xf2,0xf0,0xf3},{ 0x0e,0xff,0xfb,0xfd}, +{ 0x79,0xb4,0x92,0xa7},{ 0x70,0xb9,0x99,0xa9},{ 0x6b,0xae,0x84,0xbb},{ 0x62,0xa3,0x8f,0xb5}, +{ 0x5d,0x80,0xbe,0x9f},{ 0x54,0x8d,0xb5,0x91},{ 0x4f,0x9a,0xa8,0x83},{ 0x46,0x97,0xa3,0x8d } +}; + +word32 rcon[30] = { + 0x01,0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91 +}; Index: /tags/2.5.0/include/samhain.h =================================================================== --- /tags/2.5.0/include/samhain.h (revision 189) +++ /tags/2.5.0/include/samhain.h (revision 189) @@ -0,0 +1,489 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#ifndef SAMHAIN_H +#define SAMHAIN_H + +#include +#include "slib.h" + +#ifdef SH_ENCRYPT +#include "rijndael-api-fst.h" +#endif + +/************************************************** + * + * STANDARD DEFINES + * + **************************************************/ + +#define REPLACE_OLD + +/* Standard buffer sizes. + */ +#define SH_MINIBUF 64 +#define SH_BUFSIZE 1024 +#define SH_MAXBUF 4096 +#define SH_PATHBUF 256 +#define SH_MSG_BUF 64512 + +#define SH_ERRBUF_SIZE 64 + +/* MAX_PATH_STORE must be >= KEY_LEN + */ +#define MAX_PATH_STORE 12287 + +/* Sizes for arrays (user, group, timestamp). + */ +#define SOCKPASS_MAX 14 +#define USER_MAX 20 +#define GROUP_MAX 20 +#define TIM_MAX 32 + +#define CMODE_SIZE 11 + +#define ATTRBUF_SIZE 16 +#define ATTRBUF_USED 12 + +/* The number of bytes in a key, + * the number of chars in its hex repesentation, + * and the block size of the hash algorithm. + */ +#define KEY_BYT 24 +#define KEY_LEN 48 +#define KEY_BLOCK 24 +#define KEYBUF_SIZE (KEY_LEN+1) + +/* The length of the compiled-in password. + */ +#define PW_LEN 8 + +#undef GOOD +#define GOOD 1 +#undef BAD +#define BAD 0 +#undef ON +#define ON 1 +#undef OFF +#define OFF 0 +#undef S_TRUE +#define S_TRUE 1 +#undef S_FALSE +#define S_FALSE 0 + +/* An unsigned integer guaranteed to be 32 bit. + */ +#if defined(HAVE_INT_32) +#define UINT32 unsigned int +#define SINT32 int +#elif defined(HAVE_LONG_32) +#define UINT32 unsigned long +#define SINT32 long +#elif defined(HAVE_SHORT_32) +#define UINT32 unsigned short +#define SINT32 short +#endif + +#ifdef HAVE_INTTYPES_H +#include +#endif +#ifdef HAVE_STDINT_H +#include +#endif + +#if !defined(HAVE_UINT64_T) + +#ifdef HAVE_LONG_LONG_64 +#define UINT64 unsigned long long +#else +#ifdef HAVE_LONG_64 +#define UINT64 unsigned long +#else +#error "no 64bit type found" +#endif +#endif + +#else +#define UINT64 uint64_t +#endif + + + +#define UBYTE unsigned char + + +enum { + SH_CHECK_NONE = 0, + SH_CHECK_INIT = 1, + SH_CHECK_CHECK = 2 +}; + +#define SH_MOD_THREAD 1 +#define SH_MOD_ACTIVE 0 +#define SH_MOD_FAILED -1 + +/* Flags for file status + */ +#define SH_FFLAG_ALLIGNORE (1<<0) +#define SH_FFLAG_VISITED (1<<1) +#define SH_FFLAG_CHECKED (1<<3) +#define SH_FFLAG_REPORTED (1<<3) +#define SH_FFLAG_SUIDCHK (1<<4) + +#define SH_FFLAG_ALLIGNORE_SET(a) (((a) & SH_FFLAG_ALLIGNORE) != 0) +#define SET_SH_FFLAG_ALLIGNORE(a) ((a) |= SH_FFLAG_ALLIGNORE) +#define CLEAR_SH_FFLAG_ALLIGNORE(a) ((a) &= ~SH_FFLAG_ALLIGNORE) + +#define SH_FFLAG_VISITED_SET(a) (((a) & SH_FFLAG_VISITED) != 0) +#define SET_SH_FFLAG_VISITED(a) ((a) |= SH_FFLAG_VISITED) +#define CLEAR_SH_FFLAG_VISITED(a) ((a) &= ~SH_FFLAG_VISITED) + +#define SH_FFLAG_CHECKED_SET(a) (((a) & SH_FFLAG_VISITED) != 0) +#define SET_SH_FFLAG_CHECKED(a) ((a) |= SH_FFLAG_VISITED) +#define CLEAR_SH_FFLAG_CHECKED(a) ((a) &= ~SH_FFLAG_VISITED) + +#define SH_FFLAG_REPORTED_SET(a) (((a) & SH_FFLAG_REPORTED) != 0) +#define SET_SH_FFLAG_REPORTED(a) ((a) |= SH_FFLAG_REPORTED) +#define CLEAR_SH_FFLAG_REPORTED(a) ((a) &= ~SH_FFLAG_REPORTED) + +#define SH_FFLAG_SUIDCHK_SET(a) (((a) & SH_FFLAG_SUIDCHK) != 0) +#define SET_SH_FFLAG_SUIDCHK(a) ((a) |= SH_FFLAG_SUIDCHK) +#define CLEAR_SH_FFLAG_SUIDCHK(a) ((a) &= ~SH_FFLAG_SUIDCHK) + + +/************************************************** + * + * TYPEDEFS + * + **************************************************/ + +enum { + SH_LEVEL_READONLY = 1, + SH_LEVEL_LOGFILES = 2, + SH_LEVEL_LOGGROW = 3, + SH_LEVEL_NOIGNORE = 4, + SH_LEVEL_ALLIGNORE = 5, + SH_LEVEL_ATTRIBUTES = 6, + SH_LEVEL_USER0 = 7, + SH_LEVEL_USER1 = 8, + SH_LEVEL_USER2 = 9, + SH_LEVEL_USER3 = 10, + SH_LEVEL_USER4 = 11, + SH_LEVEL_PRELINK = 12 +}; + +typedef struct { + time_t alarm_interval; + time_t alarm_last; +} sh_timer_t; + +typedef struct { + char path[SH_PATHBUF]; + char hash[KEY_LEN+1]; +} sh_sh_df; + +typedef struct { + char user[USER_MAX]; + char group[GROUP_MAX]; + char home[SH_PATHBUF]; + uid_t uid; + gid_t gid; +} sh_sh_user; + +typedef struct { + char name[SH_PATHBUF]; /* local hostname */ + char system[SH_MINIBUF]; /* system */ + char release[SH_MINIBUF]; /* release */ + char machine[SH_MINIBUF]; /* machine */ +} sh_sh_local; + +typedef struct { + char name[SH_PATHBUF]; + char alt[SH_PATHBUF]; +} sh_sh_remote; + +typedef struct { + unsigned long bytes_hashed; /* bytes last check */ + unsigned long bytes_speed; /* bytes/sec last check */ + unsigned long mail_success; /* mails sent */ + unsigned long mail_failed; /* mails not sent */ + time_t time_start; /* start last check */ + time_t time_check; /* time last check */ + unsigned long dirs_checked; /* #dirs last check */ + unsigned long files_checked; /* #files last check */ +} sh_sh_stat; + +typedef struct { + int exit; /* exit value */ + int checkSum; /* whether to init/check checksums */ + int update; /* update db */ + int opts; /* reading cl options */ + int isdaemon; /* daemon or not */ + int loop; /* go in loop even if not daemon */ + int nice; /* desired nicety */ + int isserver; /* server or not */ + int islocked; /* BAD if logfile not locked */ + int smsg; /* GOOD if end message sent */ + int log_start; /* TRUE if new audit trail */ + int reportonce; /* TRUE if bad files only once rep.*/ + int fulldetail; /* TRUE if full details requested */ + int client_severity; /* TRUE if client severity used */ + int client_class; /* TRUE if client class used */ + int audit; + unsigned long aud_mask; + int hidefile; /* TRUE if file not reveled in log */ +} sh_sh_flag; + +typedef struct { + + char prg_name[8]; + + UINT64 pid; + + sh_sh_df exec; + sh_sh_df conf; + sh_sh_df data; + + sh_sh_user real; + sh_sh_user effective; + sh_sh_user run; + + sh_sh_local host; + + sh_sh_remote srvtime; + sh_sh_remote srvmail; + sh_sh_remote srvexport; + sh_sh_remote srvcons; + sh_sh_remote srvlog; + + sh_sh_stat statistics; + sh_sh_flag flag; + +#ifdef SH_STEALTH + unsigned long off_data; +#endif + + sh_timer_t mailNum; + sh_timer_t mailTime; + sh_timer_t fileCheck; + + int looptime; /* timing for main loop */ + /*@null@*//*@out@*/ char * timezone; +} sh_struct; + + +extern volatile int sig_raised; +extern volatile int sig_urgent; +extern volatile int sig_debug_switch; /* SIGUSR1 */ +extern volatile int sig_suspend_switch; /* SIGUSR2 */ +extern volatile int sh_global_suspend_flag; +extern volatile int sig_fresh_trail; /* SIGIOT */ +extern volatile int sh_thread_pause_flag; +extern volatile int sig_config_read_again; /* SIGHUP */ +extern volatile int sig_terminate; /* SIGQUIT */ +extern volatile int sig_termfast; /* SIGTERM */ +extern volatile int sig_force_check; /* SIGTTOU */ + +extern long int eintr__result; + +extern int sh_argc_store; +extern char ** sh_argv_store; + +#include "sh_calls.h" + + +typedef struct { + char sh_sockpass[2*SOCKPASS_MAX+2]; + char sigkey_old[KEY_LEN+1]; + char sigkey_new[KEY_LEN+1]; + char mailkey_old[KEY_LEN+1]; + char mailkey_new[KEY_LEN+1]; + char crypt[KEY_LEN+1]; + char session[KEY_LEN+1]; + char vernam[KEY_LEN+1]; + int mlock_failed; + + char pw[PW_LEN]; + + char poolv[KEY_BYT]; + int poolc; + + int rngI; + UINT32 rng0[3]; + UINT32 rng1[3]; + UINT32 rng2[3]; + + UINT32 res_vec[6]; + + UINT32 ErrFlag[2]; + +#ifdef SH_ENCRYPT + /*@out@*/ keyInstance keyInstE; + /*@out@*/ keyInstance keyInstD; +#endif +} sh_key_t; + +extern sh_struct sh; +/*@null@*/ extern sh_key_t *skey; + +/************************************************** + * + * macros + * + **************************************************/ + +#if defined(__GNUC__) && (__GNUC__ >= 4) +#define SH_GNUC_SENTINEL __attribute__((__sentinel__)) +#else +#define SH_GNUC_SENTINEL +#endif + +#if defined(__GNUC__) && (__GNUC__ >= 3) +#undef SH_GNUC_PURE +#define SH_GNUC_PURE __attribute__((pure)) +#undef SH_GNUC_CONST +#define SH_GNUC_CONST __attribute__((const)) +#undef SH_GNUC_NORETURN +#define SH_GNUC_NORETURN __attribute__((noreturn)) +#undef SH_GNUC_MALLOC +#define SH_GNUC_MALLOC __attribute__((malloc)) +#else +#undef SH_GNUC_PURE +#define SH_GNUC_PURE +#undef SH_GNUC_CONST +#define SH_GNUC_CONST +#undef SH_GNUC_NORETURN +#define SH_GNUC_NORETURN +#undef SH_GNUC_MALLOC +#define SH_GNUC_MALLOC +#endif + + +/* The semantics of the built-in are that it is expected that expr == const + * for __builtin_expect ((expr), const) + */ +#if defined(__GNUC__) && (__GNUC__ > 2) && defined(__OPTIMIZE__) +#define SH_LIKELY(expr) (__builtin_expect((expr), 1)) +#define SH_UNLIKELY(expr) (__builtin_expect((expr), 0)) +#else +#define SH_LIKELY(expr) (expr) +#define SH_UNLIKELY(expr) (expr) +#endif + +/* signal-safe log function + */ +int safe_logger (int thesignal, int method, char * details); +void safe_fatal (const char * details, const char *f, int l); + +#define SH_VALIDATE_EQ(a,b) \ + do { \ + if ((a) != (b)) safe_fatal(#a " != " #b, FIL__, __LINE__);\ + } while (0) + +#define SH_VALIDATE_NE(a,b) \ + do { \ + if ((a) == (b)) safe_fatal(#a " == " #b, FIL__, __LINE__);\ + } while (0) + +#define SH_VALIDATE_GE(a,b) \ + do { \ + if ((a) < (b)) safe_fatal(#a " < " #b, FIL__, __LINE__);\ + } while (0) + +#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) +#define MLOCK(a, b) \ + if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \ + (void) sl_set_suid(); \ + if (sh_unix_mlock(FIL__, __LINE__, a, b) < 0) skey->mlock_failed = SL_TRUE; \ + (void) sl_unset_suid(); } +#else +#define MLOCK(a, b) \ + ; +#endif + +#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) +#define MUNLOCK(a, b) \ + if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \ + (void) sl_set_suid(); \ + (void) sh_unix_munlock( a, b );\ + (void) sl_unset_suid(); } +#else +#define MUNLOCK(a, b) \ + ; +#endif + +#ifdef SH_STEALTH +void sh_do_encode (char * str, int len); +#define sh_do_decode sh_do_encode +#endif + +/* #if defined(SCREW_IT_UP) + * extern volatile int sh_not_traced; + * inline int sh_sigtrap_prepare(); + * inline int sh_derr(); + * #endif + */ + +#if defined(SCREW_IT_UP) && (defined(__FreeBSD__) || defined(__linux__)) && defined(__i386__) +#define BREAKEXIT(expr) \ + do { \ + int ixi; \ + for (ixi = 0; ixi < 8; ++ixi) { \ + if ((*(volatile unsigned *)((unsigned) expr + ixi) & 0xff) == 0xcc) \ + _exit(EXIT_FAILURE); \ + } \ + } \ + while (1 == 0) +#else +#define BREAKEXIT(expr) +#endif + + + +#include "sh_cat.h" +#include "sh_trace.h" +#include "sh_mem.h" + +#endif + +/* CRIT: */ +/* NEW_CLIENT */ +/* BAD_CLIENT --
*/ +/* ERR_CLIENT --
*/ + +/* ALERT: */ +/* LOG_KEY samhain|yule */ +/* STARTUP samhain|yule -- user */ +/* EXIT samhain|yule */ +/* GOODSIG */ +/* FP_KEY */ +/* GOODSIG_DAT */ +/* FP_KEY_DAT */ +/* TIGER_CFG */ +/* TIGER_DAT */ + +/* PANIC --
*/ +/* ERROR --
*/ + +/* Policy */ +/* POLICY */ +/* = MISSING || ADDED || NOT_A_DIRECTORY || */ + + + Index: /tags/2.5.0/include/sh_MK.h =================================================================== --- /tags/2.5.0/include/sh_MK.h (revision 189) +++ /tags/2.5.0/include/sh_MK.h (revision 189) @@ -0,0 +1,27 @@ +#ifndef SH_MK_H +#define SH_MK_H +#define MKB_16 1 +#define MKB_14 1 +#define MKB_13 1 +#define MKB_12 1 +#define MKB_11 1 +#define MKB_10 1 +#define MKB_09 1 +#define MKB_08 1 +#define MKB_06 1 +#define MKB_05 1 +#define MKB_04 1 +#define MKB_03 1 +#define MKA_08 1 +#define MKA_02 1 +#define MKA_01 1 +#define MKC_16 1 +#define MKC_15 1 +#define MKC_08 1 +#define MKC_06 1 +#define MKC_05 1 +#define MKC_01 1 +#define MKD_15 1 +#define MKD_07 1 +#define MKD_06 1 +#endif Index: /tags/2.5.0/include/sh_calls.h =================================================================== --- /tags/2.5.0/include/sh_calls.h (revision 189) +++ /tags/2.5.0/include/sh_calls.h (revision 189) @@ -0,0 +1,87 @@ +#ifndef SH_CALLS_H +#define SH_CALLS_H + +#define AUD_CHDIR (1UL << 0) +#define AUD_CHMOD (1UL << 1) +#define AUD_CHOWN (1UL << 2) +#define AUD_CREAT (1UL << 3) +#define AUD_DUP (1UL << 4) +#define AUD_EXEC (1UL << 5) +#define AUD_EXIT (1UL << 6) +#define AUD_FORK (1UL << 7) +#define AUD_KILL (1UL << 8) +#define AUD_LINK (1UL << 9) +#define AUD_MKDIR (1UL << 10) +#define AUD_MKFIFO (1UL << 11) +#define AUD_OPEN (1UL << 12) +#define AUD_PIPE (1UL << 13) +#define AUD_RENAME (1UL << 14) +#define AUD_RMDIR (1UL << 15) +#define AUD_SETGID (1UL << 16) +#define AUD_SETUID (1UL << 17) +#define AUD_UNLINK (1UL << 18) +#define AUD_UTIME (1UL << 19) + +#include +#include +#include +#include +#include + +/*@-fixedformalarray@*/ + +/* Set aud functions + */ +int sh_aud_set_functions(const char * str_s); + + +long int retry_accept(const char * file, int line, + int fd, struct sockaddr *serv_addr, int * addrlen); +long int retry_stat (const char * file, int line, + const char *file_name, struct stat *buf); +long int retry_fstat(const char * file, int line, + int filed, struct stat *buf); +long int retry_lstat(const char * file, int line, + const char *file_name, struct stat *buf); +long int retry_fcntl(const char * file, int line, + int fd, int cmd, long arg); + +long int retry_msleep (int sec, int millisec); + +long int retry_sigaction(const char * file, int line, + int signum, const struct sigaction *act, + struct sigaction *oldact); + +int sh_calls_set_bind_addr (const char *); +long int retry_connect(const char * file, int line, + int fd, struct sockaddr *serv_addr, int addrlen); + +long int retry_aud_dup2 (const char * file, int line, int fd, int fd2); +long int retry_aud_execve (const char * file, int line, + const char *dateiname, char * argv[], + char *envp[]); +long int retry_aud_dup (const char * file, int line, + int fd); +long int retry_aud_chdir (const char * file, int line, + const char *path); +long int retry_aud_unlink (const char * file, int line, + char * path); +long int retry_aud_utime (const char * file, int line, + char * path, struct utimbuf *buf); + +long int aud_open (const char * file, int line, int privs, + const char *pathname, int flags, mode_t mode); +long int aud_open_noatime (const char * file, int line, int privs, + const char *pathname, int flags, mode_t mode, + int * o_noatime); +/*@noreturn@*/ +void aud_exit (const char * file, int line, int fd); +/*@noreturn@*/ +void aud__exit (const char * file, int line, int fd); +pid_t aud_fork (const char * file, int line); +int aud_pipe (const char * file, int line, int modus[2]); +int aud_setuid (const char * file, int line, uid_t uid); +int aud_setgid (const char * file, int line, gid_t gid); +long int aud_kill (const char * file, int line, pid_t pid, int sig); + +#endif Index: /tags/2.5.0/include/sh_cat.h =================================================================== --- /tags/2.5.0/include/sh_cat.h (revision 189) +++ /tags/2.5.0/include/sh_cat.h (revision 189) @@ -0,0 +1,353 @@ + +#ifndef SH_CAT_H +#define SH_CAT_H + +typedef struct foo_cat_entry { + unsigned long id; + unsigned long priority; + unsigned long class; + const char * format; +} cat_entry; + +extern cat_entry msg_cat[]; + +extern const char * class_cat[]; + +#define AUD 0 +#define PANIC 1 +#define RUN 2 +#define FIL 3 +#define TCP 4 +#define ERR 5 +#define STAMP 6 +#define ENET 7 +#define EINPUT 8 +#define EVENT 9 +#define START 10 +#define LOGKEY 11 +#define OTHER_CLA ((1 << RUN)|(1 << FIL)|(1 << TCP)) +#define RUN_NEW ((1 << RUN)|(1 << EVENT)|(1 << START)|(1 << LOGKEY)) +#define FIL_NEW ((1 << FIL)|(1 << EVENT)) +#define ERROR_CLA ((1 << ERR)|(1 << PANIC)|(1 << ENET)|(1 << EINPUT)) + +#define SH_CLA_RAW_MAX 12 +#define SH_CLA_MAX 16 + + +#if 0 +enum { + SH_CLA_AUD = (1 << 0), + SH_CLA_PANIC = (1 << 1), + SH_CLA_RUN = (1 << 2), + SH_CLA_FIL = (1 << 3), + SH_CLA_TCP = (1 << 4), + SH_CLA_ERR = (1 << 5), + SH_CLA_STAMP = (1 << 6), + SH_CLA_ENET = (1 << 7), + SH_CLA_EINPUT = (1 << 8) +}; +#endif + +enum { + MSG_EXIT_ABORTS, + MSG_START_SRV, + + MSG_EXIT_ABORT1, + MSG_EXIT_NORMAL, + MSG_START_KEY_MAIL, + MSG_START_KEY, + MSG_START_0H, + MSG_START_1H, + MSG_START_2H, + MSG_START_GH, + MSG_START_GH2, + MSG_SUSPEND, + + MSG_MLOCK, + MSG_W_SIG, + MSG_W_CHDIR, + + MSG_MOD_FAIL, + MSG_MOD_OK, + MSG_MOD_EXEC, + + MSG_RECONF, + MSG_CHECK_0, + MSG_CHECK_1, + MSG_STAMP, + + MSG_D_START, + MSG_D_DSTART, + MSG_D_FAIL, + + +#ifndef HAVE_URANDOM + MSG_ENSTART, + MSG_ENEXEC, + MSG_ENFAIL, + MSG_ENTOUT, + MSG_ENCLOS, + MSG_ENCLOS1, + MSG_ENREAD, +#endif + +#ifdef SH_USE_SUIDCHK + MSG_SUID_POLICY, + MSG_SUID_FOUND, + MSG_SUID_SUMMARY, + MSG_SUID_QREPORT, + MSG_SUID_ERROR, +#endif + +#ifdef SH_USE_KERN + /* FreeBSD */ + MSG_KERN_POLICY, + MSG_KERN_POL_CO, + + /* Linux */ + MSG_KERN_SYSCALL, + MSG_KERN_PROC, + MSG_KERN_IDT, + MSG_KERN_GATE, +#endif + +#ifdef SH_USE_UTMP + MSG_UT_CHECK, + + MSG_UT_LG1X, + MSG_UT_LG2X, + MSG_UT_LG3X, + + MSG_UT_LG1A, + MSG_UT_LG1B, + + MSG_UT_LG2A, + MSG_UT_LG2B, + + MSG_UT_LG3A, + MSG_UT_LG3B, + MSG_UT_LG3C, + MSG_UT_ROT, + +#endif + +#ifdef SH_USE_PROCESSCHECK + MSG_PCK_CHECK, + MSG_PCK_OK, + MSG_PCK_P_HIDDEN, + MSG_PCK_HIDDEN, + MSG_PCK_FAKE, + MSG_PCK_MISS, +#endif + +#ifdef SH_USE_PORTCHECK + MSG_PORT_MISS, + MSG_PORT_NEW, + MSG_PORT_RESTART, + MSG_PORT_NEWPORT, +#endif + +#ifdef SH_USE_MOUNTS + MSG_MNT_CHECK, + MSG_MNT_MEMLIST, + MSG_MNT_MNTMISS, + MSG_MNT_OPTMISS, +#endif + +#ifdef SH_USE_USERFILES + MSG_USERFILES_SUMMARY, +#endif + +#ifdef USE_LOGFILE_MONITOR + MSG_LOGMON_CHKS, + MSG_LOGMON_CHKE, + MSG_LOGMON_MISS, + MSG_LOGMON_EOPEN, + MSG_LOGMON_EREAD, + MSG_LOGMON_REP, + MSG_LOGMON_SUM, +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + + MSG_FI_TOOLATE, + MSG_FI_CSUM, + MSG_FI_DSUM, + MSG_FI_CHK, + MSG_FI_NULL, + MSG_FI_FAIL, + MSG_FI_GLOB, + MSG_FI_COLL, + MSG_FI_DOUBLE, + MSG_FI_2LONG, + MSG_FI_2LONG2, + MSG_FI_NOPATH, + MSG_FI_DLNK, + MSG_FI_RDLNK, + MSG_FI_NOGRP, + MSG_FI_NOUSR, + MSG_FI_LSTAT, + MSG_FI_OBSC, + MSG_FI_OBSC2, + MSG_FI_LIST, + MSG_FI_LLNK, + MSG_FI_MISS, + /* #ifdef SH_USE_XML */ + MSG_FI_MISS2, + MSG_FI_ADD2, + /* #endif */ + MSG_FI_ADD, + MSG_FI_CHAN, + MSG_FI_NODIR, + MSG_FI_DBEX, +#endif + + MSG_TCP_NETRP, + +#ifndef SH_STANDALONE +#ifdef INET_SYSLOG + MSG_INET_SYSLOG, + MSG_ERR_SYSLOG, +#endif + + MSG_TCP_MISMATCH, + MSG_TCP_MISENC, + MSG_TCP_NONAME, + MSG_TCP_UNEXP, + MSG_TCP_EFIL, + MSG_TCP_NOCONF, + MSG_TCP_NOAUTH, + MSG_TCP_CONF, + MSG_TCP_AUTH, + MSG_TCP_FOK, + MSG_TCP_FBAD, + MSG_TCP_ECONN, + MSG_TCP_EZERO, + MSG_TCP_EBGN, + + MSG_TCP_CREG, + MSG_TCP_FAUTH, + MSG_TCP_TIMOUT, + + MSG_TCP_RESCLT, + MSG_TCP_RESPEER, + MSG_TCP_LOOKERS, + MSG_TCP_LOOKUP, + + MSG_TCP_TIMEXC, + MSG_TCP_NOCLT, + MSG_TCP_BADCONN, + MSG_TCP_FFILE , + MSG_TCP_NFILE , + MSG_TCP_FINV , + MSG_TCP_OKFILE, + MSG_TCP_OKMSG, + MSG_TCP_MSG, + MSG_TCP_NEW, + MSG_TCP_ILL, + MSG_TCP_SYNC, + MSG_TCP_RESET, + MSG_TCP_CNEW, + MSG_E_HTML, +#endif + + + MSG_E_AUTH, + MSG_ACCESS, + MSG_TRUST, + MSG_NOACCESS, + MSG_P_NODATA, + + +#ifndef MEM_DEBUG + MSG_E_MNULL, + MSG_E_MMEM, +#else + MSG_MSTAMP, + MSG_MSTAMP2, + MSG_E_MNULL, + MSG_E_MMEM, + MSG_E_MREC, + MSG_E_MOVER, + MSG_E_MUNDER, + MSG_E_NOTFREE, +#endif + + MSG_E_TRUST, + MSG_E_HASH, + MSG_E_ACCESS, + MSG_E_READ, + MSG_E_NOTREG, + MSG_E_TIMEOUT, + MSG_NODEV, + MSG_LOCKED, + MSG_PIDFILE, + MSG_NOEXEC, + MSG_ES_ENT, + MSG_ES_KEY1, + MSG_ES_KEY2, + MSG_E_GPG, + MSG_E_GPG_FP, + MSG_E_GPG_CHK, + MSG_E_SUBGEN, + MSG_E_SUBGPATH, + MSG_E_UNLNK, + MSG_E_REGEX, + MSG_E_OPENDIR, + MSG_E_TRUST1, + MSG_E_TRUST2, + MSG_E_PWNULL, + MSG_E_PWLONG, + MSG_E_GRNULL, + + MSG_E_NET, + MSG_E_NETST, + MSG_E_NETST1, + MSG_E_NLOST, + MSG_E_NEST, + + MSG_EINVALHEAD, + MSG_EINVALCONF, + MSG_EINVALS, + MSG_EINVALL, + MSG_EINVALD, + MSG_EINVALDD, + + MSG_SRV_FAIL, + MSG_QUEUE_FULL, + + MSG_AUD_OPEN, + MSG_AUD_DUP, + MSG_AUD_PIPE, + MSG_AUD_FORK, + MSG_AUD_EXIT, + MSG_AUD_SETUID, + MSG_AUD_SETGID, + MSG_AUD_UTIME, + MSG_AUD_EXEC, + MSG_AUD_CHDIR, + MSG_AUD_UNLINK, + MSG_AUD_KILL, + + MSG_ERR_OPEN, + MSG_ERR_DUP, + MSG_ERR_PIPE, + MSG_ERR_FORK, + MSG_ERR_SETUID, + MSG_ERR_SETGID, + MSG_ERR_UTIME, + MSG_ERR_EXEC, + MSG_ERR_CHDIR, + MSG_ERR_UNLINK, + MSG_ERR_KILL, + + MSG_ERR_SIGACT, + MSG_ERR_CONNECT, + MSG_ERR_ACCEPT, + MSG_ERR_LSTAT, + MSG_ERR_FSTAT, + MSG_ERR_STAT, + MSG_ERR_FCNTL +}; + +#endif Index: /tags/2.5.0/include/sh_database.h =================================================================== --- /tags/2.5.0/include/sh_database.h (revision 189) +++ /tags/2.5.0/include/sh_database.h (revision 189) @@ -0,0 +1,16 @@ +#ifndef SH_DATABASE_H +#define SH_DATABASE_H + +void sh_database_reset(void); +int sh_database_insert (char * message); + +int sh_database_use_persistent (const char * str); + +int sh_database_set_database (const char * str); +int sh_database_set_table (const char * str); +int sh_database_set_host (const char * str); +int sh_database_set_user (const char * str); +int sh_database_set_password (const char * str); +int sh_database_add_to_hash (const char * str); +int set_enter_wrapper (const char * str); +#endif Index: /tags/2.5.0/include/sh_entropy.h =================================================================== --- /tags/2.5.0/include/sh_entropy.h (revision 189) +++ /tags/2.5.0/include/sh_entropy.h (revision 189) @@ -0,0 +1,28 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#ifndef SH_ENTROPY_H +#define SH_ENTROPY_H + +/* Deliver nbytes Bytes of system entropy (= noise). + * Returns 0 on success, -1 on failure. + */ +int sh_entropy(int nbytes, char * nbuf); + +#endif Index: /tags/2.5.0/include/sh_error.h =================================================================== --- /tags/2.5.0/include/sh_error.h (revision 189) +++ /tags/2.5.0/include/sh_error.h (revision 189) @@ -0,0 +1,200 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + + +/* Public interface for error routines + */ +#ifndef SH_ERROR_H +#define SH_ERROR_H + +#include "sh_error_min.h" + + +enum { + SH_ERR_T_START = 0, + + /* 1-13 = SH_LEVEL_XXX */ + + SH_ERR_T_RO = SH_LEVEL_READONLY, + SH_ERR_T_LOGS = SH_LEVEL_LOGFILES, + SH_ERR_T_GLOG = SH_LEVEL_LOGGROW, + SH_ERR_T_NOIG = SH_LEVEL_NOIGNORE, + SH_ERR_T_ALLIG = SH_LEVEL_ALLIGNORE, + SH_ERR_T_ATTR = SH_LEVEL_ATTRIBUTES, + SH_ERR_T_USER0 = SH_LEVEL_USER0, + SH_ERR_T_USER1 = SH_LEVEL_USER1, + SH_ERR_T_USER2 = SH_LEVEL_USER2, + SH_ERR_T_USER3 = SH_LEVEL_USER3, + SH_ERR_T_USER4 = SH_LEVEL_USER4, + SH_ERR_T_PRELINK = SH_LEVEL_PRELINK, + + SH_ERR_T_DIR = 13, + SH_ERR_T_FILE = 14, + SH_ERR_T_NAME = 15, + + SH_ERR_T_END = 16 +}; + + +typedef struct _errFlags { + int debug; + int HaveLog; + + int loglevel; + int loglevel_temp; + int printlevel; + int maillevel; + int exportlevel; + int sysloglevel; + int externallevel; + int databaselevel; + + int log_class; + int print_class; + int mail_class; + int export_class; + int syslog_class; + int external_class; + int database_class; + + /* HAVE_LIBPRELUDE */ + int preludelevel; + int prelude_class; + +} blurb_errFlags; + +extern int ShDFLevel[SH_ERR_T_END]; + +/* set mask for message class + */ +int sh_error_log_mask (const char * c); +int sh_error_print_mask (const char * c); +int sh_error_mail_mask (const char * c); +int sh_error_export_mask (const char * c); +int sh_error_syslog_mask (const char * c); +int sh_error_external_mask (const char * c); +int sh_error_database_mask (const char * c); +int sh_error_prelude_mask (const char * c); + + +int sh_error_verify (const char * s); +int sh_error_logverify_mod (const char * s); /* just list, don't verify */ +int sh_error_logverify (const char * s); + +void sh_error_dbg_switch(void); + +#ifdef SH_WITH_SERVER +void sh_error_set_peer(const char * str); +int set_flag_sep_log (const char * str); +#endif + +/* init or re-init log facilities that need it + */ +void sh_error_fixup(void); + +/* convert a string to a numeric priority + */ +int sh_error_convert_level (const char * str_s); + +/* only to stderr (GOOD/BAD) + */ +void sh_error_only_stderr (int flag); + +/* facilities unsafe for closeall() + */ +void sh_error_enable_unsafe (int flag); + +/* set syslog facility + */ +int sh_log_set_facility (const char * c); + +/* define message header + */ +int sh_error_ehead (/*@null@*/const char * s); + +/* set level for error logging + */ +int sh_error_setlog(const char * str_s); + +/* set severity levels + */ +int sh_error_set_iv (int iv, const char * severity_s); + +/* set priorities + */ +int sh_error_set_level(const char * str_s, int *facility); + +/* set level for TCP export + */ +int sh_error_setexport(const char * str_s); + +/* set level for syslog + */ +int sh_error_set_syslog (const char * flag_s); + +/* set level for printing + */ +int sh_error_setprint(const char * flag_s); + +/* set severity for external + */ +int sh_error_set_external (const char * str_s); + +/* set severity for external + */ +int sh_error_set_database (const char * str_s); + +/* set severity for external + */ +int sh_error_set_prelude (const char * str_s); + + +/* set level for mailing + */ +int sh_error_setseverity (const char * flag); + +/* set debug level + */ +int sh_error_setdebug (char * debug_s); + +/* error messages + */ +/*@owned@*/char * sh_error_message (int tellme, char * str, size_t len); + +/* switch on/off log to file temporarily + */ +void sh_error_logoff(void); +void sh_error_logrestore(void); + +/* (re)set the console device(s) + */ +int sh_log_set_console (const char * address); +void reset_count_dev_console(void); + +#ifdef WITH_MESSAGE_QUEUE +/* close the message queue + */ +void close_ipc (void); + +/* enable message queue + */ +int enable_msgq(const char * foo); +#endif + +#endif Index: /tags/2.5.0/include/sh_error_min.h =================================================================== --- /tags/2.5.0/include/sh_error_min.h (revision 189) +++ /tags/2.5.0/include/sh_error_min.h (revision 189) @@ -0,0 +1,27 @@ +#ifndef SH_ERROR_MIN_H +#define SH_ERROR_MIN_H + +/* Level of severity + */ +typedef enum { + + SH_ERR_ALL = (1 << 0), /* debug */ + SH_ERR_INFO = (1 << 1), /* info */ + SH_ERR_NOTICE = (1 << 2), /* notice */ + SH_ERR_WARN = (1 << 3), /* warning */ + SH_ERR_STAMP = (1 << 4), /* mark */ + SH_ERR_ERR = (1 << 5), /* error */ + SH_ERR_SEVERE = (1 << 6), /* crit */ + SH_ERR_FATAL = (1 << 7), /* alert */ + + SH_ERR_NOT = (1 << 8), + SH_ERR_INET = (1 << 9), + SH_ERR_MAX = (1 << 9) + } ShErrLevel; + +/* this function should be called to report an error + */ +void sh_error_handle (int flag, const char * file, long line, + long errnum, unsigned long msg_index, ...); + +#endif Index: /tags/2.5.0/include/sh_extern.h =================================================================== --- /tags/2.5.0/include/sh_extern.h (revision 189) +++ /tags/2.5.0/include/sh_extern.h (revision 189) @@ -0,0 +1,144 @@ +#ifndef SH_EXTERN_H +#define SH_EXTERN_H + +typedef struct +{ + char * command; + int argc; + char * argv[32]; + int envc; + char * envv[32]; + char checksum[KEY_LEN + 1]; +#if 0 + uid_t trusted_users[32]; +#endif + uid_t run_user_uid; + gid_t run_user_gid; + int privileged; + + int pipeFD; + SL_TICKET pipeTI; + pid_t pid; + FILE * pipe; + char rw; + int exit_status; + int fork_twice; + + int com_fd; + SL_TICKET com_ti; + +} sh_tas_t; + + +/* + * -- generic safe popen; returns 0 on success, -1 otherwise + */ +int sh_ext_popen (sh_tas_t * task); + +/* + * -- close the pipe, clear and return task->exit_status + */ +int sh_ext_pclose (sh_tas_t * task); + +/* + * -- add CL argument, return # of arguments + */ +int sh_ext_tas_add_argv(sh_tas_t * tas, const char * val); +/* + * -- remove last CL argument + */ +int sh_ext_tas_rm_argv(sh_tas_t * tas); +/* + * -- add environment variable, return # of variables + */ +int sh_ext_tas_add_envv(sh_tas_t * tas, const char * key, const char * val); +/* + * -- set command + */ +void sh_ext_tas_command(sh_tas_t * tas, const char * command); +/* + * -- initialize task structure + */ +void sh_ext_tas_init (sh_tas_t * tas); +/* + * -- free task structure + */ +void sh_ext_tas_free(sh_tas_t * tas); + + +#if defined(WITH_EXTERNAL) + +/* + * -- start a new external command, and add it to the list + */ +int sh_ext_setcommand(const char * cmd); + +/* + * -- explicitely close a command + */ +int sh_ext_close_command (const char * str); + +/* + * -- clean up the command list + */ +int sh_ext_cleanup(void); + +/* + * -- set deadtime + */ +int sh_ext_deadtime (const char * str); + +/* + * -- add keywords to the OR filter + */ +int sh_ext_add_or (const char * str); + +/* + * -- add keywords to the AND filter + */ +int sh_ext_add_and (const char * str); + +/* + * -- add keywords to the NOT filter + */ +int sh_ext_add_not (const char * str); + +/* + * -- add keywords to the CL argument list + */ +int sh_ext_add_argv (const char * str); + +/* + * -- add a path to the environment + */ +int sh_ext_add_default (const char * str); + +/* + * -- add an environment variable + */ +int sh_ext_add_environ (const char * str); + +/* + * -- define type + */ +int sh_ext_type (const char * str); + +/* + * -- define checksum + */ +int sh_ext_checksum (const char * str); + +/* + * -- choose privileges + */ +int sh_ext_priv (const char * c); + +/* + * -- execute external script/program + */ +int sh_ext_execute (char t1, char t2, char t3, /*@null@*/char * message, + size_t msg_siz); + +#endif + +#endif Index: /tags/2.5.0/include/sh_fifo.h =================================================================== --- /tags/2.5.0/include/sh_fifo.h (revision 189) +++ /tags/2.5.0/include/sh_fifo.h (revision 189) @@ -0,0 +1,64 @@ + +#ifndef SH_FIFO_H +#define SH_FIFO_H + +/***************************************************** + * + * the maximum number of entries the fifo will hold + * - additional entries are simply not accepted - + * + *****************************************************/ + +#define SH_FIFO_MAX 128 + +/***************************************************** + * + * the type definitions for the fifo + * + *****************************************************/ + +struct dlist { + struct dlist * next; + char * data; + struct dlist * prev; +}; + +typedef struct fifo_str { + struct dlist * head_ptr; + struct dlist * tail_ptr; + int fifo_cts; +} SH_FIFO; + +/***************************************************** + * + * fifo functions + * + *****************************************************/ + +/* Initialize the list. + * + */ +#define fifo_init(fifo_p) { fifo_p->fifo_cts = 0; fifo_p->head_ptr = NULL; \ + fifo_p->tail_ptr = NULL; } + + +/* Push an item on the head of the list. + * + * Returns: -1 if the list is full, 0 on success + */ +int push_list (SH_FIFO * fifo, char * indat); + +/* Push an item on the tail of the list. + * + * Returns: -1 if the list is full, 0 on success + */ +int push_tail_list (SH_FIFO * fifo, char * indat); + +/* pop an item from the tail of the list + * + * Returns: NULL if the list is empty, + * freshly allocated memory on success (should be free'd by caller) + */ +char * pop_list (SH_FIFO * fifo); + +#endif Index: /tags/2.5.0/include/sh_files.h =================================================================== --- /tags/2.5.0/include/sh_files.h (revision 189) +++ /tags/2.5.0/include/sh_files.h (revision 189) @@ -0,0 +1,213 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999, 2000 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#ifndef SH_FILES_H +#define SH_FILES_H + +struct sh_dirent { + char * sh_d_name; + struct sh_dirent * next; +}; + +/* free a directory listing + */ +void kill_sh_dirlist (struct sh_dirent * dirlist); + +#ifdef NEED_ADD_DIRENT +/* add an entry to a directory listing + */ +struct sh_dirent * addto_sh_dirlist (struct dirent * thisEntry, + struct sh_dirent * dirlist); +#endif + +/* register exceptions to hardlink check + */ +int sh_files_hle_reg (const char * str); + +/* check the setup + */ +int sh_files_test_setup (void); + +/* check if allignore + */ +int sh_files_is_allignore (char * str); + +/* activate hardlink check + */ +int sh_files_check_hardlinks (const char * opt); + +/* set recursion depth + */ +int sh_files_setrec (void); + +/* report only once + */ +int sh_files_reportonce(const char * c); + +/* report full details + */ +int sh_files_fulldetail(const char * c); + +/* reset the 'checked' flag + */ +void sh_dirs_reset(void); + +/* reset the 'checked' flag + */ +void sh_files_reset(void); + +/* set maximum recursion level + */ +int sh_files_setrecursion (const char * flag_s); + +/* select a directory stack 2=Two, else One (standard) + */ +int set_dirList (int which); + +/* push a directory on the stack USER0 + */ +int sh_files_pushdir_user0 (const char * dirName); + +/* push a directory on the stack USER1 + */ +int sh_files_pushdir_user1 (const char * dirName); + +/* push a directory on the stack USER2 + */ +int sh_files_pushdir_user2 (const char * dirName); + +/* push a directory on the stack USER3 + */ +int sh_files_pushdir_user3 (const char * dirName); + +/* push a directory on the stack USER4 + */ +int sh_files_pushdir_user4 (const char * dirName); + +/* push a directory on the stack PRELINK + */ +int sh_files_pushdir_prelink (const char * dirName); + +/* push a directory on the stack ATTR + */ +int sh_files_pushdir_attr (const char * dirName); + +/* push a directory on the stack READONLY + */ +int sh_files_pushdir_ro (const char * dirName); + +/* push a directory on the stack LOGFILE + */ +int sh_files_pushdir_log (const char * dirName); + +/* push a directory on the stack GROWING LOGFILE + */ +int sh_files_pushdir_glog (const char * dirName); + +/* push a directory on the stack IGNORE NONE + */ +int sh_files_pushdir_noig (const char * dirName); + +/* push a directory on the stack IGNORE ALL + */ +int sh_files_pushdir_allig (const char * dirName); + + +/* push a file on the stack USER0 + */ +int sh_files_pushfile_user0 (const char * dirName); + +/* push a file on the stack USER1 + */ +int sh_files_pushfile_user1 (const char * dirName); + +/* push a file on the stack USER2 + */ +int sh_files_pushfile_user2 (const char * dirName); + +/* push a file on the stack USER3 + */ +int sh_files_pushfile_user3 (const char * dirName); + +/* push a file on the stack USER4 + */ +int sh_files_pushfile_user4 (const char * dirName); + +/* push a file on the stack PRELINK + */ +int sh_files_pushfile_prelink (const char * dirName); + +/* push a file on the stack ATTR + */ +int sh_files_pushfile_attr (const char * dirName); + +/* push a file on the stack READONLY + */ +int sh_files_pushfile_ro (const char * dirName); + +/* push a file on the stack LOGFILE + */ +int sh_files_pushfile_log (const char * dirName); + +/* push a file on the stack GROWING LOGFILE + */ +int sh_files_pushfile_glog (const char * dirName); + +/* push a file on the stack IGNORE NONE + */ +int sh_files_pushfile_noig (const char * dirName); + +/* push a file on the stack IGNORE ALL + */ +int sh_files_pushfile_allig (const char * dirName); + + +/* check directories on the stack + */ +unsigned long sh_dirs_chk (int which); + +/* check files on the stack + */ +unsigned long sh_files_chk (void); + +int sh_files_deldirstack (void); + +int sh_files_delfilestack (void); + +/* redefine policies + */ +int sh_files_redef_user0(const char * str); +int sh_files_redef_user1(const char * str); +int sh_files_redef_user2(const char * str); +int sh_files_redef_user3(const char * str); +int sh_files_redef_user4(const char * str); +int sh_files_redef_prelink(const char * str); +int sh_files_redef_readonly(const char * str); +int sh_files_redef_loggrow(const char * str); +int sh_files_redef_logfiles(const char * str); +int sh_files_redef_attributes(const char * str); +int sh_files_redef_noignore(const char * str); +int sh_files_redef_allignore(const char * str); + + +#endif + + + + Index: /tags/2.5.0/include/sh_forward.h =================================================================== --- /tags/2.5.0/include/sh_forward.h (revision 189) +++ /tags/2.5.0/include/sh_forward.h (revision 189) @@ -0,0 +1,117 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#ifndef SH_FORWARD_H +#define SH_FORWARD_H + +#ifndef SH_STANDALONE +int sh_forward_set_strip (const char * str); + +#endif + +/* generate a random password + */ +int sh_forward_create_password (const char * dummy); + +/* set time limit + */ +int sh_forward_set_time_limit(const char * str); + +/* error level for lookup failure + */ +int sh_forward_lookup_level (const char * c); + +/* create client entry for given password + */ +int sh_forward_make_client (const char * str); + +/* set port to which we connect + */ +int sh_forward_server_port (const char * str); + +#ifdef SH_WITH_SERVER + +#ifdef INET_SYSLOG +int set_syslog_active(const char * c); +#endif + +/* create socket and start listening + */ +void create_server_tcp_socket (void); + +/* whether to use client address as known to the communication layer + * and set by accept() + */ +int set_socket_peer (const char * c); + +/* whether to use client severity + */ +int sh_forward_use_clt_sev (const char * c); + +/* whether to use client class + */ +int sh_forward_use_clt_class (const char * c); + +/* server port + */ +int sh_forward_set_port(const char * c); + +/* server interface + */ +int sh_forward_set_interface(const char * c); + +/* a wrapper function + */ +void sh_forward_html_write(void); + +/* register a client + */ +int sh_forward_register_client (const char * str); + +/* start server + */ +void sh_receive(void); + +/* free() everything + */ +void sh_forward_free_all (void); + +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) +/* talk to server + */ +long sh_forward (char * errmsg); + +/* set log server + */ +int sh_forward_setlogserver (const char * address); +void reset_count_dev_server(void); +#endif + +#ifdef SH_WITH_CLIENT + +/* request file from server. file may be "CONF" or "DATA". + */ +long sh_forward_req_file (char * file); + +#endif + +#endif + Index: /tags/2.5.0/include/sh_getopt.h =================================================================== --- /tags/2.5.0/include/sh_getopt.h (revision 189) +++ /tags/2.5.0/include/sh_getopt.h (revision 189) @@ -0,0 +1,33 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#ifndef SH_GETOPT_H +#define SH_GETOPT_H + + +int sh_getopt_get (int argc, char * argv[]); + +#endif + + + + + + + Index: /tags/2.5.0/include/sh_gpg.h =================================================================== --- /tags/2.5.0/include/sh_gpg.h (revision 189) +++ /tags/2.5.0/include/sh_gpg.h (revision 189) @@ -0,0 +1,50 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#if (defined(WITH_GPG) || defined(WITH_PGP)) + +#ifndef SH_GPG_H +#define SH_GPG_H +/* this function exits if configuration file + * and/or database cannot be verified; otherwise returns 0 + */ +int sh_gpg_check_sign (long file_1, long file_2, int what); + +/* log successful startup + */ +void sh_gpg_log_startup (void); + +#endif + +/* #ifdef WITH_GPG */ +#endif + + + + + + + + + + + + + + Index: /tags/2.5.0/include/sh_gpg_chksum.h =================================================================== --- /tags/2.5.0/include/sh_gpg_chksum.h (revision 189) +++ /tags/2.5.0/include/sh_gpg_chksum.h (revision 189) @@ -0,0 +1,53 @@ +#ifndef CHKSUM_H +#define CHKSUM_H +char gpgchk[50]; +gpgchk[0] = '4'; +gpgchk[1] = '0'; +gpgchk[2] = '7'; +gpgchk[3] = '8'; +gpgchk[4] = '4'; +gpgchk[5] = '6'; +gpgchk[6] = '0'; +gpgchk[7] = '1'; +gpgchk[8] = '7'; +gpgchk[9] = '5'; +gpgchk[10] = 'D'; +gpgchk[11] = '0'; +gpgchk[12] = '1'; +gpgchk[13] = 'B'; +gpgchk[14] = '4'; +gpgchk[15] = '4'; +gpgchk[16] = 'B'; +gpgchk[17] = '5'; +gpgchk[18] = 'E'; +gpgchk[19] = '3'; +gpgchk[20] = 'A'; +gpgchk[21] = '4'; +gpgchk[22] = '0'; +gpgchk[23] = 'E'; +gpgchk[24] = '4'; +gpgchk[25] = '4'; +gpgchk[26] = '0'; +gpgchk[27] = '1'; +gpgchk[28] = '6'; +gpgchk[29] = '3'; +gpgchk[30] = '3'; +gpgchk[31] = '3'; +gpgchk[32] = 'C'; +gpgchk[33] = 'F'; +gpgchk[34] = '3'; +gpgchk[35] = 'C'; +gpgchk[36] = '5'; +gpgchk[37] = '6'; +gpgchk[38] = 'A'; +gpgchk[39] = '7'; +gpgchk[40] = 'A'; +gpgchk[41] = 'B'; +gpgchk[42] = 'D'; +gpgchk[43] = '9'; +gpgchk[44] = '1'; +gpgchk[45] = '9'; +gpgchk[46] = '6'; +gpgchk[47] = '6'; +gpgchk[48] = '\0'; +#endif Index: /tags/2.5.0/include/sh_hash.h =================================================================== --- /tags/2.5.0/include/sh_hash.h (revision 189) +++ /tags/2.5.0/include/sh_hash.h (revision 189) @@ -0,0 +1,148 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + + +#ifndef SH_HASH_H +#define SH_HASH_H + +#include + +#include "samhain.h" +#include "sh_unix.h" +#include "sh_error.h" + +/* format a uint64 + */ +char * sh_hash_size_format(void); + +/* report on a missing file + */ +int hashreport_missing( char *fullpath, int level); + +/* write database to stdout + */ +int sh_hash_pushdata_stdout (const char * str); + +/* version string for database + */ +int sh_hash_version_string(const char * str); + +/* List database content + */ +int sh_hash_list_db (const char * db_file); + +/* List database content for a single file + */ +int set_list_file (const char * c); + +/* List database content with full detail + */ +int set_full_detail (const char * c); + +/* List database content with full detail, comma delimited + */ +int set_list_delimited (const char * c); + +/* Read the database from disk. + */ +void sh_hash_init (void); + +/* Check whether a file is present in the database. + */ +int sh_hash_have_it (char * newname); + +/* Get a file if it is present in the database. + */ +int sh_hash_get_it (char * newname, file_type * tmpFile); + +/* Delete the database from memory. + */ +void sh_hash_hashdelete (void); + +/* Insert a file into the database. + */ +void sh_hash_pushdata (file_type * buf, char * fileHash); + +/* reset sh_hash_pushdata to use 'update' in daemon mode + */ +void sh_hash_pushdata_reset (void); + +/* Insert a file into the in-memory database. + */ +void sh_hash_pushdata_memory (file_type * theFile, char * fileHash); + +/* Get file flags from in-memory database + */ +int sh_hash_getflags (char * filename); + +/* Set file flags in in-memory database + */ +int sh_hash_setflags (char * filename, int flags); + +/* Set a file flag in in-memory database + */ +void sh_hash_addflag (char * filename, int flag); + +/* Compare a file with its status in the database. + */ +int sh_hash_compdata (int class, file_type * theFile, char * fileHash, + char * policy_override, int severity_override); + +/* Search for files in the database that have been deleted from disk. + */ +void sh_hash_unvisited (ShErrLevel level); + +/* Set a file's status to 'visited'. This is required for + * files that should be ignored, and may be present in the + * database, but not on disk. + */ +int sh_hash_set_visited (char * newname); + +/* As above, but only set the 'visited' flag + */ +int sh_hash_set_visited_true (char * newname); + +/* cause the record to be deleted without a 'missing' message + */ +int sh_hash_set_missing (char * newname); + +/* Make a complete directory tree invisible + */ +int hash_remove_tree (char * s); + +/* Make every entry visible + */ +int hash_full_tree (void); + +/* Insert data + */ +void sh_hash_push2db (char * key, unsigned long val1, + unsigned long val2, unsigned long val3, + unsigned char * str, int size); + +/* Retrieve data + */ +char * sh_hash_db2pop (char * key, unsigned long * val1, + unsigned long * val2, unsigned long * val3, + int * size); + +/* Write out database + */ +int sh_hash_writeout(void); +#endif Index: /tags/2.5.0/include/sh_html.h =================================================================== --- /tags/2.5.0/include/sh_html.h (revision 189) +++ /tags/2.5.0/include/sh_html.h (revision 189) @@ -0,0 +1,82 @@ +#ifndef SH_HTML_H +#define SH_HTML_H + +#ifdef SH_WITH_SERVER + + +#define CLT_INACTIVE 0 +#define CLT_STARTED 1 +#define CLT_ILLEGAL 2 +#define CLT_FAILED 3 +#define CLT_EXITED 4 +#define CLT_PANIC 5 +#define CLT_POLICY 6 +#define CLT_FILE 7 +#define CLT_MSG 8 +#define CLT_TOOLONG 9 +#define CLT_SUSPEND 10 +#define CLT_CHECK 11 +#define CLT_MAX 12 + +/************************ +char * clt_stat[] = { + N_("Inactive"), + N_("Started"), + N_("ILLEGAL"), + N_("FAILED"), + N_("Exited"), + N_("PANIC"), + N_("POLICY"), + N_("File transfer"), + N_("Message"), + N_("TIMEOUT_EXCEEDED"), +}; +**************************/ + +extern char * clt_stat[]; + +#ifdef SH_ENCRYPT +#include "rijndael-api-fst.h" +#endif + +/* --- client status --- + */ +typedef struct client_entry { + char * hostname; + char * salt; + char * verifier; + char session_key[KEY_LEN+1]; + time_t session_key_timer; + time_t last_connect; + int exit_flag; + int dead_flag; + int encf_flag; + int ency_flag; + int status_now; + int status_arr[CLT_MAX]; + char timestamp[CLT_MAX][TIM_MAX]; +#ifdef SH_ENCRYPT + keyInstance keyInstE; + keyInstance keyInstD; +#endif +} client_t; + +/* --- server status --- + */ +typedef struct _s_stat { + time_t start; + time_t last; + int conn_open; + int conn_max; + long conn_total; +} s_stat; + +extern s_stat server_status; + +/* write html report. Expects (client_t *) inptr. + */ +int sh_html_write(void * inptr); + +#endif + +#endif Index: /tags/2.5.0/include/sh_ignore.h =================================================================== --- /tags/2.5.0/include/sh_ignore.h (revision 189) +++ /tags/2.5.0/include/sh_ignore.h (revision 189) @@ -0,0 +1,12 @@ +#ifndef SH_IGNORE_H +#define SH_IGNORE_H + +int sh_ignore_add_del (const char * addpath); +int sh_ignore_add_new (const char * addpath); + +int sh_ignore_chk_del (const char * chkpath); +int sh_ignore_chk_new (const char * chkpath); + +int sh_ignore_clean (void); + +#endif Index: /tags/2.5.0/include/sh_kern.h =================================================================== --- /tags/2.5.0/include/sh_kern.h (revision 189) +++ /tags/2.5.0/include/sh_kern.h (revision 189) @@ -0,0 +1,28 @@ + +#ifndef SH_KERN_H +#define SH_KERN_H + +#include "sh_modules.h" + +#ifdef SH_USE_KERN +int sh_kern_init (struct mod_type * arg); +int sh_kern_timer (time_t tcurrent); +int sh_kern_check (void); +int sh_kern_end (void); +int sh_kern_null (void); + +int sh_kern_set_activate (const char * c); +int sh_kern_set_severity (const char * c); +int sh_kern_set_timer (const char * c); +int sh_kern_set_idt (const char * c); +int sh_kern_set_sct_addr (const char * c); +int sh_kern_set_sc_addr (const char * c); +int sh_kern_set_proc_root (const char * c); +int sh_kern_set_proc_root_lookup (const char * c); +int sh_kern_set_proc_root_iops (const char * c); + +extern sh_rconf sh_kern_table[]; +#endif + +/* #ifndef SH_UTMP_H */ +#endif Index: /tags/2.5.0/include/sh_ks.h =================================================================== --- /tags/2.5.0/include/sh_ks.h (revision 189) +++ /tags/2.5.0/include/sh_ks.h (revision 189) @@ -0,0 +1,11 @@ +#ifndef SH_KERN_CALLS_H +#define SH_KERN_CALLS_H + +/* Dummy header. */ + +typedef struct _sh_syscall_t { + unsigned long addr; + char * name; +} sh_syscall_t; + +#endif Index: /tags/2.5.0/include/sh_ks_xor.h =================================================================== --- /tags/2.5.0/include/sh_ks_xor.h (revision 189) +++ /tags/2.5.0/include/sh_ks_xor.h (revision 189) @@ -0,0 +1,11 @@ +#ifndef SH_KERN_CALLS_H +#define SH_KERN_CALLS_H + +/* Dummy header. */ + +typedef struct _sh_syscall_t { + unsigned long addr; + char * name; +} sh_syscall_t; + +#endif Index: /tags/2.5.0/include/sh_log_check.h =================================================================== --- /tags/2.5.0/include/sh_log_check.h (revision 189) +++ /tags/2.5.0/include/sh_log_check.h (revision 189) @@ -0,0 +1,117 @@ +#ifndef SH_LOGCHECK_H +#define SH_LOGCHECK_H + +#include +#include + +/* Convert a struct tm to unix timestamp with caching + */ +time_t conv_timestamp (struct tm * btime, + struct tm * old_tm, time_t * old_time); + +/* Definition of a log record entry, to be returned from parsing function. + */ +#define PID_INVALID 0 +struct sh_logrecord +{ + char * filename; + sh_string * host; + sh_string * timestr; + pid_t pid; + time_t timestamp; + sh_string * message; +}; + +#define SH_LOGFILE_MOVED (1<<0) +#define SH_LOGFILE_REWIND (1<<1) + +struct sh_logfile +{ + FILE * fp; + int flags; + char * filename; + dev_t device_id; + ino_t inode; + fpos_t offset; + + /* Info for the parser, e.g. a regular expression + */ + void * fileinfo; + + /* Callback function to read the next record + */ + sh_string * (*get_record) (sh_string * record, + struct sh_logfile * logfile); + + /* Callback function to parse the record into standard format + */ + struct sh_logrecord * (*parse_record)(sh_string * logline, void * fileinfo); + + struct sh_logfile * next; +}; + +/**************************************************************** + ** + ** Parsing and reading functions + **/ + +/* Open file, position at stored offset. */ +int sh_open_for_reader (struct sh_logfile * logfile); + +/* Simple line reader. */ +sh_string * sh_default_reader (sh_string * record, + struct sh_logfile * logfile); + +/* Continued line reader. */ +sh_string * sh_cont_reader (sh_string * record, + struct sh_logfile * logfile, char * cont); + +/* Binary reader */ +sh_string * sh_binary_reader (void * s, size_t size, struct sh_logfile * logfile); + +/* Parses a syslog-style line. */ +struct sh_logrecord * sh_parse_syslog (sh_string * logline, void * fileinfo); + +/* Format info for apache log. */ +void * sh_eval_fileinfo_apache(char * str); + +/* Parses a apache-style line. */ +struct sh_logrecord * sh_parse_apache (sh_string * logline, void * fileinfo); + +/* Get a pacct record */ +sh_string * sh_read_pacct (sh_string * record, struct sh_logfile * logfile); + +/* Parses a pacct record. */ +struct sh_logrecord * sh_parse_pacct (sh_string * logline, void * fileinfo); + +/* Get a samba record */ +sh_string * sh_read_samba (sh_string * record, struct sh_logfile * logfile); + +/* Parses a samba record. */ +struct sh_logrecord * sh_parse_samba (sh_string * logline, void * fileinfo); + + +/** +*****************************************************************/ + +int sh_get_hidepid(); +int sh_set_hidepid(const char *s); + +#define SH_MAX_LCODE_SIZE 16 + +struct sh_logfile_type +{ + char code[SH_MAX_LCODE_SIZE]; + + /* read callback */ + /*@null@*/sh_string * (*get_record) (sh_string * record, + struct sh_logfile * logfile); + /* parsing callback */ + struct sh_logrecord * (*parse_record)(sh_string * logline, void * fileinfo); + + /* evaluate fileinfo */ + void * (*eval_fileinfo)(char * str); +}; + + +#endif Index: /tags/2.5.0/include/sh_log_evalrule.h =================================================================== --- /tags/2.5.0/include/sh_log_evalrule.h (revision 189) +++ /tags/2.5.0/include/sh_log_evalrule.h (revision 189) @@ -0,0 +1,38 @@ +#ifndef SH_EVALRULE_H +#define SH_EVALRULE_H + +/* Clean up everything. + */ +void sh_eval_cleanup(); + +/* Define a new reporting queue, str := label:interval:(report|sum):severity + */ +int sh_eval_qadd (const char * str); + +/* Add a new rule, str := queue:regex + * If there is an open group, add it to its rules. + * ..else, add it to the currently open host (open the + * default host, if there is no open one) + */ +int sh_eval_radd (const char * str); + +/* Open a new host group definition. + */ +int sh_eval_hadd (const char * str); +/* + * End the host definition + */ +int sh_eval_hend (const char * str); + + +/* Open a new group definition. If a host is currently open, + * the new group will automatically be added to that host. + */ +int sh_eval_gadd (const char * str); +/* + * End the group definition + */ +int sh_eval_gend (const char * str); + +int sh_eval_process_msg(struct sh_logrecord * record); +#endif Index: /tags/2.5.0/include/sh_logmon.h =================================================================== --- /tags/2.5.0/include/sh_logmon.h (revision 189) +++ /tags/2.5.0/include/sh_logmon.h (revision 189) @@ -0,0 +1,12 @@ +#ifndef SH_LOGMON_H +#define SH_LOGMON_H + +extern sh_rconf sh_log_check_table[]; + +int sh_log_check_init (struct mod_type * arg); +int sh_log_check_timer(time_t tcurrent); +int sh_log_check_check(void); +int sh_log_check_reconf(void); +int sh_log_check_cleanup(void); + +#endif Index: /tags/2.5.0/include/sh_mail.h =================================================================== --- /tags/2.5.0/include/sh_mail.h (revision 189) +++ /tags/2.5.0/include/sh_mail.h (revision 189) @@ -0,0 +1,68 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#ifndef SH_MAIL_H +#define SH_MAIL_H + +#define MAIL_IMMEDIATE 1 +#define MAIL_LATER 0 + +/* set a relay server + */ +int sh_mail_set_relay (const char * str_s); + +/* send to all recpts. in one mail + */ +int sh_mail_setFlag (const char * str); + +/* set the subject string + */ +int set_mail_subject (const char * str); + +/* test mailbox + */ +int sh_mail_sigverify (const char * s); + +/* maximum number of mail attempts + */ +#define SH_MAX_FAIL 48 + +int sh_mail_setNum (const char * str); + +int sh_mail_setaddress (const char * address); +void reset_count_dev_mail(void); +int sh_mail_setaddress_int (const char * address); + +/* call if not urgent + */ +int sh_mail_pushstack (/*@null@*/char * msg); + +/* call if mail immediate + */ +int sh_mail_msg (/*@null@*/char * message); + +/* set sender of mail + */ +int sh_mail_set_sender (const char *str); + +int sh_mail_add_or (const char * str); +int sh_mail_add_and (const char * str); +int sh_mail_add_not (const char * str); + +#endif Index: /tags/2.5.0/include/sh_mem.h =================================================================== --- /tags/2.5.0/include/sh_mem.h (revision 189) +++ /tags/2.5.0/include/sh_mem.h (revision 189) @@ -0,0 +1,57 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + + +#ifndef SH_MEM_H +#define SH_MEM_H + + +#ifdef MEM_DEBUG + +void sh_mem_openf (char * file, int fd); +void sh_mem_closef (int fd); +void sh_mem_check (void); +void sh_mem_dump (void); +void sh_mem_free (void * a, char * file, int line); +void * sh_mem_malloc (size_t size, char * file, int line); +void sh_mem_stat (void); + +#define SH_FREE(a) sh_mem_free((a), FIL__, __LINE__) +#define SH_ALLOC(a) sh_mem_malloc((a), FIL__, __LINE__) + +#else + +#if defined(__GNUC__) && (__GNUC__ >= 3) +#undef SH_GNUC_MALLOC +#define SH_GNUC_MALLOC __attribute__((malloc)) +#else +#undef SH_GNUC_MALLOC +#define SH_GNUC_MALLOC +#endif + +void sh_mem_free (/*@only@*//*@out@*//*@null@*/ void * a); +/*@only@*//*@notnull@*/void * sh_mem_malloc (size_t size) SH_GNUC_MALLOC; + +#define SH_FREE(a) sh_mem_free(a) +#define SH_ALLOC(a) sh_mem_malloc(a) + +#endif + +/* #ifndef SH_MEM_H */ +#endif Index: /tags/2.5.0/include/sh_modules.h =================================================================== --- /tags/2.5.0/include/sh_modules.h (revision 189) +++ /tags/2.5.0/include/sh_modules.h (revision 189) @@ -0,0 +1,51 @@ + +#ifndef SH_MODULE_H +#define SH_MODULE_H + +#include "sh_pthread.h" + +typedef struct rconf +{ + char * the_opt; + int (*func)(const char * opt); +} sh_rconf; + +typedef struct mod_type +{ + /* The name of the module */ + char * name; + + /* Set by samhain to 1 on successful initialization, else 0 */ + int initval; + + /* The initialization function. Return 0 on success. */ + int (* mod_init) (struct mod_type * arg); + + /* The timer function. Return 0 if NOT time to check. */ + int (* mod_timer) (time_t tcurrent); + + /* The check function. Return 0 on success. */ + int (* mod_check) (void); + + /* The cleanup function. Return 0 on success. */ + int (* mod_cleanup) (void); + + /* The preparation for reconfiguration. Return 0 on success. */ + int (* mod_reconf) (void); + + /* Section header in config file */ + char * conf_section; + + /* A table of key/handler_function for config file entries */ + sh_rconf * conf_table; + + SH_MUTEX(mod_mutex); + +} sh_mtype; + + +extern sh_mtype modList[]; + + +/* #ifndef SH_MODULE_H */ +#endif Index: /tags/2.5.0/include/sh_mounts.h =================================================================== --- /tags/2.5.0/include/sh_mounts.h (revision 189) +++ /tags/2.5.0/include/sh_mounts.h (revision 189) @@ -0,0 +1,23 @@ +/* + * File: sh_mounts.h + * Desc: A module for Samhain; checks for mounts present and options on them. + * Auth: Cian Synnott + */ + +#ifndef SH_MOUNTS_H +#define SH_MOUNTS_H + +#include "sh_modules.h" + +#ifdef SH_USE_MOUNTS +int sh_mounts_init (struct mod_type * arg); +int sh_mounts_timer (time_t tcurrent); +int sh_mounts_check (void); +int sh_mounts_cleanup (void); +int sh_mounts_reconf (void); + +extern sh_rconf sh_mounts_table[]; +#endif + +/* #ifndef SH_MOUNTS_H */ +#endif Index: /tags/2.5.0/include/sh_portcheck.h =================================================================== --- /tags/2.5.0/include/sh_portcheck.h (revision 189) +++ /tags/2.5.0/include/sh_portcheck.h (revision 189) @@ -0,0 +1,13 @@ + +#ifndef SH_PORTCHECK_H +#define SH_PORTCHECK_H + +int sh_portchk_init(struct mod_type * arg); +int sh_portchk_timer(time_t tcurrent); +int sh_portchk_check(void); +int sh_portchk_reconf(void); +int sh_portchk_cleanup(void); + +extern sh_rconf sh_portchk_table[]; + +#endif Index: /tags/2.5.0/include/sh_prelink.h =================================================================== --- /tags/2.5.0/include/sh_prelink.h (revision 189) +++ /tags/2.5.0/include/sh_prelink.h (revision 189) @@ -0,0 +1,18 @@ +#ifndef SH_PRELINK_H +#define SH_PRELINK_H + +/* path: full path to file; + * file_hash: allocated storage for checksum; + * alert_timeout: timeout for read + */ +int sh_prelink_run (char * path, char * file_hash, int alert_timeout); + +/* return S_TRUE if ELF file, S_FALSE otherwise + */ +int sh_prelink_iself (SL_TICKET fd, off_t size, int alert_timeout, char * path); + +/* configuration + */ +int sh_prelink_set_path (const char * str); +int sh_prelink_set_hash (const char * str); +#endif Index: /tags/2.5.0/include/sh_prelude.h =================================================================== --- /tags/2.5.0/include/sh_prelude.h (revision 189) +++ /tags/2.5.0/include/sh_prelude.h (revision 189) @@ -0,0 +1,20 @@ +#ifndef SH_PRELUDE_H +#define SH_PRELUDE_H + +void sh_prelude_reset(void); +void sh_prelude_stop(void); +int sh_prelude_init(void); + +int sh_prelude_set_profile(const char *arg); + +int sh_prelude_alert (int priority, int class, char * message, + long msgflags, unsigned long msgid); + +/* map severity levels + */ +int sh_prelude_map_info (const char * str); +int sh_prelude_map_low (const char * str); +int sh_prelude_map_medium (const char * str); +int sh_prelude_map_high (const char * str); + +#endif Index: /tags/2.5.0/include/sh_processcheck.h =================================================================== --- /tags/2.5.0/include/sh_processcheck.h (revision 189) +++ /tags/2.5.0/include/sh_processcheck.h (revision 189) @@ -0,0 +1,13 @@ + +#ifndef SH_PROCESSCHECK_H +#define SH_PROCESSCHECK_H + +int sh_prochk_init(struct mod_type * arg); +int sh_prochk_timer(time_t tcurrent); +int sh_prochk_check(void); +int sh_prochk_reconf(void); +int sh_prochk_cleanup(void); + +extern sh_rconf sh_prochk_table[]; + +#endif Index: /tags/2.5.0/include/sh_pthread.h =================================================================== --- /tags/2.5.0/include/sh_pthread.h (revision 189) +++ /tags/2.5.0/include/sh_pthread.h (revision 189) @@ -0,0 +1,153 @@ +#ifndef SH_PTHREAD_H +#define SH_PTHREAD_H + +#ifdef HAVE_PTHREAD + +#include + +#define SH_MUTEX(M) pthread_mutex_t M +#define SH_MUTEX_INIT(M,I) pthread_mutex_t M = I +#define SH_MUTEX_STATIC(M,I) static pthread_mutex_t M = I +#define SH_MUTEX_EXTERN(M) extern pthread_mutex_t M + +/* pthread_mutex_unlock() has the wrong type (returns int), so + * we need to wrap it in this function. + */ +extern void sh_pthread_mutex_unlock (void *arg); + +#define SH_MUTEX_LOCK(M) \ + do { \ + int oldtype; \ + pthread_setcanceltype(PTHREAD_CANCEL_DEFERRED, &oldtype); \ + pthread_cleanup_push(sh_pthread_mutex_unlock, (void*)&(M));\ + pthread_mutex_lock(&(M)) + + +#define SH_MUTEX_UNLOCK(M) \ + pthread_cleanup_pop(1); \ + pthread_setcanceltype(oldtype, NULL); \ + } while (0) + +#define SH_MUTEX_LOCK_UNSAFE(M) pthread_mutex_lock(&(M)) +#define SH_MUTEX_UNLOCK_UNSAFE(M) pthread_mutex_unlock(&(M)) + + +/* + * ---- Recursive mutex ---- + */ +#if defined(HAVE_PTHREAD_MUTEX_RECURSIVE) + +#define SH_MUTEX_RECURSIVE(M) \ +static pthread_mutex_t M; \ +static void M ## _init (void) \ +{ \ + pthread_mutexattr_t mta; \ + pthread_mutexattr_init(&mta); \ + pthread_mutexattr_settype(&mta, PTHREAD_MUTEX_RECURSIVE); \ + pthread_mutex_init(&(M), &mta); \ + pthread_mutexattr_destroy(&mta); \ + return; \ +} \ +static pthread_once_t M ## _initialized = PTHREAD_ONCE_INIT + +#define SH_MUTEX_RECURSIVE_INIT(M) \ +(void) pthread_once(&(M ## _initialized), (M ## _init)) + +#define SH_MUTEX_RECURSIVE_LOCK(M) \ + do { \ + int oldtype; \ + pthread_setcanceltype(PTHREAD_CANCEL_DEFERRED, &oldtype); \ + pthread_cleanup_push(sh_pthread_mutex_unlock, (void*)&(M));\ + pthread_mutex_lock(&(M)) + +#define SH_MUTEX_RECURSIVE_UNLOCK(M) \ + pthread_cleanup_pop(1); \ + pthread_setcanceltype(oldtype, NULL); \ + } while (0) + +#else +/* !defined(PTHREAD_MUTEX_RECURSIVE) */ + struct sh_RMutex { + + pthread_mutex_t lock; + unsigned int held; + unsigned int waiters; + pthread_t tid; + pthread_cond_t cv; +}; + +void sh_RMutexLock(struct sh_RMutex * tok); +void sh_RMutexUnlock(void * arg); +void sh_InitRMutex(struct sh_RMutex * tok); + +#define SH_MUTEX_RECURSIVE(M) \ +static struct sh_RMutex M; \ +static void M ## _init (void) \ +{ \ + sh_InitRMutex(&(M)); \ + return; \ +} \ +static pthread_once_t M ## _initialized = PTHREAD_ONCE_INIT + +#define SH_MUTEX_RECURSIVE_INIT(M) \ +(void) pthread_once(&(M ## _initialized), (M ## _init)) + +#define SH_MUTEX_RECURSIVE_LOCK(M) \ + do { \ + int oldtype; \ + pthread_setcanceltype(PTHREAD_CANCEL_DEFERRED, &oldtype); \ + pthread_cleanup_push(sh_RMutexUnlock, (void*)&(M)); \ + sh_RMutexLock(&(M)) + +#define SH_MUTEX_RECURSIVE_UNLOCK(M) \ + pthread_cleanup_pop(1); \ + pthread_setcanceltype(oldtype, NULL); \ + } while (0) + +#endif +/* + * ---- Global mutexes ---- + */ +SH_MUTEX_EXTERN(mutex_skey); +SH_MUTEX_EXTERN(mutex_resolv); +SH_MUTEX_EXTERN(mutex_pwent); +SH_MUTEX_EXTERN(mutex_readdir); +/* Prevent threads from logging while we are in suspend */ +SH_MUTEX_EXTERN(mutex_thread_nolog); + +/* + * ---- Initialize thread-specific conversion area ---- + */ +extern int sh_g_thread(void); + + +/* + * ---- Functions for threaded modules ---- + */ +int sh_pthread_create(void *(*start_routine)(void*), void *arg); +int sh_pthread_cancel_all(void); +void sh_threaded_module_reconf(void *arg); +void * sh_threaded_module_run(void *arg); + +#else + +#define PTHREAD_MUTEX_INITIALIZER NULL +#define SH_MUTEX(M) void *SH_MUTEX_DUMMY_ ## M +#define SH_MUTEX_INIT(M,I) extern void *SH_MUTEX_DUMMY_ ## M +#define SH_MUTEX_STATIC(M,I) extern void *SH_MUTEX_DUMMY_ ## M +#define SH_MUTEX_EXTERN(M) extern void *SH_MUTEX_DUMMY_ ## M +#define SH_MUTEX_LOCK(M) ((void)0) +#define SH_MUTEX_UNLOCK(M) ((void)0) +#define SH_MUTEX_LOCK_UNSAFE(M) ((void)0) +#define SH_MUTEX_UNLOCK_UNSAFE(M) ((void)0) + +#define SH_MUTEX_RECURSIVE(M) extern void *SH_MUTEX_DUMMY_ ## M +#define SH_MUTEX_RECURSIVE_INIT(M) ((void)0) +#define SH_MUTEX_RECURSIVE_LOCK(M) ((void)0) +#define SH_MUTEX_RECURSIVE_UNLOCK(M) ((void)0) + +/* #ifdef HAVE_PTHREAD */ +#endif + +/* #ifndef SH_PTHREAD_H */ +#endif Index: /tags/2.5.0/include/sh_readconf.h =================================================================== --- /tags/2.5.0/include/sh_readconf.h (revision 189) +++ /tags/2.5.0/include/sh_readconf.h (revision 189) @@ -0,0 +1,41 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + + + +#ifndef SH_READCONFIG_H +#define SH_READCONFIG_H + +/* set the config file + */ +int sh_readconf_setcfgfile (char * filename); + +/* read the configuration file + */ +int sh_readconf_read (void); + +#endif + + + + + + + + Index: /tags/2.5.0/include/sh_schedule.h =================================================================== --- /tags/2.5.0/include/sh_schedule.h (revision 189) +++ /tags/2.5.0/include/sh_schedule.h (revision 189) @@ -0,0 +1,30 @@ +#ifndef SH_SCHEDULE_H +#define SH_SCHEDULE_H + +/************************************************ + * + * Scheduler class - public definitions + * + ************************************************/ + +typedef struct sh_schedule_ { + int max[5]; + int min[5]; + int step[5]; + int min_step; + time_t last_exec; + int first; + struct sh_schedule_ * next; +} sh_schedule_t; + +/* This function parses a crontab-like schedule and fills a + * sh_schedule_t structure provided by the caller. + */ +int create_sched (const char * ssched, sh_schedule_t * isched); + +/* This function returns 1 if the scheduled event should be executed, + * else 0 + */ +int test_sched (sh_schedule_t * isched); + +#endif Index: /tags/2.5.0/include/sh_socket.h =================================================================== --- /tags/2.5.0/include/sh_socket.h (revision 189) +++ /tags/2.5.0/include/sh_socket.h (revision 189) @@ -0,0 +1,26 @@ +#ifndef SH_SOCKET_H +#define SH_SOCKET_H + +/* 63 (cmd) + 1 (':') + 63 (host) + 1 ('\0') + 81 + */ +#define SH_MAXMSG 209 +#define SH_MAXMSGLEN 64 + +#if defined (SH_WITH_CLIENT) +void sh_socket_server_cmd(const char * srvcmd); +#endif + +#if defined (SH_WITH_SERVER) + + +int sh_socket_open_int (void); +int sh_socket_remove (void); +char * sh_socket_check(const char * client_name); +int sh_socket_poll(void); +void sh_socket_add2reload (const char * clt); + + +#endif + + +#endif Index: /tags/2.5.0/include/sh_srp.h =================================================================== --- /tags/2.5.0/include/sh_srp.h (revision 189) +++ /tags/2.5.0/include/sh_srp.h (revision 189) @@ -0,0 +1,35 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + + +void sh_srp_x (char * salt, char * password); +int sh_srp_make_a (void); +char * sh_srp_M (char * x1, char * x2, char * x3, char * buf, size_t size); + +char * sh_srp_verifier (void); +int sh_srp_check_zero (char * AB_str); + +int sh_srp_init(void); +void sh_srp_exit(void); +char * sh_srp_A (void); +char * sh_srp_B (char * verifier); +char * sh_srp_S_c (char * u_str, char * B_str); +char * sh_srp_S_s (char * u_str, char * A_str, char * v_str); + + Index: /tags/2.5.0/include/sh_static.h =================================================================== --- /tags/2.5.0/include/sh_static.h (revision 189) +++ /tags/2.5.0/include/sh_static.h (revision 189) @@ -0,0 +1,56 @@ +#ifndef SH_STATIC_H +#define SH_STATIC_H + +#include "config_xor.h" + +#if defined(SH_COMPILE_STATIC) && defined(__linux__) + +#ifdef SH_NEED_PWD_GRP +int sh_initgroups(const char *user, gid_t gid); +struct group * sh_getgrent(void); +struct passwd * sh_getpwent(void); +void sh_endgrent(void); +void sh_setgrent(void); +void sh_endpwent(void); +void sh_setpwent(void); +struct group * sh_getgrnam(const char *name); + +struct passwd * sh_getpwnam(const char *name); +int sh_getpwnam_r(const char *name, struct passwd *pwbuf, + char *buf, size_t buflen, struct passwd **pwbufp); + +struct group * sh_getgrgid(gid_t gid); +int sh_getgrgid_r(gid_t gid, struct group *gbuf, + char *buf, size_t buflen, struct group **gbufp); + +struct passwd * sh_getpwuid(uid_t uid); +int sh_getpwuid_r(uid_t uid, struct passwd *pwbuf, + char *buf, size_t buflen, struct passwd **pwbufp); + +#endif + +#ifdef SH_NEED_GETHOSTBYXXX +struct hostent * sh_gethostbyaddr (const void *addr, socklen_t len, int type); +struct hostent * sh_gethostbyname(const char *name); +#endif + +#else + +#define sh_initgroups initgroups +#define sh_getgrgid getgrgid +#define sh_getgrgid_r getgrgid_r +#define sh_getpwnam getpwnam +#define sh_getpwnam_r getpwnam_r +#define sh_getpwuid getpwuid +#define sh_getpwuid_r getpwuid_r +#define sh_getpwent getpwent +#define sh_endpwent endpwent +#define sh_setpwent setpwent + +#define sh_gethostbyaddr gethostbyaddr +#define sh_gethostbyname gethostbyname + +#endif + +#endif + Index: /tags/2.5.0/include/sh_string.h =================================================================== --- /tags/2.5.0/include/sh_string.h (revision 189) +++ /tags/2.5.0/include/sh_string.h (revision 189) @@ -0,0 +1,92 @@ +#ifndef SH_STRING_H +#define SH_STRING_H + + +/* String definition and utility functions. + */ +typedef struct sh_str_struct +{ + char * str; /* always NULL terminated */ + size_t len; /* without terminating \0 */ + size_t siz; /* size of allocated buffer */ +} sh_string; + +sh_string * sh_string_new(size_t size); +void sh_string_destroy(sh_string ** s); +#define sh_string_str(a) ((a)->str) +#define sh_string_len(a) ((a)->len) + +/* concat string to sh_string + */ +sh_string * sh_string_cat_lchar(sh_string * s, const char * str, size_t len); + +/* add char array to end of string */ +sh_string * sh_string_add_from_char(sh_string * s, const char * str); + +/* set sh_string from string + */ +sh_string * sh_string_set_from_char(sh_string * s, const char * str); + +/* create new sh_string from array of given length + */ +sh_string * sh_string_new_from_lchar(const char * str, size_t len); + +#define sh_string_copy(a) ((a) ? sh_string_new_from_lchar(((a)->str), ((a)->len)) : NULL) +#define sh_string_add(a,b) ((a && b) ? sh_string_cat_lchar((a), ((b)->str), ((b)->len)) : NULL) + +/* create new sh_string from three arrays of given length + */ +sh_string * sh_string_new_from_lchar3(const char * str1, size_t len1, + const char * str2, size_t len2, + const char * str3, size_t len3); + +/* Truncate to desired length. + */ +sh_string * sh_string_truncate(sh_string * s, size_t len); + +/* If requested increase is zero, increase by default amount. + */ +sh_string * sh_string_grow(sh_string * s, size_t increase); + +/* Read a string from a file, with maxlen. Return 0 on EOF, + * -1 on error, and -2 if a line exceeds maxlen. + */ +size_t sh_string_read(sh_string * s, FILE * fp, size_t maxlen); + +/* Read a string from a file, with maxlen. Return 0 on EOF, + * -1 on error, and -2 if a line exceeds maxlen. + * If 'cont' != NULL, continuation lines starting with a char + * in 'cont' are concatenated. + */ +size_t sh_string_read_cont(sh_string * s, FILE * fp, size_t maxlen, char *cont); + +/* Split array at delim in at most nfields fields. + * Empty fields are returned as empty (zero-length) strings. + * Leading and trailing WS are removed from token. + * The number of fields is returned in 'nfields', their + * lengths in 'lengths'. + * A single delimiter will return two empty fields. + */ +char ** split_array(char *line, unsigned int * nfields, + char delim, size_t * lengths); + +/* Split array at whitespace in at most nfields fields. + * Multiple whitespaces are collapsed. + * Empty fields are returned as empty (zero-length) strings. + * The number of fields is returned in nfields. + * An empty string will return zero fields. + * If nfields < actual fields, last string will be remainder. + */ +char ** split_array_ws(char *line, unsigned int * nfields, size_t * lengths); + +/* Replaces fields in s with 'replacement'. Fields are given + * in the ordered array ovector, comprising ovecnum pairs + * ovector[i], ovector[i+1] which list offset of first char + * of field, offset of first char after field (this is how + * the pcre library does it). + */ +sh_string * sh_string_replace(const sh_string * s, + const int * ovector, int ovecnum, + const char * replacement, size_t rlen); + +#endif Index: /tags/2.5.0/include/sh_suidchk.h =================================================================== --- /tags/2.5.0/include/sh_suidchk.h (revision 189) +++ /tags/2.5.0/include/sh_suidchk.h (revision 189) @@ -0,0 +1,42 @@ + +#ifndef SH_SUIDCHK_H +#define SH_SUIDCHK_H + +#include "sh_modules.h" + +#ifdef SH_USE_SUIDCHK +int sh_suidchk_init (struct mod_type * arg); +int sh_suidchk_timer (time_t tcurrent); +int sh_suidchk_check (void); +int sh_suidchk_end (void); +int sh_suidchk_reconf (void); + +int sh_suidchk_set_activate (const char * c); +int sh_suidchk_set_severity (const char * c); +int sh_suidchk_set_timer (const char * c); +int sh_suidchk_set_schedule (const char * c); +int sh_suidchk_set_exclude (const char * c); +int sh_suidchk_set_fps (const char * c); +int sh_suidchk_set_yield (const char * c); +int sh_suidchk_set_nosuid (const char * c); +int sh_suidchk_set_quarantine (const char * c); +int sh_suidchk_set_qmethod (const char * c); +int sh_suidchk_set_qdelete (const char * c); + + +extern sh_rconf sh_suidchk_table[]; + +/* Quarantine Methods + */ +typedef enum { + + SH_Q_DELETE = 0, /* delete */ + SH_Q_CHANGEPERM = 1, /* remove suid/sgid permissions */ + SH_Q_MOVE = 2 /* move */ + } ShQuarantineMethod; + + +#endif + +/* #ifndef SH_SUIDCHK_H */ +#endif Index: /tags/2.5.0/include/sh_tiger.h =================================================================== --- /tags/2.5.0/include/sh_tiger.h (revision 189) +++ /tags/2.5.0/include/sh_tiger.h (revision 189) @@ -0,0 +1,50 @@ + +#ifndef SH_TIGER_H +#define SH_TIGER_H + +#include "config_xor.h" +#include "slib.h" +#include "samhain.h" + +typedef long int TigerType; + +#define TIGER_FILE -1 +#define TIGER_DATA -2 + +/**************** +typedef long int TigerType; +typedef enum { + TIGER_FILE, + TIGER_FD, + TIGER_DATA +} TigerType; +*****************/ + +#define TIGER_NOLIM ((UINT64)-1) + +/* the checksum function + */ +char * sh_tiger_hash (const char * filename, TigerType what, + UINT64 Length, char * out, size_t len); + +/* NEW Thu Oct 18 19:59:08 CEST 2001 + */ +int sh_tiger_hashtype (const char * c); +char * sh_tiger_generic_hash (char * filename, TigerType what, + UINT64 * Length, int timeout, + char * out, size_t len); + +UINT32 * sh_tiger_hash_uint32 (char * filename, + TigerType what, + UINT64 Length, UINT32 * out, size_t len); + +/* get the type of hash function used + * 0 = tiger192, 1 = sha1, 2 = md5 + */ +int sh_tiger_get_hashtype (void); + +/* GnuPG-like format, returns allocated memory + */ +/*@owned@*/ char * sh_tiger_hash_gpg (const char * filename, TigerType what, + UINT64 Length); +#endif Index: /tags/2.5.0/include/sh_tools.h =================================================================== --- /tags/2.5.0/include/sh_tools.h (revision 189) +++ /tags/2.5.0/include/sh_tools.h (revision 189) @@ -0,0 +1,101 @@ +#ifndef SH_TOOLS_H +#define SH_TOOLS_H + +#define SH_DO_WRITE 0 +#define SH_DO_READ 1 + +/* protocols + */ +#define SH_PROTO_SRP (1 << 0) +#define SH_PROTO_MSG (1 << 2) +#define SH_PROTO_BIG (1 << 3) +#define SH_PROTO_END (1 << 4) +#define SH_PROTO_ENC (1 << 5) +#define SH_PROTO_EN2 (1 << 6) +#define SH_MASK_ENC (SH_PROTO_ENC|SH_PROTO_EN2) + +#ifdef SH_ENCRYPT +/* returns pointer to errbuf + */ +char * errorExplain (int err_num, char * errbuf, size_t len); +#endif + +/* returns allocated buffer + */ +char * sh_tools_safe_name(const char * str, int flag); +int is_numeric (const char * address); +int connect_port (char * address, int port, + char * ecall, int * errnum, char * errmsg, int errsiz); +int connect_port_2 (char * address1, char * address2, int port, + char * ecall, int * errnum, char * errmsg, int errsiz); +void delete_cache(void); + +/* returns pointer to errbuf + */ +char * sh_tools_errmessage (int tellme, char * errbuf, size_t len); + + +void sh_tools_show_header (unsigned char * head, char sign); + +#if defined (SH_WITH_SERVER) + +int get_open_max (void); + +void put_header (/*@out@*/unsigned char * head, int protocol, + unsigned long * length, char * u); + +int check_request_s (char * have, char * need, char * clt); +int check_request_nerr (char * have, char * need); + +/* returns allocated buffer + */ +char * hash_me (char * key, char * buf, int buflen); +int sh_tools_hash_vfy(char * key, char * buf, int buflen); + +/* returns allocated buffer + */ +char * get_client_conf_file (char * peer, unsigned long * length); + +/* returns allocated buffer + */ +char * get_client_data_file (char * peer, unsigned long * length); + +#endif + +unsigned long read_port (int sockfd, char *buf, unsigned long nbytes, + int * w_error, int timeout); + + +#if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER) + +unsigned long write_port (int sockfd, char *buf, unsigned long nbytes, + int * w_error, int timeout); + +int check_request (char * have, char * need); +int check_request_nerr (char * have, char * need); + +void get_header (unsigned char * head, unsigned long * bytes, char * u); +void put_header (unsigned char * head, int protocol, + unsigned long * length, char * u); + +/* + SL_TICKET open_tmp (void); + int close_tmp (SL_TICKET fd); + int rewind_tmp (SL_TICKET fd); +*/ + +void sh_tools_server_cmd(const char * srvcmd); + +int hash_check(char * key, + char * buf, int buflen); + +int sh_tools_hash_add(char * key, char * buf, int buflen); +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) || defined(SH_STEALTH) || defined(WITH_GPG) || defined(WITH_PGP) +SL_TICKET open_tmp (void); +int close_tmp (SL_TICKET fd); +int rewind_tmp (SL_TICKET fd); +#endif + +#endif Index: /tags/2.5.0/include/sh_trace.h =================================================================== --- /tags/2.5.0/include/sh_trace.h (revision 189) +++ /tags/2.5.0/include/sh_trace.h (revision 189) @@ -0,0 +1,44 @@ +#ifndef SH_TRACE_H +#define SH_TRACE_H + + +/* This file should be included via samhain.h only. + */ + +#ifdef SL_DEBUG +#define ASSERT(expr, expr1) \ + if (!(expr)) \ + fprintf(stderr, \ + SDG_AERRO, \ + FIL__, __LINE__, expr1 ); + + +#define ASSERT_RET(expr, expr1, rr) \ + if (!(expr)) \ + { \ + fprintf(stderr, \ + SDG_AERRO, \ + FIL__, __LINE__, expr1 ); \ + TPT(( (-1), FIL__, __LINE__, SDG_0RETU)) \ + return (rr); \ + } +#else +#define ASSERT(expr, expr1) + +#define ASSERT_RET(expr, expr1, rr) \ + if (!(expr)) return (rr); +#endif + + +#ifdef SL_DEBUG +#define TX1(expr1) \ + fprintf(stderr, \ + SDG_TERRO, \ + FIL__, __LINE__, expr1 ); +#else +#define TX1(expr1) +#endif + +/* #ifndef SH_TRACE_H */ +#endif + Index: /tags/2.5.0/include/sh_unix.h =================================================================== --- /tags/2.5.0/include/sh_unix.h (revision 189) +++ /tags/2.5.0/include/sh_unix.h (revision 189) @@ -0,0 +1,404 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + + + +#ifndef SH_UNIX_H +#define SH_UNIX_H + +/* For PATH_MAX */ +#include +#if !defined(PATH_MAX) +#define PATH_MAX 1024 +#endif + +#include +#include "samhain.h" +#include "sh_error.h" + + +typedef enum { + SH_ISLOG, + SH_ISFILE, + SH_ISDIR, + SH_ISDATA +} ShOpenType; + +typedef enum { + SH_DATA_RAW, + SH_DATA_LINE +} ShDataType; + +typedef enum { + SH_FILE_REGULAR, + SH_FILE_SYMLINK, + SH_FILE_DIRECTORY, + SH_FILE_CDEV, + SH_FILE_BDEV, + SH_FILE_FIFO, + SH_FILE_SOCKET, + SH_FILE_DOOR, + SH_FILE_PORT, + SH_FILE_UNKNOWN +} ShFileType; + +/* -- Attributes to check. -- + */ + +/* checksum */ +#define MODI_CHK (1 << 0) +/* link */ +#define MODI_LNK (1 << 1) +/* inode */ +#define MODI_INO (1 << 2) +/* user */ +#define MODI_USR (1 << 3) +/* group */ +#define MODI_GRP (1 << 4) +/* mtime */ +#define MODI_MTM (1 << 5) +/* ctime */ +#define MODI_CTM (1 << 6) +/* atime */ +#define MODI_ATM (1 << 7) +/* size */ +#define MODI_SIZ (1 << 8) +/* file mode */ +#define MODI_MOD (1 << 9) +/* hardlinks */ +#define MODI_HLN (1 << 10) +/* device type */ +#define MODI_RDEV (1 << 11) +/* size may grow */ +#define MODI_SGROW (1 << 12) +/* use prelink */ +#define MODI_PREL (1 << 13) +/* get content */ +#define MODI_TXT ((1 << 14)|MODI_CHK) + +#define MODI_TXT_ENABLED(a) (((a)&(1 << 14))!=0) + +#define SH_TXT_MAX 9200 + +#define MASK_ALLIGNORE_ 0 +extern unsigned long mask_ALLIGNORE; +#define MASK_ATTRIBUTES_ (MODI_MOD|MODI_USR|MODI_GRP|MODI_RDEV) +extern unsigned long mask_ATTRIBUTES; +#define MASK_LOGFILES_ (MASK_ATTRIBUTES_|MODI_HLN|MODI_LNK|MODI_INO) +extern unsigned long mask_LOGFILES; +#define MASK_LOGGROW_ (MASK_LOGFILES_|MODI_SIZ|MODI_SGROW|MODI_CHK) +extern unsigned long mask_LOGGROW; +#define MASK_READONLY_ (MASK_LOGFILES_|MODI_CHK|MODI_SIZ|MODI_MTM|MODI_CTM) +extern unsigned long mask_READONLY; +#define MASK_NOIGNORE_ (MASK_LOGFILES_|MODI_CHK|MODI_SIZ|MODI_ATM|MODI_MTM) +extern unsigned long mask_NOIGNORE; +#define MASK_USER_ (MASK_READONLY_|MODI_ATM) +extern unsigned long mask_USER0; +extern unsigned long mask_USER1; +extern unsigned long mask_USER2; +extern unsigned long mask_USER3; +extern unsigned long mask_USER4; +/* like READONLY, but without MTM,CTM,SIZ,INO, abd with PREL) + */ +#define MASK_PRELINK_ (MASK_ATTRIBUTES_|MODI_HLN|MODI_LNK|MODI_CHK|MODI_PREL) +extern unsigned long mask_PRELINK; + +typedef struct file_struct { + unsigned long check_mask; + int file_reported; + char fullpath[PATH_MAX]; + ShFileType type; + dev_t dev; + ino_t ino; + mode_t mode; + nlink_t hardlinks; +#if defined(__linux__) || defined(HAVE_STAT_FLAGS) + unsigned long attributes; + char c_attributes[ATTRBUF_SIZE]; +#endif + char c_mode[CMODE_SIZE]; + uid_t owner; + char c_owner[USER_MAX+2]; + gid_t group; + char c_group[GROUP_MAX+2]; + dev_t rdev; + off_t size; + unsigned long blksize; + unsigned long blocks; + time_t atime; + time_t mtime; + time_t ctime; + + char * link_path; + mode_t linkmode; + char link_c_mode[11]; + int linkisok; + char * attr_string; +} file_type; + +extern int sh_unix_check_selinux; +extern int sh_unix_check_acl; + +/* mlock utilities + */ +int sh_unix_mlock(const char * file, int line, void * addr, size_t len); +int sh_unix_munlock(void * addr, size_t len); +int sh_unix_count_mlock(void); +/* public for unit tests */ +int sh_unix_pagesize(void); +unsigned long sh_unix_lookup_page(void * in_addr, size_t len, int * num_pages); + +/* chroot directory + */ +int sh_unix_set_chroot(const char * str); + +/* whether to use localtime for file timesatams in logs + */ +int sh_unix_uselocaltime (const char * c); + +/* whether to perform selinux/acl checks + */ +#ifdef USE_XATTR +int sh_unix_setcheckselinux (const char * c); +#endif +#ifdef USE_ACL +int sh_unix_setcheckacl (const char * c); +#endif + +/* set I/O limit + */ +int sh_unix_set_io_limit (const char * c); +void sh_unix_io_pause (void); + +/* get file type + */ +int sh_unix_get_ftype(char * fullpath); + +/* reset masks for policies + */ +int sh_unix_maskreset(void); + +/* return true if database is remote + */ +int file_is_remote (void); + +/* return the path to the configuration/database file + */ +char * file_path(char what, char flag); + +/* return current time as unsigned long + */ +unsigned long sh_unix_longtime (void); + +/* close all files >= fd, except possibly one + */ +void sh_unix_closeall (int fd, int except, int inchild); + + +/* write lock for filename + */ +int sh_unix_write_lock_file(char * filename); + +/* rm lock(s) for log file(s) + */ +int sh_unix_rm_lock_file(char * filename); + +/* write the PID file + */ +int sh_unix_write_pid_file(void); + +/* rm the PID file + */ +int sh_unix_rm_pid_file(void); + + +/* checksum of own binary + */ +int sh_unix_self_hash (const char * c); + +/* return BAD on failure + */ +int sh_unix_self_check (void); + +/* add a trusted user to the list + */ +int tf_add_trusted_user(const char *); + +/* check a file + */ +int tf_trust_check (const char * file, int mode); + +/* initialize group vector + */ +#ifdef HOST_IS_OSF +int sh_unix_initgroups ( char * in_user, gid_t in_gid); +#else +int sh_unix_initgroups (const char * in_user, gid_t in_gid); +#endif +int sh_unix_initgroups2 (uid_t in_pid, gid_t in_gid); + +/* set the timeserver address + */ +int sh_unix_settimeserver (const char * address); +void reset_count_dev_time(void); + +/* lock the key + */ +void sh_unix_memlock(void); + +/* deamon mode + */ +int sh_unix_setdeamon (const char * dummy); +int sh_unix_setnodeamon(const char * dummy); + +/* Test whether file exists + */ +int sh_unix_file_exists(char * path); + +/* test whether file exists with proper attributes + */ +int sh_unix_device_readable(int fd); + +/* local host + */ +void sh_unix_localhost(void); + +/* check whether /proc exists and is a proc filesystem + */ +int sh_unix_test_proc(void); + +/* check whether a directory is secure + * (no symlink in path, not world-writeable) + */ +/* int sh_unix_is_secure_dir (ShErrLevel level, char * tmp); */ + +/* obtain file info + */ +int sh_unix_getinfo (int level, char * filename, file_type * theFile, + char * fileHash, int flagrel); + +/* read file, return length read + */ +int sh_unix_getline (SL_TICKET fd, char * line, int sizeofline); + +/* call with goDaemon == 1 to make daemon process + */ +int sh_unix_init(int goDaemon); + +/* for local time use thetime = 0, returns pointer to buffer + */ +char * sh_unix_time (time_t thetime, char * buffer, size_t len); + +/* convert to GMT time, returns pointer to buffer + */ +char * sh_unix_gmttime (time_t thetime, char * buffer, size_t len); + +/* effective user info + */ +int sh_unix_getUser (void); + +/* get home directory, , returns pointer to out + */ +char * sh_unix_getUIDdir (int level, uid_t uid, char * out, size_t len); + + +#ifdef HAVE_GETTIMEOFDAY +unsigned long sh_unix_notime (void); +#endif + +/* check whether a directory + */ +int sh_unix_isdir (char * dirName, int level); + +#ifdef SH_STEALTH +int sh_unix_getline_stealth (SL_TICKET fd, char * str, int len); +void sh_unix_xor_code (char * str, int len); +#endif + +#if defined(SCREW_IT_UP) +/* for raise() + */ +#include +#include + +void sh_sigtrap_handler (int signum); +extern volatile int sh_not_traced; + +#ifdef HAVE_GETTIMEOFDAY +#if TIME_WITH_SYS_TIME +#include +#include +#else +#if HAVE_SYS_TIME_H +#include +#else +#include +#endif +#endif +extern struct timeval save_tv; +#endif + +static inline +int sh_sigtrap_prepare() +{ + struct sigaction act_trap; + int val_retry; + act_trap.sa_handler = &sh_sigtrap_handler; /* signal action */ + act_trap.sa_flags = 0; /* init sa_flags */ + sigemptyset ( &act_trap.sa_mask ); /* set an empty mask */ + do { + val_retry = sigaction(SIGTRAP, &act_trap, NULL); + } while (val_retry < 0 && errno == EINTR); + return 0; +} + +/*@unused@*/ static inline +int sh_derr(void) +{ + sh_not_traced = 0; + +#ifdef HAVE_GETTIMEOFDAY + gettimeofday(&save_tv, NULL); +#endif + +#if defined(__linux__) && defined(__GNUC__) && defined(__i386__) + __asm__ __volatile__ (".byte 0xf1"); +#else + raise(SIGTRAP); +#endif + + if (sh_not_traced == 0) + _exit(5); + sh_not_traced = 0; + return (0); +} + +#else + +/*@unused@*/ static inline +int sh_derr(void) +{ + return 0; +} +/* #if defined(SCREW_IT_UP) */ +#endif + +#endif + + Index: /tags/2.5.0/include/sh_userfiles.h =================================================================== --- /tags/2.5.0/include/sh_userfiles.h (revision 189) +++ /tags/2.5.0/include/sh_userfiles.h (revision 189) @@ -0,0 +1,30 @@ +/* + * File: sh_userfiles.h + * Desc: A module for Samhain; adds files in user directories to the check list + * Auth: Jerry Connolly + */ + +#ifndef SH_USERFILES_H +#define SH_USERFILES_H + +#ifdef SH_USE_USERFILES +int sh_userfiles_init (struct mod_type * arg); +int sh_userfiles_timer (time_t tcurrent); +int sh_userfiles_check (void); +int sh_userfiles_end (void); +int sh_userfiles_cleanup (void); +int sh_userfiles_reconf (void); + +int sh_userfiles_set_uid (const char * str); +int sh_userfiles_add_file(const char *c); +int sh_userfiles_set_interval(const char *c); +int sh_userfiles_set_active(const char *c); +int sh_userfiles_check_internal(void); + +extern sh_rconf sh_userfiles_table[]; + + +#endif + +/* #ifndef SH_USERFILES_H */ +#endif Index: /tags/2.5.0/include/sh_utils.h =================================================================== --- /tags/2.5.0/include/sh_utils.h (revision 189) +++ /tags/2.5.0/include/sh_utils.h (revision 189) @@ -0,0 +1,215 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + + +#ifndef SH_UTILS_H +#define SH_UTILS_H + +#include + +#include "slib.h" + +#include "sh_error.h" +#include "sh_unix.h" + +#define S_FMT_STRING 1 +#define S_FMT_ULONG 2 +#define S_FMT_TIME 3 +#define S_FMT_LONG 4 + + +typedef struct ft_struc { + char fchar; + int type; + unsigned long data_ulong; + long data_long; + /*@null@*/char *data_str; +} st_format; + +/* returns allocated string + */ +char * sh_util_formatted (const char * fmt, st_format * ftab); + +typedef struct sh_timeout_struct { + UINT64 time_last; + UINT64 time_dist; + int flag_ok; +} SH_TIMEOUT; + +int sh_util_timeout_check (SH_TIMEOUT * sh_timer); + +/* This is a maximally equidistributed combined Tausworthe + * generator. + */ +UINT32 taus_get (void); +double taus_get_double (void *vstate); /* fast */ +int taus_seed (void); + +/* returns allocated memory + */ +char * sh_util_strdup (const char * str) SH_GNUC_MALLOC; + +/* returns allocated memory + */ +char * sh_util_strdup_l (const char * str, size_t len) SH_GNUC_MALLOC; + +/* returns pointer within str + */ +char * sh_util_strsep (char **str, const char *delim); + +/* compactify verbose acl text, returns allocated memory + */ +char * sh_util_acl_compact (char * buf, ssize_t len); + +/* set signature type HASH-TIGER/HMAC-TIGER + */ +int sh_util_sigtype (const char * c); + +/* compute a signature + */ +char * sh_util_siggen (char * hexkey, + char * text, size_t textlen, + char * sigbuf, size_t sigbuflen); + +/* eval boolean input + */ +int sh_util_flagval(const char * c, int * fval); + +/* ask if a file should be updated (returns S_TRUE/S_FALSE) + */ +int sh_util_ask_update(char * path); +int sh_util_set_interactive(const char * str); + +/* don't log output files + */ +int sh_util_hidesetup(const char * c); + +/* valif utf-8 string + */ +int sh_util_valid_utf8 (const unsigned char * str); + +/* filenames are utf8 + */ +int sh_util_obscure_utf8 (const char * c); + +/* exceptions to obscure name check + */ +int sh_util_obscure_ok (const char * str); + +/* output a hexchar[2]; i2h must be char[2] + */ +char * sh_util_charhex( unsigned char c, char * i2h ); + +/* read a hexchar, return int value (0-15) + */ +int sh_util_hexchar( char c ) SH_GNUC_CONST; + +/* change verifier + */ +int sh_util_set_newkey (const char * str); + +/* server mode + */ +int sh_util_setserver (const char * dummy); + +/* a simple compressor + */ +long sh_util_compress (char * dest, char * src, size_t dest_size); + +/* an even simpler en-/decoder + */ +void sh_util_encode (char * data, char * salt, int mode, char fill); + +/* copy len ( < 4) bytes from (char *) (long src) to (char *) dest, + * determine the four LSB's and use them (independent of sizeof(long)) + */ +void sh_util_cpylong (char * dest, const char * src, int len ); + +/* set timer for main loop + */ +int sh_util_setlooptime (const char * str); + +/* whether init or check the database + */ +int sh_util_setchecksum (const char * str); + +/* compare an in_string against a regular expression regex_str + return GOOD on successful match +*/ +int sh_util_regcmp (char * regex_str, char * in_str); + + +/* returns freshly allocated memory, return value should be free'd. + * Argument list must be NULL terminated. + */ +char * sh_util_strconcat (const char * arg1, ...) SH_GNUC_MALLOC SH_GNUC_SENTINEL; + +/* check if string is numeric only + */ +int sh_util_isnum (const char *str) SH_GNUC_PURE; + +/* init a key w/random string + */ +int sh_util_keyinit (char * buf, long size); + + +/* returns freshly allocated memory, return value should be free'd + */ +char * sh_util_dirname(const char * fullpath); + +/* returns freshly allocated memory, return value should be free'd + */ +char * sh_util_safe_name (const char * name) SH_GNUC_MALLOC SH_GNUC_PURE; + +char * sh_util_safe_name_keepspace (const char * name) SH_GNUC_MALLOC SH_GNUC_PURE; + +/* check max size of printf result string + */ +int sh_util_printf_maxlength (const char * fmt, va_list vl); + +/* check for obscure filenames + */ +int sh_util_obscurename (ShErrLevel level, char * name, int flag); + +/* returns freshly allocated memory, return value should be free'd + */ +char * sh_util_basename(const char * fullpath); + +/* required size (including terminating NULL) for string of strlen l + */ +#define SH_B64_SIZ(l) (1 + ((((l) + 2) / 3) * 4)) + +/* return len of encoded string + */ +size_t sh_util_base64_enc (unsigned char * out, const unsigned char * instr, + size_t lin); + +/* return allocated encoded string in out, return its len + */ +size_t sh_util_base64_enc_alloc (char **out, const char *in, size_t inlen); + +/* return len of decoded string + */ +size_t sh_util_base64_dec (unsigned char *out, const unsigned char *in, size_t lin); + +/* return allocated decoded string in out, return its len + */ +size_t sh_util_base64_dec_alloc (unsigned char **out, const unsigned char *in, size_t lin); + +#endif Index: /tags/2.5.0/include/sh_utmp.h =================================================================== --- /tags/2.5.0/include/sh_utmp.h (revision 189) +++ /tags/2.5.0/include/sh_utmp.h (revision 189) @@ -0,0 +1,24 @@ + +#ifndef SH_UTMP_H +#define SH_UTMP_H + +#include "sh_modules.h" + +#ifdef SH_USE_UTMP +int sh_utmp_init (struct mod_type * arg); +int sh_utmp_timer (time_t tcurrent); +int sh_utmp_check (void); +int sh_utmp_end (void); +int sh_utmp_reconf (void); + +int sh_utmp_set_login_activate (const char * c); +int sh_utmp_set_login_solo (const char * c); +int sh_utmp_set_login_multi (const char * c); +int sh_utmp_set_logout_good (const char * c); +int sh_utmp_set_login_timer (const char * c); + +extern sh_rconf sh_utmp_table[]; +#endif + +/* #ifndef SH_UTMP_H */ +#endif Index: /tags/2.5.0/include/slib.h =================================================================== --- /tags/2.5.0/include/slib.h (revision 189) +++ /tags/2.5.0/include/slib.h (revision 189) @@ -0,0 +1,585 @@ +/* -------------------------------------------------------------- + * + * The developement of this library has been stimulated by reading + * a paper on 'Robust Programming' by Matt Bishop, although + * not all of his ideas might be implemented in the same + * strictness as discussed in the paper. + * + * -------------------------------------------------------------- + */ + +#ifndef SL_SLIB_H +#define SL_SLIB_H + +#include +#include +#include +#include +#include + +#include "config_xor.h" + +#ifdef HAVE_UNISTD_H +#include +#endif + +#include "sh_string.h" + +/**************** + + -- Defined in config.h. -- + + #ifndef _(string) + #define _(string) string + #endif + + #ifndef N_(string) + #define N_(string) string + #endif + +*****************/ + +/* -------------------------------------------------------------- + * + * Typedefs, global variables, macros. + * + * -------------------------------------------------------------- + */ + +extern long int sl_errno; /* Global error variable. */ + + +/* The ticketing system; used to hide internals from the + * programmer. + */ +typedef long int SL_TICKET; /* Unique ID for opened files. */ + + +/* + * TRUE, FALSE + */ +#define SL_TRUE 1 +#define SL_FALSE 0 + +#define SH_GRBUF_SIZE 4096 +#define SH_PWBUF_SIZE 4096 + + +#if defined(__GNUC__) && (__GNUC__ >= 3) +#undef SL_GNUC_CONST +#define SL_GNUC_CONST __attribute__((const)) +#else +#undef SL_GNUC_CONST +#define SL_GNUC_CONST +#endif + +/* + * The following macros are provided: + * + * SL_ISERROR(x) TRUE if return status of 'x' is an error code. + * SL_REQUIRE(x, xstr) Abort if 'x' is false. + * SL_ENTER(s) Trace entry in function 's'. + * SL_RETURN(x, s) Trace return from function 's'. + */ + + +/* + * The error codes. + */ +#define SL_ENONE 0 + +#define SL_ENULL -1024 /* Invalid use of NULL pointer. */ +#define SL_ERANGE -1025 /* Argument out of range. */ +#define SL_ETRUNC -1026 /* Result truncated. */ +#define SL_EREPEAT -1027 /* Illegal repeated use of function. */ + +#define SL_EINTERNAL -1028 /* Internal error. */ +#define SL_ETICKET -1029 /* Bad ticket. */ +#define SL_EBADFILE -1030 /* File access error. Check errno. */ +#define SL_EBOGUS -1031 /* Bogus file. */ +#define SL_EMEM -1032 /* Out of memory. */ +#define SL_EUNLINK -1033 /* Unlink error. Check errno. */ +#define SL_EREWIND -1034 /* Rewind error. Check errno. */ +#define SL_EFORWARD -1035 /* Forward error. Check errno. */ +#define SL_EREAD -1036 /* Read error. Check errno. */ +#define SL_EWRITE -1037 /* Write error. Check errno. */ +#define SL_ESYNC -1038 /* Write error. Check errno. */ + +#define SL_EBADNAME -1040 /* Invalid name. */ +#define SL_ESTAT -1041 /* stat of file failed. Check errno. */ + +#define SL_EBADUID -1050 /* Owner not trustworthy. */ +#define SL_EBADGID -1051 /* Group writeable and not trustworthy.*/ +#define SL_EBADOTH -1052 /* World writeable. */ + +#define SL_TOOMANY -1053 /* Too many open files */ +#define SL_TIMEOUT -1054 /* Timeout in read */ +/* + * All int functions return SL_NONE on success. + */ + +#ifdef __cplusplus +extern "C" { +#endif + + int dlog (int flag, const char * file, int line, const char *fmt, ...); + + char * sl_get_errmsg(void); + + /* ---------------------------------------------------------------- + * + * Heap consistency routines + * + * ---------------------------------------------------------------- */ + + int sl_test_heap(void); + + /* ---------------------------------------------------------------- + * + * Capability routines + * + * ---------------------------------------------------------------- */ + + extern int sl_useCaps; + + int sl_drop_cap (void); + int sl_drop_cap_sub(void); + int sl_get_cap_sub(void); + int sl_drop_cap_qdel(void); + int sl_get_cap_qdel(void); + + /* ---------------------------------------------------------------- + * + * String handling routines + * + * ---------------------------------------------------------------- */ + + /* + * A memset that does not get optimized away + */ + void *sl_memset(void *s, int c, size_t n); +#if !defined(SH_REAL_SET) +#undef memset +#define memset sl_memset +#endif + + /* + * Copy src to dst. siz is the length of dst. + */ + int sl_strlcpy(char * dst, /*@null@*/const char * src, size_t siz); + + /* + * Append src to dst. siz is the length of dst. + */ + int sl_strlcat(char * dst, /*@null@*/const char *src, size_t siz); + + /* + * An implementation of vsnprintf. va_start/va_end are in the caller + * function. + */ + int sl_vsnprintf(char *str, size_t n, + const char *format, va_list vl ); + + /* + * An implementation of snprintf. + */ + int sl_snprintf(char *str, size_t n, + const char *format, ... ); + + /* + * A robust drop-in replacement of strncpy. strlcpy is preferable. + */ + char * sl_strncpy(/*@out@*/char *dst, const char *src, size_t size); + + /* + * Robust strncat. + */ + char * sl_strncat(char *dst, const char *src, size_t n); + + /* + * strstr + */ + char * sl_strstr (const char * haystack, const char * needle); + + /* + * robust strncmp replacement + */ + int sl_strncmp(const char * a, const char * b, size_t n); + + /* + * robust strcmp replacement + */ + int sl_strcmp(const char * a, const char * b); + + /* + * robust strcasecmp replacement + */ + int sl_strcasecmp(const char * one, const char * two); + + /* + * robust strlen replacement + */ +#define sl_strlen(arg) ((arg == NULL) ? 0 : (strlen(arg))) + + /* ---------------------------------------------------------------- + * + * Privilege handling routines + * + * ---------------------------------------------------------------- */ + + /* + * ONE OF THE FOLLOWING THREE FUNCTIONS + * SHOULD BE CALLED BEFORE ANY OTHER OF THE + * UID HANDLING FUNCTIONS. + */ + int sl_policy_get_user(const char *username); /* drop SUID to */ + int sl_policy_get_real(char *username); /* drop privs to */ + int sl_policy_get_root(void); /* drop SUID to root */ + + /* + * If not using one of the above, use this function, + * and then call sh_unset_suid(). + * This function saves the uid's. + * It calls abort() on error. + */ + int sl_save_uids(void); + + /* + * This function returns the saved euid. + * It calls abort() if the uid's are not saved already. + */ + int sl_get_euid(/*@out@*/uid_t * ret); + uid_t sl_ret_euid(void); + + /* + * This function returns the saved egid. + * It calls abort() if the uid's are not saved already. + */ + int sl_get_egid(/*@out@*/gid_t * ret); + + /* + * This function returns the saved current ruid. + * It calls abort() if the uid's are not saved already. + */ + int sl_get_ruid(/*@out@*/uid_t * ret); + + /* + * This function returns the saved current rgid. + * It calls abort() if the uid's are not saved already. + */ + int sl_get_rgid(gid_t * ret); + + /* + * This function returns the saved original ruid. + * It calls abort() if the uid's are not saved already. + */ + int sl_get_ruid_orig(uid_t * ret); + + /* + * This function returns the saved original rgid. + * It calls abort() if the uid's are not saved already. + */ + int sl_get_rgid_orig(gid_t * ret); + + /* + * This function returns true if the program is SUID. + * It calls abort() if the uid's are not saved already. + */ + int sl_is_suid(void); + + /* + * This function sets the effective uid + * to the saved effective uid. + */ + int sl_set_suid (void); + + /* + * This function sets the effective uid to the real uid. + */ + int sl_unset_suid (void); + + /* + * This function drops SUID privileges irrevocably. + */ + int sl_drop_privileges(void); + + /* ---------------------------------------------------------------- + * + * File handling routines + * + * ---------------------------------------------------------------- */ + + SL_TICKET sl_make_ticket (int fd, const char * path); + + /* Open for writing. + */ + SL_TICKET sl_open_write (const char * fname, int priviledge_mode); + + /* Open for reading. + */ + SL_TICKET sl_open_read (const char * fname, int priviledge_mode); + + /* Open for reading w/minimum checking. + */ + SL_TICKET sl_open_fastread (const char * fname, int priviledge_mode); + + /* Open for read and write. + */ + SL_TICKET sl_open_rdwr (const char * fname, int priviledge_mode); + + /* Open for read and write, fail if file exists. + */ + SL_TICKET sl_open_safe_rdwr (const char * fname, int priv); + + /* Open for write, truncate. + */ + SL_TICKET sl_open_write_trunc (const char * fname, int priviledge_mode); + + /* Open for read and write, truncate. + */ + SL_TICKET sl_open_rdwr_trunc (const char * fname, int priviledge_mode); + + /* Initialize the content sh_string. + */ + int sl_init_content (SL_TICKET ticket, size_t size); + + /* Get the (pointer to) the content sh_string. + */ + sh_string * sl_get_content (SL_TICKET ticket); + + /* Close file. + */ + int sl_close (SL_TICKET ticket); + + /* Unlink file. + */ + int sl_unlink (SL_TICKET ticket); + + /* Rewind file. + */ + int sl_rewind (SL_TICKET ticket); + + /* Seek file. + */ + int sl_seek (SL_TICKET ticket, off_t off_data); + + /* Forward file. + */ + int sl_forward (SL_TICKET ticket); + + /* Sync file. + */ + int sl_sync (SL_TICKET ticket); + + /* Read file. + */ + int sl_read (SL_TICKET ticket, void * buf, size_t count); + + int sl_read_timeout_prep (SL_TICKET ticket); + + int sl_read_timeout_fd (int fd, void * buf, + size_t count, int timeout, int is_nonblocking); + + int sl_read_timeout (SL_TICKET ticket, void * buf, + size_t count, int timeout, int is_nonblocking); + + int sl_read_fast (SL_TICKET ticket, void * buf_in, size_t count); + + /* Write file. + */ + int sl_write (SL_TICKET ticket, const void * msg, long nbytes); + + /* Write file, terminate with newline. + */ + int sl_write_line (SL_TICKET ticket, const void * msg, long nbytes); + + /* As above, but only for non-constant strings. + */ + int sl_write_line_fast (SL_TICKET ticket, void * msg, long nbytes); + + /* Drop all metadata for file descriptors >= fd. + */ + int sl_dropall(int fd, int except); + int sl_dropall_dirty(int fd, int except); /* don't deallocate */ + + /* Check whether file is trustworthy. + */ + int sl_trustfile(const char * path, uid_t * ok, uid_t * bad); + + /* Check whether file is trustworthy. + */ + int sl_trustfile_euid(const char * filename, uid_t euid); + + /* purge list of trusted users + */ + int sl_trust_purge_user (void); + + /* Add a trusted user. + */ + int sl_trust_add_user (uid_t pwid); + + /* Get error string. + */ + char * sl_error_string(int errorcode); + + /* Get error file. + */ + char * sl_trust_errfile(void); + + /* Overflow tests + */ + int sl_ok_muli (int a, int b) SL_GNUC_CONST; + int sl_ok_divi (int a, int b) SL_GNUC_CONST; + int sl_ok_addi (int a, int b) SL_GNUC_CONST; + int sl_ok_subi (int a, int b) SL_GNUC_CONST; + + int sl_ok_muls (size_t a, size_t b) SL_GNUC_CONST; + int sl_ok_adds (size_t a, size_t b) SL_GNUC_CONST; + + +#ifdef __cplusplus +} +#endif + +/* Privilege modes for file access. + */ +#define SL_YESPRIV 0x33 +#define SL_NOPRIV 0x34 + +/* Suitable for Linux + */ +#define MAXFILENAME 4096 + + +/* + * This macro is TRUE if (x) < 0. + */ +#define SL_ISERROR(x) ((long)(x) < 0) + +#if defined(WITH_TPT) +#define TPT(arg) dlog arg ; +#else +#define TPT(arg) +#endif + + +/* + * The 'require' macro. + */ +#define SL_REQUIRE(assertion, astext) \ +do { \ + /*@i@*/ if (assertion) ; \ + else { \ + dlog(0, FIL__, __LINE__, SDG_AFAIL, \ + FIL__, __LINE__, astext); \ + _exit(EXIT_FAILURE); \ + } \ +} while (0) + + +/* + * The enter macro. Prints the trace if TRACE is on. + */ +extern int slib_do_trace; +extern int slib_trace_fd; + +#if defined(SL_DEBUG) +#define SL_ENTER(s) sl_stack_push(s, FIL__, __LINE__); +#else +#define SL_ENTER(s) if (slib_do_trace != 0) sl_trace_in(s, FIL__, __LINE__); +#endif + +/* + * The return macro. + */ +#if defined(SL_DEBUG) +#ifndef S_SPLINT_S +#define SL_RETURN(x, s) \ +do { \ + sl_stack_pop(s, FIL__, __LINE__); \ + return(x); \ +} while(0) +#else +/*@notfunction@*/ +#define SL_RETURN(x, s) return(x); +#endif /* S_SPLINT_S */ +#else +#ifndef S_SPLINT_S +#define SL_RETURN(x, s) \ +do { \ + if (slib_do_trace != 0) \ + sl_trace_out(s, FIL__, __LINE__); \ + return(x); \ +} while(0) +#else +/*@notfunction@*/ +#define SL_RETURN(x, s) return(x); +#endif /* S_SPLINT_S */ +#endif /* SL_RETURN macro */ + +#if defined(SL_DEBUG) +#define SL_RET0(s) \ +do { \ + sl_stack_pop(s, FIL__, __LINE__); \ + return; \ +} while(0) +#else +#ifndef S_SPLINT_S +#define SL_RET0(s) \ +do { \ + if (slib_do_trace != 0) \ + sl_trace_out(s, FIL__, __LINE__); \ + return; \ +} while(0) +#else +/*@notfunction@*/ +#define SL_RET0(s) return; +#endif /* S_SPLINT_S */ +#endif /* SL_RETURN macro */ + +#if defined(SL_DEBUG) +void sl_stack_push(char * c, char * file, int line); +void sl_stack_pop(char * c, char * file, int line); +void sl_stack_print(void); +#endif +void sl_trace_in (const char * str, const char * file, int line); +void sl_trace_out (const char * str, const char * file, int line); +int sl_trace_file (const char * str); +int sl_trace_use (const char * str); + + + + +/* + * The internal return macro. Sets sl_errno to the return value. + */ + +#if defined(SL_DEBUG) +#define SL_IRETURN(x, s) \ +do { \ + if((long)(x) < 0) { \ + TPT((0, FIL__, __LINE__, SDG_ERROR, (long)(x))) \ + sl_errno=(x); \ + } \ + sl_stack_pop(s, FIL__, __LINE__); \ + if (1) return(x); \ +} while(0) +#else +#define SL_IRETURN(x, s) \ +do { \ + if ((long)(x) < 0) sl_errno=(x); \ + if (slib_do_trace) \ + sl_trace_out(s, FIL__, __LINE__); \ + if (1) return(x); \ +} while(0) + +#endif /* SL_IRETURN macro */ + + + +/* slib.h */ +#endif + + + + Index: /tags/2.5.0/include/trustfile.h =================================================================== --- /tags/2.5.0/include/trustfile.h (revision 189) +++ /tags/2.5.0/include/trustfile.h (revision 189) @@ -0,0 +1,94 @@ +/* + * This is the header file for the trust function + * + * Author information: + * Matt Bishop + * Department of Computer Science + * University of California at Davis + * Davis, CA 95616-8562 + * phone (916) 752-8060 + * email bishop@cs.ucdavis.edu + * + * This code is placed in the public domain. I do ask that + * you keep my name associated with it, that you not represent + * it as written by you, and that you preserve these comments. + * This software is provided "as is" and without any guarantees + * of any sort. + */ +/* + * trustfile return codes + */ +#define TF_ERROR -1 /* can't check -- error */ +#define TF_NO 0 /* file isn't trustworthy */ +#define TF_YES 1 /* file is trustworthy */ + +/* + * error codes + */ +#define TF_BADFILE 1 /* file name illegal */ +#define TF_BADNAME 2 /* name not valid (prob. ran out of room) */ +#define TF_BADSTAT 3 /* stat of file failed (see errno for why) */ +#define TF_NOROOM 4 /* not enough allocated space */ + +/* + * untrustworthy codes + */ +#define TF_BADUID 10 /* owner nmot trustworthy */ +#define TF_BADGID 11 /* group writeable and member not trustworthy */ +#define TF_BADOTH 12 /* anyone can write it */ + +/* + * the basic constant -- what is the longest path name possible? + * It should be at least the max path length as defined by system + * + 4 ("/../") + max file name length as defined by system; this + * should rarely fail (I rounded it up to 2048) + */ +#define MAXFILENAME 2048 + +/* + * function declaration + * + * #ifdef __STDC__ + * extern int trustfile(char *, int *, int *); + * #else + * extern int trustfile(); + * #endif + */ +/* + * these are useful global variables + * + * first set: who you gonna trust, by default? + * if the user does not specify a trusted or untrusted set of users, + * all users are considered untrusted EXCEPT: + * UID 0 -- root as root can do anything on most UNIX systems, this + * seems reasonable + * tf_euid -- programmer-selectable UID + * if the caller specifies a specific UID by putting + * it in this variable, it will be trusted; this is + * typically used to trust the effective UID of the + * process (note: NOT the real UID, which will cause all + * sorts of problems!) By default, this is set to -1, + * so if it's not set, root is the only trusted user + */ +extern uid_t tf_euid; /* space for EUID of process */ + +/* + * second set: how do you report problems? + * tf_errno on return when an error has occurred, this is set + * to the code indicating the reason for the error: + * TF_BADFILE passed NULL for pointer to file name + * TF_BADNAME could not expand to full path name + * TF_BADSTAT stat failed; usu. file doesn't exist + * TF_BADUID owner untrusted + * TF_BADGID group untrusted & can write + * TF_BADOTH anyone can write + * the value is preserved across calls where no error + * occurs, just like errno(2) + * tf_path if error occurs and a file name is involved, this + * contains the file name causing the problem + */ +extern char tf_path[MAXFILENAME]; /* error path for trust function */ + +extern uid_t rootonly[]; +extern int EUIDSLOT; + Index: /tags/2.5.0/include/zAVLTree.h =================================================================== --- /tags/2.5.0/include/zAVLTree.h (revision 189) +++ /tags/2.5.0/include/zAVLTree.h (revision 189) @@ -0,0 +1,72 @@ +/* + * zAVLTree.h: Header file for zAVLTrees. + * Copyright (C) 1998,2001 Michael H. Buselli + * This is version 0.1.3 (alpha). + * Generated from $Id: xAVLTree.h.sh,v 1.5 2001/06/07 06:58:28 cosine Exp $ + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with this library; if not, write to the Free + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * The author of this library can be reached at the following address: + * Michael H. Buselli + * 30051 N. Waukegan Rd. Apt. 103 + * Lake Bluff, IL 60044-5412 + * + * Or you can send email to . + * The official web page for this product is: + * http://www.cosine.org/project/AVLTree/ + */ + +#ifndef _ZAVLTREE_H_ +#define _ZAVLTREE_H_ + +/* typedef the keytype */ +typedef const char * zAVLKey; + +/* Comparison function for strings is strcmp(). */ +#define zAVLKey_cmp(tree, a, b) (strcmp((a), (b))) + + +typedef struct _zAVLNode { + zAVLKey key; + long depth; + void *item; + struct _zAVLNode *parent; + struct _zAVLNode *left; + struct _zAVLNode *right; +} zAVLNode; + + +typedef struct { + zAVLNode *top; + long count; + zAVLKey (*getkey)(const void *item); +} zAVLTree; + + +typedef struct { + const zAVLTree *avltree; + const zAVLNode *curnode; +} zAVLCursor; + + +extern zAVLTree *zAVLAllocTree (zAVLKey (*getkey)(void const *item)); +extern void zAVLFreeTree (zAVLTree *avltree, void (freeitem)(void *item)); +extern int zAVLInsert (zAVLTree *avltree, void *item); +extern void *zAVLSearch (zAVLTree const *avltree, zAVLKey key); +extern int zAVLDelete (zAVLTree *avltree, zAVLKey key); +extern void *zAVLFirst (zAVLCursor *avlcursor, zAVLTree const *avltree); +extern void *zAVLNext (zAVLCursor *avlcursor); + +#endif Index: /tags/2.5.0/init/samhain.start.in =================================================================== --- /tags/2.5.0/init/samhain.start.in (revision 189) +++ /tags/2.5.0/init/samhain.start.in (revision 189) @@ -0,0 +1,77 @@ +#!/bin/sh + +# This file is public domain and comes with NO WARRANTY of any kind +# samhain deamon start/stop script. + +# This should be put in /etc/init.d (at least on machines SYSV R4 +# based systems) and linked to /etc/rc3.d/S99samhain. When this is done +# the samhain daemon will be started when the machine is started. + +PATH=/sbin:/usr/bin:/usr/sbin:/bin +basedir=/ + +prefix=@prefix@ +exec_prefix=@exec_prefix@ +bindir=@bindir@ + +samhain_daemon_user=root # Run samhain as this user. + # If you use this, uncomment one of + # the su rows below. + +export PATH + +mode=$1 + +# The following test may be removed if this script isn't to be run as root. +if test ! -w / +then + echo "$0: this script must be run as root ... fatal error" + exit 1 +fi + + +# Safeguard (relative paths, core dumps..) +cd $basedir + +case "$mode" in + 'start') + # Start deamon + if test -x ${bindir}/samhain + then + if test -x /sbin/startproc + then + # use startproc if available + startproc ${bindir}/samhain -t check -D + else + # For Linux + su -c -- $samhain_daemon_user $bindir/samhain -t check -D + # For sun + # su $samhain_daemon_user $bindir/samhain -t check -D + fi + else + echo "Can't execute ${bindir}/samhain" + fi + ;; + + + 'stop') + if test -x ${bindir}/samhain + then + if test -x /sbin/killproc + then + # alternatively use the command below, if you have 'killproc' + killproc -TERM ${bindir}/samhain + else + # Stop deamon - no PID file available, so search for the pid + SH_PID=`ps aux | grep samhain | grep -v grep | awk '{print $2}'` + kill ${SH_PID} + fi + fi + ;; + + *) + # usage + echo "usage: $0 start|stop" + exit 1 + ;; +esac Index: /tags/2.5.0/init/samhain.startFreeBSD.in =================================================================== --- /tags/2.5.0/init/samhain.startFreeBSD.in (revision 189) +++ /tags/2.5.0/init/samhain.startFreeBSD.in (revision 189) @@ -0,0 +1,44 @@ +#!/bin/sh + +# PROVIDE: @install_name@ +# REQUIRE: LOGIN +# KEYWORD: shutdown + +. /etc/rc.subr + +name="@install_name@" +rcvar=`set_rcvar` + +pidfile="@mylockfile@" + +# there are no required_files in general, +# as they might be downloaded from the server +# +# required_files="@myconffile@ @mydatafile@" + +extra_commands="reload" +stop_postcmd="remove_stale_files" + +command="@sbindir@/@install_name@" + +is_set() +{ + eval "[ -n \"\${$1+X}\" ]" +} + +remove_stale_files() +{ + if test -f @mylockfile@; then + /bin/rm -f @mylockfile@ + fi + /bin/rm -f @mylockdir@/${name}.sock +} + +load_rc_config "$name" + +if ! is_set ${rcvar}; then + eval "${rcvar}=YES" +fi + +run_rc_command "$1" + Index: /tags/2.5.0/init/samhain.startGentoo.in =================================================================== --- /tags/2.5.0/init/samhain.startGentoo.in (revision 189) +++ /tags/2.5.0/init/samhain.startGentoo.in (revision 189) @@ -0,0 +1,31 @@ +#!/sbin/runscript + +opts="depend start stop reload" + +depend() { + need clock hostname logger +} + +start() { + ebegin "Starting @install_name@" + /sbin/start-stop-daemon --start --quiet --exec @sbindir@/@install_name@ + eend $? + @sh_insmod_cmd@ +} + +stop() { + ebegin "Stopping @install_name@" + /sbin/start-stop-daemon --stop --quiet --retry 15 --exec @sbindir@/@install_name@ + rm -f @mylockfile@ + eend $? +} + +reload() { + if [ ! -f @mylockfile@ ]; then + eerror "@install_name@ isn't running" + return 1 + fi + ebegin "Reloading configuration" + kill -HUP `cat @mylockfile@` &>/dev/null + eend $? +} Index: /tags/2.5.0/init/samhain.startHPUX.in =================================================================== --- /tags/2.5.0/init/samhain.startHPUX.in (revision 189) +++ /tags/2.5.0/init/samhain.startHPUX.in (revision 189) @@ -0,0 +1,116 @@ +#!/sbin/sh + +# Allowed exit values +# +# 0 = success +# 1 = failure +# 2 = skip +# 3 = reboot (now) + +# stdin is redirected from /dev/null +# stderr, stdout are redirected to /etc/rc.log file (checklist mode) +# or console (raw mode) + +# /usr, /var, /opt my not be available until run state 2 + +PATH=/usr/sbin:/usr/bin:/sbin +export PATH + +rval=0 + +DAEMON=@sbindir@/@install_name@ +NAME=@install_name@ + +run_the_command() { + if test -f /etc/rc.config + then + . /etc/rc.config + else + echo "ERROR: /etc/rc.config defaults file MISSING" + fi + if test "x${CONTROL_@install_name@}" = x0 + then + rval=2 + else + ${DAEMON} $1 2>/dev/null + ERRNUM=$? + if test x"$ERRNUM" != x0 + then + echo "EXIT CODE: ${ERRNUM}" + rval=1 + fi + fi +} + +log_stat_msg () { +case "$1" in + 0) + echo "Service $NAME: Running"; + break; + ;; + 1) + echo "Service $NAME: Stopped and /var/run pid file exists"; + break; + ;; + 3) + echo "Service $NAME: Stopped"; + break; + ;; + *) + echo "Service $NAME: Status unknown"; + break; + ;; +esac +} + + +case "$1" in + 'start_msg') + echo "Starting the $NAME subsystem" + ;; + + 'stop_msg') + echo "Stopping the $NAME subsystem" + ;; + + 'start') + run_the_command start + exit $rval + ;; + + stop) + run_the_command stop + # + # Remove a stale lockfile, if found + # + if test -f @mylockfile@; then + /bin/rm -f @mylockfile@ + fi + /bin/rm -f @mylockdir@/${NAME}.sock + exit $rval + ;; + + restart) + run_the_command restart + exit $rval + ;; + + reload|force-reload) + run_the_command reload + exit $rval + ;; + + status) + ${DAEMON} status + ERRNUM=$? + log_stat_msg ${ERRNUM} + exit ${ERRNUM} + ;; + + *) + echo "Usage: @install_name@ {start_msg|stop_msg|start|stop|restart|reload|status}" + exit 1 + ;; +esac + +exit $rval Index: /tags/2.5.0/init/samhain.startIRIX.in =================================================================== --- /tags/2.5.0/init/samhain.startIRIX.in (revision 189) +++ /tags/2.5.0/init/samhain.startIRIX.in (revision 189) @@ -0,0 +1,88 @@ +#! /bin/sh + + +PATH=/usr/sbin:/usr/bin:/sbin +export PATH + +rval=0 + +DAEMON=@sbindir@/@install_name@ +NAME=@install_name@ + +if /sbin/chkconfig verbose; then + verbose=1 +else + verbose=0 +fi + +log_stat_msg () { +case "$1" in + 0) + echo "Service $NAME: Running"; + break; + ;; + 1) + echo "Service $NAME: Stopped and /var/run pid file exists"; + break; + ;; + 3) + echo "Service $NAME: Stopped"; + break; + ;; + *) + echo "Service $NAME: Status unknown"; + break; + ;; +esac +} + +case "$1" in + + 'start') + test $verbose = 1 && echo "Starting $NAME" + $DAEMON start + rval=$? + exit $rval + ;; + + stop) + test $verbose = 1 && echo "Stopping $NAME" + $DAEMON stop + rval=$? + # + # Remove a stale lockfile, if found + # + if test -f @mylockfile@; then + /bin/rm -f @mylockfile@ + fi + exit $rval + ;; + + restart) + test $verbose = 1 && echo "Restarting $NAME" + $DAEMON restart + rval=$? + exit $rval + ;; + + reload|force-reload) + test $verbose = 1 && echo "Reloading $NAME" + $DAEMON reload + rval=$? + exit $rval + ;; + + status) + ${DAEMON} status + ERRNUM=$? + log_stat_msg ${ERRNUM} + exit ${ERRNUM} + ;; + + *) + echo "Usage: @install_name@ {start|stop|restart|reload}" + exit 1 + ;; +esac + +exit $rval Index: /tags/2.5.0/init/samhain.startLSB.in =================================================================== --- /tags/2.5.0/init/samhain.startLSB.in (revision 189) +++ /tags/2.5.0/init/samhain.startLSB.in (revision 189) @@ -0,0 +1,127 @@ +#! /bin/sh + +### BEGIN INIT INFO +# Provides: @install_name@ +# Required-Start: $syslog $network +# Required-Stop: $syslog $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Keep an eye on stuff +# Description: Keep an eye on stuff +### END INIT INFO + + +# source function library +if test -f /lib/lsb/init-functions; then +. /lib/lsb/init-functions +else + echo "File /lib/lsb/init-functions not found" + exit 5 +fi + +prefix="@prefix@" +exec_prefix="@exec_prefix@" +DAEMON=@sbindir@/@install_name@ +NAME=@install_name@ + +if test ! -f ${DAEMON}; then + log_failure_msg "Service $NAME is not installed" + exit 5 +fi + +if test "x$2" != "x" && test "x$1" != "xstatus"; then + log_failure_msg "Excess arguments $@" + exit 2 +fi + +log_sh_msg () { +case "$1" in + 0) + log_success_msg "Service $NAME $2" + break; + ;; + 1) + log_failure_msg "Service $NAME: Error" + break; + ;; + 4) + log_failure_msg "Service $NAME: Permission denied" + break; + ;; + 5) + log_failure_msg "Service $NAME is not installed" + break; + ;; + 7) + log_failure_msg "Service $NAME is not running" + break; + ;; + *) + log_failure_msg "Service $NAME: Error" + break; + ;; +esac +} + +log_stat_msg () { +case "$1" in + 0) + echo "Service $NAME: Running"; + break; + ;; + 1) + echo "Service $NAME: Stopped and /var/run pid file exists"; + break; + ;; + 3) + echo "Service $NAME: Stopped"; + break; + ;; + *) + echo "Service $NAME: Status unknown"; + break; + ;; +esac +} + +case "$1" in + start) + ${DAEMON} start + ERRNUM=$? + SH_ACT="started" + ;; + stop) + ${DAEMON} stop + ERRNUM=$? + if test -f @mylockfile@; then + /bin/rm -f @mylockfile@ + fi + if test -S @mylockdir@/${NAME}.sock; then + /bin/rm -f @mylockdir@/${NAME}.sock + fi + SH_ACT="stopped" + ;; + restart) + ${DAEMON} restart + ERRNUM=$? + SH_ACT="restarted" + ;; + reload|force-reload) + ${DAEMON} reload + ERRNUM=$? + SH_ACT="reloaded" + ;; + status) + ${DAEMON} status + ERRNUM=$? + log_stat_msg ${ERRNUM} + exit ${ERRNUM} + ;; + *) + log_warning_msg "Usage: @install_name@ {start|stop|restart|(force-)reload|status}" + exit 2 + ;; +esac + +log_sh_msg ${ERRNUM} "${SH_ACT}" +exit ${ERRNUM} Index: /tags/2.5.0/init/samhain.startLinux.in =================================================================== --- /tags/2.5.0/init/samhain.startLinux.in (revision 189) +++ /tags/2.5.0/init/samhain.startLinux.in (revision 189) @@ -0,0 +1,303 @@ +#!/bin/bash +# chkconfig: 2345 99 10 +# description: File Integrity Checking Daemon +# +# processname: @install_name@ +# config : @myconffile@ +# logfile : @mylogfile@ +# database: @mydatafile@ +# + +# For Debian +# +FLAGS="defaults 99 10" + +NAME=@install_name@ +DAEMON=@sbindir@/@install_name@ +RETVAL=0 +VERBOSE=yes +PIDFILE=@mylockfile@ + +if [ -x $DAEMON ]; then + : +else + echo "${0}: executable ${DAEMON} not found" + exit 0 +fi + +# Sort out sourcing in the distribution specific library functions +# and the command to run them. +if [ -f /etc/redhat-release ]; then + . /etc/init.d/functions + DISTRO=redhat +elif [ -f /etc/mandrake-release ]; then + . /etc/init.d/functions + DISTRO=redhat +elif [ -f /etc/yellowdog-release ]; then + . /etc/init.d/functions + DISTRO=redhat +elif [ -f /etc/SuSE-release ]; then + . /etc/rc.config + . /etc/rc.status + # Determine the base and follow a runlevel link name. + base=${0##*/} + link=${base#*[SK][0-9][0-9]} + # Force execution if not called by a runlevel directory. + test $link = $base && START_@INSTALL_NAME@=yes + # Check whether START_@INSTALL_NAME@ is in /etc/rc.config + # If yes, abort unless its value is 'yes' + if test "x${START_@INSTALL_NAME@}" != "x"; then + test "${START_@INSTALL_NAME@}" = yes || exit 0 + fi + return=$rc_done + DISTRO=suse +elif [ -f /etc/debian_version ]; then + # . /etc/default/rcS + set -e + DISTRO=debian +elif [ -f /etc/slackware-version ]; then + # . /etc/rc.d/rc.sysvinit + DISTRO=generic +else + DISTRO=generic +fi + +debian_end() +{ + if [ $RETVAL -eq 0 ]; + then + echo "." + else + echo " failed." + fi +} + +# Generic function "a la Red Hat" +MOVE_TO_COL="echo -en \\033[60G" +SETCOLOR_SUCCESS="echo -en \\033[1;32m" +SETCOLOR_FAILURE="echo -en \\033[1;31m" +SETCOLOR_NORMAL="echo -en \\033[0;39m" + +echo_success() { + $MOVE_TO_COL + echo -n "[ " + $SETCOLOR_SUCCESS + echo -n "OK" + $SETCOLOR_NORMAL + echo -n " ]" + echo -ne "\r" + echo "" +} + +echo_failure() { + $MOVE_TO_COL + echo -n "[" + $SETCOLOR_FAILURE + echo -n "FAILED" + $SETCOLOR_NORMAL + echo -n "]" + echo -ne "\r" + echo "" +} + + +# echo OK in green if is success, FAILED in red is failed +generic_end() +{ + if [ $RETVAL -eq 0 ]; + then + echo_success + else + echo_failure + fi +} + +log_stat_msg () { +case "$1" in + 0) + echo "Service $NAME: Running"; + ;; + 1) + echo "Service $NAME: Stopped and /var/run pid file exists"; + ;; + 3) + echo "Service $NAME: Stopped"; + ;; + *) + echo "Service $NAME: Status unknown"; + ;; +esac +} + + +case "$1" in + start) + # + # Remove a stale PID file, if found + # + if test -f ${PIDFILE}; then + /bin/rm -f ${PIDFILE} + fi + # + case "$DISTRO" in + debian) + echo -n "Starting ${NAME}" + ( /sbin/start-stop-daemon --start --quiet --exec $DAEMON ) + RETVAL=$? + debian_end + ;; + redhat) + echo -n $"Starting ${NAME}: " + daemon $DAEMON + RETVAL=$? + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/${NAME} + echo + ;; + suse) + echo -n "Starting service ${NAME}" + /sbin/startproc $DAEMON + RETVAL=$? + if [ $RETVAL -eq 0 ]; then + return=$rc_done + else + return=$rc_failed + fi + echo -e "$return" + ;; + *) + echo -n "Starting ${NAME} ... " + $DAEMON start + RETVAL=$? + generic_end + ;; + esac + # + # The hiding kernel module + # + if [ $RETVAL -eq 0 ]; then + @sh_insmod_cmd@ + fi + exit $RETVAL + ;; + + stop) + case "$DISTRO" in + debian) + echo -n "Stopping $NAME" + ( /sbin/start-stop-daemon --stop --quiet --exec $DAEMON ) + RETVAL=$? + debian_end + ;; + redhat) + echo -n $"Stopping ${NAME}: " + killproc ${NAME} + RETVAL=$? + rm -f /var/lock/subsys/${NAME} + echo + ;; + suse) + echo -n "Shutting down service ${NAME}" + /sbin/killproc -TERM $DAEMON + RETVAL=$? + if [ $RETVAL -eq 0 ]; then + return=$rc_done + else + return=$rc_failed + fi + echo -e "$return" + ;; + *) + if test x"$VERBOSE" != xno; then + echo -n "Stopping ${NAME} ... " + fi + $DAEMON stop + RETVAL=$? + generic_end + ;; + esac + # + # Remove a stale PID file, if found + # + if test -f ${PIDFILE}; then + /bin/rm -f ${PIDFILE} + fi + if test -S @mylockdir@/${NAME}.sock; then + /bin/rm -f @mylockdir@/${NAME}.sock + fi + ;; + + restart) + $0 stop + sleep 3 + $0 start + RETVAL=$? + ;; + + reload|force-reload) + case "$DISTRO" in + debian) + echo -n "Reloading $NAME configuration files" + ( /sbin/start-stop-daemon --stop --signal 1 --quiet --exec $DAEMON ) + RETVAL=$? + debian_end + ;; + redhat) + echo -n $"Reloading ${NAME} configuration: " + killproc ${NAME} -HUP + RETVAL=$? + echo + ;; + suse) + echo -n "Reload service ${NAME}" + /sbin/killproc -HUP $DAEMON + RETVAL=$? + if [ $RETVAL -eq 0 ]; then + return=$rc_done + else + return=$rc_failed + fi + echo -e "$return" + ;; + *) + echo -n "Reloading ${NAME} ... " + $DAEMON reload + RETVAL=$? + generic_end + ;; + esac + ;; + + status) + case "$DISTRO" in + redhat) + status ${NAME} + exit $? + ;; + suse) + echo -n "Checking for service ${NAME}: " + /sbin/checkproc $DAEMON + RETVAL=$? + if [ $RETVAL -eq 0 ]; then + return="OK" + else + return="No process" + fi + echo "$return" + exit $RETVAL + ;; + *) + $DAEMON status + ERRNUM=$? + log_stat_msg ${ERRNUM} + exit ${ERRNUM} + ;; + esac + ;; + + *) + echo "$0 usage: {start|stop|status|restart|reload}" + exit 1 + ;; +esac + +exit $RETVAL Index: /tags/2.5.0/init/samhain.startMACOSX.in =================================================================== --- /tags/2.5.0/init/samhain.startMACOSX.in (revision 189) +++ /tags/2.5.0/init/samhain.startMACOSX.in (revision 189) @@ -0,0 +1,27 @@ +#!/bin/sh + +. /etc/rc.common + +StartService() { + + ConsoleMessage "Starting service @install_name@." + @sbindir@/@install_name@ start + +} + +StopService() { + + ConsoleMessage "Stopping service @install_name@." + @sbindir@/@install_name@ stop + +} + +RestartService() { + + ConsoleMessage "Restarting service @install_name@." + @sbindir@/@install_name@ restart + +} + + +RunService "$1" Index: /tags/2.5.0/init/samhain.startSolaris.in =================================================================== --- /tags/2.5.0/init/samhain.startSolaris.in (revision 189) +++ /tags/2.5.0/init/samhain.startSolaris.in (revision 189) @@ -0,0 +1,80 @@ +#!/bin/sh + +SBINDIR=@sbindir@ +NAME=@install_name@ + +if [ ! -f ${SBINDIR}/${NAME} ]; then + exit 0 +fi + + +log_stat_msg() { +case "$1" in + 0) + echo "Service $NAME: Running"; + break; + ;; + 1) + echo "Service $NAME: Stopped and /var/run pid file exists"; + break; + ;; + 3) + echo "Service $NAME: Stopped"; + break; + ;; + *) + echo "Service $NAME: Status unknown"; + break; + ;; +esac +} + + +case "$1" in + start) + echo "${NAME} starting." + ;; + stop) + echo "${NAME} stopping." + ;; + restart) + echo "${NAME} restarting." + ;; + reload|force-reload) + echo "${NAME} reloading." + ;; + status) + ${SBINDIR}/${NAME} $1 + ERRNUM=$? + log_stat_msg ${ERRNUM} + exit ${ERRNUM} + ;; + *) + echo "Usage: $0 {start|stop|restart|reload|status}" + exit 1 + ;; +esac + +${SBINDIR}/${NAME} $1 + +status=$? + + +if [ $status != 0 ]; then + echo $status + exit 1 +fi + +case "$1" in + stop) + if test -f @mylockfile@; then + /bin/rm -f @mylockfile@ + fi + /bin/rm -f @mylockdir@/${NAME}.sock + ;; + *) + exit 0 + ;; +esac + +exit 0 Index: /tags/2.5.0/install-sh =================================================================== --- /tags/2.5.0/install-sh (revision 189) +++ /tags/2.5.0/install-sh (revision 189) @@ -0,0 +1,250 @@ +#!/bin/sh +# +# install - install a program, script, or datafile +# This comes from X11R5 (mit/util/scripts/install.sh). +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. It can only install one file at a time, a restriction +# shared with many OS's install programs. + + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit="${DOITPROG-}" + + +# put in absolute paths if you don't have them in your path; or use env. vars. + +mvprog="${MVPROG-mv}" +cpprog="${CPPROG-cp}" +chmodprog="${CHMODPROG-chmod}" +chownprog="${CHOWNPROG-chown}" +chgrpprog="${CHGRPPROG-chgrp}" +stripprog="${STRIPPROG-strip}" +rmprog="${RMPROG-rm}" +mkdirprog="${MKDIRPROG-mkdir}" + +transformbasename="" +transform_arg="" +instcmd="$mvprog" +chmodcmd="$chmodprog 0755" +chowncmd="" +chgrpcmd="" +stripcmd="" +rmcmd="$rmprog -f" +mvcmd="$mvprog" +src="" +dst="" +dir_arg="" + +while [ x"$1" != x ]; do + case $1 in + -c) instcmd="$cpprog" + shift + continue;; + + -d) dir_arg=true + shift + continue;; + + -m) chmodcmd="$chmodprog $2" + shift + shift + continue;; + + -o) chowncmd="$chownprog $2" + shift + shift + continue;; + + -g) chgrpcmd="$chgrpprog $2" + shift + shift + continue;; + + -s) stripcmd="$stripprog" + shift + continue;; + + -t=*) transformarg=`echo $1 | sed 's/-t=//'` + shift + continue;; + + -b=*) transformbasename=`echo $1 | sed 's/-b=//'` + shift + continue;; + + *) if [ x"$src" = x ] + then + src=$1 + else + # this colon is to work around a 386BSD /bin/sh bug + : + dst=$1 + fi + shift + continue;; + esac +done + +if [ x"$src" = x ] +then + echo "install: no input file specified" + exit 1 +else + true +fi + +if [ x"$dir_arg" != x ]; then + dst=$src + src="" + + if [ -d $dst ]; then + instcmd=: + else + instcmd=mkdir + fi +else + +# Waiting for this to be detected by the "$instcmd $src $dsttmp" command +# might cause directories to be created, which would be especially bad +# if $src (and thus $dsttmp) contains '*'. + + if [ -f $src -o -d $src ] + then + true + else + echo "install: $src does not exist" + exit 1 + fi + + if [ x"$dst" = x ] + then + echo "install: no destination specified" + exit 1 + else + true + fi + +# If destination is a directory, append the input filename; if your system +# does not like double slashes in filenames, you may need to add some logic + + if [ -d $dst ] + then + dst="$dst"/`basename $src` + else + true + fi +fi + +## this sed command emulates the dirname command +dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` + +# Make sure that the destination directory exists. +# this part is taken from Noah Friedman's mkinstalldirs script + +# Skip lots of stat calls in the usual case. +if [ ! -d "$dstdir" ]; then +defaultIFS=' +' +IFS="${IFS-${defaultIFS}}" + +oIFS="${IFS}" +# Some sh's can't handle IFS=/ for some reason. +IFS='%' +set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` +IFS="${oIFS}" + +pathcomp='' + +while [ $# -ne 0 ] ; do + pathcomp="${pathcomp}${1}" + shift + + if [ ! -d "${pathcomp}" ] ; + then + $mkdirprog "${pathcomp}" + else + true + fi + + pathcomp="${pathcomp}/" +done +fi + +if [ x"$dir_arg" != x ] +then + $doit $instcmd $dst && + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi +else + +# If we're going to rename the final executable, determine the name now. + + if [ x"$transformarg" = x ] + then + dstfile=`basename $dst` + else + dstfile=`basename $dst $transformbasename | + sed $transformarg`$transformbasename + fi + +# don't allow the sed command to completely eliminate the filename + + if [ x"$dstfile" = x ] + then + dstfile=`basename $dst` + else + true + fi + +# Make a temp file name in the proper directory. + + dsttmp=$dstdir/#inst.$$# + +# Move or copy the file name to the temp name + + $doit $instcmd $src $dsttmp && + + trap "rm -f ${dsttmp}" 0 && + +# and set any options; do chmod last to preserve setuid bits + +# If any of these fail, we abort the whole thing. If we want to +# ignore errors from any of these, just make sure not to ignore +# errors from the above "$doit $instcmd $src $dsttmp" command. + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && + +# Now rename the file to the real destination. + + $doit $rmcmd -f $dstdir/$dstfile && + $doit $mvcmd $dsttmp $dstdir/$dstfile + +fi && + + +exit 0 Index: /tags/2.5.0/man/samhain.8 =================================================================== --- /tags/2.5.0/man/samhain.8 (revision 189) +++ /tags/2.5.0/man/samhain.8 (revision 189) @@ -0,0 +1,822 @@ +.TH SAMHAIN 8 "07 August 2004" "" "Samhain manual" +.SH NAME +samhain \- check file integrity +.SH SYNOPSIS +.SS "INITIALIZING, UPDATING, AND CHECKING" +.PP + +.B samhain +{ +.I \-t init|\-\-set\-checksum\-test=init +} [\-\-init2stdout] [\-r DEPTH|\-\-recursion=DEPTH] [log-options] + +.B samhain +{ +.I \-t update|\-\-set\-checksum\-test=update +} [\-D | \-\-daemon | \-\-foreground] [\-\-forever] [\-r DEPTH|\-\-recursion=DEPTH] [log-options] + +.B samhain +{ +.I \-t check|\-\-set\-checksum\-test=check +} [\-D | \-\-daemon | \-\-foreground] [\-\-forever] [\-r DEPTH,\-\-recursion=DEPTH] [log-options] + +.SS "LISTING THE DATABASE" +.PP + +.B samhain +[\-a | \-\-full\-detail] +[\-\-delimited] +\-d +.IR file | +.RI \-\-list\-database= file + +.SS "VERIFYING AN AUDIT TRAIL" +.PP + +.B samhain +[\-j | \-\-just\-list] +\-L +.IR logfile | +.RI \-\-verify\-log= logfile + +.B samhain +\-M +.IR mailbox | +.RI \-\-verify\-mail= mailbox + + +.SS "MISCELLANEOUS" +.PP + +.B samhain +.RI \-\-server\-port= portnumber + +.B samhain +\-H +.I string +| +.RI \-\-hash\-string= string + +.B samhain +\-c | \-\-copyright + +.B samhain +\-v | \-\-version + +.B samhain +\-h | \-\-help + +.B samhain +\-V key@/path/to/executable | \-\-add\-key=key@/path/to/executable + +.SS "SERVER STARTUP" +.PP + +.B yule +[\-q | \-\-qualified] +[ +.RI \-\-chroot= chrootdir ] +[\-D | \-\-daemon | \-\-foreground] +[log-options] + +.SS "SERVER MISCELLANEOUS" +.PP + +.B yule +[\-P +.I password +| +.RI \-\-password= password ] + +.B yule +[\-G | \-\-gen-password] + +.SS "LOG OPTIONS" +.PP + +[\-s +.I threshold +| +.RI \-\-set\-syslog\-severity= threshold ] +[\-l +.I threshold +| +.RI \-\-set\-log\-severity= threshold ] +[\-m +.I threshold +| +.RI \-\-set\-mail\-severity= threshold ] +[\-e +.I threshold +| +.RI \-\-set\-export\-severity= threshold ] +[\-p +.I threshold +| +.RI \-\-set\-print\-severity= threshold ] +[\-x +.I threshold +| +.RI \-\-set\-external\-severity= threshold ] +[ +.RI \-\-set\-prelude\-severity= threshold ] +[ +.RI \-\-set\-database\-severity= threshold ] +[ +.RI \-\-enable\-trace ] +[ +.RI \-\-trace\-logfile= tracefile ] + + + +.SH WARNING +.PP +The information in this man page is not always up to date. +The authoritative documentation is the user manual. + +.SH DESCRIPTION +.PP +.B samhain +is a file integrity / intrusion detection system both for single hosts +and networks. +It consists of a monitoring application +.RB ( samhain ) +running on +individual hosts, and (optionally) a central log server +.RB ( yule ). +Currently, samhain can monitor the +integrity of files/directories, and (optionally) also +check for kernel rootkits +(Linux and FreeBSD only), search the disk for SUID/SGID, +and watch for login/logout events. +.PP +.B samhain/yule +can log by email, to a tamper-resistant, signed log file, +to syslog, to the Prelude IDS, to a MySQL/PostgreSQL/Oracle database, +and/or to stdout +.RI ( /dev/console +if run as daemon). +.B samhain/yule +can run as a daemon, and can use a time server instead of the host's +system clock. Most of the functionality is defined by a +configuration file that is read at startup. +.PP +Most options of these usually would be set in the configuration file. +Options given on the command line will override +those in the configuration file. + +.SS "OPTIONS FOR INITIALIZING, UPDATING, AND CHECKING" +.PP + +.B samhain +.I "\-t init, \-\-set\-checksum-test=init" +.RI [ options ] + +Initialize the database of file signatures. The path to the +database is compiled in, and initializing will +.B append +to the respective file (or create it, if it does not exist). +.B "It is ok to append to e.g. a JPEG image, but it is an error" +.B "to append to an already existing file signature database." +.PP +.TP +[\-\-init2stdout] +Write the database to stdout. +.TP +[\-r DEPTH|\-\-recursion=DEPTH] +Set the (global) recursion depth. + +.PP +.B samhain +.I "\-t update, \-\-set\-checksum-test=update" +.RI [ options ] + +Update the database of file signatures. The path to the +database is compiled in, and updating will +.B overwrite +the database, starting from the start of the database (which may not be +identical to the start of the file \- see above). +.PP +.TP +[\-r DEPTH|\-\-recursion=DEPTH] +Set the (global) recursion depth. +.TP +[\-D|\-\-daemon] +Run as daemon. File checks are performed as specified by the timing +options in the configuration file. Updates are saved after each file check. +.TP +[\-\-foreground] +Run in the foreground. This will cause samhain to exit after the update, +unless the option +.I "\-\-forever" +is used. +.TP +[\-\-forever] +If not running as daemon, do not exit after finishing the update, but +loop forever, and perform checks with corresponding database updates +according to the timing options in the +configuration file. + +.PP +.B samhain +.I "\-t check, \-\-set\-checksum-test=check" +.RI [ options ] + +Check the filesystem against the database of file signatures. +The path to the database is compiled in. +.PP +.TP +[\-r DEPTH|\-\-recursion=DEPTH] +Set the (global) recursion depth. +.TP +[\-D|\-\-daemon] +Run as daemon. File checks are performed as specified by the timing +options in the configuration file. +.TP +[\-\-foreground] +Run in the foreground. This will cause samhain to exit after the file check, +unless the option +.I "\-\-forever" +is used. +.TP +[\-\-forever] +If not running as daemon, do not exit after finishing the check, but +loop forever, and perform checks according to the timing options in the +configuration file. + +.SS "OPTIONS FOR LISTING THE DATABASE" +.PP + +.B samhain +[\-a | \-\-full\-detail] +[\-\-delimited] +\-d +.IR file | +.RI \-\-list\-database= file + +List the entries in the file signature database in a +.B ls \-l +like format. +.PP +.TP +[\-a | \-\-full\-detail] +List all informations for each file, not only those you would get +with ls \-l. Must precede the \-d option. +.TP +[\-\-delimited] +List all informations for each file, in a comma-separated format. +Must precede the \-d option. +.TP +.RI [\-\-list\-file= file ] +List the literal content of the given file as stored in the database. +Content is not stored by default, must be enabled in the runtime +configuration file. Must precede the \-d option. + +.SS "OPTIONS TO VERIFY AN AUDIT TRAIL" +.PP + +These options will only work, if the executable used for verifying the +audit trail is compiled with the same \-\-enable\-base=... option as the +executable of the reporting process. + +.B samhain +[\-j | \-\-just\-list] +\-L +.IR logfile | +.RI \-\-verify\-log= logfile + +Verify the integrity of a signed logfile. The signing key is +auto\-generated on startup, and sent by email. +.B samhain +will ask for the key. Instead of entering the key, you can also enter +the path to the mailbox holding the respective email message. +.PP +.TP +[\-j | \-\-just\-list] +Just list the logfile, do not verify it. This option must come +.BR first . +It is mainly intended for listing the content of an obfuscated logfile, if +.B samhain +is compiled with the +.B stealth +option. + +.B samhain +\-M +.IR mailbox | +.RI \-\-verify\-mail= mailbox + +Verify the integrity of the email reports from samhain. All reports must be +in the same file. + +.SS "MISCELLANEOUS OPTIONS" +.PP + +.B samhain +.RI \-\-server\-port= portnumber + +Choose the port on the server host to which the client will connect. + +.B samhain +\-H +.I string +| +.RI \-\-hash\-string= string + +Compute the TIGER192 checksum of a string. If the string starts with +a '/', it is considered as a pathname, and the checksum of the corresponding +file will be computed. + +.B samhain +\-c | \-\-copyright + +Print the copyright statement. + +.B samhain +\-v | \-\-version + +Show version and compiled-in options. + +.B samhain +\-h | \-\-help + +Print supported command line options (depending on compilation options). + +.B samhain +\-V key@/path/to/executable | \-\-add\-key=key@/path/to/executable + +See the section "SECURITY" below. + +.SS "SERVER STARTUP OPTIONS" +.PP + +.B yule +[\-q | \-\-qualified] +[ +.RI \-\-chroot= chrootdir ] +[\-D | \-\-daemon | \-\-foreground] +[log-options] + +Start the server, which is named +.B yule +by default. If the server is started with superuser privileges, +it will drop them after startup. +.PP +.TP +[\-q | \-\-qualified] +Log client hostnames with fully qualified path. The default is to +log only the leftmost domain label (i.e. the hostname). +.TP +[ +.RI \-\-chroot= chrootdir ] +Chroot to the listed directory after startup. +.TP +[\-D | \-\-daemon] +Run as daemon. +.TP +[\-\-foreground] +Run in the foreground. + + +.SS "MISCELLANEOUS SERVER OPTIONS" +.PP + +.B yule +[\-G | \-\-gen-password] + +Generate a random 8\-byte password and print it out in hexadecimal notation. + + +.B yule +[\-P +.I password +| +.RI \-\-password= password ] + +Use the given +.I password +and generate an entry suitable for the [Clients] section of the +configuration file. + +.SS "LOGGING OPTIONS" +.PP + +Depending on the compilation options, some logging facilities may not +be available in your executable. +.PP +.TP +.I "\-s threshold, \-\-set\-syslog\-severity=threshold" +Set the threshold for logging events via syslogd(8). +Possible values are +.IR debug , +.IR info , +.IR notice , +.IR warn , +.IR mark , +.IR err , +.IR crit , +.IR alert , +and +.IR none . +By default, everything equal to and above the threshold will be logged. +Time stamps have the priority +.IR warn , +system\-level errors have the priority +.IR err , +and important start\-up messages the priority +.IR alert . +The signature key for the log file will never be logged to syslog or the +log file itself. +.TP +.I "\-l threshold, \-\-set\-log\-severity=threshold" +Set the threshold for logging events to the log file. +.TP +.I "\-m threshold, \-\-set\-mail\-severity=threshold" +Set the threshold for logging events via e\-mail. +.TP +.I "\-e threshold, \-\-set\-export\-severity=threshold" +Set the threshold for forwarding events via TCP to a log server. +.TP +.I "\-x threshold, \-\-set\-extern\-severity=threshold" +Set the threshold for calling external logging programs/scripts (if any are +defined in the configuration file). +.TP +.I "\-p threshold, \-\-set\-print\-severity=threshold" +Set the threshold for logging events to stdout. +If +.B samhain +runs as a daemon, this is redirected to /dev/console. +.TP +.I "\-\-set\-prelude\-severity=threshold" +Set the threshold for logging events to the Prelude IDS. +.TP +.I "\-\-set\-database\-severity=threshold" +Set the threshold for logging events to the MySQL/PostgreSQL/Oracle +database. + + + +.SH SIGNALS +.TP +.I SIGUSR1 +Switch on/off maximum verbosity for console output. +.TP +.I SIGUSR2 +Suspend/continue the process, and +(on suspend) send a message +to the server. This message has the same priority as timestamps. +This signal +allows to run +.I samhain -t init -e none +on the client +to regenerate the database, with download of the configuration file +from the server, while the daemon is suspended (normally you would get +errors because of concurrent access to the server by two processes from +the +.IR "same host" ")." +.TP +.I SIGHUP +Reread the configuration file. +.TP +.I SIGTERM +Terminate. +.TP +.I SIGQUIT +Terminate after processing all pending requests from clients. +.TP +.I SIGABRT +Unlock the log file, pause for three seconds, then proceed, +eventually re-locking the log file and starting a fresh audit trail +on next access. +.TP +.I SIGTTOU +Force a file check (only client/standalone, and only in daemon mode). + + +.SH DATABASE +The database (default name +.IR samhain_file ) +is a binary file, which can be created or updated using the +.B \-t +.I init +or the +.B \-t +.I update +option. +If you use +.B \-t +.IR init , +you need to +.I remove +the old database first, +otherwise the new version will be +.I appended +to the old one. +The file may be (clear text) signed by PGP/GnuPG. +.br +It is recommended to use GnuPG with the options +.B gpg +.I -a --clearsign --not-dash-escaped +.br +.B samhain +will check the signature, if compiled with support for that. +.PP +At startup +.B samhain +will compute the checksum of the database, and verify it for +each further access. This checksum is not stored on disk (i.e. is lost +after program termination), as there is no secure way to store it. + +.SH LOG FILE +.PP +Each entry in the log file has the format +.BR "Severity : [Timestamp] Message" , +where the timestamp may be obtained from a time server rather than from +the system clock, if +.B samhain +has been compiled with support for this. +Each entry is followed by a +.IR signature , +which is computed as +.BR "Hash(Entry Key_N)" , +and +.B Key_N +is computed as +.BR "Hash(Key_N\-1)" , +i.e. only knowledge of the first signature key in this chain allows to +verify the integrity of the log file. This first key is autogenerated +and e\-mailed to the designated recipient. +.PP +The default name of the log file is +.IR samhain_log . +To prevent multiple instances of +.B samhain +from writing to the same log file, the log file is locked by creating a +.IR "lock file" , +which is normally deleted at program termination. +The default name of the +.I "lock file" +is +.IR samhain.lock . +If +.B samhain +is terminated abnormally, i.e. with kill \-9, +a stale lock file might remain, but usually +.B samhain +will be able to recognize that and remove the stale lock file +on the next startup. +.PP +.SH EMAIL +.PP +E\-mails are sent (using built-in SMTP code) +to one recipient only. +The subject line contains timestamp +and hostname, which are repeated in the message body. +The body of the mail contains a line with a +.I signature +similar to that in the log file, computed from the message and a +key. The key is iterated by a hash chain, and the initial +key is revealed in the first email sent. +Obviously, you have to believe that this first e\-mail is +authentical ... +.PP +.SH CLIENT/SERVER USAGE +.PP +To monitor several machines, and collecting data by a central log server, +.B samhain +may be compiled as a client/server application. The log server +.RB ( yule ) +will accept connection +requests from registered clients only. With each client, the server will first +engage in a challenge/response protocol for +.I authentication +of the client and +.I establishing +a +.IR "session key" . +.PP +This protocol requires on the client side a +.IR "password" , +and on the server side a +.IR "verifier" +that is computed from the +.IR "password" . +.PP +To +.I register +a client, simply do the following: +.br +First, with the included utility program +.B samhain_setpwd +re\-set the compiled\-in default password of the +client executable to your preferred +value (with no option, a short usage help is printed). +To allow for non-printable chars, the new value +must be given as a 16\-digit hexadecimal string +(only 0123456789ABCDEF in string), corresponding to an 8-byte password. +.br +Second, after re\-setting the password in the client executable, +you can use the server's convenience function +.B yule +.B \-P +.I password +that will take as input the (16\-digit hex) password, +compute the corresponding verifier, and outputs a default configuration file +entry to register the client. +.br +Third, in the configuration file for the server, under the [Clients] section, +enter +the suggested registration entry of the form +.IR "Client=hostname@salt@verifier" , +where +.I hostname +must be the (fully qualified) hostname of the machine on +which the client will run. +.B "Don't forget to reload the server configuration thereafter." +.PP +If a connection attempt is made, the server will lookup the entry for +the connecting host, and use the corresponding value for the +.I verifier +to engage in the session key exchange. Failure to verify the client's +response(s) will result in aborting the connection. +.PP +.SH STEALTH +.PP +.B samhain +may be compiled with support for a +.I stealth +mode of operation, meaning that +the program can be run without any obvious trace of its presence +on disk. The supplied facilities are simple - they are more +sophisticated than just running the program under a different name, +and might thwart efforts using 'standard' Unix commands, +but they will not resist a search using dedicated utilities. +.PP +In this mode, the runtime executable will hold no +printable strings, and the configuration file is expected to be +a postscript file with +.I uncompressed +image data, wherein +the configuration data are hidden by steganography. +To create such a file from an existing image, you may use e.g. +the program +.BR convert (1), +which is part of the +.BR ImageMagick (1) +package, such as: +.B "convert +compress" +.IR "ima.jpg ima.ps" . +.PP +To hide/extract the configuration data within/from the postscript file, +a utility program +.B samhain_stealth +is provided. +Use it without options to get help. +.PP +Database and log file may be e.g. existing image files, to which +data are appended, xor'ed with some constant to mask them as binary data. +.PP +The user is responsible by herself for re-naming the compiled +executable(s) to unsuspicious names, and choosing (at compile time) +likewise unsuspicious names for config file, database, and log (+lock) file. +.PP +.SH SECURITY +.PP +For security reasons, +.B samhain +will not write log or data files in a directory, remove the lock file, +or read the configuration file, if any element +in the path is owned or writeable by an untrusted user (including +group-writeable files with untrusted users in the group, and world-writeable +files). +.br +.I root +and the +.I effective +user are always trusted. You can add more users in the configuration file. +.PP +Using a +.I "numerical host address" +in the e\-mail address is more secure than +using the hostname (does not require +DNS lookup). +.PP +If you use a +.I precompiled +.B samhain +executable (e.g. from a +binary distribution), in principle a prospective intruder could easily +obtain a copy of the executable and analyze it in advance. This will +enable her/him to generate fake audit trails and/or generate +a trojan for this particular binary distribution. +.br +For this reason, it is possible for the user to add more key material into +the binary executable. This is done with the command: +.PP +.BI "samhain " \-\-add\-key=key@/path/to/executable +.PP +This will read the file +.I /path/to/executable, add the key +.I key, +which should not contain a '@' (because it has a special meaning, separating +key from path), overwrite any key previously set by this command, and +write the new binary to the location +.I /path/to/executable.out +(i.e. with .out appended). You should then copy the new binary to the location +of the old one (i.e. overwrite the old one). +.PP +.B Note that using a precompiled samhain executable from a binary +.B package distribution is not recommended unless you add in key material as +.B described here. + +.PP +.SH NOTES +.PP +For initializing the key(s), +.I "/dev/random" +is used, if available. This is a +device supplying cryptographically strong +(non-deterministic) random noise. Because it is slow, +.B samhain +might appear to hang at startup. Doing some random things +(performing rain dances, spilling coffee, hunting the mouse) might speed up +things. If you do not have +.IR "/dev/random" , +lots of statistics from +.BR vmstat (8) +and the like will be pooled and mixed by a hash function. +.PP +Some hosts might check whether the sender of the mail is valid. +Use only +.I "login names" +for the sender. +.br +For sending mails, you may need to set a relay host for the sender domain +in the configuration file. +.PP +.SH BUGS +.PP +Whoever has the original signature key may change the log file and send fake +e\-mails. The signature keys are e\-mailed at program startup +with a one\-time pad encryption. +This should be safe against an eavesdropper on the network, +but not against someone with read access to the binary, +.I if +she has caught +the e\-mail. +.PP +.SH FILES +.PP +.I /etc/samhainrc +.br +.I /usr/local/man/man8/samhain.8 +.br +.I /usr/local/man/man5/samhainrc.5 +.br +.I /var/log/samhain_log +.br +.I /var/lib/samhain/samhain_file +.br +.I /var/lib/samhain/samhain.html +.br +.I /var/run/samhain.pid + +.SH SEE ALSO +.PP +.BR samhainrc (5) + +.SH AUTHOR +.PP +Rainer Wichmann (http://la\-samhna.de) +.SH BUG REPORTS +.PP +If you find a bug in +.BR samhain , +please send electronic mail to +.IR support@la\-samhna.de . +Please include your operating system and its revision, the version of +.BR samhain , +what C compiler you used to compile it, your 'configure' options, and +any information that you deem helpful. +.PP +.SH COPYING PERMISSIONS +.PP +Copyright (\(co) 1999, 2004 Rainer Wichmann +.PP +Permission is granted to make and distribute verbatim copies of +this manual page provided the copyright notice and this permission +notice are preserved on all copies. +.ig +Permission is granted to process this file through troff and print the +results, provided the printed document carries copying permission +notice identical to this one except for the removal of this paragraph +(this paragraph not being relevant to the printed manual page). +.. +.PP +Permission is granted to copy and distribute modified versions of this +manual page under the conditions for verbatim copying, provided that +the entire resulting derived work is distributed under the terms of a +permission notice identical to this one. + + + Index: /tags/2.5.0/man/samhainrc.5 =================================================================== --- /tags/2.5.0/man/samhainrc.5 (revision 189) +++ /tags/2.5.0/man/samhainrc.5 (revision 189) @@ -0,0 +1,804 @@ +.TH SAMHAINRC 5 "Jul 29, 2004" "" "samhainrc manual" +.SH NAME +samhainrc \- samhain(8) configuration file + +.SH WARNING +.PP +The information in this man page is not always up to date. +The authoritative documentation is the user manual. + +.SH DESCRIPTION +.PP +The configuration file for +.BR samhain (8) +is named +.I samhainrc +and located in +.I /etc +by default. +.PP +It contains several sections, indicated by headings in square brackets. +Each section may hold zero or more +.BI key= value +pairs. Blank lines and lines starting with '#' are comments. +Everything before the first section and after an +.I "[EOF]" +is ignored. The file may be (clear text) signed by PGP/GnuPG, and +.B samhain +may invoke GnuPG to check the signature +if compiled with support for it. +.PP +Conditional inclusion of entries for some host(s) is +supported via any number of +.BI @ hostname /@ end +directives. +.BI @ hostname +and +.BI @ end +must each be on separate lines. Lines in between will only be +read if +.I "hostname" +(which may be a regular expression) matches the local host. +.PP +Likewise, conditional inclusion of entries based on system type is +supported via any number of +.BI $ sysname:release:machine /$ end +directives. +.br +.I "sysname:release:machine" +can be inferred from +.I "uname -srm" +and may be a regular expression. +.PP +Filenames/directories to check may be wildcard patterns. +.PP +Options given on the command line will override +those in the configuration file. +The recognized sections in the configuration file are as follows: +.PP +Boolean options can be set with any of 1|true|yes or 0|false|no. +.TP +.I "[ReadOnly]" +This section may contain +.br +.BI file= PATH +and +.br +.BI dir= [depth]PATH +entries for files and directories to check. All modifications except access +times will be reported for these files. +.I [depth] (use without brackets) +is an optional parameter to define a per\-directory recursion +depth. +.TP +.I "[LogFiles]" +As above, but modifications of timestamps, file size, and signature will +be ignored. +.TP +.I "[GrowingLogFiles]" +As above, but modifications of file size will only be ignored if the size has +.IR increased . +.TP +.I "[Attributes]" +As above, but only modifications of ownership and access permissions +will be checked. +.TP +.I "[IgnoreAll]" +As above, but report no modifications for +these files/directories. Access failures +will still be reported. +.TP +.I "[IgnoreNone]" +As above, but report all modifications for these files/directories, +including access time. +.TP +.I "[User0]" +.TP +.I "[User1]" +.TP +.I "[User2]" +.TP +.I "[User3]" +.TP +.I "[User4]" +These are reserved for user-defined policies. +.TP +.I "[Prelink]" +For prelinked executables / libraries or directories holding them. +.TP +.I "[Log]" +This section defines the filtering rules for logging. +It may contain the following entries: +.br +.BI MailSeverity= val +where the threshold value +.I val +may be one of +.IR debug , +.IR info , +.IR notice , +.IR warn , +.IR mark , +.IR err , +.IR crit , +.IR alert , +or +.IR none . +By default, everything equal to and above the threshold will be logged. +The specifiers +.IR * , +.IR ! , +and +.I = +are interpreted as 'all', 'all but', and 'only', respectively (like +in the Linux version of syslogd(8)). +Time stamps have the priority +.IR warn , +system\-level errors have the priority +.IR err , +and important start\-up messages the priority +.IR alert . +The signature key for the log file will never be logged to syslog or the +log file itself. +For failures to verify file integrity, error levels are defined +in the next section. +.br +.BI PrintSeverity= val, +.br +.BI LogSeverity= val, +.br +.BI ExportSeverity= val, +.br +.BI ExternalSeverity= val, +.br +.BI PreludeSeverity= val, +.br +.BI DatabaseSeverity= val, +and +.br +.BI SyslogSeverity= val +set the thresholds for logging via stdout (or +.IR /dev/console ), +log file, TCP forwarding, calling external programs, +and +.BR syslog (3). +.TP +.I "[EventSeverity]" +.BI SeverityReadOnly= val, +.br +.BI SeverityLogFiles= val, +.br +.BI SeverityGrowingLogs= val, +.br +.BI SeverityIgnoreNone= val, +.br +.BI SeverityIgnoreAll= val, +.br +.BI SeverityPrelink= val, +.br +.BI SeverityUser0= val, +.br +.BI SeverityUser1= val, +.br +.BI SeverityUser2= val, +.br +.BI SeverityUser3= val, +and +.br +.BI SeverityUser4= val +define the error levels for failures to verify the integrity of +files/directories of the respective types. I.e. if such a file shows +unexpected modifications, an error of level +.I val +will be generated, and logged to all facilities with a threshold of at least +.IR val . +.br +.BI SeverityFiles= val +sets the error level for file access problems, and +.br +.BI SeverityDirs= val +for directory access problems. +.br +.BI SeverityNames= val +sets the error level for obscure file names +(e.g. non\-printable characters), and for files +with invalid UIDs/GIDs. +.TP +.I "[External]" +.BI OpenCommand= path +Start the definition of an external logging program|script. +.br +.BI SetType= log|srv +Type/purpose of program (log for logging). +.br +.BI SetCommandline= list +Command line options. +.br +.BI SetEnviron= KEY=val +Environment for external program. +.br +.BI SetChecksum= val +Checksum of the external program (checked before invoking). +.br +.BI SetCredentials= username +User as who the program will run. +.br +.BI SetFilterNot= list +Words not allowed in message. +.br +.BI SetFilterAnd= list +Words required (ALL) in message. +.br +.BI SetFilterOr= list +Words required (at least one) in message. +.br +.BI SetDeadtime= seconds +Time between consecutive calls. +.TP +.I "[Utmp]" +Configuration for watching login/logout events. +.br +.BI LoginCheckActive= 0|1 +Switch off/on login/logout reporting. +.br +.BI LoginCheckInterval= val +Interval (seconds) between checks for login/logout events. +.br +.BI SeverityLogin= val +.br +.BI SeverityLoginMulti= val +.br +.BI SeverityLogout= val +Severity levels for logins, multiple logins +by same user, and logouts. +.TP +.I "[Kernel]" +Configuration for detecting kernel rootkits. +.br +.BI KernelCheckActive= 0|1 +Switch off/on checking of kernel syscalls to detect kernel module rootkits. +.br +.BI KernelCheckInterval= val +Interval (seconds) between checks. +.br +.BI SeverityKernel= val +Severity level for clobbered kernel syscalls. +.br +.BI KernelCheckIDT= 0|1 +Whether to check the interrrupt descriptor table. +.br +.BI KernelSystemCall= address +The address of system_call (grep system_call System.map). +Required after a kernel update. +.br +.BI KernelProcRoot= address +The address of proc_root (grep ' proc_root$' System.map). +Required after a kernel update. +.br +.BI KernelProcRootIops= address +The address of proc_root_inode_operations +(grep proc_root_inode_operations System.map). +Required after a kernel update. +.br +.BI KernelProcRootLookup= address +The address of proc_root_lookup (grep proc_root_lookup System.map). +Required after a kernel update. +.TP +.I "[SuidCheck]" +Settings for finding SUID/SGID files on disk. +.br +.BI SuidCheckActive= 0|1 +Switch off/on the check. +.br +.BI SuidCheckExclude= path + A directory (and its subdirectories) + to exclude from the check. Only one directory can be specified this way. +.br +.BI SuidCheckSchedule= schedule +Crontab-like schedule for checks. +.br +.BI SeveritySuidCheck= severity +Severity for events. +.br +.BI SuidCheckFps= fps +Limit files per seconds for SUID check. +.br +.BI SuidCheckNosuid= 0|1 +Check filesystems mounted as nosuid. Defaults to not. +.br +.BI SuidCheckQuarantineFiles= 0|1 +Whether to quarantine files. Defaults to not. +.br +.BI SuidCheckQuarantineMethod= 0|1|2 +Quarantine method. Delete = 1, remove suid/sgid flags = 1, move to quarantine directory = 2. Defaults to 1 (remove suid/sgid flags). +.br +.BI +.TP +.I "[Mounts]" +Configuration for checking mounts. +.br +.BI MountCheckActive= 0|1 +Switch off/on this module. +.br +.BI MountCheckInterval= seconds + The interval between checks (default 300). +.br +.BI SeverityMountMissing= severity +Severity for reports on missing mounts. +.br +.BI SeverityOptionMissing= severity +Severity for reports on missing mount options. +.br +.BI CheckMount= path +[mount_options] +.br +Mount point to check. Mount options must be given as +comma-separated list, separated by a blank from the preceding mount point. +.TP +.I "[UserFiles]" +Configuration for checking paths relative to user home directories. +.br +.BI UserFilesActive= 0|1 +Switch off/on this module. +.br +.BI UserFilesName= filename +policy +.br +Files to check for under each $HOME. Allowed values for 'policy' +are: allignore, attributes, logfiles, loggrow, noignore (default), +readonly, user0, user1, user2, user3, and user4. +.br +.BI UserFilesCheckUids= uid_list +A list of UIDs where we want to check. The default +is all. Ranges (e.g. 100-500) are allowed. If there is an open range (e.g. +1000-), it must be last in the list. +.TP +.I "[ProcessCheck]" +Settings for finding hidden/fake,required processes on the local host. +.br +.BI ProcessCheckActive= 0|1 +Switch off/on the check. +.br +.BI ProcessCheckInterval= seconds + The interval between checks (default 300). +.br +.BI SeverityProcessCheck= severity +Severity for events (default crit). +.br +.BI ProcessCheckMinPID= pid +The minimum PID to check (default 0). +.br +.BI ProcessCheckMaxPID= pid +The maximum PID to check (default 32767). +.br +.BI ProcessCheckPSPath= path +The path to ps (autodetected at compile time). +.br +.BI ProcessCheckPSArg= argument +The argument to ps (autodetected at compile time). +Must yield PID in first column. +.br +.BI ProcessCheckExists= regular_expression +Check for existence of a process matching the given regular expression. +.TP +.I "[PortCheck]" +Settings for checking open ports on the local host. +.br +.BI PortCheckActive= 0|1 +Switch off/on the check. +.br +.BI PortCheckInterval= seconds + The interval between checks (default 300). +.br +.BI PortCheckUDP= yes|no +Whether to check UPD ports as well (default yes). +.br +.BI SeverityPortCheck= severity +Severity for events (default crit). +.br +.BI PortCheckInterface= ip_address +Additional interface to check. +.br +.BI PortCheckOptional= ip_address:list +Ports that may, but need not be open. The ip_address is the one +of the interface, the list must be +comma or whitespace separated, each item must be (port|service)/protocol, +e.g. 22/tcp,nfs/tcp/nfs/udp. +.br +.BI PortCheckRequired= ip_address:list +Ports that are required to be open. The ip_address is the one +of the interface, the list must be +comma or whitespace separated, each item must be (port|service)/protocol, +e.g. 22/tcp,nfs/tcp/nfs/udp. +.TP +.I "[Database]" +Settings for +.I logging +to a database. +.br +.BI SetDBHost= db_host +Host where the DB server runs (default: localhost). +Should be a numeric IP address for PostgreSQL. +.br +.BI SetDBName= db_name +Name of the database (default: samhain). +.br +.BI SetDBTable= db_table +Name of the database table (default: log). +.br +.BI SetDBUser= db_user +Connect as this user (default: samhain). +.br +.BI SetDBPassword= db_password +Use this password (default: none). +.br +.BI SetDBServerTstamp= true|false +Log server timestamp for client messages (default: true). +.br +.BI UsePersistent= true|false +Use a persistent connection (default: true). +.TP +.I "[Misc]" +.BI Daemon= no|yes +Detach from controlling terminal to become a daemon. +.br +.BI MessageHeader= format +Costom format for message header. Replacements: +.I %F +source file name, +.I %L +source file line, +.I %S +severity, +.I %T +timestamp, +.I %C +message class. +.br +.BI VersionString= string +Set version string to include in file signature database +(along with hostname and date). +.br +.BI SetReverseLookup= true|false +If false, skip reverse lookups when connecting to a host known by name +rather than IP address. +.br +.BI HideSetup= yes|no +Don't log name of config/database files on startup. +.br +.BI SyslogFacility= facility +Set the syslog facility to use. Default is LOG_AUTHPRIV. +.br +.BI MACType= HASH-TIGER|HMAC-TIGER +Set type of message authentication code (HMAC). +Must be identical on client and server. +.br +.BI SetLoopTime= val +Defines the interval (in seconds) for timestamps. +.br +.BI SetConsole= device +Set the console device (default /dev/console). +.br +.BI MessageQueueActive= 1|0 +Whether to use a SysV IPC message queue. +.br +.BI PreludeMapToInfo= list of severities +The severities (see section +.IR [Log] ) +that should be mapped to impact +severity +.I info +in prelude. +.br +.BI PreludeMapToLow= list of severities +The severities (see section +.IR [Log] ) +that should be mapped to impact +severity +.I low +in prelude. +.br +.BI PreludeMapToMedium= list of severities +The severities (see section +.IR [Log] ) +that should be mapped to impact +severity +.I medium +in prelude. +.br +.BI PreludeMapToHigh= list of severities +The severities (see section +.IR [Log] ) +that should be mapped to impact +severity +.I high +in prelude. +.br +.BI SetMailTime= val +defines the maximum interval (in seconds) between succesive e\-mail reports. +Mail might be empty if there are no events to report. +.br +.BI SetMailNum= val +defines the maximum number of messages that are stored before e\-mailing them. +Messages of highest priority are always sent immediately. +.br +.BI SetMailAddress= username @ host +sets the recipient address for mailing. +.I "No aliases should be used." +For security, you should prefer a numerical host address. +.br +.BI SetMailRelay= server +sets the hostname for the mail relay server (if you need one). +If no relay server is given, mail is sent directly to the host given in the +mail address, otherwise it is sent to the relay server, who should +forward it to the given address. +.br +.BI SetMailSubject= val +defines a custom format for the subject of an email message. +.br +.BI SetMailSender= val +defines the sender for the 'From:' field of a message. +.br +.BI SetMailFilterAnd= list +defines a list of strings all of which must match a message, otherwise +it will not be mailed. +.br +.BI SetMailFilterOr= list +defines a list of strings at least one of which must match a message, otherwise +it will not be mailed. +.br +.BI SetMailFilterNot= list +defines a list of strings none of which should match a message, otherwise +it will not be mailed. +.br +.BI SamhainPath= /path/to/binary +sets the path to the samhain binary. If set, samhain will checksum +its own binary both on startup and termination, and compare both. +.br +.BI SetBindAddress= IP_address +The IP address (i.e. interface on multi-interface box) to use +for outgoing connections. +.br +.BI SetTimeServer= server +sets the hostname for the time server. +.br +.BI TrustedUser= name|uid +Add a user to the set of trusted users (root and the effective user +are always trusted. You can add up to 7 more users). +.br +.BI SetLogfilePath= AUTO|/path +Path to logfile (AUTO to tack hostname on compiled-in path). +.br +.BI SetLockfilePath= AUTO|/path +Path to lockfile (AUTO to tack hostname on compiled-in path). +.TP +.B Standalone or client only +.br +.BI SetNiceLevel= -19..19 +Set scheduling priority during file check. +.br +.BI SetIOLimit= bps +Set IO limits (kilobytes per second) for file check. +.br +.BI SetFilecheckTime= val +Defines the interval (in seconds) between succesive file checks. +.br +.BI FileCheckScheduleOne= schedule +Crontab-like schedule for file checks. If used, +.I SetFilecheckTime +is ignored. +.br +.BI UseHardlinkCheck= yes|no +Compare number of hardlinks to number of subdirectories for directories. +.br +.BI HardlinkOffset= N:/path +Exception (use multiple times for multiple +exceptions). N is offset (actual - expected hardlinks) for /path. +.br +.BI AddOKChars= N1,N2,.. +List of additional acceptable characters (byte value(s)) for the check for +weird filenames. Nn may be hex (leading '0x': 0xNN), octal +(leading zero: 0NNN), or decimal. +Use +.I all +for all. +.br +.BI FilenamesAreUTF8= yes|no +Whether filenames are UTF-8 encoded (defaults to no). If yes, filenames +are checked for invalid UTF-8 encoding and for ending in invisible characters. +.br +.BI IgnoreAdded= path_regex +Ignore if this file/directory is added/created. +.br +.BI IgnoreMissing= path_regex +Ignore if this file/directory is missing/deleted. +.br +.BI ReportOnlyOnce= yes|no +Report only once on a modified file (default yes). +.br +.BI ReportFullDetail= yes|no +Report in full detail on modified files (not only modified items). +.br +.BI UseLocalTime= yes|no +Report file timestamps in local time rather than GMT (default no). +Do not use this with Beltane. +.br +.BI ChecksumTest= {init|update|check|none} +defines whether to initialize/update the database or verify files against it. +If 'none', you should supply the required option on the command line. +.br +.BI SetPrelinkPath= path +Path of the prelink executable (default /usr/sbin/prelink). +.br +.BI SetPrelinkChecksum= checksum +TIGER192 checksum of the prelink executable (no default). +.br +.BI SetLogServer= server +sets the hostname for the log server. +.br +.BI SetServerPort= portnumber +sets the port on the server to connect to. +.br +.BI SetDatabasePath= AUTO|/path +Path to database (AUTO to tack hostname on compiled-in path). +.br +.BI DigestAlgo= SHA1|MD5 +Use SHA1 or MD5 instead of the TIGER checksum (default: TIGER192). +.br +.BI RedefReadOnly= +/-XXX,+/-YYY,... +Add or subtract tests XXX from the ReadOnly policy. +Tests are: CHK (checksum), TXT (store literal content), LNK (link), +HLN (hardlink), INO (inode), USR (user), GRP (group), MTM (mtime), +ATM (atime), CTM (ctime), SIZ (size), RDEV (device numbers) +and/or MOD (file mode). +.br +.BI RedefAttributes= +/-XXX,+/-YYY,... +Add or subtract tests XXX from the Attributes policy. +.br +.BI RedefLogFiles= +/-XXX,+/-YYY,... +Add or subtract tests XXX from the LogFiles policy. +.br +.BI RedefGrowingLogFiles= +/-XXX,+/-YYY,... +Add or subtract tests XXX from the GrowingLogFiles policy. +.br +.BI RedefIgnoreAll= +/-XXX,+/-YYY,... +Add or subtract tests XXX from the IgnoreAll policy. +.br +.BI RedefIgnoreNone= +/-XXX,+/-YYY,... +Add or subtract tests XXX from the IgnoreNone policy. +.br +.BI RedefUser0= +/-XXX,+/-YYY,... +Add or subtract tests XXX from the User0 policy. +.br +.BI RedefUser1= +/-XXX,+/-YYY,... +Add or subtract tests XXX from the User1 policy. +.br +.BI RedefUser2= +/-XXX,+/-YYY,... +Add or subtract tests XXX from the User2 policy. +.br +.BI RedefUser3= +/-XXX,+/-YYY,... +Add or subtract tests XXX from the User3 policy. +.br +.BI RedefUser4= +/-XXX,+/-YYY,... +Add or subtract tests XXX from the User4 policy. +.TP +.B Server Only +.br +.BI SetUseSocket= yes|no +If unset, do not open the command socket. The default is no. +.br +.BI SetSocketAllowUid= UID +Which user can connect to the command socket. The default is 0 (root). +.br +.BI SetSocketPassword= password +Password (max. 14 chars, no '@') for password-based authentication on the +command socket (only if the OS does not support passing +credentials via sockets). +.br +.BI SetChrootDir= path +If set, chroot to this directory after startup. +.br +.BI SetStripDomain= yes|no +Whether to strip the domain from the client hostname when +logging client messages (default: yes). +.br +.BI SetClientFromAccept= true|false +If true, use client address as known to the communication layer. Else +(default) use client name as claimed by the client, try to verify against +the address known to the communication layer, and accept +(with a warning message) even if this fails. +.br +.BI UseClientSeverity= yes|no +Use the severity of client messages. +.br +.BI UseClientClass= yes|no +Use the class of client messages. +.br +.BI SetServerPort= number +The port that the server should use for listening (default is 49777). +.br +.BI SetServerInterface= IPaddress +The IP address (i.e. interface on multi-interface box) that the +server should use for listening (default is all). Use INADDR_ANY to reset +to all. +.br +.BI SeverityLookup= severity +Severity of the message on client address != socket peer. +.br +.BI UseSeparateLogs= true|false +If true, messages from different clients will be logged to separate +log files (the name of the client will be appended to the name of the main +log file to construct the logfile name). +.br +.BI SetClientTimeLimit= seconds +The maximum time between client messages. If exceeded, a warning will +be issued (the default is 86400 sec = 1 day). +.br +.BI SetUDPActive= yes|no +yule 1.2.8+: Also listen on 514/udp (syslog). + + +.TP +.I "[Clients]" +This section is only relevant if +.B samhain +is run as a log server for clients running on another (or the same) machine. +.br +.BI Client= hostname @ salt @ verifier +registers a client at host +.I hostname +(fully qualified hostname required) for access to the +log server. +Log entries from unregistered clients will not be accepted. +To generate a salt and a valid verifier, use the command +.B "samhain -P" +.IR "password" , +where +.I password +is the password of the client. A simple utility program +.B samhain_setpwd +is provided to re\-set the compiled\-in default password of the client +executable to a user\-defined +value. +.TP +.I "[EOF]" +An optional end marker. Everything below is ignored. + +.SH SEE ALSO +.PP +.BR samhain (8) + +.SH AUTHOR +.PP +Rainer Wichmann (http://la\-samhna.de) + +.SH BUG REPORTS +.PP +If you find a bug in +.BR samhain , +please send electronic mail to +.IR support@la\-samhna.de . +Please include your operating system and its revision, the version of +.BR samhain , +what C compiler you used to compile it, your 'configure' options, and +anything else you deem helpful. + +.SH COPYING PERMISSIONS +.PP +Copyright (\(co) 2000, 2004, 2005 Rainer Wichmann +.PP +Permission is granted to make and distribute verbatim copies of +this manual page provided the copyright notice and this permission +notice are preserved on all copies. +.ig +Permission is granted to process this file through troff and print the +results, provided the printed document carries copying permission +notice identical to this one except for the removal of this paragraph +(this paragraph not being relevant to the printed manual page). +.. +.PP +Permission is granted to copy and distribute modified versions of this +manual page under the conditions for verbatim copying, provided that +the entire resulting derived work is distributed under the terms of a +permission notice identical to this one. + Index: /tags/2.5.0/missing =================================================================== --- /tags/2.5.0/missing (revision 189) +++ /tags/2.5.0/missing (revision 189) @@ -0,0 +1,188 @@ +#! /bin/sh +# Common stub for a few missing GNU programs while installing. +# Copyright (C) 1996, 1997 Free Software Foundation, Inc. +# Franc,ois Pinard , 1996. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. + +if test $# -eq 0; then + echo 1>&2 "Try \`$0 --help' for more information" + exit 1 +fi + +case "$1" in + + -h|--h|--he|--hel|--help) + echo "\ +$0 [OPTION]... PROGRAM [ARGUMENT]... + +Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an +error status if there is no known handling for PROGRAM. + +Options: + -h, --help display this help and exit + -v, --version output version information and exit + +Supported PROGRAM values: + aclocal touch file \`aclocal.m4' + autoconf touch file \`configure' + autoheader touch file \`config.h.in' + automake touch all \`Makefile.in' files + bison create \`y.tab.[ch]', if possible, from existing .[ch] + flex create \`lex.yy.c', if possible, from existing .c + lex create \`lex.yy.c', if possible, from existing .c + makeinfo touch the output file + yacc create \`y.tab.[ch]', if possible, from existing .[ch]" + ;; + + -v|--v|--ve|--ver|--vers|--versi|--versio|--version) + echo "missing - GNU libit 0.0" + ;; + + -*) + echo 1>&2 "$0: Unknown \`$1' option" + echo 1>&2 "Try \`$0 --help' for more information" + exit 1 + ;; + + aclocal) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`acinclude.m4' or \`configure.ac'. You might want + to install the \`Automake' and \`Perl' packages. Grab them from + any GNU archive site." + touch aclocal.m4 + ;; + + autoconf) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`configure.ac'. You might want to install the + \`Autoconf' and \`GNU m4' packages. Grab them from any GNU + archive site." + touch configure + ;; + + autoheader) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`acconfig.h' or \`configure.ac'. You might want + to install the \`Autoconf' and \`GNU m4' packages. Grab them + from any GNU archive site." + files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER([^):]*:\([^)]*\)).*/\1/p' configure.ac` + if test -z "$files"; then + files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^):]*\)).*/\1/p' configure.ac` + test -z "$files" || files="$files.in" + else + files=`echo "$files" | sed -e 's/:/ /g'` + fi + test -z "$files" && files="config.h.in" + touch $files + ;; + + automake) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`Makefile.am', \`acinclude.m4' or \`configure.ac'. + You might want to install the \`Automake' and \`Perl' packages. + Grab them from any GNU archive site." + find . -type f -name Makefile.am -print \ + | sed 's/^\(.*\).am$/touch \1.in/' \ + | sh + ;; + + bison|yacc) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified a \`.y' file. You may need the \`Bison' package + in order for those modifications to take effect. You can get + \`Bison' from any GNU archive site." + rm -f y.tab.c y.tab.h + if [ $# -ne 1 ]; then + eval LASTARG="\${$#}" + case "$LASTARG" in + *.y) + SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` + if [ -f "$SRCFILE" ]; then + cp "$SRCFILE" y.tab.c + fi + SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` + if [ -f "$SRCFILE" ]; then + cp "$SRCFILE" y.tab.h + fi + ;; + esac + fi + if [ ! -f y.tab.h ]; then + echo >y.tab.h + fi + if [ ! -f y.tab.c ]; then + echo 'main() { return 0; }' >y.tab.c + fi + ;; + + lex|flex) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified a \`.l' file. You may need the \`Flex' package + in order for those modifications to take effect. You can get + \`Flex' from any GNU archive site." + rm -f lex.yy.c + if [ $# -ne 1 ]; then + eval LASTARG="\${$#}" + case "$LASTARG" in + *.l) + SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` + if [ -f "$SRCFILE" ]; then + cp "$SRCFILE" lex.yy.c + fi + ;; + esac + fi + if [ ! -f lex.yy.c ]; then + echo 'main() { return 0; }' >lex.yy.c + fi + ;; + + makeinfo) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified a \`.texi' or \`.texinfo' file, or any other file + indirectly affecting the aspect of the manual. The spurious + call might also be the consequence of using a buggy \`make' (AIX, + DU, IRIX). You might want to install the \`Texinfo' package or + the \`GNU make' package. Grab either from any GNU archive site." + file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` + if test -z "$file"; then + file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` + file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file` + fi + touch $file + ;; + + *) + echo 1>&2 "\ +WARNING: \`$1' is needed, and you do not seem to have it handy on your + system. You might have modified some files without having the + proper tools for further handling them. Check the \`README' file, + it often tells you about the needed prerequirements for installing + this package. You may also peek at any GNU archive site, in case + some other package would contain this missing \`$1' program." + exit 1 + ;; +esac + +exit 0 Index: /tags/2.5.0/mkinstalldirs =================================================================== --- /tags/2.5.0/mkinstalldirs (revision 189) +++ /tags/2.5.0/mkinstalldirs (revision 189) @@ -0,0 +1,40 @@ +#! /bin/sh +# mkinstalldirs --- make directory hierarchy +# Author: Noah Friedman +# Created: 1993-05-16 +# Public domain + +# $Id: mkinstalldirs,v 1.10 1996/05/03 07:37:52 friedman Exp $ + +errstatus=0 + +for file +do + set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'` + shift + + pathcomp= + for d + do + pathcomp="$pathcomp$d" + case "$pathcomp" in + -* ) pathcomp=./$pathcomp ;; + esac + + if test ! -d "$pathcomp"; then + echo "mkdir $pathcomp" 1>&2 + + mkdir "$pathcomp" || lasterr=$? + + if test ! -d "$pathcomp"; then + errstatus=$lasterr + fi + fi + + pathcomp="$pathcomp/" + done +done + +exit $errstatus + +# mkinstalldirs ends here Index: /tags/2.5.0/rules.deb-light.in =================================================================== --- /tags/2.5.0/rules.deb-light.in (revision 189) +++ /tags/2.5.0/rules.deb-light.in (revision 189) @@ -0,0 +1,105 @@ +#!/usr/bin/make -f +# Samhain debian/rules +# GNU copyright 20001 to 2003 by Javier Fernandez-Sanguino +# based on +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. +# Modified to use mydefargs by Rainer Wichmann. +# + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This is the debhelper compatability version to use. +export DH_COMPAT=1 + +package=@install_name@ + +# CAVEAT: including the --enable-base= option is for packages to be +# distributed INTERNALLY on your network, NOT for packages +# to be distributed to THIRD PARTIES + +build: build-stamp +build-stamp: + dh_testdir + @top_srcdir@/configure @mydefargs@ + $(MAKE) + echo '#!/bin/sh' > ./sstrip + echo 'echo "*** SSTRIP DISABLED ***"' >> ./sstrip + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + -[ -f Makefile ] && $(MAKE) distclean + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + $(MAKE) install-light install-boot DESTDIR=`pwd`/debian/tmp + + # However, remove the rc.d links + -rm -rf `pwd`/debian/tmp/etc/rc?.d + + # Remove samhain_stealth for light install + -rm -f `pwd`/debian/tmp/@sbindir@/@install_name@_stealth + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + + +# Build architecture-dependent files here. +binary-arch: build install +# dh_testversion + dh_testdir + dh_testroot + dh_installdebconf + # dh_installdocs + dh_installmenu + dh_installinit -- defaults 19 + [ -f debian/postinst.debhelper ] && \ + cd debian && \ + cat postinst.debhelper | \ + sed 's%/etc/init.d/@install_name@ start%:%' > postinst.tmp && \ + mv postinst.tmp postinst.debhelper + [ -f debian/postinst.debhelper ] && \ + cd debian && \ + cat postinst.debhelper | \ + sed 's%invoke-rc.d @install_name@ start%:%' > postinst.tmp && \ + mv postinst.tmp postinst.debhelper + [ -f debian/prerm.debhelper ] && \ + cd debian && \ + cat prerm.debhelper | \ + sed 's%/etc/init.d/@install_name@ stop%/etc/init.d/@install_name@ stop || echo service @install_name@ already stopped%' > prerm.tmp && \ + mv prerm.tmp prerm.debhelper + [ -f debian/prerm.debhelper ] && \ + cd debian && \ + cat prerm.debhelper | \ + sed 's%invoke-rc.d @install_name@ stop%invoke-rc.d @install_name@ stop || echo service @install_name@ already stopped%' > prerm.tmp && \ + mv prerm.tmp prerm.debhelper + # dh_installmanpages + # dh_installchangelogs @top_srcdir@/docs/Changelog + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + + +define checkdir + test -f debian/rules +endef + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install + Index: /tags/2.5.0/rules.deb.in =================================================================== --- /tags/2.5.0/rules.deb.in (revision 189) +++ /tags/2.5.0/rules.deb.in (revision 189) @@ -0,0 +1,125 @@ +#!/usr/bin/make -f +# Samhain debian/rules +# GNU copyright 20001 to 2003 by Javier Fernandez-Sanguino +# based on +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. +# Modified to use mydefargs by Rainer Wichmann. +# + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This is the debhelper compatability version to use. +export DH_COMPAT=1 + +package=@install_name@ + +# CAVEAT: including the --enable-base= option is for packages to be +# distributed INTERNALLY on your network, NOT for packages +# to be distributed to THIRD PARTIES + +build: build-stamp +build-stamp: + dh_testdir + @top_srcdir@/configure @mydefargs@ + $(MAKE) + echo '#!/bin/sh' > ./sstrip + echo 'echo "*** SSTRIP DISABLED ***"' >> ./sstrip + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + -[ -f Makefile ] && $(MAKE) distclean + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Fix the permissions + #chmod o-rX `pwd`/debian/tmp/var/log/samhain \ + # `pwd`/debian/tmp/var/run/samhain \ + # `pwd`/debian/tmp/var/state/samhain \ + # `pwd`/debian/tmp/etc/samhain + + $(MAKE) install install-boot DESTDIR=`pwd`/debian/tmp + + # However, remove the rc.d links + -rm -rf `pwd`/debian/tmp/etc/rc?.d + + # install -m 755 encode `pwd`/debian/tmp/usr/bin/samhain_encode + + # install -m 644 profiles/debianlinux_i386/samhainrc `pwd`/debian/tmp@myconffile@ + # install -m 644 debian/samhain.logrotate `pwd`/debian/tmp/etc/logrotate.d/samhain + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + + +# Build architecture-dependent files here. +binary-arch: build install +# dh_testversion + dh_testdir + dh_testroot + dh_installdebconf + dh_installdocs + [ -f debian/tmp/usr/share/doc/@install_name@/MANUAL-2_3.html.tar ] && \ + cd debian/tmp/usr/share/doc/@install_name@ && \ + tar xf MANUAL-2_3.html.tar && mv MANUAL-2_3 manual.html && \ + rm -f MANUAL-2_3.html.tar + dh_installexamples @top_srcdir@/scripts/example_pager.pl \ + @top_srcdir@/scripts/example_sms.pl \ + @top_srcdir@/scripts/concat.pl \ + @top_srcdir@/scripts/samhain.logrotator \ + @top_srcdir@/scripts/samhainadmin.pl \ + @top_srcdir@/scripts/check_samhain.pl \ + @top_srcdir@/yulerc.template \ + @top_srcdir@/samhainrc.linux + dh_installmenu + dh_installinit -- defaults 19 + [ -f debian/postinst.debhelper ] && \ + cd debian && \ + cat postinst.debhelper | \ + sed 's%/etc/init.d/@install_name@ start%:%' > postinst.tmp && \ + mv postinst.tmp postinst.debhelper + [ -f debian/postinst.debhelper ] && \ + cd debian && \ + cat postinst.debhelper | \ + sed 's%invoke-rc.d @install_name@ start%:%' > postinst.tmp && \ + mv postinst.tmp postinst.debhelper + [ -f debian/prerm.debhelper ] && \ + cd debian && \ + cat prerm.debhelper | \ + sed 's%/etc/init.d/@install_name@ stop%/etc/init.d/@install_name@ stop || echo service @install_name@ already stopped%' > prerm.tmp && \ + mv prerm.tmp prerm.debhelper + [ -f debian/prerm.debhelper ] && \ + cd debian && \ + cat prerm.debhelper | \ + sed 's%invoke-rc.d @install_name@ stop%invoke-rc.d @install_name@ stop || echo service @install_name@ already stopped%' > prerm.tmp && \ + mv prerm.tmp prerm.debhelper + # dh_installmanpages + dh_installchangelogs @top_srcdir@/docs/Changelog + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + + +define checkdir + test -f debian/rules +endef + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install + Index: /tags/2.5.0/samhain-install.sh.in =================================================================== --- /tags/2.5.0/samhain-install.sh.in (revision 189) +++ /tags/2.5.0/samhain-install.sh.in (revision 189) @@ -0,0 +1,1550 @@ +#! /bin/sh + +purge= +verbose= +express= +force= +act= + +prefix=@prefix@ +exec_prefix=@exec_prefix@ +sbindir=@sbindir@ +samhain=@install_name@ +mandir=@mandir@ + +sysconfdir=@sysconfdir@ +configfile=@myconffile@ + +pid_file=@mylockfile@ +pid_dir=@mylockdir@ + +data_root=@mydataroot@ +mydatafile=@mydatafile@ + +mylogfile=@mylogfile@ +mylogdir=@mylogdir@ + +myhtmlfile=@myhtmlfile@ + +datarootdir=@datarootdir@ + +INSTALL_SHELL="$0 --install-sh -m 700" +INSTALL_DATA="$0 --install-sh -m 600" + +mkinstalldirs="$0 --mkinstalldirs" + + +DESTDIR= +user= + +# +# Only call rmdir with an absolute path +# +SH_RMDIR=echo +SPATH="/bin:/usr/bin:/sbin:/usr/sbin" +OLD_IFS=${IFS} +IFS=':'; export IFS +for ff in ${SPATH}; do + if test -x $ff/rmdir; then + SH_RMDIR=`eval echo ${ff}/rmdir` + fi +done +IFS=${OLD_IFS}; export IFS + +case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in + *c*,-n*) ECHO_N= ECHO_C=' +' ECHO_T=' ' ;; + *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; + *) ECHO_N= ECHO_C='\c' ECHO_T= ;; +esac + + +if [ x"$1" = x ] +then + echo 'samhain-install.sh [--destdir=DESTDIR][--verbose][--express][--force] action' + echo 'action = install-boot|install-data|install-user' + echo ' uninstall|purge|uninstall-boot' + echo ' uninstall-data|uninstall-man|uninstall-program|uninstall-lkm' + echo 'samhain-install.sh --print-config ' + echo 'item = name | basekey | prefix | exec_prefix | sbin_dir | man_dir' + echo ' config_dir | config_file | pid_dir | log_dir | log_file' + echo ' data_dir | data_file' + exit 1 +fi + +while [ x"$1" != x ]; do + case $1 in + -v|--verbose) verbose=yes + shift + continue;; + + -e|--express) express=yes + shift + continue;; + + -f|--force) force=yes + shift + continue;; + + -d) shift + DESTDIR="$1" + if test "x${DESTDIR}" = "x/"; then + DESTDIR= + fi + shift + continue;; + + --destdir=*) DESTDIR=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` + if test "x${DESTDIR}" = "x/"; then + DESTDIR= + fi + shift + continue;; + + --install-sh) + shift +# install - install a program, script, or datafile +# This comes from X11R5 (mit/util/scripts/install.sh). +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. It can only install one file at a time, a restriction +# shared with many OS's install programs. + + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit="${DOITPROG-}" + + +# put in absolute paths if you don't have them in your path; or use env. vars. + +mvprog="${MVPROG-mv}" +cpprog="${CPPROG-cp}" +chmodprog="${CHMODPROG-chmod}" +chownprog="${CHOWNPROG-chown}" +chgrpprog="${CHGRPPROG-chgrp}" +stripprog="${STRIPPROG-strip}" +rmprog="${RMPROG-rm}" +mkdirprog="${MKDIRPROG-mkdir}" + +transformbasename="" +transform_arg="" +instcmd="$mvprog" +chmodcmd="$chmodprog 0755" +chowncmd="" +chgrpcmd="" +stripcmd="" +rmcmd="$rmprog -f" +mvcmd="$mvprog" +src="" +dst="" +dir_arg="" + +while [ x"$1" != x ]; do + case $1 in + -c) instcmd="$cpprog" + shift + continue;; + + -d) dir_arg=true + shift + continue;; + + -m) chmodcmd="$chmodprog $2" + shift + shift + continue;; + + -o) chowncmd="$chownprog $2" + shift + shift + continue;; + + -g) chgrpcmd="$chgrpprog $2" + shift + shift + continue;; + + -s) stripcmd="$stripprog" + shift + continue;; + + -t=*) transformarg=`echo $1 | sed 's/-t=//'` + shift + continue;; + + -b=*) transformbasename=`echo $1 | sed 's/-b=//'` + shift + continue;; + + *) if [ x"$src" = x ] + then + src=$1 + else + # this colon is to work around a 386BSD /bin/sh bug + : + dst=$1 + fi + shift + continue;; + esac +done + +if [ x"$src" = x ] +then + echo "install: no input file specified" + exit 1 +else + true +fi + +if [ x"$dir_arg" != x ]; then + dst=$src + src="" + + if [ -d $dst ]; then + instcmd=: + else + instcmd=mkdir + fi +else + +# Waiting for this to be detected by the "$instcmd $src $dsttmp" command +# might cause directories to be created, which would be especially bad +# if $src (and thus $dsttmp) contains '*'. + + if [ -f $src -o -d $src ] + then + true + else + echo "install: $src does not exist" + exit 1 + fi + + if [ x"$dst" = x ] + then + echo "install: no destination specified" + exit 1 + else + true + fi + +# If destination is a directory, append the input filename; if your system +# does not like double slashes in filenames, you may need to add some logic + + if [ -d $dst ] + then + dst="$dst"/`basename $src` + else + true + fi +fi + +## this sed command emulates the dirname command +dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` + +# Make sure that the destination directory exists. +# this part is taken from Noah Friedman's mkinstalldirs script + +# Skip lots of stat calls in the usual case. +if [ ! -d "$dstdir" ]; then +defaultIFS=' +' +IFS="${IFS-${defaultIFS}}" + +oIFS="${IFS}" +# Some sh's can't handle IFS=/ for some reason. +IFS='%' +set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` +IFS="${oIFS}" + +pathcomp='' + +while [ $# -ne 0 ] ; do + pathcomp="${pathcomp}${1}" + shift + + if [ ! -d "${pathcomp}" ] ; + then + $mkdirprog "${pathcomp}" + else + true + fi + + pathcomp="${pathcomp}/" +done +fi + +if [ x"$dir_arg" != x ] +then + $doit $instcmd $dst && + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi +else + +# If we're going to rename the final executable, determine the name now. + + if [ x"$transformarg" = x ] + then + dstfile=`basename $dst` + else + dstfile=`basename $dst $transformbasename | + sed $transformarg`$transformbasename + fi + +# don't allow the sed command to completely eliminate the filename + + if [ x"$dstfile" = x ] + then + dstfile=`basename $dst` + else + true + fi + +# Make a temp file name in the proper directory. + + dsttmp=$dstdir/#inst.$$# + +# Move or copy the file name to the temp name + + $doit $instcmd $src $dsttmp && + + trap "rm -f ${dsttmp}" 0 && + +# and set any options; do chmod last to preserve setuid bits + +# If any of these fail, we abort the whole thing. If we want to +# ignore errors from any of these, just make sure not to ignore +# errors from the above "$doit $instcmd $src $dsttmp" command. + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && + +# Now rename the file to the real destination. + + $doit $rmcmd -f $dstdir/$dstfile && + $doit $mvcmd $dsttmp $dstdir/$dstfile + +fi && + + +exit 0 + # ----- END OF INSTALL-SH ----- + ;; + + --mkinstalldirs) + shift + # mkinstalldirs --- make directory hierarchy + # Author: Noah Friedman + # Created: 1993-05-16 + # Public domain + # $Id: mkinstalldirs,v 1.10 1996/05/03 07:37:52 friedman Exp $ + errstatus=0 + for file + do + set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'` + shift + pathcomp= + for d + do + pathcomp="$pathcomp$d" + case "$pathcomp" in + -* ) pathcomp=./$pathcomp ;; + esac + + if test ! -d "$pathcomp"; then + echo "mkdir $pathcomp" 1>&2 + + mkdir "$pathcomp" || lasterr=$? + + if test ! -d "$pathcomp"; then + errstatus=$lasterr + fi + fi + + pathcomp="$pathcomp/" + done + done + exit $errstatus + # mkinstalldirs ends here + ;; + + install-deploy) + if test -f ./samhainrc.USEME + then + tmpconfigfile=`echo ${configfile} | sed 's%^REQ_FROM_SERVER%%'` + if test x"${tmpconfigfile}" = x + then + echo " No local path for configfile defined." + exit 0 + else + cp samhainrc.USEME "${tmpconfigfile}" && chmod 0600 "${tmpconfigfile}" + fi + fi + if test -f postinstall.USEME + then + /bin/sh ./postinstall.USEME + fi + exit 0 + ;; + + print-config|--print-config) + shift + pwhat=$1 + if test x"$1" = x + then + echo "$0: Missing argument to print-config" + exit 1 + fi + case $pwhat in + basekey) + echo "@mykeybase@" + ;; + + prefix) + echo $prefix + ;; + + exec_prefix) + echo $exec_prefix + ;; + + sbin_dir) + echo $sbindir + ;; + + name) + echo $samhain + ;; + + man_dir) + echo $mandir + ;; + + config_dir) + echo $sysconfdir + ;; + + config_file) + echo $configfile | sed 's%^REQ_FROM_SERVER%%' + ;; + + pid_file) + echo ${pid_file} + ;; + + pid_dir) + echo ${pid_dir} + ;; + + data_dir) + echo @mydataroot@ + ;; + + data_file) + echo @mydatafile@ | sed 's%^REQ_FROM_SERVER%%' + ;; + + log_file) + echo @mylogfile@ + ;; + + log_dir) + echo @mylogdir@ + ;; + + *) + echo "$0: Unknown item \"$pwhat\"" + exit 1 + ;; + esac + exit 0 + ;; + + install-user) + act=user + shift + user=$1 + break;; + + install-boot) + act=boot + break;; + + uninstall-boot) + act=uboot + break;; + + install-data) + act=data + break;; + + uninstall-data) + act=udata + break;; + + uninstall-man) + act=uman + break;; + + uninstall-program) + act=uprogram + break;; + + uninstall-lkm) + act=ulkm + break;; + + uninstall | remove | purge) + opts= + test x"$verbose" = "xyes" && opts="$opts --verbose" + test x"$express" = "xyes" && opts="$opts --express" + test x"$force" = "xyes" && opts="$opts --force" + test x"$DESTDIR" = "x" || opts="$opts --destdir=$DESTDIR" + test x"$1" = "xpurge" && purge=yes + echo "$0 $opts uninstall-lkm" + eval $0 $opts uninstall-lkm + echo "$0 $opts uninstall-program" + eval $0 $opts uninstall-program + echo "$0 $opts uninstall-man" + eval $0 $opts uninstall-man + if test x"$force" = "x"; then + test "x$purge" = xyes && opts="$opts --force" + fi + echo "$0 $opts uninstall-data" + eval $0 $opts uninstall-data + echo + echo " To uninstall the runlevel scripts, use $0 $opts uninstall-boot" + echo + exit 0 + ;; + *) + echo "Unknown option $1" + exit 1 + ;; + + esac +done + +if test x"$act" = xuser +then + +# -- the routines for installing a new user are adapted from +# the OpenPKG bootstrap installation script, which is distributed +# under the following license: + +## Shell-based package for OpenPKG BINARY bootstrap installation +## Copyright (c) 2000-2002 Cable & Wireless Deutschland GmbH +## Copyright (c) 2000-2002 The OpenPKG Project +## Copyright (c) 2000-2002 Ralf S. Engelschall +## +## Permission to use, copy, modify, and distribute this software for +## any purpose with or without fee is hereby granted, provided that +## the above copyright notice and this permission notice appear in all +## copies. +## +## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED +## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR +## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +## SUCH DAMAGE. + + if test x"$user" = x + then + echo "**ERROR**: No username specified" + exit 1 + fi + + s=`uname -s 2>/dev/null` || s='Unknown' + r=`uname -r 2>/dev/null` || r='0.0' + platform="${s}/${r}" + + if test x"$user" = xnobody; then + case "$platform" in + HP-UX/* ) + group="nogroup" + ;; + *) + group="nobody" + ;; + esac + else + group="$user" + fi + shell=/bin/false + if test -f /etc/shells + then + grep "^/usr/bin/false" /etc/shells >/dev/null 2>&1 && shell=/usr/bin/false + grep "^/bin/nologin" /etc/shells >/dev/null 2>&1 && shell=/bin/nologin + grep "^/sbin/nologin" /etc/shells >/dev/null 2>&1 && shell=/sbin/nologin + fi + home="${data_root}" + + xuid=`(cat /etc/passwd; ypcat passwd) 2>/dev/null |\ + grep "^${user}:" | awk -F: '{ print $3; }'` + if test "x$xuid" = x + then + # seek for a reasonable uid/gid pair + xuid=1000 + ok=0 + while test "x$ok" = x0 + do + eval "u_exists=\$u_exists_$xuid" + if test "x$u_exists" = x + then + u_exists=`(cat /etc/passwd; ypcat passwd) 2>/dev/null | grep "^[^:]*:[^:]*:$xuid:"` + fi + eval "g_exists=\$g_exists_$xuid" + if test "x$g_exists" = x + then + g_exists=`(cat /etc/group; ypcat group) 2>/dev/null | grep "^[^:]*:[^:]*:$xuid:"` + fi + if [ "x$u_exists" = x -a "x$g_exists" = x ]; then + ok=1 + break + fi + xuid=`expr $xuid + 1` + done + eval "u_exists_$xuid=yes" + eval "g_exists_$xuid=yes" + else + # user exists + xgid=`(cat /etc/passwd; ypcat passwd) 2>/dev/null |\ + grep "^${user}:" | awk -F: '{ print $4; }'` + fi + + if test "x$xgid" = x + then + xgid=`(cat /etc/group; ypcat group) 2>/dev/null |\ + grep "^${group}:" | awk -F: '{ print $3; }'` + fi + + if test "x$xgid" = x + then + xgid="$xuid" + g_exists=no + else + g_exists=yes + fi + + uid=$xuid + gid=$xgid + + if test -f /etc/shells + then + exists=`cat /etc/shells 2>/dev/null | grep "^$shell"` + if test "x$exists" = x; then + echo "${shell}" >>/etc/shells + test -z "$verbose" || echo " Added ${shell} to /etc/shells" + fi + fi + + exists=`(cat /etc/passwd; ypcat passwd) 2>/dev/null | grep "^$user:"` + if test x"$exists" = x; then + # add entry to passwd database + realname="$user" + case "$platform" in + FreeBSD/* | NetBSD/* | OpenBSD/* ) + file=/etc/master.passwd + entry="${user}:*:${uid}:${gid}::0:0:${realname}:${home}:${shell}" + update="(PATH=\$PATH:/usr/sbin; pwd_mkdb -p /etc/master.passwd)" + break + ;; + Linux/* ) + file=/etc/passwd + entry="${user}:*:${uid}:${gid}:${realname}:${home}:${shell}" + update="(PATH=\$PATH:/usr/sbin; pwconv)" + break + ;; + SunOS/5.* ) + file=/etc/passwd + entry="${user}:*:${uid}:${gid}:${realname}:${home}:${shell}" + update="(PATH=\$PATH:/usr/sbin; pwconv)" + break + ;; + OSF1/V5.* ) + file=/etc/passwd + entry="${user}:*:${uid}:${gid}:${realname}:${home}:${shell}" + update="(PATH=\$PATH:/usr/sbin; mkpasswd /etc/passwd)" + break + ;; + HP-UX/* ) + file=/etc/passwd + entry="${user}:*:${uid}:${gid}:${realname}:${home}:${shell}" + update=":" + break + ;; + IRIX*/* ) + file=/etc/passwd + entry="${user}:*:${uid}:${gid}:${realname}:${home}:${shell}" + update=":" + break + ;; + *) + echo "install-user: Unsupported system $platform" + echo "Please add user $user / group $group manually" + echo " and re-run make install-user" + exit 1 + ;; + esac + cp $file $file.bak && \ + (grep -v '^+:' $file.bak; echo $entry; grep '^+:' $file.bak) >$file + rm -f $file.bak >/dev/null 2>&1 + eval $update + test -z "$verbose" || echo " Added user: ${user} uid: ${uid} shell: ${shell}" + else + test -z "$verbose" || echo " User ${user} exists already" + fi + + # check whether group already exists + # FIXME + exists=`(cat /etc/group; ypcat group) 2>/dev/null | grep "^$group:"` + if test x"$exists" = x + then + # + # user has a valid GID + # + if test g_exists = xyes; then + exists=yes + fi + fi + if test x"$exists" = x + then + # add entry to group database + file=/etc/group + entry="${group}:*:${gid}:${user}" + cp $file $file.bak && \ + (grep -v '^+:' $file.bak; echo $entry; grep '^+:' $file.bak) >$file + rm -f $file.bak >/dev/null 2>&1 + test -z "$verbose" || echo " Added group: ${group} gid: ${gid} user: ${user}" + fi + + exit 0 +fi + +if test x"$act" = xboot || test x"$act" = xuboot +then + s=`uname -s 2>/dev/null` || s='Unknown' + r=`uname -r 2>/dev/null` || r='0.0' + platform="${s}/${r}" + + case "$platform" in + Darwin/*) + DVER="MACOSX" + test -z "$verbose" || echo "MacOS X system detected" + rc_main="/Library/StartupItems/${samhain}" + ${mkinstalldirs} ${rc_main} + rc_dirz= + rc_inst="(cd /Library/StartupItems/${samhain} && echo '{' >StartupParameters.plist && echo ' Description = \"@install_name@\";' >>StartupParameters.plist && echo ' Provides = (\"@install_name@\");' >>StartupParameters.plist && echo ' Requires = (\"Network\");' >>StartupParameters.plist && echo ' OrderPreference = \"Last\";' >>StartupParameters.plist && echo '}' >>StartupParameters.plist && chmod 644 StartupParameters.plist; )" + rc_uinst="rm -rf /Library/StartupItems/@install_name@" + ;; + + IRIX*/*) + DVER="IRIX" + test -z "$verbose" || echo " IRIX system detected" + rc_main=${DESTDIR}/etc/init.d + rc_dirz= + rc_inst="chmod 755 /etc/init.d/@install_name@; chown root /etc/init.d/@install_name@; chkconfig -f @install_name@ on; (cd /etc; ln -f -s init.d/@install_name@ rc2.d/S99@install_name@; ln -f -s init.d/@install_name@ rc0.d/K10@install_name@; )" + rc_uinst="rm -f /etc/init.d/@install_name@; rm -f /etc/rc2.d/S99@install_name@; rm -f /etc/rc0.d/K10@install_name@; chkconfig @install_name@ off" + ;; + + AIX/*) + DVER="AIX" + test -z "$verbose" || echo " AIX system detected" + ln -f -s @sbindir@/@install_name@ samhain.startAIX + rc_main=@sbindir@ + rc_dirz= + rc_inst="/usr/sbin/mkitab -i '@install_name@:2:wait:@sbindir@/@install_name@ start >/dev/console 2>&1'" + rc_uinst="/usr/sbin/rmitab @install_name@" + ;; + + HP-UX/*) + DVER="HPUX" + test -z "$verbose" || echo " HP-UX system detected" + rc_main=${DESTDIR}/sbin/init.d + rc_dirz= + rc_inst="chmod 555 /sbin/init.d/@install_name@; chown bin:bin /sbin/init.d/@install_name@; (cd /sbin && ln -f -s /sbin/init.d/@install_name@ rc2.d/S900@install_name@ && ln -f -s /sbin/init.d/@install_name@ rc1.d/K100@install_name@; )" + rc_uinst="rm -f /sbin/init.d/@install_name@; rm -f /sbin/rc2.d/S900@install_name@; rm -f /sbin/rc1.d/K100@install_name@" + ;; + + OpenBSD/*) + test -z "$verbose" || echo " OpenBSD system detected" + grep '^## begin @install_name@' /etc/rc.local >/dev/null 2>&1 + if [ $? -eq 0 ]; then + RCLOCALTMP=`mktemp /etc/rc.local.XXXXXXXXXX` || exit 1 + sed "/^## begin @install_name@/,/^## end @install_name@/d" /etc/rc.local >$RCLOCALTMP || exit 1 + cat $RCLOCALTMP >/etc/rc.local || exit 1 + rm -f $RCLOCALTMP || exit 1 + if test x"$act" = xuboot; then + echo " uninstalling from /etc/rc.local completed" + fi + fi + if test x"$act" = xboot; then + echo "## begin @install_name@" >>/etc/rc.local || exit 1 + echo "if [ -x @sbindir@/@install_name@ ]; then" >>/etc/rc.local || exit 1 + echo " @sbindir@/@install_name@ start" >>/etc/rc.local || exit 1 + echo "fi" >>/etc/rc.local || exit 1 + echo "## end @install_name@" >>/etc/rc.local || exit 1 + echo " installing to /etc/rc.local completed" + fi + exit 0 + ;; + + NetBSD/*) + test -z "$verbose" || echo " NetBSD system detected" + if test -f /etc/rc.subr; then + DVER="FreeBSD" + rc_main=${DESTDIR}/etc/rc.d + rc_dirz= + rc_inst="chmod 755 /etc/rc.d/@install_name@" + rc_uinst="rm -f /etc/rc.d/@install_name@" + else + echo "${0}: unsupported platform ${platform} (too old)" + exit 1 + fi + ;; + + FreeBSD/* ) + test -z "$verbose" || echo " FreeBSD system detected" + if test -f /etc/rc.subr; then + DVER="FreeBSD" + rc_main=${DESTDIR}/etc/rc.d + rc_dirz= + rc_inst="chmod 755 /etc/rc.d/@install_name@" + rc_uinst="rm -f /etc/rc.d/@install_name@" + else + DVER="Solaris" + rc_main=${DESTDIR}/usr/local/etc/rc.d + rc_dirz= + rc_inst="mv /usr/local/etc/rc.d/@install_name@ /usr/local/etc/rc.d/@install_name@.sh && chmod 755 /usr/local/etc/rc.d/@install_name@.sh" + rc_uinst="rm -f /usr/local/etc/rc.d/@install_name@.sh" + fi + if test x"$act" = xboot + then + if [ ! -d ${rc_main} ]; then + test x"$act" = xboot && mkdir ${rc_main} + fi + if test "x$DVER" = "xSolaris"; then + ( . /etc/defaults/rc.conf + . /etc/rc.conf + found=0 + for p in ${local_startup-x}; do + if test "x$p" = "x${rc_main}"; then + found=1 + break + fi + done + if test "x$found" = x0; then + cp -p /etc/rc.conf /etc/rc.conf.bak + ( + grep -v local_startup /etc/rc.conf.bak + echo "local_startup=\"${rc_main} $local_startup\"" + ) >/etc/rc.conf + fi + ) + fi + fi + ;; + + SunOS/5.* ) + DVER="Solaris" + DVER_REAL="Solaris" + test -z "$verbose" || echo " Solaris system detected" + rc_dirz= + rc_main=${DESTDIR}/etc/init.d + rc_inst="chmod 755 ${DESTDIR}/etc/init.d/@install_name@; chown root:sys ${DESTDIR}/etc/init.d/@install_name@; (cd ${DESTDIR}/etc; ln init.d/@install_name@ rc3.d/S99@install_name@; ln init.d/@install_name@ rc0.d/K10@install_name@; ln init.d/@install_name@ rc1.d/K10@install_name@; )" + rc_uinst="rm -f ${DESTDIR}/etc/init.d/@install_name@; rm -f ${DESTDIR}/etc/rc0.d/K10@install_name@; rm -f ${DESTDIR}/etc/rc1.d/K10@install_name@; rm -f ${DESTDIR}/etc/rc3.d/S99@install_name@" + ;; + + Linux/*) + rlv="2 3 4 5" + linkopt="-f -s" + # find rc directories + if test -f /usr/lib/lsb/install_initd && test -d /etc/init.d + then + test -z "$verbose" || echo " Linux Standard Base system detected" + DVER=LSB + if test x"$DESTDIR" = x + then + rc_main=/etc/init.d + rc_dirz= + rc_inst="/usr/lib/lsb/install_initd /etc/init.d/@install_name@" + rc_uinst="/usr/lib/lsb/remove_initd /etc/init.d/@install_name@" + else + rc_inst= + rc_uinst= + rc_main=${DESTDIR}/etc/init.d + rc_dirz= + # test -d /etc/init.d/rc2.d && rc_dirz=${DESTDIR}/etc/init.d/rc + # test -d /etc/rc.d/rc2.d && rc_dirz=${DESTDIR}/etc/rc.d/rc + # test -d /etc/rc2.d && rc_dirz=${DESTDIR}/etc/rc + fi + elif test -f /etc/SuSE-release + then + test -z "$verbose" || echo " SuSE system detected" + DVER="Linux" + rc_inst= + rc_uinst= + if test -d /sbin/init.d && test -d /sbin/init.d/rc2.d + then + test -z "$verbose" || echo " SuSE 6.x system detected" + rc_main=${DESTDIR}/sbin/init.d + rc_dirz=${DESTDIR}/sbin/init.d/rc + elif test -d /etc/init.d && test -d /etc/init.d/rc2.d + then + test -z "$verbose" || echo " SuSE 7.x or newer detected" + rc_main=${DESTDIR}/etc/init.d + rc_dirz=${DESTDIR}/etc/init.d/rc + else + echo "${0}: unknown system" + exit 1 + fi + elif test -d /sbin/init.d && test -d /sbin/init.d/rc2.d + then + DVER="Linux" + rc_inst= + rc_uinst= + test -z "$verbose" || echo " SuSE 5.x system detected" + rc_main=${DESTDIR}/sbin/init.d + rc_dirz=${DESTDIR}/sbin/init.d/rc + elif test -f /etc/debian_version + then + DVER="Linux" + test -z "$verbose" || echo " Debian based system detected" + if test x"$DESTDIR" = x + then + rc_main=/etc/init.d + rc_dirz= + rc_uinst="/usr/sbin/update-rc.d -f @install_name@ remove" + rc_inst="/usr/sbin/update-rc.d @install_name@ defaults 99 10" + else + rc_inst= + rc_uinst= + rc_main=${DESTDIR}/etc/init.d + # rc_dirz=${DESTDIR}/etc/rc + rc_dirz= + fi + elif test -f /etc/redhat-release + then + DVER="Linux" + test -z "$verbose" || echo " Redhat based system detected" + rc_uinst= + rc_inst= + rc_main=${DESTDIR}/etc/rc.d/init.d + rc_dirz=${DESTDIR}/etc/rc.d/rc + elif test -f /etc/mandrake-release + then + DVER="Linux" + test -z "$verbose" || echo " Mandrake based system detected" + rc_uinst= + rc_inst= + rc_main=${DESTDIR}/etc/rc.d/init.d + rc_dirz=${DESTDIR}/etc/rc.d/rc + elif test -f /etc/yellowdog-release + then + DVER="Linux" + test -z "$verbose" || echo " Yellow Dog based system detected" + rc_uinst= + rc_inst= + rc_main=${DESTDIR}/etc/rc.d/init.d + rc_dirz=${DESTDIR}/etc/rc.d/rc + elif test -f /etc/slackware-version && test -f /etc/rc.d/rc.sysvinit + then + DVER="Linux" + test -z "$verbose" || echo " Slackware based system detected" + rc_uinst= + rc_inst= + rc_main=${DESTDIR}/etc/rc.d + rc_dirz=${DESTDIR}/etc/rc.d/rc + elif test -f /etc/gentoo-release + then + DVER="Gentoo" + test -z "$verbose" || echo " Gentoo based system detected" + rc_uinst="/sbin/rc-update del @install_name@" + rc_inst="/sbin/rc-update add @install_name@ default" + rc_main=${DESTDIR}/etc/init.d + rc_dirz= + else + echo "${0}: unknown Linux distribution" + rc_uinst= + rc_inst= + rc_main= + rc_dirz= + for ff in /etc/rc.d/init.d /etc/init.d /sbin/init.d; do + if test -d $ff; then + rc_main="$ff" + break + fi + done + for fg in /etc/rc.d/rc2.d /etc/rc2.d /sbin/init.d/rc2.d; do + if test -d $fg; then + rc_dirz="`echo $fg | sed -e 's,2.*,,'`" + break + fi + done + if [ x"${rc_dirz}" = x ]; then + echo "${0}: no install directory for runlevel scripts found" + exit 1 + fi + if [ x"${rc_main}" = x ]; then + echo "${0}: no install directory for runlevel scripts found" + exit 1 + fi + DVER="Linux" + rc_main="${DESTDIR}${rc_main}" + rc_dirz="${DESTDIR}${rc_dirz}" + fi + ;; + + *) + echo "${0}: unsupported platform ${platform}" + exit 1 + ;; + esac + + if test x"${rc_main}" = x + then + echo "${0}: no install directory for runlevel scripts found" + exit 1 + fi + + if test x"${act}" = xboot + then + + startscript=NONE + if test -f init/samhain.start${DVER} + then + startscript=`eval echo init/samhain.start${DVER}` + elif test -f samhain.start${DVER} + then + startscript=`eval echo samhain.start${DVER}` + else + echo "${0}: cannot find samhain.start${DVER} in ./ or ./init" + exit 1 + fi + + if test "x${startscript}" = xNONE; then + echo "${0}: cannot find samhain.start${DVER} in ./ or ./init" + exit 1 + else + if test -f ${rc_main}/${samhain} && test x"$force" != xyes + then + echo " ${rc_main}/${samhain} exists ... not overwritten (or use --force)" + else + if test x"$DESTDIR" = x + then + : + else + ${mkinstalldirs} ${rc_main} + # + if test x"${DVER_REAL}" = xSolaris; then + ${mkinstalldirs} ${DESTDIR}/etc/rc0.d + ${mkinstalldirs} ${DESTDIR}/etc/rc1.d + ${mkinstalldirs} ${DESTDIR}/etc/rc3.d + fi + # + fi + test -z "$verbose" || echo " ${INSTALL_SHELL} ${startscript} ${rc_main}/${samhain}" + if test -f "@INSTALL@"; then + ${INSTALL_SHELL} ${startscript} ${rc_main}/${samhain} + else + cp ${startscript} ${rc_main}/${samhain} && chmod 0700 ${rc_main}/${samhain} + fi + fi + fi + + + if test x"${rc_dirz}" != x + then + for ff in $rlv + do + if test x"${DESTDIR}" = x + then + rldir="${rc_dirz}${ff}.d/" + test -z "$verbose" || echo " cd ${rldir} && ln ${linkopt} ${rc_main}/${samhain} S99${samhain}" + (cd ${rldir} && ln ${linkopt} ${rc_main}/${samhain} S99${samhain}) + test -z "$verbose" || echo " cd ${rldir} && ln ${linkopt} ${rc_main}/${samhain} K10${samhain}" + (cd ${rldir} && ln ${linkopt} ${rc_main}/${samhain} K10${samhain}) + else + : + # ${mkinstalldirs} ${rc_dirz}${ff}.d + fi + + + done + fi + + if test x"${rc_inst}" != x + then + if test x"${DESTDIR}" = x + then + test -z "$verbose" || echo " ${rc_inst}" + eval ${rc_inst} + fi + fi + echo "installing init scripts completed" + fi + + if test x"${act}" = xuboot + then + if test x"${rc_uinst}" != x + then + test -z "$verbose" || echo " ${rc_uinst}" + echo + eval ${rc_uinst} + fi + + if test x"${rc_dirz}" != x + then + for ff in $rlv + do + test -z "$verbose" || echo " rm -f ${rc_dirz}${ff}.d/S99${samhain}" + rm -f ${rc_dirz}${ff}.d/S99${samhain} + test -z "$verbose" || echo " rm -f ${rc_dirz}${ff}.d/S99${samhain}" + rm -f ${rc_dirz}${ff}.d/K10${samhain} + done + fi + + test -z "$verbose" || echo " rm -f ${rc_main}/${samhain}" + rm -f ${rc_main}/${samhain} + + echo " uninstalling init scripts completed" + fi + + # boot_install|boot_uninstall completed + exit 0 +fi + +if test x"${act}" = xulkm +then + RVER=`uname -r` + if test "x@sh_lkm@" != "x"; then + if test -d /lib/modules/$RVER; then + MODDIR="/lib/modules/$RVER" + elif test -d /lib/modules/misc; then + MODDIR="/lib/modules/misc" + elif test -d /lib/modules; then + MODDIR="/lib/modules/misc" + fi + # -- NEW -- + ALLMODS="@sh_lkm@" + for p in $ALLMODS; do + test -z "$verbose" || echo " rm -f ${DESTDIR}${MODDIR}/`echo $p|sed ' +s%samhain%@install_name@%'`" + rm -f ${DESTDIR}${MODDIR}/`echo $p|sed 's%samhain%@install_name@%'` + done + fi +fi + +if test x"${act}" = xuprogram +then + PROGRAMS="@setpwd_prg@ @stegin_prg@ @yulectl_prg@ @sh_main_prg@" + for p in $PROGRAMS; do + test -z "$verbose" || echo " rm -f ${DESTDIR}${sbindir}/`echo $p|sed 's%samhain%@install_name@%'|sed 's%yule%@install_name@%'`" + rm -f ${DESTDIR}${sbindir}/`echo $p|sed 's%samhain%@install_name@%'|sed 's%yule%@install_name@%'` + done + test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${sbindir} ... $ECHO_C" + ${SH_RMDIR} ${DESTDIR}${sbindir} >/dev/null 2>&1 + if test x$? = x0; then + test -z "$verbose" || echo "${ECHO_T}done" + else + test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" + fi + exit 0 +fi + +if test x"${act}" = xuman +then + test -z "$verbose" || echo " rm -f ${DESTDIR}${mandir}/man8/@install_name@.8" + rm -f ${DESTDIR}${mandir}/man8/@install_name@.8 + test -z "$verbose" || echo " rm -f ${DESTDIR}${mandir}/man5/@install_name@rc.5" + rm -f ${DESTDIR}${mandir}/man5/@install_name@rc.5 + + OLD_IFS=${IFS} + IFS=':'; export IFS + for ff in ${MANPATH}; do + if test x"$ff/man8" = x"${DESTDIR}${mandir}/man8"; then + echo " man directory ${DESTDIR}${mandir} is in your MANPATH" + echo " -- will not try to remove" + IFS=${OLD_IFS}; export IFS + exit 0 + fi + done + IFS=${OLD_IFS}; export IFS + + test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${mandir}/man8 ... $ECHO_C" + ${SH_RMDIR} ${DESTDIR}${mandir}/man8 >/dev/null 2>&1 + if test x$? = x0; then + test -z "$verbose" || echo "${ECHO_T}done" + else + test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" + fi + + test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${mandir}/man5 ... $ECHO_C" + ${SH_RMDIR} ${DESTDIR}${mandir}/man5 >/dev/null 2>&1 + if test x$? = x0; then + test -z "$verbose" || echo "${ECHO_T}done" + else + test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" + fi + + test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${mandir} ... $ECHO_C" + ${SH_RMDIR} ${DESTDIR}${mandir} >/dev/null 2>&1 + if test x$? = x0; then + test -z "$verbose" || echo "${ECHO_T}done" + else + test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" + fi + + exit 0 +fi + +if test x"${act}" = xudata +then + test -z "$verbose" || echo " rm -f ${DESTDIR}`echo ${mydatafile}|sed s%REQ_FROM_SERVER%%`" + rm -f ${DESTDIR}`echo ${mydatafile}|sed s%REQ_FROM_SERVER%%` + test -z "$verbose" || echo " rm -f ${DESTDIR}${pid_file}" + rm -f ${DESTDIR}${pid_file} + test -z "$verbose" || echo " rm -f ${DESTDIR}${mylogfile}" + rm -f ${DESTDIR}${mylogfile} + test -z "$verbose" || echo " rm -f ${DESTDIR}${myhtmlfile}" + rm -f ${DESTDIR}${myhtmlfile} + + test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${pid_dir} ... $ECHO_C" + ${SH_RMDIR} ${DESTDIR}${pid_dir} >/dev/null 2>&1 + if test x$? = x0; then + test -z "$verbose" || echo "${ECHO_T}done" + else + test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" + fi + + test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${mylogdir} ... $ECHO_C" + ${SH_RMDIR} ${DESTDIR}${mylogdir} >/dev/null 2>&1 + if test x$? = x0; then + test -z "$verbose" || echo "${ECHO_T}done" + else + test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" + fi + + test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${data_root} ... $ECHO_C" + ${SH_RMDIR} ${DESTDIR}${data_root} >/dev/null 2>&1 + if test x$? = x0; then + test -z "$verbose" || echo "${ECHO_T}done" + else + test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" + fi + + if test x"$force" = "xyes" + then + test -z "$verbose" || echo " rm -f ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%`" + rm -f ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%` + elif test x"$purge" = "xyes" + then + test -z "$verbose" || echo " rm -f ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%`" + rm -f ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%` + elif test x"$express" = x; then + echo " Do you want to remove the configuration file [y/n] ?" + while [ "1" = "1" ]; do + read ff + case "$ff" in + Y* | y* ) + test -z "$verbose" || echo " rm -f ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%`" + rm -f ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%` + break + ;; + N* | n* ) + test -z "$verbose" || echo " ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%` NOT removed" + break + ;; + *) + echo " Enter y[es] or n[o]" + ;; + esac + done + else + test -z "$verbose" || echo " NOT REMOVED: config file ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%` (use --force to remove)" + fi + + test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${sysconfdir} ... $ECHO_C" + ${SH_RMDIR} ${DESTDIR}${sysconfdir} >/dev/null 2>&1 + if test x$? = x0; then + test -z "$verbose" || echo "${ECHO_T}done" + else + test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" + fi + + exit 0 +fi + +if test x"${act}" = xdata +then + STEGIN=@stegin_prg@ + CONVERT= + + GPGPATH=@mygpg@ + + NTEST=@mytclient@ + + if test x"${NTEST}" = "x-DSH_WITH_SERVER" + then + RCFILE=yulerc + if test -f $RCFILE + then + : + else + if test -f yulerc.template + then + cp yulerc.template $RCFILE + fi + fi + else + RCFILE=samhainrc + IN_RCFILE=samhainrc.@selectconfig@ + + if test -f ${RCFILE} + then + : + else + if test -f ${IN_RCFILE} + then + test -z "$verbose" || echo " cp ${IN_RCFILE} ${RCFILE}" + cp ${IN_RCFILE} ${RCFILE} + fi + fi + fi + + if test -f $RCFILE + then + : + else + echo "${0}: cannot find configuration file $RCFILE" + exit 1 + fi + + if test x"${GPGPATH}" != x + then + echo + echo "You need to sign the config file now" + echo + test -z "$verbose" || echo " ${GPGPATH} -a --clearsign $RCFILE" + if test x"${NTEST}" = "x-DSH_WITH_SERVER" + then + myident_uid=`(cat /etc/passwd; ypcat passwd) 2>/dev/null |\ + grep "^${samhain}:" | awk -F: '{ print $3; }'` + if test x"${myident_uid}" != x + then + DOT_GNUPG=`eval echo ~${samhain}/.gnupg` + test -z "$verbose" || echo " using --homedir ${DOT_GNUPG}" + ${GPGPATH} --homedir ${DOT_GNUPG} -a --clearsign $RCFILE + else + ${GPGPATH} -a --clearsign $RCFILE + fi + else + ${GPGPATH} -a --clearsign $RCFILE + fi + + if test -f ${RCFILE}.asc + then + test -z "$verbose" || echo " mv -f ${RCFILE}.asc samhainrc.pre" + mv -f ${RCFILE}.asc samhainrc.pre + else + echo "**********************************************************" + echo + echo "${0}: ERROR: cannot find signed file ${RCFILE}.asc" + echo + echo " --- You need to sign the configuration file ---" + echo + echo "**********************************************************" + cp ${RCFILE} samhainrc.pre + fi + else + test -z "$verbose" || echo " cp $RCFILE samhainrc.pre" + cp $RCFILE samhainrc.pre + fi + + if test x"${STEGIN}" != x + then + test -z "$verbose" || echo " searching for ImageMagick convert utility" + OPATH=${PATH} + PATH="/usr/local/bin:/usr/X11R6/bin:"${PATH} + + OIFS=${IFS} + IFS=":" + + for dd in ${PATH} + do + if test -f "${dd}/convert" + then + "${dd}/convert" --help | grep ImageMagick >/dev/null 2>&1 && \ + CONVERT="${dd}/convert" + test -z "$verbose" || echo " CONVERT=${dd}/convert" + fi + done + + IFS=${OIFS} + + if test x"${CONVERT}" = x + then + echo "${0}: cannot find ImageMagick convert utility in PATH=${PATH}" + exit 1 + fi + + PATH=${OPATH} + + if test -f stealth_template.jpg + then + test -z "$verbose" || echo " ${CONVERT} +compress stealth_template.jpg stealth_template.ps" + "${CONVERT}" +compress stealth_template.jpg stealth_template.ps + else + echo "${0}: cannot find file stealth_template.jpg" + exit 1 + fi + + + if test -f stealth_template.ps + then + : + else + echo "${0}: file stealth_template.ps not created" + exit 1 + fi + + if test -f samhainrc.pre + then + : + else + echo "${0}: cannot find configuration file samhainrc.pre" + exit 1 + fi + + if test -f ./samhain_stealth + then + : + else + echo "${0}: cannot find utility ./samhain_stealth" + exit 1 + fi + + ccount=`./samhain_stealth -o samhainrc.pre 2>&1 | awk '{ print $1 }'` + mcount=`./samhain_stealth -i stealth_template.ps 2>&1 | awk '{ print $7 }'` + + if test ${mcount} -lt ${ccount} + then + echo "${0}: configuration file samhainrc too big," + echo " need a larger image stealth_template.jpg to store" + exit 1 + fi + + test -z "$verbose" || echo " ./samhain_stealth -s stealth_template.ps samhainrc.pre" + ./samhain_stealth -s stealth_template.ps samhainrc.pre + + test -z "$verbose" || echo " mv -f stealth_template.ps samhainrc.install" + mv -f stealth_template.ps samhainrc.install + else + test -z "$verbose" || echo " mv -f samhainrc.pre samhainrc.install" + mv -f samhainrc.pre samhainrc.install + fi + + tmp_configfile=`echo ${configfile} | sed 's%^REQ_FROM_SERVER%%'` + + if test x"${tmp_configfile}" = x + then + echo " No local configfile to install." + exit 0 + fi + + if test -f ${DESTDIR}${tmp_configfile} && test x"$force" = x + then + echo " ${DESTDIR}${tmp_configfile} exists ... not overwritten (or use --force)" + else + test -z "$verbose" || echo " ${INSTALL_DATA} samhainrc.install ${DESTDIR}${tmp_configfile}" + ${INSTALL_DATA} samhainrc.install ${DESTDIR}${tmp_configfile} + fi + + if test x"${NTEST}" = "x-DSH_WITH_SERVER" + then + test -z "$verbose" || echo " chown @myident@ ${DESTDIR}${tmp_configfile}" + chown @myident@ ${DESTDIR}${tmp_configfile} + fi + + # + # Changed: don't check if DESTDIR is set, as these are not + # the true install locations anyway + # + if test -f trustfile && test x"${DESTDIR}" = x + then + test -z "$verbose" || echo " checking whether paths are trustworthy" + RESULT=`./trustfile ${DESTDIR}${tmp_configfile} 2>&1` + if test x$? != x0 + then + echo + ./trustfile ${DESTDIR}${tmp_configfile} + echo + else + test -z "$verbose" || echo " configuration file ${DESTDIR}${tmp_configfile} ... OK" + fi + + RESULT=`./trustfile ${DESTDIR}${pid_dir} >/dev/null 2>&1` + if test x$? != x0 + then + echo + ./trustfile ${DESTDIR}${pid_dir} + echo + else + test -z "$verbose" || echo " state directory ${DESTDIR}${pid_dir} ... OK" + fi + + RESULT=`./trustfile ${DESTDIR}${mylogdir} >/dev/null 2>&1` + if test x$? != x0 + then + echo + ./trustfile ${DESTDIR}${mylogdir} + echo + else + test -z "$verbose" || echo " state directory ${DESTDIR}${mylogdir} ... OK" + fi + + RESULT=`./trustfile ${DESTDIR}${data_root} >/dev/null 2>&1` + if test x$? != x0 + then + echo + ./trustfile ${DESTDIR}${data_root} + echo + else + test -z "$verbose" || echo " data directory ${DESTDIR}${data_root} ... OK" + fi + fi + # install_data + exit 0 +fi + + Index: /tags/2.5.0/samhain.spec.in =================================================================== --- /tags/2.5.0/samhain.spec.in (revision 189) +++ /tags/2.5.0/samhain.spec.in (revision 189) @@ -0,0 +1,271 @@ +# +# Accepted parameters for 'rpmbuild': +# +# --with tests - make tests before building + +Summary: File integrity and host-based IDS +Name: @install_name@ +Version: @VERSION@ +Release: 1 +License: GPL +Group: System Environment/Base +Source: samhain-%{version}.tar.gz +BuildRoot: %{_tmppath}/samhain-%{version}-root +Packager: Andre Oliveira da Costa +Provides: %{name} + +# dummy (fix configure warning) +# datarootdir = @datarootdir@ + +# no quotes here - aparently will be expanded literally + +%define withpwd_prg x@clmytclient@ +%define withstg_prg x@stegin_prg@ + +# disable automatic stripping of binaries upon installation +%define __spec_install_post %{nil} +# required because DeadRat wants to package some debug info otherwise +# (this debug info would be created by debug_install_post called +# from spec_install_post) +%define debug_package %{nil} +# Use internal dependency generator rather than external helpers? +%define _use_internal_dependency_generator 0 + +%description +@install_name@ is an open source file integrity and host-based intrusion +detection system for Linux and Unix. It can run as a daemon process, and +and thus can remember file changes -- contrary to a tool that runs from +cron, if a file is modified you will get only one report, while +subsequent checks of that file will ignore the modification as it is +already reported (unless the file is modified again). + +@install_name@ can optionally be used as client/server system to provide +centralized monitoring for multiple host. Logging to a (MySQL or +PostgreSQL) database is supported. + +NOTE: for security reasons, if you distribute binary executables to +third parties you should point out the use of the --add-key option to +modify the key material within the executable. +This spec file is intended to facilitate installation on YOUR system. +If you use this spec file to build a SRPM for distribution to third parties, +make sure to remove the --enable-base configure option below. + +%prep +%setup -q -n samhain-%{version} + +%build +%if %{?_with_tests:1}%{!?_with_tests:0} +# test installation (test #7 is only included if --with gpg has been +# specified) +for i in `seq 6` %{?_with_gpg:7}; do ./test/test.sh $i; done +%endif +# +# configure with the user-supplied arguments to './configure' +# +./configure @mydefargs@ +make + +%install + +rm -rf ${RPM_BUILD_ROOT} +# sstrip shouldn't be used since binaries will be stripped later +## cat << EOF > sstrip +## #!/bin/sh +## echo "*** SSTRIP DISABLED ***" +## EOF +make DESTDIR=${RPM_BUILD_ROOT} install +# copy script files to /var/lib/samhain so that we can use them right +# after the package is installed +# +install -m 700 samhain-install.sh init/samhain.startLinux init/samhain.startLSB ${RPM_BUILD_ROOT}@mydataroot@ +# +# file list (helpful advice from Lars Kellogg-Stedman) +# +echo "@sbindir@/@install_name@" > sh_file_list +find %{buildroot}/lib/modules \! -type d -print | \ + sed 's,%{buildroot},,' >> sh_file_list + +%clean +rm -rf ${RPM_BUILD_ROOT} + +%post +if test "x@sh_lkm@" = x; then + : +else + if test -f /sbin/depmod; then + /sbin/depmod -a + fi +fi +if [ "$1" -ge 1 ]; then + # Activate boot-time start up + cd @mydataroot@ + ./samhain-install.sh --verbose install-boot + rm -f ./samhain.startLSB + rm -f ./samhain.startLinux + if [ -f @sbindir@/@install_name@_stealth ]; then + rm -f samhain-install.sh + fi + shkeep=yes + if test x"$shkeep" = xno; then + rm -f ./samhain-install.sh + rm -f @sbindir@/@install_name@_stealth + fi +fi +if [ "$1" = 1 ]; then + if test -f /usr/lib/lsb/install_initd; then + /usr/lib/lsb/install_initd /etc/init.d/@install_name@ + fi +fi + +%if "%{name}" != "yule" +cat << EOF + +Samhain is installed but is NOT running yet, and the database of +file signatures is NOT initialized yet. Read the documentation, +review configuration files, and then (i) initialize it +(@sbindir@/samhain -t init) +and (ii) start it manually +(@sbindir@/samhain start). + +It is configured to start automatically on the next boot for runlevels +[2-5]. + +EOF +%endif +%if "%{name}" == "yule" +cat << EOF + +Yule is installed but is NOT running yet, read the documentation, +review configuration files, and then start it +(@sbindir@/yule) + +It is configured to start automatically on the next boot for runlevels +[2-5]. + +EOF +%endif + +%preun +# stop running instance of samhain, if any +if [ -f @mylockdir@/%{name}.pid ]; then + @sbindir@/@install_name@ stop +fi +if [ "$1" = 0 ]; then + # remove boot-time scripts and links + cd @mydataroot@ + if [ -f ./samhain-install.sh ]; then + ./samhain-install.sh --verbose uninstall-boot + else + if test -f /usr/lib/lsb/remove_initd; then + /usr/lib/lsb/remove_initd /etc/init.d/@install_name@ + fi + rm -f /etc/init.d/@install_name@ + fi +fi + +%postun +if [ "$1" = 0 ]; then + # remove any kernel modules that might have been installed + RVER=`uname -r` + MODFILES=`ls /lib/modules/$RVER/@install_name@* 2>/dev/null` + if test "x$MODFILES" = x; then + : + else + rm -f /lib/modules/$RVER/@install_name@* + fi +fi + + +%files -f sh_file_list +%defattr(-,root,root) +%dir @mylockdir@ +%dir @mylogdir@ +%doc docs/BUGS COPYING docs/Changelog docs/TODO +%doc LICENSE docs/FAQ.html docs/HOWTO* docs/MANUAL-2_3.* docs/README* +@mydataroot@ +%if "%{withstg_prg}" == "xsamhain_stealth" + @sbindir@/@install_name@_stealth +%endif +%if "%{withpwd_prg}" == "xDSH_WITH_CLIENT" + @sbindir@/@install_name@_setpwd +%endif +%if "%{withpwd_prg}" == "xDSH_WITH_SERVER" + @sbindir@/@install_name@ctl + %exclude @sbindir@/@install_name@_setpwd +%endif +%attr(644,root,root) @mandir@/man5/@install_name@* +%attr(644,root,root) @mandir@/man8/@install_name@* +%config(noreplace) @myrpmconffile@ + +%changelog +* Tue May 16 2006 Rainer Wichmann +- fix manual version, noticed by Imre Gergely + +* Tue Apr 05 2005 Rainer Wichmann +- disable automatic stripping, use sstrip + +* Thu Mar 17 2005 Rainer Wichmann +- fixes for enable-khide + +* Wed Oct 20 2004 Rainer Wichmann +- more fixes for client/server detection +- fix for samhain_stealth + +* Sun Aug 15 2004 Rainer Wichmann +- fix detection of client/server + +* Sat Jun 19 2004 Rainer Wichmann +- replace ./test.sh $i with make test$i +- add logic for rpm-light (remove some more files after install) +- make postun posix compliant (avoid empty argument list for rm -f) + +* Wed Dec 31 2003 Stijn Jonker +- Fixed correctly build of yule-*-rpm +- Fixed excluding of yule_setpwd, and including of yulectl on yule build +- Fixed including of samhain_setpwd in samhain client build +- Above changes required for correct build in newer rpms, + with defaults for abort on unpacked files due to + %_unpackaged_files_terminate_build 1 setting +- Fixed installation text for yule, not to display samhain text +- Added /sbin/chkconfig install_name on to enable the rc scripts + +* Thu Dec 11 2003 Christian Vanguers +- Fixed typo in samhain.spec +- Compiled on RedHat Enterprise Linux ES 3 + +* Thu Mar 26 2003 Rainer Wichmann +- strip REQ_FROM_SERVER in config file path (%config(noreplace) ...) + +* Sun Jan 12 2003 Rainer Wichmann +- replace %configure with ./configure + +* Tue Dec 24 2002 Rainer Wichmann +- backported applicable changes to samhain.spec.in +- warn user that database must be initialized +- fix version of MANUAL in '%files' +- test for chkconfig, use only if found + +* Sun Dec 22 2002 Andre Oliveira da Costa 1.7.0 +- fixed typo with _usr macro on ./configure +- stops running samhain before uninstall +- implemented conditionals to allow proper uninstalls/upgrades +- 'BuildPreReq: gpg' is considered only if '--with gpg' is provided +- run 'chkconfig' to activate samhain after installation +- warn user that samhain must be manually started after + install/upgrade + +* Fri Dec 20 2002 Rainer Wichmann +- backported to samhain.spec.in (take over user's choices from configure) +- also save samhain.startLSB and samhain.startSuSE for install-boot + +* Thu Dec 19 2002 Andre Oliveira da Costa 1.6.6 +- optional parameters '--with gpg' and '--with tests' +- use of pre-defined macros whenever possible + +* Wed Dec 18 2002 Andre Oliveira da Costa 1.6.6 +- Fixed installation process, avoiding hardcoded paths on the binaries + (thks to samhain's author Rainer Wichmann) + +* Mon Dec 16 2002 Andre Oliveira da Costa 1.6.6 +- First attempt to build from sources + Index: /tags/2.5.0/samhainrc.aix5.2.0 =================================================================== --- /tags/2.5.0/samhainrc.aix5.2.0 (revision 189) +++ /tags/2.5.0/samhainrc.aix5.2.0 (revision 189) @@ -0,0 +1,236 @@ +##################################################################### +# +# AIX 5.2.0 configuration file for Samhain. +# +#################################################################### +# +# Date : 23.10.2003 +# Author : Christoph Kiefer (chkiefer@intergga.ch) +# Comment : Samhain client configuration file. Should work +# for AIX 5.1.0. The Samhain version is 1.7.12 +# This configuration fits MY needs, YOU will +# probably have to modify it. +# +# Changes : Date Name Remarks +# 23.10.2003 Christoph Kiefer Initial Version +# +##################################################################### +# +# -- empty lines and lines starting with '#', ';' or '//' are ignored +# -- boolean options can be Yes/No or True/False or 1/0 +# -- you can PGP clearsign this file -- samhain will check (if compiled +# with support) or otherwise ignore the signature +# -- CHECK mail address +# +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +# +##################################################################### +# SETUP for file system checking: +# (i) There are several policies, each has its own section. Put files +# into the section for the appropriate policy (see below). +# (ii) Section [EventSeverity]: +# To each policy, you can assign a severity (further below). +# (iii) Section [Log]: +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +##################################################################### + +##################################################################### +# +# Files are defined with: file = /absolute/path +# +# Directories are defined with: dir = /absolute/path +# or with an optional recursion depth (N <= 99): dir = N/absolute/path +# +# Directory inodes are checked. If you only want to check files +# in a directory, but not the directory inode itself, use (e.g.): +# +# [ReadOnly] +# dir = /some/directory +# [IgnoreAll] +# file = /some/directory +# +# You can use shell-style globbing patterns, like: file = /path/foo* +# +###################################################################### + +[Misc] +MessageHeader="" +RedefLogFiles=-INO +SetFilecheckTime=3600 +SetLoopTime=3600 +SetRecursionLevel=99 +DigestAlgo=SHA1 +ChecksumTest=check +SetTimeServer=localhost +ReportFullDetail=no +Daemon=yes +HideSetup=yes +ReportOnlyOnce=yes +UseLocalTime=yes + +## The Prelude-IDS profile to use for reporting +## default value is "samhain" +# +# PreludeProfile = samhain + +## Map these samhain severities to impact severity 'info' severity +# +# PreludeMapToInfo = + +## Map these samhain severities to impact severity 'low' severity +# +# PreludeMapToLow = debug info + +## Map these samhain severities to impact severity 'medium' severity +# +# PreludeMapToMedium = notice warn err + +## Map these samhain severities to impact severity 'high' severity +# +# PreludeMapToHigh = crit alert + +[IgnoreAll] +dir=-1/etc/objrepos +dir=-1/etc/vg +dir=-1/dev/.SRC-unix +dir=-1/dev/pts +dir=-1/opt +dir=-1/tmp +dir=-1/usr/share/lib/objrepos +dir=-1/usr/share/man +dir=-1/var/adm/cron +dir=-1/var/tmp +file=/dev/log* + +[Attributes] +file=/etc/lpp/diagnostics/data/* +file=/audit/auditb +file=/dev +# file=/etc/bootpd.dump +file=/etc/bootptab +file=/etc/inittab +file=/etc/xtab +dir=/dev +dir=/usr/dt +dir=/usr/lib/instl +dir=/usr/lib/lpd +dir=/usr/lib/mh +dir=/usr/lib/sa +dir=/usr/lpp + +[LogFiles] +file=/etc/rmtab +file=/etc/security/failedlogin +file=/etc/security/lastlog +file=/etc/security/portlog +file=/etc/utmp +# file=/smit.log +file=/var/adm/*log* +file=/var/adm/ras/*log* +file=/var/adm/wtmp +file=/var/log/*log* + +[IgnoreNone] +file=/etc/tsh_profile + +[ReadOnly] +dir=/etc/security/ldap +file=/etc/*.cnf +file=/etc/*conf* +file=/etc/aliases +file=/etc/dumpdates +file=/etc/environment +file=/etc/exports +file=/etc/filesystems +file=/etc/ftpusers +file=/etc/group +file=/etc/hosts* +file=/etc/motd +file=/etc/passwd +file=/etc/profile +file=/etc/protocols +file=/etc/publickey +file=/etc/rc.* +file=/etc/rpc +file=/etc/security/acl +file=/etc/security/environ +file=/etc/security/group +file=/etc/security/limits +file=/etc/security/login.cfg +file=/etc/security/passwd +file=/etc/security/roles +file=/etc/security/smitacl.* +file=/etc/security/user* +file=/etc/sendmail.cf +file=/etc/services +file=/etc/sudoers +file=/etc/swapspaces +file=/etc/vfs +# file=/smit.script +dir=/etc/mail +dir=/etc/rc.d +dir=/etc/security/audit +dir=/home/root +dir=/sbin +dir=/usr/X11R6 +dir=/usr/bin +dir=/usr/ccs +dir=/usr/etc +dir=/usr/include +dir=/usr/lib/boot +dir=/usr/lib/methods +dir=/usr/lib/microcode +dir=/usr/lib/security +dir=/usr/lib/smit +dir=/usr/local/bin +dir=/usr/sbin +dir=/usr/share +dir=/usr/ucb + +[EventSeverity] +SeverityAttributes=crit +SeverityDirs=err +SeverityFiles=err +SeverityGrowingLogs=warn +SeverityIgnoreNone=crit +SeverityLogFiles=crit +SeverityReadOnly=crit +SeverityIgnoreAll=info +SeverityNames=info + +[Log] +ExportClass=RUN FIL PANIC ERR ENET EINPUT +LogSeverity=none +MailSeverity=none +PrintSeverity=none +ExportSeverity=warn +SyslogSeverity=warn + +## Logging to a Prelude-IDS +## +# PreludeSeverity = crit + +[SuidCheck] +SuidCheckExclude=/proc +SuidCheckActive=1 +SuidCheckInterval=1800 +SuidCheckFps=250 +#SuidCheckYield=no +SeveritySuidCheck=alert +#SuidCheckQuarantineFiles=yes +#SuidCheckQuarantineMethod=0 +# SuidCheckQuarantineDelete = yes + + +[Utmp] +LoginCheckActive=1 +LoginCheckInterval=30 +SeverityLogin=info +SeverityLogout=info +SeverityLoginMulti=warn + +[EOF] Index: /tags/2.5.0/samhainrc.freebsd =================================================================== --- /tags/2.5.0/samhainrc.freebsd (revision 189) +++ /tags/2.5.0/samhainrc.freebsd (revision 189) @@ -0,0 +1,726 @@ +##################################################################### +# +# FreeBSD Configuration file for samhain. +# +##################################################################### +# +# -- empty lines and lines starting with '#', ';' or '//' are ignored +# -- boolean options can be Yes/No or True/False or 1/0 +# -- you can PGP clearsign this file -- samhain will check (if compiled +# with support) or otherwise ignore the signature +# -- CHECK mail address +# +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +# +##################################################################### +# SETUP for file system checking: +# (i) There are several policies, each has its own section. Put files +# into the section for the appropriate policy (see below). +# (ii) Section [EventSeverity]: +# To each policy, you can assign a severity (further below). +# (iii) Section [Log]: +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +##################################################################### + +##################################################################### +# +# Files are defined with: file = /absolute/path +# +# Directories are defined with: dir = /absolute/path +# or with an optional recursion depth (N <= 99): dir = N/absolute/path +# +# Directory inodes are checked. If you only want to check files +# in a directory, but not the directory inode itself, use (e.g.): +# +# [ReadOnly] +# dir = /some/directory +# [IgnoreAll] +# file = /some/directory +# +# You can use shell-style globbing patterns, like: file = /path/foo* +# +###################################################################### + +[Misc] +## +## Add or subtract tests from the policies +## - if you want to change their definitions, +## you need to do that before using the policies +## +# RedefReadOnly = (no default) +# RedefAttributes=(no default) +# RedefLogFiles=(no default) +# RedefGrowingLogFiles=(no default) +# RedefIgnoreAll=(no default) +# RedefIgnoreNone=(no default) +# RedefUser0=(no default) +# RedefUser1=(no default) + +# +# --------- / -------------- +# + +[ReadOnly] +dir = 0/ + +[Attributes] +file = / +file = /proc +file = /entropy +file = /tmp +file = /var + +# +# --------- /dev ----------- +# + +[Attributes] +dir = 99/dev + +[IgnoreAll] +file = /dev/ttyp? + +[Misc] +## +## pseudo terminals are created/removed as needed +## +IgnoreAdded = /dev/(p|t)typ.* +IgnoreMissing = /dev/(p|t)typ.* + + +# +# --------- /etc ----------- +# + +[ReadOnly] +## +## for these files, only access time is ignored +## +dir = 99/etc + + +# +# --------- /boot ----------- +# + +[ReadOnly] +dir = 99/boot + +# +# --------- /bin, /sbin ----------- +# + +[ReadOnly] +dir = 99/bin +dir = 99/sbin + +# +# --------- /lib ----------- +# + +[ReadOnly] +dir = 99/lib + +# +# --------- /libexec ----------- +# + +[ReadOnly] +dir = 99/libexec + +# +# --------- /rescue ----------- +# + +[ReadOnly] +dir = 99/rescue + +# +# --------- /root ----------- +# + +[Attributes] +## +## for these files, only changes in permissions and ownership are checked +## +dir = 99/root + +# +# --------- /stand ----------- +# + +[ReadOnly] +dir = 99/stand + +# +# --------- /usr ----------- +# + +[ReadOnly] +dir = 99/usr + +[Attributes] +dir = /usr/.snap +dir = /usr/share/man/cat? +file = /usr/compat/linux/etc +file = /usr/compat/linux/etc/ld.so.cache + +[IgnoreAll] +dir = -1/usr/home + +# +# --------- /var ----------- +# + +[Attributes] + +dir = 0/var + +[LogFiles] +## +## for these files, changes in signature, timestamps, and size are ignored +## + +file=/var/run/utmp + +[GrowingLogFiles] +## +## For these files, changes in signature, timestamps, and increase in size +## are ignored. Logfile rotation will cause a report because of shrinking +## size and different inode. +## +dir = 99/var/log + +[Attributes] +# +# rotated logs will change inode +# +file = /var/log/*.[0-9].bz2 +file = /var/log/*.[0-9].log +file = /var/log/*.[0-9] +file = /var/log/*.[0-9][0-9] +file = /var/log/*.old + +file = /var/log/sendmail.st + + +[Misc] +# +# Various naming schemes for rotated logs +# +IgnoreAdded = /var/log/.*\.[0-9]+$ +IgnoreAdded = /var/log/.*\.[0-9]+\.gz$ +IgnoreAdded = /var/log/.*\.[0-9]+\.bz2$ +IgnoreAdded = /var/log/.*\.[0-9]+\.log$ + + +[IgnoreNone] +## +## for these files, all modifications (even access time) are reported +## - you may create some interesting-looking file (like /etc/safe_passwd), +## just to watch whether someone will access it ... +## + + + +[User0] +[User1] +## User0 and User1 are sections for files/dirs with user-definable checking +## (see the manual) + +[EventSeverity] +## +## Here you can assign severities to policy violations. +## If this severity exceeds the treshold of a log facility (see below), +## a policy violation will be logged to that facility. +## + +# +# Severity for verification failures. +# +# SeverityReadOnly=crit +# SeverityLogFiles=crit +# SeverityGrowingLogs=crit +# SeverityIgnoreNone=crit +# SeverityAttributes=crit +# SeverityUser0=crit +# SeverityUser1=crit + +## We have a file in IgnoreAll that might or might not be present. +## Setting the severity to 'info' prevents messages about deleted/new file. +## +# SeverityIgnoreAll=crit +SeverityIgnoreAll=info + +## Files : file access problems +# SeverityFiles=crit + +## Dirs : directory access problems +# SeverityDirs=crit + +## Names : suspect (non-printable) characters in a pathname +# SeverityNames=crit + +[Log] +## +## Switch on/OFF log facilities and set their threshold severity +## +## Values: debug, info, notice, warn, mark, err, crit, alert, none. +## 'mark' is used for timestamps. +## +## Use 'none' to SWITCH OFF a log facility +## +## By default, everything equal to and above the threshold is logged. +## The specifiers '*', '!', and '=' are interpreted as +## 'all', 'all but', and 'only', respectively (like syslogd(8) does, +## at least on Linux). Examples: +## MailSeverity=* +## MailSeverity=!warn +## MailSeverity==crit + +## E-mail +## +# MailSeverity=none + +## Console +## +# PrintSeverity=info + +## Logfile +## +# LogSeverity=mark + +## Syslog +## +# SyslogSeverity=none + +## Remote server (yule) +## +# ExportSeverity=none + +## External script or program +## +# ExternalSeverity = none + +## Logging to a database +## +# DatabaseSeverity = none + +## Logging to a Prelude-IDS +## +# PreludeSeverity = crit + + +##################################################### +# +# Optional modules +# +##################################################### + +# [SuidCheck] +## +## --- Check the filesystem for SUID/SGID binaries +## + +## Switch on +# +# SuidCheckActive = yes + +## Interval for check (seconds) +# +# SuidCheckInterval = 7200 + +## Alternative: crontab-like schedule +# +# SuidCheckSchedule = NULL + +## Directory to exclude +# +# SuidCheckExclude = NULL + +## Limit on files per second (0 == no limit) +# +# SuidCheckFps = 0 + +## Alternative: yield after every file +# +# SuidCheckYield = no + +## Severity of a detection +# +# SeveritySuidCheck = crit + +## Quarantine SUID/SGID files if found +# +# SuidCheckQuarantineFiles = yes + +## Method for Quarantining files: +# 0 - Delete the file. +# 1 - Remove SUID/SGID permissions from file. +# 2 - Move SUID/SGID file to quarantine dir. +# +# SuidCheckQuarantineMethod = 0 + +## For method 1 and 3, really delete instead of truncating +# +# SuidCheckQuarantineDelete = yes + +# [Kernel] +## +## --- Check for loadable kernel module rootkits (Linux/FreeBSD only) +## + +## Switch on/off +# +# KernelCheckActive = True + +## Check interval (seconds); btw., the check is VERY fast +# +# KernelCheckInterval = 300 + +## Severity +# +# SeverityKernel = crit + + +# [Utmp] +## +## --- Logging of login/logout events +## + +## Switch on/off +# +# LoginCheckActive = True + +## Severity for logins, multiple logins, logouts +# +# SeverityLogin=info +# SeverityLoginMulti=warn +# SeverityLogout=info + +## Interval for login/logout checks +# +# LoginCheckInterval = 300 + + +# [Database] +## +## --- Logging to a relational database +## + +## Database name +# +# SetDBName = samhain + +## Database table +# +# SetDBTable = log + +## Database user +# +# SetDBUser = samhain + +## Database password +# +# SetDBPassword = (default: none) + +## Database host +# +# SetDBHost = localhost + +## Log the server timestamp for received messages +# +# SetDBServerTstamp = True + +## Use a persistent connection +# +# UsePersistent = True + + +# [External] +## +## Interface to call external scripts/programs for logging +## + +## The absolute path to the command +## - Each invocation of this directive will end the definition of the +## preceding command, and start the definition of +## an additional, new command +# +# OpenCommand = (no default) + +## Type (log or srv) +## - log for log messages, srv for messages received by the server +# +# SetType = log + +## The command (full command line) to execute +# +# SetCommandLine = (no default) + +## The environment (KEY=value; repeat for more) +# +# SetEnviron = TZ=(your timezone) + +## The TIGER192 checksum (optional) +# +# SetChecksum = (no default) + +## User who runs the command +# +# SetCredentials = (default: samhain process uid) + +## Words not allowed in message +# +# SetFilterNot = (none) + +## Words required (ALL of them) +# +# SetFilterAnd = (none) + +## Words required (at least one) +# +# SetFilterOr = (none) + +## Deadtime between consecutive calls +# +# SetDeadtime = 0 + +## Add default environment (HOME, PATH, SHELL) +# +# SetDefault = no + + + +##################################################### +# +# Miscellaneous configuration options +# +##################################################### + +[Misc] + +## whether to become a daemon process +## (this is not honoured on database initialisation) +# +# Daemon = no +Daemon = yes + +# whether to test signature of files (init/check/none) +# - if 'none', then we have to decide this on the command line - +# +# ChecksumTest = none +ChecksumTest=check + +# Set nice level (-19 to 19, see 'man nice'), +# and I/O limit (kilobytes per second; 0 == off) +# to reduce load on host. +# +# SetNiceLevel = 0 +# SetIOLimit = 0 + +## The version string to embed in file signature databases +# +# VersionString = NULL + +## Interval between time stamp messages +# +# SetLoopTime = 60 +SetLoopTime = 600 + +## Interval between file checks +# +# SetFileCheckTime = 600 +SetFileCheckTime = 7200 + +## Alternative: crontab-like schedule +# +# FileCheckScheduleOne = NULL + +## Alternative: crontab-like schedule(2) +# +# FileCheckScheduleTwo = NULL + +## Report only once on modified files +## Setting this to 'FALSE' will generate a report for any policy +## violation (old and new ones) each time the daemon checks the file system. +# +# ReportOnlyOnce = True + +## Report in full detail +# +# ReportFullDetail = False + +## Report file timestamps in local time rather than GMT +# +# UseLocalTime = No + +## The console device (can also be a file or named pipe) +## - There are two console devices. Accordingly, you can use +## this directive a second time to set the second console device. +## If you have not defined the second device at compile time, +## and you don't want to use it, then: +## setting it to /dev/null is less effective than just leaving +## it alone (setting to /dev/null will waste time by opening +## /dev/null and writing to it) +# +# SetConsole = /dev/console + +## Activate the SysV IPC message queue +# +# MessageQueueActive = False + + +## If false, skip reverse lookup when connecting to a host known +## by name rather than IP address (i.e. trust the DNS) +# +# SetReverseLookup = True + + +## --- E-Mail --- + +# Only highest-level (alert) reports will be mailed immediately, +# others will be queued. Here you can define, when the queue will +# be flushed (Note: the queue is automatically flushed after +# completing a file check). +# +# SetMailTime = 86400 + +## Maximum number of mails to queue +# +# SetMailNum = 10 + +## Recipient (max. 8) +# +# SetMailAddress=root@localhost + +## Mail relay (IP address) +# +# SetMailRelay = NULL + +## Custom subject format +# +# MailSubject = NULL + +## --- end E-Mail --- + + +## Path to the executable. If set, will be checksummed after startup +## and before exit. +# +# SamhainPath = (no default) + + +## The IP address of the log server +# +# SetLogServer = (default: compiled-in) + +## The IP address of the time server +# +# SetTimeServer = (default: compiled-in) + +## Trusted Users (comma delimited list of user names) +# +# TrustedUser = (no default; this adds to the compiled-in list) + +## Path to the file signature database +# +# SetDatabasePath = (default: compiled-in) + +## Path to the log file +# +# SetLogfilePath = (default: compiled-in) + +## Path to the PID file +# +# SetLockPath = (default: compiled-in) + + +## The digest/checksum/hash algorithm +# +# DigestAlgo = TIGER192 + + +## Custom format for message header. +## CAREFUL if you use XML logfile format. +## +## %S severity +## %T timestamp +## %C class +## +## %F source file +## %L source line +# +# MessageHeader="%S %T " + + +## Don't log path to config/database file on startup +# +# HideSetup = False + +## The syslog facility, if you log to syslog +# +# SyslogFacility = LOG_AUTHPRIV +SyslogFacility=LOG_LOCAL2 + +## The message authentication method +## - If you change this, you *must* change it +## on client *and* server +# +# MACType = HMAC-TIGER + + +## The Prelude-IDS profile to use for reporting +## default value is "samhain" +# +# PreludeProfile = samhain + +## Map these samhain severities to impact severity 'info' severity +# +# PreludeMapToInfo = + +## Map these samhain severities to impact severity 'low' severity +# +# PreludeMapToLow = debug info + +## Map these samhain severities to impact severity 'medium' severity +# +# PreludeMapToMedium = notice warn err + +## Map these samhain severities to impact severity 'high' severity +# +# PreludeMapToHigh = crit alert + +# everything below is ignored +[EOF] + +##################################################################### +# This would be the proper syntax for parts that should only be +# included for certain hosts. +# You may enclose anything in a @HOSTNAME/@end bracket, as long as the +# result still has the proper syntax for the config file. +# You may have any number of @HOSTNAME/@end brackets. +# HOSTNAME should be the fully qualified 'official' name +# (e.g. 'nixon.watergate.com', not 'nixon'), no aliases. +# No IP number - except if samhain cannot determine the +# fully qualified hostname. +# +# @HOSTNAME +# file=/foo/bar +# @end +# +# These are two examples for conditional inclusion/exclusion +# of a machine based on the output from 'uname -srm' +# $Linux:2.*.7:i666 +# file=/foo/bar3 +# $end +# +# !$Linux:2.*.7:i686 +# file=/foo/bar2 +# $end +# +##################################################################### Index: /tags/2.5.0/samhainrc.linux =================================================================== --- /tags/2.5.0/samhainrc.linux (revision 189) +++ /tags/2.5.0/samhainrc.linux (revision 189) @@ -0,0 +1,770 @@ +##################################################################### +# +# Configuration file template for samhain. +# +##################################################################### +# +# -- empty lines and lines starting with '#', ';' or '//' are ignored +# -- boolean options can be Yes/No or True/False or 1/0 +# -- you can PGP clearsign this file -- samhain will check (if compiled +# with support) or otherwise ignore the signature +# -- CHECK mail address +# +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +# +##################################################################### +# +# SETUP for file system checking: +# +# (i) There are several policies, each has its own section. Put files +# into the section for the appropriate policy (see below). +# (ii) Section [EventSeverity]: +# To each policy, you can assign a severity (further below). +# (iii) Section [Log]: +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +# +##################################################################### + +##################################################################### +# +# Files are defined with: file = /absolute/path +# +# Directories are defined with: dir = /absolute/path +# or with an optional recursion depth (N <= 99): dir = N/absolute/path +# +# Directory inodes are checked. If you only want to check files +# in a directory, but not the directory inode itself, use (e.g.): +# +# [ReadOnly] +# dir = /some/directory +# [IgnoreAll] +# file = /some/directory +# +# You can use shell-style globbing patterns, like: file = /path/foo* +# +###################################################################### + +[Misc] +## +## Add or subtract tests from the policies +## - if you want to change their definitions, +## you need to do that before using the policies +## +# RedefReadOnly = (no default) +# RedefAttributes=(no default) +# RedefLogFiles=(no default) +# RedefGrowingLogFiles=(no default) +# RedefIgnoreAll=(no default) +# RedefIgnoreNone=(no default) + +# RedefUser0=(no default) +# RedefUser1=(no default) + +# +# --------- / -------------- +# + +[ReadOnly] +dir = 0/ + +[Attributes] +file = /tmp +file = /dev +file = /media +file = /proc +file = /sys + +# +# --------- /etc ----------- +# + +[ReadOnly] +## +## for these files, only access time is ignored +## +dir = 99/etc + +[Attributes] +## +## check permission and ownership +## +file = /etc/mtab +file = /etc/adjtime +file = /etc/motd +file = /etc/lvm/.cache + +# On Ubuntu, these are in /var/lib rather than /etc +file = /etc/cups/certs +file = /etc/cups/certs/0 + +# managed by fstab-sync on Fedora Core +file = /etc/fstab + +# modified when booting +file = /etc/sysconfig/hwconf + +# There are files in /etc that might change, thus changing the directory +# timestamps. Put it here as 'file', and in the ReadOnly section as 'dir'. + +file = /etc + +# +# --------- /boot ----------- +# + +[ReadOnly] +dir = 99/boot + +# +# --------- /bin, /sbin ----------- +# + +[ReadOnly] +dir = 99/bin +dir = 99/sbin + +# +# --------- /lib ----------- +# + +[ReadOnly] +dir = 99/lib + +# +# --------- /dev ----------- +# + +[Attributes] +dir = 99/dev + +[IgnoreAll] +## +## pseudo terminals are created/removed as needed +## +dir = -1/dev/pts + +# dir = -1/dev/.udevdb + +file = /dev/ppp + +# +# --------- /usr ----------- +# + +[ReadOnly] +dir = 99/usr + +# +# --------- /var ----------- +# + +[ReadOnly] +dir = 99/var + +[IgnoreAll] +dir = -1/var/cache +dir = -1/var/backups +dir = -1/var/games +dir = -1/var/gdm +dir = -1/var/lock +dir = -1/var/mail +dir = -1/var/run +dir = -1/var/spool +dir = -1/var/tmp +dir = -1/var/lib/texmf +dir = -1/var/lib/scrollkeeper + + +[Attributes] + +dir = /var/lib/nfs +dir = /var/lib/pcmcia + +# /var/lib/rpm changes if packets are installed; +# /var/lib/rpm/__db.00[123] even more frequently +file = /var/lib/rpm/__db.00? + +file = /var/lib/acpi-support/vbestate +file = /var/lib/alsa/asound.state +file = /var/lib/apt/lists/lock +file = /var/lib/apt/lists/partial +file = /var/lib/cups/certs +file = /var/lib/cups/certs/0 +file = /var/lib/dpkg/lock +file = /var/lib/gdm +file = /var/lib/gdm/.cookie +file = /var/lib/gdm/.gdmfifo +file = /var/lib/gdm/:0.Xauth +file = /var/lib/gdm/:0.Xservers +file = /var/lib/logrotate/status +file = /var/lib/mysql +file = /var/lib/mysql/ib_logfile0 +file = /var/lib/mysql/ibdata1 +file = /var/lib/slocate +file = /var/lib/slocate/slocate.db +file = /var/lib/slocate/slocate.db.tmp +file = /var/lib/urandom +file = /var/lib/urandom/random-seed +file = /var/lib/random-seed +file = /var/lib/xkb + + +[GrowingLogFiles] +## +## For these files, changes in signature, timestamps, and increase in size +## are ignored. Logfile rotation will cause a report because of shrinking +## size and different inode. +## +dir = 99/var/log + +[Attributes] +# +# rotated logs will change inode +# +file = /var/log/*.[0-9].gz +file = /var/log/*.[0-9].log +file = /var/log/*.[0-9] +file = /var/log/*.old +file = /var/log/*/*.[0-9].gz +file = /var/log/*/*.[0-9][0-9].gz +file = /var/log/*/*.log.[0-9] + +[Misc] +# +# Various naming schemes for rotated logs +# +IgnoreAdded = /var/log/.*\.[0-9]+$ +IgnoreAdded = /var/log/.*\.[0-9]+\.gz$ +IgnoreAdded = /var/log/.*\.[0-9]+\.log$ +# +# Subdirectories +# +IgnoreAdded = /var/log/[[:alnum:]]+/.*\.[0-9]+$ +IgnoreAdded = /var/log/[[:alnum:]]+/.*\.[0-9]+\.gz$ +IgnoreAdded = /var/log/[[:alnum:]]+/.*\.[0-9]+\.log$ +# +IgnoreAdded = /var/lib/slocate/slocate.db.tmp +IgnoreMissing = /var/lib/slocate/slocate.db.tmp + +# +# --------- other policies ----------- +# + +[IgnoreNone] +## +## for these files, all modifications (even access time) are reported +## - you may create some interesting-looking file (like /etc/safe_passwd), +## just to watch whether someone will access it ... +## + +[Prelink] +## +## Use for prelinked files or directories holding them +## + + +[User0] +[User1] +## User0 and User1 are sections for files/dirs with user-definable checking +## (see the manual) + + + +[EventSeverity] +## +## Here you can assign severities to policy violations. +## If this severity exceeds the treshold of a log facility (see below), +## a policy violation will be logged to that facility. +## +## Severity for verification failures. +## +# SeverityReadOnly=crit +# SeverityLogFiles=crit +# SeverityGrowingLogs=crit +# SeverityIgnoreNone=crit +# SeverityAttributes=crit +# SeverityUser0=crit +# SeverityUser1=crit +# SeverityIgnoreAll=crit + + +## Files : file access problems +# SeverityFiles=crit + +## Dirs : directory access problems +# SeverityDirs=crit + +## Names : suspect (non-printable) characters in a pathname +# SeverityNames=crit + +[Log] +## +## Switch on/OFF log facilities and set their threshold severity +## +## Values: debug, info, notice, warn, mark, err, crit, alert, none. +## 'mark' is used for timestamps. +## +## +## Use 'none' to SWITCH OFF a log facility +## +## By default, everything equal to and above the threshold is logged. +## The specifiers '*', '!', and '=' are interpreted as +## 'all', 'all but', and 'only', respectively (like syslogd(8) does, +## at least on Linux). Examples: +## MailSeverity=* +## MailSeverity=!warn +## MailSeverity==crit + +## E-mail +## +# MailSeverity=none + +## Console +## +# PrintSeverity=info + +## Logfile +## +# LogSeverity=mark + +## Syslog +## +# SyslogSeverity=none + +## Remote server (yule) +## +# ExportSeverity=none + +## External script or program +## +# ExternalSeverity = none + +## Logging to a database +## +# DatabaseSeverity = none + +## Logging to a Prelude-IDS +## +# PreludeSeverity = crit + + + +##################################################### +# +# Optional modules +# +##################################################### + +# [SuidCheck] +## +## --- Check the filesystem for SUID/SGID binaries +## + +## Switch on +# +# SuidCheckActive = yes + +## Interval for check (seconds) +# +# SuidCheckInterval = 7200 + +## Alternative: crontab-like schedule +# +# SuidCheckSchedule = NULL + +## Directory to exclude +# +# SuidCheckExclude = NULL + +## Limit on files per second (0 == no limit) +# +# SuidCheckFps = 0 + +## Alternative: yield after every file +# +# SuidCheckYield = no + +## Severity of a detection +# +# SeveritySuidCheck = crit + +## Quarantine SUID/SGID files if found +# +# SuidCheckQuarantineFiles = yes + +## Method for Quarantining files: +# 0 - Delete or truncate the file. +# 1 - Remove SUID/SGID permissions from file. +# 2 - Move SUID/SGID file to quarantine dir. +# +# SuidCheckQuarantineMethod = 0 + +## For method 1 and 3, really delete instead of truncating +# +# SuidCheckQuarantineDelete = yes + +#[Kernel] +## +## --- Check for loadable kernel module rootkits (Linux/FreeBSD only) +## + +## Switch on/off +# +# KernelCheckActive = True + +## Check interval (seconds); btw., the check is VERY fast +# +# KernelCheckInterval = 300 + +## Severity +# +# SeverityKernel = crit + + +# [Utmp] +## +## --- Logging of login/logout events +## + +## Switch on/off +# +# LoginCheckActive = True + +## Severity for logins, multiple logins, logouts +# +# SeverityLogin=info +# SeverityLoginMulti=warn +# SeverityLogout=info + +## Interval for login/logout checks +# +# LoginCheckInterval = 300 + + +# [Database] +## +## --- Logging to a relational database +## + +## Database name +# +# SetDBName = samhain + +## Database table +# +# SetDBTable = log + +## Database user +# +# SetDBUser = samhain + +## Database password +# +# SetDBPassword = (default: none) + +## Database host +# +# SetDBHost = localhost + +## Log the server timestamp for received messages +# +# SetDBServerTstamp = True + +## Use a persistent connection +# +# UsePersistent = True + +# [External] +## +## Interface to call external scripts/programs for logging +## + +## The absolute path to the command +## - Each invocation of this directive will end the definition of the +## preceding command, and start the definition of +## an additional, new command +# +# OpenCommand = (no default) + +## Type (log or rv) +## - log for log messages, srv for messages received by the server +# +# SetType = log + +## The command (full command line) to execute +# +# SetCommandLine = (no default) + +## The environment (KEY=value; repeat for more) +# +# SetEnviron = TZ=(your timezone) + +## The TIGER192 checksum (optional) +# +# SetChecksum = (no default) + +## User who runs the command +# +# SetCredentials = (default: samhain process uid) + +## Words not allowed in message +# +# SetFilterNot = (none) + +## Words required (ALL of them) +# +# SetFilterAnd = (none) + +## Words required (at least one) +# +# SetFilterOr = (none) + +## Deadtime between consecutive calls +# +# SetDeadtime = 0 + +## Add default environment (HOME, PATH, SHELL) +# +# SetDefault = no + + +##################################################### +# +# Miscellaneous configuration options +# +##################################################### + +[Misc] + +## whether to become a daemon process +## (this is not honoured on database initialisation) +# +# Daemon = no +Daemon = yes + +## whether to test signature of files (init/check/none) +## - if 'none', then we have to decide this on the command line - +# +# ChecksumTest = none +ChecksumTest=check + +## Set nice level (-19 to 19, see 'man nice'), +## and I/O limit (kilobytes per second; 0 == off) +## to reduce load on host. +# +# SetNiceLevel = 0 +# SetIOLimit = 0 + +## The version string to embed in file signature databases +# +# VersionString = NULL + +## Interval between time stamp messages +# +# SetLoopTime = 60 +SetLoopTime = 600 + +## Interval between file checks +# +# SetFileCheckTime = 600 +SetFileCheckTime = 7200 + +## Alternative: crontab-like schedule +# +# FileCheckScheduleOne = NULL + +## Alternative: crontab-like schedule(2) +# +# FileCheckScheduleTwo = NULL + +## Report only once on modified files +## Setting this to 'FALSE' will generate a report for any policy +## violation (old and new ones) each time the daemon checks the file system. +# +# ReportOnlyOnce = True + +## Report in full detail +# +# ReportFullDetail = False + +## Report file timestamps in local time rather than GMT +# +# UseLocalTime = No + +## The console device (can also be a file or named pipe) +## - There are two console devices. Accordingly, you can use +## this directive a second time to set the second console device. +## If you have not defined the second device at compile time, +## and you don't want to use it, then: +## setting it to /dev/null is less effective than just leaving +## it alone (setting to /dev/null will waste time by opening +## /dev/null and writing to it) +# +# SetConsole = /dev/console + +## Activate the SysV IPC message queue +# +# MessageQueueActive = False + + +## If false, skip reverse lookup when connecting to a host known +## by name rather than IP address (i.e. trust the DNS) +# +# SetReverseLookup = True + +## --- E-Mail --- + +# Only highest-level (alert) reports will be mailed immediately, +# others will be queued. Here you can define, when the queue will +# be flushed (Note: the queue is automatically flushed after +# completing a file check). +# +# SetMailTime = 86400 + +## Maximum number of mails to queue +# +# SetMailNum = 10 + +## Recipient (max. 8) +# +# SetMailAddress=root@localhost + +## Mail relay (IP address) +# +# SetMailRelay = NULL + +## Custom subject format +# +# MailSubject = NULL + +## --- end E-Mail --- + +## Path to the prelink executable +# +# SetPrelinkPath = /usr/sbin/prelink + +## TIGER192 checksum of the prelink executable +# +# SetPrelinkChecksum = (no default) + + +## Path to the executable. If set, will be checksummed after startup +## and before exit. +# +# SamhainPath = (no default) + + +## The IP address of the log server +# +# SetLogServer = (default: compiled-in) + +## The IP address of the time server +# +# SetTimeServer = (default: compiled-in) + +## Trusted Users (comma delimited list of user names) +# +# TrustedUser = (no default; this adds to the compiled-in list) + +## Path to the file signature database +# +# SetDatabasePath = (default: compiled-in) + +## Path to the log file +# +# SetLogfilePath = (default: compiled-in) + +## Path to the PID file +# +# SetLockPath = (default: compiled-in) + + +## The digest/checksum/hash algorithm +# +# DigestAlgo = TIGER192 + + +## Custom format for message header. +## CAREFUL if you use XML logfile format. +## +## %S severity +## %T timestamp +## %C class +## +## %F source file +## %L source line +# +# MessageHeader="%S %T " + + +## Don't log path to config/database file on startup +# +# HideSetup = False + +## The syslog facility, if you log to syslog +# +# SyslogFacility = LOG_AUTHPRIV +SyslogFacility=LOG_LOCAL2 + +## The message authentication method +## - If you change this, you *must* change it +## on client *and* server +# +# MACType = HMAC-TIGER + + +## The Prelude-IDS profile to use for reporting +## default value is "samhain" +# +# PreludeProfile = samhain + +## Map these samhain severities to impact severity 'info' severity +# +# PreludeMapToInfo = + +## Map these samhain severities to impact severity 'low' severity +# +# PreludeMapToLow = debug info + +## Map these samhain severities to impact severity 'medium' severity +# +# PreludeMapToMedium = notice warn err + +## Map these samhain severities to impact severity 'high' severity +# +# PreludeMapToHigh = crit alert + + +## everything below is ignored +[EOF] + +##################################################################### +# This would be the proper syntax for parts that should only be +# included for certain hosts. +# You may enclose anything in a @HOSTNAME/@end bracket, as long as the +# result still has the proper syntax for the config file. +# You may have any number of @HOSTNAME/@end brackets. +# HOSTNAME should be the fully qualified 'official' name +# (e.g. 'nixon.watergate.com', not 'nixon'), no aliases. +# No IP number - except if samhain cannot determine the +# fully qualified hostname. +# +# @HOSTNAME +# file=/foo/bar +# @end +# +# These are two examples for conditional inclusion/exclusion +# of a machine based on the output from 'uname -srm' +# $Linux:2.*.7:i666 +# file=/foo/bar3 +# $end +# +# !$Linux:2.*.7:i686 +# file=/foo/bar2 +# $end +# +##################################################################### Index: /tags/2.5.0/samhainrc.netbsd =================================================================== --- /tags/2.5.0/samhainrc.netbsd (revision 189) +++ /tags/2.5.0/samhainrc.netbsd (revision 189) @@ -0,0 +1,859 @@ +# +# From pkgsrc-wip, Author: Brian Seklecki +# + +[Misc] +RedefUser0=+INO, +SIZ, +RDEV, +CHK, -MOD, -MTM, -ATM, -CTM, -GRP, -USR + +# The new Samhain behavior is to check the checksum up the last-known size of +# the file, but *yes*, the inode will change when it becomes rotated and the size +# will get reset to a lesser value (in which case the check should know to passively +# fail) +RedefGrowingLogFiles=-INO, -SIZ, +CHK, -MTM, -ATM, -CTM + +# +# --------- / -------------- +# + +[ReadOnly] +dir = 99/ + +# This covers the contents of / including: /boot, /bin, /sbin, /lib, /libexec, +# /rescue, /root, /altroot, /usr, /var, /stand, /mnt, /tmp, /proc, /kern (Even +# though /usr and /var will recieve overrides) + +[Attributes] +file = /proc +file = /kern + +[IgnoreAll] +dir=-1/proc +dir=-1/kern + +# +# --------- /tmp ----------- +# +[Attributes] +file=/tmp +[IgnoreAll] +dir=-1/tmp + + + +# +# --------- /root -------------- +# + +# Per section 5.4.2.1 of the manual, Rule #5, there are lock file written here +# that changes the mtime/ctime of the dir, so we want to watch perms/ownership, +# ignore ctime/mtime/size, etc., but still watch the critical files inside. +# Note: in theory, /root should never change if you use sudo(8) w/o "-H" +[ReadOnly] +dir=/root/.gnupg +[Attributes] +file=/root/.gnupg +file=/root/.gnupg/random_seed + +# +# --------- /dev ----------- +# + +[Attributes] +dir = 99/dev + +# User0 will be for /dev/tty* and other devices where Owner/Group/Mode can +# change but the Inode/Size/Device/Checksum should not change. + +[User0] +file=/dev/tty* +file=/dev/pty* + +# +# --------- /etc ----------- +# + +[ReadOnly] +## +## for these files, only access time is ignored +## +dir = 99/etc + + +# If you're running dhclient(8), resolv.conf will get re-written at renewal +# time so pray that he dhcpd(8) on your network doesn't get owned. +# Crytpo-signed DHCP traffic would be too much to ask from ISC, but maybe +# not from the OpenBSD hack + +[Attributes] +file=/etc/dhclient.conf + +# If you run CUPS, /etc/printcap gets re-written if you have +# "Browsing On" and "Printcap /etc/printcap" in cupsd.conf(5) +[Attributes] +file=/etc/printcap + + +# +# --------- /usr ----------- +# + +# note about the following two: this reduced the size +# of the database greatly + +# +# --------- /usr/pkgsrc ----------- +# + +# Leave this uncommented if you CVS update your pkgsrc +# periodically/automatically. If you do not, comment it +# out and you should be informed about any unauthorized +# modifications to pkgsrc (which is an attack vector) + +[IgnoreAll] +dir=-1/usr/pkgsrc + +# +# --------- /usr/src ----------- +# + +# Leave this uncommented if you CVS update your src +# periodically/automatically. If you do not, comment it +# out and you should be informed about any unauthorized +# modifications to src (which is an attack vector) + + +[IgnoreAll] +dir=-1/usr/src + + +# +# --------- /usr/home (/home) ----------- +# + + +# /home may be a symlink to /usr/home on a stock system, but most admins cane +# that shit. [Attributes] could be replaced here by [ReadOnly] if we wanted to +# know about new users being added (on systems where there are no new users) + +[Attributes] +file = /home +[IgnoreAll] +dir = -1/home + +# +# --------- /usr/compat/linux/etc ----------- +# + +# You're basically compromising your system by enabling Linux emulation anyway + +[Attributes] +file = /usr/compat/linux/etc +file = /usr/compat/linux/etc/ld.so.cache + +# +# --------- /usr/compat/linux/proc ----------- +# + +# Uncomment if you have Linux Emulation/Compat Installed/Setup/Mounted +[Attributes] +file=/emul/linux/proc +[IgnoreAll] +dir=-1/emul/linux/proc + + +# +# --------- /var/run ----------- +# + +# New PID files may come, and PID files may go (as services on a system change), +# but then probably a database rebuild will occur. But at the time of the +# database init, we should consider everything in here subject to change +# (checksum, times, size) during a daemon restart, but everything else stays +# the same. + +# If you have periodic scripts that HUP daemons, the PID should be unachanged. +# However, force-restarts will be a new PID, so consider this + +[Attributes] +dir=99/var/run + +[Misc] +# Ignore sudo(8) TTY/PTY "Tickets" if you use sudo +IgnoreMissing = /var/run/sudo/[[:alnum:]]{1,9}/(p|t)ty.*$ +IgnoreAdded = /var/run/sudo/[[:alnum:]]{1,9}/(p|t)ty.*$ + +# +# --------- /var/(spool|queue|etc.) ----------- +# + +[Attributes] +file=/var/cron/tabs +file=/var/spool/mqueue +file=/var/spool/clientmqueue +file=/var/mail +file=/var/tmp + +# +# --------- /var/at ----------- +# + +# As deep as /var/at/ will be watched by 99/ + +[Attributes] +file=/var/at/spool +file=/var/at/jobs + +# +# --------- /var/db ----------- +# + +# Some files are written directly into /var/db +[Attributes] +file=/var/db + +[Attributes] +# Updatedb per /etc/periodic.d/weekly/310.locate (FreeBSD) or /etc/weekly (NetBSD) +file=/var/db/locate.database + +[Misc] +# this file comes and goes with portaudit(1)/portversion(1)/pkg_version(1) +# Other is ISC DHCLIENT related +IgnoreAdded=/var/db/(pkgdb.fixme|dhclient.leases.*) +IgnoreMissing=/var/db/(pkgdb.fixme|dhclient.leases.*) + + +# +# --------- /var/db/mysql ----------- +# + +# The same for MySQL, except it's probably owned by the time you get done +# installing it. + +[Attributes] +file=/var/db/mysql +[IgnoreAll] +dir=-1/var/db/mysql + +#################################################################### +# The next three entries depend on your security paranoia policy about +# SRC and PORTSs trees, etc. Remember, Ports is the only default attack +# vector against FreeBSD machines. +#################################################################### + + +# +# --------- /var/db/pkg ----------- +# + +# This database directory gets updated if a cvsup(8)/cvs(8)/sup(8) update +# occurs to a Pkgsrc source tree and then "pkgdb(8) -fu" is run. + +[Attributes] +file=/var/db/pkg +[IgnoreAll] +dir=-1/var/db/pkg + + +# +# --------- /var/db/entropy ----------- +# +[Attributes] +file=/var/db/entropy +[IgnoreAll] +dir=-1/var/db/entropy + +# +# --------- /var/msgs ----------- +# + +[Attributes] +dir=-1/var/msgs + +# +# --------- /var/backups ----------- +# + +# /etc/daily /etc/security write old revisions of system +# critical files into here daily +[Attributes] +dir=-1/var/backups + +# +# --------- /var/log ----------- +# + +# Keep this section in sync with: +# * /etc/newsyslog.conf +# * /etc/syslogd.conf OR: +# * /usr/pkg/etc/syslog-ng/syslog-ng.conf + +# For these files, changes in signature, timestamps, and increase in size +# are ignored, however: +# Per discussion on the forum, this behavior change is needed due to the behavior +# of newsyslog(8) rotation method File sizes will get smaller, inodes will change +# as they rotate. + +# NOTES ON LOG ROTATION BEHAVIOR: +# See comments about modifications to [GrowingLogFiles] to ignore INODE changes +# As newsyslog(8)/newsyslog.conf(5) has the default behavior of: +# - First move logfile.log to logfile.log.0 +# - then bzip2 -v9 logfile.log.0 +# - then touch(1) logfile.log +# - then HUP if applicable & reopen the new file (new inode) +# - Therefore, Ignore Singature, Size (if grow), and Inode changes +# But also, there's [IgnoreMissing] regexp to account for log file pruing from +# the filesystem, and [IgnoreAdded] for the first Nth rotations of the logfile +# per newsyslog.conf(5) + + +# NetBSD defaults +[Misc] +IgnoreAdded = /var/log/(cron|xferlog|messages|maillog|secure|pflog|sendmail\.st|kerberos\.log|authlog|aculog|wtmp|wtmpx)\.[0-9](\.bz2|\.gz)?$ +IgnoreMissing= /var/log/(cron|xferlog|messages|maillog|secure|pflog|sendmail\.st|kerberos\.log|authlog|aculog|wtmp|wtmpx)\.[0-9](\.bz2|\.gz)?$ + +# Local services you may need to account for +IgnoreAdded = /var/log/(snmpd\.log|postgresq\.log|samhain\.log|httpd-error\.log|httpd-access\.log|httpd-ssl_request\.log)\.[0-9](\.bz2|\.gz)?$ +IgnoreMissing = /var/log/(snmpd\.log|postgresq\.log|samhain\.log|httpd-error\.log|httpd-access\.log|httpd-ssl_request\.log)\.[0-9](\.bz2|\.gz)?$ + +[Attributes] +dir=99/var/log + +# NetBSD Stock Defaults +[GrowingLogFiles] +File = /var/log/aculog +File = /var/log/authlog +File = /var/log/cron +File = /var/log/kerberos.log +File = /var/log/lpd-errs +File = /var/log/maillog +File = /var/log/messages +File = /var/log/secure +File = /var/log/wtmp +File = /var/log/wtmpx +File = /var/log/xferlog +File = /var/log/pflog + +[Attributes] +# A binary-type logfile (Screw sendmail!) +File = /var/log/sendmail.st + +# NetBSD gzip(1)'s by default but newsyslog.conf(5) has bzip2 support +[Attributes] +File = /var/log/*.[0-9].gz +#File = /var/log/*.[0-9].bz2 + +# +# --------- makewhatis(8) ----------- +# + +# Account for updated whatis(8) database given manpath.conf(5)/man.conf(5) +#and manpath(1) + +[Attributes] +file=/usr/pkg/man/whatis.db +file=/usr/pkg/man +file=/usr/share/man/whatis.db +file=/usr/share/man + +############################################## +######## END FILE SECTION #################### +############################################## + +[EventSeverity] + +SeverityReadOnly=crit +SeverityLogFiles=crit +SeverityGrowingLogs=crit +SeverityIgnoreNone=crit +SeverityAttributes=crit +SeverityUser0=crit +SeverityUser1=crit + +## We have a file in IgnoreAll that might or might not be present. +## Setting the severity to 'info' prevents messages about deleted/new file. +## +# SeverityIgnoreAll=crit +SeverityIgnoreAll=info + +## Files : file access problems +SeverityFiles=info + +## Dirs : directory access problems +SeverityDirs=info + +## Names : suspect (non-printable) characters in a pathname +SeverityNames=crit + +[Log] +## Values: debug, info, notice, warn, mark, err, crit, alert, none. +## 'mark' is used for timestamps. +## +## Use 'none' to SWITCH OFF a log facility +## +## By default, everything equal to and above the threshold is logged. +## The specifiers '*', '!', and '=' are interpreted as +## 'all', 'all but', and 'only', respectively (like syslogd(8) does, +## at least on Linux). Examples: +## MailSeverity=* +## MailSeverity=!warn +## MailSeverity==crit + +## E-mail +## +MailSeverity=warn + +## Console +## +PrintSeverity=notice + +## Logfile +## +LogSeverity=info + +## Syslog +## +# Syslog logging is redundant at this time +# +#SyslogSeverity=notice + +## Remote server (yule) +## +# ExportSeverity=none + +## External script or program +## +# ExternalSeverity = none + +## Logging to a database +## +# DatabaseSeverity = none + +## Logging to a Prelude-IDS +## +# PreludeSeverity = crit + + +##################################################### +# +# Optional modules +# +##################################################### + +#[SuidCheck] +## +## --- Check the filesystem for SUID/SGID binaries +## + +## Switch on +# +#SuidCheckActive = yes + +## Interval for check (seconds) +# +#SuidCheckInterval = 5400 + +## Alternative: crontab-like schedule +# +#SuidCheckSchedule = NULL + +## Directory to exclude +# +# SuidCheckExclude = NULL + +## Limit on files per second (0 == no limit) +# +# SuidCheckFps = 0 + +## Alternative: yield after every file +# +# SuidCheckYield = no + +## Severity of a detection +# +# SeveritySuidCheck = crit + +## Quarantine SUID/SGID files if found +# +# SuidCheckQuarantineFiles = yes + +## Method for Quarantining files: +# 0 - Delete the file. +# 1 - Remove SUID/SGID permissions from file. +# 2 - Move SUID/SGID file to quarantine dir. +# +# SuidCheckQuarantineMethod = 0 + +## For method 1 and 3, really delete instead of truncating +# +# SuidCheckQuarantineDelete = yes + +#[Mounts] +#MountCheckActive=1 +#MountCheckInterval=7200 +#SeverityMountMissing=crit +#SeverityOptionMissing=crit +# +#checkmount=/ +#checkmount=/dev +#checkmount=/usr +#checkmount=/var +#checkmount=/var/log +#checkmount=/opt +#checkmount=/export +#checkmount=/tmp + +#[Kernel] +## +## --- Check for loadable kernel module rootkits (Linux/FreeBSD only) +## + +## Switch on/off +# +#KernelCheckActive = True + +## Check interval (seconds); btw., the check is VERY fast +# +#KernelCheckInterval = 300 + +## Severity +# +#SeverityKernel = crit + + + #[Utmp] +## +## --- Logging of login/logout events +## + +## Switch on/off +# +#LoginCheckActive = True + +## Severity for logins, multiple logins, logouts +# +#SeverityLogin=info +#SeverityLoginMulti=crit +#SeverityLogout=info + +## Interval for login/logout checks +# +#LoginCheckInterval = 300 + + +# [Database] +## +## --- Logging to a relational database +## + +## Database name +# +# SetDBName = samhain + +## Database table +# +# SetDBTable = log + +## Database user +# +# SetDBUser = samhain + +## Database password +# +# SetDBPassword = (default: none) + +## Database host +# +# SetDBHost = localhost + +## Log the server timestamp for received messages +# +# SetDBServerTstamp = True + +## Use a persistent connection +# +# UsePersistent = True + + +# [External] +## +## Interface to call external scripts/programs for logging +## + +## The absolute path to the command +## - Each invocation of this directive will end the definition of the +## preceding command, and start the definition of +## an additional, new command +# +# OpenCommand = (no default) + +## Type (log or srv) +## - log for log messages, srv for messages received by the server +# +# SetType = log + +## The command (full command line) to execute +# +# SetCommandLine = (no default) + +## The environment (KEY=value; repeat for more) +# +# SetEnviron = TZ=(your timezone) + +## The TIGERpkg checksum (optional) +# +# SetChecksum = (no default) + +## User who runs the command +# +# SetCredentials = (default: samhain process uid) + +## Words not allowed in message +# +# SetFilterNot = (none) + +## Words required (ALL of them) +# +# SetFilterAnd = (none) + +## Words required (at least one) +# +# SetFilterOr = (none) + +## Deadtime between consecutive calls +# +# SetDeadtime = 0 + +## Add default environment (HOME, PATH, SHELL) +# +# SetDefault = no + + + +##################################################### +# +# Miscellaneous configuration options +# +##################################################### + +[Misc] + +## whether to become a daemon process +## (this is not honoured on database initialisation) +# +# Daemon = no +Daemon = yes + +# whether to test signature of files (init/check/none) +# - if 'none', then we have to decide this on the command line - +# +# ChecksumTest = none +ChecksumTest=check + +# Set nice level (-19 to 19, see 'man nice'), +# and I/O limit (kilobytes per second; 0 == off) +# to reduce load on host. +# +SetNiceLevel = 19 +# SetIOLimit = 0 + +## The version string to embed in file signature databases +# +# VersionString = NULL + +## Interval between time stamp messages +# +# SetLoopTime = 60 +SetLoopTime = 7200 + +## Interval between file checks +# +# SetFileCheckTime = 600 +SetFileCheckTime = 43200 + +## Alternative: crontab-like schedule +# +# FileCheckScheduleOne = NULL + +## Alternative: crontab-like schedule(2) +# +# FileCheckScheduleTwo = NULL + +## Report only once on modified files +## Setting this to 'FALSE' will generate a report for any policy +## violation (old and new ones) each time the daemon checks the file system. +# +ReportOnlyOnce = True + +## Report in full detail +# +ReportFullDetail = True + +## Report file timestamps in local time rather than GMT +# +UseLocalTime = Yes + +## The console device (can also be a file or named pipe) +## - There are two console devices. Accordingly, you can use +## this directive a second time to set the second console device. +## If you have not defined the second device at compile time, +## and you don't want to use it, then: +## setting it to /dev/null is less effective than just leaving +## it alone (setting to /dev/null will waste time by opening +## /dev/null and writing to it) +# +# SetConsole = /dev/console + +## Activate the SysV IPC message queue +# +# MessageQueueActive = False + + +## If false, skip reverse lookup when connecting to a host known +## by name rather than IP address (i.e. trust the DNS) +# +SetReverseLookup = True + + +## --- E-Mail --- + +# Only highest-level (alert) reports will be mailed immediately, +# others will be queued. Here you can define, when the queue will +# be flushed (Note: the queue is automatically flushed after +# completing a file check). +# +# SetMailTime = 86400 + +## Maximum number of mails to queue +# +# SetMailNum = 10 + +## Recipient (max. 8) +# +#SetMailAddress=infosec@noc.myorg.tld + +## Mail relay (IP address) +# +SetMailRelay = 127.0.0.1 + +## Custom subject format +# +MailSubject = Synchrotone Samhain: %S +SetMailSender = samhain@synchrotone.pgh.pub.collaborativefusion.com + +## --- end E-Mail --- + + +## Path to the executable. If set, will be checksummed after startup +## and before exit. +# +SamhainPath = /usr/pkg/sbin/samhain + +## The IP address of the log server +# +# SetLogServer = (default: compiled-in) + +## The IP address of the time server +# +# SetTimeServer = (default: compiled-in) + +## Trusted Users (comma delimited list of user names) +# +# TrustedUser = (no default; this adds to the compiled-in list) + +## Path to the file signature database +# +SetDatabasePath = /usr/pkg/var/samhain/samhain.db + +## Path to the log file +# +# SetLogfilePath = (default: compiled-in) + +## Path to the PID file +# +# SetLockPath = (default: compiled-in) + + +## The digest/checksum/hash algorithm (default: TIGER192; others: MD5, SHA1) +# +# DigestAlgo = TIGER192 + + +## Custom format for message header. +## CAREFUL if you use XML logfile format. +## +## %S severity +## %T timestamp +## %C class +## +## %F source file +## %L source line +# +# MessageHeader="%S %T " + + +## Don't log path to config/database file on startup +# +# HideSetup = False + +## The syslog facility, if you log to syslog +# +# SyslogFacility = LOG_AUTHPRIV +SyslogFacility=LOG_LOCAL2 + +## The message authentication method +## - If you change this, you *must* change it +## on client *and* server +# +# MACType = HMAC-TIGER + + +## The Prelude-IDS profile to use for reporting +## default value is "samhain" +# +# PreludeProfile = samhain + +## Map these samhain severities to impact severity 'info' severity +# +# PreludeMapToInfo = + +## Map these samhain severities to impact severity 'low' severity +# +# PreludeMapToLow = debug info + +## Map these samhain severities to impact severity 'medium' severity +# +# PreludeMapToMedium = notice warn err + +## Map these samhain severities to impact severity 'high' severity +# +# PreludeMapToHigh = crit alert + +# everything below is ignored +[EOF] + +##################################################################### +# This would be the proper syntax for parts that should only be +# included for certain hosts. +# You may enclose anything in a @HOSTNAME/@end bracket, as long as the +# result still has the proper syntax for the config file. +# You may have any number of @HOSTNAME/@end brackets. +# HOSTNAME should be the fully qualified 'official' name +# (e.g. 'nixon.watergate.com', not 'nixon'), no aliases. +# No IP number - except if samhain cannot determine the +# fully qualified hostname. +# +# @HOSTNAME +# file=/foo/bar +# @end +# +# These are two examples for conditional inclusion/exclusion +# of a machine based on the output from 'uname -srm' +# $Linux:2.*.7:i666 +# file=/foo/bar3 +# $end +# +# !$Linux:2.*.7:i686 +# file=/foo/bar2 +# $end +# +##################################################################### Index: /tags/2.5.0/samhainrc.solaris =================================================================== --- /tags/2.5.0/samhainrc.solaris (revision 189) +++ /tags/2.5.0/samhainrc.solaris (revision 189) @@ -0,0 +1,684 @@ +##################################################################### +# +# SOLARIS Configuration file for samhain. +# +# Based on a contribution by Sean Boran (sean [at] boran d.o.t com) +# +# HISTORY: +# 16.Aug.03 rw add plenty of comments +# 24.Jun.02 rw remove linux stuff, clean up a bit +# 06.Jun.02 sb <3>, add LOTS more Solaris stuff. Also and comment at bottom +# of this file. +# 03.Jun.02 sb Separate Linux & Solaris +# 24.Apr.02 sb Use Samhain v.15 template and tune for Solaris. +# +# To do: logs /var/adm/messages and /var/cron/log are +# pruned weekly. +##################################################################### +# +# -- empty lines and lines starting with '#', ';' or '//' are ignored +# -- boolean options can be Yes/No or True/False or 1/0 +# -- you can PGP clearsign this file -- samhain will check (if compiled +# with support) or otherwise ignore the signature +# -- CHECK mail address +# +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +# +##################################################################### +# SETUP for file system checking: +# (i) There are several policies, each has its own section. Put files +# into the section for the appropriate policy (see below). +# (ii) Section [EventSeverity]: +# To each policy, you can assign a severity (further below). +# (iii) Section [Log]: +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +##################################################################### + +##################################################################### +# +# Files are defined with: file = /absolute/path +# +# Directories are defined with: dir = /absolute/path +# or with an optional recursion depth (N <= 99): dir = N/absolute/path +# +# Directory inodes are checked. If you only want to check files +# in a directory, but not the directory inode itself, use (e.g.): +# +# [ReadOnly] +# dir = /some/directory +# [IgnoreAll] +# file = /some/directory +# +# You can use shell-style globbing patterns, like: file = /path/foo* +# +###################################################################### + +[Misc] +## +## Add or subtract tests from the policies +## - if you want to change their definitions, +## you need to do that before using the policies +## +# RedefReadOnly = (no default) +# RedefAttributes=(no default) +# RedefLogFiles=(no default) +# RedefGrowingLogFiles=(no default) +# RedefIgnoreAll=(no default) +# RedefIgnoreNone=(no default) +# RedefUser0=(no default) +# RedefUser1=(no default) + + +[Attributes] +## +## for these files, only changes in permissions and ownership are checked +## + +file=/etc/ssh/ssh_random_seed +file=/etc/resolv.conf +# There are files in /etc that might change, thus changing the directory +# timestamps. Put it here as 'file', and in the ReadOnly section as 'dir'. +file=/etc + +file=/etc/skip/randseed +file=/etc/cron.d/FIFO +file=/etc/devlink.tab +file=/etc/.syslog_door +file=/etc/syslog.pid +file=/etc/.name_service_door +file=/etc/mnttab +file=/etc/cron.d +file=/etc/mail +file=/etc/inet +dir=/secure/tmp +dir=/etc/sysevent +dir=/usr/local/imap/spool/user +dir=/usr/local/imap/proc +dir=/usr/local/imap/quota +dir=/usr/local/qmail/queue +dir=/usr/local/qmail/alias/Mailbox +dir=/usr/tmp +dir=/usr/aset/tmp +dir=/usr/oasys/tmp +dir=/var/spool/lp/tmp +dir=/var/tmp +dir=/var/dt/tmp +dir=/tmp +dir=/etc/osa + +[LogFiles] +## +## for these files, changes in signature, timestamps, and size are ignored +## +#file=/var/run/utmp +file=/etc/motd +file=/var/cron/log +file=/var/adm/wtmpx +file=/var/adm/wtmp +file=/var/adm/utmpx +file=/var/adm/lastlog + +[GrowingLogFiles] +## +## for these files, changes in signature, timestamps, and increase in size +## are ignored +## + +file=/var/adm/messages + + + +[IgnoreAll] +## +## for these files, no modifications are reported +## + +file=/etc/utmppipe +file=/usr/dt/bin/ttsnoop +file=/dev/mem +dir=/etc/saf +# dir=/secure/tmp +dir=/usr/share/man +dir=/usr/share/lib/terminfo +dir=/usr/demo +dir=/usr/lib/adb +dir=/usr/local/man +dir=/usr/local/doc +dir=/usr/dt/share/man +dir=/usr/openwin/lib/locale +dir=/usr/openwin/share/man +dir=/usr/openwin/share/src +dir=/usr/openwin/lib/X11/fonts +dir=/var/snort +dir=/var/log/snort +dir=/etc/snort/rules +dir=/opt/oracle/doc +dir=/usr/dt/share/examples +dir=/opt/SUNWebnfs/javadoc +dir=/usr/local/mysql/var +dir=/jumpstart/Flash +dir=/jumpstart/OS +dir=/jumpstart/Patches +dir=/etc/opt/SUNWicg/SunScreen/.active +dir=/etc/opt/SUNWicg/SunScreen/.old + + +[IgnoreNone] +## +## for these files, all modifications (even access time) are reported +## - you may create some interesting-looking file (like /etc/safe_passwd), +## just to watch whether someone will access it ... +## + + +[ReadOnly] +## +## for these files, only access time is ignored +## +dir=/usr/bin +dir=/usr/sbin +dir=/usr/lib + +# SuSE (old) has the boot init scripts in /sbin/init.d/*, +# so we go 3 levels deep +dir=3/sbin + +# RedHat and Debian have the bootinit scripts in /etc/init.d/* or /etc/rc.d/*, +# so we go 3 levels deep there too +dir=3/etc + +# Various directories / files that may include / be SUID/SGID binaries +# +dir=/usr/openwin/bin +dir=/usr/dt/bin +#dir=/opt/install +dir=/opt/OBSDssh + + +dir=/root + +# Critical devices + +file=/dev/dsk +file=/dev/rdsk +file=/dev/null +file=/dev/zero + +[User0] +[User1] +## User0 and User1 are sections for files/dirs with user-definable checking +## (see the manual) + +[EventSeverity] +## +## Here you can assign severities to policy violations. +## If this severity exceeds the treshold of a log facility (see below), +## a policy violation will be logged to that facility. + +# Severity for verification failures. +# +# SeverityReadOnly=crit +# SeverityLogFiles=crit +# SeverityGrowingLogs=crit +# SeverityIgnoreNone=crit +# SeverityAttributes=crit +# SeverityUser0=crit +# SeverityUser1=crit + +# We have a file in IgnoreAll that might or might not be present. +# Setting the severity to 'info' prevents messages about deleted/new file. +# +# SeverityIgnoreAll=crit +SeverityIgnoreAll=info + +# Files : file access problems +# SeverityFiles=crit + +# Dirs : directory access problems +# SeverityDirs=crit + +# Names : suspect (non-printable) characters in a pathname +# SeverityNames=crit + +[Log] +## +## Switch on/OFF log facilities and set their threshold severity +## +## Values: debug, info, notice, warn, mark, err, crit, alert, none. +## 'mark' is used for timestamps. +## +## Use 'none' to SWITCH OFF a log facility +## +## By default, everything equal to and above the threshold is logged. +## The specifiers '*', '!', and '=' are interpreted as +## 'all', 'all but', and 'only', respectively (like syslogd(8) does, +## at least on Linux). Examples: +## MailSeverity=* +## MailSeverity=!warn +## MailSeverity==crit + +## E-mail +## +# MailSeverity=none + +## Console +## +# PrintSeverity=info + +## Logfile +## +# LogSeverity=mark + +## Syslog +## +# SyslogSeverity=none + +## Remote server (yule) +## +# ExportSeverity=none + +## External script or program +## +# ExternalSeverity = none + +## Logging to a database +## +# DatabaseSeverity = none + +## Logging to a Prelude-IDS +## +# PreludeSeverity = crit + + +##################################################### +# +# Optional modules +# +##################################################### + +# [SuidCheck] +## +## --- Check the filesystem for SUID/SGID binaries +## + +## Switch on +# +# SuidCheckActive = yes + +## Interval for check (seconds) +# +# SuidCheckInterval = 7200 + +## Alternative: crontab-like schedule +# +# SuidCheckSchedule = NULL + +## Directory to exclude +# +# SuidCheckExclude = NULL + +## Limit on files per second (0 == no limit) +# +# SuidCheckFps = 0 + +## Alternative: yield after every file +# +# SuidCheckYield = no + +## Severity of a detection +# +# SeveritySuidCheck = crit + +## Quarantine SUID/SGID files if found +# +# SuidCheckQuarantineFiles = yes + +## Method for Quarantining files: +# 0 - Delete the file. +# 1 - Remove SUID/SGID permissions from file. +# 2 - Move SUID/SGID file to quarantine dir. +# +# SuidCheckQuarantineMethod = 0 + +## For method 1 and 3, really delete instead of truncating +# + +# [Utmp] +## +## --- Logging of login/logout events +## + +## Switch on/off +# +# LoginCheckActive = True + +## Severity for logins, multiple logins, logouts +# +# SeverityLogin=info +# SeverityLoginMulti=warn +# SeverityLogout=info + +## Interval for login/logout checks +# +# LoginCheckInterval = 300 + + +# [Database] +## +## --- Logging to a relational database +## + +## Database name +# +# SetDBName = samhain + +## Database table +# +# SetDBTable = log + +## Database user +# +# SetDBUser = samhain + +## Database password +# +# SetDBPassword = (default: none) + +## Database host +# +# SetDBHost = localhost + +## Log the server timestamp for received messages +# +# SetDBServerTstamp = True + +## Use a persistent connection +# +# UsePersistent = True + +# [External] +## +## Interface to call external scripts/programs for logging +## + +## The absolute path to the command +## - Each invocation of this directive will end the definition of the +## preceding command, and start the definition of +## an additional, new command +# +# OpenCommand = (no default) + +## Type (log or rv) +## - log for log messages, srv for messages received by the server +# +# SetType = log + +## The command (full command line) to execute +# +# SetCommandLine = (no default) + +## The environment (KEY=value; repeat for more) +# +# SetEnviron = TZ=(your timezone) + +## The TIGER192 checksum (optional) +# +# SetChecksum = (no default) + +## User who runs the command +# +# SetCredentials = (default: samhain process uid) + +## Words not allowed in message +# +# SetFilterNot = (none) + +## Words required (ALL of them) +# +# SetFilterAnd = (none) + +## Words required (at least one) +# +# SetFilterOr = (none) + +## Deadtime between consecutive calls +# +# SetDeadtime = 0 + +## Add default environment (HOME, PATH, SHELL) +# +# SetDefault = no + + + + +##################################################### +# +# Miscellaneous configuration options +# +##################################################### + +[Misc] + +## whether to become a daemon process +## (this is not honoured on database initialisation) +# +# Daemon = no +Daemon = yes + +## whether to test signature of files (init/check/none) +## - if 'none', then we have to decide this on the command line - +# +# ChecksumTest = none +ChecksumTest=check + +## Set nice level (-19 to 19, see 'man nice'), +## and I/O limit (kilobytes per second; 0 == off) +## to reduce load on host. +# +# SetNiceLevel = 0 +# SetIOLimit = 0 + +## The version string to embed in file signature databases +# +# VersionString = NULL + +## Interval between time stamp messages +# +# SetLoopTime = 60 +SetLoopTime = 600 + +## Interval between file checks +# +# SetFileCheckTime = 600 +SetFileCheckTime = 7200 + +## Alternative: crontab-like schedule +# +# FileCheckScheduleOne = NULL + +## Alternative: crontab-like schedule(2) +# +# FileCheckScheduleTwo = NULL + +## Report only once on modified files +## Setting this to 'FALSE' will generate a report for any policy +## violation (old and new ones) each time the daemon checks the file system. +# +# ReportOnlyOnce = True + +## Report in full detail +# +# ReportFullDetail = False + +## Report file timestamps in local time rather than GMT +# +# UseLocalTime = No + +## The console device (can also be a file or named pipe) +## - There are two console devices. Accordingly, you can use +## this directive a second time to set the second console device. +## If you have not defined the second device at compile time, +## and you don't want to use it, then: +## setting it to /dev/null is less effective than just leaving +## it alone (setting to /dev/null will waste time by opening +## /dev/null and writing to it) +# +# SetConsole = /dev/console + +## Activate the SysV IPC message queue +# +# MessageQueueActive = False + + +## If false, skip reverse lookup when connecting to a host known +## by name rather than IP address (i.e. trust the DNS) +# +# SetReverseLookup = True + +## --- E-Mail --- + +# Only highest-level (alert) reports will be mailed immediately, +# others will be queued. Here you can define, when the queue will +# be flushed (Note: the queue is automatically flushed after +# completing a file check). +# +# SetMailTime = 86400 + +## Maximum number of mails to queue +# +# SetMailNum = 10 + +## Recipient (max. 8) +# +# SetMailAddress=root@localhost + +## Mail relay (IP address) +# +# SetMailRelay = NULL + +## Custom subject format +# +# MailSubject = NULL + +## --- end E-Mail --- + + +## Path to the executable. If set, will be checksummed after startup +## and before exit. +# +# SamhainPath = (no default) + + +## The IP address of the log server +# +# SetLogServer = (default: compiled-in) + +## The IP address of the time server +# +# SetTimeServer = (default: compiled-in) + +## Trusted Users (comma delimited list of user names) +# +# TrustedUser = (no default; this adds to the compiled-in list) + +## Path to the file signature database +# +# SetDatabasePath = (default: compiled-in) + +## Path to the log file +# +# SetLogfilePath = (default: compiled-in) + +## Path to the PID file +# +# SetLockPath = (default: compiled-in) + + +## The digest/checksum/hash algorithm +# +# DigestAlgo = TIGER192 + + +## Custom format for message header. +## CAREFUL if you use XML logfile format. +## +## %S severity +## %T timestamp +## %C class +## +## %F source file +## %L source line +# +# MessageHeader="%S %T " + + +## Don't log path to config/database file on startup +# +# HideSetup = False + +## The syslog facility, if you log to syslog +# +# SyslogFacility = LOG_AUTHPRIV +SyslogFacility=LOG_LOCAL2 + +## The message authentication method +## - If you change this, you *must* change it +## on client *and* server +# +# MACType = HMAC-TIGER + +## The Prelude-IDS profile to use for reporting +## default value is "samhain" +# +# PreludeProfile = samhain + +## Map these samhain severities to impact severity 'info' severity +# +# PreludeMapToInfo = + +## Map these samhain severities to impact severity 'low' severity +# +# PreludeMapToLow = debug info + +## Map these samhain severities to impact severity 'medium' severity +# +# PreludeMapToMedium = notice warn err + +## Map these samhain severities to impact severity 'high' severity +# +# PreludeMapToHigh = crit alert + +# everything below is ignored +[EOF] + +##################################################################### +# This would be the proper syntax for parts that should only be +# included for certain hosts. +# You may enclose anything in a @HOSTNAME/@end bracket, as long as the +# result still has the proper syntax for the config file. +# You may have any number of @HOSTNAME/@end brackets. +# HOSTNAME should be the fully qualified 'official' name +# (e.g. 'nixon.watergate.com', not 'nixon'), no aliases. +# No IP number - except if samhain cannot determine the +# fully qualified hostname. +# +# @HOSTNAME +# file=/foo/bar +# @end +# +# These are two examples for conditional inclusion/exclusion +# of a machine based on the output from 'uname -srm' +# $Linux:2.*.7:i666 +# file=/foo/bar3 +# $end +# +# !$Linux:2.*.7:i686 +# file=/foo/bar2 +# $end +# +##################################################################### Index: /tags/2.5.0/scripts/README =================================================================== --- /tags/2.5.0/scripts/README (revision 189) +++ /tags/2.5.0/scripts/README (revision 189) @@ -0,0 +1,112 @@ + + +This directory contains miscellaneous useful scripts, some of them contributed +by various users. Additions and/or improvements are welcome. + +chroot.sh: prepare chroot environment for the log server +--------- + + Usage: chroot.sh + + Tested on Debian Linux. Your mileage may vary. + After running the script, review /etc/passwd + to replace passwords with a *, and to fix the + path to the home directory of the yule user. + If using a signed configuration file, you need + a working copy of GnuPG inside the chroot jail. + + This script will probably fail on systems other than Linux, + mainly because of the mknod commands to create devices + in the chroot jail. + + NO WARRANTY !!! + +samhainadmin.pl +--------------- + + Perform various tasks useful if you are using signed configuration + and database files. + + Run 'samhainadmin.pl -h' for usage instructions. + +yuleadmin.pl +------------ + + Perl script (by Riccardo Murri) to list, add, and remove clients + from the yulerc file. + + Run 'yuleadmin.pl -h' for usage instructions. + +samhainrc_update.sh +------------------- + + If you are using the --with-kcheck option on Linux, after a kernel + update you need to change some option (addresses of kernel functions) + in the samhainrc configuration file. The correct new addresses must + be looked up in the System.map file + + This script will do this automatically. Run 'samhainrc_update.sh -h' + for usage instructions. You may need to change the location of the + samhainrc file by editing the line 'cfgfile="/etc/samhainrc"' + at the beginning of the script. + +check_samhain.pl +---------------- + + Nagios plugin for samhain. Will execute samhain and report results + in the way expected by nagios. Drop this into your nagios/libexec/ + directory. + +samhain.logrotator: logrotate script +------------------ + + This is a logrotate script (contributed by Simon Bailey) + +concat.pl +--------- + + Concatenate samhain file signature databases and write the resulting + database file to stdout. Does not work on signed or otherwise modified + file signature databases. + +samhain.{cgi|dtd|xsl}: display XML logfile in XML capable browser +--------------------- (works with Mozilla 1.2, possibly Mozilla 1.0, IE 6) + + Usage: 1. review samhain.cgi (see remarks in file) + 2. drop samhain.cgi, samhain.dtd, samhain.xsl in some + directory on your webserver + 3. use .htaccess to protect access to that directory + 4. point your browser at samhain.cgi + + You may need to rename samhain.cgi to samhain.php if you use + mod_php. Also, you will certainly need to edit the path to the + logfile in samhain.cgi. + + CAVEAT: There is no built-in access restriction (use .htaccess to + password-protect the directory). + + The XSL stylesheet is based on a contribution by Olivier Salaun. + + +samhain.spec: RPM spec file for building a vanilla single-host RPM +------------ + + Contributed by Andre Oliveira da Costa + + This is a spec file to produce a vanilla single-host samhain RPM + (no fancy options, standard directory layout :). + + Accepted parameters for 'rpmbuild': + + --with gpg - enables gpg support + --with tests - make tests before building + +redhat_i386.client.spec: RPM spec file for building a RedHat client RPM +------------ + + Contributed by Philipp Stadler + + Does not install documentation or local config file. + + + Index: /tags/2.5.0/scripts/check_samhain.pl.in =================================================================== --- /tags/2.5.0/scripts/check_samhain.pl.in (revision 189) +++ /tags/2.5.0/scripts/check_samhain.pl.in (revision 189) @@ -0,0 +1,215 @@ +#!/usr/bin/perl -w + +# check_samhain.pl - check to see how many policy violations are reported +# by the samhain file integrity checker. +# +# Copyright Rainer Wichmann (2004) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# +############################################################################ + +# -------------------------------------------------------------------[ Uses ]-- + +use strict; +use Getopt::Long; +use vars qw($PROGNAME $SAMHAIN $opt_V $opt_h $opt_v $verbose $opt_w $opt_c $opt_t $status $msg $state $retval); +use lib utils.pm; +use utils qw(%ERRORS &print_revision); + +#my $TIMEOUT = 15; +#my %ERRORS=('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4); +#sub print_revision ($$); + +# ----------------------------------------------------[ Function Prototypes ]-- + +sub print_help (); +sub print_usage (); +sub process_arguments (); + +# ------------------------------------------------------------[ Environment ]-- + +$ENV{'PATH'}=''; +$ENV{'BASH_ENV'}=''; +$ENV{'ENV'}=''; + +# -----------------------------------------------------------------[ Global ]-- + +$PROGNAME = "check_samhain"; +$SAMHAIN = "@sbindir@/@install_name@"; + +# ----------------------------------------------------------------[ options ]-- + +Getopt::Long::Configure('bundling'); +$status = process_arguments(); +if ($status){ + print "ERROR: processing arguments\n"; + exit $ERRORS{"UNKNOWN"}; +} + +# ----------------------------------------------------------------[ timeout ]-- + +$SIG{'ALRM'} = sub { + print ("ERROR: timed out waiting for $SAMHAIN\n"); + exit $ERRORS{"WARNING"}; +}; +alarm($opt_t); + +# ----------------------------------------------------------[ start samhain ]-- + +if ( defined $SAMHAIN && -x $SAMHAIN ) { + if (! open (SHPIPE, "$SAMHAIN -t check --foreground -p err -s none -l none -m none 2>&1 | " ) ) { + print "ERROR: could not popen $SAMHAIN \n"; + exit $ERRORS{'UNKNOWN'}; + } +}else{ + print "ERROR: Could not find samhain executable!\n"; + exit $ERRORS{'UNKNOWN'}; +} + +# ---------------------------------------------------------[ read from pipe ]-- + +$status = 0; + +while () { + if (/POLICY/) { + ++$status; + print $_ if $verbose; + } +} + +if ($status < $opt_w) { + $msg = "OK: $status policy violations (threshold $opt_w/$opt_c)"; + $state = $ERRORS{'OK'}; +} elsif ($status >= $opt_w && $status < $opt_c) { + $msg = "WARNING: $status policy violations (threshold w=$opt_w)"; + $state = $ERRORS{'WARNING'}; +} else { + $msg = "CRITICAL: $status policy violations (threshold w=$opt_w)"; + $state = $ERRORS{'CRITICAL'}; +} + +# -------------------------------------------------------------[ close pipe ]-- + +close (SHPIPE); + +# declare an error if we also get a non-zero return code from samhain + +if ( $? ) { + $retval = $? / 256; + if ( $! ) { + print "Error closing $SAMHAIN: $!\n" if $verbose; + } else { + print "$SAMHAIN returned exit status $retval\n" if $verbose; + } + if ($state == $ERRORS{"CRITICAL"}) { + $state = $ERRORS{"CRITICAL"}; + } else { + print "ERROR: $SAMHAIN exit status $retval\n"; + exit $ERRORS{'UNKNOWN'}; + } +} + +# -------------------------------------------------------------------[ exit ]-- + +print "$msg | 'policy violations'=$status;$opt_w;$opt_c\n"; +exit $state; + + +# ------------------------------------------------------------[ Subroutines ]-- + +sub process_arguments(){ + GetOptions + ("V" => \$opt_V, "version" => \$opt_V, + "h" => \$opt_h, "help" => \$opt_h, + "v" => \$opt_v, "verbose" => \$opt_v, + "w=i" => \$opt_w, "warning=i" => \$opt_w, + "c=i" => \$opt_c, "critical=i" => \$opt_c, + "t=i" => \$opt_t, "timeout=i" => \$opt_t + ); + + if ($opt_V) { + print_revision($PROGNAME,'$Revision: 1.0 $ '); + exit $ERRORS{'OK'}; + } + + if ($opt_h) { + print_help(); + exit $ERRORS{'OK'}; + } + + if (defined $opt_v ){ + $verbose = $opt_v; + } + + unless (defined $opt_t) { + $opt_t = $utils::TIMEOUT ; # default timeout + # $opt_t = $TIMEOUT ; + } + + unless (defined $opt_w) { + $opt_w = 1; + } + + unless (defined $opt_c) { + $opt_c = 1; + } + + if ( $opt_w > $opt_c) { + print "Warning cannot be greater than Critical!\n"; + exit $ERRORS{'UNKNOWN'}; + } + + return $ERRORS{'OK'}; +} + +sub print_usage () { + print "Usage: $PROGNAME [-w ] [-c ] [-t ]\n"; +} + +sub print_help () { + print_revision($PROGNAME, '$Revision: 1.0 $'); + print "Copyright (c) 2004 Rainer Wichmann + +This plugin checks the number of policy violations reported by the +samhain file intgrity checker + +"; + print_usage(); + print " +-w, --warning=INTEGER + Minimum number of policy violations for which a WARNING status will result +-c, --critical=INTEGER + Minimum number of policy violations for which a CRITICAL status will result +-t, --timeout=SECONDS + The number of seconds after which a the plugin will timeout +-v, --verbose + Verbose output +-h, --help + Show this help message +-V, --version + Show the version of the plugin + +"; +} + +#sub print_revision ($$) { +# my $commandName = shift; +# my $pluginRevision = shift; +# $pluginRevision =~ s/^\$Revision: //; +# $pluginRevision =~ s/ \$\s*$//; +# print "$commandName (@PACKAGE@ @VERSION@) $pluginRevision\n"; +#} Index: /tags/2.5.0/scripts/chroot.sh =================================================================== --- /tags/2.5.0/scripts/chroot.sh (revision 189) +++ /tags/2.5.0/scripts/chroot.sh (revision 189) @@ -0,0 +1,131 @@ +#! /bin/sh + +# NOTE: tested on Debian Linux +# +# NO WARRANTY - may or may not work on your system +# + +# Copyright Rainer Wichmann (2003) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + + +CHROOT=$1 + +SYSTEM=`uname -s` + +if test "x$SYSTEM" = xLinux; then + : +else + echo "This script will fail on systems other than Linux," + echo "mainly because of the mknod commands to create devices" + echo "in the chroot jail." + exit 1 +fi + +if test "x$CHROOT" = x; then + echo "Usage: chroot.sh chroot_dir" + echo "Purpose: prepare a chroot jail for yule" + echo + echo "NOTE: tested on Debian Linux" + echo "NO WARRANTY - may or may not work on your system" + exit 1 +fi + +# +# Link configuration file +# +echo " Link configuration file:" +echo " ln -s ${CHROOT}/etc/yulerc /etc/yulerc" + +ln -s -f ${CHROOT}/etc/yulerc /etc/yulerc +echo + + +# +# Create passwd file +# +echo " Create passwd file" +echo " grep root /etc/passwd > ${CHROOT}/etc/passwd" +echo " grep daemon /etc/passwd >> ${CHROOT}/etc/passwd" +echo " grep yule /etc/passwd >> ${CHROOT}/etc/passwd" + +grep root /etc/passwd > ${CHROOT}/etc/passwd +grep daemon /etc/passwd >> ${CHROOT}/etc/passwd +grep yule /etc/passwd >> ${CHROOT}/etc/passwd +echo + + +# +# Create group file +# +echo " Create group file" +echo " grep root /etc/group > ${CHROOT}/etc/group" +echo " grep daemon /etc/group >> ${CHROOT}/etc/group" +echo " grep yule /etc/group >> ${CHROOT}/etc/group" + +grep root /etc/group > ${CHROOT}/etc/group +grep daemon /etc/group >> ${CHROOT}/etc/group +grep yule /etc/group >> ${CHROOT}/etc/group +echo + +# +# Create devices +# +echo " Create devices" +echo " mkdir ${CHROOT}/dev" +echo " mknod -m 444 ${CHROOT}/dev/urandom c 1 9" +echo " mknod -m 666 ${CHROOT}/dev/random c 1 8" +echo " mknod -m 666 ${CHROOT}/dev/null c 1 3" +echo " mknod -m 666 ${CHROOT}/dev/null c 1 5" + +mkdir ${CHROOT}/dev +mknod -m 444 ${CHROOT}/dev/urandom c 1 9 +mknod -m 666 ${CHROOT}/dev/random c 1 8 +mknod -m 666 ${CHROOT}/dev/null c 1 3 +mknod -m 666 ${CHROOT}/dev/zero c 1 5 +echo + +# +# DNS +# +echo " Copy files for DNS" +echo " cp -p /etc/nsswitch.conf ${CHROOT}/etc/" +echo " cp -p /etc/hosts ${CHROOT}/etc/" +echo " cp -p /etc/host.conf ${CHROOT}/etc/" +echo " cp -p /etc/resolv.conf ${CHROOT}/etc/" +echo " cp -p /etc/services ${CHROOT}/etc/" +echo " cp -p /etc/protocols ${CHROOT}/etc/" + +cp -p /etc/nsswitch.conf ${CHROOT}/etc/ +cp -p /etc/hosts ${CHROOT}/etc/ +cp -p /etc/host.conf ${CHROOT}/etc/ +cp -p /etc/resolv.conf ${CHROOT}/etc/ +cp -p /etc/services ${CHROOT}/etc/ +cp -p /etc/protocols ${CHROOT}/etc/ + +echo "----------------------------------------------------" +echo +echo " You may want to review ${CHROOT}/etc/passwd" +echo " to replace passwords with a *, and to fix the" +echo " path to the home directory of the yule user." +echo +echo " If using a signed configuration file, you need" +echo " a working copy of GnuPG inside the chroot jail." +echo +echo "----------------------------------------------------" + Index: /tags/2.5.0/scripts/concat.pl =================================================================== --- /tags/2.5.0/scripts/concat.pl (revision 189) +++ /tags/2.5.0/scripts/concat.pl (revision 189) @@ -0,0 +1,69 @@ +#! /usr/bin/perl + +# Copyright Rainer Wichmann (2004) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +use warnings; +use strict; + +my $fno = 0; +my $file = ''; +my @last2 = (); +my $line = ''; + +sub usage () { + print "Usage: concat.pl \n\n"; + print " Will concatenate samhain file signature database files\n"; + print " and print to stdout.\n"; + print " Does not work on signed or otherwise modified\n"; + print " file signature databases.\n"; +} + +if ($#ARGV < 0) { # must be at least one file + usage(); + exit 1; +} elsif ($ARGV[0] =~ /^-h$/ || $ARGV[0] =~ /^--?help$/) { + usage(); + exit 0; +} + + +for $file (@ARGV) { + open FH, "< $file" or die "Cannot open $file: $!"; + if ($fno != 0) { # search and read past the start-of-file marker + while () { + last if ($_ =~ /^\[SOF\]$/); + } + } + @last2 = (); + while () { + push @last2, $_; + if (@last2 > 2) { + $line = shift @last2; + print $line; + } + } + close FH; + ++$fno; +} + +# last two lines of last file +$line = shift @last2; +print $line; +$line = shift @last2; +print $line; Index: /tags/2.5.0/scripts/example_pager.pl =================================================================== --- /tags/2.5.0/scripts/example_pager.pl (revision 189) +++ /tags/2.5.0/scripts/example_pager.pl (revision 189) @@ -0,0 +1,245 @@ +#!/usr/bin/perl -w +# +# +# Simple program to connect to: +# http://www2.pagemart.com/cgi-bin/rbox/pglpage-cgi +# and send a page. +# +# Modified 10/21/99 Will O'Brien willo@savvis.net +# Originally Written by David Allen s2mdalle@titan.vcu.edu +# http://opop.nols.com/ +# +# +# Modified by R. Wichmann (read message from stdin) +# +# +# - added config variables +# - read MESSAGE from STDIN +# +# This file is released under the terms of the GNU General Public License. +# Please see http://www.gnu.org for more details. +# +# This program still beta, but working better. +# +# Changelog: +# 10/21/99: Modified original code and get paging to function. +# 10/22/99: Fixed Error checking. Checks PIN length, outputs failure message. +# +# REQUIRES MODULES: strict and IO::Socket +# +# USAGE FROM COMMAND LINE: echo "message" | example_pager.pl PAGER_PIN +# Where PAGER_PIN is the PIN of the pager you want to send MESSAGE to. +# +# This program will send the page using +# www.pagemart.com/cgi-bin/rbox/pglpage-cgi +# and will store the response in LASTRESPONSE.html when the server replies. +# +# If you are looking at this program for examples of code to make it work, +# check out the page{} subroutine below - it is the meat of this program. +############################################################################## + +# use Socket; # INET +use strict; +use IO::Socket; # Socket work + +my $pagerid = shift; + +########################## -- BEGIN CONFIGURATION -- + +## set to 1 for verbose output +my $verbose = 1; + +## set to 1 if you want to save response +my $save_response = 1; + +## set to 1 to enable sending +my $really_send = 0; + +########################### -- END CONFIGURATION -- + +# previous +#my $MESSAGE = join(' ', @ARGV); + +my $MESSAGE=''; +undef $/; +$MESSAGE=; +$MESSAGE =~ s/\[EOF\]//g; + +die "Usage: echo \"message\" \| example_pager.pl PAGER_ID\n\n" + unless $pagerid; +die "Usage: echo \"message\" \| example_pager.pl PAGER_ID\n\n" + unless $MESSAGE; + +page($pagerid, $MESSAGE); + +if ($verbose) { print "Done.\n"; } +exit(0); + +############################################################################ + +sub page{ + my ($name, $text) = @_; + my $TRUNCATED = 0; + my $PAGE = ""; # The text sent to www.pagemart.com - appended later. + + $pagerid = $name; + + if ($verbose) { print STDERR "Processing pager ID...\n"; } + # Eliminate everything but numbers from the pager id + $pagerid =~ s/[^0-9]//g; + + # Check the pager id length and so on. + if( (((length($pagerid)) < 7)) || ((length($pagerid)) > 10) ) + { + if ($verbose) { + die "Bad pager ID number. A pager id number is 7 or 10 numbers.\n"; + } + else { + exit (1); + } + } + + if ($verbose) { + die "No message specified.\n" unless $text; + } + else { + exit (1) unless $text; + } + + + # This is the format of the message we're going to send via the TCP + # socket + # POST /cgi-bin/rbox/pglpage-cgi HTTP/1.0 + # User-Agent: Myprogram/1.00 + # Accept: */* + # Content-length: 35 + # Content-type: application/x-www-form-urlencoded + # + # pin2=6807659&message1=stuff+and+nonsense + + if ($verbose) { print STDERR "Processing text of message...\n"; } + # A bit of string pre-processing + chomp $text; + my $strdelim = "\r\n"; # At the end of each line. + + # Compress the text a bit - eliminate redundant characters - this + # helps a lot for pages that have multiple spaces and so on. + $text =~s/\n/ /g; # Linefeeds are spaces + $text =~s/\r//g; # No carriage returns + $text =~s/\s+/ /g; # Multiple whitespace -> one space. + + if(length($text)>=200) + { + $TRUNCATED = "True"; + $text = substr($text, 0, 199); # 200 Character maximum + } + + my $encodedmessage = urlencode($text); + + # The length of the request has to be TOTAL QUERY. If it's just + # the length of the string you're sending, it will truncate the + # hell out of the page. So the pager number is length($pagerid) + # of course the length of the message, and add the length of the + # parameter flags, (PIN= and ?MSSG=) and you're done. + + my $xxmsg = "pin2=$pagerid&"; + $xxmsg .= "PAGELAUNCHERID=1&"; + $xxmsg .= $encodedmessage; + + # my $pagelen=length($encodedmessage)+length("pin2=?message1=")+ + # length($pagerid)+; + + my $pagelen = length($xxmsg); + + # Build the text we send to the server + $PAGE = "POST /cgi-bin/rbox/pglpage-cgi HTTP/1.0$strdelim"; + $PAGE .= "User-Agent: Pagent/5.4$strdelim"; + $PAGE .= "Referer: http://www.weblinkwireless.com/productsnservices/sendingmessage/pssm-sendamessage.html$strdelim"; + $PAGE .= "Accept: */*$strdelim"; + $PAGE .= "Content-length: $pagelen$strdelim"; + $PAGE .= "Content-type: application/x-www-form-urlencoded$strdelim"; + $PAGE .= "$strdelim"; + # $PAGE .= "pin2=$pagerid&message1=".$encodedmessage; + $PAGE .= $xxmsg; + + if ($verbose) { + print STDERR "Sending message...\n\n"; + print STDERR "$PAGE\n\n"; + } + + + my $document=''; + + if ($really_send) + { + # Now we send our data. + # Note that this is just quick and dirty, so I'm using a perl module + # to do the network dirty work for me. + my $sock = IO::Socket::INET->new(PeerAddr => 'www2.pagemart.com', + PeerPort => 'http(80)', + Proto => 'tcp'); + + if ($verbose) { + die "Cannot create socket : $!" unless $sock; + } + else { + exit (1) unless $sock; + } + $sock->autoflush(); + $sock->print("$PAGE"); + + $document = join('', $sock->getlines()); + } + else + { + $document = " really_send was set to 0, page NOT sent"; + } + + if ($save_response) + { + if ($verbose) + { + print STDERR "Saving response to tmp.html...\n\n"; + } + my $status = 0; + open(TMP,">tmp.html") or $status=1; + print TMP "$document\n" unless $status; + close TMP unless $status; + } + + if($document =~ m/NOT/g) + { + if ($verbose) + { + print STDERR "Page not sent. There was an error. \n"; + print STDERR "See tmp.html for what the server sent back to me.\n"; + } + exit(0); + } # End if + else + { + if ($verbose) + { + $document =~ m/(\d{1,4}) character message out of/g; + print STDERR "Page sent successfully to $pagerid.\n"; + } + exit(0); + } # End else +} # End sub page + + +############################################################################ + +sub urlencode{ + my $text = shift; + my $input = $text; + + chomp $input; + + # Translate all non-letter non-number characters into their %HEX_VAL + # and return that string. + $input =~ s/([^a-zA-Z0-9-_\.\/])/uc sprintf("%%%02x",ord($1))/eg; + $input =~ s/%20/+/g; + + return $input; +} # End sub urlencode Index: /tags/2.5.0/scripts/example_sms.pl =================================================================== --- /tags/2.5.0/scripts/example_sms.pl (revision 189) +++ /tags/2.5.0/scripts/example_sms.pl (revision 189) @@ -0,0 +1,224 @@ +#!/usr/bin/perl -w + +use strict; +use IO::Socket; # Socket work + +############################################################################### +## +## example_sms.pl -- simple example script to send +## an SMS message via a web cgi +## Works with German pitcom powered free SMS sites +## - find one and look at the page source to set the +## pitcom variables (see below) +## - note that pitcom checks the referer, thus you should +## take care to set the proper value +## +## NOTE: while the 'big names' have implemented measures to prevent +## the use of automated scripts, and disallow such scripts +## explicitely in their TOS (Terms of Service), this is not +## neccesarily true for smaller websites. +## +## An example for the latter are German websites providing free +## SMS (to German nets only) powered by pitcom. +## With a suitable query, you may find such sites on (e.g.) Google. +## At the time of the writing of this script, the sites I found did not +## disallow the use of scripts, but check for yourself if you are +## using this. +## +## usage: example_sms.pl [NR] +## destination phone number +## message is read from STDIN +## +## (c) R. Wichmann Tue Jul 17 CEST 2001 +## Released under the Gnu Public License version 2.0 or later +## adapted from archpage ( (c) Rob Muhlestein ) +## and mpage.pl ( (c) David Allen ) +## + +########################## -- BEGIN CONFIGURATION -- + +## set to default phone number + my $NR = ''; + +## set to sender + #my $VON = ''; + my $VON = 'stupsel'; + +## set to URL of form page + my $REFERER = ''; + +## set to cgi script URL without 'http://domain'; + my $PAGE = ''; + +## set to domain where cgi script lives; + my $DOMAIN = ''; + +## set to 1 if you want to save response + my $save_response = 1; + +## set to 1 for verbose output + my $verbose = 1; + +## set to 1 to enable sending + my $really_send = 0; + + +## The PITCOM variables + +#my $ID = ''; # gateway-ID +#my $WERBUNG = ''; # advertisement +#my $QUITTUNG = ''; # return page +#my $USER = ''; # customer +#my $LIST = '0'; # message type + +########################## -- END CONFIGURATION -- + +$NR = $ARGV[0] if $ARGV[0]; + +my $message=''; +undef $/; +$message=; + +$message =~ s/\[EOF\]//g; + +## URL encode and remove line breaks +$message =~ s/\n/ /g; +$message =~ s/\r//g; +$message =~s/\s+/ /g; # Multiple whitespace -> one space + +$message =~ s/([^a-zA-Z0-9-_\.\/])/uc sprintf("%%%02x",ord($1))/eg; +$message =~ s/%20/+/g; + +$WERBUNG =~ s/([^a-zA-Z0-9-_\.\/])/uc sprintf("%%%02x",ord($1))/eg; +$WERBUNG =~ s/%20/+/g; +$QUITTUNG =~ s/([^a-zA-Z0-9-_\.\/])/uc sprintf("%%%02x",ord($1))/eg; +$QUITTUNG =~ s/%20/+/g; +$USER =~ s/([^a-zA-Z0-9-_\.\/])/uc sprintf("%%%02x",ord($1))/eg; +$USER =~ s/%20/+/g; + +## truncate +my $maxChars = 153 - length($WERBUNG) - length($VON); + +if(length($message) >= $maxChars) +{ + $message = substr($message, 0, $maxChars); +} + + +my $NR1 = substr($NR, 0, 4); +my $NR2 = substr($NR, 4, length($NR)-4); + +my $msglen = length($message); + +my $overhead = "ID=$ID&"; +$overhead .= "WERBUNG=$WERBUNG&"; +$overhead .= "QUITTUNG=$QUITTUNG&"; +$overhead .= "USER=$USER&"; +$overhead .= "LIST=$LIST&"; +$overhead .= "NR1=$NR1&"; +$overhead .= "NR2=$NR2&"; +$overhead .= "VON=$VON&"; +$overhead .= "MESSAGE=$message&"; +$overhead .= "CNT=$msglen"; + +my $smslen = length($overhead); + +my $llim = "\r\n"; # At the end of each line. + +my $SMS = "POST $PAGE HTTP/1.0$llim"; +$SMS .= "User-Agent: EvilGenius/1.0$llim"; +$SMS .= "Referer: $REFERER$llim"; +$SMS .= "Accept: */*$llim"; +$SMS .= "Content-length: $smslen$llim"; +$SMS .= "Content-type: application/x-www-form-urlencoded$llim"; +$SMS .= "$llim"; +$SMS .= "$overhead"; + +if ($verbose) +{ + print STDERR " Sending message...\n\n"; + print STDERR "$SMS\n\n"; +} + +my $document=''; + +if ($really_send) +{ + my $sock = IO::Socket::INET->new(PeerAddr => $DOMAIN, + PeerPort => 'http(80)', + Proto => 'tcp'); + + + if ($verbose) + { + die "Cannot create socket : $!" unless $sock; + } + else + { + exit (1) unless $sock; + } + + $sock->autoflush(); + $sock->print("$SMS"); + + $document = join('', $sock->getlines()); +} +else +{ + $document = " really_send was set to 0, SMS not sent"; +} + +if ($save_response) +{ + if ($verbose) + { + print STDERR "Saving response to tmp.html...\n\n"; + } + my $status = 0; + open(TMP,">tmp.html") or $status=1; + print TMP "$document\n" unless $status; + close TMP unless $status; +} + +if ($document =~ m/SMS wird versendet/g) +{ + if ($verbose) + { + print STDERR " SMS successfully sent to $NR.\n"; + } + exit (0); +} +else +{ + if ($verbose) + { + print STDERR " SMS not sent. There was an error.\n"; + print STDERR " Use save_response = 1 to save the response to\n"; + print STDERR " tmp.html in order to see what the server sent back.\n"; + } + exit (1); +} + + + + + + + + + + + + + + + + + + + + + + + + Index: /tags/2.5.0/scripts/foot.html =================================================================== --- /tags/2.5.0/scripts/foot.html (revision 189) +++ /tags/2.5.0/scripts/foot.html (revision 189) @@ -0,0 +1,11 @@ + + + + + + + + + + + Index: /tags/2.5.0/scripts/head.html =================================================================== --- /tags/2.5.0/scripts/head.html (revision 189) +++ /tags/2.5.0/scripts/head.html (revision 189) @@ -0,0 +1,72 @@ + + + + Server status + + + + + + + +
+ + S A M H A I N + +
+

Server Status

+ + + +
+ + + +
+ + + + + +
+ + Current time: %T
+ Startup time: %S
+
+ Connections: (maximum %M simultaneously)
+ open %O
+ total %A
+
+ Last connection: %L + +
+ +
+ +
+ + +

Clients

+ +
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Index: /tags/2.5.0/scripts/samhainadmin.pl.in =================================================================== --- /tags/2.5.0/scripts/samhainadmin.pl.in (revision 189) +++ /tags/2.5.0/scripts/samhainadmin.pl.in (revision 189) @@ -0,0 +1,686 @@ +#! /usr/bin/perl + +# Copyright Rainer Wichmann (2004) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +use warnings; +use strict; +use Getopt::Long; +use File::Basename; +use File::Copy; +use File::stat; +use File::Temp qw/ tempfile tempdir unlink0 /; +use IO::Handle; +use Fcntl qw(:DEFAULT :flock); +use Tie::File; + +# Do I/O to the data file in binary mode (so it +# wouldn't complain about invalid UTF-8 characters). +use bytes; + +File::Temp->safe_level( File::Temp::HIGH ); + +my %opts = (); +my $action; +my $file1; +my $file2; +my $passphrase; +my $return_from_sign = 0; +my $no_print_examine = 0; +my $no_remove_lock = 0; +my $base = basename($0); + +my $cfgfile = "@myconffile@"; +my $datafile = "@mydatafile@"; +my $daemon = "@sbindir@/@install_name@"; +my $gpg = "@mygpg@"; + +$cfgfile =~ s/^REQ_FROM_SERVER//; +$datafile =~ s/^REQ_FROM_SERVER//; + +$gpg = "gpg" if ($gpg eq ""); + +sub check_gpg_agent() { + my $gpgconf = "$ENV{'HOME'}/.gnupg/gpg.conf"; + + if (!-f "$gpgconf") { + $gpgconf = "$ENV{'HOME'}/.gnupg/options"; + } + + if (-f $gpgconf) { + + my @array = (); + tie @array, 'Tie::File', $gpgconf or die "Cannot tie ${gpgconf}: $!"; + my @grep = grep(/^\s*use-agent/, @array); + + # print "matches = $#grep\n"; + + if ($#grep >= 0) + { + if (exists $ENV{'GPG_AGENT_INFO'}) + { + my $socke = $ENV{'GPG_AGENT_INFO'}; + $socke =~ s/:.*//; + + # print "socke = $socke\n"; + + if (! -S $socke) + { + print "--------------------------------------------------\n"; + print "\n"; + print " GPG is set to use gpg-agent, but GPG agent is"; + print " not running, though GPG_AGENT_INFO is defined.\n\n"; + print " Please restart gpg-agent, or remove the use-agent\n"; + print " option from ${gpgconf} and unset GPG_AGENT_INFO\n\n"; + print "--------------------------------------------------\n"; + print "\n"; + exit 1; + } + } + else + { + print "--------------------------------------------------\n"; + print "\n"; + print " GPG is set to use gpg-agent, but "; + print " GPG_AGENT_INFO is not defined.\n\n"; + print " Please start gpg-agent, or remove the use-agent\n"; + print " option from ${gpgconf}\n\n"; + print "--------------------------------------------------\n"; + print "\n"; + exit 1; + } + } + untie @array; + } +} + + +sub usage() { + print "Usage:\n"; + print " $base { -m F | --create-cfgfile } [options] [in.cfgfile]\n"; + print " Sign the configuration file. If in.cfgfile is given, sign it\n"; + print " and install it as configuration file.\n\n"; + + print " $base { -m f | --print-cfgfile } [options] \n"; + print " Print the configuration file to stdout. Signatures are removed.\n\n"; + + print " $base { -m D | --create-datafile } [options] [in.datafile]\n"; + print " Sign the database file. If in.datafile is given, sign it\n"; + print " and install it as database file.\n\n"; + + print " $base { -m d | --print-datafile } [options] \n"; + print " Print the database file to stdout. Signatures are removed. Use\n"; + print " option --list to list files in database rather than printing the raw file.\n\n"; + + print " $base { -m R | --remove-signature } [options] file1 [file2 ...]\n"; + print " Remove cleartext signature from input file(s). The file\n"; + print " is replaced by the non-signed file.\n\n"; + + print " $base { -m E | --sign } [options] file1 [file2 ...]\n"; + print " Sign file(s) with a cleartext signature. The file\n"; + print " is replaced by the signed file.\n\n"; + + print " $base { -m e | --examine } [options] file1 [file2 ...]\n"; + print " Report signature status of file(s).\n\n"; + + print " $base { -m G | --generate-keys } [options] \n"; + print " Generate a PGP keypair to use for signing.\n\n"; + + print "Options:\n"; + print " -c cfgfile --cfgfile cfgfile\n"; + print " Select an alternate configuration file.\n\n"; + + print " -d datafile --datafile datafile\n"; + print " Select an alternate database file.\n\n"; + + print " -p passphrase --passphrase passphrase\n"; + print " Set the passphrase for gpg. By default, gpg will ask.\n\n"; + + print " -l --list\n"; + print " List the files in database rather than printing the raw file.\n\n"; + + print " -v --verbose\n"; + print " Verbose output.\n\n"; + return; +} + +sub check_gpg_uid () { + if (0 != $>) { + print "--------------------------------------------------\n"; + print "\n"; + print " You are not root. Please remember that samhain/yule\n"; + print " will use the public keyring of root to verify a signature.\n"; + print "\n"; + print "--------------------------------------------------\n"; + } else { + if (!("@yulectl_prg@" =~ //)) { + print "--------------------------------------------------\n"; + print "\n"; + print " Please remember that yule will drop root after startup. Signature\n"; + print " verification on SIGHUP will fail if you do not import the public key\n"; + print " into the keyring of the non-root yule user.\n"; + print "\n"; + print "--------------------------------------------------\n"; + } + } +} + +sub check_gpg_sign () { + if ( (!-d "$ENV{'HOME'}/.gnupg") || (!-e "$ENV{'HOME'}/.gnupg/secring.gpg")) { + print "--------------------------------------------------\n"; + print "\n"; + if (!-d "$ENV{'HOME'}/.gnupg") { + print " Directory \$HOME/.gnupg not found!\n"; + } else { + print " Secret keyring \$HOME/.gnupg/secring.gpg not found!\n"; + } + print "\n"; + print " This indicates that you have never created a \n"; + print " public/private keypair, and thus cannot sign.\n"; + print " \n"; + print " Please use $0 --generate-keys or gpg --gen-key\n"; + print " to generate a public/private keypair first.\n"; + print "\n"; + print "--------------------------------------------------\n"; + print "\n"; + exit; + } +} + +sub check_gpg_verify () { + if ( (!-d "$ENV{'HOME'}/.gnupg") || (!-e "$ENV{'HOME'}/.gnupg/pubring.gpg")) { + print "--------------------------------------------------\n"; + print "\n"; + if (!-d "$ENV{'HOME'}/.gnupg") { + print " Directory \$HOME/.gnupg not found!\n"; + } else { + print " Public keyring \$HOME/.gnupg/pubring.gpg not found!\n"; + } + print "\n"; + print " This indicates that you have never used gpg before \n"; + print " and/or have no public keys to verify signatures.\n"; + print " \n"; + print " Please use 'gpg --export key_id' to export the public\n"; + print " signing key of the user who is signing the\n"; + print " configuration/database files.\n\n"; + print " Then you can use 'gpg --import keyfile' to import the key\n"; + print " into this user's public keyring.\n"; + print "\n"; + print "--------------------------------------------------\n"; + print "\n"; + exit; + } +} + + +sub generate () { + my $command = "$gpg --homedir $ENV{'HOME'}/.gnupg --gen-key"; + check_gpg_uid(); + system ($command) == 0 + or die "system $command failed: $?"; + exit; +} + +sub examine () { + my $iscfg = 0; + my $have_fp = 0; + my $have_sig = 0; + my $message = ''; + my $retval = 9; + my $fh; + my $filename; + + if (!($file1 =~ /^\-$/)) { + die ("Cannot open $file1 for read: $!") unless ((-e $file1) && (-r _)); + } + open FIN, "<$file1" or die "Cannot open $file1 for read: $!"; + + my $dir = tempdir( CLEANUP => 1 ); + $filename = $dir . "/exa_jhfdbilw." . $$; + open $fh, ">$filename" or die "Cannot open $filename"; + autoflush $fh 1; + + while () { + print $fh $_; + if ($_ =~ /^\s*\[Misc\]/) { + $iscfg = 1; + } + } + if ($iscfg == 1) { + $message .= "File $file1 is a configuration file\n\n"; + } else { + $message .= "File $file1 is a database file\n\n"; + } + + + my $command = "$gpg --homedir $ENV{'HOME'}/.gnupg --status-fd 1 "; + $command .= "--verbose " if (defined($opts{'v'})); + $command .= "--verify $filename "; + if (defined($opts{'v'})) { + $command .= "2>&1"; + } else { + $command .= "2>/dev/null"; + } + + print STDOUT "Using: $command\n\n" if (defined($opts{'v'})); + open GPGIN, "$command |" or die "Cannot fork: $!"; + + while () { + if ($_ =~ /^\[GNUPG:\] GOODSIG ([0-9A-F]+) (.*)$/) { + $message .= "GOOD signature with key: $1\n"; + $message .= "Key owner: $2\n"; + $have_sig = 1; + $retval = 0; + } + if ($_ =~ /^\[GNUPG:\] VALIDSIG ([0-9A-F]+) ([0-9\-]+)\s/) { + $message .= "Key fingerprint: $1\n"; + $message .= "Signature generated on: $2\n\n"; + $have_fp = 1; + $message .= "This file is signed with a valid signature.\n" + if ($have_sig == 1); + $have_sig = 1; + $have_fp = 1; + } + if ($_ =~ /^\[GNUPG:\] NODATA 1/) { + $message .= "NO signature found.\n\n"; + $message .= "This file is not signed !!!\n"; + $have_sig = 1; + $have_fp = 1; + $retval = 2; + } + if ($_ =~ /^\[GNUPG:\] BADSIG ([0-9A-F]+) (.*)$/) { + $message .= "BAD signature with key: $1\n"; + $message .= "Key owner: $2\n\n"; + $message .= "This file is signed with an invalid signature !!!\n"; + $have_sig = 1; + $have_fp = 1; + $retval = 1; + } + if ($_ =~ /^\[GNUPG:\] NO_PUBKEY ([0-9A-F]+)/) { + $message .= "NOT CHECKED signature with key: $1\n\n"; + $message .= "The signature of this file cannot be checked: no public key available !!!\n"; + $have_sig = 1; + $have_fp = 1; + $retval = 1; + } + print STDOUT $_ if (defined($opts{'v'})); + } + close (GPGIN); + print STDOUT "\n" if (defined($opts{'v'})); + if ($have_sig == 0) { + $message .= "NO valid signature found\n"; + } + elsif ($have_fp == 0) { + $message .= "NO fingerprint found\n"; + } + close (FIN); + if ($no_print_examine == 0) { + print STDOUT $message; + } + unlink0( $fh, $filename ) or die "Cannot unlink $filename safely"; + return $retval; +} + +sub remove () { + my $bodystart = 1; + my $sigstart = 0; + my $sigend = 0; + my $filename = ""; + my $fh; + my $stats; + + open FH, "<$file1" or die "Cannot open file $file1 for read: $!"; + if (!($file1 =~ /^\-$/)) { + flock(FH, LOCK_EX) unless ($no_remove_lock == 1); + my $dir = tempdir( CLEANUP => 1 ) or die "Tempdir failed"; + $filename = $dir . "/rem_iqegBCQb." . $$; + open $fh, ">$filename" or die "Cannot open $filename"; + $stats = stat($file1); + # ($fh, $filename) = tempfile(UNLINK => 1); + } else { + open $fh, ">$file1" or die "Cannot open file $file1 for write: $!"; + } + autoflush $fh 1; + while () { + if ($_ =~ /^-----BEGIN PGP SIGNED MESSAGE-----/) { + $sigstart = 1; + $bodystart = 0; + next; + } elsif (($sigstart == 1) && ($_ =~ /^\s+$/)) { + $sigstart = 0; + $bodystart = 1; + next; + } elsif ($_ =~ /^-----BEGIN PGP SIGNATURE-----/) { + $bodystart = 0; + $sigend = 1; + next; + } elsif (($sigend == 1) && ($_ =~ /^-----END PGP SIGNATURE-----/)) { + $sigend = 0; + $bodystart = 1; + next; + } + if ($bodystart == 1) { + print $fh $_; + } + } + if (!($file1 =~ /^\-$/)) { + copy("$filename", "$file1") + or die "Copy $filename to $file1 failed: $!"; + chmod $stats->mode, $file1; + chown $stats->uid, $stats->gid, $file1; + flock(FH, LOCK_UN) unless ($no_remove_lock == 1); + close FH; + } + unlink0( $fh, $filename ) or die "Cannot unlink $filename safely"; + return; +} + +sub print_cfgfile () { + my $bodystart = 0; + my $sigstart = 0; + + if (!defined($file2)) { + $file2 = '-'; + } + + open FH, "<$file1" or die "Cannot open file $file1 for read: $!"; + open FO, ">$file2" or die "Cannot open file $file2 for write: $!"; + while () { + if ($_ =~ /^-----BEGIN PGP SIGNED MESSAGE-----/) { + $sigstart = 1; + next; + } elsif (($sigstart == 1) && ($_ =~ /^\s+$/)) { + $sigstart = 0; + $bodystart = 1; + next; + } elsif ($_ =~ /^-----BEGIN PGP SIGNATURE-----/) { + $bodystart = 0; + exit; + } + if ($bodystart == 1) { + print FO $_; + } + } + exit; +} +sub print_datafile () { + die ("Cannot find program $daemon") + unless (-e $daemon); + if (defined($opts{'v'})) { + open FH, "$daemon --full-detail -d $datafile |" + or die "Cannot open datafile $datafile for read: $!"; + } else { + open FH, "$daemon -d $datafile |" + or die "Cannot open datafile $datafile for read: $!"; + } + while () { + print $_; + } + exit; +} + +sub sign_file () { + + my $fileout = ''; + my $bodystart = 1; + my $sigstart = 0; + my $sigend = 0; + my $stats; + my $fh1; + my $filename1; + my $flag1 = 0; + + check_gpg_uid(); + check_gpg_agent(); + + if (!defined($file2)) { + $file2 = $file1; + } + + if ($file1 =~ /^\-$/) { + my $dir = tempdir( CLEANUP => 1 ) or die "Tempdir failed"; + $filename1 = $dir . "/sig_vs8827sd." . $$; + open $fh1, ">$filename1" or die "Cannot open $filename1"; + $flag1 = 1; + # my ($fh1, $filename1) = tempfile(UNLINK => 1); + + while () { + if ($_ =~ /^-----BEGIN PGP SIGNED MESSAGE-----/) { + $sigstart = 1; + $bodystart = 0; + next; + } elsif (($sigstart == 1) && ($_ =~ /^\s+$/)) { + $sigstart = 0; + $bodystart = 1; + next; + } elsif ($_ =~ /^-----BEGIN PGP SIGNATURE-----/) { + $bodystart = 0; + $sigend = 1; + next; + } elsif (($sigend == 1) && ($_ =~ /^-----END PGP SIGNATURE-----/)) { + $sigend = 0; + $bodystart = 1; + next; + } + if ($bodystart == 1) { + print $fh1 $_; + } + # + # print $fh1 $_; + # + } + $file1 = $filename1; + $fileout = '-'; + } else { + open (LOCKFILE, "<$file1") or die "Cannot open $file1: $!"; + flock(LOCKFILE, LOCK_EX); + $no_print_examine = 1; + $no_remove_lock = 1; + if (examine() < 2) { + remove(); + } + $fileout = $file1 . ".asc"; + $stats = stat($file1) + or die "No file $file1: $!"; + } + + if (defined($passphrase)) { + local $SIG{PIPE} = 'IGNORE'; + my $command = "$gpg --homedir $ENV{'HOME'}/.gnupg --passphrase-fd 0 -a --clearsign -o $fileout --not-dash-escaped $file1"; + open (FH, "|$command") or die "can't fork: $!"; + print FH "$passphrase" or die "can't write: $!"; + close FH or die "can't close: status=$?"; + } else { + my $command = "$gpg --homedir $ENV{'HOME'}/.gnupg -a --clearsign -o $fileout --not-dash-escaped $file1"; + system("$command") == 0 + or die "system $command failed: $?"; + } + + if (!($fileout =~ /^\-$/)) { + my $st_old = stat($file1) + or die "No file $file1: $!"; + my $st_new = stat($fileout) + or die "No file $fileout: $!"; + die ("Signed file is smaller than unsigned file") + unless ($st_new->size > $st_old->size); + move("$fileout", "$file2") + or die "Move $fileout to $file2 failed: $!"; + chmod $stats->mode, $file2; + chown $stats->uid, $stats->gid, $file2; + flock(LOCKFILE, LOCK_UN); + } + + if ($flag1 == 1) { + unlink0( $fh1, $filename1 ) or die "Cannot unlink $filename1 safely"; + } + if ($return_from_sign == 1) { + return; + } + exit; +} + +Getopt::Long::Configure ("posix_default"); +Getopt::Long::Configure ("bundling"); +# Getopt::Long::Configure ("debug"); + +GetOptions (\%opts, 'm=s', 'h|help', 'v|verbose', 'l|list', + 'c|cfgfile=s', + 'd|datafile=s', + 'p|passphrase=s', + 'create-cfgfile', # -m F + 'print-cfgfile', # -m f + 'create-datafile', # -m D + 'print-datafile', # -m d + 'remove-signature',# -m R + 'sign', # -m E + 'examine', # -m e + 'generate-keys'); # -m G + +if (defined ($opts{'h'})) { + usage(); + exit; +} + +if (defined($opts{'c'})) { + $cfgfile = $opts{'c'}; +} +if (defined($opts{'d'})) { + $datafile = $opts{'d'}; +} +if (defined($opts{'p'})) { + $passphrase = $opts{'p'}; +} + +if (defined ($opts{'m'}) && ($opts{'m'} =~ /[FfDdREeG]{1}/) ) { + $action = $opts{'m'}; +} +elsif (defined ($opts{'create-cfgfile'})) { + $action = 'F'; +} +elsif (defined ($opts{'print-cfgfile'})) { + $action = 'f'; +} +elsif (defined ($opts{'create-datafile'})) { + $action = 'D'; +} +elsif (defined ($opts{'print-datafile'})) { + $action = 'd'; +} +elsif (defined ($opts{'remove-signature'})) { + $action = 'R'; +} +elsif (defined ($opts{'sign'})) { + $action = 'E'; +} +elsif (defined ($opts{'examine'})) { + $action = 'e'; +} +elsif (defined ($opts{'generate-keys'})) { + $action = 'G'; +} +else { + usage(); + die ("No valid action specified !"); +} + +if (defined($ARGV[0])) { + $file1 = $ARGV[0]; +} +if (defined($ARGV[1])) { + $file2 = $ARGV[1]; +} + + +if (($action =~ /[REe]{1}/) && !defined($file1)) { + usage(); + die("Option -m $action requires a filename (or '-' for stdio)\n"); +} + +if ($action =~ /^F$/) { + if (!defined($file1)) { + $file1 = $cfgfile; + } + $file2 = $cfgfile; + sign_file (); +} + +if ($action =~ /^D$/) { + if (!defined($file1)) { + $file1 = $datafile; + } + $file2 = $datafile; + sign_file (); +} + +if ($action =~ /^R$/) { + # $file1 defined + my $i = 0; + while (defined($ARGV[$i])) { + $file1 = $ARGV[$i]; + remove (); + ++$i; + } +} + +if ($action =~ /^E$/) { + # $file1 defined + # default: $file2 = $file1 + check_gpg_sign(); + my $i = 0; + while (defined($ARGV[$i])) { + $file1 = $ARGV[$i]; + $file2 = $file1; + $return_from_sign = 1; + sign_file (); + ++$i; + } +} + +if ($action =~ /^e$/) { + # $file1 defined + # default: $file2 = stdout + check_gpg_verify(); + my $i = 0; + while (defined($ARGV[$i])) { + print "\n"; + $file1 = $ARGV[$i]; + examine (); + ++$i; + print "\n--------------------------------\n" if (defined($ARGV[$i])); + } +} + +if ($action =~ /^f$/) { + $file1 = $cfgfile; + $file2 = "-"; + print_cfgfile (); +} + +if ($action =~ /^d$/) { + # $file1 irrelevant + if (defined($opts{'l'})) { + print_datafile (); + } else { + $file1 = $datafile; + $file2 = "-"; + print_cfgfile (); + } +} + + + Index: /tags/2.5.0/scripts/samhainrc_update.sh =================================================================== --- /tags/2.5.0/scripts/samhainrc_update.sh (revision 189) +++ /tags/2.5.0/scripts/samhainrc_update.sh (revision 189) @@ -0,0 +1,315 @@ +#! /bin/sh + +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + +# ----------------------------------------------------------------------- +# The default configuration file +# ----------------------------------------------------------------------- + +cfgfile="/etc/samhainrc" + +# ----------------------------------------------------------------------- +# Be Bourne compatible +# ----------------------------------------------------------------------- + +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi + +programname="$0" +sysmap= + +# ----------------------------------------------------------------------- +# Print help +# ----------------------------------------------------------------------- + +showhelp() { + echo + echo "$programname - update samhain config file after kernel update" + echo + echo "OPTIONS:" + echo + echo " -u|--update " + echo " Update the configuration file with new" + echo " settings as taken from " + echo + echo " -c|--config-file " + echo " Specify the configuration file to update [${cfgfile}]" + echo + echo " -p|--print-only " + echo " Print new settings, don't modify anything" + echo + echo " -h|--help" + echo " Print this help" + echo + echo " -n|--nocolor" + echo " (ignored, legacy support)" + echo +} + + +# ----------------------------------------------------------------------- +# Death strikes +# ----------------------------------------------------------------------- + +die() { + echo ${1+"$@"} >&2 + { (exit 1); exit 1; } +} + +# ----------------------------------------------------------------------- +# Get new settings from +# ----------------------------------------------------------------------- + +system_call= +syscall_table= +proc_root= +proc_root_inode_operations= +proc_root_lookup= + +get_new_settings() { + + if [ -z "$sysmap" ]; then + die "No System.map specified" + fi + if [ -f "$sysmap" ]; then + if [ -r "$sysmap" ]; then + system_call=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+system_call$' ${sysmap} | awk '{ print $1 }'` + syscall_table=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+sys_call_table$' ${sysmap} | awk '{ print $1 }'` + proc_root=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root$' ${sysmap} | awk '{ print $1 }'` + proc_root_inode_operations=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root_inode_operations$' ${sysmap} | awk '{ print $1 }'` + proc_root_lookup=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root_lookup$' ${sysmap} | awk '{ print $1 }'` + else + die "System.map ${sysmap} not readable" + fi + else + die "System.map ${sysmap} not found" + fi + test -z "${system_call}" && die "system_call not found in ${cfgfile}" + test -z "${syscall_table}" && die "sys_call_table not found in ${cfgfile}" + test -z "${proc_root}" && die "proc_root not found in ${cfgfile}" + test -z "${proc_root_inode_operations}" && die "proc_root_inode_operations not found in ${cfgfile}" + test -z "${proc_root_lookup}" && die "proc_root_lookup not found in ${cfgfile}" + +} + +# ----------------------------------------------------------------------- +# Print new settings +# ----------------------------------------------------------------------- + +run_print() { + get_new_settings + echo + echo "KernelSystemCall = 0x${system_call}" + echo "KernelSyscallTable = 0x${syscall_table}" + echo "KernelProcRoot = 0x${proc_root}" + echo "KernelProcRootIops = 0x${proc_root_inode_operations}" + echo "KernelProcRootLookup = 0x${proc_root_lookup}" + echo +} + +# ----------------------------------------------------------------------- +# Replace a setting +# ----------------------------------------------------------------------- + +# set ignorecase +# search pattern +# delete current line +# insert +# single dot == end of insert text +# save and exit + +run_replace() { + item="$1" + address="$2" + ex -s "$cfgfile" </dev/null + if [ $? -ne 0 ]; then + die "No [Kernel] section in configuration file $cfgfile" + fi + + cat "$cfgfile" | egrep -i 'KernelProcRootLookup' >/dev/null + if [ $? -eq 0 ]; then + run_replace 'KernelProcRootLookup' "0x${proc_root_lookup}" + else + run_add 'KernelProcRootLookup' "0x${proc_root_lookup}" + fi + + cat "$cfgfile" | egrep -i 'KernelProcRootIops' >/dev/null + if [ $? -eq 0 ]; then + run_replace 'KernelProcRootIops' "0x${proc_root_inode_operations}" + else + run_add 'KernelProcRootIops' "0x${proc_root_inode_operations}" + fi + + cat "$cfgfile" | egrep -i 'KernelProcRoot[[:space:]]*=' >/dev/null + if [ $? -eq 0 ]; then + run_replace 'KernelProcRoot' "0x${proc_root}" + else + run_add 'KernelProcRoot' "0x${proc_root}" + fi + + cat "$cfgfile" | egrep -i 'KernelSyscallTable' >/dev/null + if [ $? -eq 0 ]; then + run_replace 'KernelSyscallTable' "0x${syscall_table}" + else + run_add 'KernelSyscallTable' "0x${syscall_table}" + fi + + cat "$cfgfile" | egrep -i 'KernelSystemCall' >/dev/null + if [ $? -eq 0 ]; then + run_replace 'KernelSystemCall' "0x${system_call}" + else + run_add 'KernelSystemCall' "0x${system_call}" + fi + +} + +# ----------------------------------------------------------------------- +# Parse command line +# ----------------------------------------------------------------------- + +sysmap= +action= + +for option +do + + # If the previous option needs an argument, assign it. + # + if test -n "$opt_prev"; then + eval "$opt_prev=\$option" + eval export "$opt_prev" + opt_prev= + continue + fi + + case "$option" in + -*=*) + optarg=`echo "$option" | sed 's/[-_a-zA-Z0-9]*=//'` + ;; + *) + optarg= + ;; + esac + + case "$option" in + + -h|--help) + showhelp + exit 0 + ;; + + -n|--nocolor) + ;; + + -c|--config-file) + opt_prev=cfgfile + ;; + + -c=* | --config-file=*) + cfgfile="$optarg" + ;; + + -p|--print-only) + opt_prev=sysmap + action=p + ;; + + + -p=* | --print-only=*) + sysmap="$optarg" + action=p + ;; + + -u|--update) + opt_prev=sysmap + action=u + ;; + + -u=* | --update=*) + sysmap="$optarg" + action=u + ;; + + esac + +done + +if [ x"$action" = xp ]; then + run_print + exit 0 +fi +if [ x"$action" = xu ]; then + run_update + exit 0 +fi + +showhelp +exit 1 Index: /tags/2.5.0/scripts/yuleadmin.pl.in =================================================================== --- /tags/2.5.0/scripts/yuleadmin.pl.in (revision 189) +++ /tags/2.5.0/scripts/yuleadmin.pl.in (revision 189) @@ -0,0 +1,310 @@ +#! /usr/bin/perl + +# Copyright (c) 2007 Riccardo Murri +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +use warnings; +use strict; +use Getopt::Long; +use File::Basename; +use File::Copy; +use File::Temp qw/ tempfile /; +use IO::File; + +# Do I/O to the data file in binary mode (so it +# wouldn't complain about invalid UTF-8 characters). +use bytes; + +File::Temp->safe_level( File::Temp::HIGH ); + +my %opts = (); +my $outfile; +my $verbose; +my $base = basename($0); + +#my $cfgfile = "yulerc"; +#my $yule = "./yule"; +#my $gpg = "/usr/bin/gpg"; + +my $cfgfile = "@myconffile@"; +my $yule = "@sbindir@/@install_name@"; +my $gpg = "@mygpg@"; + +$cfgfile =~ s/^REQ_FROM_SERVER//; + +$gpg = "gpg" if ($gpg eq ""); + +sub usage() { + print <<__END_OF_TEXT__ +Usage: + $base { -a | --add } [options] HOSTNAME [PASSWORD] + Add client HOSTNAME to configuration file. If PASSWORD is + omitted, it is read from stdin. If HOSTNAME already exists + in the configuration file, an error is given. + + $base { -d | --delete } [options] HOSTNAME + Remove client HOSTNAME from configuration file. + + $base { -l | --list } [options] + List clients in the yule configuration file. + + $base { -r | --replace } [options] HOSTNAME [PASSWORD] + Replace password of existing client HOSTNAME in configuration file. + If PASSWORD is omitted, it is read from stdin. If HOSTNAME does not + already exist in the configuration file, an error is given. + + $base { -u | --update } [options] HOSTNAME [PASSWORD] + Add client HOSTNAME to config file or replace its password with a new one. + If PASSWORD is omitted, it is read from stdin. + +Options: + -c CFGFILE --cfgfile CFGFILE + Select an alternate configuration file. (default: $cfgfile) + + -o OUTFILE --output OUTFILE + Write modified configuration to OUTFILE. If this option is + omitted, $base will rename the original configuration file + to '$cfgfile.BAK' and overwrite it with the modified content. + + -Y YULECMD --yule YULECMD + Use command YULECMD to generate the client key from the password. + (default: $yule) + + -v --verbose + Verbose output. + +__END_OF_TEXT__ +; + return; +} + + +## subroutines + +sub read_clients ($) { + my $cfgfile = shift || '-'; + my %clients; + + open INPUT, "<$cfgfile" + or die ("Cannot read configuration file '$cfgfile'. Aborting"); + + my $section; + while () { + # skip comment and blank lines + next if m{^\s*#}; + next if m{^\s*$}; + + # match section headers + $section = $1 if m{^\s*\[([a-z0-9 ]+)\]}i; + + # ok, list matching lines + if ($section =~ m/Clients/) { + if (m{^\s*Client=}i) { + chomp; + s{^\s*Client=}{}i; + my ($client, $key) = split /@/,$_,2; + + $clients{lc($client)} = $key; + } + } + } + + close INPUT; + return \%clients; +} + + +sub write_clients ($$$) { + my $cfgfile_in = shift || '-'; + my $cfgfile_out = shift || $cfgfile_in; + my $clients = shift; + + my @lines; + my $in_clients_section; + + # copy-pass input file + my $section = ''; + open INPUT, "<$cfgfile_in" + or die ("Cannot read configuration file '$cfgfile_in'. Aborting"); + while () { + # match section headers + if (m{^\s*\[([a-z0-9 ]+)\]}i) { + if ($in_clients_section and ($section ne $1)) { + # exiting [Clients] section, output remaining ones + foreach my $hostname (keys %{$clients}) { + push @lines, + 'Client=' . $hostname . '@' + . $clients->{lc($hostname)} . "\n"; + delete $clients->{lc($hostname)}; + } + } + # update section title + $section = $1; + if ($section =~ m/Clients/i) { + $in_clients_section = 1; + } else { + $in_clients_section = 0; + } + } + + # process entries in [Clients] section + if ($in_clients_section) { + if (m{^\s*Client=}i) { + my ($hostname, undef) = split /@/,$_,2; + $hostname =~ s{^\s*Client=}{}i; + if (defined($clients->{lc($hostname)})) { + # output (possibly) modified key + $_ = 'Client=' . $hostname . '@' . $clients->{lc($hostname)} . "\n"; + delete $clients->{lc($hostname)}; + } + else { + # client deleted, skip this line from output + $_ = ''; + } + } + } + + # copy input to output + push @lines, $_; + } + close INPUT; + + # if end-of-file reached within [Clients] section, output remaining ones + if ($in_clients_section) { + foreach my $hostname (keys %{$clients}) { + push @lines, 'Client=' . $hostname . '@' + . $clients->{lc($hostname)} . "\n"; + } + } + + # if necessary, replace input file with output file + if ($cfgfile_in eq $cfgfile_out) { + copy($cfgfile_in, $cfgfile_in . '.BAK') + or die("Cannot backup config file '$cfgfile_in'. Aborting"); + } + open OUTPUT, ">$cfgfile_out" + or die ("Cannot write to file '$cfgfile_out'. Aborting"); + # overwrite config file line by line + foreach my $line (@lines) { print OUTPUT $line; } + close OUTPUT; +} + + +sub new_client_key ($) { + my $password = shift; + my $yulecmd = shift || $yule; + + my (undef, $key) = split /@/, `$yulecmd -P $password`, 2; + chomp $key; + return $key; +} + + +## main + +Getopt::Long::Configure ("posix_default"); +Getopt::Long::Configure ("bundling"); +# Getopt::Long::Configure ("debug"); + +GetOptions (\%opts, + 'Y|yule=s', + 'a|add', + 'c|cfgfile=s', + 'd|delete', + 'h|help', + 'l|list', + 'o|output=s', + 'r|replace', + 'u|update', + 'v|verbose', + ); + +if (defined ($opts{'h'})) { + usage(); + exit; +} + +if (defined($opts{'c'})) { + $cfgfile = $opts{'c'}; + $outfile = $cfgfile unless defined($outfile); +} +if (defined($opts{'Y'})) { + $yule = $opts{'Y'}; +} +if (defined($opts{'v'})) { + $verbose = 1; +} +if (defined($opts{'o'})) { + $outfile = $opts{'o'}; +} + +if (defined($opts{'l'})) { + # list contents + my $clients = read_clients($cfgfile); + + foreach my $client (keys %{$clients}) { + print "$client"; + print " ${$clients}{$client}" if $verbose; + print "\n"; + } +} +elsif (defined($opts{'a'}) + or defined($opts{'u'}) + or defined($opts{'r'})) { + # add HOSTNAME + my $hostname = $ARGV[0] + or die("Actions --add/--replace/--update require at least argument HOSTNAME. Aborting"); + + my $password; + if (defined($ARGV[1])) { + $password = uc($ARGV[1]); + } else { + $password = uc(); + # remove leading and trailing space + $password =~ s{\s*}{}g; + } + # sanity check + die ("Argument PASSWORD must be a 16-digit hexadecimal string. Aborting") + unless ($password =~ m/[[:xdigit:]]{16}/); + + my $add = defined($opts{'a'}); + my $replace = defined($opts{'r'}); + + my $clients = read_clients($cfgfile); + die ("Client '$hostname' already present in config file - cannot add. Aborting") + if ($add and defined(${$clients}{$hostname})); + die ("Client '$hostname' not already present in config file - cannot replace. Aborting") + if ($replace and not defined(${$clients}{$hostname})); + + $clients->{$hostname} = new_client_key($password) + or die ("Cannot get key for the given password. Aborting"); + write_clients($cfgfile, $outfile, $clients); +} +elsif (defined($opts{'d'})) { + # remove HOSTNAME + my $hostname = $ARGV[0] + or die("Action --delete requires one argument HOSTNAME. Aborting"); + + my $clients = read_clients($cfgfile); + delete ${$clients}{$hostname}; + write_clients($cfgfile, $outfile, $clients); +} +else { + usage(); + die ("You must specify one of --list, --add or --remove options. Aborting"); +} Index: /tags/2.5.0/sql_init/samhain.mysql.init =================================================================== --- /tags/2.5.0/sql_init/samhain.mysql.init (revision 189) +++ /tags/2.5.0/sql_init/samhain.mysql.init (revision 189) @@ -0,0 +1,95 @@ +CREATE DATABASE samhain; +USE mysql; +INSERT INTO db (Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv) VALUES ('localhost','samhain','','N','Y','N','N','N','N'); +USE samhain; +CREATE TABLE samhain.log ( + log_index BIGINT UNSIGNED AUTO_INCREMENT PRIMARY KEY, + log_ref BIGINT UNSIGNED NULL, + log_host VARCHAR(64) NOT NULL DEFAULT "localhost", + INDEX ix_log_host (log_host), + log_time DATETIME NOT NULL, + log_sev ENUM("DEBG","INFO","NOTE","WARN","MARK","ERRO","CRIT","ALRT","RCVT") NOT NULL, + log_msg BLOB, + + log_hash VARCHAR(32) NOT NULL, + KEY ix_hash (log_hash), + + entry_status VARCHAR(16) NOT NULL DEFAULT "NEW", + INDEX ix_entry_status (entry_status), + + path BLOB, + userid VARCHAR(8), + grp VARCHAR(8), + program VARCHAR(8), + subroutine VARCHAR(16), + status VARCHAR(12), + hash VARCHAR(50), + path_data BLOB, + hash_data VARCHAR(50), + key_uid VARCHAR(64), + key_uid_data VARCHAR(64), + key_id VARCHAR(16), + module VARCHAR(8), + return_code INTEGER, + syscall VARCHAR(16), + ip VARCHAR(16), + tty VARCHAR(16), + peer VARCHAR(64), + fromhost VARCHAR(64), + obj BLOB, + interface VARCHAR(64), + time VARCHAR(64), + dir BLOB, + linked_path BLOB, + port INTEGER, + service VARCHAR(64), + facility VARCHAR(32), + priority VARCHAR(32), + syslog_msg BLOB, + + mode_old VARCHAR(16), + mode_new VARCHAR(16), + attr_old VARCHAR(16), + attr_new VARCHAR(16), + + device_old VARCHAR(16), + device_new VARCHAR(16), + owner_old VARCHAR(9), + owner_new VARCHAR(9), + group_old VARCHAR(9), + group_new VARCHAR(9), + ctime_old DATETIME, + ctime_new DATETIME, + atime_old DATETIME, + atime_new DATETIME, + mtime_old DATETIME, + mtime_new DATETIME, + chksum_old VARCHAR(50), + chksum_new VARCHAR(50), + link_old BLOB, + link_new BLOB, + + size_old BIGINT, + size_new BIGINT, + hardlinks_old BIGINT, + hardlinks_new BIGINT, + inode_old BIGINT, + inode_new BIGINT, + + imode_old BIGINT, + imode_new BIGINT, + iattr_old BIGINT, + iattr_new BIGINT, + idevice_old BIGINT, + idevice_new BIGINT, + iowner_old BIGINT, + iowner_new BIGINT, + igroup_old BIGINT, + igroup_new BIGINT, + + + acl_old BLOB, + acl_new BLOB + + ); + Index: /tags/2.5.0/sql_init/samhain.oracle.init =================================================================== --- /tags/2.5.0/sql_init/samhain.oracle.init (revision 189) +++ /tags/2.5.0/sql_init/samhain.oracle.init (revision 189) @@ -0,0 +1,93 @@ +CREATE SEQUENCE log_log_index_seq START WITH 1; +CREATE TABLE log ( + log_index INTEGER NOT NULL, + log_ref NUMBER(20) NULL, + log_host VARCHAR2(64) DEFAULT 'localhost' NOT NULL, + log_time DATE NOT NULL, + log_sev VARCHAR2(4) NOT NULL, + log_msg VARCHAR2(4000), + log_hash VARCHAR2(32), + entry_status VARCHAR2(16) DEFAULT 'NEW' NOT NULL, + path CLOB, + userid VARCHAR2(8), + grp VARCHAR2(8), + program VARCHAR2(8), + subroutine VARCHAR2(16), + status VARCHAR2(12), + hash VARCHAR2(50), + path_data VARCHAR2(4000), + hash_data VARCHAR2(50), + key_uid VARCHAR2(64), + key_uid_data VARCHAR2(64), + key_id VARCHAR2(16), + module VARCHAR2(8), + return_code INTEGER, + syscall VARCHAR2(16), + ip VARCHAR2(16), + tty VARCHAR2(16), + peer VARCHAR2(64), + fromhost VARCHAR2(64), + obj VARCHAR2(128), + interface VARCHAR2(64), + time VARCHAR2(64), + dir CLOB, + linked_path CLOB, + port INTEGER, + service VARCHAR2(64), + facility VARCHAR2(32), + priority VARCHAR2(32), + syslog_msg VARCHAR2(4000), + mode_old VARCHAR2(16), + mode_new VARCHAR2(16), + attr_old VARCHAR2(16), + attr_new VARCHAR2(16), + device_old VARCHAR2(16), + device_new VARCHAR2(16), + owner_old VARCHAR2(9), + owner_new VARCHAR2(9), + group_old VARCHAR2(9), + group_new VARCHAR2(9), + ctime_old VARCHAR2(25), + ctime_new VARCHAR2(25), + atime_old VARCHAR2(25), + atime_new VARCHAR2(25), + mtime_old VARCHAR2(25), + mtime_new VARCHAR2(25), + chksum_old VARCHAR2(50), + chksum_new VARCHAR2(50), + link_old CLOB, + link_new CLOB, + size_old NUMBER(20), + size_new NUMBER(20), + hardlinks_old NUMBER(20), + hardlinks_new NUMBER(20), + inode_old NUMBER(20), + inode_new NUMBER(20), + imode_old NUMBER(20), + imode_new NUMBER(20), + iattr_old NUMBER(20), + iattr_new NUMBER(20), + idevice_old NUMBER(20), + idevice_new NUMBER(20), + iowner_old NUMBER(20), + iowner_new NUMBER(20), + igroup_old NUMBER(20), + igroup_new NUMBER(20), + acl_old VARCHAR2(4000), + acl_new VARCHAR2(4000) + ); + +CREATE UNIQUE INDEX log_log_index_key on log (log_index); + +CREATE INDEX ix_hash ON log (log_hash); + +CREATE INDEX ix_log_host ON log (log_host); +CREATE INDEX ix_log_ref ON log (log_ref); +CREATE INDEX ix_entry_status ON log (entry_status); + +GRANT INSERT ON log TO samhain; +GRANT ALTER ON log_log_index_seq TO samhain; +GRANT SELECT ON log_log_index_seq TO samhain; + + + Index: /tags/2.5.0/sql_init/samhain.postgres.init =================================================================== --- /tags/2.5.0/sql_init/samhain.postgres.init (revision 189) +++ /tags/2.5.0/sql_init/samhain.postgres.init (revision 189) @@ -0,0 +1,98 @@ +CREATE SEQUENCE log_log_index_seq START 1; +CREATE TABLE log ( + log_index INTEGER NOT NULL, + log_ref BIGINT NULL, + log_host VARCHAR(64) NOT NULL DEFAULT 'localhost', + log_time TIMESTAMP NOT NULL, + log_sev VARCHAR(4) NOT NULL, + log_msg TEXT, + + log_hash VARCHAR(32), + + entry_status VARCHAR(16) NOT NULL DEFAULT 'NEW', + + path TEXT, + userid VARCHAR(8), + grp VARCHAR(8), + program VARCHAR(8), + subroutine VARCHAR(16), + status VARCHAR(12), + hash VARCHAR(50), + path_data TEXT, + hash_data VARCHAR(50), + key_uid VARCHAR(64), + key_uid_data VARCHAR(64), + key_id VARCHAR(16), + module VARCHAR(8), + return_code INTEGER, + syscall VARCHAR(16), + ip VARCHAR(16), + tty VARCHAR(16), + peer VARCHAR(64), + fromhost VARCHAR(64), + obj TEXT, + interface VARCHAR(64), + time VARCHAR(64), + dir TEXT, + linked_path TEXT, + port INTEGER, + service VARCHAR(64), + facility VARCHAR(32), + priority VARCHAR(32), + syslog_msg TEXT, + + mode_old VARCHAR(16), + mode_new VARCHAR(16), + attr_old VARCHAR(16), + attr_new VARCHAR(16), + + device_old VARCHAR(16), + device_new VARCHAR(16), + owner_old VARCHAR(9), + owner_new VARCHAR(9), + group_old VARCHAR(9), + group_new VARCHAR(9), + ctime_old TIMESTAMP, + ctime_new TIMESTAMP, + atime_old TIMESTAMP, + atime_new TIMESTAMP, + mtime_old TIMESTAMP, + mtime_new TIMESTAMP, + chksum_old VARCHAR(50), + chksum_new VARCHAR(50), + link_old TEXT, + link_new TEXT, + + size_old BIGINT, + size_new BIGINT, + hardlinks_old BIGINT, + hardlinks_new BIGINT, + inode_old BIGINT, + inode_new BIGINT, + + imode_old BIGINT, + imode_new BIGINT, + iattr_old BIGINT, + iattr_new BIGINT, + idevice_old BIGINT, + idevice_new BIGINT, + iowner_old BIGINT, + iowner_new BIGINT, + igroup_old BIGINT, + igroup_new BIGINT, + + acl_old TEXT, + acl_new TEXT + ); + + +CREATE UNIQUE INDEX log_log_index_key on log (log_index); +CREATE INDEX ix_hash ON log (log_hash); + +CREATE INDEX ix_log_host ON log (log_host); +CREATE INDEX ix_entry_status ON log (entry_status); + +GRANT INSERT ON log TO samhain; +GRANT UPDATE ON log_log_index_seq TO samhain; +GRANT SELECT ON log_log_index_seq TO samhain; + Index: /tags/2.5.0/src/CuTest.c =================================================================== --- /tags/2.5.0/src/CuTest.c (revision 189) +++ /tags/2.5.0/src/CuTest.c (revision 189) @@ -0,0 +1,350 @@ +/******************* + +LICENSE + +Copyright (c) 2003 Asim Jalis + +This software is provided 'as-is', without any express or implied +warranty. In no event will the authors be held liable for any damages +arising from the use of this software. + +Permission is granted to anyone to use this software for any purpose, +including commercial applications, and to alter it and redistribute it +freely, subject to the following restrictions: + +1. The origin of this software must not be misrepresented; you must not +claim that you wrote the original software. If you use this software in +a product, an acknowledgment in the product documentation would be +appreciated but is not required. + +2. Altered source versions must be plainly marked as such, and must not +be misrepresented as being the original software. + +3. This notice may not be removed or altered from any source +distribution. + +**********************/ + +#include +#include +#include +#include +#include +#include +#include + +#include "CuTest.h" + +/*-------------------------------------------------------------------------* + * CuStr + *-------------------------------------------------------------------------*/ + +char* CuStrAlloc(int size) +{ + char* newStr = (char*) malloc( sizeof(char) * (size) ); + return newStr; +} + +char* CuStrCopy(const char* old) +{ + int len = strlen(old); + char* newStr = CuStrAlloc(len + 1); + strcpy(newStr, old); + return newStr; +} + +/*-------------------------------------------------------------------------* + * CuString + *-------------------------------------------------------------------------*/ + +void CuStringInit(CuString* str) +{ + str->length = 0; + str->size = STRING_MAX; + str->buffer = (char*) malloc(sizeof(char) * str->size); + if (str->buffer) + str->buffer[0] = '\0'; + else + { + perror("CuStringInit"); + _exit (EXIT_FAILURE); + } +} + +CuString* CuStringNew(void) +{ + CuString* str = (CuString*) malloc(sizeof(CuString)); + str->length = 0; + str->size = STRING_MAX; + str->buffer = (char*) malloc(sizeof(char) * str->size); + if (str->buffer) + str->buffer[0] = '\0'; + else + { + perror("CuStringNew"); + _exit (EXIT_FAILURE); + } + return str; +} + +void CuStringResize(CuString* str, int newSize) +{ + str->buffer = (char*) realloc(str->buffer, sizeof(char) * newSize); + str->size = newSize; +} + +void CuStringAppend(CuString* str, const char* text) +{ + int length; + + if (text == NULL) { + text = "NULL"; + } + + length = strlen(text); + if (str->length + length + 1 >= str->size) + CuStringResize(str, str->length + length + 1 + STRING_INC); + str->length += length; + strcat(str->buffer, text); +} + +void CuStringAppendChar(CuString* str, char ch) +{ + char text[2]; + text[0] = ch; + text[1] = '\0'; + CuStringAppend(str, text); +} + +void CuStringAppendFormat(CuString* str, const char* format, ...) +{ + va_list argp; + char buf[HUGE_STRING_LEN]; + va_start(argp, format); + vsprintf(buf, format, argp); + va_end(argp); + CuStringAppend(str, buf); +} + +void CuStringInsert(CuString* str, const char* text, int pos) +{ + int length = strlen(text); + if (pos > str->length) + pos = str->length; + if (str->length + length + 1 >= str->size) + CuStringResize(str, str->length + length + 1 + STRING_INC); + memmove(str->buffer + pos + length, str->buffer + pos, (str->length - pos) + 1); + str->length += length; + memcpy(str->buffer + pos, text, length); +} + +/*-------------------------------------------------------------------------* + * CuTest + *-------------------------------------------------------------------------*/ + +void CuTestInit(CuTest* t, const char* name, TestFunction function) +{ + t->name = CuStrCopy(name); + t->failed = 0; + t->ran = 0; + t->message = NULL; + t->function = function; + t->jumpBuf = NULL; +} + +CuTest* CuTestNew(const char* name, TestFunction function) +{ + CuTest* tc = CU_ALLOC(CuTest); + CuTestInit(tc, name, function); + return tc; +} + +void CuTestRun(CuTest* tc) +{ + jmp_buf buf; + tc->jumpBuf = &buf; + if (setjmp(buf) == 0) + { + tc->ran = 1; + (tc->function)(tc); + } + tc->jumpBuf = 0; +} + +static void CuFailInternal(CuTest* tc, const char* file, int line, CuString* string) +{ + char buf[HUGE_STRING_LEN]; + + sprintf(buf, "%s:%d: ", file, line); + CuStringInsert(string, buf, 0); + + tc->failed = 1; + tc->message = string->buffer; + if (tc->jumpBuf != 0) longjmp(*(tc->jumpBuf), 0); +} + +void CuFail_Line(CuTest* tc, const char* file, int line, const char* message2, const char* message) +{ + CuString string; + + CuStringInit(&string); + if (message2 != NULL) + { + CuStringAppend(&string, message2); + CuStringAppend(&string, ": "); + } + CuStringAppend(&string, message); + CuFailInternal(tc, file, line, &string); +} + +void CuAssert_Line(CuTest* tc, const char* file, int line, const char* message, int condition) +{ + if (condition) return; + CuFail_Line(tc, file, line, NULL, message); +} + +void CuAssertStrEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message, + const char* expected, const char* actual) +{ + CuString string; + if ((expected == NULL && actual == NULL) || + (expected != NULL && actual != NULL && + strcmp(expected, actual) == 0)) + { + return; + } + + CuStringInit(&string); + if (message != NULL) + { + CuStringAppend(&string, message); + CuStringAppend(&string, ": "); + } + CuStringAppend(&string, "expected <"); + CuStringAppend(&string, expected); + CuStringAppend(&string, "> but was <"); + CuStringAppend(&string, actual); + CuStringAppend(&string, ">"); + CuFailInternal(tc, file, line, &string); +} + +void CuAssertIntEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message, + int expected, int actual) +{ + char buf[STRING_MAX]; + if (expected == actual) return; + sprintf(buf, "expected <%d> but was <%d>", expected, actual); + CuFail_Line(tc, file, line, message, buf); +} + +void CuAssertDblEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message, + double expected, double actual, double delta) +{ + char buf[STRING_MAX]; +#define SH_FABS(a) (((a) < 0) ? -(a) : (a)) + if (SH_FABS(expected - actual) <= delta) return; + sprintf(buf, "expected <%lf> but was <%lf>", expected, actual); + CuFail_Line(tc, file, line, message, buf); +} + +void CuAssertPtrEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message, + void* expected, void* actual) +{ + char buf[STRING_MAX]; + if (expected == actual) return; + sprintf(buf, "expected pointer <0x%p> but was <0x%p>", expected, actual); + CuFail_Line(tc, file, line, message, buf); +} + + +/*-------------------------------------------------------------------------* + * CuSuite + *-------------------------------------------------------------------------*/ + +void CuSuiteInit(CuSuite* testSuite) +{ + testSuite->count = 0; + testSuite->failCount = 0; +} + +CuSuite* CuSuiteNew(void) +{ + CuSuite* testSuite = CU_ALLOC(CuSuite); + CuSuiteInit(testSuite); + return testSuite; +} + +void CuSuiteAdd(CuSuite* testSuite, CuTest *testCase) +{ + assert(testSuite->count < MAX_TEST_CASES); + testSuite->list[testSuite->count] = testCase; + testSuite->count++; +} + +void CuSuiteAddSuite(CuSuite* testSuite, CuSuite* testSuite2) +{ + int i; + for (i = 0 ; i < testSuite2->count ; ++i) + { + CuTest* testCase = testSuite2->list[i]; + CuSuiteAdd(testSuite, testCase); + } +} + +void CuSuiteRun(CuSuite* testSuite) +{ + int i; + for (i = 0 ; i < testSuite->count ; ++i) + { + CuTest* testCase = testSuite->list[i]; + CuTestRun(testCase); + if (testCase->failed) { testSuite->failCount += 1; } + } +} + +void CuSuiteSummary(CuSuite* testSuite, CuString* summary) +{ + int i; + for (i = 0 ; i < testSuite->count ; ++i) + { + CuTest* testCase = testSuite->list[i]; + CuStringAppend(summary, testCase->failed ? "F" : "."); + } + CuStringAppend(summary, "\n\n"); +} + +void CuSuiteDetails(CuSuite* testSuite, CuString* details) +{ + int i; + int failCount = 0; + + if (testSuite->failCount == 0) + { + int passCount = testSuite->count - testSuite->failCount; + const char* testWord = passCount == 1 ? "test" : "tests"; + CuStringAppendFormat(details, "OK (%d %s)\n", passCount, testWord); + } + else + { + if (testSuite->failCount == 1) + CuStringAppend(details, "There was 1 failure:\n"); + else + CuStringAppendFormat(details, "There were %d failures:\n", testSuite->failCount); + + for (i = 0 ; i < testSuite->count ; ++i) + { + CuTest* testCase = testSuite->list[i]; + if (testCase->failed) + { + failCount++; + CuStringAppendFormat(details, "%d) %s: %s\n", + failCount, testCase->name, testCase->message); + } + } + CuStringAppend(details, "\n!!!FAILURES!!!\n"); + + CuStringAppendFormat(details, "Runs: %d ", testSuite->count); + CuStringAppendFormat(details, "Passes: %d ", testSuite->count - testSuite->failCount); + CuStringAppendFormat(details, "Fails: %d\n", testSuite->failCount); + } +} Index: /tags/2.5.0/src/bignum.c =================================================================== --- /tags/2.5.0/src/bignum.c (revision 189) +++ /tags/2.5.0/src/bignum.c (revision 189) @@ -0,0 +1,1924 @@ +/* Implementation of bignums by Henrik.Johansson@Nexus.Comm.SE in 1991 + * version 1.2 + */ + +/* Modifications in this file (Nov 1999, Rainer Wichmann): + * - a few compiler warnings fixed: + * gcc insists on 'if ( ( b_eq_qr = ((b == q) || (b == r)) ) )' + * instead of 'if ( b_eq_qr = ((b == q) || (b == r)) )' + * - code that is not used in samhain is #defined out by: + * #if (defined (SH_WITH_CLIENT) || defined (SH_WITH_SERVER)) + * or + * #ifdef UNUSED_CODE + * - the error message (error_string[]) is enclosed in N_(),_() macros + * - the following four #includes have been added + */ +#include "config_xor.h" + + +#include + +#ifdef HAVE_MEMORY_H +#include +#endif + +#include "samhain.h" +#include "bignum.h" + + +#if (!defined(HAVE_LIBGMP) || !defined(HAVE_GMP_H)) && (defined (SH_WITH_CLIENT) || defined (SH_WITH_SERVER)) + +#define DIGIT BIGNUM_DIGIT +#define DIGIT2 BIGNUM_TWO_DIGITS + +#ifndef TRUE +#define TRUE (1 == 1) +#endif +#ifndef FALSE +#define FALSE (1 != 1) +#endif + + +#define MIN_ALLOC ((sizeof(long) / sizeof(DIGIT)) << 1) + +/* Don't expect the "sign" field to have the right value (BIG_SIGN_0) at + * all times, so compare real content of bignum with zerop. + * Maybe it would be better to be sure at all times that the sign is right? + */ +#define zerop(BIG) ((*(BIG)->dp == 0) && ((BIG)->dgs_used == 1)) +#define uonep(BIG) ((*(BIG)->dp == 1) && ((BIG)->dgs_used == 1)) +#define NEGATE_SIGN(SGN) (-(SGN)) + +#define DIGIT_BITS BIGNUM_DIGIT_BITS +#define DIGIT2_BITS BIGNUM_TWO_DIGITS_BITS + +#define DIGIT_PART(N) ((DIGIT)((N) & ((((DIGIT2)1) << DIGIT_BITS) - 1))) +#define RESULT_MINUSP(RES) (((RES) & ((DIGIT2)1 << (DIGIT2_BITS - 1))) != 0) +#define SHIFT_DIGIT_DOWN(N) (DIGIT_PART((N) >> DIGIT_BITS)) +#define SHIFT_DIGIT_UP(N) ((DIGIT2)((N) << DIGIT_BITS)) + +#define DIGIT_BASE (((DIGIT2)1) << DIGIT_BITS) +#define MAX_DIGIT ((((DIGIT2)1) << DIGIT_BITS) - 1) + +#define uint unsigned int +#define ulong unsigned long + +/* +extern void *malloc(size_t size); +extern void free(); +*/ + +char *last_string = NULL; +char *big_end_string = NULL; + +ulong length_last_string; +static char big_base_digits1[] = +N_("00112233445566778899AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz"); +static char error_string[] = N_("(big_errno != 0, something has gone wrong)"); +static char big_base_digits[73] = "\0"; + +bignum big_one; +bignum tmp_string, tmp_add, tmp_mul, tmp_q, tmp_r, tmp_rand, tmp_round; +DIGIT *tmp_digits; +ulong tmp_ulong; + +/* #define COUNT_ALLOC */ +#ifdef COUNT_ALLOC +ulong dgs_alloc = 0, digits_freed = 0; +#endif + +int big_errno = BIG_OK; + +double log2tbl[] = +{ + -1.0, -1.0, + 1.000000000000000, 1.584961891174317, 2.000000000000002, 2.321928024291994, + 2.584960937500003, 2.807353973388675, 3.000000000000004, 3.169923782348637, + 3.321928024291997, 3.459430694580083, 3.584960937500005, 3.700439453125006, + 3.807353973388678, 3.906888961791999, 4.000000000000014, 4.087459564208999, + 4.169921875000016, 4.247924804687517, 4.321926116943377, 4.392314910888691, + 4.459430694580098, 4.523559570312520, 4.584960937500021, 4.643856048584007, + 4.700439453125023, 4.754886627197290, 4.807353973388697, 4.857978820800807, + 4.906887054443386, 4.954193115234403, 5.000000000000028, 5.044391632080107, + 5.087459564209015, 5.129280090332062, 5.169921875000032 +}; + +struct digit_blocks +{ + int digCnt; + DIGIT dig_base; +} big_block[37]; /* The code uses index 2 to 36 */ + + +/* ---------------------------------------------------------------------- + * All static utility functions are placed first in this file. + */ + +#ifndef HAVE_STRCHR +static char * strchr (char * str_ptr, char ch) +{ + do + { + if (*str_ptr == ch) + { + return str_ptr; + } + } while (*str_ptr++ != '\0'); + return NULL; +} +#endif + +#if 0 + +extern int printf(); + +static void +print_digits(prefix, a) +char *prefix; +bignum *a; +{ + unsigned long i; + ulong tmp; + + printf("%s", prefix); + if (a->sign == BIG_SIGN_MINUS) + { + printf("- "); + } + else + { + if (a->sign == BIG_SIGN_PLUS) + { + printf("+ "); + } + else + { + printf("+/- "); + } + } + for (i = a->dgs_used - 1; i > 0; i--) + { + tmp = a->dp[i]; + printf("%lu, ", tmp); + } + tmp = *a->dp; + printf("%lu\n", tmp); +} + +#else + +#define print_digits(prefix, big) /* */ + +#endif + +static void +init_digit_blocks(void) +{ + uint digcnt, base; + DIGIT maxdigit, curdigit, tmp; + + for (base = 2; base <= 36; base++) + { + tmp = ((1 << (DIGIT_BITS - 1)) / base); + maxdigit = tmp * 2; + curdigit = 1; + digcnt = 0; + while (curdigit < maxdigit) + { + digcnt++; + curdigit *= base; + } + big_block[base].digCnt = digcnt; + big_block[base].dig_base = curdigit; + } +} + +#ifdef COUNT_ALLOC +static void +free_digits(DIGIT * dp, ulong count) +{ + /* Mar 4 2000 R. Wichmann: check for dp == NULL */ + if (!dp) + return; + digits_freed += count; + free((char *)dp); + dp = NULL; +} +#else +/* June 5 2000 R. Wichmann: check for dp == NULL */ +/* #define free_digits(DP,CNT) free((char *)DP) */ +static void +free_digits(DIGIT * dp, ulong count) +{ + /* Mar 4 2000 R. Wichmann: check for dp == NULL */ + if (!dp) + return; + free((char *)dp); + dp = NULL; + count = 0; +} +#endif + +static DIGIT * +allocate_digits(ulong alloclen) +{ + DIGIT *digit_ptr; + + if (big_errno != BIG_OK) + { + return NULL; + } +#ifdef COUNT_ALLOC + dgs_alloc += alloclen; +#endif + digit_ptr = (DIGIT *) malloc(alloclen * sizeof(DIGIT)); + if (digit_ptr == NULL) + { + big_errno = BIG_MEMERR; + return NULL; + } + return digit_ptr; +} + +static bigerr_t +newsize(DIGIT **dp_p, ulong *cursize_p, ulong minsz, ulong newsz) +{ + if (*cursize_p >= minsz) + { + return big_errno; + } + free_digits(*dp_p, *cursize_p); + if (newsz < MIN_ALLOC) + { + newsz = MIN_ALLOC; + } + if ((*dp_p = allocate_digits(newsz)) == NULL) + { + return big_errno; + } + *cursize_p = newsz; + return big_errno; +} + +/* `memcpy' uses an `int' as counter. If an int can't hold a big enough + * counter, then `digits_cpy' becomes a function (and a little slower, + * probably. Unfortunately `memcpy' takes a signed counter, but _that_ + * size of numbers are almost too big! Or isn't it? + */ +#ifdef MEMCPY_LONG_COUNTER +/* extern char *memcpy(); */ +#define digits_cpy(dst, src, count) memcpy((char *)(dst), (char *)(src), \ + (count) * sizeof(DIGIT)) +#else +static void +digits_cpy(DIGIT *dst, DIGIT *src, ulong count) +{ + while (count-- > 0) + { + *dst++ = *src++; + } +} +#endif + +static DIGIT * +copy_digits(DIGIT *src, ulong cp_count, ulong alloclen) +{ + DIGIT *dst; + + if (big_errno != BIG_OK) + { + return NULL; + } + if ((dst = allocate_digits(alloclen)) == NULL) + { + return NULL; + } + digits_cpy(dst, src, cp_count); + return dst; +} + +static void +add_digit(bignum * a, DIGIT d) +{ + DIGIT2 res = d; + DIGIT *last_digit, *digit_ptr = a->dp, *digvect; + + last_digit = digit_ptr + a->dgs_used; + while (digit_ptr < last_digit) + { + res = *digit_ptr + res; + *digit_ptr = DIGIT_PART(res); + res = SHIFT_DIGIT_DOWN(res); + digit_ptr++; + if (res == 0) + { + break; + } + } + if (res != 0) + { + if (a->dgs_used < a->dgs_alloc) + { + *digit_ptr = DIGIT_PART(res); + } + else + { + if ((digvect = copy_digits(a->dp, a->dgs_used, + a->dgs_used + 4)) == NULL) + { + return; /* big_errno will be set to last error */ + } + digvect[a->dgs_used] = DIGIT_PART(res); + free_digits(a->dp, a->dgs_alloc); + a->dgs_alloc = a->dgs_used + 4; + a->dp = digvect; + } + a->dgs_used++; + } +} + +static DIGIT +vect_div_digit(DIGIT *digvect, ulong *len, DIGIT d) +{ + DIGIT *digit_ptr = digvect + *len - 1, newval; + DIGIT2 rest = 0; + + if (d == 0) + { + big_errno = BIG_DIV_ZERO; + return -1; + } + if (d == 1) + { + return 0; + } + while (digit_ptr >= digvect) + { + rest = (DIGIT2)SHIFT_DIGIT_UP(rest); + newval = DIGIT_PART((*digit_ptr + rest) / d); + rest = (*digit_ptr + rest) % d; + *digit_ptr = newval; + digit_ptr--; + } + if (*len > 1) + { + if (digvect[*len - 1] == 0) + { + *len -= 1; + } + } + return DIGIT_PART(rest); +} + +static DIGIT +udiv_digit(bignum *a, DIGIT d) +{ + DIGIT res; + + res = vect_div_digit(a->dp, &a->dgs_used, d); + if (zerop(a)) + { + a->sign = BIG_SIGN_0; + } + return res; +} + +static DIGIT +vect_mul_digit(DIGIT *digvect, ulong len, DIGIT x) +{ + DIGIT *digit_ptr = digvect + len; + DIGIT2 res = 0; + + while (digvect < digit_ptr) + { + res += *digvect * (DIGIT2)x; + *digvect = DIGIT_PART(res); + res = SHIFT_DIGIT_DOWN(res); + digvect++; + } + return DIGIT_PART(res); +} + +static void +umul_digit(bignum *a, DIGIT x) +{ + DIGIT ovfl, *digvect; + + ovfl = vect_mul_digit(a->dp, a->dgs_used, x); + if (ovfl != 0) + { + if (a->dgs_used < a->dgs_alloc) + { + a->dp[a->dgs_used] = ovfl; + } + else + { + digvect = copy_digits(a->dp, + a->dgs_used, + a->dgs_used + 4); + digvect[a->dgs_used] = ovfl; + free_digits(a->dp, a->dgs_alloc); + a->dgs_alloc = a->dgs_used + 4; + a->dp = digvect; + } + a->dgs_used++; + } +} + +static int +ucompare_digits(bignum *a, bignum *b) +{ + DIGIT *a_ptr, *b_ptr; + + if (a->dgs_used == b->dgs_used) + { + a_ptr = a->dp + a->dgs_used - 1; + b_ptr = b->dp + b->dgs_used - 1; + while ((*a_ptr == *b_ptr) && (a_ptr >= a->dp)) + { + a_ptr--; + b_ptr--; + } + if (a_ptr < a->dp) + { + return 0; + } + else + { + return (*a_ptr > *b_ptr) ? 1 : -1; + } + } + return (a->dgs_used > b->dgs_used) ? 1 : -1; +} + +static void +uadd_digits(bignum *a, bignum *b, bignum *c) +{ + DIGIT *dp_x, *dp_y, *dp_z, *res_dp, *end_x, *end_y; + ulong len_x, len_y; + DIGIT2 res = 0; + + if (a->dgs_used > b->dgs_used) + { + dp_x = a->dp; + len_x = a->dgs_used; + dp_y = b->dp; + len_y = b->dgs_used; + } + else + { + dp_x = b->dp; + len_x = b->dgs_used; + dp_y = a->dp; + len_y = a->dgs_used; + } + end_x = dp_x + len_x; + end_y = dp_y + len_y; + if (c->dgs_alloc >= len_x) + { + dp_z = c->dp; + } + else + { + if (newsize(&tmp_add.dp, &tmp_add.dgs_alloc, + len_x, len_x + 4) != BIG_OK) + { + return; + } + dp_z = tmp_add.dp; + } + res_dp = dp_z; + while (dp_y < end_y) + { + res += ((DIGIT2)*dp_x++) + *dp_y++; + *res_dp++ = DIGIT_PART(res); + res = SHIFT_DIGIT_DOWN(res); + } + while (dp_x < end_x) + { + res += *dp_x++; + *res_dp++ = DIGIT_PART(res); + res = SHIFT_DIGIT_DOWN(res); + } + if (res != 0) + { + *res_dp++ = DIGIT_PART(res); + } + + if (dp_z != c->dp) + { + tmp_digits = c->dp; + c->dp = tmp_add.dp; + tmp_add.dp = tmp_digits; + + tmp_ulong = c->dgs_alloc; + c->dgs_alloc = tmp_add.dgs_alloc; + tmp_add.dgs_alloc = tmp_ulong; + } + c->dgs_used = res_dp - c->dp; +} + +static void +usub_digits(bignum *a, bignum *b, bignum *c) +{ + DIGIT *dp_x, *dp_y, *dp_z, *res_dp, *end_x, *end_y; + ulong len_x, len_y; + DIGIT2 res = 0; + + dp_x = a->dp; + len_x = a->dgs_used; + dp_y = b->dp; + len_y = b->dgs_used; + + end_x = dp_x + len_x; + end_y = dp_y + len_y; + if (c->dgs_alloc >= len_x) + { + dp_z = c->dp; + } + else + { + if (newsize(&tmp_add.dp, &tmp_add.dgs_alloc, + len_x, len_x + 2) != BIG_OK) + { + return; + } + dp_z = tmp_add.dp; + } + res_dp = dp_z; + while (dp_y < end_y) + { + res = ((DIGIT2)*dp_x++) - *dp_y++ - RESULT_MINUSP(res); + *res_dp++ = DIGIT_PART(res); + } + while (dp_x < end_x) + { + res = *dp_x++ - RESULT_MINUSP(res); + *res_dp++ = DIGIT_PART(res); + } +#ifdef BIG_CHECK_LIMITS + if (RESULT_MINUSP(res) != 0) + { + big_errno = BIG_ALGERR; + return; + } +#endif + while ((*--res_dp == 0) && (res_dp > dp_z)) + { + /* Move pointer down until we reach a non-zero */ + } + if (dp_z != c->dp) + { + tmp_digits = c->dp; + c->dp = tmp_add.dp; + tmp_add.dp = tmp_digits; + + tmp_ulong = tmp_add.dgs_alloc; + tmp_add.dgs_alloc = c->dgs_alloc; + c->dgs_alloc = tmp_ulong; + } + c->dgs_used = res_dp - dp_z + 1; +} + +/* + * This (pseudo) random number generator is not very good. It has a long + * period [ 2 ^ (DIGIT_BITS * 2) (?)] before it starts with the same sequence + * again, but the lower bits are "less random" than they should be. I've + * solved it by using word of double length, and returning the upper bits. + * Please mail me if you know how to make it into a "more random" generator. + * One important thing though: it will have to reasonably fast. + * The good thing with this one is that it is very portable, but that doesn't + * help much when you want _good_ random numbers. + * Henrik.Johansson@Nexus.Comm.SE + */ +#ifdef UNUSED_CODE +static DIGIT +rand(void) +{ + static DIGIT2 x1 = 33, x2 = 45; /* Just give them two starting values */ + + if (x2 = BIG_RAND_A2 * x2 + BIG_RAND_C2, x2 == 45) + { + x1 = BIG_RAND_A1 * x1 + BIG_RAND_C1; + } + return SHIFT_DIGIT_DOWN(x1 + x2); /* Skip least significant bits */ +} +/* UNUSED_CODE */ +#endif + +/* ---------------------------------------------------------------------- + * All external functions comes here. + */ + +bigerr_t +big_init_pkg() +{ + strcpy (big_base_digits, _(big_base_digits1)); /* known to fit */ + init_digit_blocks(); + big_create(&tmp_string); + big_create(&tmp_add); + big_create(&tmp_mul); + big_create(&tmp_q); + big_create(&tmp_r); + big_create(&tmp_rand); + big_create(&big_one); + big_set_long((long)1, &big_one); + length_last_string = 10; + if ((last_string = malloc(length_last_string)) == NULL) + { + big_errno = BIG_MEMERR; + } + return big_errno; +} + +void +big_release_pkg() +{ + big_destroy(&tmp_string); + big_destroy(&tmp_add); + big_destroy(&tmp_mul); + big_destroy(&tmp_q); + big_destroy(&tmp_r); + big_destroy(&tmp_round); + big_destroy(&big_one); + if (last_string != NULL) + free(last_string); +#ifdef COUNT_ALLOC + printf("Allocated digits: %lu\n", dgs_alloc); + printf("Freed digits: %lu\n", digits_freed); +#endif +} + +bigerr_t +big_create(a) +bignum *a; +{ + /* Make sure that big_create alway returns a NULL bignum + * that can safely be destroyed. + */ + if (a != NULL) + { + a->dp = NULL; + } + if (big_errno != BIG_OK) + { + return big_errno; + } + if (a == NULL) + { + big_errno = BIG_ARGERR; + return big_errno; + } + + a->sign = BIG_SIGN_0; + a->dgs_used = 1; + if ((a->dp = allocate_digits((long)sizeof(long))) == NULL) + { + return big_errno; + } + a->dgs_alloc = sizeof(long); + *a->dp = 0; + return big_errno; +} + +void +big_destroy(a) +bignum *a; +{ + /* Mar 4, 2000 R. Wichmann: check for a == NULL */ + /* free_digits() checks for a->dp == NULL */ + if (a != NULL) + free_digits(a->dp, a->dgs_alloc); +} + +ulong +big_bitcount(a) +bignum *a; +{ + int bits = 0; + DIGIT high_digit; + + if (big_errno != BIG_OK) + { + return 0; + } + high_digit = a->dp[a->dgs_used - 1]; + while (high_digit != 0) + { + bits++; + high_digit >>= 1; + } + return DIGIT_BITS * (a->dgs_used - 1) + bits; +} + +bigerr_t +big_set_big(a, b) +bignum *a; +bignum *b; +{ + if ((big_errno != BIG_OK) || (a == b)) + { + return big_errno; + } + if (newsize(&b->dp, &b->dgs_alloc, a->dgs_used, a->dgs_used) != BIG_OK) + { + return big_errno; + } + b->dgs_used = a->dgs_used; + b->sign = a->sign; + digits_cpy(b->dp, a->dp, a->dgs_used); + return big_errno; +} + + +void +big_set_ulong(n, a) +ulong n; +bignum *a; +{ + unsigned int i; + + if (big_errno != BIG_OK) + { + return; + } + if (n == 0) + { + *a->dp = 0; + a->dgs_used = 1; + a->sign = BIG_SIGN_0; + } + else + { + a->dgs_used = 0; + for (i = 0; i < sizeof(long) / sizeof(DIGIT); i++) + { + if (n == 0) + { + break; + } + a->dgs_used++; + a->dp[i] = DIGIT_PART(n); + n = SHIFT_DIGIT_DOWN(n); + } + a->sign = BIG_SIGN_PLUS; + } + print_digits("set_(u)long: a = ", a); +} + +void +big_set_long(n, a) +long n; +bignum *a; +{ + ulong m; + + m = (n < 0) ? - n : n; + big_set_ulong(m, a); + if (!(n >= 0)) + { + a->sign = BIG_SIGN_MINUS; + } +} + + +bigerr_t +big_set_string(numstr, base, a) +char *numstr; +int base; +bignum *a; +{ + char *src, *maxdigit, *chrptr; + DIGIT dig_base, dig_sum, last_base; + int cnt, maxcnt; + + if (big_errno != BIG_OK) + { + return big_errno; + } + + big_end_string = numstr; + if ((base < 2) || (base > 36) || (numstr == NULL) || (a == NULL)) + { + big_errno = BIG_ARGERR; + return big_errno; + } + + src = numstr; + + maxdigit = big_base_digits + (base << 1); + + maxcnt = big_block[base].digCnt; + dig_base = big_block[base].dig_base; + a->dgs_used = 1; + *a->dp = 0; + a->sign = BIG_SIGN_PLUS; /* Assume it will be positive */ + while (strchr(" \t\n\r", *src) != NULL) /* Skip whitespaces */ + { + src++; + } + if ((*src == '-') || (*src == '+')) /* First non-white is a sign? */ + { + a->sign = (*src == '-') ? BIG_SIGN_MINUS : BIG_SIGN_PLUS; + src++; + } + chrptr = strchr(big_base_digits, *src); + if ((chrptr == NULL) || (chrptr >= maxdigit)) /* Next chr not a digit? */ + { + big_end_string = src; + big_errno = BIG_ARGERR; + return big_errno; + } + while (*src == '0') /* Next chr a '0'? */ + { + src++; /* Read past all '0'es */ + } + chrptr = strchr(big_base_digits, *src); + if ((chrptr == NULL) || (chrptr >= maxdigit)) /* Next char not a digit */ + { + big_end_string = src; + a->sign = BIG_SIGN_0; /* It was just a plain 0 */ + return big_errno; + } + dig_sum = 0; + cnt = 0; + while ((chrptr = strchr(big_base_digits, *src)), + (chrptr != NULL) && (chrptr < maxdigit)) + { + dig_sum = dig_sum * base + ((chrptr - big_base_digits) >> 1); + if (++cnt >= maxcnt) + { + umul_digit(a, dig_base); + add_digit(a, dig_sum); + dig_sum = 0; + cnt = 0; + } + src++; + } + if (cnt > 0) + { + last_base = base; + while (--cnt > 0) + { + last_base *= base; + } + umul_digit(a, last_base); + add_digit(a, dig_sum); + } + big_end_string = src; + return big_errno; +} + + +int +big_ulong(a, n) +bignum *a; +ulong *n; +{ + ulong old_n; + DIGIT *dp; + + if (big_errno != BIG_OK) + { + return FALSE; + } + if (a->dgs_used > sizeof(ulong) / sizeof(DIGIT)) + { + return FALSE; + } + dp = a->dp + a->dgs_used - 1; + old_n = *n = *dp--; + while ((dp >= a->dp) && (old_n < *n)) + { + old_n = *n; + *n = SHIFT_DIGIT_UP(*n) + *dp--; + } + if (old_n >= *n) + { + return FALSE; + } + return FALSE; +} + +int +big_long(a, n) +bignum *a; +long *n; +{ + long old_n; + DIGIT *dp; + + if (a->dgs_used > sizeof(ulong) / sizeof(DIGIT)) + { + return FALSE; + } + dp = a->dp + a->dgs_used - 1; + old_n = *n = *dp--; + while ((dp >= a->dp) && (old_n <= *n)) + { + old_n = *n; + *n = SHIFT_DIGIT_UP(*n) + *dp--; + } + if (old_n >= *n) + { + return FALSE; + } + if (a->sign == BIG_SIGN_MINUS) + { + *n = -*n;; + } + return FALSE; +} + + +char * +big_string(a, base) +bignum *a; +int base; +{ + ulong bit_length, str_length; + char *dst; + DIGIT dig_base, rem; + int cnt, maxcnt; + + if (big_errno != BIG_OK) + { + return _(error_string); + } + big_set_big(a, &tmp_string); + /* Need more room than minimum here... */ + bit_length = tmp_string.dgs_used * DIGIT_BITS; + /* bit_length = big_bitcount(&tmp_string); */ + str_length = (ulong)(bit_length / log2tbl[base] + 4); + if (str_length > length_last_string) + { + if (last_string != NULL) + free(last_string); + if ((last_string = malloc(str_length)) == NULL) + { + big_errno = BIG_MEMERR; + return NULL; + } + length_last_string = str_length; + } + + dst = last_string + length_last_string - 1; + *dst-- = '\0'; + maxcnt = big_block[base].digCnt; + dig_base = big_block[base].dig_base; + while (tmp_string.dgs_used > 1) + { + rem = udiv_digit(&tmp_string, dig_base); + for (cnt = 0; cnt < maxcnt; cnt++) + { + *dst-- = big_base_digits[(rem % base) << 1]; + rem /= base; + } + } + rem = *tmp_string.dp; + do + { + *dst-- = big_base_digits[(rem % base) << 1]; + rem /= base; + } while (rem != 0); + + if (a->sign == BIG_SIGN_MINUS) + { + *dst = '-'; + } + else + { + dst++; + } + return dst; +} + +bigerr_t +big_negate(a, b) +bignum *a; +bignum *b; +{ + big_set_big(a, b); + b->sign = NEGATE_SIGN(a->sign); + return big_errno; +} + +int +big_sign(a) +bignum *a; +{ + return a->sign; +} + +bigerr_t +big_abs(a, b) +bignum *a; +bignum *b; +{ + big_set_big(a, b); + if (a->sign == BIG_SIGN_MINUS) + { + b->sign = NEGATE_SIGN(a->sign); + } + return big_errno; +} + +int +big_compare(a, b) +bignum *a; +bignum *b; +{ + if (a->sign == b->sign) + { + if (a->sign == 0) + { + return 0; + } + return + (a->sign == BIG_SIGN_MINUS) + ? -ucompare_digits(a, b) + : ucompare_digits(a, b); + } + return b->sign - a->sign; +} + +int +big_lessp(a, b) +bignum *a; +bignum *b; +{ + return big_compare(a, b) < 0; +} + +int +big_leqp(a, b) +bignum *a; +bignum *b; +{ + return !(big_compare(a, b) > 0); +} + +int +big_equalp(a, b) +bignum *a; +bignum *b; +{ + return big_compare(a, b) == 0; +} + +int +big_geqp(a, b) +bignum *a; +bignum *b; +{ + return !(big_compare(a, b) < 0); +} + +int +big_greaterp(a, b) +bignum *a; +bignum *b; +{ + return big_compare(a, b) > 0; +} + +int +big_zerop(a) +bignum *a; +{ + return a->sign == BIG_SIGN_0; +} + +int +big_evenp(a) +bignum *a; +{ + return ((*a->dp & 0x01) == 0); +} + +int +big_oddp(a) +bignum *a; +{ + return ((*a->dp & 0x01) == 1); +} + +bigerr_t +big_add(a, b, c) +bignum *a; +bignum *b; +bignum *c; +{ + int cmp; + + if (big_errno != BIG_OK) + { + return big_errno; + } + print_digits("add:\ta = ", a); + print_digits("\tb = ", b); + if (a->sign == b->sign) + { + uadd_digits(a, b, c); + c->sign = a->sign; + } + else + { + cmp = ucompare_digits(a, b); + if (cmp < 0) + { + usub_digits(b, a, c); + if (zerop(c)) + { + c->sign = BIG_SIGN_0; + } + else + { + c->sign = b->sign; + } + } + else if (cmp > 0) + { + usub_digits(a, b, c); + if (zerop(c)) + { + c->sign = BIG_SIGN_0; + } + else + { + c->sign = a->sign; + } + } + else + { + c->dgs_used = 1; + *c->dp = 0; + c->sign = BIG_SIGN_0; + } + } + print_digits("\tc = ", c); + return big_errno; +} + +bigerr_t +big_sub(a, b, c) +bignum *a; +bignum *b; +bignum *c; +{ + int cmp; + + if (big_errno != BIG_OK) + { + return big_errno; + } + print_digits("sub:\ta = ", a); + print_digits("\tb = ", b); + if (a->sign == BIG_SIGN_0) + { + big_set_big(b, c); + big_negate(c, c); + print_digits("\tc = ", c); + return big_errno; + } + if (b->sign == BIG_SIGN_0) + { + big_set_big(a, c); + print_digits("\tc = ", c); + return big_errno; + } + + cmp = ucompare_digits(a, b); + if (cmp <= 0) + { + if (a->sign != b->sign) + { + uadd_digits(a, b, c); + c->sign = a->sign; + } + else + { + usub_digits(b, a, c); + c->sign = (zerop(c) ? BIG_SIGN_0 : NEGATE_SIGN(a->sign)); + } + } + else if (cmp > 0) + { + if (a->sign != b->sign) + { + uadd_digits(a, b, c); + c->sign = a->sign; + } + else + { + usub_digits(a, b, c); + c->sign = (zerop(c) ? BIG_SIGN_0 : b->sign); + } + } + else + { + c->dgs_used = 1; + *c->dp = 0; + c->sign = BIG_SIGN_0; + } + print_digits("\tc = ", c); + return big_errno; +} + +bigerr_t +big_mul(a, b, c) +bignum *a; +bignum *b; +bignum *c; +{ + DIGIT *dp_x, *dp_xstart, *dp_xend; + DIGIT *dp_y, *dp_ystart, *dp_yend; + DIGIT *dp_z, *dp_zstart, *dp_zend, *dp_zsumstart; + ulong len_x, len_y /* , len_z */; + DIGIT2 res; + DIGIT tmp_res; /* Without use of this, gcc (v 1.39) generates */ + /* erroneous code on a sun386 machine */ + /* Should be removed with #ifdef's, when */ + /* not on a sun386, but... */ + + if (big_errno != BIG_OK) + { + return big_errno; + } + print_digits("mul:\ta = ", a); + print_digits("\tb = ", b); + + if (zerop(a) || zerop(b)) + { + c->sign = BIG_SIGN_0; + c->dgs_used = 1; + *c->dp = 0; + print_digits("(a=0 || b=0)c = ", c); + return big_errno; + } + if (uonep(a)) + { + big_set_big(b, c); + c->sign = (a->sign == b->sign) ? BIG_SIGN_PLUS : BIG_SIGN_MINUS; + print_digits("(abs(a)=1)c = ", c); + return big_errno; + } + if (uonep(b)) + { + big_set_big(a, c); + c->sign = (a->sign == b->sign) ? BIG_SIGN_PLUS : BIG_SIGN_MINUS; + print_digits("(abs(b)=1)c = ", c); + return big_errno; + } + + if (a->dgs_used < b->dgs_used) + { + dp_xstart = a->dp; + len_x = a->dgs_used; + dp_ystart = b->dp; + len_y = b->dgs_used; + } + else + { + dp_xstart = b->dp; + len_x = b->dgs_used; + dp_ystart = a->dp; + len_y = a->dgs_used; + } + if ((c == a) || (c == b)) + { + if (newsize(&tmp_mul.dp, &tmp_mul.dgs_alloc, + len_x + len_y, len_x + len_y + 2) != BIG_OK) + { + return big_errno; + } + dp_zsumstart = tmp_mul.dp; + /* len_z = tmp_mul.dgs_alloc; */ + } + else + { + if (newsize(&c->dp, &c->dgs_alloc, + len_x + len_y, len_x + len_y + 2) != BIG_OK) + { + return big_errno; + } + dp_zsumstart = c->dp; + /* len_z = c->dgs_alloc; */ + } + + dp_xend = dp_xstart + len_x; + dp_yend = dp_ystart + len_y; + dp_zend = dp_zsumstart + len_y; + + for (dp_z = dp_zsumstart; dp_z < dp_zend; dp_z++) + { + *dp_z = 0; /* Zero out rightmost digits */ + } + + dp_zstart = dp_zsumstart; + + for (dp_x = dp_xstart; dp_x < dp_xend; dp_x++) + { + dp_z = dp_zstart; + tmp_res = 0; + for (dp_y = dp_ystart; dp_y < dp_yend; dp_y++) + { + res = (DIGIT2)(*dp_x) * (*dp_y) + (*dp_z) + tmp_res; + *dp_z++ = DIGIT_PART(res); + tmp_res = SHIFT_DIGIT_DOWN(res); + } + *dp_z = tmp_res; + dp_zstart++; + } + if (dp_zsumstart != c->dp) + { + tmp_digits = c->dp; + c->dp = tmp_mul.dp; + tmp_mul.dp = tmp_digits; + + tmp_ulong = c->dgs_alloc; + c->dgs_alloc = tmp_mul.dgs_alloc; + tmp_mul.dgs_alloc = tmp_ulong; + } + if (*dp_z == 0) + { + dp_z--; + } + c->dgs_used = dp_z - dp_zsumstart + 1; + c->sign = a->sign * b->sign; + print_digits("\tc = ", c); + return big_errno; +} + +bigerr_t +big_trunc(a, b, q, r) +bignum *a; +bignum *b; +bignum *q; +bignum *r; +{ + DIGIT *v_end, *q_end, *r_end, *src, *dst; + DIGIT norm, qhat, t1, t2, t3, v1, v2, u1, u2, u3; + DIGIT2 temp, res, carry; + long a_l, b_l, q_l, r_l; +#if 0 + ulong i; +#endif + ulong j, m, n; + int cmp, q_eq_a, q_eq_b, r_eq_a, r_eq_b; + + if (big_errno != BIG_OK) + { + return big_errno; + } + print_digits("div:\ta = ", a); + print_digits("\tb = ", b); + if (zerop(b)) + { + big_errno = BIG_DIV_ZERO; + return big_errno; + } + + if (q == r) + { + big_errno = BIG_ARGERR; + return big_errno; + } + + if (b->dgs_used == 1) + { + big_set_big(a, q); + q->sign = ((a->sign == b->sign) ? BIG_SIGN_PLUS : BIG_SIGN_MINUS); + *r->dp = udiv_digit(q, *b->dp); + r->dgs_used = 1; + r->sign = (zerop(r) ? BIG_SIGN_0 : a->sign); + print_digits("\t3:q = ", q); + print_digits("\t r = ", r); + return big_errno; + } + + if (big_long(a, &a_l)) /* Pretend it is a signed value */ + { + big_long(b, &b_l); /* |a| < |b| so this will succeed */ + q_l = a_l / b_l; /* Compute with unsigned operators */ + r_l = a_l % b_l; + big_set_long((long)q_l, q); + big_set_long((long)r_l, r); + print_digits("\t4:q = ", q); + print_digits("\t r = ", r); + return big_errno; + } + + cmp = ucompare_digits(a, b); /* Unsigned compare, that is... */ + if (cmp < 0) + { + big_set_big(a, r); /* r = a (don't care about big_errno here) */ + q->sign = BIG_SIGN_0; /* q = 0 */ + *q->dp = 0; + q->dgs_used = 1; + print_digits("\t1:q = ", q); + print_digits("\t r = ", r); + return big_errno; + } + else + if (cmp == 0) + { + q->sign = ((a->sign == b->sign) ? BIG_SIGN_PLUS : BIG_SIGN_MINUS); + *q->dp = 1; /* q = 1 */ + q->dgs_used = 1; + r->sign = BIG_SIGN_0; /* r = 0 */ + *r->dp = 0; + r->dgs_used = 1; + print_digits("\t2:q = ", q); + print_digits("\t r = ", r); + return big_errno; + } + + q_eq_a = (q == a); + q_eq_b = (q == b); + if (q_eq_a || q_eq_b) + { + q = &tmp_q; + } + + r_eq_a = (r == a); + r_eq_b = (r == b); + if (r_eq_a || r_eq_b) + { + r = &tmp_r; + } + + if (newsize(&r->dp, &r->dgs_alloc, /* At least one more dig in r */ + a->dgs_used + 1, a->dgs_used + 2) != BIG_OK) + { + return big_errno; + } + big_set_big(a, r); + r->dp[a->dgs_used] = 0; /* In case no overflow in mult. */ + + n = b->dgs_used; + v_end = b->dp + n - 1; + norm = DIGIT_PART((DIGIT_BASE / ((DIGIT2)*v_end + 1))); + if (norm != 1) + { + umul_digit(r, norm); + umul_digit(b, norm); + print_digits("r = ", r); + print_digits("b = ", b); + } + m = a->dgs_used + 1 - b->dgs_used; + r_end = r->dp + a->dgs_used; + + if (newsize(&q->dp, &q->dgs_alloc, m, m + 2) != BIG_OK) + { + return big_errno; + } + q_end = q->dp + m - 1; + + v1 = *v_end; + v2 = *(v_end - 1); + + for (j = 0; j < m; j++) /* m steps through division */ + { + u1 = *r_end; /* routine */ + u2 = *(r_end - 1); + u3 = *(r_end - 2); + qhat = ((u1 == v1) ? + MAX_DIGIT : + DIGIT_PART(((DIGIT2)u1 * DIGIT_BASE + u2) / v1)); + while (1) + { + t3 = DIGIT_PART(temp = (DIGIT2)qhat * v2); + t2 = DIGIT_PART(temp = SHIFT_DIGIT_DOWN(temp) + v1 * (DIGIT2)qhat); + t1 = DIGIT_PART(SHIFT_DIGIT_DOWN(temp)); +#if 0 + printf("t1 = %lu, ", (ulong)t1); + printf("t2 = %lu, ", (ulong)t2); + printf("t3 = %lu\n", (ulong)t3); +#endif + if (t1 < u1) break; + if (t1 > u1) {--qhat; continue; } + if (t2 < u2) break; + if (t2 > u2) { --qhat; continue; } + if (t3 <= u3) break; + qhat--; + } + + /* This is a tricky one - multiply and subtract simultaneously */ + carry = 1; + res = 0; + src = b->dp; + dst = r->dp + m - j - 1; + while (src <= v_end) + { + res = (DIGIT2)qhat * *(src++) + SHIFT_DIGIT_DOWN(res); + carry += (DIGIT2)(*dst) + MAX_DIGIT - DIGIT_PART(res); + *(dst++) = DIGIT_PART(carry); + carry = DIGIT_PART(SHIFT_DIGIT_DOWN(carry)); + } + carry += (DIGIT2)(*dst) + MAX_DIGIT - SHIFT_DIGIT_DOWN(res); + *dst = DIGIT_PART(carry); + carry = DIGIT_PART(SHIFT_DIGIT_DOWN(carry)); + + if (carry == 0) + { + qhat--; + src = b->dp; + dst = r->dp + m - j - 1; + while (dst <= r_end) + { + carry = (DIGIT2)(*dst) + *src++ + SHIFT_DIGIT_DOWN(carry); + *dst++ = DIGIT_PART(carry); + } + *dst = 0; + } + *(q_end - j) = DIGIT_PART(qhat); + r_end--; + } + r->sign = a->sign; +#if 0 + i = r->dgs_used; +#endif + while ((*r_end == 0) && (r_end > r->dp)) + { + r_end--; + } + if (r_end == r->dp) + { + r->dgs_used = 1; + r->sign = BIG_SIGN_0; + } + else + { + r->dgs_used = r_end - r->dp + 1; + r->sign = a->sign; + } + if (norm != 1) + { + udiv_digit(b, norm); + udiv_digit(r, norm); + } + while ((*q_end == 0) && (q_end > q->dp)) /* This is not needed!(?) */ + { + q_end--; + } + /* was ifdef'd out already in original */ +#if 0 + i = m - 1; + while ((i > 0) && (q->dp[i--] == 0)) + { + /* Loop through all zeroes */ + } +#endif + q->dgs_used = q_end - q->dp + 1; + q->sign = ((a->sign == b->sign) ? BIG_SIGN_PLUS : BIG_SIGN_MINUS); + + if (q_eq_a) + { + big_set_big(q, a); + } + else + if (q_eq_b) + { + big_set_big(q, b); + } + + if (r_eq_b) + { + big_set_big(r, b); + } + else + if (r_eq_a) + { + big_set_big(r, a); + } + + print_digits("\t5:q = ", q); + print_digits("\t r = ", r); + return big_errno; +} + +bigerr_t +big_floor(a, b, q, r) +bignum *a; +bignum *b; +bignum *q; +bignum *r; +{ + int b_eq_qr, sign_eq; + + if ( ( b_eq_qr = ((b == q) || (b == r)) ) ) + { + big_set_big(b, &tmp_mul); + } + sign_eq = a->sign == b->sign; + big_trunc(a, b, q, r); + if (sign_eq) + { + return big_errno; + } + if (!zerop(r)) + { + if (b_eq_qr) + { + big_add(r, &tmp_mul, r); + } + else + { + big_add(r, b, r); + } + print_digits("big_one = ", &big_one); + big_sub(q, &big_one, q); + } + return big_errno; +} + +bigerr_t +big_ceil(a, b, q, r) +bignum *a; +bignum *b; +bignum *q; +bignum *r; +{ + int b_eq_qr, sign_diff; + + if ( ( b_eq_qr = ((b == q) || (b == r)) ) ) + { + big_set_big(b, &tmp_mul); + } + sign_diff = a->sign != b->sign; + big_trunc(a, b, q, r); + if (sign_diff) + { + return big_errno; + } + if (!zerop(r)) + { + if (b_eq_qr) + { + big_sub(r, &tmp_mul, r); + } + else + { + big_sub(r, b, r); + } + big_add(q, &big_one, q); + } + return big_errno; +} + +#ifdef UNUSED_CODE +/* This one doesn't work to 100%. I was a little braindamaged when I wrote + * this, but I'll eventually fix it. Zzzzzzz. + */ +bigerr_t +big_round(a, b, q, r) +bignum *a; +bignum *b; +bignum *q; +bignum *r; +{ + int b_eq_qr, b_neg_p, a_sgn_neq_b_sgn; + + if ( ( b_eq_qr = ((b == q) || (b == r)) ) ) + { + big_set_big(b, &tmp_round); + } + b_neg_p = b->sign == BIG_SIGN_MINUS; + a_sgn_neq_b_sgn = a->sign != b->sign; + big_trunc(a, b, q, r); + + big_set_big(r, &tmp_add); + umul_digit(&tmp_add, 2); + if (ucompare_digits(&tmp_add, b) > 0) /* |2 * r| > |b| */ + { + if (q->sign == BIG_SIGN_0) + { + if (a_sgn_neq_b_sgn) + { + big_sub(q, &big_one, q); + } + else + { + big_add(q, &big_one, q); + } + } + else + { + if (q->sign == BIG_SIGN_MINUS) + { + big_sub(q, &big_one, q); + } + else + { + big_add(q, &big_one, q); + } + } + if (b_eq_qr) + { + if (q->sign == BIG_SIGN_PLUS) + { + big_sub(r, &tmp_round, r); + } + else + { + big_add(r, &tmp_round, r); + } + } + else + { + if (q->sign == BIG_SIGN_PLUS) + { + big_sub(r, b, r); + } + else + { + big_add(r, b, r); + } + } + } + return big_errno; +} + +bigerr_t +big_random(a, b) +bignum *a; +bignum *b; +{ + unsigned long i; + int a_sgn = a->sign; + + if (big_errno != BIG_OK) + { + return big_errno; + } + if (zerop(a)) /* a = 0 -> big_random => 0 (special case) */ + { + *b->dp = 0; + b->dgs_used = 1; + b->sign = a_sgn; + return big_errno; + } + if (newsize(&tmp_rand.dp, &tmp_rand.dgs_alloc, + a->dgs_used + 1, a->dgs_used + 1) != BIG_OK) + { + return big_errno; + } + for (i = 0; i <= a->dgs_used; i++) + { + tmp_rand.dp[i] = rand(); + } + while (tmp_rand.dp[a->dgs_used] == 0) /* Make sure high digit is non-0 */ + { + tmp_rand.dp[a->dgs_used] = rand(); + } + tmp_rand.dgs_used = a->dgs_used + 1; + tmp_rand.sign = BIG_SIGN_PLUS; + a->sign = BIG_SIGN_PLUS; + big_trunc(&tmp_rand, a, &tmp_q, b); /* Dangerous to use tmp_q here... */ + a->sign = a_sgn; + b->sign = zerop(&tmp_rand) ? BIG_SIGN_0 : a_sgn; + return big_errno; +} + +/* UNUSED_CODE */ +#endif + +/* ---------------------------------------------------------------------- + * External functions that do not need to know anything about the internal + * representation of a bignum. + */ + +#ifdef UNUSED_CODE + +int +big_expt(a, z, x) +bignum *a; +unsigned long z; +bignum *x; +{ + bignum b; + + big_create(&b); + big_set_big(a, &b); + big_set_long((long)1, x); + + while ((z != 0) && (big_errno == BIG_OK)) + { + while ((z & 0x01) == 0) + { + z >>= 1; + big_mul(&b, &b, &b); + } + z -= 1; + big_mul(x, &b, x); + } + + big_destroy(&b); + return big_errno; +} + +/* UNUSED_CODE */ +#endif + +int +big_exptmod(a_in, z_in, n, x) +bignum *a_in; +bignum *z_in; +bignum *n; +bignum *x; +{ + bignum a, z, b0, b1, b2, dummy; + + big_create(&a); + big_create(&z); + big_create(&b0); + big_create(&b1); + big_create(&b2); + big_create(&dummy); + + big_set_big(a_in, &a); + big_set_big(z_in, &z); + big_set_long((long)1, x); + big_set_long((long)0, &b0); + big_set_long((long)1, &b1); + big_set_long((long)2, &b2); + + /* No foolproof testing on big_errno - it really ought to be done */ + while ((big_compare(&z, &b0) != 0) && (big_errno == BIG_OK)) + { + while (big_evenp(&z) && (big_errno == BIG_OK)) + { + big_trunc(&z, &b2, &z, &dummy); + big_mul(&a, &a, &a); + big_trunc(&a, n, &dummy, &a); + } + big_sub(&z, &b1, &z); + big_mul(x, &a, x); + big_trunc(x, n, &dummy, x); + } + + big_destroy(&dummy); + big_destroy(&b2); + big_destroy(&b1); + big_destroy(&b0); + big_destroy(&z); + big_destroy(&a); + + return big_errno; +} + +#ifdef UNUSED_CODE + +int +big_gcd(a, b, g) +bignum *a; +bignum *b; +bignum *g; +{ + bignum a1, b1, tmp; + + if (big_zerop(b)) + { + big_abs(a, g); + return big_errno; + } + + big_create(&a1); + big_create(&b1); + big_create(&tmp); + + big_abs(a, &a1); + big_abs(b, &b1); + + while (!big_zerop(&b1) && (big_errno == BIG_OK)) + { + big_floor(&a1, &b1, &tmp, &a1); + if (big_zerop(&a1)) + { + break; + } + big_floor(&b1, &a1, &tmp, &b1); + } + + if (big_zerop(&a1)) + { + big_set_big(&b1, g); + } + else + { + big_set_big(&a1, g); + } + + big_destroy(&tmp); + big_destroy(&b1); + big_destroy(&a1); + + return big_errno; +} +/* UNUSED_CODE */ +#endif + +/* #if (defined (SH_WITH_CLIENT) || defined (SH_WITH_SERVER)) */ +#endif + Index: /tags/2.5.0/src/caps.ac =================================================================== --- /tags/2.5.0/src/caps.ac (revision 189) +++ /tags/2.5.0/src/caps.ac (revision 189) @@ -0,0 +1,23 @@ + case "$host_os" in + *linux*) + if test x"${sh_use_lcaps}" = xyes + then + echo + echo "Using Linux capabilities to drop unnecessary root capabilities." + echo "Please make sure that directories used for writing have write permission" + echo "for root, because root will be a mere mortal in that respect:" + echo " Baseline database in: ${mydataroot}" + echo " Logfile in: ${localstatedir}/log" + echo " PID file in: ${localstatedir}/run" + echo "(directories not existent yet will be created upon installation, root-owned" + echo "if make install is executed by root.)" + echo + fi + if test x"${sh_use_lcaps}" = xno + then + echo + echo "Not using Linux capabilities (capability.h or libcap not found)" + echo + fi + ;; + esac Index: /tags/2.5.0/src/cutest_sh_hash.c =================================================================== --- /tags/2.5.0/src/cutest_sh_hash.c (revision 189) +++ /tags/2.5.0/src/cutest_sh_hash.c (revision 189) @@ -0,0 +1,121 @@ + +#include "config_xor.h" + +#include +#include "CuTest.h" + +extern char * quote_string (const char * str, size_t len); +extern char * unquote_string (const char * str, size_t len); + +void Test_quote_string_ok (CuTest *tc) { + +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + char * ret = 0; + + char inp1[] = "foo\nba=r\ntest"; + char out1[] = "foo=0Aba=3Dr=0Atest"; + + char inp2[] = "\n=foo\nba=r\ntest=\n"; + char out2[] = "=0A=3Dfoo=0Aba=3Dr=0Atest=3D=0A"; + + ret = quote_string(inp1, strlen(inp1)); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, out1, ret); + + ret = quote_string(inp2,strlen(inp2)); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, out2, ret); +#else + (void) tc; /* fix compiler warning */ +#endif + return; +} + +void Test_unquote_string_ok (CuTest *tc) { +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + char * ret = 0; + + char out1[] = "foo\nba=r\ntes[t"; + char inp1[] = "foo=0Aba=3Dr=0Ates=5Bt"; + + char out2[] = "\n=foo\nba=r\ntest=\n"; + char inp2[] = "=0A=3Dfoo=0Aba=3Dr=0Atest=3D=0A"; + + char out3[] = ""; /* encoded '\0' at start */ + char inp3[] = "=00=3Dfoo=0Aba=3Dr=0Atest=3D=0A"; + + ret = unquote_string(inp1, strlen(inp1)); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, out1, ret); + + ret = unquote_string(inp2, strlen(inp2)); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, out2, ret); + + ret = unquote_string(inp3, strlen(inp3)); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, out3, ret); +#else + (void) tc; /* fix compiler warning */ +#endif + return; +} + + +void Test_csv_escape_ok (CuTest *tc) { +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + + extern char * csv_escape(const char * str); + + char test0[80]; + char expec[80]; + char *ret; + + strcpy(test0, "foobar"); + strcpy(expec, "\"foobar\""); + ret = csv_escape(test0); + CuAssertStrEquals(tc, expec, ret); + + strcpy(test0, "\"foobar\""); + strcpy(expec, "\"\"\"foobar\"\"\""); + ret = csv_escape(test0); + CuAssertStrEquals(tc, expec, ret); + + strcpy(test0, "foo,bar"); + strcpy(expec, "\"foo,bar\""); + ret = csv_escape(test0); + CuAssertStrEquals(tc, expec, ret); + + strcpy(test0, "foob,\"a\"r"); + strcpy(expec, "\"foob,\"\"a\"\"r\""); + ret = csv_escape(test0); + CuAssertStrEquals(tc, expec, ret); + + strcpy(test0, "\",\"foobar\",\""); + strcpy(expec, "\"\"\",\"\"foobar\"\",\"\"\""); + ret = csv_escape(test0); + CuAssertStrEquals(tc, expec, ret); + + strcpy(test0, ""); + strcpy(expec, ""); + ret = csv_escape(test0); + CuAssertStrEquals(tc, expec, ret); + + strcpy(test0, "a"); + strcpy(expec, "\"a\""); + ret = csv_escape(test0); + CuAssertStrEquals(tc, expec, ret); + + strcpy(test0, "foo\"bar"); + strcpy(expec, "\"foo\"\"bar\""); + ret = csv_escape(test0); + CuAssertStrEquals(tc, expec, ret); + +#else + (void) tc; /* fix compiler warning */ +#endif + return; +} + + + Index: /tags/2.5.0/src/cutest_sh_tiger0.c =================================================================== --- /tags/2.5.0/src/cutest_sh_tiger0.c (revision 189) +++ /tags/2.5.0/src/cutest_sh_tiger0.c (revision 189) @@ -0,0 +1,439 @@ + +#include "config_xor.h" + +#include +#include +#include +#include "CuTest.h" + +#include "sh_tiger.h" + +#if defined(HAVE_PTHREAD) && defined(SH_STEALTH) +extern void sh_g_init(void); +#endif + + +static void init(void) { + + extern unsigned char TcpFlag[8][PW_LEN+1]; + extern UINT32 ErrFlag[2]; + unsigned char * dez = NULL; + int i; + +#if defined(HAVE_PTHREAD) && defined(SH_STEALTH) + sh_g_init(); +#endif + skey = (sh_key_t *) malloc (sizeof(sh_key_t)); + if (skey != NULL) + { + skey->mlock_failed = SL_FALSE; + skey->rngI = BAD; + /* properly initialized later + */ + skey->rng0[0] = 0x03; skey->rng0[1] = 0x09; skey->rng0[2] = 0x17; + skey->rng1[0] = 0x03; skey->rng1[1] = 0x09; skey->rng1[2] = 0x17; + skey->rng2[0] = 0x03; skey->rng2[1] = 0x09; skey->rng2[2] = 0x17; + + for (i = 0; i < KEY_BYT; ++i) + skey->poolv[i] = '\0'; + + skey->poolc = 0; + + skey->ErrFlag[0] = ErrFlag[0]; + ErrFlag[0] = 0; + skey->ErrFlag[1] = ErrFlag[1]; + ErrFlag[1] = 0; + + dez = &(TcpFlag[POS_TF-1][0]); + for (i = 0; i < PW_LEN; ++i) + { + skey->pw[i] = (char) (*dez); + (*dez) = '\0'; + ++dez; + } + + skey->sh_sockpass[0] = '\0'; + skey->sigkey_old[0] = '\0'; + skey->sigkey_new[0] = '\0'; + skey->mailkey_old[0] = '\0'; + skey->mailkey_new[0] = '\0'; + skey->crypt[0] = '\0'; + skey->session[0] = '\0'; + skey->vernam[0] = '\0'; + } + else + { + perror(_("sh_init")); + _exit (EXIT_FAILURE); + } + +} + +void Test_tiger(CuTest *tc) { + + char * input; + char * actual; + char * expected; + char hashbuf[KEYBUF_SIZE]; + +#if defined(HAVE_PTHREAD) && defined(SH_STEALTH) + sh_g_init(); +#endif + + input = ""; + actual = sh_tiger_hash(input, TIGER_DATA, strlen(input), hashbuf, sizeof(hashbuf)); + expected = "24F0130C63AC933216166E76B1BB925FF373DE2D49584E7A"; + CuAssertStrEquals(tc, expected, actual); + + input = "abc"; + actual = sh_tiger_hash(input, TIGER_DATA, strlen(input), hashbuf, sizeof(hashbuf)); + expected = "F258C1E88414AB2A527AB541FFC5B8BF935F7B951C132951"; + CuAssertStrEquals(tc, expected, actual); + + input = "Tiger"; + actual = sh_tiger_hash(input, TIGER_DATA, strlen(input), hashbuf, sizeof(hashbuf)); + expected = "9F00F599072300DD276ABB38C8EB6DEC37790C116F9D2BDF"; + CuAssertStrEquals(tc, expected, actual); + + input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-"; + actual = sh_tiger_hash(input, TIGER_DATA, strlen(input), hashbuf, sizeof(hashbuf)); + expected = "87FB2A9083851CF7470D2CF810E6DF9EB586445034A5A386"; + CuAssertStrEquals(tc, expected, actual); + + input = "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdefghijklmnopqrstuvwxyz+0123456789"; + actual = sh_tiger_hash(input, TIGER_DATA, strlen(input), hashbuf, sizeof(hashbuf)); + expected = "467DB80863EBCE488DF1CD1261655DE957896565975F9197"; + CuAssertStrEquals(tc, expected, actual); + + input = "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham"; + actual = sh_tiger_hash(input, TIGER_DATA, strlen(input), hashbuf, sizeof(hashbuf)); + expected = "0C410A042968868A1671DA5A3FD29A725EC1E457D3CDB303"; + CuAssertStrEquals(tc, expected, actual); + + input = "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proceedings of Fast Software Encryption 3, Cambridge."; + actual = sh_tiger_hash(input, TIGER_DATA, strlen(input), hashbuf, sizeof(hashbuf)); + expected = "EBF591D5AFA655CE7F22894FF87F54AC89C811B6B0DA3193"; + CuAssertStrEquals(tc, expected, actual); + + input = "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proceedings of Fast Software Encryption 3, Cambridge, 1996."; + actual = sh_tiger_hash(input, TIGER_DATA, strlen(input), hashbuf, sizeof(hashbuf)); + expected = "3D9AEB03D1BD1A6357B2774DFD6D5B24DD68151D503974FC"; + CuAssertStrEquals(tc, expected, actual); + + input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-"; + actual = sh_tiger_hash(input, TIGER_DATA, strlen(input), hashbuf, sizeof(hashbuf)); + expected = "00B83EB4E53440C576AC6AAEE0A7485825FD15E70A59FFE4"; + CuAssertStrEquals(tc, expected, actual); +} + +void Test_tiger_file(CuTest *tc) { + + SL_TICKET rval_open; + FILE * fp; + int result; + char * actual; + char * expected; + char hashbuf[KEYBUF_SIZE]; + UINT64 length; + + init(); + + fp = fopen("cutest_foo", "w"); + CuAssertPtrNotNull(tc, fp); + + result = fprintf(fp, "%s\n", + "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdefghijklmnopqrstuvwxyz+0123456789"); + CuAssertTrue(tc, result >= 0); + + result = fclose(fp); + CuAssertTrue(tc, result == 0); + + result = sh_tiger_hashtype("TIGER192"); + CuAssertTrue(tc, result == 0); + + /* same result as GnuPG 1.0.6 (gpg --load-extension tiger --print-md TIGER192) + */ + length = TIGER_NOLIM; + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "0E9321614C966A33608C2A15F156E0435CACFD1213B9F095"; + CuAssertStrEquals(tc, expected, actual); + + rval_open = sl_open_fastread ("cutest_foo", SL_YESPRIV); + CuAssertTrue(tc, rval_open >= 0); + + length = TIGER_NOLIM; + actual = sh_tiger_generic_hash("cutest_foo", rval_open, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "0E9321614C966A33608C2A15F156E0435CACFD1213B9F095"; + CuAssertStrEquals(tc, expected, actual); + + result = sl_close(rval_open); + CuAssertTrue(tc, result == 0); + + result = sh_tiger_hashtype("MD5"); + CuAssertTrue(tc, result == 0); + + rval_open = sl_open_fastread ("cutest_foo", SL_YESPRIV); + CuAssertTrue(tc, rval_open >= 0); + + /* same result as GNU md5sum + */ + length = TIGER_NOLIM; + actual = sh_tiger_generic_hash("cutest_foo", rval_open, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "AEEC4DDA496BCFBA691F4E8863BA84C00000000000000000"; + CuAssertStrEquals(tc, expected, actual); + + result = sl_close(rval_open); + CuAssertTrue(tc, result == 0); + + result = sh_tiger_hashtype("SHA1"); + CuAssertTrue(tc, result == 0); + + rval_open = sl_open_fastread ("cutest_foo", SL_YESPRIV); + CuAssertTrue(tc, rval_open >= 0); + + /* same result as gpg --print-md SHA1 + */ + length = TIGER_NOLIM; + actual = sh_tiger_generic_hash("cutest_foo", rval_open, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "2FE65D1D995B8F8BC8B13F798C07E7E935A787ED00000000"; + CuAssertStrEquals(tc, expected, actual); + + result = sl_close(rval_open); + CuAssertTrue(tc, result == 0); + + result = remove("cutest_foo"); + CuAssertTrue(tc, result == 0); + + /* --------------------------------------------------- */ + + fp = fopen("cutest_foo", "w"); + CuAssertPtrNotNull(tc, fp); + + result = fprintf(fp, "\n"); + CuAssertTrue(tc, result >= 0); + + result = fclose(fp); + CuAssertTrue(tc, result == 0); + + result = sh_tiger_hashtype("TIGER192"); + CuAssertTrue(tc, result == 0); + + /* same result as GnuPG 1.0.6 (gpg --load-extension tiger --print-md TIGER192) + */ + length = TIGER_NOLIM; + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "F987845A0EA784367BF9E4DB09014995810F27C99C891734"; + CuAssertStrEquals(tc, expected, actual); + + result = remove("cutest_foo"); + CuAssertTrue(tc, result == 0); + + /* --------------------------------------------------- */ + + fp = fopen("cutest_foo", "w"); + CuAssertPtrNotNull(tc, fp); + + result = fprintf(fp, "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proceedings of Fast Software Encryption 3, Cambridge, 1996.\n"); + CuAssertTrue(tc, result >= 0); + + result = fclose(fp); + CuAssertTrue(tc, result == 0); + + result = sh_tiger_hashtype("TIGER192"); + CuAssertTrue(tc, result == 0); + + /* same result as GnuPG 1.0.6 (gpg --load-extension tiger --print-md TIGER192) + */ + length = TIGER_NOLIM; + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "75B98A7AE257A230189828A40792E30B4038D286479CC7B8"; + CuAssertStrEquals(tc, expected, actual); + + result = remove("cutest_foo"); + CuAssertTrue(tc, result == 0); + +} + +/* test checksum of file upto some given length + */ +void Test_tiger_file_with_length(CuTest *tc) { + + SL_TICKET rval_open; + FILE * fp; + int result; + char * actual; + char * expected; + char hashbuf[KEYBUF_SIZE]; + UINT64 length; + + char * teststring = "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proceedings of Fast Software Encryption 3, Cambridge, 1996.\n"; + size_t testlen = strlen(teststring); + + init(); + + fp = fopen("cutest_foo", "w"); + CuAssertPtrNotNull(tc, fp); + + result = fprintf(fp, "%s", teststring); + CuAssertTrue(tc, result >= 0); + result = fprintf(fp, "%s", teststring); + CuAssertTrue(tc, result >= 0); + + result = fclose(fp); + CuAssertTrue(tc, result == 0); + + result = sh_tiger_hashtype("TIGER192"); + CuAssertTrue(tc, result == 0); + + /* same as GnuPG 1.0.6 (gpg --load-extension tiger --print-md TIGER192) + */ + length = 0; + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "24F0130C63AC933216166E76B1BB925FF373DE2D49584E7A"; + CuAssertStrEquals(tc, expected, actual); + CuAssertTrue(tc, 0 == length); + + length = testlen; + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "75B98A7AE257A230189828A40792E30B4038D286479CC7B8"; + CuAssertStrEquals(tc, expected, actual); + CuAssertTrue(tc, testlen == length); + + length = 2*testlen; + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "B5B4FB97B01ADB58794D87A6A01B2368852FA764BD93AB90"; + CuAssertStrEquals(tc, expected, actual); + CuAssertTrue(tc, 2*testlen == length); + + length = TIGER_NOLIM; + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "B5B4FB97B01ADB58794D87A6A01B2368852FA764BD93AB90"; + CuAssertStrEquals(tc, expected, actual); + CuAssertTrue(tc, 2*testlen == length); + + fp = fopen("cutest_foo", "a"); + CuAssertPtrNotNull(tc, fp); + result = fprintf(fp, "%s", teststring); + CuAssertTrue(tc, result >= 0); + result = fclose(fp); + CuAssertTrue(tc, result == 0); + + length = testlen; + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "75B98A7AE257A230189828A40792E30B4038D286479CC7B8"; + CuAssertStrEquals(tc, expected, actual); + CuAssertTrue(tc, testlen == length); + + length = 2*testlen; + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "B5B4FB97B01ADB58794D87A6A01B2368852FA764BD93AB90"; + CuAssertStrEquals(tc, expected, actual); + CuAssertTrue(tc, 2*testlen == length); + + length = 3*testlen; + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "D0EE1A9956CAB22D84B51A5E0C093B724828C6A1F9CBDB7F"; + CuAssertStrEquals(tc, expected, actual); + CuAssertTrue(tc, 3*testlen == length); + + length = TIGER_NOLIM; + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "D0EE1A9956CAB22D84B51A5E0C093B724828C6A1F9CBDB7F"; + CuAssertStrEquals(tc, expected, actual); + CuAssertTrue(tc, 3*testlen == length); + + length = 5; + actual = sh_tiger_generic_hash("cutest_foo", TIGER_FILE, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "9F00F599072300DD276ABB38C8EB6DEC37790C116F9D2BDF"; + CuAssertStrEquals(tc, expected, actual); + CuAssertTrue(tc, 5 == length); + + /* same results as GNU md5sum */ + + result = sh_tiger_hashtype("MD5"); + CuAssertTrue(tc, result == 0); + + rval_open = sl_open_fastread ("cutest_foo", SL_YESPRIV); + CuAssertTrue(tc, rval_open >= 0); + + length = testlen; + actual = sh_tiger_generic_hash("cutest_foo", rval_open, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "11E7E7EA486136273606BEE57C71F34B0000000000000000"; + CuAssertStrEquals(tc, expected, actual); + CuAssertTrue(tc, testlen == length); + + result = sl_rewind(rval_open); + CuAssertTrue(tc, rval_open >= 0); + + length = 2*testlen; + actual = sh_tiger_generic_hash("cutest_foo", rval_open, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "D49DAD474095D467E2E5EFCB2DC23A770000000000000000"; + CuAssertStrEquals(tc, expected, actual); + CuAssertTrue(tc, 2*testlen == length); + + result = sl_rewind(rval_open); + CuAssertTrue(tc, rval_open >= 0); + + length = 3*testlen; + actual = sh_tiger_generic_hash("cutest_foo", rval_open, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "00A1F1C5EDDCCFC430D3862FDA94593E0000000000000000"; + CuAssertStrEquals(tc, expected, actual); + CuAssertTrue(tc, 3*testlen == length); + + result = sl_rewind(rval_open); + CuAssertTrue(tc, rval_open >= 0); + + length = TIGER_NOLIM; + actual = sh_tiger_generic_hash("cutest_foo", rval_open, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "00A1F1C5EDDCCFC430D3862FDA94593E0000000000000000"; + CuAssertStrEquals(tc, expected, actual); + CuAssertTrue(tc, 3*testlen == length); + + /* same result as gpg --print-md SHA1 + */ + + result = sh_tiger_hashtype("SHA1"); + CuAssertTrue(tc, result == 0); + + result = sl_rewind(rval_open); + CuAssertTrue(tc, rval_open >= 0); + + length = testlen; + actual = sh_tiger_generic_hash("cutest_foo", rval_open, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "F37DB4344CCD140EE315179E9A27512FB4704F0F00000000"; + CuAssertStrEquals(tc, expected, actual); + CuAssertTrue(tc, testlen == length); + + result = sl_rewind(rval_open); + CuAssertTrue(tc, rval_open >= 0); + + length = 2*testlen; + actual = sh_tiger_generic_hash("cutest_foo", rval_open, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "D2AD5FC366452D81400BAC31F96269DEEF314BC200000000"; + CuAssertStrEquals(tc, expected, actual); + CuAssertTrue(tc, 2*testlen == length); + + result = sl_rewind(rval_open); + CuAssertTrue(tc, rval_open >= 0); + + length = 3*testlen; + actual = sh_tiger_generic_hash("cutest_foo", rval_open, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "FAA937EF3389C7E786EB0F1006D049D7AEA7B7B600000000"; + CuAssertStrEquals(tc, expected, actual); + CuAssertTrue(tc, 3*testlen == length); + + result = sl_rewind(rval_open); + CuAssertTrue(tc, rval_open >= 0); + + length = TIGER_NOLIM; + actual = sh_tiger_generic_hash("cutest_foo", rval_open, &length, 0, hashbuf, sizeof(hashbuf)); + expected = "FAA937EF3389C7E786EB0F1006D049D7AEA7B7B600000000"; + CuAssertStrEquals(tc, expected, actual); + CuAssertTrue(tc, 3*testlen == length); + + result = sl_close(rval_open); + CuAssertTrue(tc, result == 0); + + result = remove("cutest_foo"); + CuAssertTrue(tc, result == 0); +} Index: /tags/2.5.0/src/cutest_sh_tools.c =================================================================== --- /tags/2.5.0/src/cutest_sh_tools.c (revision 189) +++ /tags/2.5.0/src/cutest_sh_tools.c (revision 189) @@ -0,0 +1,117 @@ + +#include "config_xor.h" + +#include +#include "CuTest.h" +#include "samhain.h" +#include "sh_tools.h" + +void Test_sh_tools_safe_name_01(CuTest *tc) { + /* xml specific */ + char* input = strdup("hellorld\"foo&"); + char* actual = sh_tools_safe_name(input, 1); +#ifdef SH_USE_XML + char* expected = "hello=3cwo=3erld=22foo=26"; +#else + char* expected = "hellorld\"foo&"; +#endif + CuAssertStrEquals(tc, expected, actual); +} + +void Test_sh_tools_safe_name_02(CuTest *tc) { + /* html entities */ + char* input = strdup("hello&"><"); + char* actual = sh_tools_safe_name(input, 0); + char* expected = "hello=26=22=3e=3c"; + CuAssertStrEquals(tc, expected, actual); +} + +void Test_sh_tools_safe_name_03(CuTest *tc) { + char* input = strdup("\\\'hello\\"); + char* actual = sh_tools_safe_name(input, 0); + char* expected = "=27hello"; + CuAssertStrEquals(tc, expected, actual); + + input = strdup("hello \"world\\\""); + actual = sh_tools_safe_name(input, 0); + expected = "hello \"world=22"; + CuAssertStrEquals(tc, expected, actual); + + input = strdup("hello\\\\"); + actual = sh_tools_safe_name(input, 0); + expected = "hello=5c"; + CuAssertStrEquals(tc, expected, actual); + + input = strdup("hello\\n"); + actual = sh_tools_safe_name(input, 0); + expected = "hello=0a"; + CuAssertStrEquals(tc, expected, actual); +} + +void Test_sh_tools_safe_name_04(CuTest *tc) { + /* invalid and valid octal code */ + char* input = strdup("hello\\\n"); + char* actual = sh_tools_safe_name(input, 0); + char* expected = "hello"; + CuAssertStrEquals(tc, expected, actual); + + input = strdup("hello\\100"); + actual = sh_tools_safe_name(input, 0); + expected = "hello=40"; + CuAssertStrEquals(tc, expected, actual); + + input = strdup("h\\\"ello\\100a"); + actual = sh_tools_safe_name(input, 0); + expected = "h=22ello=40a"; + CuAssertStrEquals(tc, expected, actual); +} + +void Test_sh_tools_safe_name_05(CuTest *tc) { + /* encoding of '=' */ + char* input = strdup("he=llo=\"foo\""); + char* actual = sh_tools_safe_name(input, 0); + char* expected = "he=3dllo=\"foo\""; + CuAssertStrEquals(tc, expected, actual); + + input = strdup("he=llo="); + actual = sh_tools_safe_name(input, 0); + expected = "he=3dllo="; + CuAssertStrEquals(tc, expected, actual); +} + +void Test_sh_tools_safe_name_06(CuTest *tc) { + /* line break removal */ + char* input = strdup("hello\nworld"); + char* actual = sh_tools_safe_name(input, 0); + char* expected = "hello world"; + CuAssertStrEquals(tc, expected, actual); +} + +void Test_sh_tools_safe_name_07(CuTest *tc) { + /* non-printable chars */ + char* input = strdup("hello world"); + char* actual; + char* expected; + + input[0] = 0x01; + input[5] = 0xFF; + input[10] = 0xF0; + + actual = sh_tools_safe_name(input, 0); + expected = "=01ello=ffworl=f0"; + CuAssertStrEquals(tc, expected, actual); +} + +void Test_is_numeric_01(CuTest *tc) { + char* input = strdup("hello world"); + + CuAssertTrue(tc, !is_numeric(input)); + + input = strdup("127.0.0.1"); + CuAssertTrue(tc, is_numeric(input)); + input = strdup("127.0.0.de"); + CuAssertTrue(tc, !is_numeric(input)); + input = strdup("127"); + CuAssertTrue(tc, is_numeric(input)); +} + Index: /tags/2.5.0/src/cutest_sh_unix.c =================================================================== --- /tags/2.5.0/src/cutest_sh_unix.c (revision 189) +++ /tags/2.5.0/src/cutest_sh_unix.c (revision 189) @@ -0,0 +1,187 @@ + +#include "config_xor.h" + +#include +#include "CuTest.h" +#include "samhain.h" +#include "sh_unix.h" + +int malloc_count = 0; + +void Test_dnmalloc (CuTest *tc) { + + const int nalloc = 64 /* original dnmalloc 1.0-beta5 fails fo >= 45 */; + int j, i; + int sum; + int i_malloc = malloc_count; + + char * buf; + char * area[256]; + + /* test reuse of last freed chunk */ + buf = malloc(1024); + CuAssertPtrNotNull(tc, buf); + free(buf); + area[0] = malloc(1024); + CuAssertTrue(tc, buf == area[0]); + free(area[0]); + + /* test realloc */ + buf = malloc(16); + CuAssertPtrNotNull(tc, buf); + strcpy(buf, "testing realloc"); + buf = realloc(buf, 32); + strcat(buf, "testing realloc"); + CuAssertStrEquals(tc, "testing realloctesting realloc", buf); + + i_malloc = malloc_count; + + for (j = 0; j < 64; ++j) + { + buf = malloc((j+1) * 1024); + CuAssertPtrNotNull(tc, buf); +#ifndef USE_SYSTEM_MALLOC + CuAssertIntEquals (tc, malloc_count, (i_malloc + 1)); +#endif + free(buf); +#ifndef USE_SYSTEM_MALLOC + CuAssertIntEquals (tc, malloc_count, i_malloc); +#endif + } + + /* test realloc */ + buf = malloc(16); + CuAssertPtrNotNull(tc, buf); + strcpy(buf, "testing realloc"); + buf = realloc(buf, 32); + strcat(buf, "testing realloc"); + CuAssertStrEquals(tc, "testing realloctesting realloc", buf); + + i_malloc = malloc_count; + + for (j = 0; j < 64; ++j) + { + buf = calloc(1, (j+1) * 1024); + CuAssertPtrNotNull(tc, buf); +#ifndef USE_SYSTEM_MALLOC + CuAssertIntEquals (tc, malloc_count, (i_malloc + 1)); +#endif + sum = 0; + for (i = 0; i < ((j+1) * 1024); ++i) + sum += buf[i]; + CuAssertIntEquals (tc, 0, sum); + free(buf); +#ifndef USE_SYSTEM_MALLOC + CuAssertIntEquals (tc, malloc_count, i_malloc); +#endif + } + + /* test realloc */ + buf = malloc(16); + CuAssertPtrNotNull(tc, buf); + strcpy(buf, "testing realloc"); + buf = realloc(buf, 32); + strcat(buf, "testing realloc"); + CuAssertStrEquals(tc, "testing realloctesting realloc", buf); + + for (j = 0; j < nalloc; ++j) + { + area[j] = malloc((j+1) * 1024); + CuAssertPtrNotNull(tc, area[j]); +#ifndef USE_SYSTEM_MALLOC + // CuAssertIntEquals (tc, malloc_count, (i_malloc + (j+1))); +#endif + memset(area[j], (unsigned char) ('a'+1), (j+1) * 1024); + } + + i_malloc = malloc_count; + + for (j = 0; j < nalloc; ++j) + { + sum = 0; + for (i = 0; i < ((j+1) * 1024); ++i) + sum += area[j][i]; + CuAssertIntEquals (tc, sum, ((j+1) * 1024 * ((unsigned char) ('a'+1)))); + free(area[j]); +#ifndef USE_SYSTEM_MALLOC + CuAssertIntEquals (tc, malloc_count, i_malloc - (j+1)); +#endif + } + + /* test realloc */ + buf = malloc(16); + CuAssertPtrNotNull(tc, buf); + strcpy(buf, "testing realloc"); + buf = realloc(buf, 32); + strcat(buf, "testing realloc"); + CuAssertStrEquals(tc, "testing realloctesting realloc", buf); + + + for (j = 0; j < 32; ++j) + { + i_malloc = malloc_count; + buf = malloc((j+1) * 1024 * 1024); + CuAssertPtrNotNull(tc, buf); + for (i = 0; i < 32; ++i) + { + area[i] = malloc((i+1) * 1024); + CuAssertPtrNotNull(tc, area[i]); + } + free(buf); + for (i = 0; i < 32; ++i) + { + free(area[i]); + } +#ifndef USE_SYSTEM_MALLOC + CuAssertIntEquals (tc, malloc_count, i_malloc); +#endif + } + + /* test realloc */ + buf = malloc(16); + CuAssertPtrNotNull(tc, buf); + strcpy(buf, "testing realloc"); + buf = realloc(buf, 32); + strcat(buf, "testing realloc"); + CuAssertStrEquals(tc, "testing realloctesting realloc", buf); +} + + +void Test_sh_unix_lookup_page (CuTest *tc) { + + long pagesize = sh_unix_pagesize(); + + unsigned long base; + int num_pages; + + CuAssert (tc, "pagesize > 0", (pagesize > 0)); + + /* base = sh_unix_lookup_page(in_addr, len, *num_pages); */ + + base = sh_unix_lookup_page(0, pagesize, &num_pages); + CuAssert (tc, "base == 0", (base == 0)); + CuAssertIntEquals (tc, num_pages, 1); + + base = sh_unix_lookup_page(0, pagesize+1, &num_pages); + CuAssert (tc, "base == 0", (base == 0)); + CuAssertIntEquals (tc, num_pages, 2); + + base = sh_unix_lookup_page((void*)pagesize, pagesize, &num_pages); + CuAssert (tc, "base == 0", (base == (unsigned int)pagesize)); + CuAssertIntEquals (tc, num_pages, 1); + + base = sh_unix_lookup_page((void*)pagesize, pagesize+1, &num_pages); + CuAssert (tc, "base == 0", (base == (unsigned int)pagesize)); + CuAssertIntEquals (tc, num_pages, 2); + + base = sh_unix_lookup_page((void*)(pagesize-1), pagesize+1, &num_pages); + CuAssert (tc, "base == 0", (base == 0)); + CuAssertIntEquals (tc, num_pages, 2); + + base = sh_unix_lookup_page((void*)(pagesize-1), pagesize+2, &num_pages); + CuAssert (tc, "base == 0", (base == 0)); + CuAssertIntEquals (tc, num_pages, 3); + +} + + Index: /tags/2.5.0/src/cutest_sh_utils.c =================================================================== --- /tags/2.5.0/src/cutest_sh_utils.c (revision 189) +++ /tags/2.5.0/src/cutest_sh_utils.c (revision 189) @@ -0,0 +1,533 @@ + +#include "config_xor.h" + +#include +#include "CuTest.h" +#include "samhain.h" +#include "sh_utils.h" + +void Test_sl_strlcpy (CuTest *tc) { + int ret; + char out[] = "aaaaaa"; + char in[] = "bbb"; + + ret = sl_strlcpy (NULL, NULL, 0); + CuAssertIntEquals(tc, ret, SL_ENONE); + + ret = sl_strlcpy (NULL, in, 0); + CuAssertIntEquals(tc, ret, SL_ENULL); + + ret = sl_strlcpy (out, NULL, 0); + CuAssertIntEquals(tc, ret, SL_ENONE); + + ret = sl_strlcpy (out, in, 0); + CuAssertIntEquals(tc, ret, SL_ENONE); + + ret = sl_strlcpy (out, NULL, 7); + CuAssertIntEquals(tc, ret, SL_ENONE); + CuAssertStrEquals(tc, "", out); + + out[0] = 'a'; + ret = sl_strlcpy (out, in, 4); + CuAssertIntEquals(tc, ret, SL_ENONE); + CuAssertStrEquals(tc, "bbb", out); + CuAssertStrEquals(tc, "aa", &out[4]); + + return; +} + +void Test_sl_strlcat (CuTest *tc) { + int ret; + char out[16] = "aaaaaa"; + char in[16] = "bbb"; + + ret = sl_strlcat (NULL, NULL, 0); + CuAssertIntEquals(tc, ret, SL_ENONE); + + ret = sl_strlcat (NULL, in, 0); + CuAssertIntEquals(tc, ret, SL_ENONE); + + ret = sl_strlcat (out, NULL, 0); + CuAssertIntEquals(tc, ret, SL_ENONE); + + ret = sl_strlcat (out, in, 0); + CuAssertIntEquals(tc, ret, SL_ENONE); + + ret = sl_strlcat (out, NULL, sizeof(out)); + CuAssertIntEquals(tc, ret, SL_ENONE); + CuAssertStrEquals(tc, "aaaaaa", out); + + ret = sl_strlcat (out, in, 7); + CuAssertIntEquals(tc, ret, SL_ETRUNC); + CuAssertStrEquals(tc, "aaaaaa", out); + + ret = sl_strlcat (out, in, 8); + CuAssertIntEquals(tc, ret, SL_ETRUNC); + CuAssertStrEquals(tc, "aaaaaab", out); + + ret = sl_strlcat (out, in, sizeof(out)); + CuAssertIntEquals(tc, ret, SL_ENONE); + CuAssertStrEquals(tc, "aaaaaabbbb", out); + + CuAssertStrEquals(tc, "bbb", in); + + return; +} + +void Test_sh_util_acl_compact (CuTest *tc) { + char * ret = 0; + char inp1[] = "user::r--\nuser:lisa:rwx\t\t#effective: r--\ngroup::r--\ngroup:toolies:rw- #effective: r--\nmask::r--\nother::r--\n"; + char inp2[] = "use\n\nuser:lisa:rwx\t\t#effective: r--\ngroup::r--\ngroup:toolies:rw- #effective: r--\nmask::r--\nother::r--\n"; + char inp3[] = "user:\177\145\177\122:r--\nuser:lisa:rwx\t\t#effective: r--\ngroup::r--\ngroup:toolies:rw- #effective: r--\nmask::r--\nother::r--\n"; + + ret = sh_util_acl_compact (inp1, strlen(inp1)); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, "u::r--,u:lisa:rwx,g::r--,g:toolies:rw-,m::r--,o::r--", + ret); + + ret = sh_util_acl_compact (inp2, strlen(inp2)); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, "use,u:lisa:rwx,g::r--,g:toolies:rw-,m::r--,o::r--", + ret); + + ret = sh_util_acl_compact (inp3, strlen(inp3)); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, "u:eR:r--,u:lisa:rwx,g::r--,g:toolies:rw-,m::r--,o::r--", + ret); + + return; +} + +void Test_sh_util_strdup_ok (CuTest *tc) { + char * ret = 0; + char inp[] = "foobar"; + + ret = sh_util_strdup(inp); + CuAssertPtrNotNull(tc, ret); + CuAssert(tc, "expected inp != ret, but inp == ret", (inp != ret)); + CuAssertStrEquals(tc, "foobar", ret); + return; +} + +void Test_sh_util_strconcat_ok (CuTest *tc) { + char * ret = 0; + + ret = sh_util_strconcat("foo", NULL); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, "foo", ret); + + ret = sh_util_strconcat("foo", "bar", NULL); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, "foobar", ret); + + ret = sh_util_strconcat("/", "foo", "/", "bar", NULL); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, "/foo/bar", ret); + + return; +} + +void Test_sh_util_base64_enc_ok (CuTest *tc) { + unsigned char out[64]; + unsigned char ou2[64]; + int ret; + unsigned char inp0[64] = ""; + unsigned char inp1[64] = "A"; + unsigned char inp2[64] = "AB"; + unsigned char inp3[64] = "ABC"; + unsigned char inp4[64] = "ABCD"; + + ret = sh_util_base64_enc (out, inp0, strlen((char*)inp0)); + CuAssertIntEquals(tc, ret, 0); + CuAssertStrEquals(tc, "", (char*)out); + ret = sh_util_base64_dec (ou2, out, strlen((char*)out)); + CuAssertIntEquals(tc, ret, 0); + CuAssertStrEquals(tc, (char*)inp0, (char*)ou2); + + ret = sh_util_base64_enc (out, inp1, strlen((char*)inp1)); + CuAssertIntEquals(tc, ret, 4); + CuAssertStrEquals(tc, "QQ??", (char*)out); + ret = sh_util_base64_dec (ou2, out, strlen((char*)out)); + CuAssertStrEquals(tc, (char*)inp1, (char*)ou2); + CuAssertIntEquals(tc, 1, ret); + + ret = sh_util_base64_enc (out, inp2, strlen((char*)inp2)); + CuAssertIntEquals(tc, ret, 4); + CuAssertStrEquals(tc, "QUI?", (char*)out); + ret = sh_util_base64_dec (ou2, out, strlen((char*)out)); + CuAssertStrEquals(tc, (char*)inp2, (char*)ou2); + CuAssertIntEquals(tc, 2, ret); + + ret = sh_util_base64_enc (out, inp3, strlen((char*)inp3)); + CuAssertIntEquals(tc, ret, 4); + CuAssertStrEquals(tc, "QUJD", (char*)out); + ret = sh_util_base64_dec (ou2, out, strlen((char*)out)); + CuAssertStrEquals(tc, (char*)inp3, (char*)ou2); + CuAssertIntEquals(tc, 3, ret); + + ret = sh_util_base64_enc (out, inp4, strlen((char*)inp4)); + CuAssertIntEquals(tc, ret, 8); + CuAssertStrEquals(tc, "QUJDRA??", (char*)out); + ret = sh_util_base64_dec (ou2, out, strlen((char*)out)); + CuAssertStrEquals(tc, (char*)inp4, (char*)ou2); + CuAssertIntEquals(tc, 4, ret); + + + return; +} + +void Test_sh_util_dirname_ok (CuTest *tc) { + char * ret = 0; + + char input0[] = "/foo/bar"; + char res0[] = "/foo"; + + char input1[] = "/foo/bar/"; + char res1[] = "/foo"; + + char input2[] = "/foo"; + char res2[] = "/"; + + char input3[] = "/"; + char res3[] = "/"; + + char input4[] = "///foo//bar"; + char res4[] = "///foo"; + + char input5[] = "//foo///bar///"; + char res5[] = "//foo"; + + char input6[] = "///"; + char res6[] = "///"; + + char input7[] = "//f///b///"; + char res7[] = "//f"; + + char input8[] = "/f/b/"; + char res8[] = "/f"; + + char input9[] = "/e/b"; + char res9[] = "/e"; + + ret = sh_util_dirname(input0); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res0, ret); + + ret = sh_util_dirname(input1); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res1, ret); + + ret = sh_util_dirname(input2); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res2, ret); + + ret = sh_util_dirname(input3); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res3, ret); + + ret = sh_util_dirname(input4); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res4, ret); + + ret = sh_util_dirname(input5); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res5, ret); + + ret = sh_util_dirname(input6); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res6, ret); + + ret = sh_util_dirname(input7); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res7, ret); + + ret = sh_util_dirname(input8); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res8, ret); + + ret = sh_util_dirname(input9); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res9, ret); + return; +} + +void Test_sh_util_basename_ok (CuTest *tc) { + char * ret = 0; + + char input0[] = "/foo/bar"; + char res0[] = "bar"; + + char input1[] = "/foo/"; + char res1[] = "foo"; + + char input2[] = "/foo"; + char res2[] = "foo"; + + char input3[] = "/"; + char res3[] = "/"; + + char input4[] = "/foo/bar/"; + char res4[] = "bar"; + + char input5[] = "/foo///bar///"; + char res5[] = "bar"; + + char input6[] = "//foo"; + char res6[] = "foo"; + + ret = sh_util_basename(input0); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res0, ret); + + ret = sh_util_basename(input1); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res1, ret); + + ret = sh_util_basename(input2); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res2, ret); + + ret = sh_util_basename(input3); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res3, ret); + + ret = sh_util_basename(input4); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res4, ret); + + ret = sh_util_basename(input5); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res5, ret); + + ret = sh_util_basename(input6); + CuAssertPtrNotNull(tc, ret); + CuAssertStrEquals(tc, res6, ret); + + return; +} + +void Test_sh_util_utf8_ok (CuTest *tc) { + int ret = 0; +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + unsigned char seq[16]; + unsigned char input[16] = "foobar"; + + seq[0] = 0x00; + ret = sh_util_valid_utf8(seq); + CuAssertIntEquals(tc, ret, S_TRUE); + + seq[0] = 0xd7; seq[1] = 0x90; seq[2] = 0x00; + ret = sh_util_valid_utf8(seq); + CuAssertIntEquals(tc, ret, S_TRUE); + + seq[0] = 0xed; seq[1] = 0x9f; seq[2] = 0xbf; seq[3] = 0x00; + ret = sh_util_valid_utf8(seq); + CuAssertIntEquals(tc, ret, S_TRUE); + + seq[0] = 0xee; seq[1] = 0x80; seq[2] = 0x80; seq[3] = 0x00; + ret = sh_util_valid_utf8(seq); + CuAssertIntEquals(tc, ret, S_TRUE); + + seq[0] = 0xef; seq[1] = 0xbf; seq[2] = 0xbd; seq[3] = 0x00; + ret = sh_util_valid_utf8(seq); + CuAssertIntEquals(tc, ret, S_TRUE); + + seq[0] = 0xf4; seq[1] = 0x8f; seq[2] = 0xbf; seq[3] = 0xbf; seq[4] = 0x00; + ret = sh_util_valid_utf8(seq); + CuAssertIntEquals(tc, ret, S_TRUE); + + seq[0] = 0xf4; seq[1] = 0x90; seq[2] = 0x80; seq[3] = 0x80; seq[4] = 0x00; + ret = sh_util_valid_utf8(seq); + CuAssertIntEquals(tc, ret, S_TRUE); + + seq[0] = 0xd7; seq[1] = 0x90; seq[2] = 0xd7; seq[3] = 0x90; seq[4] = 0x00; + ret = sh_util_valid_utf8(seq); + CuAssertIntEquals(tc, ret, S_TRUE); + + /* cont. char */ + + seq[0] = 0x80; seq[1] = 0x00; + ret = sh_util_valid_utf8(seq); + CuAssertIntEquals(tc, ret, S_FALSE); + + seq[0] = 0xbf; seq[1] = 0x00; + ret = sh_util_valid_utf8(seq); + CuAssertIntEquals(tc, ret, S_FALSE); + + /* overlong */ + + seq[0] = 0xc0; seq[1] = 0xaf; seq[2] = 0x00; + ret = sh_util_valid_utf8(seq); + CuAssertIntEquals(tc, ret, S_FALSE); + + seq[0] = 0xe0; seq[1] = 0x8f; seq[2] = 0xaf; seq[3] = 0x00; + ret = sh_util_valid_utf8(seq); + CuAssertIntEquals(tc, ret, S_FALSE); + + seq[0] = 0xf0; seq[1] = 0x80; seq[2] = 0x80; seq[3] = 0xaf; seq[4] = 0x00; + ret = sh_util_valid_utf8(seq); + CuAssertIntEquals(tc, ret, S_FALSE); + + /* overlong */ + + seq[0] = 0xc1; seq[1] = 0xbf; seq[2] = 0x00; + ret = sh_util_valid_utf8(seq); + CuAssertIntEquals(tc, ret, S_FALSE); + + seq[0] = 0xe0; seq[1] = 0x9f; seq[2] = 0xbf; seq[3] = 0x00; + ret = sh_util_valid_utf8(seq); + CuAssertIntEquals(tc, ret, S_FALSE); + + seq[0] = 0xf0; seq[1] = 0x8f; seq[2] = 0xbf; seq[3] = 0xbf; seq[4] = 0x00; + ret = sh_util_valid_utf8(seq); + CuAssertIntEquals(tc, ret, S_FALSE); + + /* overlong */ + + seq[0] = 0xc0; seq[1] = 0x80; seq[2] = 0x00; + ret = sh_util_valid_utf8(seq); + CuAssertIntEquals(tc, ret, S_FALSE); + + seq[0] = 0xe0; seq[1] = 0x80; seq[2] = 0x80; seq[3] = 0x00; + ret = sh_util_valid_utf8(seq); + CuAssertIntEquals(tc, ret, S_FALSE); + + seq[0] = 0xf0; seq[1] = 0x80; seq[2] = 0x80; seq[3] = 0x80; seq[4] = 0x00; + ret = sh_util_valid_utf8(seq); + CuAssertIntEquals(tc, ret, S_FALSE); + + /* cont missing */ + + seq[0] = 0xd7; seq[1] = 0x20; seq[3] = 0x00; + ret = sh_util_valid_utf8(seq); + CuAssertIntEquals(tc, ret, S_FALSE); + + seq[0] = 0xee; seq[1] = 0x80; seq[2] = 0x20; seq[3] = 0x00; + ret = sh_util_valid_utf8(seq); + CuAssertIntEquals(tc, ret, S_FALSE); + + seq[0] = 0xf4; seq[1] = 0x8f; seq[2] = 0xbf; seq[3] = 0x20; seq[4] = 0x00; + ret = sh_util_valid_utf8(seq); + CuAssertIntEquals(tc, ret, S_FALSE); + + /* switch on utf8 checking for sh_util_obscurename() */ + + ret = sh_util_obscure_utf8("Y"); + CuAssertIntEquals(tc, ret, 0); + + ret = sh_util_obscure_ok ("0x01,0x02,0x03"); + CuAssertIntEquals(tc, ret, 0); + + ret = sh_util_valid_utf8 (input); + CuAssertIntEquals(tc, ret, S_TRUE); + ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, 0); + + input[0] = '\t'; + ret = sh_util_valid_utf8 (input); + CuAssertIntEquals(tc, ret, S_FALSE); + ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, -1); + + input[0] = 0x01; + ret = sh_util_valid_utf8 (input); + CuAssertIntEquals(tc, ret, S_TRUE); + ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, 0); + + input[0] = 0x02; + ret = sh_util_valid_utf8 (input); + CuAssertIntEquals(tc, ret, S_TRUE); + ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, 0); + + input[0] = 0x03; + ret = sh_util_valid_utf8 (input); + CuAssertIntEquals(tc, ret, S_TRUE); + ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, 0); + + input[0] = 0x04; + ret = sh_util_valid_utf8 (input); + CuAssertIntEquals(tc, ret, S_FALSE); + ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, -1); + + input[0] = 'f'; + ret = sh_util_valid_utf8 (input); + CuAssertIntEquals(tc, ret, S_TRUE); + ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, 0); + + input[5] = ' '; + ret = sh_util_valid_utf8 (input); + CuAssertIntEquals(tc, ret, S_FALSE); + ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, -1); + + input[5] = 'r'; input[3] = ' '; + ret = sh_util_valid_utf8 (input); + CuAssertIntEquals(tc, ret, S_TRUE); + ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, 0); + + +#else + CuAssertIntEquals(tc, ret, 0); +#endif +} + +void Test_sh_util_obscure_ok (CuTest *tc) { + + int ret = 0; +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + char input[16] = "foobar"; + + /* switch off utf8 checking for sh_util_obscurename() */ + + ret = sh_util_obscure_utf8("N"); + CuAssertIntEquals(tc, ret, 0); + + ret = sh_util_obscure_ok ("0xA1,0xA2,0xA3"); + CuAssertIntEquals(tc, ret, 0); + + ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, 0); + + input[0] = '\t'; + ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, -1); + + input[0] = 0xA1; + ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, 0); + + input[0] = 0xA2; + ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, 0); + + input[0] = 0xA3; + ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, 0); + + input[0] = 0xA4; + ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, -1); + + input[0] = 'f'; + ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, 0); + + input[5] = ' '; + ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, -1); + + input[5] = 'r'; input[3] = ' '; + ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); + CuAssertIntEquals(tc, ret, 0); +#else + CuAssertIntEquals(tc, ret, 0); +#endif +} + + Index: /tags/2.5.0/src/cutest_slib.c =================================================================== --- /tags/2.5.0/src/cutest_slib.c (revision 189) +++ /tags/2.5.0/src/cutest_slib.c (revision 189) @@ -0,0 +1,80 @@ + +#include "config_xor.h" + +#include +#include "CuTest.h" +#include "samhain.h" + +void Test_sl_snprintf (CuTest *tc) { + + int ret = 0; + char input[16]; + + memset (&input, 'X', 16); + ret = sl_snprintf(input, 10, "%s\n", "01234567890123456789"); + CuAssertIntEquals(tc, ret, 0); + CuAssertTrue(tc, input[9] == '\0'); + CuAssertTrue(tc, input[10] == 'X'); + + memset (&input, 'X', 16); + ret = sl_snprintf(input, 4, "%d\n", "012345"); + CuAssertIntEquals(tc, ret, 0); + CuAssertTrue(tc, input[3] == '\0'); + CuAssertTrue(tc, input[4] == 'X'); +} + +void Test_sl_strcasecmp (CuTest *tc) { + char one[64], two[64]; + int res; + + strcpy(one, "foo"); + strcpy(two, "foo"); + res = sl_strcasecmp(one, two); + CuAssertIntEquals(tc, 0, res); + + strcpy(one, "fo"); + strcpy(two, "foo"); + res = sl_strcasecmp(one, two); + CuAssertIntEquals(tc, -1, res); + + strcpy(one, "foo"); + strcpy(two, "fo"); + res = sl_strcasecmp(one, two); + CuAssertIntEquals(tc, 1, res); + + strcpy(one, "1234"); + strcpy(two, "2345"); + res = sl_strcasecmp(one, two); + CuAssertIntEquals(tc, -1, res); + + strcpy(one, "234"); + strcpy(two, "123"); + res = sl_strcasecmp(one, two); + CuAssertIntEquals(tc, 1, res); + + strcpy(one, ""); + strcpy(two, "123"); + res = sl_strcasecmp(one, two); + CuAssertIntEquals(tc, -1, res); + + strcpy(one, "234"); + strcpy(two, ""); + res = sl_strcasecmp(one, two); + CuAssertIntEquals(tc, 1, res); + + strcpy(one, ""); + strcpy(two, ""); + res = sl_strcasecmp(one, two); + CuAssertTrue(tc, res == 0); + +#ifndef SL_FAIL_ON_ERROR + res = sl_strcasecmp(NULL, two); + CuAssertIntEquals(tc, -1, res); + + res = sl_strcasecmp(one, NULL); + CuAssertIntEquals(tc, 1, res); + + res = sl_strcasecmp(NULL, NULL); + CuAssertTrue(tc, res != 0); +#endif +} Index: /tags/2.5.0/src/cutest_zAVLTree.c =================================================================== --- /tags/2.5.0/src/cutest_zAVLTree.c (revision 189) +++ /tags/2.5.0/src/cutest_zAVLTree.c (revision 189) @@ -0,0 +1,247 @@ + +#include "config_xor.h" + +#include +#include "CuTest.h" +#include "zAVLTree.h" + +struct ztest { + char name[32]; +}; + +static zAVLTree * ztest_tree = NULL; + +static zAVLKey ztest_key (void const * arg) +{ + const struct ztest * sa = (const struct ztest *) arg; + return (zAVLKey) sa->name; +} + +static void free_node (void * inptr) +{ + struct ztest * ptr = (struct ztest *) inptr; + ptr->name[0] = '\0'; +} + +void Test_zAVLTree(CuTest *tc) { + zAVLCursor cursor; + + int result; + int counter = 0; + + struct ztest z1 = { "abc" }; + struct ztest z2 = { "aac" }; + struct ztest z3 = { "aaa1" }; + struct ztest z4 = { "aaa3" }; + struct ztest z5 = { "aaa2" }; + struct ztest z6 = { "aaa6" }; + struct ztest z7 = { "aaa5" }; + struct ztest z8 = { "aaa4" }; + + struct ztest * ptr; + + ptr = zAVLFirst(&cursor, ztest_tree); + CuAssertTrue(tc, NULL == ptr); + + ztest_tree = zAVLAllocTree (ztest_key); + CuAssertPtrNotNull(tc, ztest_tree); + + do { + + ++counter; + + result = zAVLInsert(ztest_tree, &z1); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z2); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z3); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z4); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z5); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z6); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z7); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z8); + CuAssertTrue(tc, 0 == result); + + ptr = zAVLFirst(&cursor, ztest_tree); + CuAssertStrEquals(tc, ptr->name, z3.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z5.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z4.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z8.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z7.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z6.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z2.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z1.name); + ptr = zAVLNext(&cursor); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLInsert(ztest_tree, &z8); + CuAssertTrue(tc, 0 != result); + result = zAVLInsert(ztest_tree, &z7); + CuAssertTrue(tc, 0 != result); + result = zAVLInsert(ztest_tree, &z6); + CuAssertTrue(tc, 0 != result); + result = zAVLInsert(ztest_tree, &z5); + CuAssertTrue(tc, 0 != result); + + ptr = zAVLSearch(ztest_tree, z1.name); + CuAssertStrEquals(tc, ptr->name, z1.name); + ptr = zAVLSearch(ztest_tree, z2.name); + CuAssertStrEquals(tc, ptr->name, z2.name); + ptr = zAVLSearch(ztest_tree, z3.name); + CuAssertStrEquals(tc, ptr->name, z3.name); + ptr = zAVLSearch(ztest_tree, z4.name); + CuAssertStrEquals(tc, ptr->name, z4.name); + + ptr = zAVLFirst(&cursor, ztest_tree); + CuAssertStrEquals(tc, ptr->name, z3.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z5.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z4.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z8.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z7.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z6.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z2.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z1.name); + ptr = zAVLNext(&cursor); + CuAssertTrue(tc, NULL == ptr); + + + ptr = zAVLSearch(ztest_tree, z5.name); + CuAssertStrEquals(tc, ptr->name, z5.name); + ptr = zAVLSearch(ztest_tree, z6.name); + CuAssertStrEquals(tc, ptr->name, z6.name); + ptr = zAVLSearch(ztest_tree, z7.name); + CuAssertStrEquals(tc, ptr->name, z7.name); + ptr = zAVLSearch(ztest_tree, z8.name); + CuAssertStrEquals(tc, ptr->name, z8.name); + ptr = zAVLSearch(ztest_tree, "foobar"); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLDelete(ztest_tree, z8.name); + CuAssertTrue(tc, 0 == result); + ptr = zAVLSearch(ztest_tree, z8.name); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLDelete(ztest_tree, z3.name); + CuAssertTrue(tc, 0 == result); + ptr = zAVLSearch(ztest_tree, z3.name); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLDelete(ztest_tree, z1.name); + CuAssertTrue(tc, 0 == result); + ptr = zAVLSearch(ztest_tree, z1.name); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLInsert(ztest_tree, &z1); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z8); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z3); + CuAssertTrue(tc, 0 == result); + + ptr = zAVLFirst(&cursor, ztest_tree); + CuAssertStrEquals(tc, ptr->name, z3.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z5.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z4.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z8.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z7.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z6.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z2.name); + ptr = zAVLNext(&cursor); + CuAssertStrEquals(tc, ptr->name, z1.name); + ptr = zAVLNext(&cursor); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLDelete(ztest_tree, z1.name); + CuAssertTrue(tc, 0 == result); + ptr = zAVLSearch(ztest_tree, z1.name); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLDelete(ztest_tree, z2.name); + CuAssertTrue(tc, 0 == result); + ptr = zAVLSearch(ztest_tree, z2.name); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLDelete(ztest_tree, z3.name); + CuAssertTrue(tc, 0 == result); + ptr = zAVLSearch(ztest_tree, z3.name); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLDelete(ztest_tree, z4.name); + CuAssertTrue(tc, 0 == result); + ptr = zAVLSearch(ztest_tree, z4.name); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLDelete(ztest_tree, z5.name); + CuAssertTrue(tc, 0 == result); + ptr = zAVLSearch(ztest_tree, z5.name); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLDelete(ztest_tree, z6.name); + CuAssertTrue(tc, 0 == result); + ptr = zAVLSearch(ztest_tree, z6.name); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLDelete(ztest_tree, z7.name); + CuAssertTrue(tc, 0 == result); + ptr = zAVLSearch(ztest_tree, z7.name); + CuAssertTrue(tc, NULL == ptr); + + result = zAVLDelete(ztest_tree, z8.name); + CuAssertTrue(tc, 0 == result); + ptr = zAVLSearch(ztest_tree, z8.name); + CuAssertTrue(tc, NULL == ptr); + +} while (counter < 100); + + result = zAVLInsert(ztest_tree, &z1); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z2); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z3); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z4); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z5); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z6); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z7); + CuAssertTrue(tc, 0 == result); + result = zAVLInsert(ztest_tree, &z8); + CuAssertTrue(tc, 0 == result); + + zAVLFreeTree (ztest_tree, free_node); + CuAssertTrue (tc, z1.name[0] == '\0'); + CuAssertTrue (tc, z2.name[0] == '\0'); + CuAssertTrue (tc, z3.name[0] == '\0'); + CuAssertTrue (tc, z4.name[0] == '\0'); + CuAssertTrue (tc, z5.name[0] == '\0'); + CuAssertTrue (tc, z6.name[0] == '\0'); + CuAssertTrue (tc, z7.name[0] == '\0'); + CuAssertTrue (tc, z8.name[0] == '\0'); +} Index: /tags/2.5.0/src/depend-gen.c =================================================================== --- /tags/2.5.0/src/depend-gen.c (revision 189) +++ /tags/2.5.0/src/depend-gen.c (revision 189) @@ -0,0 +1,415 @@ +#include +#include + +/* copyright (c) 2002 Rainer Wichmann + * License: GNU Public License (GPL) version 2 or later + */ + +/* gcc -O2 -Wall -o depend depend.c + */ + +/* + +# redo if sources change +# +depend.dep: depend.c $(SOURCES) + $(CC) -o depend depend.c + for ff in $(SOURCES); do; \ + depend -o depend.dep $ff; \ + done + nsum=`sum depend.dep`; \ + osum=`cat depend.sum`; \ + if test "x$$osum" != "x$$nsum"; then \ + echo $$nsum > depend.sum + fi + +# only updated if depencies change +# +depend.sum: depend.dep + +Makefile.in: depend.sum + for ff in $(SOURCES); do; \ + depend -o Makefile.in $ff; \ + done + +Makefile: Makefile.in + +*/ + +unsigned int lzo_adler32(unsigned int adler, + const char *buf, unsigned int len); + + +int main (int argc, char * argv[]) +{ + FILE * fout = NULL; + FILE * ftmp = NULL; + FILE * fin = NULL; + + int filep = 1; + + char name[1024]; + char base[1024]; + char tmpname[1024]; + char line[1024]; + char buffer[2048]; + char incdir[1024]; + int inclen = 0; + int count = 2047; + int len = 0; + + unsigned int adler; + + char * p; + char * q; + + incdir[0] = '\0'; + + if (argc < 2) + { + fprintf(stderr, "depend-gen: Missing argument\n"); + return 1; + } + + if (argv[1][0] == '-' && argv[1][1] == 'h') + { + printf("Usage: depend-gen [-i includedir] -(o|t) outfile infile\n"); + printf(" -o replaces, -t truncates\n"); + return 0; + } + + if (argv[1][0] == '-' && argv[1][1] == 'i') + { + if (argc < 3) + { + fprintf(stderr, "depend-gen: -i: Missing argument (includedir)\n"); + return 1; + } + strncpy(incdir, argv[2], 1023); + incdir[1023] = '\0'; + inclen = strlen(incdir); + argc -= 2; ++argv; ++argv; + } + + if (argv[1][0] == '-' && + (argv[1][1] == 'o' || argv[1][1] == 't' || argv[1][1] == 'c')) + { + if (argc < 3) + { + fprintf(stderr, "depend-gen: -%c: Missing argument\n", argv[1][1]); + return 1; + } + if (argv[1][1] == 'o' || argv[1][1] == 'c') + fout = fopen(argv[2], "r+"); + else + fout = fopen(argv[2], "w+"); + + if (!fout) + { + perror("depend-gen: fopen"); + fprintf(stderr, "depend-gen [%d]: -%c %s: Could not open file\n", + __LINE__, argv[1][1], argv[2]); + return 1; + } + filep += 2; + + if (argv[1][1] == 'c') + { + adler = lzo_adler32(0, NULL, 0); + while (NULL != fgets(line, 1023, fout)) + { + adler = lzo_adler32(adler, line, strlen(line)); + } + printf("%u\n", adler); + return 0; + } + + if (argv[1][1] == 't') + ftmp = fout; + else + { + tmpname[0] = '\0'; + if (strlen(argv[filep]) > 1029) + { + fprintf(stderr, "depend-gen: -%c %s: filename too long\n", + argv[1][1], argv[2]); + return 1; + } + + + strncat(tmpname, argv[filep], 1029); + strncat(tmpname, ".tmp", 1023); + ftmp = fopen(tmpname, "w"); + if (!ftmp) + { + perror("depend-gen: fopen"); + fprintf(stderr, "depend-gen [%d]: -%c %s: Could not open file\n", + __LINE__, argv[1][1], tmpname); + return 1; + } + } + + } + else + { + fprintf(stderr, "depend-gen: no output file given (-(o|t) outfile)\n"); + return 1; + } + + + if (argc < (filep+1)) + { + fprintf(stderr, "depend-gen: missing argument (infile)\n"); + return 1; + } + fin = fopen(argv[filep], "r"); + if (!fin) + { + perror("depend-gen: fopen"); + fprintf(stderr, "depend-gen [%d]: -%c %s: Could not open file\n", + __LINE__, argv[1][1], argv[filep]); + return 1; + } + + /* fast forward to dependencies start + */ + do + { + if (NULL == fgets(line, 1023, fout)) + break; + if (0 == strncmp(line, "# DO NOT DELETE THIS LINE", 25)) + break; + fprintf(ftmp, "%s", line); + } + while (1 == 1); + + if (argv[1][1] == 'o') + { + fprintf(ftmp, "# DO NOT DELETE THIS LINE\n"); + } + + strncpy(name, argv[filep], 1023); + p = name; + while (*p != '\0') ++p; + if (name[0] != '\0') --p; + if (*p == 'c') *p = 'o'; + + p = strrchr(name, '/'); + if (p) + ++p; + len = strlen(p); + + /* skip other dependencies + */ + do + { + if (NULL == fgets(line, 1023, fout)) + break; + if (0 == strncmp(line, p, len)) + break; + fprintf(ftmp, "%s", line); + } + while (1 == 1); + + buffer[0] = '\0'; + + while (NULL != fgets(line, 1023, fin)) + { + p = line; + while (*p != '\0' && (*p == ' ' || *p == '\t')) + ++p; + if (0 == strncmp(p, "#include", 8)) + p += 8; + else + continue; + while (*p != '\0' && (*p == ' ' || *p == '\t')) + ++p; + if (*p != '"') + continue; + else + { + ++p; + q = p; + ++q; + while (*q != '\0' && *q != '"') + ++q; + if (*q != '"') + continue; + *q = '\0'; + + /************************************************** + * + * EXCEPTIONS + * + **************************************************/ + if (0 == strcmp(p, "sh_gpg_chksum.h") || + 0 == strcmp(p, "sh_gpg_fp.h")) + { + /* fprintf(stderr, "Excluding %s\n", p); */ + continue; + } + + len = strlen(p); + if (len > count) + { + /* graceful failure */ + fprintf(fout, "# OVERFLOW: incomplete dependencies\n"); + break; + } + if (incdir[0] != '\0') + { + if (0 == strcmp(p, "config.h") || + 0 == strcmp(p, "config_xor.h") || + 0 == strcmp(p, "internal.h") || + 0 == strcmp(p, "sh_ks.h") || + 0 == strcmp(p, "sh_ks_xor.h") || + 0 == strcmp(p, "sh_MK.h")); /* do nothing */ + else + { + strncat(buffer, incdir, count); + count -= inclen; + } + } + strncat(buffer, p, count); + count -= len; + strncat(buffer, " ", count); + --count; + } + } + + /* write the dependencies found + */ + p = strrchr(argv[filep], '/'); + if (p) + { + ++p; + strncpy(name, p, 1023); + } + else + strncpy(name, argv[filep], 1023); + name[1023] = '\0'; + + strcpy(base, "$(srcsrc)/"); + strcat(base, name); + + p = name; + while (*p != '\0') ++p; + if (name[0] != '\0') --p; + if (*p == 'c') + { + *p = 'o'; + fprintf(ftmp, "%s: %s Makefile %s\n", name, base /* argv[filep] */, + buffer); + } + else + { + fprintf(ftmp, "%s: Makefile %s\n", argv[filep], buffer); + } + + /* more dependencies + */ + do + { + if (NULL == fgets(line, 1023, fout)) + break; + fprintf(ftmp, "%s", line); + } + while (1 == 1); + + if (ftmp != NULL) + { + fclose(ftmp); + } + if (fout != NULL) + { + fclose(fout); + } + if (fin != NULL) + { + fclose(fin); + } + + if (argv[1][1] == 'o') + { + if (0 != rename (tmpname, argv[2])) + { + perror("depend-gen: rename"); + fprintf(stderr, "depend-gen: could not rename %s --> %s\n", + tmpname, argv[2]); + return 1; + } + } + + return 0; +} + +/* from the LZO real-time data compression library + + Copyright (C) 1999 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1998 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1997 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1996 Markus Franz Xaver Johannes Oberhumer + + The LZO library is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of + the License, or (at your option) any later version. + + The LZO library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with the LZO library; see the file COPYING. + If not, write to the Free Software Foundation, Inc., + 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + Markus F.X.J. Oberhumer + + http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html +*/ +/* + * NOTE: + * the full LZO package can be found at + * http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html + */ + +#define LZO_BASE 65521u +#define LZO_NMAX 5552 + +#define LZO_DO1(buf,i) {s1 += buf[i]; s2 += s1;} +#define LZO_DO2(buf,i) LZO_DO1(buf,i); LZO_DO1(buf,i+1); +#define LZO_DO4(buf,i) LZO_DO2(buf,i); LZO_DO2(buf,i+2); +#define LZO_DO8(buf,i) LZO_DO4(buf,i); LZO_DO4(buf,i+4); +#define LZO_DO16(buf,i) LZO_DO8(buf,i); LZO_DO8(buf,i+8); + +unsigned int lzo_adler32(unsigned int adler, const char *buf, unsigned int len) +{ + unsigned int s1 = adler & 0xffff; + unsigned int s2 = (adler >> 16) & 0xffff; + int k; + + if (buf == NULL) + return 1; + + while (len > 0) + { + k = len < LZO_NMAX ? (int) len : LZO_NMAX; + len -= k; + if (k >= 16) do + { + LZO_DO16(buf,0); + buf += 16; + k -= 16; + } while (k >= 16); + if (k != 0) do + { + s1 += *buf++; + s2 += s1; + } while (--k > 0); + s1 %= LZO_BASE; + s2 %= LZO_BASE; + } + return (s2 << 16) | s1; +} Index: /tags/2.5.0/src/dnmalloc.c =================================================================== --- /tags/2.5.0/src/dnmalloc.c (revision 189) +++ /tags/2.5.0/src/dnmalloc.c (revision 189) @@ -0,0 +1,5582 @@ +/* DistriNet malloc (dnmalloc): a more secure memory allocator. + Copyright (C) 2005, Yves Younan, Wouter Joosen, Frank Piessens + and Rainer Wichmann + + The authors can be contacted by: + Email: dnmalloc@fort-knox.org + Address: + Yves Younan + Celestijnenlaan 200A + B-3001 Heverlee + Belgium + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +*/ + +/* Current version: dnmalloc 1.0 */ +/* Includes arc4random from OpenBSD, which is under the BDS license */ + +/* Versions: + 0.1-0.5: + Proof of concept implementation by Hans Van den Eynden and Yves Younan + 0.6-0.7: + Bug fixes by Yves Younan + 0.8-1.0.beta4: + Reimplementation from scratch by Yves Younan + 1.0.beta4: + Public release + 1.0.beta5: + Prev_chunkinfo speeded up, was really slow because of the way we did lookups + A freechunkinfo region is now freed when it is completely empty and + not the current one + + 1.0 (Rainer Wichmann [support at la dash samhna dot org]): + --------------------- + + Compiler warnings fixed + Define REALLOC_ZERO_BYTES_FREES because it's what GNU libc does + (and what the standard says) + Removed unused code + Fix assert(aligned_OK(chunk(newp))); + -> assert(aligned_OK(chunk(oldp))); + Fix statistics in sYSMALLOc + Fix overwrite of av->top in sYSMALLOc + Provide own assert(), glibc assert() doesn't work (calls malloc) + Fix bug in mEMALIGn(), put remainder in hashtable before calling fREe + Remove cfree, independent_cmalloc, independent_comalloc (untested + public functions not covered by any standard) + Provide posix_memalign (that one is in the standard) + Move the malloc_state struct to mmapped memory protected by guard pages + Add arc4random function to initialize random canary on startup + Implement random canary at end of (re|m)alloced/memaligned buffer, + check at free/realloc + Remove code conditional on !HAVE_MMAP, since mmap is required anyway. + Use standard HAVE_foo macros (as generated by autoconf) instead of LACKS_foo + + Profiling: Reorder branches in hashtable_add, next_chunkinfo, + prev_chunkinfo, hashtable_insert, mALLOc, fREe, request2size, + checked_request2size (gcc predicts if{} branch to be taken). + Use UNLIKELY macro (gcc __builtin_expect()) where branch + reordering would make the code awkward. + + Portability: Hashtable always covers full 32bit address space to + avoid assumptions about memory layout. + Portability: Try hard to enforce mapping of mmapped memory into + 32bit address space, even on 64bit systems. + Portability: Provide a dnmalloc_pthread_init() function, since + pthread locking on HP-UX only works if initialized + after the application has entered main(). + Portability: On *BSD, pthread_mutex_lock is unusable since it + calls malloc, use spinlocks instead. + Portability: Dynamically detect whether the heap is within + 32bit address range (e.g. on Linux x86_64, it isn't). + Don't use sbrk() if the heap is mapped to an address + outside the 32bit range, since this doesn't work with + the hashtable. New macro morecore32bit. + + Success on: HP-UX 11.11/pthread, Linux/pthread (32/64 bit), + FreeBSD/pthread, and Solaris 10 i386/pthread. + Fail on: OpenBSD/pthread (in _thread_machdep_save_float_state), + might be related to OpenBSD pthread internals (??). + Non-treaded version (#undef USE_MALLOC_LOC) + works on OpenBSD. + + further to 1.0: + Valgrind client requests inserted (#define USE_VALGRIND) + Fix: malloc_consolidate (nextchunk->fd, nextchunk->bck may be NULL) + Portability: minsize = 32 bit on 64bit architecture + Minor cleanups + Fix: eliminate prototypes for memset, memcpy (they're in string.h) + + There may be some bugs left in this version. please use with caution. +*/ + + + +/* Please read the following papers for documentation: + + Yves Younan, Wouter Joosen, and Frank Piessens, A Methodology for Designing + Countermeasures against Current and Future Code Injection Attacks, + Proceedings of the Third IEEE International Information Assurance + Workshop 2005 (IWIA2005), College Park, Maryland, U.S.A., March 2005, + IEEE, IEEE Press. + http://www.fort-knox.org/younany_countermeasures.pdf + + Yves Younan, Wouter Joosen and Frank Piessens and Hans Van den + Eynden. Security of Memory Allocators for C and C++. Technical Report + CW419, Departement Computerwetenschappen, Katholieke Universiteit + Leuven, July 2005. http://www.fort-knox.org/CW419.pdf + + */ + +/* Compile: + gcc -fPIC -rdynamic -c -Wall dnmalloc-portable.c + "Link": + Dynamic: + gcc -shared -Wl,-soname,libdnmalloc.so.0 -o libdnmalloc.so.0.0 dnmalloc-portable.o -lc + Static: + ar -rv libdnmalloc.a dnmalloc-portable.o + +*/ + +/* + dnmalloc is based on dlmalloc 2.7.2 (by Doug Lea (dl@cs.oswego.edu)) + dlmalloc was released as public domain and contained the following license: + + "This is a version (aka dlmalloc) of malloc/free/realloc written by + Doug Lea and released to the public domain. Use, modify, and + redistribute this code without permission or acknowledgement in any + way you wish. Send questions, comments, complaints, performance + data, etc to dl@cs.oswego.edu + + * VERSION 2.7.2 Sat Aug 17 09:07:30 2002 Doug Lea (dl at gee) + + Note: There may be an updated version of this malloc obtainable at + ftp://gee.cs.oswego.edu/pub/misc/malloc.c + Check before installing!" + +*/ + +/* The following preprocessor macros are tested, + * and hence should have #define directives: + * + * HAVE_CONFIG_H Define to #include "config.h" (autoconf-generated) + * + * HAVE_UNISTD_H Define to #include + * + * HAVE_SYS_UIO_H Define to #include (for writev) + * HAVE_WRITEV Define if the 'writev' function is available + * + * HAVE_SYS_PARAM_H Define to #include (for pagesize) + * + * HAVE_MALLOC_H Define to #include (for struct mallinfo) + * + * HAVE_FCNTL_H Define to #include + * + * HAVE_SYS_MMAN_H Define to #include + * HAVE_MMAP Define if the 'mmap' function is available. + * + * HAVE_SCHED_H Define to #include + * HAVE_SCHED_YIELD Define id the 'sched_yield' function is available + */ + + +/* + __STD_C should be nonzero if using ANSI-standard C compiler, a C++ + compiler, or a C compiler sufficiently close to ANSI to get away + with it. +*/ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#ifdef USE_VALGRIND +#include +#else +#define VALGRIND_FREELIKE_BLOCK(a,b) ((void)0) +#define VALGRIND_MALLOCLIKE_BLOCK(a,b,c,d) ((void)0) +#define VALGRIND_CREATE_MEMPOOL(a,b,c) ((void)0) +#define VALGRIND_MEMPOOL_ALLOC(a,b,c) ((void)0) +#define VALGRIND_MEMPOOL_FREE(a,b) ((void)0) +#define VALGRIND_DESTROY_MEMPOOL(a) ((void)0) +#define VALGRIND_MAKE_MEM_DEFINED(a,b) ((void)0) +#define VALGRIND_MAKE_MEM_UNDEFINED(a,b) ((void)0) +#define VALGRIND_MAKE_MEM_NOACCESS(a,b) ((void)0) +#endif + +#if defined (__GNUC__) && __GNUC__ > 2 +# define LIKELY(expression) (__builtin_expect(!!(expression), 1)) +# define UNLIKELY(expression) (__builtin_expect(!!(expression), 0)) +# define __attribute_malloc__ __attribute__ ((__malloc__)) +#else +# define LIKELY(x) (x) +# define UNLIKELY(x) (x) +# define __attribute_malloc__ /* Ignore */ +#endif + +/* + Define HAVE_MREMAP to make realloc() use mremap() to re-allocate + large blocks. This is currently only possible on Linux with + kernel versions newer than 1.3.77. +*/ + +#ifndef HAVE_MREMAP +#ifdef linux +#define HAVE_MREMAP 1 +#define _GNU_SOURCE +#else +#define HAVE_MREMAP 0 +#endif +#endif /* HAVE_MREMAP */ + + + +#ifndef __STD_C +#if defined(__STDC__) || defined(_cplusplus) +#define __STD_C 1 +#else +#define __STD_C 0 +#endif +#endif /*__STD_C*/ + + +/* + Void_t* is the pointer type that malloc should say it returns +*/ + +#ifndef Void_t +#if (__STD_C || defined(WIN32)) +#define Void_t void +#else +#define Void_t char +#endif +#endif /*Void_t*/ + +#if __STD_C +#include /* for size_t */ +#else +#include +#endif + +#if !defined(USE_SYSTEM_MALLOC) + +#ifdef __cplusplus +extern "C" { +#endif + +/* define HAVE_UNISTD_H if your system has a . */ + +#ifdef HAVE_UNISTD_H +#include +#endif + +#ifdef HAVE_SYS_UIO_H +#include +#endif + +#include /* needed for malloc_stats */ +#include /* needed for optional MALLOC_FAILURE_ACTION */ + +#include +#include + +#include + +extern int errno; + + /* 0: lazy, + * 1: medium (assertions compiled in), + * 2: high (guard pages at end of hash table and ciregions) + * 3: paranoid (guards at end of each allocated chunk, check at free) + */ +#ifndef PARANOIA +#define PARANOIA 9 +#endif + + /* Using assert() with multithreading will cause the code + * to deadlock since glibc __assert_fail will call malloc(). + * We need our very own assert(). + */ +typedef void assert_handler_tp(const char * error, const char *file, int line); + +#if PARANOIA > 0 + +#ifdef NDEBUG +#undef NDEBUG +#endif + +static void default_assert_handler(const char *error, + const char *file, int line) +{ +#ifdef HAVE_WRITEV + struct iovec iov[5]; + char * i1 = "assertion failed ("; + char * i3 = "): "; + char * i5 = "\n"; + + iov[0].iov_base = i1; iov[0].iov_len = strlen(i1); + iov[1].iov_base = (char*) file; iov[1].iov_len = strlen(file); + iov[2].iov_base = i3; iov[2].iov_len = strlen(i3); + iov[3].iov_base = (char*) error; iov[3].iov_len = strlen(error); + iov[4].iov_base = i5; iov[4].iov_len = strlen(i5); + writev(STDERR_FILENO, iov, 5); +#else + fputs("assertion failed (", stderr); + fputs(file, stderr); + fputs("): ", stderr); + fputs(error, stderr); + fputc('\n', stderr); +#endif + (void) line; + abort(); +} +static assert_handler_tp *assert_handler = default_assert_handler; + + +#define assert(x) \ + do { \ + if (UNLIKELY(!(x))) { \ + assert_handler(#x, __FILE__, __LINE__); \ + } \ + } while (0) + +#else + +static assert_handler_tp *assert_handler = NULL; +#define NDEBUG +#define assert(x) ((void)0) + +#endif + +assert_handler_tp *dnmalloc_set_handler(assert_handler_tp *new) +{ + assert_handler_tp *old = assert_handler; + assert_handler = new; + return old; +} + + +#include + + /* define for debugging */ + /* #define DNMALLOC_DEBUG */ + + /* Do some extra checks? if not, covered by assrt()s */ + /* #define DNMALLOC_CHECKS */ + + /* + The unsigned integer type used for comparing any two chunk sizes. + This should be at least as wide as size_t, but should not be signed. + */ + +#ifndef CHUNK_SIZE_T +#define CHUNK_SIZE_T unsigned long +#endif + +/* + The unsigned integer type used to hold addresses when they are are + manipulated as integers. Except that it is not defined on all + systems, intptr_t would suffice. +*/ +#ifndef PTR_UINT +#define PTR_UINT unsigned long +#endif + + +/* + INTERNAL_SIZE_T is the word-size used for internal bookkeeping + of chunk sizes. + + The default version is the same as size_t. + + While not strictly necessary, it is best to define this as an + unsigned type, even if size_t is a signed type. This may avoid some + artificial size limitations on some systems. + + On a 64-bit machine, you may be able to reduce malloc overhead by + defining INTERNAL_SIZE_T to be a 32 bit `unsigned int' at the + expense of not being able to handle more than 2^32 of malloced + space. If this limitation is acceptable, you are encouraged to set + this unless you are on a platform requiring 16byte alignments. In + this case the alignment requirements turn out to negate any + potential advantages of decreasing size_t word size. + + Implementors: Beware of the possible combinations of: + - INTERNAL_SIZE_T might be signed or unsigned, might be 32 or 64 bits, + and might be the same width as int or as long + - size_t might have different width and signedness as INTERNAL_SIZE_T + - int and long might be 32 or 64 bits, and might be the same width + To deal with this, most comparisons and difference computations + among INTERNAL_SIZE_Ts should cast them to CHUNK_SIZE_T, being + aware of the fact that casting an unsigned int to a wider long does + not sign-extend. (This also makes checking for negative numbers + awkward.) Some of these casts result in harmless compiler warnings + on some systems. +*/ + +#ifndef INTERNAL_SIZE_T +#define INTERNAL_SIZE_T size_t +#endif + +/* The corresponding word size */ +#define SIZE_SZ (sizeof(INTERNAL_SIZE_T)) + + + +/* + MALLOC_ALIGNMENT is the minimum alignment for malloc'ed chunks. + It must be a power of two at least 2 * SIZE_SZ, even on machines + for which smaller alignments would suffice. It may be defined as + larger than this though. Note however that code and data structures + are optimized for the case of 8-byte alignment. +*/ + + +#ifndef MALLOC_ALIGNMENT +#define MALLOC_ALIGNMENT (2 * SIZE_SZ) +#endif + +/* The corresponding bit mask value */ +#define MALLOC_ALIGN_MASK (MALLOC_ALIGNMENT - 1) + + + +/* + REALLOC_ZERO_BYTES_FREES should be set if a call to + realloc with zero bytes should be the same as a call to free. + Some people think it should. Otherwise, since this malloc + returns a unique pointer for malloc(0), so does realloc(p, 0). +*/ + +#define REALLOC_ZERO_BYTES_FREES + +/* + TRIM_FASTBINS controls whether free() of a very small chunk can + immediately lead to trimming. Setting to true (1) can reduce memory + footprint, but will almost always slow down programs that use a lot + of small chunks. + + Define this only if you are willing to give up some speed to more + aggressively reduce system-level memory footprint when releasing + memory in programs that use many small chunks. You can get + essentially the same effect by setting MXFAST to 0, but this can + lead to even greater slowdowns in programs using many small chunks. + TRIM_FASTBINS is an in-between compile-time option, that disables + only those chunks bordering topmost memory from being placed in + fastbins. +*/ + +#ifndef TRIM_FASTBINS +#define TRIM_FASTBINS 0 +#endif + + +/* + USE_DL_PREFIX will prefix all public routines with the string 'dl'. + This is necessary when you only want to use this malloc in one part + of a program, using your regular system malloc elsewhere. +*/ + +/* #define USE_DL_PREFIX */ + + +/* + USE_MALLOC_LOCK causes wrapper functions to surround each + callable routine with pthread mutex lock/unlock. + + USE_MALLOC_LOCK forces USE_PUBLIC_MALLOC_WRAPPERS to be defined +*/ + +/* #define USE_MALLOC_LOCK */ + + +/* + If USE_PUBLIC_MALLOC_WRAPPERS is defined, every public routine is + actually a wrapper function that first calls MALLOC_PREACTION, then + calls the internal routine, and follows it with + MALLOC_POSTACTION. This is needed for locking, but you can also use + this, without USE_MALLOC_LOCK, for purposes of interception, + instrumentation, etc. It is a sad fact that using wrappers often + noticeably degrades performance of malloc-intensive programs. +*/ + + +#ifdef USE_MALLOC_LOCK +#define USE_PUBLIC_MALLOC_WRAPPERS +#else +/* #define USE_PUBLIC_MALLOC_WRAPPERS */ +#endif + + +/* + Two-phase name translation. + All of the actual routines are given mangled names. + When wrappers are used, they become the public callable versions. + When DL_PREFIX is used, the callable names are prefixed. +*/ + +#ifndef USE_PUBLIC_MALLOC_WRAPPERS +#define cALLOc public_cALLOc +#define fREe public_fREe +#define mALLOc public_mALLOc +#define mEMALIGn public_mEMALIGn +#define posix_mEMALIGn public_posix_mEMALIGn +#define rEALLOc public_rEALLOc +#define vALLOc public_vALLOc +#define pVALLOc public_pVALLOc +#define mALLINFo public_mALLINFo +#define mALLOPt public_mALLOPt +#define mTRIm public_mTRIm +#define mSTATs public_mSTATs +#define mUSABLe public_mUSABLe +#endif + +#ifdef USE_DL_PREFIX +#define public_cALLOc dlcalloc +#define public_fREe dlfree +#define public_mALLOc dlmalloc +#define public_mEMALIGn dlmemalign +#define public_posix_mEMALIGn dlposix_memalign +#define public_rEALLOc dlrealloc +#define public_vALLOc dlvalloc +#define public_pVALLOc dlpvalloc +#define public_mALLINFo dlmallinfo +#define public_mALLOPt dlmallopt +#define public_mTRIm dlmalloc_trim +#define public_mSTATs dlmalloc_stats +#define public_mUSABLe dlmalloc_usable_size +#else /* USE_DL_PREFIX */ +#define public_cALLOc calloc +#define public_fREe free +#define public_mALLOc malloc +#define public_mEMALIGn memalign +#define public_posix_mEMALIGn posix_memalign +#define public_rEALLOc realloc +#define public_vALLOc valloc +#define public_pVALLOc pvalloc +#define public_mALLINFo mallinfo +#define public_mALLOPt mallopt +#define public_mTRIm malloc_trim +#define public_mSTATs malloc_stats +#define public_mUSABLe malloc_usable_size +#endif /* USE_DL_PREFIX */ + + +/* + HAVE_MEMCPY should be defined if you are not otherwise using + ANSI STD C, but still have memcpy and memset in your C library + and want to use them in calloc and realloc. Otherwise simple + macro versions are defined below. + + USE_MEMCPY should be defined as 1 if you actually want to + have memset and memcpy called. People report that the macro + versions are faster than libc versions on some systems. + + Even if USE_MEMCPY is set to 1, loops to copy/clear small chunks + (of <= 36 bytes) are manually unrolled in realloc and calloc. +*/ + +#ifndef HAVE_MEMCPY +#define HAVE_MEMCPY +#endif + +#ifndef USE_MEMCPY +#ifdef HAVE_MEMCPY +#define USE_MEMCPY 1 +#else +#define USE_MEMCPY 0 +#endif +#endif + + +#if (__STD_C || defined(HAVE_MEMCPY)) + +#ifdef WIN32 + /* On Win32 memset and memcpy are already declared in windows.h */ +#else +#if __STD_C + /* Defined in string.h */ +#else +Void_t* memset(); +Void_t* memcpy(); +#endif +#endif +#endif + +/* + MALLOC_FAILURE_ACTION is the action to take before "return 0" when + malloc fails to be able to return memory, either because memory is + exhausted or because of illegal arguments. + + By default, sets errno if running on STD_C platform, else does nothing. +*/ + +#ifndef MALLOC_FAILURE_ACTION +#if __STD_C +#define MALLOC_FAILURE_ACTION \ + errno = ENOMEM; + +#else +#define MALLOC_FAILURE_ACTION +#endif +#endif + +/* + MORECORE-related declarations. By default, rely on sbrk +*/ + + +#if !defined(HAVE_UNISTD_H) +#if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__NetBSD__) +#if __STD_C +extern Void_t* sbrk(ptrdiff_t); +#else +extern Void_t* sbrk(); +#endif +#endif +#endif + +/* + MORECORE_FAILURE is the value returned upon failure of MORECORE + as well as mmap. Since it cannot be an otherwise valid memory address, + and must reflect values of standard sys calls, you probably ought not + try to redefine it. +*/ + +#ifndef MORECORE_FAILURE +#define MORECORE_FAILURE ((void*)(-1UL)) +#endif + +/* + MORECORE is the name of the routine to call to obtain more memory + from the system. See below for general guidance on writing + alternative MORECORE functions, as well as a version for WIN32 and a + sample version for pre-OSX macos. +*/ + +#ifndef MORECORE +#define MORECORE sbrk +#endif + + +/* + If MORECORE_CONTIGUOUS is true, take advantage of fact that + consecutive calls to MORECORE with positive arguments always return + contiguous increasing addresses. This is true of unix sbrk. Even + if not defined, when regions happen to be contiguous, malloc will + permit allocations spanning regions obtained from different + calls. But defining this when applicable enables some stronger + consistency checks and space efficiencies. +*/ + +#ifndef MORECORE_CONTIGUOUS +#define MORECORE_CONTIGUOUS 1 +#endif + +/* + Define MORECORE_CANNOT_TRIM if your version of MORECORE + cannot release space back to the system when given negative + arguments. This is generally necessary only if you are using + a hand-crafted MORECORE function that cannot handle negative arguments. +*/ + +/* #define MORECORE_CANNOT_TRIM */ + + +/* + This malloc requires mmap for heap management data. It is an error + if mmap is not available. + + Additionally, mmap will be used to satisfy large requests. +*/ + +#ifndef HAVE_MMAP +# error HAVE_MMAP not defined, has your operating system mmap? +#endif + +/* + Standard unix mmap using /dev/zero clears memory so calloc doesn't + need to. +*/ + +#ifndef MMAP_CLEARS +#define MMAP_CLEARS 1 +#endif + + +/* + MMAP_AS_MORECORE_SIZE is the minimum mmap size argument to use if + sbrk fails, and mmap is used as a backup (which is done only if + HAVE_MMAP). The value must be a multiple of page size. This + backup strategy generally applies only when systems have "holes" in + address space, so sbrk cannot perform contiguous expansion, but + there is still space available on system. On systems for which + this is known to be useful (i.e. most linux kernels), this occurs + only when programs allocate huge amounts of memory. Between this, + and the fact that mmap regions tend to be limited, the size should + be large, to avoid too many mmap calls and thus avoid running out + of kernel resources. +*/ + +#ifndef MMAP_AS_MORECORE_SIZE +#define MMAP_AS_MORECORE_SIZE (1024 * 1024) +#endif + + +/* + The system page size. To the extent possible, this malloc manages + memory from the system in page-size units. Note that this value is + cached during initialization into a field of malloc_state. So even + if malloc_getpagesize is a function, it is only called once. + + The following mechanics for getpagesize were adapted from bsd/gnu + getpagesize.h. If none of the system-probes here apply, a value of + 4096 is used, which should be OK: If they don't apply, then using + the actual value probably doesn't impact performance. +*/ + + +#ifndef malloc_getpagesize + +# ifdef _SC_PAGESIZE /* some SVR4 systems omit an underscore */ +# ifndef _SC_PAGE_SIZE +# define _SC_PAGE_SIZE _SC_PAGESIZE +# endif +# endif + +# ifdef _SC_PAGE_SIZE +# define malloc_getpagesize sysconf(_SC_PAGE_SIZE) +# else +# if defined(BSD) || defined(DGUX) || defined(HAVE_GETPAGESIZE) + extern size_t getpagesize(); +# define malloc_getpagesize getpagesize() +# else +# ifdef WIN32 /* use supplied emulation of getpagesize */ +# define malloc_getpagesize getpagesize() +# else +# if defined(HAVE_SYS_PARAM_H) +# include +# endif +# ifdef EXEC_PAGESIZE +# define malloc_getpagesize EXEC_PAGESIZE +# else +# ifdef NBPG +# ifndef CLSIZE +# define malloc_getpagesize NBPG +# else +# define malloc_getpagesize (NBPG * CLSIZE) +# endif +# else +# ifdef NBPC +# define malloc_getpagesize NBPC +# else +# ifdef PAGESIZE +# define malloc_getpagesize PAGESIZE +# else /* just guess */ +# define malloc_getpagesize (4096) +# endif +# endif +# endif +# endif +# endif +# endif +# endif +#endif + +/* + This version of malloc supports the standard SVID/XPG mallinfo + routine that returns a struct containing usage properties and + statistics. It should work on any SVID/XPG compliant system that has + a /usr/include/malloc.h defining struct mallinfo. (If you'd like to + install such a thing yourself, cut out the preliminary declarations + as described above and below and save them in a malloc.h file. But + there's no compelling reason to bother to do this.) + + The main declaration needed is the mallinfo struct that is returned + (by-copy) by mallinfo(). The SVID/XPG malloinfo struct contains a + bunch of fields that are not even meaningful in this version of + malloc. These fields are are instead filled by mallinfo() with + other numbers that might be of interest. + + HAVE_MALLOC_H should be set if you have a + /usr/include/malloc.h file that includes a declaration of struct + mallinfo. If so, it is included; else an SVID2/XPG2 compliant + version is declared below. These must be precisely the same for + mallinfo() to work. The original SVID version of this struct, + defined on most systems with mallinfo, declares all fields as + ints. But some others define as unsigned long. If your system + defines the fields using a type of different width than listed here, + you must #include your system version and #define + HAVE_MALLOC_H. +*/ + +/* #define HAVE_MALLOC_H */ + +/* On *BSD, malloc.h is deprecated, and on some *BSD including + * it may actually raise an error. + */ +#if defined(HAVE_MALLOC_H) && !defined(__OpenBSD__) && !defined(__FreeBSD__) && !defined(__NetBSD__) +#include +#else + +/* SVID2/XPG mallinfo structure */ + +struct mallinfo { + int arena; /* non-mmapped space allocated from system */ + int ordblks; /* number of free chunks */ + int smblks; /* number of fastbin blocks */ + int hblks; /* number of mmapped regions */ + int hblkhd; /* space in mmapped regions */ + int usmblks; /* maximum total allocated space */ + int fsmblks; /* space available in freed fastbin blocks */ + int uordblks; /* total allocated space */ + int fordblks; /* total free space */ + int keepcost; /* top-most, releasable (via malloc_trim) space */ +}; + +/* + SVID/XPG defines four standard parameter numbers for mallopt, + normally defined in malloc.h. Only one of these (M_MXFAST) is used + in this malloc. The others (M_NLBLKS, M_GRAIN, M_KEEP) don't apply, + so setting them has no effect. But this malloc also supports other + options in mallopt described below. +*/ +#endif + + +/* ---------- description of public routines ------------ */ + +/* + malloc(size_t n) + Returns a pointer to a newly allocated chunk of at least n bytes, or null + if no space is available. Additionally, on failure, errno is + set to ENOMEM on ANSI C systems. + + If n is zero, malloc returns a minumum-sized chunk. (The minimum + size is 16 bytes on most 32bit systems, and 24 or 32 bytes on 64bit + systems.) On most systems, size_t is an unsigned type, so calls + with negative arguments are interpreted as requests for huge amounts + of space, which will often fail. The maximum supported value of n + differs across systems, but is in all cases less than the maximum + representable value of a size_t. +*/ +#if __STD_C +Void_t* public_mALLOc(size_t) __attribute_malloc__; +#else +Void_t* public_mALLOc(); +#endif + +/* + free(Void_t* p) + Releases the chunk of memory pointed to by p, that had been previously + allocated using malloc or a related routine such as realloc. + It has no effect if p is null. It can have arbitrary (i.e., bad!) + effects if p has already been freed. + + Unless disabled (using mallopt), freeing very large spaces will + when possible, automatically trigger operations that give + back unused memory to the system, thus reducing program footprint. +*/ +#if __STD_C +void public_fREe(Void_t*); +#else +void public_fREe(); +#endif + +/* + calloc(size_t n_elements, size_t element_size); + Returns a pointer to n_elements * element_size bytes, with all locations + set to zero. +*/ +#if __STD_C +Void_t* public_cALLOc(size_t, size_t) __attribute_malloc__; +#else +Void_t* public_cALLOc(); +#endif + +/* + realloc(Void_t* p, size_t n) + Returns a pointer to a chunk of size n that contains the same data + as does chunk p up to the minimum of (n, p's size) bytes, or null + if no space is available. + + The returned pointer may or may not be the same as p. The algorithm + prefers extending p when possible, otherwise it employs the + equivalent of a malloc-copy-free sequence. + + If p is null, realloc is equivalent to malloc. + + If space is not available, realloc returns null, errno is set (if on + ANSI) and p is NOT freed. + + if n is for fewer bytes than already held by p, the newly unused + space is lopped off and freed if possible. Unless the #define + REALLOC_ZERO_BYTES_FREES is set, realloc with a size argument of + zero (re)allocates a minimum-sized chunk. + + Large chunks that were internally obtained via mmap will always + be reallocated using malloc-copy-free sequences unless + the system supports MREMAP (currently only linux). + + The old unix realloc convention of allowing the last-free'd chunk + to be used as an argument to realloc is not supported. +*/ +#if __STD_C +Void_t* public_rEALLOc(Void_t*, size_t) __attribute_malloc__; +#else +Void_t* public_rEALLOc(); +#endif + +/* + memalign(size_t alignment, size_t n); + Returns a pointer to a newly allocated chunk of n bytes, aligned + in accord with the alignment argument. + + The alignment argument should be a power of two. If the argument is + not a power of two, the nearest greater power is used. + 8-byte alignment is guaranteed by normal malloc calls, so don't + bother calling memalign with an argument of 8 or less. + + Overreliance on memalign is a sure way to fragment space. +*/ +#if __STD_C +Void_t* public_mEMALIGn(size_t, size_t) __attribute_malloc__; +#else +Void_t* public_mEMALIGn(); +#endif + +/* + posix_memalign(void** memptr, size_t alignment, size_t n); + Sets *memptr to the address of a newly allocated chunk of n bytes, aligned + in accord with the alignment argument. Returns 0 on success, otherwise + an error (EINVAL for incorrect alignment, ENOMEM for out of memory). + + The alignment must be a power of two, and a multiple of sizeof(void *). +*/ +#if __STD_C +int public_posix_mEMALIGn(Void_t**, size_t, size_t); +#else +int public_posix_mEMALIGn(); +#endif + +/* + valloc(size_t n); + Equivalent to memalign(pagesize, n), where pagesize is the page + size of the system. If the pagesize is unknown, 4096 is used. +*/ +#if __STD_C +Void_t* public_vALLOc(size_t) __attribute_malloc__; +#else +Void_t* public_vALLOc(); +#endif + + + +/* + mallopt(int parameter_number, int parameter_value) + Sets tunable parameters The format is to provide a + (parameter-number, parameter-value) pair. mallopt then sets the + corresponding parameter to the argument value if it can (i.e., so + long as the value is meaningful), and returns 1 if successful else + 0. SVID/XPG/ANSI defines four standard param numbers for mallopt, + normally defined in malloc.h. Only one of these (M_MXFAST) is used + in this malloc. The others (M_NLBLKS, M_GRAIN, M_KEEP) don't apply, + so setting them has no effect. But this malloc also supports four + other options in mallopt. See below for details. Briefly, supported + parameters are as follows (listed defaults are for "typical" + configurations). + + Symbol param # default allowed param values + M_MXFAST 1 64 0-80 (0 disables fastbins) + M_TRIM_THRESHOLD -1 256*1024 any (-1U disables trimming) + M_TOP_PAD -2 0 any + M_MMAP_THRESHOLD -3 256*1024 any (or 0 if no MMAP support) + M_MMAP_MAX -4 65536 any (0 disables use of mmap) +*/ +#if __STD_C +int public_mALLOPt(int, int); +#else +int public_mALLOPt(); +#endif + + +/* + mallinfo() + Returns (by copy) a struct containing various summary statistics: + + arena: current total non-mmapped bytes allocated from system + ordblks: the number of free chunks + smblks: the number of fastbin blocks (i.e., small chunks that + have been freed but not use resused or consolidated) + hblks: current number of mmapped regions + hblkhd: total bytes held in mmapped regions + usmblks: the maximum total allocated space. This will be greater + than current total if trimming has occurred. + fsmblks: total bytes held in fastbin blocks + uordblks: current total allocated space (normal or mmapped) + fordblks: total free space + keepcost: the maximum number of bytes that could ideally be released + back to system via malloc_trim. ("ideally" means that + it ignores page restrictions etc.) + + Because these fields are ints, but internal bookkeeping may + be kept as longs, the reported values may wrap around zero and + thus be inaccurate. +*/ +#if __STD_C +struct mallinfo public_mALLINFo(void); +#else +struct mallinfo public_mALLINFo(); +#endif + +/* + pvalloc(size_t n); + Equivalent to valloc(minimum-page-that-holds(n)), that is, + round up n to nearest pagesize. + */ +#if __STD_C +Void_t* public_pVALLOc(size_t) __attribute_malloc__; +#else +Void_t* public_pVALLOc(); +#endif + +/* + malloc_trim(size_t pad); + + If possible, gives memory back to the system (via negative + arguments to sbrk) if there is unused memory at the `high' end of + the malloc pool. You can call this after freeing large blocks of + memory to potentially reduce the system-level memory requirements + of a program. However, it cannot guarantee to reduce memory. Under + some allocation patterns, some large free blocks of memory will be + locked between two used chunks, so they cannot be given back to + the system. + + The `pad' argument to malloc_trim represents the amount of free + trailing space to leave untrimmed. If this argument is zero, + only the minimum amount of memory to maintain internal data + structures will be left (one page or less). Non-zero arguments + can be supplied to maintain enough trailing space to service + future expected allocations without having to re-obtain memory + from the system. + + Malloc_trim returns 1 if it actually released any memory, else 0. + On systems that do not support "negative sbrks", it will always + rreturn 0. +*/ +#if __STD_C +int public_mTRIm(size_t); +#else +int public_mTRIm(); +#endif + +/* + malloc_usable_size(Void_t* p); + + Returns the number of bytes you can actually use in + an allocated chunk, which may be more than you requested (although + often not) due to alignment and minimum size constraints. + You can use this many bytes without worrying about + overwriting other allocated objects. This is not a particularly great + programming practice. malloc_usable_size can be more useful in + debugging and assertions, for example: + + p = malloc(n); + assert(malloc_usable_size(p) >= 256); + +*/ +#if __STD_C +size_t public_mUSABLe(Void_t*); +#else +size_t public_mUSABLe(); +#endif + +/* + malloc_stats(); + Prints on stderr the amount of space obtained from the system (both + via sbrk and mmap), the maximum amount (which may be more than + current if malloc_trim and/or munmap got called), and the current + number of bytes allocated via malloc (or realloc, etc) but not yet + freed. Note that this is the number of bytes allocated, not the + number requested. It will be larger than the number requested + because of alignment and bookkeeping overhead. Because it includes + alignment wastage as being in use, this figure may be greater than + zero even when no user-level chunks are allocated. + + The reported current and maximum system memory can be inaccurate if + a program makes other calls to system memory allocation functions + (normally sbrk) outside of malloc. + + malloc_stats prints only the most commonly interesting statistics. + More information can be obtained by calling mallinfo. + +*/ +#if __STD_C +void public_mSTATs(); +#else +void public_mSTATs(); +#endif + +/* mallopt tuning options */ + +/* + M_MXFAST is the maximum request size used for "fastbins", special bins + that hold returned chunks without consolidating their spaces. This + enables future requests for chunks of the same size to be handled + very quickly, but can increase fragmentation, and thus increase the + overall memory footprint of a program. + + This malloc manages fastbins very conservatively yet still + efficiently, so fragmentation is rarely a problem for values less + than or equal to the default. The maximum supported value of MXFAST + is 80. You wouldn't want it any higher than this anyway. Fastbins + are designed especially for use with many small structs, objects or + strings -- the default handles structs/objects/arrays with sizes up + to 16 4byte fields, or small strings representing words, tokens, + etc. Using fastbins for larger objects normally worsens + fragmentation without improving speed. + + M_MXFAST is set in REQUEST size units. It is internally used in + chunksize units, which adds padding and alignment. You can reduce + M_MXFAST to 0 to disable all use of fastbins. This causes the malloc + algorithm to be a closer approximation of fifo-best-fit in all cases, + not just for larger requests, but will generally cause it to be + slower. +*/ + + +/* M_MXFAST is a standard SVID/XPG tuning option, usually listed in malloc.h */ +#ifndef M_MXFAST +#define M_MXFAST 1 +#endif + +#ifndef DEFAULT_MXFAST +#define DEFAULT_MXFAST 64 +#endif + + +/* + M_TRIM_THRESHOLD is the maximum amount of unused top-most memory + to keep before releasing via malloc_trim in free(). + + Automatic trimming is mainly useful in long-lived programs. + Because trimming via sbrk can be slow on some systems, and can + sometimes be wasteful (in cases where programs immediately + afterward allocate more large chunks) the value should be high + enough so that your overall system performance would improve by + releasing this much memory. + + The trim threshold and the mmap control parameters (see below) + can be traded off with one another. Trimming and mmapping are + two different ways of releasing unused memory back to the + system. Between these two, it is often possible to keep + system-level demands of a long-lived program down to a bare + minimum. For example, in one test suite of sessions measuring + the XF86 X server on Linux, using a trim threshold of 128K and a + mmap threshold of 192K led to near-minimal long term resource + consumption. + + If you are using this malloc in a long-lived program, it should + pay to experiment with these values. As a rough guide, you + might set to a value close to the average size of a process + (program) running on your system. Releasing this much memory + would allow such a process to run in memory. Generally, it's + worth it to tune for trimming rather tham memory mapping when a + program undergoes phases where several large chunks are + allocated and released in ways that can reuse each other's + storage, perhaps mixed with phases where there are no such + chunks at all. And in well-behaved long-lived programs, + controlling release of large blocks via trimming versus mapping + is usually faster. + + However, in most programs, these parameters serve mainly as + protection against the system-level effects of carrying around + massive amounts of unneeded memory. Since frequent calls to + sbrk, mmap, and munmap otherwise degrade performance, the default + parameters are set to relatively high values that serve only as + safeguards. + + The trim value must be greater than page size to have any useful + effect. To disable trimming completely, you can set to + (unsigned long)(-1) + + Trim settings interact with fastbin (MXFAST) settings: Unless + TRIM_FASTBINS is defined, automatic trimming never takes place upon + freeing a chunk with size less than or equal to MXFAST. Trimming is + instead delayed until subsequent freeing of larger chunks. However, + you can still force an attempted trim by calling malloc_trim. + + Also, trimming is not generally possible in cases where + the main arena is obtained via mmap. + + Note that the trick some people use of mallocing a huge space and + then freeing it at program startup, in an attempt to reserve system + memory, doesn't have the intended effect under automatic trimming, + since that memory will immediately be returned to the system. +*/ + +#define M_TRIM_THRESHOLD -1 + +#ifndef DEFAULT_TRIM_THRESHOLD +#define DEFAULT_TRIM_THRESHOLD (256 * 1024) +#endif + +/* + M_TOP_PAD is the amount of extra `padding' space to allocate or + retain whenever sbrk is called. It is used in two ways internally: + + * When sbrk is called to extend the top of the arena to satisfy + a new malloc request, this much padding is added to the sbrk + request. + + * When malloc_trim is called automatically from free(), + it is used as the `pad' argument. + + In both cases, the actual amount of padding is rounded + so that the end of the arena is always a system page boundary. + + The main reason for using padding is to avoid calling sbrk so + often. Having even a small pad greatly reduces the likelihood + that nearly every malloc request during program start-up (or + after trimming) will invoke sbrk, which needlessly wastes + time. + + Automatic rounding-up to page-size units is normally sufficient + to avoid measurable overhead, so the default is 0. However, in + systems where sbrk is relatively slow, it can pay to increase + this value, at the expense of carrying around more memory than + the program needs. +*/ + +#define M_TOP_PAD -2 + +#ifndef DEFAULT_TOP_PAD +#define DEFAULT_TOP_PAD (0) +#endif + +/* + M_MMAP_THRESHOLD is the request size threshold for using mmap() + to service a request. Requests of at least this size that cannot + be allocated using already-existing space will be serviced via mmap. + (If enough normal freed space already exists it is used instead.) + + Using mmap segregates relatively large chunks of memory so that + they can be individually obtained and released from the host + system. A request serviced through mmap is never reused by any + other request (at least not directly; the system may just so + happen to remap successive requests to the same locations). + + Segregating space in this way has the benefits that: + + 1. Mmapped space can ALWAYS be individually released back + to the system, which helps keep the system level memory + demands of a long-lived program low. + 2. Mapped memory can never become `locked' between + other chunks, as can happen with normally allocated chunks, which + means that even trimming via malloc_trim would not release them. + 3. On some systems with "holes" in address spaces, mmap can obtain + memory that sbrk cannot. + + However, it has the disadvantages that: + + 1. The space cannot be reclaimed, consolidated, and then + used to service later requests, as happens with normal chunks. + 2. It can lead to more wastage because of mmap page alignment + requirements + 3. It causes malloc performance to be more dependent on host + system memory management support routines which may vary in + implementation quality and may impose arbitrary + limitations. Generally, servicing a request via normal + malloc steps is faster than going through a system's mmap. + + The advantages of mmap nearly always outweigh disadvantages for + "large" chunks, but the value of "large" varies across systems. The + default is an empirically derived value that works well in most + systems. +*/ + +#define M_MMAP_THRESHOLD -3 + +#ifndef DEFAULT_MMAP_THRESHOLD +#define DEFAULT_MMAP_THRESHOLD (256 * 1024) +#endif + +/* + M_MMAP_MAX is the maximum number of requests to simultaneously + service using mmap. This parameter exists because +. Some systems have a limited number of internal tables for + use by mmap, and using more than a few of them may degrade + performance. + + The default is set to a value that serves only as a safeguard. + Setting to 0 disables use of mmap for servicing large requests. If + HAVE_MMAP is not set, the default value is 0, and attempts to set it + to non-zero values in mallopt will fail. +*/ + +#define M_MMAP_MAX -4 + +#ifndef DEFAULT_MMAP_MAX +#define DEFAULT_MMAP_MAX (65536) +#endif + +#ifdef __cplusplus +}; /* end of extern "C" */ +#endif + +/* + ======================================================================== + To make a fully customizable malloc.h header file, cut everything + above this line, put into file malloc.h, edit to suit, and #include it + on the next line, as well as in programs that use this malloc. + ======================================================================== +*/ + +/* #include "malloc.h" */ + +/* --------------------- public wrappers ---------------------- */ + +#ifdef USE_PUBLIC_MALLOC_WRAPPERS + +/* DL_STATIC used to make functions (deep down) consistent + * with prototypes (otherwise the prototypes are static + * with USE_PUBLIC_MALLOC_WRAPPERS, but the functions aren't). + * The gcc compiler doesn't care, but the HP-UX compiler does. + */ +#define DL_STATIC static + +/* Declare all routines as internal */ +#if __STD_C +static Void_t* mALLOc(size_t) __attribute_malloc__; +static void fREe(Void_t*); +static Void_t* rEALLOc(Void_t*, size_t) __attribute_malloc__; +static Void_t* mEMALIGn(size_t, size_t) __attribute_malloc__; +static int posix_mEMALIGn(Void_t**, size_t, size_t); +static Void_t* vALLOc(size_t) __attribute_malloc__; +static Void_t* pVALLOc(size_t) __attribute_malloc__; +static Void_t* cALLOc(size_t, size_t) __attribute_malloc__; +static int mTRIm(size_t); +static size_t mUSABLe(Void_t*); +static void mSTATs(); +static int mALLOPt(int, int); +static struct mallinfo mALLINFo(void); +#else +static Void_t* mALLOc(); +static void fREe(); +static Void_t* rEALLOc(); +static Void_t* mEMALIGn(); +static int posix_mEMALIGn(); +static Void_t* vALLOc(); +static Void_t* pVALLOc(); +static Void_t* cALLOc(); +static int mTRIm(); +static size_t mUSABLe(); +static void mSTATs(); +static int mALLOPt(); +static struct mallinfo mALLINFo(); +#endif + +/* + MALLOC_PREACTION and MALLOC_POSTACTION should be + defined to return 0 on success, and nonzero on failure. + The return value of MALLOC_POSTACTION is currently ignored + in wrapper functions since there is no reasonable default + action to take on failure. +*/ + + +#ifdef USE_MALLOC_LOCK + +# ifdef WIN32 + +static int mALLOC_MUTEx; +#define MALLOC_PREACTION slwait(&mALLOC_MUTEx) +#define MALLOC_POSTACTION slrelease(&mALLOC_MUTEx) +int dnmalloc_pthread_init(void) { return 0; } + +# elif defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) + +# if defined(__NetBSD__) +#include +extern int __isthreaded; +static mutex_t thread_lock = MUTEX_INITIALIZER; +#define _MALLOC_LOCK() if (__isthreaded) mutex_lock(&thread_lock) +#define _MALLOC_UNLOCK() if (__isthreaded) mutex_unlock(&thread_lock) +void _malloc_prefork(void) { _MALLOC_LOCK(); } +void _malloc_postfork(void) { _MALLOC_UNLOCK(); } +# endif + +# if defined(__OpenBSD__) +extern int __isthreaded; +void _thread_malloc_lock(void); +void _thread_malloc_unlock(void); +#define _MALLOC_LOCK() if (__isthreaded) _thread_malloc_lock() +#define _MALLOC_UNLOCK() if (__isthreaded) _thread_malloc_unlock() +# endif + +# if defined(__FreeBSD__) +extern int __isthreaded; +struct _spinlock { + volatile long access_lock; + volatile long lock_owner; + volatile char *fname; + volatile int lineno; +}; +typedef struct _spinlock spinlock_t; +#define _SPINLOCK_INITIALIZER { 0, 0, 0, 0 } +void _spinlock(spinlock_t *); +void _spinunlock(spinlock_t *); +/* # include "/usr/src/lib/libc/include/spinlock.h" */ +static spinlock_t thread_lock = _SPINLOCK_INITIALIZER; +spinlock_t *__malloc_lock = &thread_lock; +#define _MALLOC_LOCK() if (__isthreaded) _spinlock(&thread_lock) +#define _MALLOC_UNLOCK() if (__isthreaded) _spinunlock(&thread_lock) +# endif + +/* Common for all three *BSD + */ +static int malloc_active = 0; +static int dnmalloc_mutex_lock() +{ + _MALLOC_LOCK(); + if (!malloc_active) + { + ++malloc_active; + return 0; + } + assert(malloc_active == 0); + _MALLOC_UNLOCK(); + errno = EDEADLK; + return 1; +} +static int dnmalloc_mutex_unlock() +{ + --malloc_active; + _MALLOC_UNLOCK(); + return 0; +} +#define MALLOC_PREACTION dnmalloc_mutex_lock() +#define MALLOC_POSTACTION dnmalloc_mutex_unlock() +int dnmalloc_pthread_init(void) { return 0; } + +# else + +/* Wrapping malloc with pthread_mutex_lock/pthread_mutex_unlock + * + * Works fine on linux (no malloc in pthread_mutex_lock) + * Works with on HP-UX if initialized after entering main() + */ +#include +static int malloc_active = 0; +void dnmalloc_fork_prepare(void); +void dnmalloc_fork_parent(void); +void dnmalloc_fork_child(void); + +#if !defined(__linux__) + +static pthread_mutex_t mALLOC_MUTEx; +pthread_once_t dnmalloc_once_control = PTHREAD_ONCE_INIT; +static int dnmalloc_use_mutex = 0; +static void dnmalloc_pthread_init_int(void) +{ + pthread_mutexattr_t mta; + pthread_mutexattr_init(&mta); + pthread_mutexattr_settype(&mta, PTHREAD_MUTEX_RECURSIVE); + pthread_mutex_init(&(mALLOC_MUTEx), &mta); + pthread_mutexattr_destroy(&mta); + pthread_atfork(dnmalloc_fork_prepare, + dnmalloc_fork_parent, + dnmalloc_fork_child); + dnmalloc_use_mutex = 1; +} +int dnmalloc_pthread_init(void) +{ + return pthread_once(&dnmalloc_once_control, dnmalloc_pthread_init_int); +} + +#else + +static pthread_mutex_t mALLOC_MUTEx = PTHREAD_MUTEX_INITIALIZER; +static int dnmalloc_use_mutex = 1; +int dnmalloc_pthread_init(void) { + return pthread_atfork(dnmalloc_fork_prepare, + dnmalloc_fork_parent, + dnmalloc_fork_child); +} +#endif /* !defined(__linux__) */ + +void dnmalloc_fork_prepare(void) { + if (dnmalloc_use_mutex) + pthread_mutex_lock(&mALLOC_MUTEx); +} +void dnmalloc_fork_parent(void) { + if (dnmalloc_use_mutex) + pthread_mutex_unlock(&mALLOC_MUTEx); +} +void dnmalloc_fork_child(void) { + int rc = 0; +#ifdef __GLIBC__ + if (dnmalloc_use_mutex) + { + pthread_mutex_unlock (&mALLOC_MUTEx); + pthread_mutex_destroy(&mALLOC_MUTEx); + rc = pthread_mutex_init(&mALLOC_MUTEx, NULL); + } +#else + if (dnmalloc_use_mutex) + rc = pthread_mutex_unlock(&mALLOC_MUTEx); +#endif + if (rc != 0) + { + fputs("fork_child failed", stderr); + _exit(EXIT_FAILURE); + } +} +static int dnmalloc_mutex_lock(pthread_mutex_t *mutex) +{ + if (dnmalloc_use_mutex) + { + int rc = pthread_mutex_lock(mutex); + if (rc == 0) + { + if (!malloc_active) + { + ++malloc_active; + return 0; + } + assert(malloc_active == 0); + (void) pthread_mutex_unlock(mutex); + errno = EDEADLK; + return 1; + } + return rc; + } + return 0; +} +static int dnmalloc_mutex_unlock(pthread_mutex_t *mutex) +{ + if (dnmalloc_use_mutex) + { + --malloc_active; + return pthread_mutex_unlock(mutex); + } + return 0; +} +# define MALLOC_PREACTION dnmalloc_mutex_lock(&mALLOC_MUTEx) +# define MALLOC_POSTACTION dnmalloc_mutex_unlock(&mALLOC_MUTEx) + +# endif + +#else + +/* Substitute anything you like for these */ + +# define MALLOC_PREACTION (0) +# define MALLOC_POSTACTION (0) +int dnmalloc_pthread_init(void) { return 0; } + +#endif /* USE_MALLOC_LOCK */ + +Void_t* public_mALLOc(size_t bytes) { + Void_t* m; + if (MALLOC_PREACTION == 0) { + m = mALLOc(bytes); + (void) MALLOC_POSTACTION; + return m; + } + return 0; +} + +void public_fREe(Void_t* m) { + if (MALLOC_PREACTION == 0) { + fREe(m); + (void) MALLOC_POSTACTION; + } +} + +Void_t* public_rEALLOc(Void_t* m, size_t bytes) { + if (MALLOC_PREACTION == 0) { + m = rEALLOc(m, bytes); + (void) MALLOC_POSTACTION; + return m; + } + return 0; +} + +Void_t* public_mEMALIGn(size_t alignment, size_t bytes) { + Void_t* m; + if (MALLOC_PREACTION == 0) { + m = mEMALIGn(alignment, bytes); + (void) MALLOC_POSTACTION; + return m; + } + return 0; +} + +int public_posix_mEMALIGn(Void_t**memptr, size_t alignment, size_t bytes) { + int m, ret; + if ((ret = MALLOC_PREACTION) == 0) { + m = posix_mEMALIGn(memptr, alignment, bytes); + (void) MALLOC_POSTACTION; + return m; + } + return ret; +} + +Void_t* public_vALLOc(size_t bytes) { + Void_t* m; + if (MALLOC_PREACTION == 0) { + m = vALLOc(bytes); + (void) MALLOC_POSTACTION; + return m; + } + return 0; +} + +Void_t* public_pVALLOc(size_t bytes) { + Void_t* m; + if (MALLOC_PREACTION == 0) { + m = pVALLOc(bytes); + (void) MALLOC_POSTACTION; + return m; + } + return 0; +} + +Void_t* public_cALLOc(size_t n, size_t elem_size) { + Void_t* m; + if (MALLOC_PREACTION == 0) { + m = cALLOc(n, elem_size); + (void) MALLOC_POSTACTION; + return m; + } + return 0; +} + +int public_mTRIm(size_t s) { + int result; + if (MALLOC_PREACTION == 0) { + result = mTRIm(s); + (void) MALLOC_POSTACTION; + return result; + } + return 0; +} + +size_t public_mUSABLe(Void_t* m) { + size_t result; + if (MALLOC_PREACTION == 0) { + result = mUSABLe(m); + (void) MALLOC_POSTACTION; + return result; + } + return 0; +} + +void public_mSTATs() { + if (MALLOC_PREACTION == 0) { + mSTATs(); + (void) MALLOC_POSTACTION; + } +} + +struct mallinfo public_mALLINFo() { + struct mallinfo m; + if (MALLOC_PREACTION == 0) { + m = mALLINFo(); + (void) MALLOC_POSTACTION; + return m; + } else { + struct mallinfo nm = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; + return nm; + } +} + +int public_mALLOPt(int p, int v) { + int result; + if (MALLOC_PREACTION == 0) { + result = mALLOPt(p, v); + (void) MALLOC_POSTACTION; + return result; + } + return 0; +} + +#else + +int dnmalloc_pthread_init(void) { return 0; } +#define DL_STATIC + +#endif /* USE_PUBLIC_MALLOC_WRAPPERS */ + + + +/* ------------- Optional versions of memcopy ---------------- */ + + +#if USE_MEMCPY + +/* + Note: memcpy is ONLY invoked with non-overlapping regions, + so the (usually slower) memmove is not needed. +*/ + +#define MALLOC_COPY(dest, src, nbytes) memcpy(dest, src, nbytes) +#define MALLOC_ZERO(dest, nbytes) memset(dest, 0, nbytes) + +#else /* !USE_MEMCPY */ + +/* Use Duff's device for good zeroing/copying performance. */ + +#define MALLOC_ZERO(charp, nbytes) \ +do { \ + INTERNAL_SIZE_T* mzp = (INTERNAL_SIZE_T*)(charp); \ + CHUNK_SIZE_T mctmp = (nbytes)/sizeof(INTERNAL_SIZE_T); \ + long mcn; \ + if (mctmp < 8) mcn = 0; else { mcn = (mctmp-1)/8; mctmp %= 8; } \ + switch (mctmp) { \ + case 0: for(;;) { *mzp++ = 0; \ + case 7: *mzp++ = 0; \ + case 6: *mzp++ = 0; \ + case 5: *mzp++ = 0; \ + case 4: *mzp++ = 0; \ + case 3: *mzp++ = 0; \ + case 2: *mzp++ = 0; \ + case 1: *mzp++ = 0; if(mcn <= 0) break; mcn--; } \ + } \ +} while(0) + +#define MALLOC_COPY(dest,src,nbytes) \ +do { \ + INTERNAL_SIZE_T* mcsrc = (INTERNAL_SIZE_T*) src; \ + INTERNAL_SIZE_T* mcdst = (INTERNAL_SIZE_T*) dest; \ + CHUNK_SIZE_T mctmp = (nbytes)/sizeof(INTERNAL_SIZE_T); \ + long mcn; \ + if (mctmp < 8) mcn = 0; else { mcn = (mctmp-1)/8; mctmp %= 8; } \ + switch (mctmp) { \ + case 0: for(;;) { *mcdst++ = *mcsrc++; \ + case 7: *mcdst++ = *mcsrc++; \ + case 6: *mcdst++ = *mcsrc++; \ + case 5: *mcdst++ = *mcsrc++; \ + case 4: *mcdst++ = *mcsrc++; \ + case 3: *mcdst++ = *mcsrc++; \ + case 2: *mcdst++ = *mcsrc++; \ + case 1: *mcdst++ = *mcsrc++; if(mcn <= 0) break; mcn--; } \ + } \ +} while(0) + +#endif + +/* ------------------ MMAP support ------------------ */ + + +#if defined(HAVE_FCNTL_H) +#include +#endif + +#if defined(HAVE_SYS_MMAN_H) +#include +#endif + +#if !defined(MAP_ANONYMOUS) && defined(MAP_ANON) +#define MAP_ANONYMOUS MAP_ANON +#endif + +/* + Nearly all versions of mmap support MAP_ANONYMOUS, + so the following is unlikely to be needed, but is + supplied just in case. +*/ + +#ifndef MAP_ANONYMOUS + +/* rw 19.05.2008 changed to avoid cached file descriptor, untested + */ +void * anon_mmap (void *addr, size_t length, int prot, int flags) +{ + void * retval = NULL; + int dev_zero_fd = -1; /* File descriptor for /dev/zero. */ + + dev_zero_fd = open("/dev/zero", O_RDWR); + if (dev_zero_fd >= 0) + { + retval = mmap((addr), (size), (prot), (flags), dev_zero_fd, 0); + /* closing the file descriptor does not unmap the region */ + close(dev_zero_fd); + } + return retval; +} + +#define MMAP(addr, size, prot, flags) \ + (anon_mmap((addr), (size), (prot), (flags))) + + +#else /* have MAP_ANONYMOUS */ + +#if !defined(MAP_32BIT) && defined(MAP_ADDR32) +#define MAP_32BIT MAP_ADDR32 +#endif + +#if defined(MAP_32BIT) +#define MMAP(addr, size, prot, flags) \ + (mmap((addr), (size), (prot), (flags)|MAP_ANONYMOUS|MAP_32BIT, -1, 0)) +#elif defined(__sun) +/* + * Hint an address within 32bit address space + */ +#define MMAP(addr, size, prot, flags) \ + (mmap((void*)0xC0000000, (size), (prot), (flags)|MAP_ANONYMOUS, -1, 0)) +#else +/* *BSD */ +#define MMAP(addr, size, prot, flags) \ + (mmap((void*)0x80000000, (size), (prot), (flags)|MAP_ANONYMOUS, -1, 0)) +#endif + +#endif /* have MAP_ANONYMOUS */ + + +/* + ----------------------- Chunk representations ----------------------- +*/ + +typedef void * mchunkptr; + +struct chunkinfo { + INTERNAL_SIZE_T prev_size; /* Size of previous in bytes */ + INTERNAL_SIZE_T size; /* Size in bytes, including overhead. */ + INTERNAL_SIZE_T req; /* Original request size, for guard. */ + struct chunkinfo* hash_next; /* contains a pointer to the next chunk + in the linked list if the hash + value is the same as the chunk */ + struct chunkinfo* fd; /* double links -- used only if free. */ + struct chunkinfo* bk; + mchunkptr chunk; +}; + +typedef struct chunkinfo* chunkinfoptr; + +struct cireginfo { + unsigned long position; + unsigned long *freebitmap; + struct cireginfo* next; + struct chunkinfo *freelist; + struct chunkinfo *begin; + unsigned long freecounter; +}; + +/* + ---------- Size and alignment checks and conversions ---------- +*/ + +/* conversion from malloc headers to user pointers, and back */ +#define chunk(p) (p->chunk) + + +#define chunk2mem(p) (chunk(p)) +#define mem2chunk(mem) (hashtable_lookup(mem)) + +/* The smallest possible chunk */ +/* #define MIN_CHUNK_SIZE 16 */ +#if (SIZEOF_UNSIGNED_LONG == 8) || defined(__arch64__) || defined(__ia64__) || defined(__x86_64__) || defined(__LP64__) || defined(__64BIT__) || defined(_LP64) || defined(_M_IA64) || (defined(_MIPS_SZLONG) && (_MIPS_SZLONG == 64)) +# define MIN_CHUNK_SIZE 32 +#else +# define MIN_CHUNK_SIZE 16 +#endif + +/* The smallest size we can malloc is an aligned minimal chunk */ + +#define MINSIZE \ + (CHUNK_SIZE_T)(((MIN_CHUNK_SIZE+MALLOC_ALIGN_MASK) & ~MALLOC_ALIGN_MASK)) + +/* Check if m has acceptable alignment */ + +#define aligned_OK(m) (((PTR_UINT)((m)) & (MALLOC_ALIGN_MASK)) == 0) + +#define GUARD_SIZE 4 + +/* + Check if a request is so large that it would wrap around zero when + padded and aligned. To simplify some other code, the bound is made + low enough so that adding MINSIZE will also not wrap around zero. + + Make it 4*MINSIZE. +*/ + +#define REQUEST_OUT_OF_RANGE(req) \ + ((CHUNK_SIZE_T)(req) >= \ + (CHUNK_SIZE_T)(INTERNAL_SIZE_T)(-4 * MINSIZE)) + +/* pad request bytes into a usable size -- internal version */ + +#define request2size(req) \ + (((req) + GUARD_SIZE + MALLOC_ALIGN_MASK >= MINSIZE) ? \ + ((req) + GUARD_SIZE + MALLOC_ALIGN_MASK) & ~MALLOC_ALIGN_MASK :\ + MINSIZE) + +/* Same, except also perform argument check */ + +#define checked_request2size(req, sz) \ + if (!REQUEST_OUT_OF_RANGE(req)) { \ + (sz) = request2size(req); \ + assert((sz-req) >= GUARD_SIZE); \ + } else { \ + MALLOC_FAILURE_ACTION; \ + return 0; \ + } + +#if PARANOIA > 2 +static char * guard_set_p; +static char * guard_set_q; + +#define guard_set(guard, P, request, sz) \ + assert((sz-request) >= GUARD_SIZE); \ + guard_set_p = (char*)(chunk(P)); \ + guard_set_p += request; \ + VALGRIND_MAKE_MEM_UNDEFINED(guard_set_p,GUARD_SIZE); \ + guard_set_q = (char*)(guard); \ + *guard_set_p = *guard_set_q; ++guard_set_p; ++guard_set_q; \ + *guard_set_p = *guard_set_q; ++guard_set_p; ++guard_set_q; \ + *guard_set_p = *guard_set_q; ++guard_set_p; ++guard_set_q; \ + *guard_set_p = *guard_set_q; \ + VALGRIND_MAKE_MEM_NOACCESS((((char*)chunk(P))+request),GUARD_SIZE); \ + (P)->req = request + +#define guard_check(guard, P) \ + VALGRIND_MAKE_MEM_DEFINED((((char *)chunk(P))+(P)->req), GUARD_SIZE); \ + assert(0 == memcmp((((char *)chunk(P))+(P)->req),(void*)(guard),GUARD_SIZE));\ + VALGRIND_MAKE_MEM_NOACCESS((((char *)chunk(P))+(P)->req), GUARD_SIZE); + +#else +#define guard_set(guard, P, request, sz) ((void)0) +#define guard_check(guard, P) ((void)0) +#endif /* PARANOIA > 2 */ + +/* dnmalloc forward declarations */ +static char * dnmalloc_arc4random(void); +static void dnmalloc_init (void); +static void malloc_mmap_state(void); +static void cireg_extend (void); +static chunkinfoptr cireg_getfree (void); +static void hashtable_add (chunkinfoptr ci); +static void hashtable_insert (chunkinfoptr ci_orig, chunkinfoptr ci_insert); +static void hashtable_remove (mchunkptr p); +static void hashtable_skiprm (chunkinfoptr ci_orig, chunkinfoptr ci_todelete); +static chunkinfoptr hashtable_lookup (mchunkptr p); +static chunkinfoptr next_chunkinfo (chunkinfoptr ci); +static chunkinfoptr prev_chunkinfo (chunkinfoptr ci); + + + +/* + --------------- Physical chunk operations --------------- +*/ + + +/* size field is or'ed with PREV_INUSE when previous adjacent chunk in use */ +#define PREV_INUSE 0x1 + +/* extract inuse bit of previous chunk */ +#define prev_inuse(p) ((p)->size & PREV_INUSE) + +/* size field is or'ed with IS_MMAPPED if the chunk was obtained with mmap() */ +#define IS_MMAPPED 0x2 + +/* check for mmap()'ed chunk */ +#define chunk_is_mmapped(p) ((p)->size & IS_MMAPPED) + + +/* size field is or'ed when the chunk is in use */ +#define INUSE 0x4 + +/* extract inuse bit of chunk */ +#define inuse(p) ((p)->size & INUSE) + +/* + Bits to mask off when extracting size + + Note: IS_MMAPPED is intentionally not masked off from size field in + macros for which mmapped chunks should never be seen. This should + cause helpful core dumps to occur if it is tried by accident by + people extending or adapting this malloc. +*/ +#define SIZE_BITS (PREV_INUSE|IS_MMAPPED|INUSE) + +/* Bits to mask off when extracting size of chunks for macros which do not use mmap */ +#define SIZE_NOMMAP (PREV_INUSE|INUSE) + +/* Get size, ignoring use bits */ +#define chunksize(p) ((p)->size & ~(SIZE_BITS)) + +/* Ptr to chunkinfo of next physical malloc_chunk. */ +#define next_chunk(p) ((mchunkptr)( ((char*)(p)) + ((p)->size & SIZE_NOMMAP) )) + +/* Treat space at ptr + offset as a chunk */ +#define chunk_at_offset(p, s) ((mchunkptr)(((char*)(p)) + (s))) + +/* set/clear chunk as being inuse without otherwise disturbing */ +#define set_inuse(p) ((p)->size |= INUSE) + +#define clear_inuse(p) ((p)->size &= ~(INUSE)) + +#define set_previnuse(p) ((p)->size |= PREV_INUSE) + +#define clear_previnuse(p) ((p)->size &= ~(PREV_INUSE)) + +static void set_previnuse_next (chunkinfoptr p) +{ + chunkinfoptr q; + q = next_chunkinfo (p); + if (q) + set_previnuse (q); +} + +#define set_all_inuse(p) \ +set_inuse(p); \ +set_previnuse_next(p); + + +/* Set size at head, without disturbing its use bit */ +#define set_head_size(p, s) ((p)->size = (((p)->size & SIZE_NOMMAP) | (s))) + +/* Set size/use field */ +#define set_head(p, s) ((p)->size = (s)) + +/* + Bins + + An array of bin headers for free chunks. Each bin is doubly + linked. The bins are approximately proportionally (log) spaced. + There are a lot of these bins (128). This may look excessive, but + works very well in practice. Most bins hold sizes that are + unusual as malloc request sizes, but are more usual for fragments + and consolidated sets of chunks, which is what these bins hold, so + they can be found quickly. All procedures maintain the invariant + that no consolidated chunk physically borders another one, so each + chunk in a list is known to be preceeded and followed by either + inuse chunks or the ends of memory. + + Chunks in bins are kept in size order, with ties going to the + approximately least recently used chunk. Ordering isn't needed + for the small bins, which all contain the same-sized chunks, but + facilitates best-fit allocation for larger chunks. These lists + are just sequential. Keeping them in order almost never requires + enough traversal to warrant using fancier ordered data + structures. + + Chunks of the same size are linked with the most + recently freed at the front, and allocations are taken from the + back. This results in LRU (FIFO) allocation order, which tends + to give each chunk an equal opportunity to be consolidated with + adjacent freed chunks, resulting in larger free chunks and less + fragmentation. + + To simplify use in double-linked lists, each bin header acts + as a malloc_chunk. This avoids special-casing for headers. + But to conserve space and improve locality, we allocate + only the fd/bk pointers of bins, and then use repositioning tricks + to treat these as the fields of a malloc_chunk*. +*/ + +typedef struct chunkinfo* mbinptr; + +/* addressing -- note that bin_at(0) does not exist */ +#define bin_at(m, i) (&(m)->bins[i]) + +/* analog of ++bin */ +#define next_bin(b) (b+1) + +/* Reminders about list directionality within bins */ +#define first(b) ((b)->fd) +#define last(b) ((b)->bk) + +/* Take a chunk off a bin list */ +#define unlink(P, BK, FD) { \ + FD = P->fd; \ + BK = P->bk; \ + FD->bk = BK; \ + BK->fd = FD; \ +} + +/* + Indexing + + Bins for sizes < 512 bytes contain chunks of all the same size, spaced + 8 bytes apart. Larger bins are approximately logarithmically spaced: + + 64 bins of size 8 + 32 bins of size 64 + 16 bins of size 512 + 8 bins of size 4096 + 4 bins of size 32768 + 2 bins of size 262144 + 1 bin of size what's left + + The bins top out around 1MB because we expect to service large + requests via mmap. +*/ + +#define NBINS 96 +#define NSMALLBINS 32 +#define SMALLBIN_WIDTH 8 +#define MIN_LARGE_SIZE 256 + +#define in_smallbin_range(sz) \ + ((CHUNK_SIZE_T)(sz) < (CHUNK_SIZE_T)MIN_LARGE_SIZE) + +#define smallbin_index(sz) (((unsigned)(sz)) >> 3) + +/* + Compute index for size. We expect this to be inlined when + compiled with optimization, else not, which works out well. +*/ +static int largebin_index(size_t sz) { + + unsigned long xx = sz >> SMALLBIN_WIDTH; + + if (xx < 0x10000) + { + unsigned int m; /* bit position of highest set bit of m */ + + /* On intel, use BSRL instruction to find highest bit */ +#if defined(__GNUC__) && defined(i386) && !defined(USE_UNO) + + unsigned int x = (unsigned int) xx; + + __asm__("bsrl %1,%0\n\t" + : "=r" (m) + : "rm" (x)); + +#elif defined(__GNUC__) && defined(x86_64) && !defined(USE_UNO) + + __asm__("bsrq %1,%0\n\t" + : "=r" (m) + : "rm" (xx)); + +#else + + /* Taken from Bit Twiddling Hacks + * http://graphics.stanford.edu/~seander/bithacks.html + * public domain + */ + unsigned int v = (unsigned int) xx; + register unsigned int shift; + + m = (v > 0xFFFF) << 4; v >>= m; + shift = (v > 0xFF ) << 3; v >>= shift; m |= shift; + shift = (v > 0xF ) << 2; v >>= shift; m |= shift; + shift = (v > 0x3 ) << 1; v >>= shift; m |= shift; + m |= (v >> 1); + +#endif + + /* Use next 2 bits to create finer-granularity bins */ + return NSMALLBINS + (m << 2) + ((sz >> (m + 6)) & 3); + } + else + { + return NBINS-1; + } +} + +#define bin_index(sz) \ + ((in_smallbin_range(sz)) ? smallbin_index(sz) : largebin_index(sz)) + +/* + FIRST_SORTED_BIN_SIZE is the chunk size corresponding to the + first bin that is maintained in sorted order. This must + be the smallest size corresponding to a given bin. + + Normally, this should be MIN_LARGE_SIZE. But you can weaken + best fit guarantees to sometimes speed up malloc by increasing value. + Doing this means that malloc may choose a chunk that is + non-best-fitting by up to the width of the bin. + + Some useful cutoff values: + 512 - all bins sorted + 2560 - leaves bins <= 64 bytes wide unsorted + 12288 - leaves bins <= 512 bytes wide unsorted + 65536 - leaves bins <= 4096 bytes wide unsorted + 262144 - leaves bins <= 32768 bytes wide unsorted + -1 - no bins sorted (not recommended!) +*/ + +/* #define FIRST_SORTED_BIN_SIZE 65536 */ + +#define FIRST_SORTED_BIN_SIZE MIN_LARGE_SIZE + + +/* + Unsorted chunks + + All remainders from chunk splits, as well as all returned chunks, + are first placed in the "unsorted" bin. They are then placed + in regular bins after malloc gives them ONE chance to be used before + binning. So, basically, the unsorted_chunks list acts as a queue, + with chunks being placed on it in free (and malloc_consolidate), + and taken off (to be either used or placed in bins) in malloc. +*/ + +/* The otherwise unindexable 1-bin is used to hold unsorted chunks. */ +#define unsorted_chunks(M) (bin_at(M, 1)) + +/* + Top + + The top-most available chunk (i.e., the one bordering the end of + available memory) is treated specially. It is never included in + any bin, is used only if no other chunk is available, and is + released back to the system if it is very large (see + M_TRIM_THRESHOLD). Because top initially + points to its own bin with initial zero size, thus forcing + extension on the first malloc request, we avoid having any special + code in malloc to check whether it even exists yet. But we still + need to do so when getting memory from system, so we make + initial_top treat the bin as a legal but unusable chunk during the + interval between initialization and the first call to + sYSMALLOc. (This is somewhat delicate, since it relies on + the 2 preceding words to be zero during this interval as well.) +*/ + +/* Conveniently, the unsorted bin can be used as dummy top on first call */ +#define initial_top(M) (unsorted_chunks(M)) + +/* + Binmap + + To help compensate for the large number of bins, a one-level index + structure is used for bin-by-bin searching. `binmap' is a + bitvector recording whether bins are definitely empty so they can + be skipped over during during traversals. The bits are NOT always + cleared as soon as bins are empty, but instead only + when they are noticed to be empty during traversal in malloc. +*/ + +/* Conservatively use 32 bits per map word, even if on 64bit system */ +#define BINMAPSHIFT 5 +#define BITSPERMAP (1U << BINMAPSHIFT) +#define BINMAPSIZE (NBINS / BITSPERMAP) + +#define idx2block(i) ((i) >> BINMAPSHIFT) +#define idx2bit(i) ((1U << ((i) & ((1U << BINMAPSHIFT)-1)))) + +#define mark_bin(m,i) ((m)->binmap[idx2block(i)] |= idx2bit(i)) +#define unmark_bin(m,i) ((m)->binmap[idx2block(i)] &= ~(idx2bit(i))) +#define get_binmap(m,i) ((m)->binmap[idx2block(i)] & idx2bit(i)) + +/* + Fastbins + + An array of lists holding recently freed small chunks. Fastbins + are not doubly linked. It is faster to single-link them, and + since chunks are never removed from the middles of these lists, + double linking is not necessary. Also, unlike regular bins, they + are not even processed in FIFO order (they use faster LIFO) since + ordering doesn't much matter in the transient contexts in which + fastbins are normally used. + + Chunks in fastbins keep their inuse bit set, so they cannot + be consolidated with other free chunks. malloc_consolidate + releases all chunks in fastbins and consolidates them with + other free chunks. +*/ + +typedef struct chunkinfo* mfastbinptr; + +/* offset 2 to use otherwise unindexable first 2 bins */ +#define fastbin_index(sz) ((((unsigned int)(sz)) >> 3) - 2) + +/* The maximum fastbin request size we support */ +#define MAX_FAST_SIZE 80 + +#define NFASTBINS (fastbin_index(request2size(MAX_FAST_SIZE))+1) + +/* + FASTBIN_CONSOLIDATION_THRESHOLD is the size of a chunk in free() + that triggers automatic consolidation of possibly-surrounding + fastbin chunks. This is a heuristic, so the exact value should not + matter too much. It is defined at half the default trim threshold as a + compromise heuristic to only attempt consolidation if it is likely + to lead to trimming. However, it is not dynamically tunable, since + consolidation reduces fragmentation surrounding loarge chunks even + if trimming is not used. +*/ + +#define FASTBIN_CONSOLIDATION_THRESHOLD \ + ((unsigned long)(DEFAULT_TRIM_THRESHOLD) >> 1) + +/* + Since the lowest 2 bits in max_fast don't matter in size comparisons, + they are used as flags. +*/ + +/* + ANYCHUNKS_BIT held in max_fast indicates that there may be any + freed chunks at all. It is set true when entering a chunk into any + bin. +*/ + +#define ANYCHUNKS_BIT (1U) + +#define have_anychunks(M) (((M)->max_fast & ANYCHUNKS_BIT)) +#define set_anychunks(M) ((M)->max_fast |= ANYCHUNKS_BIT) +#define clear_anychunks(M) ((M)->max_fast &= ~ANYCHUNKS_BIT) + +/* + FASTCHUNKS_BIT held in max_fast indicates that there are probably + some fastbin chunks. It is set true on entering a chunk into any + fastbin, and cleared only in malloc_consolidate. +*/ + +#define FASTCHUNKS_BIT (2U) + +#define have_fastchunks(M) (((M)->max_fast & FASTCHUNKS_BIT)) +#define set_fastchunks(M) ((M)->max_fast |= (FASTCHUNKS_BIT|ANYCHUNKS_BIT)) +#define clear_fastchunks(M) ((M)->max_fast &= ~(FASTCHUNKS_BIT)) + +/* + Set value of max_fast. + Use impossibly small value if 0. +*/ + +#define set_max_fast(M, s) \ + (M)->max_fast = (((s) == 0)? SMALLBIN_WIDTH: request2size(s)) | \ + ((M)->max_fast & (FASTCHUNKS_BIT|ANYCHUNKS_BIT)) + +#define get_max_fast(M) \ + ((M)->max_fast & ~(FASTCHUNKS_BIT | ANYCHUNKS_BIT)) + + +/* + morecore_properties is a status word holding dynamically discovered + or controlled properties of the morecore function +*/ + +#define MORECORE_CONTIGUOUS_BIT (1U) + +#define contiguous(M) \ + (((M)->morecore_properties & MORECORE_CONTIGUOUS_BIT)) +#define noncontiguous(M) \ + (((M)->morecore_properties & MORECORE_CONTIGUOUS_BIT) == 0) +#define set_contiguous(M) \ + ((M)->morecore_properties |= MORECORE_CONTIGUOUS_BIT) +#define set_noncontiguous(M) \ + ((M)->morecore_properties &= ~MORECORE_CONTIGUOUS_BIT) + +#define MORECORE_32BIT_BIT (2U) + +#define morecore32bit(M) \ + (((M)->morecore_properties & MORECORE_32BIT_BIT)) +#define nonmorecore32bit(M) \ + (((M)->morecore_properties & MORECORE_32BIT_BIT) == 0) +#define set_morecore32bit(M) \ + ((M)->morecore_properties |= MORECORE_32BIT_BIT) +#define set_nonmorecore32bit(M) \ + ((M)->morecore_properties &= ~MORECORE_32BIT_BIT) + + + +/* ----------------- dnmalloc -------------------- */ + +/* size of pages */ +#define PGSIZE malloc_getpagesize +/* pointer size */ +#define PTRSIZE sizeof(long) + + + +/* TODO: mmapped chunks are always multiples of pagesize -> we're wasting + address space: the hashtable has granularity of 16*8, set it to something + closer to pagesize for mmapped chunks (current waste: 32 positions/mmapped + page) +*/ + +/* The maximum heap size that dnmalloc can operate with + * represented in hex to avoid annoying gcc warning + * + * Avoid integer overflow, cover complete 32bit address + * space for portability. With deferred allocation, the + * hashtable size is a non-issue. + */ +#define HEAPMAXSIZE_HALF 0x80000000UL + +/* How many elements are stored in the linked list */ +#define LINKEDLSTELS 8 + +/* Minimum size of a chunk */ + +#if (SIZEOF_UNSIGNED_LONG == 8) || defined(__arch64__) || defined(__ia64__) || defined(__x86_64__) || defined(__LP64__) || defined(__64BIT__) || defined(_LP64) || defined(_M_IA64) || (defined(_MIPS_SZLONG) && (_MIPS_SZLONG == 64)) +# define MINCHUNKSIZE 32 +#else +# define MINCHUNKSIZE 16 +#endif + + +/* The amount of hashtable entries for each page: +Pagesize divded by the numer of elements in the linkedlists +divided by the minimum chunk size +*/ +#define CHUNKINFOPAGE (PGSIZE / LINKEDLSTELS / MINCHUNKSIZE) + +/* The amount of hashtable entries needed to manage the memory: +Maximum heap size divided by page size multiplied by the amount +of chunk info's per page +*/ +#define AMOUNTHASH ((HEAPMAXSIZE_HALF / PGSIZE) * CHUNKINFOPAGE * 2) + +/* Initial size of the map for the hashtable +Amount of entries muliplied by pointer size +*/ +#define HASHTABLESIZE (AMOUNTHASH * PTRSIZE) + +/* Amount of free chunks that the system should allocate at the start */ +#define NUMBER_FREE_CHUNKS 32768 + +/* Initial size of the chunk info region, +also used when growing the region */ +#define CIREGSIZE (NUMBER_FREE_CHUNKS * sizeof(struct chunkinfo)) + +/* Start address of the heap */ +char *startheap; + +/* pointer to the hashtable: struct chunkinfo **hashtable -> *hashtable[] */ +chunkinfoptr *hashtable; + +/* Current chunkinfo region */ +struct cireginfo *currciinfo = 0; +struct cireginfo *firstciinfo = 0; + +unsigned long totalcictr = 0; + + +/* Initialize the area for chunkinfos and the hashtable and protect + * it with non-writable pages + */ +static void +dnmalloc_init () +{ + void *hashtb; + int mprot; + int flags = MAP_PRIVATE; + + /* Allocate the malloc_state struct */ + malloc_mmap_state(); + + /* Use MAP_NORESERVE if available (Solaris, HP-UX; most other + * systems use defered allocation anyway. + */ +#ifdef MAP_NORESERVE + flags |= MAP_NORESERVE; +#endif + + /* Always start at 0, hashtable covers whole 32bit address space + */ +#define STARTHEAP_IS_ZERO + startheap = 0; + + /* Map space for the hashtable */ +#if PARANOIA > 1 + hashtb = MMAP(0, HASHTABLESIZE+(2*PGSIZE), PROT_READ|PROT_WRITE, flags); +#else + hashtb = MMAP(0, HASHTABLESIZE+PGSIZE, PROT_READ|PROT_WRITE, flags); +#endif + +#ifdef NDEBUG + if (hashtb == MAP_FAILED) { + fprintf (stderr, "Couldn't mmap hashtable: %s\n", strerror (errno)); + abort (); + } +#else + assert(hashtb != MAP_FAILED); +#endif + + /* Protect the hashtable with non-writable pages */ + mprot = mprotect(hashtb, (size_t) PGSIZE, PROT_NONE); +#ifdef NDEBUG + if (mprot == -1) { + fprintf (stderr, "Couldn't mprotect first non-rw page for hashtable: %s\n", + strerror (errno)); + abort (); + } +#else + assert(mprot != -1); +#endif + + /* HP-UX: Cannot do arithmetic with pointers to objects of unknown size. */ + hashtable = (chunkinfoptr *) (((char*)hashtb) + PGSIZE); + + /* Protect the hashtable with non-writable pages */ +#if PARANOIA > 1 + mprot = mprotect((void*)((char*)hashtb+HASHTABLESIZE+PGSIZE), (size_t) PGSIZE, PROT_NONE); +#ifdef NDEBUG + if (mprot == -1) { + fprintf (stderr, "Couldn't mprotect last non-rw page for hashtable: %s\n", + strerror (errno)); + abort (); + } +#else + assert(mprot != -1); +#endif +#endif +} + + + +/* Extend the region for chunk infos by mapping more memory before the region */ +static void +cireg_extend () +{ + void *newcireg; + int mprot; + struct cireginfo *tempciinfo = 0; + +#if PARANOIA > 1 + newcireg = MMAP(0, CIREGSIZE+(2*PGSIZE), PROT_READ|PROT_WRITE, MAP_PRIVATE); +#else + newcireg = MMAP(0, CIREGSIZE+PGSIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE); +#endif + +#ifdef NDEBUG + if (newcireg == MAP_FAILED) + { + fprintf (stderr, "Couldn't extend chunkinfo region: %s\n", + strerror (errno)); + abort (); + } +#else + assert(newcireg != MAP_FAILED); +#endif + mprot = mprotect(newcireg, PGSIZE, PROT_NONE); +#ifdef NDEBUG + if (mprot == -1) { + fprintf (stderr, "Couldn't mprotect first non-rw page for extended region: %s\n", + strerror (errno)); + abort (); + } +#else + assert(mprot != -1); +#endif + newcireg = ((char*)newcireg)+PGSIZE; + +#if PARANOIA > 1 + mprot = mprotect((void*)((char*)newcireg+CIREGSIZE), (size_t) PGSIZE, PROT_NONE); +#ifdef NDEBUG + if (mprot == -1) { + fprintf (stderr, "Couldn't mprotect last non-rw page for extended region: %s\n", + strerror (errno)); + abort (); + } +#else + assert(mprot != -1); +#endif +#endif + + tempciinfo = currciinfo; + currciinfo = (struct cireginfo *) newcireg; + if (tempciinfo) + tempciinfo->next = currciinfo; + currciinfo->position = 1; + currciinfo->freecounter = NUMBER_FREE_CHUNKS; + if (!firstciinfo) + firstciinfo = currciinfo; + totalcictr++; + VALGRIND_CREATE_MEMPOOL(newcireg, 0, 0); +} + + +/* Get a free chunkinfo */ +static chunkinfoptr +cireg_getfree () +{ + chunkinfoptr freeci; + chunkinfoptr freelst = 0; + struct cireginfo *newciinfo = firstciinfo; + + if (newciinfo) { + freelst = newciinfo->freelist; + + if (!freelst && newciinfo->next) { + do { + newciinfo = newciinfo->next; + freelst = newciinfo->freelist; + } while (!freelst && newciinfo->next); + } + } + + /* Check if there are any free chunkinfos on the list of free chunkinfos */ + if (freelst) + { + freeci = freelst; + newciinfo->freecounter--; + newciinfo->freelist = freelst->fd; + + VALGRIND_MEMPOOL_ALLOC((char*)currciinfo, (char*)freeci, + sizeof(struct chunkinfo)); + + freeci->prev_size = 0; + freeci->size = 0; + freeci->req = 0; + freeci->hash_next = NULL; + freeci->fd = NULL; + freeci->bk = NULL; + freeci->chunk = NULL; + return (freeci); + } + else + { + /* No free chunkinfos, check if chunkinfo region still has place + * for a chunkinfo. If not, extend the region. + */ + if (UNLIKELY(!currciinfo || currciinfo->position == NUMBER_FREE_CHUNKS)) + cireg_extend (); + /* Get a chunkinfo from the chunkinfo region */ + freeci = (chunkinfoptr) currciinfo + currciinfo->position; + currciinfo->freecounter--; + currciinfo->position++; + + VALGRIND_MEMPOOL_ALLOC((char*)currciinfo, (char*)freeci, + sizeof(struct chunkinfo)); + + return (freeci); + } +} + +static void freeciregion(struct cireginfo *freeme) { + /* free the chunkinfo region */ + struct cireginfo *newciinfo = firstciinfo; + struct cireginfo *prevciinfo = firstciinfo; + void *unmapme; + + while (newciinfo && newciinfo != freeme) { + prevciinfo = newciinfo; + newciinfo = newciinfo->next; + } + assert(freeme == newciinfo); /* rw */ + assert(newciinfo != NULL); /* rw */ + if (newciinfo) + prevciinfo->next = newciinfo->next; + unmapme = (void *) ((char*)freeme - PGSIZE); + VALGRIND_DESTROY_MEMPOOL((char*)freeme); +#if PARANOIA > 1 + munmap(unmapme, CIREGSIZE+(2*PGSIZE)); +#else + munmap(unmapme, CIREGSIZE+PGSIZE); +#endif +} + + +static void freecilst_add(chunkinfoptr p) { + + struct cireginfo *newciinfo; + + newciinfo = currciinfo; + if (((chunkinfoptr) newciinfo < p) && (p < (chunkinfoptr) (newciinfo+NUMBER_FREE_CHUNKS))) { + p->fd = newciinfo->freelist; + newciinfo->freelist = p; + newciinfo->freecounter++; + VALGRIND_MEMPOOL_FREE((char*)newciinfo, (char*)p); + VALGRIND_MAKE_MEM_DEFINED(p,sizeof(struct chunkinfo)); + VALGRIND_MAKE_MEM_NOACCESS(p->size, sizeof(INTERNAL_SIZE_T)); + VALGRIND_MAKE_MEM_NOACCESS(p->req, sizeof(INTERNAL_SIZE_T)); + VALGRIND_MAKE_MEM_NOACCESS(p->bk, sizeof(struct chunkinfo*)); + VALGRIND_MAKE_MEM_NOACCESS(p->chunk, sizeof(mchunkptr)); + } else { + newciinfo = firstciinfo; + if (newciinfo) { + do { + if (((chunkinfoptr) newciinfo < p) && (p < (chunkinfoptr) (newciinfo+NUMBER_FREE_CHUNKS))) { + p->fd = newciinfo->freelist; + newciinfo->freelist = p; + newciinfo->freecounter++; + VALGRIND_MEMPOOL_FREE((char*)newciinfo, (char*)p); + VALGRIND_MAKE_MEM_DEFINED(p,sizeof(struct chunkinfo)); + VALGRIND_MAKE_MEM_NOACCESS(p->size, sizeof(INTERNAL_SIZE_T)); + VALGRIND_MAKE_MEM_NOACCESS(p->req, sizeof(INTERNAL_SIZE_T)); + VALGRIND_MAKE_MEM_NOACCESS(p->bk, sizeof(struct chunkinfo*)); + VALGRIND_MAKE_MEM_NOACCESS(p->chunk, sizeof(mchunkptr)); + if (UNLIKELY(newciinfo->freecounter == NUMBER_FREE_CHUNKS)) + freeciregion(newciinfo); + break; + } + newciinfo = newciinfo->next; + } while (newciinfo); + } + } +} + +/* Calculate the hash table entry for a chunk */ +#ifdef STARTHEAP_IS_ZERO +#define hash(p) (((unsigned long) p) >> 7) +#else +#define hash(p) (((unsigned long) p - (unsigned long) startheap) >> 7) +#endif + +static void +hashtable_add (chunkinfoptr ci) +{ + chunkinfoptr temp, next; + unsigned long hashval; + mchunkptr cic = chunk (ci); + + hashval = hash (cic); + + if (hashval < AMOUNTHASH) { + + temp = hashtable[hashval]; + +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "hashtable_add: %p, %lu\n", chunk(ci), hashval); +#endif + + /* If no pointer to a chunk info list is stored at this location + * in the hashtable or if the chunk's address is smaller than the + * one present, add the chunk to the front of the linked list + */ + if (temp == 0 || chunk (temp) > cic) + { + ci->hash_next = temp; + hashtable[hashval] = ci; + if (!temp) /* more likely case */ + goto out; + temp->prev_size = chunksize(ci); + return; + } + else + { + /* We must place the chunk in the linked list for this hashentry + * Loop to end of list or to a position where temp's chunk's address + * is larger than the new chunkinfo's chunk's address + */ + if (!temp->hash_next || (chunk (temp->hash_next) > cic)) + { + ci->hash_next = temp->hash_next; + temp->hash_next = ci; + } + else + { + while ((temp->hash_next != 0) && (chunk (temp->hash_next) < cic)) + { + temp = temp->hash_next; + } + /* Place in linked list if not already there */ + if (!temp->hash_next || !(chunk (temp->hash_next) == cic)) + { + ci->hash_next = temp->hash_next; + temp->hash_next = ci; + } + } + } + } + else { +#ifdef DNMALLOC_CHECKS + if (hashval >= AMOUNTHASH) { + fprintf(stderr, "Dnmalloc error: trying to write outside of the bounds of the hashtable, this is definitely a bug, please email dnmalloc@fort-knox.org (hashval: %lu, AMOUNTHASH: %lu, HEAPMAXSIZE_HALF %lu PGSIZE %ld CHUNKINFOPAGE %ld chunk: %p, chunkinfo: %p, startheap: %p).\n", hashval, AMOUNTHASH, HEAPMAXSIZE_HALF, PGSIZE, CHUNKINFOPAGE, chunk(ci), ci, startheap); + abort(); + } +#else + assert(hashval < AMOUNTHASH); +#endif + } + + out: + next = next_chunkinfo(ci); + if (!next) + return; + next->prev_size = chunksize(ci); +} + +static void +hashtable_insert (chunkinfoptr ci_orig, chunkinfoptr ci_insert) +{ + chunkinfoptr next; + +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "hashtable_ins: %p, %lu\n", chunk(ci_insert), + (unsigned long)hash(chunk(ci_insert)); +#endif + + if (hash(chunk(ci_orig)) != hash(chunk(ci_insert))) { + hashtable_add(ci_insert); + } + else { + + ci_insert->hash_next = ci_orig->hash_next; + ci_orig->hash_next = ci_insert; + + /* added for prevsize */ + if (!(ci_insert->hash_next)) + next = next_chunkinfo(ci_insert); + else + next = ci_insert->hash_next; + + if (!next) + { + ci_insert->prev_size = chunksize(ci_orig); + } + else + { + next->prev_size = chunksize(ci_insert); + ci_insert->prev_size = chunksize(ci_orig); + } + } +} + +static void +hashtable_remove (mchunkptr p) +{ + chunkinfoptr prevtemp, temp; + unsigned long hashval; + + hashval = hash (p); +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "hashtable_rem: %p, %lu\n", p, hashval); +#endif + assert(hashval < AMOUNTHASH); /* rw */ + prevtemp = temp = hashtable[hashval]; + if (chunk (temp) == p) { + hashtable[hashval] = temp->hash_next; + } + else + { + if (temp && chunk (temp) != p) { + do + { + prevtemp = temp; + temp = temp->hash_next; + } while (temp && chunk (temp) != p); + } +#ifdef DNMALLOC_CHECKS + if (!temp) { + fprintf (stderr, + "Dnmalloc error (hash_rm): could not find a chunkinfo for the chunk %p in the hashtable at entry %lu\n This is definitely a bug, please report it to dnmalloc@fort-knox.org.\n", + p, hashval); + abort(); + } +#else + assert(temp != NULL); +#endif + prevtemp->hash_next = temp->hash_next; + } +} + +/* mmapped chunks are multiples of pagesize, no hash_nexts, + * just remove from the hashtable + */ +#define hashtable_remove_mmapped(p) hashtable[hash(p)] = 0; + +static void +hashtable_skiprm (chunkinfoptr ci_orig, chunkinfoptr ci_todelete) +{ + unsigned long hashval; + chunkinfoptr next; + +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "hashtable_skiprm: %p, %lu\n", chunk(ci_todelete), hash(chunk(ci_todelete))); +#endif + + if (ci_orig->hash_next != ci_todelete) { + hashval = hash(chunk(ci_todelete)); + assert(hashval < AMOUNTHASH); /* rw */ +#ifdef DNMALLOC_CHECKS + if (hashtable[hashval] != ci_todelete ) { + fprintf(stderr, "Dnmalloc error: trying to delete wrong value (hash: %lu): ci_todelete: %p (%p), hashtable[hashval]: %p (%p)\n This is definitely a bug, please report it to dnmalloc@fort-knox.org.\n", hashval, ci_todelete, chunk(ci_todelete), hashtable[hashval], chunk(hashtable[hashval])); + } +#else + assert(hashtable[hashval] == ci_todelete); +#endif + hashtable[hashval] = ci_todelete->hash_next; + } + + else { + ci_orig->hash_next = ci_todelete->hash_next; + if (!ci_orig->hash_next) { + next = next_chunkinfo(ci_orig); + } else { + next = ci_orig->hash_next; + } + if (next) + next->prev_size = chunksize(ci_orig); + + } +} + + +static chunkinfoptr +hashtable_lookup (mchunkptr p) +{ + chunkinfoptr ci; + unsigned long hashval; + + /* if we were called wrongly + * if ((char *) p < startheap) return 0; + */ + if ((char *) p >= startheap) + { + hashval = hash (p); + assert(hashval < AMOUNTHASH); /* rw */ + ci = hashtable[hashval]; + if (ci && chunk (ci) == p) + return ci; + + if (ci) { + do { + ci = ci->hash_next; + } while (ci && chunk (ci) != p); + } +#ifdef DNMALLOC_CHECKS + // This should never occur but if it does, we'd like to know + if (!ci) { + fprintf (stderr, + "Dnmalloc error: could not find a chunkinfo for the chunk %p in the hashtable at entry %lu\n This is definitely a bug, please report it to dnmalloc@fort-knox.org.\n", + p, hashval); + abort(); + } +#else + assert(ci != NULL); +#endif + return ci; + } + return 0; +} + + + +/* + ----------- Internal state representation and initialization ----------- +*/ + +struct malloc_state { + + /* The maximum chunk size to be eligible for fastbin */ + INTERNAL_SIZE_T max_fast; /* low 2 bits used as flags */ + + /* Fastbins */ + mfastbinptr fastbins[NFASTBINS]; + + /* Base of the topmost chunk -- not otherwise kept in a bin */ + chunkinfoptr top; + + /* The remainder from the most recent split of a small request */ + chunkinfoptr last_remainder; + + /* Normal bins */ + struct chunkinfo bins[NBINS]; + + /* Bitmap of bins. Trailing zero map handles cases of largest binned size */ + unsigned int binmap[BINMAPSIZE+1]; + + /* Tunable parameters */ + CHUNK_SIZE_T trim_threshold; + INTERNAL_SIZE_T top_pad; + INTERNAL_SIZE_T mmap_threshold; + + /* Memory map support */ + int n_mmaps; + int n_mmaps_max; + int max_n_mmaps; + + /* Cache malloc_getpagesize */ + unsigned int pagesize; + + /* Canary */ + char guard_stored[GUARD_SIZE]; + + /* Track properties of MORECORE */ + unsigned int morecore_properties; + + /* Statistics */ + INTERNAL_SIZE_T mmapped_mem; + INTERNAL_SIZE_T sbrked_mem; + INTERNAL_SIZE_T max_sbrked_mem; + INTERNAL_SIZE_T max_mmapped_mem; + INTERNAL_SIZE_T max_total_mem; +}; + +typedef struct malloc_state *mstate; + +/* + There is exactly one instance of this struct in this malloc. + If you are adapting this malloc in a way that does NOT use a static + malloc_state, you MUST explicitly zero-fill it before using. This + malloc relies on the property that malloc_state is initialized to + all zeroes (as is true of C statics). +*/ + +static struct malloc_state * av_ = NULL; /* never directly referenced */ + +/* + All uses of av_ are via get_malloc_state(). + At most one "call" to get_malloc_state is made per invocation of + the public versions of malloc and free, but other routines + that in turn invoke malloc and/or free may call more then once. + Also, it is called in check* routines if DEBUG is set. +*/ + +#define get_malloc_state() (av_) + +/* + Initialize a malloc_state struct. + + This is called only from within malloc_consolidate, which needs + be called in the same contexts anyway. It is never called directly + outside of malloc_consolidate because some optimizing compilers try + to inline it at all call points, which turns out not to be an + optimization at all. (Inlining it in malloc_consolidate is fine though.) +*/ + +#if __STD_C +static void malloc_mmap_state(void) +#else +static void malloc_mmap_state() +#endif +{ + int mprot; + unsigned long pagesize = malloc_getpagesize; + size_t size = (sizeof(struct malloc_state) + pagesize - 1) & ~(pagesize - 1); + + void * foo = MMAP(0, size+(2*pagesize), PROT_READ|PROT_WRITE, MAP_PRIVATE); + + +#ifdef NDEBUG + if (foo == MAP_FAILED) { + fprintf (stderr, "Couldn't mmap struct malloc_state: %s\n", strerror (errno)); + abort (); + } +#else + assert(foo != MAP_FAILED); +#endif + + mprot = mprotect(foo, pagesize, PROT_NONE); +#ifdef NDEBUG + if (mprot == -1) { + fprintf (stderr, "Couldn't mprotect first non-rw page for struct malloc_state: %s\n", + strerror (errno)); + abort (); + } +#else + assert(mprot != -1); +#endif + + av_ = (struct malloc_state *) ((char*)foo + pagesize); + + MALLOC_ZERO(av_, sizeof(struct malloc_state)); + + mprot = mprotect((void*)((char*)foo + size + pagesize), (size_t) pagesize, PROT_NONE); +#ifdef NDEBUG + if (mprot == -1) { + fprintf (stderr, + "Couldn't mprotect last non-rw page for struct malloc_state: %s\n", + strerror (errno)); + abort (); + } +#else + assert(mprot != -1); +#endif +} + +#if __STD_C +static void malloc_init_state(mstate av) +#else +static void malloc_init_state(av) mstate av; +#endif +{ + int i; + mbinptr bin; + + void * morecore_test = MORECORE(0); + unsigned long hashval; + + /* Test morecore function + */ + set_morecore32bit(av); + + if (morecore_test == MORECORE_FAILURE) + { + set_nonmorecore32bit(av); + } + else + { + /* On 64bit systems, the heap may be located above the + * 32bit address space. Since mmap() probably still can be + * convinced to map within 32bit, we don't use sbrk(). + */ + hashval = hash (morecore_test); + if (hashval >= AMOUNTHASH) + { + set_nonmorecore32bit(av); + } + } + + + /* Establish circular links for normal bins */ + for (i = 1; i < NBINS; ++i) { + bin = bin_at(av,i); + bin->fd = bin->bk = bin; + } + + av->top_pad = DEFAULT_TOP_PAD; + av->n_mmaps_max = DEFAULT_MMAP_MAX; + av->mmap_threshold = DEFAULT_MMAP_THRESHOLD; + av->trim_threshold = DEFAULT_TRIM_THRESHOLD; + +#if MORECORE_CONTIGUOUS + set_contiguous(av); +#else + set_noncontiguous(av); +#endif + + set_max_fast(av, DEFAULT_MXFAST); + + av->top = cireg_getfree (); + av->top->chunk = (mchunkptr) startheap; + av->top->size = 0; + set_previnuse(av->top); + clear_inuse(av->top); + hashtable[0] = av->top; + av->pagesize = malloc_getpagesize; + + memcpy(av->guard_stored, dnmalloc_arc4random(), GUARD_SIZE); + +} + +/* + Other internal utilities operating on mstates +*/ + +#if __STD_C +static Void_t* sYSMALLOc(INTERNAL_SIZE_T, mstate); +static int sYSTRIm(size_t, mstate); +static void malloc_consolidate(mstate); +#else +static Void_t* sYSMALLOc(); +static int sYSTRIm(); +static void malloc_consolidate(); +#endif + +/* dnmalloc functions */ +/* needs mstate so moved here */ + +static chunkinfoptr +next_chunkinfo (chunkinfoptr ci) +{ + mchunkptr nextp; + unsigned long hashval; + chunkinfoptr cinfonextp; + mstate av = get_malloc_state(); + + /* ci is not the last element in the linked list, just + return the next chunkinfo from the list + */ + if (!ci->hash_next) + { + /* ci is the last element, find the next chunkinfo by + * looking up the chunkinfo for the chunk that is after p's chunk + */ + nextp = (mchunkptr) (((char *) (ci->chunk)) + chunksize (ci)); + + if (!(nextp == av->top->chunk)) + { + hashval = hash (nextp); + /* assert(hashval < AMOUNTHASH); *//* major bottleneck */ + cinfonextp = hashtable[hashval]; + if (cinfonextp && chunk (cinfonextp) == nextp) + return cinfonextp; + +#ifdef DNMALLOC_CHECKS_EXTRA + /* This seems bogus; a chunkinfo may legally have no nextp if + * it's the last one allocated (?) + */ + else { + if (cinfonextp) + fprintf (stderr, + "Dnmalloc error: could not find a next chunkinfo for the chunk %p in the hashtable at entry %lu, cinfonextp: %p, chunk(cinfonextp): %p, nextp: %p\n This is definitely a bug, please report it to dnmalloc@fort-knox.org.\n", + chunk(ci), hashval, cinfonextp, chunk(cinfonextp), nextp); + else + fprintf (stderr, + "Dnmalloc error: could not find a next chunkinfo for the chunk %p in the hashtable at entry %lu, cinfonextp: %s, chunk(cinfonextp): %s, nextp: %p\n This is definitely a bug, please report it to dnmalloc@fort-knox.org.\n", + chunk(ci), hashval, "null", "null", nextp); + } +#endif + + return NULL; + } + else + { + return av->top; + } + + } + else + { + return (ci->hash_next); + } +} + +static int is_next_chunk(chunkinfoptr oldp, chunkinfoptr newp) { + mchunkptr nextp; + if (oldp->hash_next == newp) + return 1; + nextp = (mchunkptr) (((char *) (oldp->chunk)) + chunksize (oldp)); + if (nextp == chunk(newp)) + return 1; + return 0; +} + + + +/* Get the chunkinfo of the physically previous chunk */ +/* Since we disposed of prev_size, we need this function to find the previous */ + +static chunkinfoptr +prev_chunkinfo (chunkinfoptr ci) +{ + unsigned int i; + chunkinfoptr prev; + mchunkptr prevchunk = 0; + /* chunkinfoptr temp; */ + + /* Get the hashtable location of the chunkinfo */ + i = hash (chunk (ci)); + assert(i < AMOUNTHASH); /* rw */ + + /* Get the first element of the linked list of chunkinfo's that contains p */ + prev = hashtable[i]; + + if (ci == prev) { + prevchunk = (mchunkptr) (((char *) (ci->chunk)) - (ci->prev_size)); + i = hash(prevchunk); + assert(i < AMOUNTHASH); /* rw */ + /* Loop over the linked list until we reach the last element */ + for (prev = hashtable[i]; prev->hash_next != 0; prev = prev->hash_next) ; + } else { + /* p is not the first element in the linked list, we can just + loop over the list and return the previous + */ + for (prev = hashtable[i]; prev->hash_next != ci; prev = prev->hash_next); + } + + return prev; +} + + +/* + Debugging support + Dnmalloc broke dlmallocs debugging functions, should fix them some + time in the future, for now leave them undefined. +*/ + +#define check_chunk(P) +#define check_free_chunk(P) +#define check_inuse_chunk(P) +#define check_remalloced_chunk(P,N) +#define check_malloced_chunk(P,N) +#define check_malloc_state() + + +/* ----------- Routines dealing with system allocation -------------- */ + +/* + sysmalloc handles malloc cases requiring more memory from the system. + On entry, it is assumed that av->top does not have enough + space to service request for nb bytes, thus requiring that av->top + be extended or replaced. +*/ + +#if __STD_C +static Void_t* sYSMALLOc(INTERNAL_SIZE_T nb, mstate av) +#else +static Void_t* sYSMALLOc(nb, av) INTERNAL_SIZE_T nb; mstate av; +#endif +{ + chunkinfoptr old_top; /* incoming value of av->top */ + INTERNAL_SIZE_T old_size; /* its size */ + char* old_end; /* its end address */ + + long size; /* arg to first MORECORE or mmap call */ + char* brk; /* return value from MORECORE */ + + long correction; /* arg to 2nd MORECORE call */ + char* snd_brk; /* 2nd return val */ + + INTERNAL_SIZE_T front_misalign; /* unusable bytes at front of new space */ + INTERNAL_SIZE_T end_misalign; /* partial page left at end of new space */ + char* aligned_brk; /* aligned offset into brk */ + + chunkinfoptr p; /* the allocated/returned chunk */ + chunkinfoptr remainder; /* remainder from allocation */ + chunkinfoptr fencepost; /* fencepost */ + CHUNK_SIZE_T remainder_size; /* its size */ + + CHUNK_SIZE_T sum; /* for updating stats */ + + size_t pagemask = av->pagesize - 1; + +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Enter sysmalloc\n"); +#endif + /* + If there is space available in fastbins, consolidate and retry + malloc from scratch rather than getting memory from system. This + can occur only if nb is in smallbin range so we didn't consolidate + upon entry to malloc. It is much easier to handle this case here + than in malloc proper. + */ + + + if (have_fastchunks(av)) { + Void_t * retval; + assert(in_smallbin_range(nb)); + malloc_consolidate(av); +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Return sysmalloc have_fastchunks\n"); +#endif + retval = mALLOc(nb - MALLOC_ALIGN_MASK); + VALGRIND_FREELIKE_BLOCK(retval, 0); + return retval; + } + + + /* + If have mmap, and the request size meets the mmap threshold, and + the system supports mmap, and there are few enough currently + allocated mmapped regions, try to directly map this request + rather than expanding top. + */ + + if (UNLIKELY((CHUNK_SIZE_T)(nb) >= (CHUNK_SIZE_T)(av->mmap_threshold) && + (av->n_mmaps < av->n_mmaps_max))) { + + char* mm; /* return value from mmap call*/ + + /* + Round up size to nearest page. For mmapped chunks, the overhead + is one SIZE_SZ unit larger than for normal chunks, because there + is no following chunk whose prev_size field could be used. + */ + size = (nb + MALLOC_ALIGN_MASK + pagemask) & ~pagemask; + + /* Don't try if size wraps around 0 */ + if ((CHUNK_SIZE_T)(size) > (CHUNK_SIZE_T)(nb)) { + + + mm = (char*)(MMAP(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE)); + + if (mm != (char*)(MORECORE_FAILURE)) { + + VALGRIND_MAKE_MEM_NOACCESS(mm,size); + + /* + The offset to the start of the mmapped region is stored + in the prev_size field of the chunk. This allows us to adjust + returned start address to meet alignment requirements here + and in memalign(), and still be able to compute proper + address argument for later munmap in free() and realloc(). + */ + + front_misalign = (INTERNAL_SIZE_T) mm & MALLOC_ALIGN_MASK; + p = cireg_getfree(); + + if (front_misalign > 0) { + correction = MALLOC_ALIGNMENT - front_misalign; + p->chunk = (mchunkptr)(mm + correction); + p->hash_next = (chunkinfoptr) correction; + set_head(p, (size - correction) |INUSE|IS_MMAPPED); + } + else { + p->chunk = (mchunkptr)mm; + p->hash_next = 0; + set_head(p, size|INUSE|IS_MMAPPED); + } + hashtable_add(p); + /* update statistics */ + + if (++av->n_mmaps > av->max_n_mmaps) + av->max_n_mmaps = av->n_mmaps; + + sum = av->mmapped_mem += size; + if (sum > (CHUNK_SIZE_T)(av->max_mmapped_mem)) + av->max_mmapped_mem = sum; + sum += av->sbrked_mem; + if (sum > (CHUNK_SIZE_T)(av->max_total_mem)) + av->max_total_mem = sum; + + check_chunk(p); + +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Return mmapped (%lu, total %lu)\n", + size, (unsigned long)/* size_t */av->max_total_mem ); +#endif + return chunk(p); + } + } + } + + /* Record incoming configuration of top */ + + old_top = av->top; + old_size = chunksize(old_top); + old_end = (char*)(chunk_at_offset(chunk(old_top), old_size)); + + brk = snd_brk = (char*)(MORECORE_FAILURE); + + /* + If not the first time through, we require old_size to be + at least MINSIZE and to have prev_inuse set. + */ + + /* assert((old_top == initial_top(av) && old_size == 0) || + ((CHUNK_SIZE_T) (old_size) >= MINSIZE && + prev_inuse(old_top))); */ + + /* Precondition: not enough current space to satisfy nb request */ + assert((CHUNK_SIZE_T)(old_size) < (CHUNK_SIZE_T)(nb + MINSIZE)); + + /* Precondition: all fastbins are consolidated */ + assert(!have_fastchunks(av)); + + /* Request enough space for nb + pad + overhead */ + size = nb + av->top_pad + MINSIZE; + + /* + If contiguous, we can subtract out existing space that we hope to + combine with new space. We add it back later only if + we don't actually get contiguous space. + */ + if (contiguous(av)) + size -= old_size; + + /* + Round to a multiple of page size. + If MORECORE is not contiguous, this ensures that we only call it + with whole-page arguments. And if MORECORE is contiguous and + this is not first time through, this preserves page-alignment of + previous calls. Otherwise, we correct to page-align below. + */ + + size = (size + pagemask) & ~pagemask; + + /* + Don't try to call MORECORE if argument is so big as to appear + negative. Note that since mmap takes size_t arg, it may succeed + below even if we cannot call MORECORE. + */ + if (size > 0 && morecore32bit(av)) + brk = (char*)(MORECORE(size)); + + /* + If have mmap, try using it as a backup when MORECORE fails or + cannot be used. This is worth doing on systems that have "holes" in + address space, so sbrk cannot extend to give contiguous space, but + space is available elsewhere. Note that we ignore mmap max count + and threshold limits, since the space will not be used as a + segregated mmap region. + */ + if (brk != (char*)(MORECORE_FAILURE)) { + av->sbrked_mem += size; + VALGRIND_MAKE_MEM_NOACCESS(brk,size); + } + + else { + +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Morecore failure in sysmalloc\n"); +#endif + + /* Cannot merge with old top, so add its size back in */ + if (contiguous(av)) + size = (size + old_size + pagemask) & ~pagemask; + + /* If we are relying on mmap as backup, then use larger units */ + if ((CHUNK_SIZE_T)(size) < (CHUNK_SIZE_T)(MMAP_AS_MORECORE_SIZE)) + size = MMAP_AS_MORECORE_SIZE; + + /* Don't try if size wraps around 0 */ + if ((CHUNK_SIZE_T)(size) > (CHUNK_SIZE_T)(nb)) { + +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Try mmap in sysmalloc\n"); +#endif + brk = (char*)(MMAP(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE)); + + if (brk != (char*)(MORECORE_FAILURE)) { + + VALGRIND_MAKE_MEM_NOACCESS(brk,size); + + av->mmapped_mem += size; +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Mmapped successfully in sysmalloc %p\n", brk); +#endif + + /* We do not need, and cannot use, another sbrk call to find end */ + snd_brk = brk + size; + + /* + Record that we no longer have a contiguous sbrk region. + After the first time mmap is used as backup, we do not + ever rely on contiguous space since this could incorrectly + bridge regions. + */ + set_noncontiguous(av); + } + } + } + + if (brk != (char*)(MORECORE_FAILURE)) { +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Success path %lu allocated, sbrked %lu\n", + size, (unsigned long)av->sbrked_mem); +#endif + /* av->sbrked_mem += size; moved up */ + + /* + If MORECORE extends previous space, we can likewise extend top size. + */ + + if (brk == old_end && snd_brk == (char*)(MORECORE_FAILURE)) { + set_head(old_top, (size + old_size) | PREV_INUSE); +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Previous space extended\n"); +#endif + } + + /* + Otherwise, make adjustments: + + * If the first time through or noncontiguous, we need to call sbrk + just to find out where the end of memory lies. + + * We need to ensure that all returned chunks from malloc will meet + MALLOC_ALIGNMENT + + * If there was an intervening foreign sbrk, we need to adjust sbrk + request size to account for fact that we will not be able to + combine new space with existing space in old_top. + + * Almost all systems internally allocate whole pages at a time, in + which case we might as well use the whole last page of request. + So we allocate enough more memory to hit a page boundary now, + which in turn causes future contiguous calls to page-align. + */ + + else { + front_misalign = 0; + end_misalign = 0; + correction = 0; + aligned_brk = brk; + + /* + If MORECORE returns an address lower than we have seen before, + we know it isn't really contiguous. This and some subsequent + checks help cope with non-conforming MORECORE functions and + the presence of "foreign" calls to MORECORE from outside of + malloc or by other threads. We cannot guarantee to detect + these in all cases, but cope with the ones we do detect. + */ + if (contiguous(av) && old_size != 0 && brk < old_end) { + set_noncontiguous(av); + } + + /* handle contiguous cases */ + if (contiguous(av)) { + +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Handle contiguous cases\n"); +#endif + /* + We can tolerate forward non-contiguities here (usually due + to foreign calls) but treat them as part of our space for + stats reporting. + */ + if (old_size != 0) + av->sbrked_mem += brk - old_end; + + /* Guarantee alignment of first new chunk made from this space */ + + front_misalign = (INTERNAL_SIZE_T) brk & MALLOC_ALIGN_MASK; + if (front_misalign > 0) { + + /* + Skip over some bytes to arrive at an aligned position. + We don't need to specially mark these wasted front bytes. + They will never be accessed anyway because + prev_inuse of av->top (and any chunk created from its start) + is always true after initialization. + */ + + correction = MALLOC_ALIGNMENT - front_misalign; + aligned_brk += correction; + } + + /* + If this isn't adjacent to existing space, then we will not + be able to merge with old_top space, so must add to 2nd request. + */ + + correction += old_size; + + /* Extend the end address to hit a page boundary */ + end_misalign = (INTERNAL_SIZE_T)(brk + size + correction); + correction += ((end_misalign + pagemask) & ~pagemask) - end_misalign; + + assert(correction >= 0); + snd_brk = (char*)(MORECORE(correction)); + + if (snd_brk == (char*)(MORECORE_FAILURE)) { + /* + If can't allocate correction, try to at least find out current + brk. It might be enough to proceed without failing. + */ + correction = 0; + snd_brk = (char*)(MORECORE(0)); + } + else if (snd_brk < brk) { + /* + If the second call gives noncontiguous space even though + it says it won't, the only course of action is to ignore + results of second call, and conservatively estimate where + the first call left us. Also set noncontiguous, so this + won't happen again, leaving at most one hole. + + Note that this check is intrinsically incomplete. Because + MORECORE is allowed to give more space than we ask for, + there is no reliable way to detect a noncontiguity + producing a forward gap for the second call. + */ + snd_brk = brk + size; + correction = 0; + set_noncontiguous(av); + } + else { + VALGRIND_MAKE_MEM_NOACCESS(snd_brk,correction); + } + + } + + /* handle non-contiguous cases */ + else { + +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Handle non-contiguous cases\n"); +#endif + + /* MORECORE/mmap must correctly align */ + assert(aligned_OK(brk)); + + /* Find out current end of memory */ + if (snd_brk == (char*)(MORECORE_FAILURE)) { + snd_brk = (char*)(MORECORE(0)); + av->sbrked_mem += snd_brk - brk - size; + } +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Sbrked now %lu\n", (unsigned long)av->sbrked_mem); +#endif + } + + /* Adjust top based on results of second sbrk. + * + * If mmap() has been used as backup for failed morecore(), + * we end up in this branch as well. + */ + if (snd_brk != (char*)(MORECORE_FAILURE)) { +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Adjust top, correction %lu\n", correction); +#endif + /* hashtable_remove(chunk(av->top)); *//* rw 19.05.2008 removed */ + av->top = cireg_getfree(); + av->top->chunk = (mchunkptr)aligned_brk; + set_head(av->top, (snd_brk - aligned_brk + correction) | PREV_INUSE); +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Adjust top, top %p size %lu\n", + av->top, (unsigned long)chunksize(av->top)); +#endif + hashtable_add(av->top); + av->sbrked_mem += correction; + + /* + If not the first time through, we either have a + gap due to foreign sbrk or a non-contiguous region. Insert a + double fencepost at old_top to prevent consolidation with space + we don't own. These fenceposts are artificial chunks that are + marked as inuse. Original dlmalloc had two of these but too + small to use. To ensure that the linked lists contain a maximum + of 8 elements we only use 1. Inuse is determined by the + current rather than the next chunk anyway. + */ + + if (old_size != 0) { +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Shrink old_top to insert fenceposts\n"); +#endif + /* + Shrink old_top to insert fenceposts, keeping size a + multiple of MALLOC_ALIGNMENT. We know there is at least + enough space in old_top to do this. + */ +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Adjust top, old_top %p old_size before %lu\n", + old_top, (unsigned long)old_size); +#endif + old_size = (old_size - 4*SIZE_SZ) & ~MALLOC_ALIGN_MASK; + set_head(old_top, old_size | PREV_INUSE); +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Adjust top, old_size after %lu\n", + (unsigned long)old_size); +#endif + + /* + Note that the following assignments completely overwrite + old_top when old_size was previously MINSIZE. This is + intentional. We need the fencepost, even if old_top otherwise gets + lost. + */ + /* dnmalloc, we need the fencepost to be 16 bytes, however since + it's marked inuse it will never be coalesced + */ + fencepost = cireg_getfree(); + fencepost->chunk = (mchunkptr) chunk_at_offset(chunk(old_top), + old_size); + fencepost->size = 16|INUSE|PREV_INUSE; + hashtable_add(fencepost); + /* + If possible, release the rest, suppressing trimming. + */ + if (old_size >= MINSIZE) { + INTERNAL_SIZE_T tt = av->trim_threshold; +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Release\n"); +#endif + av->trim_threshold = (INTERNAL_SIZE_T)(-1); + set_head(old_top, old_size | PREV_INUSE | INUSE); + guard_set(av->guard_stored, old_top, 0, old_size); + VALGRIND_MALLOCLIKE_BLOCK(chunk(old_top), old_size, 0, 0); + fREe(chunk(old_top)); + av->trim_threshold = tt; +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Release done\n"); +#endif + } + +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Adjust top, size %lu\n", + (unsigned long)chunksize(av->top)); +#endif + + } /* fenceposts */ + } /* adjust top */ + } /* not extended previous region */ + + /* Update statistics */ /* FIXME check this */ + sum = av->sbrked_mem; + if (sum > (CHUNK_SIZE_T)(av->max_sbrked_mem)) + av->max_sbrked_mem = sum; + + sum += av->mmapped_mem; + if (sum > (CHUNK_SIZE_T)(av->max_total_mem)) + av->max_total_mem = sum; + + check_malloc_state(); + + /* finally, do the allocation */ + + p = av->top; + size = chunksize(p); + +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Size: %lu nb+MINSIZE: %lu\n", + (CHUNK_SIZE_T)(size), (CHUNK_SIZE_T)(nb + MINSIZE)); +#endif + + /* check that one of the above allocation paths succeeded */ + if ((CHUNK_SIZE_T)(size) >= (CHUNK_SIZE_T)(nb + MINSIZE)) { + remainder_size = size - nb; + remainder = cireg_getfree(); + remainder->chunk = chunk_at_offset(chunk(p), nb); + av->top = remainder; + set_head(p, nb | PREV_INUSE | INUSE); + set_head(remainder, remainder_size | PREV_INUSE); + hashtable_insert (p, av->top); + check_malloced_chunk(p, nb); +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Return any (total %lu)\n", + (unsigned long)/* size_t */av->max_total_mem ); +#endif + return chunk(p); + } + + } + +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Return failed (total %lu)\n", + (unsigned long)/* size_t */av->max_total_mem ); +#endif + + /* catch all failure paths */ + MALLOC_FAILURE_ACTION; + return 0; +} + + + + +/* + sYSTRIm is an inverse of sorts to sYSMALLOc. It gives memory back + to the system (via negative arguments to sbrk) if there is unused + memory at the `high' end of the malloc pool. It is called + automatically by free() when top space exceeds the trim + threshold. It is also called by the public malloc_trim routine. It + returns 1 if it actually released any memory, else 0. +*/ + +#if __STD_C +static int sYSTRIm(size_t pad, mstate av) +#else +static int sYSTRIm(pad, av) size_t pad; mstate av; +#endif +{ + long top_size; /* Amount of top-most memory */ + long extra; /* Amount to release */ + long released; /* Amount actually released */ + char* current_brk; /* address returned by pre-check sbrk call */ + char* new_brk; /* address returned by post-check sbrk call */ + size_t pagesz; + + pagesz = av->pagesize; + top_size = chunksize(av->top); + + /* Release in pagesize units, keeping at least one page */ + extra = ((top_size - pad - MINSIZE + (pagesz-1)) / pagesz - 1) * pagesz; + + if (extra > 0) { + + /* + Only proceed if end of memory is where we last set it. + This avoids problems if there were foreign sbrk calls. + */ + current_brk = (char*)(MORECORE(0)); + if (current_brk == (char*)(av->top) + top_size) { + + /* + Attempt to release memory. We ignore MORECORE return value, + and instead call again to find out where new end of memory is. + This avoids problems if first call releases less than we asked, + of if failure somehow altered brk value. (We could still + encounter problems if it altered brk in some very bad way, + but the only thing we can do is adjust anyway, which will cause + some downstream failure.) + */ + + MORECORE(-extra); + new_brk = (char*)(MORECORE(0)); + + if (new_brk != (char*)MORECORE_FAILURE) { + released = (long)(current_brk - new_brk); + + if (released != 0) { + /* Success. Adjust top. */ + av->sbrked_mem -= released; + set_head(av->top, (top_size - released) | PREV_INUSE); + check_malloc_state(); + return 1; + } + } + } + } + return 0; +} + +/* + ------------------------------ malloc ------------------------------ +*/ + + +#if __STD_C +DL_STATIC Void_t* mALLOc(size_t bytes) +#else +DL_STATIC Void_t* mALLOc(bytes) size_t bytes; +#endif +{ + mstate av = get_malloc_state(); + + INTERNAL_SIZE_T nb; /* normalized request size */ + unsigned int idx; /* associated bin index */ + mbinptr bin; /* associated bin */ + mfastbinptr* fb; /* associated fastbin */ + + chunkinfoptr victim; /* inspected/selected chunk */ + INTERNAL_SIZE_T size; /* its size */ + int victim_index; /* its bin index */ + + chunkinfoptr remainder; /* remainder from a split */ + CHUNK_SIZE_T remainder_size; /* its size */ + + unsigned int block; /* bit map traverser */ + unsigned int bit; /* bit map traverser */ + unsigned int map; /* current word of binmap */ + + chunkinfoptr fwd; /* misc temp for linking */ + chunkinfoptr bck; /* misc temp for linking */ + + Void_t* retval; + + /* chunkinfoptr next; */ + + + /* + Convert request size to internal form by adding SIZE_SZ bytes + overhead plus possibly more to obtain necessary alignment and/or + to obtain a size of at least MINSIZE, the smallest allocatable + size. Also, checked_request2size traps (returning 0) request sizes + that are so large that they wrap around zero when padded and + aligned. + */ +#if defined(SH_CUTEST) + extern int malloc_count; + ++malloc_count; +#endif + + checked_request2size(bytes, nb); + + /* + Bypass search if no frees yet + */ + if (av && have_anychunks(av)) { + goto av_initialized; + } + else { + if (!av || av->max_fast == 0) { /* initialization check */ + malloc_consolidate(av); + av = get_malloc_state(); + } + goto use_top; + } + + av_initialized: + + /* + If the size qualifies as a fastbin, first check corresponding bin. + */ + if ((CHUNK_SIZE_T)(nb) <= (CHUNK_SIZE_T)(av->max_fast)) { + fb = &(av->fastbins[(fastbin_index(nb))]); + if ( (victim = *fb) != 0) { + *fb = victim->fd; + check_remalloced_chunk(victim, nb); + guard_set(av->guard_stored, victim, bytes, nb); + VALGRIND_MALLOCLIKE_BLOCK(chunk(victim), bytes, 0, 0); + return chunk(victim); + } + } + + /* + If a small request, check regular bin. Since these "smallbins" + hold one size each, no searching within bins is necessary. + (For a large request, we need to wait until unsorted chunks are + processed to find best fit. But for small ones, fits are exact + anyway, so we can check now, which is faster.) + */ + + if (in_smallbin_range(nb)) { + idx = smallbin_index(nb); + bin = bin_at(av,idx); + + if ((victim = last(bin)) != bin) { + bck = victim->bk; + bin->bk = bck; + bck->fd = bin; + + set_all_inuse(victim); + + check_malloced_chunk(victim, nb); + guard_set(av->guard_stored, victim, bytes, nb); + VALGRIND_MALLOCLIKE_BLOCK(chunk(victim), bytes, 0, 0); + return chunk(victim); + } + } + + /* + If this is a large request, consolidate fastbins before continuing. + While it might look excessive to kill all fastbins before + even seeing if there is space available, this avoids + fragmentation problems normally associated with fastbins. + Also, in practice, programs tend to have runs of either small or + large requests, but less often mixtures, so consolidation is not + invoked all that often in most programs. And the programs that + it is called frequently in otherwise tend to fragment. + */ + + else { + idx = largebin_index(nb); + if (have_fastchunks(av)) + malloc_consolidate(av); + } + + /* + Process recently freed or remaindered chunks, taking one only if + it is exact fit, or, if this a small request, the chunk is remainder from + the most recent non-exact fit. Place other traversed chunks in + bins. Note that this step is the only place in any routine where + chunks are placed in bins. + */ + + while ( (victim = unsorted_chunks(av)->bk) != unsorted_chunks(av)) { + bck = victim->bk; + size = chunksize(victim); + + /* + If a small request, try to use last remainder if it is the + only chunk in unsorted bin. This helps promote locality for + runs of consecutive small requests. This is the only + exception to best-fit, and applies only when there is + no exact fit for a small chunk. + */ + + if (UNLIKELY(in_smallbin_range(nb) && + bck == unsorted_chunks(av) && + victim == av->last_remainder && + (CHUNK_SIZE_T)(size) > (CHUNK_SIZE_T)(nb + MINSIZE))) { + + /* split and reattach remainder */ + remainder_size = size - nb; + remainder = cireg_getfree(); + remainder->chunk = chunk_at_offset(chunk(victim), nb); + unsorted_chunks(av)->bk = unsorted_chunks(av)->fd = remainder; + av->last_remainder = remainder; + remainder->bk = remainder->fd = unsorted_chunks(av); + + set_head(victim, nb | PREV_INUSE|INUSE); + set_head(remainder, remainder_size | PREV_INUSE); + hashtable_insert(victim, remainder); + + check_malloced_chunk(victim, nb); + guard_set(av->guard_stored, victim, bytes, nb); + VALGRIND_MALLOCLIKE_BLOCK(chunk(victim), bytes, 0, 0); + return chunk(victim); + } + + /* remove from unsorted list */ + unsorted_chunks(av)->bk = bck; + bck->fd = unsorted_chunks(av); + + /* Take now instead of binning if exact fit */ + + if (UNLIKELY(size == nb)) { + set_all_inuse(victim) + check_malloced_chunk(victim, nb); + guard_set(av->guard_stored, victim, bytes, nb); + VALGRIND_MALLOCLIKE_BLOCK(chunk(victim), bytes, 0, 0); + return chunk(victim); + } + + /* place chunk in bin */ + + if (in_smallbin_range(size)) { + + victim_index = smallbin_index(size); + bck = bin_at(av, victim_index); + fwd = bck->fd; + } + else { + victim_index = largebin_index(size); + bck = bin_at(av, victim_index); + fwd = bck->fd; + + if (UNLIKELY(fwd != bck)) { + /* if smaller than smallest, place first */ + if ((CHUNK_SIZE_T)(size) < (CHUNK_SIZE_T)(bck->bk->size)) { + fwd = bck; + bck = bck->bk; + } + else if ((CHUNK_SIZE_T)(size) >= + (CHUNK_SIZE_T)(FIRST_SORTED_BIN_SIZE)) { + + /* maintain large bins in sorted order */ + size |= PREV_INUSE|INUSE; /* Or with inuse bits to speed comparisons */ + while ((CHUNK_SIZE_T)(size) < (CHUNK_SIZE_T)(fwd->size)) + fwd = fwd->fd; + bck = fwd->bk; + } + } + } + + mark_bin(av, victim_index); + victim->bk = bck; + victim->fd = fwd; + fwd->bk = victim; + bck->fd = victim; + } + + /* + If a large request, scan through the chunks of current bin to + find one that fits. (This will be the smallest that fits unless + FIRST_SORTED_BIN_SIZE has been changed from default.) This is + the only step where an unbounded number of chunks might be + scanned without doing anything useful with them. However the + lists tend to be short. + */ + + if (!in_smallbin_range(nb)) { + bin = bin_at(av, idx); + + victim = last(bin); + + if (UNLIKELY(victim != bin)) { + + do { + size = chunksize(victim); + + if ((CHUNK_SIZE_T)(size) >= (CHUNK_SIZE_T)(nb)) { + remainder_size = size - nb; + unlink(victim, bck, fwd); + + /* Split */ + if (remainder_size >= MINSIZE) { + remainder = cireg_getfree(); + remainder->chunk = chunk_at_offset(chunk(victim), nb); + unsorted_chunks(av)->bk = unsorted_chunks(av)->fd = remainder; + remainder->bk = remainder->fd = unsorted_chunks(av); + set_head(victim, nb | PREV_INUSE | INUSE); + set_head(remainder, remainder_size | PREV_INUSE); + hashtable_insert(victim, remainder); + check_malloced_chunk(victim, nb); + guard_set(av->guard_stored, victim, bytes, nb); + VALGRIND_MALLOCLIKE_BLOCK(chunk(victim), bytes, 0, 0); + return chunk(victim); + } + /* Exhaust */ + else { + set_all_inuse(victim); + check_malloced_chunk(victim, nb); + guard_set(av->guard_stored, victim, bytes, nb); + VALGRIND_MALLOCLIKE_BLOCK(chunk(victim), bytes, 0, 0); + return chunk(victim); + } + } + victim = victim->bk; + } while(victim != bin); + } + } + + /* + Search for a chunk by scanning bins, starting with next largest + bin. This search is strictly by best-fit; i.e., the smallest + (with ties going to approximately the least recently used) chunk + that fits is selected. + + The bitmap avoids needing to check that most blocks are nonempty. + */ + + + ++idx; + bin = bin_at(av,idx); + block = idx2block(idx); + map = av->binmap[block]; + bit = idx2bit(idx); + + for (;;) { + + /* Skip rest of block if there are no more set bits in this block. */ + if (bit > map || bit == 0) { + do { + if (++block >= BINMAPSIZE) /* out of bins */ + goto use_top; + } while ( (map = av->binmap[block]) == 0); + + bin = bin_at(av, (block << BINMAPSHIFT)); + bit = 1; + } + + /* Advance to bin with set bit. There must be one. */ + while ((bit & map) == 0) { + bin = next_bin(bin); + bit <<= 1; + assert(bit != 0); + } + + /* Inspect the bin. It is likely to be non-empty */ + victim = last(bin); + + /* If a false alarm (empty bin), clear the bit. */ + if (victim == bin) { + av->binmap[block] = map &= ~bit; /* Write through */ + bin = next_bin(bin); + bit <<= 1; + } + + else { + size = chunksize(victim); + + /* We know the first chunk in this bin is big enough to use. */ + assert((CHUNK_SIZE_T)(size) >= (CHUNK_SIZE_T)(nb)); + + remainder_size = size - nb; + + /* unlink */ + bck = victim->bk; + bin->bk = bck; + bck->fd = bin; + + /* Split */ + if (remainder_size >= MINSIZE) { + remainder = cireg_getfree(); + remainder->chunk = chunk_at_offset(chunk(victim), nb); + + unsorted_chunks(av)->bk = unsorted_chunks(av)->fd = remainder; + remainder->bk = remainder->fd = unsorted_chunks(av); + /* advertise as last remainder */ + if (in_smallbin_range(nb)) + av->last_remainder = remainder; + + set_head(victim, nb | PREV_INUSE | INUSE); + set_head(remainder, remainder_size | PREV_INUSE); + hashtable_insert(victim, remainder); + check_malloced_chunk(victim, nb); + guard_set(av->guard_stored, victim, bytes, nb); + VALGRIND_MALLOCLIKE_BLOCK(chunk(victim), bytes, 0, 0); + return chunk(victim); + } + /* Exhaust */ + else { + set_all_inuse(victim); + check_malloced_chunk(victim, nb); + guard_set(av->guard_stored, victim, bytes, nb); + VALGRIND_MALLOCLIKE_BLOCK(chunk(victim), bytes, 0, 0); + return chunk(victim); + } + + } + } + + use_top: + + + /* + If large enough, split off the chunk bordering the end of memory + (held in av->top). Note that this is in accord with the best-fit + search rule. In effect, av->top is treated as larger (and thus + less well fitting) than any other available chunk since it can + be extended to be as large as necessary (up to system + limitations). + + We require that av->top always exists (i.e., has size >= + MINSIZE) after initialization, so if it would otherwise be + exhuasted by current request, it is replenished. (The main + reason for ensuring it exists is that we may need MINSIZE space + to put in fenceposts in sysmalloc.) + */ + + victim = av->top; + size = chunksize(victim); + + if ((CHUNK_SIZE_T)(size) >= (CHUNK_SIZE_T)(nb + MINSIZE)) { + remainder = cireg_getfree(); + remainder_size = size - nb; + remainder->chunk = chunk_at_offset(chunk(victim), nb); + av->top = remainder; + set_head(victim, nb | PREV_INUSE | INUSE); + set_head(remainder, remainder_size | PREV_INUSE); + hashtable_insert(victim, remainder); + check_malloced_chunk(victim, nb); + guard_set(av->guard_stored, victim, bytes, nb); + VALGRIND_MALLOCLIKE_BLOCK(chunk(victim), bytes, 0, 0); + return chunk(victim); + } + + /* + If no space in top, relay to handle system-dependent cases + */ + retval = sYSMALLOc(nb, av); + if (retval) { + victim = mem2chunk(retval); + guard_set(av->guard_stored, victim, bytes, nb); + } + VALGRIND_MALLOCLIKE_BLOCK(retval, bytes, 0, 0); + return retval; +} + +/* + ------------------------------ free ------------------------------ +*/ + +#if __STD_C +DL_STATIC void fREe(Void_t* mem) +#else +DL_STATIC void fREe(mem) Void_t* mem; +#endif +{ + mstate av = get_malloc_state(); + + chunkinfoptr p; /* chunk corresponding to mem */ + INTERNAL_SIZE_T size; /* its size */ + mfastbinptr* fb; /* associated fastbin */ + chunkinfoptr prevchunk; /* previous physical chunk */ + chunkinfoptr nextchunk; /* next contiguous chunk */ + INTERNAL_SIZE_T nextsize; /* its size */ + INTERNAL_SIZE_T prevsize; /* size of previous contiguous chunk */ + chunkinfoptr bck; /* misc temp for linking */ + chunkinfoptr fwd; /* misc temp for linking */ + chunkinfoptr next; +#if defined(SH_CUTEST) + extern int malloc_count; + --malloc_count; +#endif + + /* free(0) has no effect */ + if (mem != 0) { + p = hashtable_lookup(mem); + /* check that memory is managed by us + * and is inuse + */ + if (UNLIKELY(!p || !inuse(p))) + { +#ifdef DNMALLOC_CHECKS + if (p) { + fprintf(stderr, "Attempt to free memory not in use\n"); + abort(); + } else { + fprintf(stderr, "Attempt to free memory not allocated\n"); + abort(); + } +#endif + assert(p && inuse(p)); + return; + } + + VALGRIND_FREELIKE_BLOCK(mem, 0); + + guard_check(av->guard_stored, p); + + size = chunksize(p); + + check_inuse_chunk(p); + + /* + If eligible, place chunk on a fastbin so it can be found + and used quickly in malloc. + */ + + if ((CHUNK_SIZE_T)(size) <= (CHUNK_SIZE_T)(av->max_fast) + +#if TRIM_FASTBINS + /* + If TRIM_FASTBINS set, don't place chunks + bordering top into fastbins + */ + && (chunk_at_offset(chunk(p), size) != av->top) +#endif + ) { + + set_fastchunks(av); + fb = &(av->fastbins[fastbin_index(size)]); + p->fd = *fb; + *fb = p; + } + + /* + Consolidate other non-mmapped chunks as they arrive. + */ + + else if (!chunk_is_mmapped(p)) { + set_anychunks(av); + + nextchunk = next_chunkinfo(p); + if (nextchunk) + nextsize = chunksize(nextchunk); + else + nextsize = 0;/* gcc doesn't notice that it's only used if (nextchunk)*/ + + /* consolidate backward */ + if (UNLIKELY(!prev_inuse(p))) { + prevchunk = prev_chunkinfo(p); + prevsize = chunksize(prevchunk); +#ifdef DNMALLOC_CHECKS + if (inuse(prevchunk)) { + fprintf(stderr, "Dnmalloc error: trying to unlink an inuse chunk: %p (chunk: %p)\n This is definitely a bug, please report it to dnmalloc@fort-knox.org.\n", prevchunk, chunk(prevchunk)); + abort(); + } +#else + assert(!inuse(prevchunk)); +#endif + size += prevsize; + unlink(prevchunk, bck, fwd); + set_head(p, size | PREV_INUSE); + hashtable_skiprm(prevchunk,p); + /* This chunk no longer exists in any form: release the chunkinfoptr + */ + freecilst_add(p); + p = prevchunk; + } + + if (nextchunk) { + if (nextchunk != av->top) { + /* get and clear inuse bit */ + clear_previnuse(nextchunk); + + /* consolidate forward */ + if (!inuse(nextchunk)) { + unlink(nextchunk, bck, fwd); + size += nextsize; + set_head(p, size | PREV_INUSE); + hashtable_skiprm(p, nextchunk); + freecilst_add (nextchunk); + } + + set_head(p, size | PREV_INUSE); + next = next_chunkinfo(p); + if (next) + next->prev_size = size; + + /* + Place the chunk in unsorted chunk list. Chunks are + not placed into regular bins until after they have + been given one chance to be used in malloc. + */ + + bck = unsorted_chunks(av); + fwd = bck->fd; + p->bk = bck; + p->fd = fwd; + bck->fd = p; + fwd->bk = p; + + nextchunk = next_chunkinfo(p); + if (nextchunk) + nextchunk->prev_size = chunksize(p); + + check_free_chunk(p); + } + + /* + If the chunk borders the current high end of memory, + consolidate into top + */ + + else { + size += nextsize; + set_head(p, size | PREV_INUSE); + hashtable_remove(chunk(av->top)); + freecilst_add(av->top); + av->top = p; + check_chunk(p); + } + } /* if (nextchunk) */ + + /* + If freeing a large space, consolidate possibly-surrounding + chunks. Then, if the total unused topmost memory exceeds trim + threshold, ask malloc_trim to reduce top. + + Unless max_fast is 0, we don't know if there are fastbins + bordering top, so we cannot tell for sure whether threshold + has been reached unless fastbins are consolidated. But we + don't want to consolidate on each free. As a compromise, + consolidation is performed if FASTBIN_CONSOLIDATION_THRESHOLD + is reached. + */ + + if (UNLIKELY((CHUNK_SIZE_T)(size) >= FASTBIN_CONSOLIDATION_THRESHOLD)) { + if (have_fastchunks(av)) + malloc_consolidate(av); + +#ifndef MORECORE_CANNOT_TRIM + if ((CHUNK_SIZE_T)(chunksize(av->top)) >= + (CHUNK_SIZE_T)(av->trim_threshold)) + { + if (morecore32bit(av)) + { +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Calling systrim from free()\n"); +#endif + sYSTRIm(av->top_pad, av); +#ifdef DNMALLOC_DEBUG + fprintf(stderr, "Systrim done\n"); +#endif + } + } +#endif + } + + } + /* + If the chunk was allocated via mmap, release via munmap() + Note that if HAVE_MMAP is false but chunk_is_mmapped is + true, then user must have overwritten memory. There's nothing + we can do to catch this error unless DEBUG is set, in which case + check_inuse_chunk (above) will have triggered error. + */ + + else { + int ret; + INTERNAL_SIZE_T offset = (INTERNAL_SIZE_T) p->hash_next; + av->n_mmaps--; + av->mmapped_mem -= (size + offset); + ret = munmap((char*) chunk(p) - offset, size + offset); + hashtable_remove_mmapped(chunk(p)); + freecilst_add(p); + /* munmap returns non-zero on failure */ + assert(ret == 0); + } + } +} + +/* + ------------------------- malloc_consolidate ------------------------- + + malloc_consolidate is a specialized version of free() that tears + down chunks held in fastbins. Free itself cannot be used for this + purpose since, among other things, it might place chunks back onto + fastbins. So, instead, we need to use a minor variant of the same + code. + + Also, because this routine needs to be called the first time through + malloc anyway, it turns out to be the perfect place to trigger + initialization code. +*/ + +#if __STD_C +static void malloc_consolidate(mstate av) +#else +static void malloc_consolidate(av) mstate av; +#endif +{ + mfastbinptr* fb; /* current fastbin being consolidated */ + mfastbinptr* maxfb; /* last fastbin (for loop control) */ + chunkinfoptr p; /* current chunk being consolidated */ + chunkinfoptr nextp; /* next chunk to consolidate */ + chunkinfoptr prevp; + chunkinfoptr unsorted_bin; /* bin header */ + chunkinfoptr first_unsorted; /* chunk to link to */ + + /* These have same use as in free() */ + chunkinfoptr nextchunk; + INTERNAL_SIZE_T size; + INTERNAL_SIZE_T nextsize; + INTERNAL_SIZE_T prevsize; + chunkinfoptr bck; + chunkinfoptr fwd; + chunkinfoptr next; + + /* + If max_fast is 0, we know that av hasn't + yet been initialized, in which case do so below + */ + if (av && av->max_fast != 0) { + + clear_fastchunks(av); + + unsorted_bin = unsorted_chunks(av); + + /* + Remove each chunk from fast bin and consolidate it, placing it + then in unsorted bin. Among other reasons for doing this, + placing in unsorted bin avoids needing to calculate actual bins + until malloc is sure that chunks aren't immediately going to be + reused anyway. + */ + + maxfb = &(av->fastbins[fastbin_index(av->max_fast)]); + fb = &(av->fastbins[0]); + do { + if ( UNLIKELY((p = *fb) != 0)) { + *fb = 0; + do { + check_inuse_chunk(p); + nextp = p->fd; + + /* + * Slightly streamlined version of consolidation code in free() + */ + + size = chunksize(p); + nextchunk = next_chunkinfo(p); + + /* gcc doesn't notice that it's only used if (nextchunk) */ + if (nextchunk) + nextsize = chunksize(nextchunk); + else + nextsize = 0; + + if (!prev_inuse(p)) { + prevp = prev_chunkinfo(p); + prevsize = chunksize(prevp); + size += prevsize; +#ifdef DNMALLOC_CHECKS + if (inuse(prevp)) { + fprintf(stderr, "Dnmalloc error: trying to unlink an inuse chunk (2): %p (chunk: %p)\n This is definitely a bug, please report it to dnmalloc@fort-knox.org.\n", prevp, chunk(prevp)); + abort(); + } +#else + assert(!inuse(prevp)); +#endif + unlink(prevp, bck, fwd); + set_head(p, size | PREV_INUSE); + hashtable_skiprm(prevp,p); + freecilst_add(p); + p=prevp; + } + + if (nextchunk) { + if (nextchunk != av->top) { + + clear_previnuse(nextchunk); + + /* if mmap is used instead of sbrk, we may have a + * chunk with !nextchunk->fd && !nextchunk->bk + */ + if (!inuse(nextchunk)) { + if( nextchunk->fd && nextchunk->bk) { + size += nextsize; + unlink(nextchunk, bck, fwd); + set_head(p, size | PREV_INUSE); + hashtable_skiprm(p,nextchunk); + freecilst_add(nextchunk); + } + } + + first_unsorted = unsorted_bin->fd; + unsorted_bin->fd = p; + first_unsorted->bk = p; + + set_head(p, size | PREV_INUSE); + p->bk = unsorted_bin; + p->fd = first_unsorted; + next = next_chunkinfo(p); + if (next) + next->prev_size = size; + + + } + + else if (nextchunk == av->top) { + size += nextsize; + set_head(p, size | PREV_INUSE); + hashtable_remove(chunk(av->top)); + freecilst_add(av->top); + av->top = p; + } + } /* if (nextchunk) */ + + } while ( (p = nextp) != 0); + + } + } while (fb++ != maxfb); + } + else { + // Initialize dnmalloc + dnmalloc_init(); + malloc_init_state(get_malloc_state()); + check_malloc_state(); + } +} + +/* + ------------------------------ realloc ------------------------------ +*/ + + +#if __STD_C +DL_STATIC Void_t* rEALLOc(Void_t* oldmem, size_t bytes) +#else +DL_STATIC Void_t* rEALLOc(oldmem, bytes) Void_t* oldmem; size_t bytes; +#endif +{ + mstate av = get_malloc_state(); + + INTERNAL_SIZE_T nb; /* padded request size */ + + chunkinfoptr oldp; /* chunk corresponding to oldmem */ + INTERNAL_SIZE_T oldsize; /* its size */ + + chunkinfoptr newp; /* chunk to return */ + INTERNAL_SIZE_T newsize; /* its size */ + Void_t* newmem; /* corresponding user mem */ + + chunkinfoptr next; /* next contiguous chunk after oldp */ + + chunkinfoptr remainder; /* extra space at end of newp */ + CHUNK_SIZE_T remainder_size; /* its size */ + + chunkinfoptr bck; /* misc temp for linking */ + chunkinfoptr fwd; /* misc temp for linking */ + + CHUNK_SIZE_T copysize; /* bytes to copy */ + unsigned int ncopies; /* INTERNAL_SIZE_T words to copy */ + INTERNAL_SIZE_T* s; /* copy source */ + INTERNAL_SIZE_T* d; /* copy destination */ + + +#ifdef REALLOC_ZERO_BYTES_FREES + if (UNLIKELY(bytes == 0)) { + fREe(oldmem); + return 0; + } +#endif + + if (UNLIKELY(!av || av->max_fast == 0)) { + malloc_consolidate(av); + av = get_malloc_state(); + } + + /* realloc of null is supposed to be same as malloc */ + if (UNLIKELY(oldmem == 0)) + return mALLOc(bytes); + + checked_request2size(bytes, nb); + + oldp = hashtable_lookup(oldmem); + + if (UNLIKELY(!oldp || !inuse(oldp))){ + /* attempt to either realloc memory not managed by us + * or memory that is not in use + */ +#ifdef DNMALLOC_CHECKS + if (oldp) { + fprintf(stderr, "Attempt to free memory not in use\n"); + abort(); + } else { + fprintf(stderr, "Attempt to free memory not allocated\n"); + abort(); + } +#endif + assert(oldp && inuse(oldp)); + return 0; + } + + VALGRIND_FREELIKE_BLOCK(oldmem, 0); + guard_check(av->guard_stored, oldp); + + oldsize = chunksize(oldp); + + check_inuse_chunk(oldp); + + if (!chunk_is_mmapped(oldp)) { + + if (UNLIKELY((CHUNK_SIZE_T)(oldsize) >= (CHUNK_SIZE_T)(nb))) { + /* already big enough; split below */ + newp = oldp; + newsize = oldsize; + } + + else { + next = next_chunkinfo(oldp); + if (next) + next->prev_size = oldsize; + /* Try to expand forward into top */ + if (next && next == av->top && + (CHUNK_SIZE_T)(newsize = oldsize + chunksize(next)) >= + (CHUNK_SIZE_T)(nb + MINSIZE)) { + set_head_size(oldp, nb); + hashtable_remove(chunk(av->top)); + av->top->chunk = chunk_at_offset(chunk(oldp), nb); + set_head(av->top, (newsize - nb) | PREV_INUSE); + /* av->top->chunk has been moved move in hashtable */ + hashtable_insert(oldp, av->top); + guard_set(av->guard_stored, oldp, bytes, nb); + VALGRIND_MALLOCLIKE_BLOCK(chunk(oldp), bytes, 0, 0); + return chunk(oldp); + } + + /* Try to expand forward into next chunk; split off remainder below */ + else if (next && next != av->top && + !inuse(next) && + (CHUNK_SIZE_T)(newsize = oldsize + chunksize(next)) >= + (CHUNK_SIZE_T)(nb)) { + newp = oldp; + unlink(next, bck, fwd); + hashtable_remove(chunk(next)); + freecilst_add(next); + next = next_chunkinfo(oldp); + if (next) + next->prev_size = newsize; + } + + /* allocate, copy, free */ + else { + + newmem = mALLOc(nb - MALLOC_ALIGN_MASK); + if (newmem == 0) + return 0; /* propagate failure */ + + newp = hashtable_lookup(newmem); + newsize = chunksize(newp); + + + /* next = next_chunkinfo(oldp); *//* 'next' never used rw 19.05.2008 */ + /* + Avoid copy if newp is next chunk after oldp. + */ + if (UNLIKELY(is_next_chunk(oldp, newp))) { + newsize += oldsize; + set_head_size(oldp, newsize); + hashtable_skiprm(oldp, newp); + freecilst_add(newp); + newp = oldp; + } + else { + /* + Unroll copy of <= 40 bytes (80 if 8byte sizes) + We know that contents have an even number of + INTERNAL_SIZE_T-sized words; minimally 4 (2 on amd64). + */ + + VALGRIND_MALLOCLIKE_BLOCK(chunk(oldp), chunksize(oldp), 0, 0); + + copysize = oldsize; + s = (INTERNAL_SIZE_T*)(oldmem); + d = (INTERNAL_SIZE_T*)(newmem); + ncopies = copysize / sizeof(INTERNAL_SIZE_T); + assert(ncopies >= 2); + + if (ncopies > 10) + MALLOC_COPY(d, s, copysize); + + else { + *(d+0) = *(s+0); + *(d+1) = *(s+1); + if (ncopies > 2) { + *(d+2) = *(s+2); + *(d+3) = *(s+3); + if (ncopies > 4) { + *(d+4) = *(s+4); + *(d+5) = *(s+5); + if (ncopies > 6) { + *(d+6) = *(s+6); + *(d+7) = *(s+7); + if (ncopies > 8) { + *(d+8) = *(s+8); + *(d+9) = *(s+9); + } + } + } + } + } + + fREe(oldmem); + check_inuse_chunk(newp); + guard_set(av->guard_stored, newp, bytes, nb); + return chunk(newp); + } + } + } + + /* If possible, free extra space in old or extended chunk */ + + assert((CHUNK_SIZE_T)(newsize) >= (CHUNK_SIZE_T)(nb)); + + remainder_size = newsize - nb; + + if (remainder_size >= MINSIZE) { /* split remainder */ + remainder = cireg_getfree(); + remainder->chunk = chunk_at_offset(chunk(newp), nb); + set_head_size(newp, nb); + set_head(remainder, remainder_size | PREV_INUSE | INUSE); + remainder->prev_size = nb; + hashtable_insert(newp, remainder); + /* Mark remainder as inuse so free() won't complain */ + set_all_inuse(remainder); + guard_set(av->guard_stored, remainder, 0, remainder_size); + VALGRIND_MALLOCLIKE_BLOCK(chunk(remainder), remainder_size, 0, 0); + fREe(chunk(remainder)); + } + else { /* not enough extra to split off */ + set_head_size(newp, newsize); + set_all_inuse(newp); + } + + check_inuse_chunk(newp); + guard_set(av->guard_stored, newp, bytes, nb); + VALGRIND_MALLOCLIKE_BLOCK(chunk(newp), bytes, 0, 0); + return chunk(newp); + } + + /* + Handle mmap cases + */ + + else { + +#if HAVE_MREMAP + INTERNAL_SIZE_T offset = (INTERNAL_SIZE_T) oldp->hash_next; + size_t pagemask = av->pagesize - 1; + char *cp; + CHUNK_SIZE_T sum; + + + /* Note the extra SIZE_SZ overhead */ + //newsize = (nb + offset + SIZE_SZ + pagemask) & ~pagemask; + newsize = (nb + offset + pagemask) & ~pagemask; + + /* don't need to remap if still within same page */ + if (oldsize == newsize - offset) + { + guard_set(av->guard_stored, oldp, bytes, nb); + VALGRIND_FREELIKE_BLOCK(oldmem, 0); + VALGRIND_MALLOCLIKE_BLOCK(oldmem, bytes, 0, 0); + return oldmem; + } + + cp = (char*)mremap((char*)chunk(oldp) - offset, oldsize + offset, newsize, 1); + + if (cp != (char*)MORECORE_FAILURE) { + + hashtable_remove_mmapped(chunk(oldp)); + + oldp->chunk = (mchunkptr)(cp + offset); + set_head(oldp, (newsize - offset)|IS_MMAPPED|INUSE); + + hashtable_add(oldp); + + assert(aligned_OK(chunk(oldp))); /* rw fix: newp -> oldp */ + assert(( ((INTERNAL_SIZE_T) oldp->hash_next) == offset)); + + /* update statistics */ + sum = av->mmapped_mem += newsize - oldsize; + if (sum > (CHUNK_SIZE_T)(av->max_mmapped_mem)) + av->max_mmapped_mem = sum; + sum += av->sbrked_mem; + if (sum > (CHUNK_SIZE_T)(av->max_total_mem)) + av->max_total_mem = sum; + + guard_set(av->guard_stored, oldp, bytes, nb); + VALGRIND_FREELIKE_BLOCK(oldmem, 0); + VALGRIND_MALLOCLIKE_BLOCK(chunk(oldp), bytes, 0, 0); + return chunk(oldp); + } +#endif /* have MREMAP */ + + /* Note the extra SIZE_SZ overhead. */ + if ((CHUNK_SIZE_T)(oldsize) >= (CHUNK_SIZE_T)(nb + SIZE_SZ)) + newmem = oldmem; /* do nothing */ + else { + /* Must alloc, copy, free. */ + newmem = mALLOc(nb - MALLOC_ALIGN_MASK); + if (newmem != 0) { + MALLOC_COPY(newmem, oldmem, oldsize); + fREe(oldmem); + } + } + VALGRIND_MALLOCLIKE_BLOCK(newmem, bytes, 0, 0); + guard_set(av->guard_stored, mem2chunk(newmem), bytes, nb); + return newmem; + } +} + +/* + ---------------------------posix_memalign ---------------------------- +*/ + +#if __STD_C +DL_STATIC int posix_mEMALIGn(Void_t** memptr, size_t alignment, size_t bytes) +#else +DL_STATIC int posix_mEMALIGn(memptr, alignment, bytes) Void_t** memptr; size_t alignment; size_t bytes; +#endif +{ + mstate av; + + if (alignment % sizeof(void *) != 0) + return EINVAL; + if ((alignment & (alignment - 1)) != 0) + return EINVAL; + + av = get_malloc_state(); + if (!av || av->max_fast == 0) malloc_consolidate(av); + *memptr = mEMALIGn(alignment, bytes); + + return (*memptr != NULL ? 0 : ENOMEM); +} + +/* + ------------------------------ memalign ------------------------------ +*/ + +#if __STD_C +DL_STATIC Void_t* mEMALIGn(size_t alignment, size_t bytes) +#else +DL_STATIC Void_t* mEMALIGn(alignment, bytes) size_t alignment; size_t bytes; +#endif +{ + INTERNAL_SIZE_T nb; /* padded request size */ + char* m; /* memory returned by malloc call */ + chunkinfoptr p; /* corresponding chunk */ + char* brk; /* alignment point within p */ + chunkinfoptr newp; /* chunk to return */ + INTERNAL_SIZE_T newsize; /* its size */ + INTERNAL_SIZE_T leadsize; /* leading space before alignment point */ + chunkinfoptr remainder; /* spare room at end to split off */ + CHUNK_SIZE_T remainder_size; /* its size */ + INTERNAL_SIZE_T size; + mstate av; + + /* If need less alignment than we give anyway, just relay to malloc */ + + if (UNLIKELY(alignment <= MALLOC_ALIGNMENT)) return mALLOc(bytes); + + /* Otherwise, ensure that it is at least a minimum chunk size */ + + if (alignment < MINSIZE) alignment = MINSIZE; + + /* Make sure alignment is power of 2 (in case MINSIZE is not). */ + if (UNLIKELY((alignment & (alignment - 1)) != 0)) { + size_t a = MALLOC_ALIGNMENT * 2; + while ((CHUNK_SIZE_T)a < (CHUNK_SIZE_T)alignment) a <<= 1; + alignment = a; + } + + checked_request2size(bytes, nb); + + /* + Strategy: find a spot within that chunk that meets the alignment + request, and then possibly free the leading and trailing space. + */ + + + /* Call malloc with worst case padding to hit alignment. */ + + m = (char*)(mALLOc(nb + alignment + MINSIZE)); + + if (m == 0) return 0; /* propagate failure */ + + av = get_malloc_state(); + + p = hashtable_lookup((mchunkptr) m); + + if ((((PTR_UINT)(m)) % alignment) != 0) { /* misaligned */ + + /* + Find an aligned spot inside chunk. Since we need to give back + leading space in a chunk of at least MINSIZE, if the first + calculation places us at a spot with less than MINSIZE leader, + we can move to the next aligned spot -- we've allocated enough + total room so that this is always possible. + */ + + brk = (char*) ((PTR_UINT)(((PTR_UINT)(m + alignment - 1)) & + -((signed long) alignment))); + if ((CHUNK_SIZE_T)(brk - (char*)(chunk(p))) < MINSIZE) + brk += alignment; + + newp = cireg_getfree(); + newp->chunk = (mchunkptr)brk; + leadsize = brk - (char*)(chunk(p)); + newsize = chunksize(p) - leadsize; + + /* For mmapped chunks, just adjust offset */ + if (UNLIKELY(chunk_is_mmapped(p))) { + newp->hash_next = (chunkinfoptr) (((INTERNAL_SIZE_T) p->hash_next) + leadsize); + set_head(newp, newsize|IS_MMAPPED|INUSE); + hashtable_remove_mmapped(chunk(p)); + freecilst_add(p); + hashtable_add(newp); + guard_set(av->guard_stored, newp, bytes, nb); + return chunk(newp); + } + + /* Otherwise, give back leader, use the rest */ + set_head(newp, newsize | PREV_INUSE | INUSE); + set_head_size(p, leadsize); + set_all_inuse(newp); + hashtable_add(newp); /* 20.05.2008 rw */ + guard_set(av->guard_stored, p, 0, leadsize); + fREe(chunk(p)); + p = newp; + + assert (newsize >= nb && + (((PTR_UINT)(chunk(p))) % alignment) == 0); + } + + /* Also give back spare room at the end */ + if (!chunk_is_mmapped(p)) { + size = chunksize(p); + if ((CHUNK_SIZE_T)(size) > (CHUNK_SIZE_T)(nb + MINSIZE)) { + remainder = cireg_getfree(); + remainder_size = size - nb; + remainder->chunk = chunk_at_offset(chunk(p), nb); + set_head(remainder, remainder_size | PREV_INUSE | INUSE); + set_head_size(p, nb); + hashtable_add(remainder); /* 20.05.2008 rw */ + guard_set(av->guard_stored, remainder, 0, remainder_size); + fREe(chunk(remainder)); + } + } + + check_inuse_chunk(p); + guard_set(av->guard_stored, p, bytes, nb); + return chunk(p); +} + +/* + ------------------------------ calloc ------------------------------ +*/ + +#if __STD_C +DL_STATIC Void_t* cALLOc(size_t n_elements, size_t elem_size) +#else +DL_STATIC Void_t* cALLOc(n_elements, elem_size) size_t n_elements; size_t elem_size; +#endif +{ + chunkinfoptr p; + CHUNK_SIZE_T clearsize; + CHUNK_SIZE_T nclears; + INTERNAL_SIZE_T* d; + Void_t* mem; + + + mem = mALLOc(n_elements * elem_size); + + if (mem != 0) { + p = hashtable_lookup(mem); + + if (!chunk_is_mmapped(p)) + { + /* + Unroll clear of <= 40 bytes (80 if 8byte sizes) + We know that contents have an even number of + INTERNAL_SIZE_T-sized words; minimally 4 (2 on amd64). + */ + + d = (INTERNAL_SIZE_T*)mem; + clearsize = chunksize(p); + nclears = clearsize / sizeof(INTERNAL_SIZE_T); + assert(nclears >= 2); + + if (nclears > 10) { + MALLOC_ZERO(d, clearsize); + } + + else { + *(d+0) = 0; + *(d+1) = 0; + if (nclears > 2) { + *(d+2) = 0; + *(d+3) = 0; + if (nclears > 4) { + *(d+4) = 0; + *(d+5) = 0; + if (nclears > 6) { + *(d+6) = 0; + *(d+7) = 0; + if (nclears > 8) { + *(d+8) = 0; + *(d+9) = 0; + } + } + } + } + } + } +#if ! MMAP_CLEARS + else + { + d = (INTERNAL_SIZE_T*)mem; + clearsize = chunksize(p); + MALLOC_ZERO(d, clearsize); + } +#endif + /* Set guard again, since we just cleared it + */ + guard_set(get_malloc_state()->guard_stored, p, (n_elements * elem_size), p->size); + } + + return mem; +} + +/* + ------------------------------ valloc ------------------------------ +*/ + +#if __STD_C +DL_STATIC Void_t* vALLOc(size_t bytes) +#else +DL_STATIC Void_t* vALLOc(bytes) size_t bytes; +#endif +{ + /* Ensure initialization */ + mstate av = get_malloc_state(); + if (!av || av->max_fast == 0) { + malloc_consolidate(av); + av = get_malloc_state(); + } + return mEMALIGn(av->pagesize, bytes); +} + +/* + ------------------------------ pvalloc ------------------------------ +*/ + + +#if __STD_C +DL_STATIC Void_t* pVALLOc(size_t bytes) +#else +DL_STATIC Void_t* pVALLOc(bytes) size_t bytes; +#endif +{ + mstate av = get_malloc_state(); + size_t pagesz; + + /* Ensure initialization */ + if (!av || av->max_fast == 0) { + malloc_consolidate(av); + av = get_malloc_state(); + } + pagesz = av->pagesize; + return mEMALIGn(pagesz, (bytes + pagesz - 1) & ~(pagesz - 1)); +} + + +/* + ------------------------------ malloc_trim ------------------------------ +*/ + +#if __STD_C +DL_STATIC int mTRIm(size_t pad) +#else +DL_STATIC int mTRIm(pad) size_t pad; +#endif +{ + mstate av = get_malloc_state(); + /* Ensure initialization/consolidation */ + malloc_consolidate(av); + av = get_malloc_state(); +#ifndef MORECORE_CANNOT_TRIM + if (morecore32bit(av)) + return sYSTRIm(pad, av); + else + return 0; +#else + return 0; +#endif +} + + + +/* + ------------------------- malloc_usable_size ------------------------- +*/ + +#if __STD_C +DL_STATIC size_t mUSABLe(Void_t* mem) +#else +DL_STATIC size_t mUSABLe(mem) Void_t* mem; +#endif +{ + chunkinfoptr p; + if (mem != 0) { + p = hashtable_lookup(mem); + if (p && inuse(p)) return chunksize(p); + } + return 0; +} + +/* + ------------------------------ mallinfo ------------------------------ +*/ + +DL_STATIC struct mallinfo mALLINFo() +{ + mstate av = get_malloc_state(); + struct mallinfo mi; + unsigned int i; + mbinptr b; + chunkinfoptr p; + INTERNAL_SIZE_T avail; + INTERNAL_SIZE_T fastavail; + int nblocks; + int nfastblocks; + + /* Ensure initialization */ + if (!av || av->top == 0) { + malloc_consolidate(av); + av = get_malloc_state(); + } + check_malloc_state(); + + /* Account for top */ + avail = chunksize(av->top); + nblocks = 1; /* top always exists */ + + /* traverse fastbins */ + nfastblocks = 0; + fastavail = 0; + + for (i = 0; i < NFASTBINS; ++i) { + for (p = av->fastbins[i]; p != 0; p = p->fd) { + ++nfastblocks; + fastavail += chunksize(p); + } + } + + avail += fastavail; + + /* traverse regular bins */ + for (i = 1; i < NBINS; ++i) { + b = bin_at(av, i); + for (p = last(b); p != b; p = p->bk) { + ++nblocks; + avail += chunksize(p); + } + } + + mi.smblks = nfastblocks; + mi.ordblks = nblocks; + mi.fordblks = avail; + mi.uordblks = av->sbrked_mem - avail; + mi.arena = av->sbrked_mem; + mi.hblks = av->n_mmaps; + mi.hblkhd = av->mmapped_mem; + mi.fsmblks = fastavail; + mi.keepcost = chunksize(av->top); + mi.usmblks = av->max_total_mem; + return mi; +} + +/* + ------------------------------ malloc_stats ------------------------------ +*/ + +DL_STATIC void mSTATs() +{ + struct mallinfo mi = mALLINFo(); + + fprintf(stderr, "hashtable = %10lu MB\n", + (CHUNK_SIZE_T)(HASHTABLESIZE / (1024*1024))); + fprintf(stderr, "max system bytes = %10lu\n", + (CHUNK_SIZE_T)(mi.usmblks)); + fprintf(stderr, "system bytes = %10lu (%10lu sbrked, %10lu mmaped)\n", + (CHUNK_SIZE_T)(mi.arena + mi.hblkhd), + (CHUNK_SIZE_T)(mi.arena), + (CHUNK_SIZE_T)(mi.hblkhd)); + fprintf(stderr, "in use bytes = %10lu\n", + (CHUNK_SIZE_T)(mi.uordblks + mi.hblkhd)); + +} + + +/* + ------------------------------ mallopt ------------------------------ +*/ + +#if __STD_C +DL_STATIC int mALLOPt(int param_number, int value) +#else +DL_STATIC int mALLOPt(param_number, value) int param_number; int value; +#endif +{ + mstate av = get_malloc_state(); + /* Ensure initialization/consolidation */ + malloc_consolidate(av); + av = get_malloc_state(); + + switch(param_number) { + case M_MXFAST: + if (value >= 0 && value <= MAX_FAST_SIZE) { + set_max_fast(av, value); + return 1; + } + else + return 0; + + case M_TRIM_THRESHOLD: + av->trim_threshold = value; + return 1; + + case M_TOP_PAD: + av->top_pad = value; + return 1; + + case M_MMAP_THRESHOLD: + av->mmap_threshold = value; + return 1; + + case M_MMAP_MAX: + if (value != 0) + return 0; + av->n_mmaps_max = value; + return 1; + + default: + return 0; + } +} + + +/* $OpenBSD: arc4random.c,v 1.19 2008/06/04 00:50:23 djm Exp $ */ + +/* + * Copyright (c) 1996, David Mazieres + * Copyright (c) 2008, Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Arc4 random number generator for OpenBSD. + * + * This code is derived from section 17.1 of Applied Cryptography, + * second edition, which describes a stream cipher allegedly + * compatible with RSA Labs "RC4" cipher (the actual description of + * which is a trade secret). The same algorithm is used as a stream + * cipher called "arcfour" in Tatu Ylonen's ssh package. + * + * Here the stream cipher has been modified always to include the time + * when initializing the state. That makes it impossible to + * regenerate the same random sequence twice, so this can't be used + * for encryption, but will generate good random numbers. + * + * RC4 is a registered trademark of RSA Laboratories. + */ + +/* Moved u_int8_t -> unsigned char (portability) + * Eliminated unneeded functions, added read from /dev/urandom taken from: + $MirOS: contrib/code/Snippets/arc4random.c,v 1.3 2008-03-04 22:53:14 tg Exp $ + * Modified by Robert Connolly from OpenBSD lib/libc/crypt/arc4random.c v1.11. + * This is arc4random(3) using urandom. + */ + +#include +#include +#include +#include +#include + +struct arc4_stream { + unsigned char i; + unsigned char j; + unsigned char s[256]; +}; + +static int rs_initialized; +static struct arc4_stream rs; +static pid_t arc4_stir_pid; +static int arc4_count; + +static unsigned char arc4_getbyte(void); + +static void +arc4_init(void) +{ + int n; + + for (n = 0; n < 256; n++) + rs.s[n] = n; + rs.i = 0; + rs.j = 0; +} + +static inline void +arc4_addrandom(unsigned char *dat, int datlen) +{ + int n; + unsigned char si; + + rs.i--; + for (n = 0; n < 256; n++) { + rs.i = (rs.i + 1); + si = rs.s[rs.i]; + rs.j = (rs.j + si + dat[n % datlen]); + rs.s[rs.i] = rs.s[rs.j]; + rs.s[rs.j] = si; + } + rs.j = rs.i; +} + +#ifdef HAVE_SCHED_H +#include +#endif + +static void +arc4_stir(void) +{ + int i; + struct { + struct timeval tv1; + struct timeval tv2; + u_int rnd[(128 - 2*sizeof(struct timeval)) / sizeof(u_int)]; + } rdat; +#if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__NetBSD__) + size_t sz = 0; + int fd; +#endif + + gettimeofday(&rdat.tv1, NULL); + + + if (!rs_initialized) { + arc4_init(); + rs_initialized = 1; + } + +#if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__NetBSD__) + +#ifdef HAVE_SCHED_YIELD + /* Yield the processor to introduce some random delay. */ + (void) sched_yield(); +#endif + + /* + * Pthread problem in multithreaded code on *BSD. + */ + fd = open("/dev/urandom", O_RDONLY); + if (fd != -1) { + sz = (size_t)read(fd, rdat.rnd, sizeof (rdat.rnd)); + close(fd); + } + if (sz > sizeof (rdat.rnd)) + sz = 0; + #endif + + arc4_stir_pid = getpid(); + gettimeofday(&rdat.tv2, NULL); + + arc4_addrandom((void *)&rdat, sizeof(rdat)); + + /* + * Discard early keystream, as per recommendations in: + * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps + */ + for (i = 0; i < 256; i++) + (void)arc4_getbyte(); + arc4_count = 1600000; +} + +static unsigned char +arc4_getbyte(void) +{ + unsigned char si, sj; + + rs.i = (rs.i + 1); + si = rs.s[rs.i]; + rs.j = (rs.j + si); + sj = rs.s[rs.j]; + rs.s[rs.i] = sj; + rs.s[rs.j] = si; + return (rs.s[(si + sj) & 0xff]); +} + + + /* Changed to return char* */ +static char * +dnmalloc_arc4random(void) +{ + static char val[4]; + + /* We only call this once, hence no need for locking. */ + + /* _ARC4_LOCK(); */ + arc4_count -= 4; + if (arc4_count <= 0 || !rs_initialized || arc4_stir_pid != getpid()) + arc4_stir(); + + val[0] = (char) arc4_getbyte(); + val[1] = (char) arc4_getbyte(); + val[2] = (char) arc4_getbyte(); + val[3] = (char) arc4_getbyte(); + + arc4_stir(); + /* _ARC4_UNLOCK(); */ + return val; +} + +#else +int dnmalloc_pthread_init() { return 0; } +#endif /* ! USE_SYSTEM_MALLOC */ Index: /tags/2.5.0/src/encode.c =================================================================== --- /tags/2.5.0/src/encode.c (revision 189) +++ /tags/2.5.0/src/encode.c (revision 189) @@ -0,0 +1,200 @@ + +/* #include "config.h" */ + + +#include +#include + +int main(int argv, char * argc[]) +{ + int xor_base = -1; + + FILE * inf; + FILE * ouf; + char a, b; + int i, j; + char outfile[1024]; + int inbracket = 0, quoted = 0; + unsigned long count; + + + /* char command[1024]; */ + + if ( argv < 3) + { + fprintf(stderr,"\nUsage: encode "\ + "\n\n"); + fprintf(stderr," This program will:\n"); + fprintf(stderr," - take as input a source code file ,\n"); + fprintf(stderr," - search for literal strings inclosed by _(), "\ + "like '_(string)',\n"); + fprintf(stderr," - replace _(string) by "\ + "_(string XOR ),\n"); + fprintf(stderr, + " - and output the result to './x_'.\n\n"); + fprintf(stderr," _() is supposed to be defined as a macro in "\ + "the code, that\n"); + fprintf(stderr," will allow the program to decode the xor'ed string "\ + "at runtime.\n"); + fprintf(stderr," The effect is that the compiled executable does "\ + "not contain literal\n"); + fprintf(stderr," strings that may trivially be found with the Unix "\ + "'strings' command,\n"); + fprintf(stderr," and thus reveal the nature of "\ + "the program.\n"); + + return -1; + } + + --argv; ++argc; + + xor_base = atoi(argc[0]); + + if (xor_base < 0 || (xor_base > 0 && xor_base < 128) || xor_base > 255) + { + fprintf(stderr, "\nERROR: encode: XOR_VAL=%d is out of "\ + "range (0, 128..255)\n", + xor_base); + fprintf(stderr, "** please follow these steps to fix the problem:\n\n"); + fprintf(stderr, " make clean\n"); + fprintf(stderr, " ./configure [more options] "\ + "--with-stealth=XOR_VAL (range 0, 128..255)\n"); + fprintf(stderr, " make\n\n"); + return -1; + } + + /* fprintf(stderr, " %d\n", xor_base); */ + + --argv; ++argc; + + /* fprintf(stderr, "File: %d\n", argv); */ + + while (argv > 0) + { + inf = fopen(argc[0], "r"); + if (inf == NULL) + { + fprintf(stderr, "Error opening %s\n", argc[0]); + return -1; + } + /* outfile name + */ + i = 0; j = 0; + while (argc[0][i] != '\0') + { + if (argc[0][i] == '/') j = i+1; + ++i; + } + i = 0; + outfile[0] = 'x'; + outfile[1] = '_'; + outfile[2] = '\0'; + while (argc[0][j+i] != '\0') + { + outfile[i+2] = argc[0][j+i]; + ++i; + } + outfile[i+2] = '\0'; + ouf = fopen(outfile, "w"); + if (ouf == NULL) + { + fprintf(stderr, "Error opening %s\n", outfile); + return -1; + } + + /* fprintf(stderr, "File: %s\n", argc[0]); */ + count = 0; + + while (fread(&a, 1, 1, inf) != 0) + { + count++; + + if (a == '"' && quoted == 0) + { + quoted = 1; + fwrite(&a, 1, 1, ouf); + continue; + } + + if (a == '"' && quoted == 1) + { + quoted = 0; + fwrite(&a, 1, 1, ouf); + continue; + } + + if (a == '\n' && quoted == 1) + { + quoted = 0; + fwrite(&a, 1, 1, ouf); + continue; + } + + /* macro start ? + */ + if (a == '_' && inbracket == 0 && quoted == 0) + { + fwrite(&a, 1, 1, ouf); + b = '\0'; + fread(&b, 1, 1, inf); + count++; + fwrite(&b, 1, 1, ouf); + if (b == '(') inbracket = 1; + continue; + } + + /* macro end + */ + if (a == ')' && quoted == 0 && inbracket == 1) + { + inbracket = 0; + /* fprintf(stdout, "\n"); */ + fwrite(&a, 1, 1, ouf); + continue; + } + + /* in a bracket + */ + if (inbracket == 1 && quoted == 1) + { + /* fprintf(stdout, "%c", a); */ + if (a == '\\') + { + fread(&b, 1, 1, inf); + + /* escape sequences + */ + if (b == 't' || b == 'n' || b == 'r' || b == '"') + { + fwrite(&a, 1, 1, ouf); + fwrite(&b, 1, 1, ouf); + } + + else + { + a ^= (char) xor_base; + b ^= (char) xor_base; + } + } + else + { + a ^= (char) xor_base; + fwrite(&a, 1, 1, ouf); + } + continue; + } + + fwrite(&a, 1, 1, ouf); + } + + /* fprintf(stderr, "Bytes read: %ld\n", count); */ + /* sprintf(command, "mv tempfile %s", argc[0]); */ + /* system(command); */ + + fclose(ouf); + fclose(inf); + --argv; ++argc; + } + return 0; +} + Index: /tags/2.5.0/src/exepack.c =================================================================== --- /tags/2.5.0/src/exepack.c (revision 189) +++ /tags/2.5.0/src/exepack.c (revision 189) @@ -0,0 +1,344 @@ +#include "config.h" + + +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +extern char **environ; + + +#include "minilzo.h" + +/* integer data type that is _exactly_ 32 bit + */ +#if defined(HAVE_INT_32) +#define UINT32 unsigned int +#elif defined(HAVE_LONG_32) +#define UINT32 unsigned long +#elif defined(HAVE_SHORT_32) +#define UINT32 unsigned short +#endif + + +#include "exepack.data" + + +static UINT32 cstate[3], astate[3]; + +/* interval [0, 4294967296] + */ +static UINT32 taus_get_long (UINT32 * state) +{ +#define TAUSWORTHE(s,a,b,c,d) ((s &c) <>b) + + state[0] = TAUSWORTHE (state[0], 13, 19, 4294967294UL, 12); + state[1] = TAUSWORTHE (state[1], 2, 25, 4294967288UL, 4); + state[2] = TAUSWORTHE (state[2], 3, 11, 4294967280UL, 17); + + return (state[0] ^ state[1] ^ state[2]); +} + +void taus_set_from_state (UINT32 * state, UINT32 * state0) +{ + state[0] = state0[0] | (UINT32) 0x03; + state[1] = state0[1] | (UINT32) 0x09; + state[2] = state0[2] | (UINT32) 0x17; + + /* 'warm up' + */ + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + + return; +} + +void set2 (char * pos, char c1, char c2) +{ + pos[0] = c1; + pos[1] = c2; + return; +} + +void set4 (char * pos, char c1, char c2, char c3, char c4) +{ + pos[0] = c1; + pos[1] = c2; + pos[2] = c3; + pos[3] = c4; + return; +} + +int main(int argc, char *argv[]) +{ + int file; + + unsigned long i = argc; /* dummy use of argc to fix compiler warning */ + unsigned long len = 0; + + struct stat sbuf; + struct stat fbuf; + + /* For compression. + */ + lzo_byte * inbuf; + lzo_byte * outbuf; + int r; + lzo_uint in_len; + lzo_uint out_len; + + + char * p; + + char fname[128]; +#if defined (__linux__) + char pname[128]; +#endif + + UINT32 pid; + + /* no SUID + */ + if (getuid() != geteuid()) + { + setuid(getuid()); + } + + /* reset umask + */ + umask(0); + + + astate[0] = programkey_0[0]; + astate[1] = programkey_0[1]; + astate[2] = programkey_0[2]; + + taus_set_from_state (cstate, astate); + + out_len = (unsigned long) programlen_compressed_0; + len = (unsigned long) programlen_0; + + outbuf = program_0; + + /* Decode. + */ + for (i = 0; i < out_len; ++i) + { + outbuf[i] ^= (taus_get_long (cstate) & 0xff); + } + + + inbuf = (lzo_byte *) malloc (sizeof(lzo_byte) * len); + + + /* + * Step 1: initialize the LZO library + */ + if (lzo_init() != LZO_E_OK) + { + return 1; + } + + /* + * Step 2: decompress again, now going from `out' to `in' + */ + r = lzo1x_decompress_safe (outbuf, out_len, inbuf, &in_len, NULL); + + if (r == LZO_E_OK && in_len == len) + { + /* + printf("decompressed %lu bytes back into %lu bytes\n", + (long) out_len, (long) in_len); + */ + ; + } + else + { + /* + printf("internal error - decompression failed: %d\n", + r); + */ + return 2; + } + + /* + * Step 3: choose a filename + */ + + nameIt: + + p = fname; + + /* --- use /tmp if the sticky bit is set --- + */ +#if defined(S_ISVTX) + + set4 (p, '/', 't', 'm', 'p'); + p += 4; + *p = '\0'; + + if ( 0 != stat(fname, &sbuf)) + { + if ( (sbuf.st_mode & S_ISVTX) != S_ISVTX) + { + p = fname; + set4 (p, '/', 'u', 's', 'r'); + p += 4; + set4 (p, '/', 'b', 'i', 'n'); + p += 4; + } + } + +#else + + set4 (p, '/', 'u', 's', 'r'); + p += 4; + set4 (p, '/', 'b', 'i', 'n'); + p += 4; + +#endif + + set4 (p, '/', 't', 'm', 'p'); + + p += 4; + + cstate[0] ^= (UINT32) getpid (); + cstate[1] ^= (UINT32) time (NULL); + cstate[0] |= (UINT32) 0x03; + cstate[1] |= (UINT32) 0x09; + + pid = (UINT32) (taus_get_long (cstate) ^ taus_get_long (cstate)); + + for (i = 0; i < 4; ++i) + { + *p = 'a' + (pid % 26); + pid /= 26; + ++p; + } + + pid = (UINT32) (taus_get_long (cstate) ^ taus_get_long (cstate)); + + for (i = 0; i < 4; ++i) + { + *p = 'a' + (pid % 26); + pid /= 26; + ++p; + } + + pid = (UINT32) (taus_get_long (cstate) ^ taus_get_long (cstate)); + + for (i = 0; i < 3; ++i) + { + *p = 'a' + (pid % 26); + pid /= 26; + ++p; + } + *p = '\0'; + + if ( (-1) != stat(fname, &sbuf) || errno != ENOENT) + { + /* because cstate[2] is not initialized, the next name will + * be different + */ + goto nameIt; + } + + if ((file = open (fname, O_CREAT|O_EXCL|O_WRONLY, 0700)) < 0) + { + return (4); + } + + write(file, inbuf, in_len); + +#if defined(__linux__) + + if ( 0 != fstat(file, &sbuf)) + { + return (5); + } + + /* Must reopen for read only. + */ + close(file); + file = open (fname, O_RDONLY, 0); + + if ( 0 != fstat(file, &fbuf)) + { + return (6); + } + + /* check mode, inode, owner, and device, to make sure it is the same file + */ + if (sbuf.st_mode != fbuf.st_mode || + sbuf.st_ino != fbuf.st_ino || + sbuf.st_uid != fbuf.st_uid || + sbuf.st_gid != fbuf.st_gid || + sbuf.st_dev != fbuf.st_dev ) + { + close ( file ); + return ( 6 ); + } + + p = pname; + set4(p, '/', 'p', 'r', 'o'); + p += 4; + + set2(p, 'c', '/'); + p += 2; + + set4(p, 's', 'e', 'l', 'f'); + p += 4; + + set4(p, '/', 'f', 'd', '/'); + p += 4; + + sprintf(p, "%d", file); + + + if (0 == access(pname, R_OK|X_OK)) + { + unlink (fname); + fcntl (file, F_SETFD, FD_CLOEXEC); + execve (pname, argv, environ); + return (8); + } +#endif + + /* /proc not working, or not linux + */ + close (file); + + if ( (i = fork()) != 0) + { + wait (NULL); + execve (fname, argv, environ); + unlink (fname); + return (9); + } + else if (i == 0) + { + if (0 == fork()) + { + sleep (3); + unlink (fname); + } + return (0); + } + + /* only reached in case of error + */ + unlink (fname); + return (-1); +} + Index: /tags/2.5.0/src/exepack_fill.c =================================================================== --- /tags/2.5.0/src/exepack_fill.c (revision 189) +++ /tags/2.5.0/src/exepack_fill.c (revision 189) @@ -0,0 +1,383 @@ +/* +++Date last modified: 05-Jul-1997 */ + +/* +** Case-sensitive Boyer-Moore-Horspool pattern match +** +** public domain by Raymond Gardner 7/92 +** +** limitation: pattern length + string length must be less than 32767 +** +** 10/21/93 rdg Fixed bug found by Jeff Dunlop +** +** limitation lifted Rainer Wichmann 07/2000 +*/ +#include "config.h" + +#ifdef HAVE_BROKEN_INCLUDES +#define _ANSI_C_SOURCE +#define _POSIX_SOURCE +#endif + +#include /* rdg 10/93 */ +#include +#include + +typedef unsigned char uchar; + +#define LARGE 2147483647 /* rw 7/2000 */ + +static long patlen; /* rw 7/2000 */ +static long skip[UCHAR_MAX+1]; /* rw 7/2000 */ /* rdg 10/93 */ +static long skip2; /* rw 7/2000 */ +static uchar *pat; /* rw 7/2000 */ + +void bmh_init(const char *pattern) +{ + long i, lastpatchar; + + pat = (uchar *)pattern; + patlen = strlen(pattern); + for (i = 0; i <= UCHAR_MAX; ++i) /* rdg 10/93 */ + skip[i] = patlen; + for (i = 0; i < patlen; ++i) + skip[pat[i]] = patlen - i - 1; + lastpatchar = pat[patlen - 1]; + skip[lastpatchar] = LARGE; + skip2 = patlen; /* Horspool's fixed second shift */ + for (i = 0; i < patlen - 1; ++i) + { + if (pat[i] == lastpatchar) + skip2 = patlen - i - 1; + } +} + +char * bmh_search(const char * string, const long stringlen) +{ + long i, j; /* rw 7/2000 */ + char *s; + + i = patlen - 1 - stringlen; + if (i >= 0) + return NULL; + string += stringlen; + for ( ;; ) + { + while ( (i += skip[((uchar *)string)[i]]) < 0 ) + ; /* mighty fast inner loop */ + if (i < (LARGE - stringlen)) + return NULL; + i -= LARGE; + j = patlen - 1; + s = (char *)string + (i - j); + while (--j >= 0 && s[j] == pat[j]) + ; + if ( j < 0 ) /* rdg 10/93 */ + return s; /* rdg 10/93 */ + if ( (i += skip2) >= 0 ) /* rdg 10/93 */ + return NULL; /* rdg 10/93 */ + } +} + +/* Everything below: Copyright 2000, Rainer Wichmann */ + +char * my_locate (const char * pattern, const char * data, const long datalen) +{ + bmh_init (pattern); + return (bmh_search (data, datalen) ); +} + +#include +#include +#include +#include + + +#include "config.h" + +#include "minilzo.h" + +/* integer data type that is _exactly_ 32 bit + */ +#if defined(HAVE_INT_32) +#define UINT32 unsigned int +#elif defined(HAVE_LONG_32) +#define UINT32 unsigned long +#elif defined(HAVE_SHORT_32) +#define UINT32 unsigned short +#endif + +static UINT32 cstate[3], astate[3]; + +static UINT32 taus_get_long (UINT32 * state) +{ +#define TAUSWORTHE(s,a,b,c,d) ((s &c) <>b) + + state[0] = TAUSWORTHE (state[0], 13, 19, 4294967294UL, 12); + state[1] = TAUSWORTHE (state[1], 2, 25, 4294967288UL, 4); + state[2] = TAUSWORTHE (state[2], 3, 11, 4294967280UL, 17); + + return (state[0] ^ state[1] ^ state[2]); +} + +void taus_set_from_state (UINT32 * state, UINT32 * state0) +{ + state[0] = state0[0] | (UINT32) 0x03; + state[1] = state0[1] | (UINT32) 0x09; + state[2] = state0[2] | (UINT32) 0x17; + + /* 'warm up' + */ + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + + return; +} + +int replaceData (char * data, long len, char * in, char * out, long size) +{ + char * pos; + int i; + + pos = my_locate (in, data, len); + if (pos == NULL) + return (-1); + + for (i = 0; i < size; ++i) + { + pos[i] = out[i]; + } + + return 0; +} + +/* Work-memory needed for compression. Allocate memory in units + * of `long' (instead of `char') to make sure it is properly aligned. + */ +#define HEAP_ALLOC(var,size) long __LZO_MMODEL var [ ((size) + (sizeof(long) - 1)) / sizeof(long) ] + +static HEAP_ALLOC(wrkmem, LZO1X_1_MEM_COMPRESS); + +#include +#include +#include + +int main(int argc, char * argv[]) +{ + FILE * fd; + long clen; + char * data; + struct stat sbuf; + + char * ptest; + + unsigned long i; + + int status; + + unsigned long len = 0; + unsigned long have = 0; + + /* For compression. + */ + lzo_byte * inbuf; + lzo_byte * outbuf; + int r; + lzo_uint in_len; + lzo_uint out_len; + + UINT32 len_raw; + UINT32 len_cmp; + + + astate[0] = EXEPACK_STATE_0; + astate[1] = EXEPACK_STATE_1; + astate[2] = EXEPACK_STATE_2; + + + if (argc < 4) + { + fprintf(stderr, + "Usage: exepack_fill \n"); + exit (EXIT_FAILURE); + } + + if (0 != stat (argv[1], &sbuf)) + { + fprintf(stderr, "exepack_fill: could not access file %s\n", argv[1]); + return (-1); + } + clen = sbuf.st_size; + + + data = (char *) malloc (clen * sizeof(char)); + if (data == NULL) + return (-1); + + fd = fopen (argv[1], "r"); + if (fd == NULL) + return (-1); + + fread (data, 1, clen, fd); + fclose (fd); + + + /******************* + * + * THE DATA + * + *******************/ + + + + if (stat (argv[2], &sbuf) < 0) + { + perror ("exepack_fill"); + exit (EXIT_FAILURE); + } + + len = (unsigned long) sbuf.st_size; + + /* Because the input block may be incompressible, + * we must provide a little more output space in case that compression + * is not possible. + */ + inbuf = (lzo_byte *) malloc (sizeof(lzo_byte) * len); + outbuf = (lzo_byte *) malloc (sizeof(lzo_byte) * (len + len / 64 + 16 + 3)); + in_len = len; + + if (NULL == inbuf || NULL == outbuf) + { + fprintf(stderr, "exepack_fill: Out of memory."); + exit (EXIT_FAILURE); + } + + if (NULL == (fd = fopen(argv[2], "r"))) + { + perror ("exepack_fill"); + exit (EXIT_FAILURE); + } + + have = fread (inbuf, 1, len, fd); + fclose (fd); + + if (have != len) + { + fprintf (stderr, "exepack_mkdata: Error reading %s", argv[2]); + exit (EXIT_FAILURE); + } + + /* + * Step 1: initialize the LZO library + */ + if (lzo_init() != LZO_E_OK) + { + fprintf(stderr, "exepack_fill: lzo_init() failed\n"); + return 3; + } + + /* + * Step 3: compress from `in' to `out' with LZO1X-1 + */ + r = lzo1x_1_compress(inbuf, in_len, outbuf, &out_len, wrkmem); + + if (r == LZO_E_OK) + printf("exepack_fill: compressed %lu bytes into %lu bytes\n", + (long) in_len, (long) out_len); + else + { + /* this should NEVER happen */ + printf("exepack_fill: internal error - compression failed: %d\n", r); + return 2; + } + + /* check for an incompressible block + */ + if (out_len >= in_len) + { + printf("exepack_fill: Incompressible data.\n"); + } + + taus_set_from_state (cstate, astate); + for (i = 0; i < out_len; ++i) + { + outbuf[i] ^= (taus_get_long (cstate) & 0xff); + } + + len_raw = in_len; + len_cmp = out_len; + + if ( (unsigned long) len_cmp > (unsigned long) clen) + { + printf("exepack_fill: Compressed length (%ld) exceeds container length (%ld).\n", (long) len_cmp, (long) clen); + return (8); + } + + + /*********** + * + * Fill program + * + **********/ + + status = replaceData (data, clen, "LLLL", (char *) &len_raw, sizeof(UINT32)); + if (status < 0) + { + printf("exepack_fill: Could not write raw lenght %d.\n", len_raw); + return (8); + } + status = replaceData (data, clen, "CCCC", (char *) &len_cmp, sizeof(UINT32)); + if (status < 0) + { + printf("exepack_fill: Could not write compressed lenght %d.\n", + len_cmp); + return (8); + } + status = replaceData (data, clen, "CONTAINER", outbuf, out_len); + if (status < 0) + { + printf("exepack_fill: Could not write program data.\n"); + return (8); + } + + /*********** + * + * Write program + * + **********/ + + if ( NULL == (fd = fopen(argv[3], "w" ))) + { + perror ("exepack_fill"); + exit (EXIT_FAILURE); + } + + fwrite (data, 1, clen, fd); + + fclose (fd); + + ptest = my_locate("LLLL", data, clen); + if (ptest != NULL) + { + printf("exepack_fill: ERROR: program length not updated.\n"); + return (8); + } + ptest = my_locate("CCCC", data, clen); + if (ptest != NULL) + { + printf("exepack_fill: ERROR: compressed program length not updated.\n"); + return (8); + } + ptest = my_locate("CONTAINER", data, clen); + if (ptest != NULL) + { + printf("exepack_fill: ERROR: program data not updated.\n"); + return (8); + } + + return 0; +} + Index: /tags/2.5.0/src/exepack_mkdata.c =================================================================== --- /tags/2.5.0/src/exepack_mkdata.c (revision 189) +++ /tags/2.5.0/src/exepack_mkdata.c (revision 189) @@ -0,0 +1,248 @@ +#include "config.h" + + +#include +#include +#include + + +#include "minilzo.h" + +/* integer data type that is _exactly_ 32 bit + */ +#if defined(HAVE_INT_32) +#define UINT32 unsigned int +#elif defined(HAVE_LONG_32) +#define UINT32 unsigned long +#elif defined(HAVE_SHORT_32) +#define UINT32 unsigned short +#endif + +#if 0 +static UINT32 cstate[3], astate[3]; + +/* interval [0, 4294967296] + */ +static UINT32 taus_get_long (UINT32 * state) +{ +#define TAUSWORTHE(s,a,b,c,d) ((s &c) <>b) + + state[0] = TAUSWORTHE (state[0], 13, 19, 4294967294UL, 12); + state[1] = TAUSWORTHE (state[1], 2, 25, 4294967288UL, 4); + state[2] = TAUSWORTHE (state[2], 3, 11, 4294967280UL, 17); + + return (state[0] ^ state[1] ^ state[2]); +} + +void taus_set_from_state (UINT32 * state, UINT32 * state0) +{ + state[0] = state0[0] | (UINT32) 0x03; + state[1] = state0[1] | (UINT32) 0x09; + state[2] = state0[2] | (UINT32) 0x17; + + /* 'warm up' + */ + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + taus_get_long (state); + + return; +} +#endif + + +/* Work-memory needed for compression. Allocate memory in units + * of `long' (instead of `char') to make sure it is properly aligned. + */ +#define HEAP_ALLOC(var,size) \ + long __LZO_MMODEL var [ ((size) + (sizeof(long) - 1)) / sizeof(long) ] + +static HEAP_ALLOC(wrkmem,LZO1X_1_MEM_COMPRESS); + +#include +#include + +int main(int argc, char **argv) +{ + + FILE * fd; + FILE * fd_out; + + struct stat sbuf; + + int num = -1; + + unsigned long i; + unsigned long len = 0; + unsigned long have = 0; + + /* For compression. + */ + lzo_byte * inbuf; + lzo_byte * outbuf; + int r; + lzo_uint in_len; + lzo_uint out_len; + + +#if 0 + astate[0] = EXEPACK_STATE_0; + astate[1] = EXEPACK_STATE_1; + astate[2] = EXEPACK_STATE_2; +#endif + + if (argc < 4 || (num = atoi(argv[3])) < 0) + { + fprintf(stderr, + "Usage: exepack_mkdata [ARGS]\n"); + exit (EXIT_FAILURE); + } + + /* the include file + */ + if (NULL == (fd_out = fopen(argv[2], "w")) ) + { + fprintf(stderr, "exepack_mkdata: Error opening %s for write.\n", + argv[2]); + exit (EXIT_FAILURE); + } + + + /* write data + */ + fprintf (fd_out, "UINT32 programkey_%d[3] = { 0x%x, 0x%x, 0x%x };\n", + num, EXEPACK_STATE_0, EXEPACK_STATE_1, EXEPACK_STATE_2); + + if (num == 0) + { + fprintf (fd_out, "UINT32 programlen_%d = %ld;\n\n", + num, 0x4C4C4C4CL); + fprintf (fd_out, "UINT32 programlen_compressed_%d = %ld;\n\n", + num, 0x43434343L); + } + else + { + fprintf (fd_out, "UINT32 programlen_%d = %ld;\n\n", + num, 0x4D4D4D4DL); + fprintf (fd_out, "UINT32 programlen_compressed_%d = %ld;\n\n", + num, 0x44444444L); + } + + + if (stat (argv[1], &sbuf) < 0) + { + perror ("exepack_mkdata"); + exit (EXIT_FAILURE); + } + + len = (unsigned long) sbuf.st_size; + + /* Because the input block may be incompressible, + * we must provide a little more output space in case that compression + * is not possible. + */ + inbuf = (lzo_byte *) malloc (sizeof(lzo_byte) * len); + outbuf = (lzo_byte *) malloc (sizeof(lzo_byte) * (len + len / 64 + 16 + 3)); + in_len = len; + + if (NULL == inbuf || NULL == outbuf) + { + fprintf(stderr, "exepack_mkdata: Out of memory."); + exit (EXIT_FAILURE); + } + + if (NULL == (fd = fopen(argv[1], "r"))) + { + perror ("exepack_mkdata"); + exit (EXIT_FAILURE); + } + + have = fread (inbuf, 1, len, fd); + fclose (fd); + + if (have != len) + { + fprintf (stderr, "exepack_mkdata: Error reading %s", argv[1]); + exit (EXIT_FAILURE); + } + + /* + * Step 1: initialize the LZO library + */ + if (lzo_init() != LZO_E_OK) + { + fprintf(stderr, "exepack_mkdata: lzo_init() failed\n"); + return 3; + } + + /* + * Step 3: compress from `in' to `out' with LZO1X-1 + */ + r = lzo1x_1_compress(inbuf, in_len, outbuf, &out_len, wrkmem); + + if (r == LZO_E_OK) + printf("exepack_mkdata: compressed %lu bytes into %lu bytes\n", + (long) in_len, (long) out_len); + else + { + /* this should NEVER happen */ + printf("exepack_mkdata: internal error - compression failed: %d\n", r); + return 2; + } + + /* check for an incompressible block + */ + if (out_len >= in_len) + { + printf("exepack_mkdata: Incompressible data.\n"); + } + + fprintf (fd_out, "lzo_byte program_%d[] = {\n", num); + + fprintf (fd_out, "0x43, 0x4F, 0x4E, 0x54, 0x41, 0x49, 0x4E, 0x45, 0x52,\n"); + + /* + taus_set_from_state (cstate, astate); + for (i = 0; i < out_len; ++i) + { + outbuf[i] =^ (taus_get_long (cstate) & 0xff); + } + */ + + + for (i = 1; i <= out_len; ++i) + { + fprintf(fd_out, "0x00,"); + if (0 == (i % 20)) + fprintf(fd_out, "\n"); + } + + fprintf(fd_out, "\n"); + + for (i = 1; i <= 256; ++i) + { + fprintf(fd_out, "0x00,"); + if (0 == (i % 20)) + fprintf(fd_out, "\n"); + } + + fprintf (fd_out, "0x00 };\n\n"); + + + fclose (fd_out); + + if (argc > 4) + { + fprintf (fd_out, "char * const programargv_%d[]={\n", num); + + for(len = 4; len < (unsigned int) argc; len++) + fprintf(fd_out, "\"%s\",", argv[len-4]); + + fprintf(fd_out, "NULL };\n\n"); + } + + return 0; +} Index: /tags/2.5.0/src/kern_head.c =================================================================== --- /tags/2.5.0/src/kern_head.c (revision 189) +++ /tags/2.5.0/src/kern_head.c (revision 189) @@ -0,0 +1,949 @@ +/* + * need to #define SH_USE_KERN + * + */ +#define SH_SYSCALL_CODE + +#include "config.h" + +#ifdef HOST_IS_I86LINUX +#define SH_IDT_TABLE +#endif + +#include +#include + +#if defined(SH_USE_KERN) + +#undef _ +#define _(string) string +#undef N_ +#define N_(string) string + +void usage(int flag) +{ + printf("\n"); + printf("Usage: kern_head [-v | --verbose]\n"); + printf(" kern_head [-h | --help]\n"); + printf("\n"); + /* + * printf(" You need superuser privileges to use this program,\n"); + * printf(" because only the superuser can read from /dev/kmem.\n"); + * printf("\n"); + */ + exit(flag); +} + +#if defined(HOST_IS_LINUX) + + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* number of system calls */ +#define SH_MAXCALLS 512 + +#include "kern_head.h" + +static int verbose = 0; + +typedef struct _smap_entry { +#ifdef SH_SYSCALL_CODE + unsigned int code[2]; /* 8 bytes */ +#endif + unsigned long addr; + char name[64]; +} smap_entry; + +union { + unsigned long addr_sys_call_table; + unsigned char str_sys_call_table[sizeof(unsigned long)]; +} sh_sys_call; + +#define SYS_CODE_SIZE 1024 + +static unsigned long addr_system_call; +static unsigned char system_call_code[SYS_CODE_SIZE]; + +static int kmem_read (int fd, unsigned long addr, unsigned char * buf, int len) +{ + if (lseek(fd, addr, SEEK_SET) == (off_t) (-1)) + { + if (verbose) + perror("kmem_read: lseek"); + return -1; + } + if (read(fd, buf, len) < 0) + { + if (verbose) + perror("kmem_read: read"); + return -1; + } + return 0; +} + +static int kmem_mmap (int fd, unsigned long addr, unsigned char * buf, int len) +{ + size_t moff, roff; + size_t sz; + char * kmap; + + + /* first, try read() + */ + int ret_old = kmem_read (fd, addr, buf, len); + + if (ret_old == 0) + return ret_old; + + if (verbose) + fprintf(stderr, + "kmem_mmap: read() from /dev/kmem failed, now trying mmap()\n"); + + sz = getpagesize(); /* unistd.h */ + + moff = ((size_t)(addr/sz)) * sz; /* lower page boundary */ + roff = addr - moff; /* off relative to lower address of mmapped area */ + kmap = mmap(0, len+sz, PROT_READ, MAP_PRIVATE, fd, moff);/* sys/mman.h */ + + if (kmap == MAP_FAILED) + { + perror("kmem_mmap: mmap"); + return -1; + } + memcpy (buf, &kmap[roff], len); + + if (munmap(kmap, len+sz) != 0) + { + perror("kmem_mmap: munmap"); + return -1; + } + + return 0; +} + +int read_kcode (unsigned long addr, unsigned char * buf, int len) +{ + int fd; + + if (addr == 0UL) + { + perror("read_kcode: invalid input"); + return -1; + } + + fd = open ("/dev/kmem", O_RDONLY); + if (fd < 0) + { + perror("read_kcode: open /dev/kmem"); + return -1; + } + if (kmem_mmap(fd, addr, buf, len) < 0) + { + close (fd); + return -1; + } + close (fd); + return 0; +} + +int get_dispatch (int * qq) +{ + int i; + + if (addr_system_call == 0L || sh_sys_call.addr_sys_call_table == 0L) + { + fprintf(stderr, "get_dispatch: invalid data\n"); + return -1; + } + + if (0 != read_kcode (addr_system_call, system_call_code, SYS_CODE_SIZE)) + { + fprintf(stderr, "get_dispatch: could not read system_call code\n"); + return -1; + } + + for (i = 0; i < (SYS_CODE_SIZE - 4); ++i) + { + if (system_call_code[i] == sh_sys_call.str_sys_call_table[0] && + system_call_code[i+1] == sh_sys_call.str_sys_call_table[1] && + system_call_code[i+2] == sh_sys_call.str_sys_call_table[2] && + system_call_code[i+3] == sh_sys_call.str_sys_call_table[3]) + { + /* + fprintf(stderr, "INFO: get_dispatch: found sys_call_table in "\ + "system_call code at %d\n", i); + */ + *qq = i; + return 0; + } + } + fprintf(stderr, + "get_dispatch: did not find sys_call_table in system_call code\n"); + fprintf(stderr, + "** This indicates that either your System.map does not match\n"); + fprintf(stderr, + "** the currently running kernel, or that your System.map does\n"); + fprintf(stderr, + "** not provide the required information, and thus use of\n"); + fprintf(stderr, + "** the --with-kcheck option is not possible\n"); + return -1; +} + +unsigned long get_symbol_from_systemmap (char * systemmap, + char * symbol, char flag) +{ + FILE * fp; + char buf[512], addr[16], * p; + unsigned long retval = 0; + + fp = fopen (systemmap, "r"); + + if (!fp) + { + fprintf(stderr, "error opening <%s>\n", systemmap); + perror("get_symbol_from_systemmap: fopen"); + return -1; + } + while (fgets(buf, 512, fp) != NULL) + { + if (buf[9] != flag) + continue; + + p = strchr(buf, '\n'); + if (p != NULL) + *p = '\0'; + + if (0 != strcmp(&buf[11], symbol)) + continue; + + addr[0] = '0'; addr[1] = 'x'; addr[2] = '\0'; + strncat(&addr[2], buf, 8); + + retval = strtoul(addr, NULL, 0); + if (retval == ULONG_MAX) + { + perror("get_symbol_from_systemmap"); + return -1; + } + } + fclose(fp); + return retval; +} + + +/* returns the number N of entries in syscall table + * (0 .. N-1) with valid syscalls + */ +int fill_smap(smap_entry * sh_smap, int num) +{ + FILE * fp; + char buf[512], addr[16], name[128]; + int i, j, count = 0, maxcall = 0; + + fp = fopen (SYSTEMMAP, "r"); + + if (!fp) + { + perror("fill_smap: fopen"); + fprintf(stderr, "fill_smap: error opening <%s>\n", SYSTEMMAP); + return -1; + } + + /* initialize + */ + sh_sys_call.addr_sys_call_table = 0L; + + while (fgets(buf, 512, fp) != NULL) + { + + if ( ( (buf[9] == 'D') || (buf[9] == 'd') || + (buf[9] == 'R') || (buf[9] == 'r')) && + 0 == strncmp("sys_call_table", &buf[11], 14)) + { + printf("/* found sys_call_table */\n"); + /* --- copy symbol address --- + */ + addr[0] = '0'; addr[1] = 'x'; addr[2] = '\0'; + strncat(&addr[2], buf, 8); + addr[10] = '\0'; + sh_sys_call.addr_sys_call_table = strtoul(addr, NULL, 0); + if (sh_sys_call.addr_sys_call_table == ULONG_MAX) + { + perror("fill_smap"); + return -1; + } + else + { + printf("#define SH_SYS_CALL_TABLE %s\n", addr); + } + } + + if (buf[9] != 'T') + continue; + + if (0 == strncmp("system_call", &buf[11], 11)) + { + printf("/* found system_call */\n"); + /* --- copy symbol address --- + */ + addr[0] = '0'; addr[1] = 'x'; addr[2] = '\0'; + strncat(&addr[2], buf, 8); + addr[10] = '\0'; + addr_system_call = strtoul(addr, NULL, 0); + if (addr_system_call == ULONG_MAX) + { + perror("fill_smap"); + return -1; + } + } + + + if ( (buf[11]!='s' || buf[12]!='y' || buf[13]!='s' || buf[14]!='_') && + (buf[11]!='o' || buf[12]!='l' || buf[13]!='d' || buf[14]!='_')) + continue; + + for (i = 0; i < num; ++i) + { + for (j = 0; j < 128; ++j) + { + if (buf[11+j] == '\n' || buf[11+j] == '\0') + { + name[j] = '\0'; + break; + } + name[j] = buf[11+j]; + } + + + if (0 == strcmp(name, sh_smap[i].name)) + { + + /* --- copy symbol address --- + */ + addr[0] = '0'; addr[1] = 'x'; addr[2] = '\0'; + strncat(&addr[2], buf, 8); + addr[10] = '\0'; + sh_smap[i].addr = strtoul(addr, NULL, 0); + if (sh_smap[i].addr == ULONG_MAX) + { + perror("fill_smap"); + return -1; + } + ++count; + if (i > maxcall) maxcall = i; + /* printf("maxcall = %d\n", maxcall); */ + /* break; */ + } + } + } + fclose(fp); + if ((count > 0) && (maxcall > 0)) + return maxcall+1; + else + return count; +} + + +int main(int argc, char * argv[]) +{ + int i, count, maxcall, qq; + int which = 4; + int two_six_seventeen_plus = 0; + smap_entry sh_smap[SH_MAXCALLS]; + struct utsname utbuf; + char *p = NULL; + + unsigned long proc_root; + unsigned long proc_root_iops; + unsigned long proc_root_lookup; + + unsigned long addr_ni_syscall = 0; + + if (argc > 1) + { + if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0) + usage(EXIT_SUCCESS); + else if (strcmp(argv[1], "-v") == 0 || + strcmp(argv[1], "--verbose") == 0) + verbose = 1; + } + + if (0 != uname(&utbuf)) + { + perror("kern_head: uname"); + exit (EXIT_FAILURE); + } + + if (strncmp(utbuf.release, SH_KERNEL_VERSION, 3) != 0) + { + fprintf(stderr, "kern_head: current kernel version %s does not match\n", + utbuf.release); + fprintf(stderr, "kern_head: %s from config.h\n", SH_KERNEL_VERSION); + fprintf(stderr, "kern_head: continuing with %s\n", SH_KERNEL_VERSION); + + p = SH_KERNEL_VERSION; + } else { + p = utbuf.release; + } + + if (strncmp(p, "2.2", 3) == 0) + which = 2; + else if (strncmp(p, "2.4", 3) == 0) + which = 4; + else if (strncmp(p, "2.6", 3) == 0) + { + which = 6; + if (17 >= atoi (&p[4])) + { + two_six_seventeen_plus = 1; + } + } + else + { + fprintf(stderr, "kern_head: kernel %s not supported\n", p); + exit (EXIT_FAILURE); + } + + + if (utbuf.machine[0] != 'i' || utbuf.machine[2] != '8' || + utbuf.machine[3] != '6') + { + fprintf(stderr, "kern_head: machine %s not supported\n", utbuf.machine); + exit (EXIT_FAILURE); + } + + if (0 != getuid()) + { + fprintf(stderr, "\n"); + + fprintf(stderr, "NOTE: kern_head: must run as 'root' (need to read from /dev/kmem)\n"); + fprintf(stderr, " If you get this message, then proceed as follows:\n"); + fprintf(stderr, " $ su\n"); + fprintf(stderr, " $ ./kern_head > sh_ks.h\n"); + fprintf(stderr, " $ exit\n"); + fprintf(stderr, " $ make\n\n"); + exit (EXIT_FAILURE); + } + + printf("#ifndef SH_KERN_CALLS_H\n"); + printf("#define SH_KERN_CALLS_H\n\n"); + + printf("\n/* Kernel %s, machine %s -- use table %s */\n\n", + p, utbuf.machine, + (which == 2) ? "callz_2p2" : "callz_2p4"); + + + /* initiate the system call table + */ + for (i = 0; i < SH_MAXCALLS; ++i) + { + if (which == 2) + { + if (callz_2p2[i] == NULL) + break; + strcpy(sh_smap[i].name, callz_2p2[i]); + } + else + { + if (callz_2p4[i] == NULL) + break; + strcpy(sh_smap[i].name, callz_2p4[i]); + } + sh_smap[i].addr = 0UL; + } + + if (which == 6) /* fix syscall map for 2.6 */ + { + strcpy(sh_smap[0].name, "sys_restart_syscall"); + strcpy(sh_smap[180].name, "sys_pread64"); + strcpy(sh_smap[181].name, "sys_pwrite64"); + } + count = i; + + /* get the actual number of the highest syscalls and use no more. + * get sys_call_table and system_call + */ + maxcall = fill_smap(sh_smap, count); + if ( maxcall < 0) + { + printf("#endif\n"); + fprintf(stderr, "kern_head: fill_smap failed\n"); + exit (EXIT_FAILURE); + } + if (addr_system_call == 0L) + { + printf("#endif\n"); + fprintf(stderr, + "kern_head: address of system_call not found in System.map\n"); + fprintf(stderr, + "** This indicates that your System.map does not provide\n"); + fprintf(stderr, + "** the required information, and thus use of the\n"); + fprintf(stderr, + "** --with-kcheck option is not possible\n"); + exit (EXIT_FAILURE); + } + + for (i = 0; i < maxcall; ++i) + { + if (0 == strcmp(sh_smap[i].name, "sys_ni_syscall")) + { + addr_ni_syscall = sh_smap[i].addr; + break; + } + } + if (which < 6) + { + maxcall = (maxcall > 256) ? 256 : maxcall; + } + + for (i = 0; i < maxcall; ++i) + { + if (sh_smap[i].addr == 0UL) + { + if (verbose > 0) + fprintf(stderr, "** unknown syscall **: [%s]\n", sh_smap[i].name); + strcpy(sh_smap[i].name, "sys_ni_syscall"); + sh_smap[i].addr = addr_ni_syscall; + } + } + + + /* get the location of the syscall table address within system_call + */ + if ( get_dispatch (&qq) < 0) + { + printf("#endif\n"); + fprintf(stderr, "kern_head: get_dispatch failed\n"); + exit (EXIT_FAILURE); + } + + if (qq <= 252) + printf("#define SYS_CALL_LOC %d\n", qq); + else + { + printf("#endif\n"); + fprintf(stderr, "kern_head: SYS_CALL_LOC (%d) too large\n", qq); + exit(EXIT_FAILURE); + } + printf("#define SH_SYS_CALL_ADDR %#lx\n\n", addr_system_call); + + printf("static unsigned char system_call_code[256] = { 0 };\n"); + + printf("#define SH_MAXCALLS %d\n\n", maxcall); + +#ifdef SH_IDT_TABLE + printf("static unsigned char idt_table[2048] = { 0 };\n"); +#endif + + printf("typedef struct _sh_syscall_t {\n"); +#ifdef SH_SYSCALL_CODE + printf(" unsigned int code[2]; /* 8 bytes */\n"); +#endif + printf(" unsigned long addr;\n"); + printf(" char * name;\n"); + printf("} sh_syscall_t;\n\n"); + + printf("static sh_syscall_t sh_syscalls[] = {\n"); + + for (i = 0; i < maxcall; ++i) + { +#ifdef SH_SYSCALL_CODE + printf(" /* %03d */ { { 0, 0 }, 0, N_(%c%s%c) },\n", + i, '"', sh_smap[i].name, '"'); +#else + printf(" /* %03d */ { 0, N_(%c%s%c) },\n", + i, '"', sh_smap[i].name, '"'); +#endif + } +#ifdef SH_SYSCALL_CODE + printf(" /* eof */ { { 0x00000000, 0x00000000 }, 0x00000000, NULL }\n"); +#else + printf(" /* eof */ { 0x00000000, NULL }\n"); +#endif + printf("};\n\n"); + + + /* get proc addresses + */ + proc_root = get_symbol_from_systemmap (SYSTEMMAP, + "proc_root", 'D'); + if (proc_root == 0) + { + proc_root = get_symbol_from_systemmap (SYSTEMMAP, + "proc_root", 'd'); + } + if (proc_root == 0) + { + proc_root = get_symbol_from_systemmap (SYSTEMMAP, + "proc_root", 'R'); + } + if (proc_root != 0) { + printf("#define PROC_ROOT_LOC %#lx\n\n", proc_root); + } + + proc_root_lookup = get_symbol_from_systemmap (SYSTEMMAP, + "proc_root_lookup", 't'); + if (proc_root_lookup == 0) + { + proc_root_lookup = get_symbol_from_systemmap (SYSTEMMAP, + "proc_root_lookup", 'T'); + } + if (proc_root_lookup != 0) { + printf("#define PROC_ROOT_LOOKUP_LOC %#lx\n\n", proc_root_lookup); + } + + proc_root_iops = get_symbol_from_systemmap (SYSTEMMAP, + "proc_root_inode_operations", + 'd'); + if (proc_root_iops == 0) + { + proc_root_iops = get_symbol_from_systemmap (SYSTEMMAP, + "proc_root_inode_operations", + 'D'); + } + if (proc_root_iops == 0) + { + proc_root_iops = get_symbol_from_systemmap (SYSTEMMAP, + "proc_root_inode_operations", + 'R'); + } + if (proc_root_iops != 0) { + printf("#define PROC_ROOT_IOPS_LOC %#lx\n\n", proc_root_iops); + } + + if (two_six_seventeen_plus == 1) { + printf("#define TWO_SIX_SEVENTEEN_PLUS 1\n\n"); + } + + printf("#endif\n"); + + exit (EXIT_SUCCESS); +} + +/* if defined(HOST_IS_LINUX) */ +#endif + +/************************************************************ + * + * + * FreeBSD Implementation + * + ************************************************************/ + +#if defined(HOST_IS_FREEBSD) || defined(__OpenBSD__) + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef __FreeBSD__ +#include +#endif + +#include + +#ifndef SYS_MAXSYSCALL +#define SYS_MAXSYSCALL 512 +#endif + +/* number of system calls */ +#define SH_MAXCALLS 512 +#include "kern_head.h" +static int verbose = 0; + +#ifdef __OpenBSD__ +struct proc; +struct sysent { + short sy_narg; + short sy_argsize; + int (*sy_call)(struct proc *, void *, register_t *); +}; +#endif + +typedef struct _smap_entry { + unsigned int code[2]; /* 8 bytes */ + unsigned long addr; + char name[64]; +} smap_entry; + +union { + unsigned long addr_sys_call_table; + unsigned char str_sys_call_table[sizeof(unsigned long)]; +} sh_sys_call; + +struct nlist sys_list[SYS_MAXSYSCALL+1]; + +struct nlist list[2]; + + +int main(int argc, char * argv[]) +{ + int i, count, which; + smap_entry sh_smap[SYS_MAXSYSCALL]; + struct utsname utbuf; + char errbuf[_POSIX2_LINE_MAX]; + + struct sysent sy; + unsigned long offset = 0L; + kvm_t *kd; + + list[0].n_name = "_sysent"; + list[1].n_name = NULL; + + if (argc > 1) + { + if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0) + usage(EXIT_SUCCESS); + else if (strcmp(argv[1], "-v") == 0 || + strcmp(argv[1], "--verbose") == 0) + verbose = 1; + } + + if (0 != uname(&utbuf)) + { + perror("kern_head: uname"); + exit (EXIT_FAILURE); + } + +#ifdef __OpenBSD__ + if (utbuf.release[0] == '3') + which = 38; + else if (utbuf.release[0] == '4') + which = 40; +#else + if (utbuf.release[0] == '4') + which = 4; + else if (utbuf.release[0] == '5') + which = 5; + else if (utbuf.release[0] == '6') + which = 5; +#endif + else + { + fprintf(stderr, "kern_head: kernel %s not supported\n", utbuf.release); + exit (EXIT_FAILURE); + } + + if (utbuf.machine[0] != 'i' || utbuf.machine[2] != '8' || + utbuf.machine[3] != '6') + { + fprintf(stderr, "kern_head: machine %s not supported\n", utbuf.machine); + exit (EXIT_FAILURE); + } + + if (0 != getuid()) + { + fprintf(stderr, "\n"); + fprintf(stderr, "NOTE: kern_head: must run as 'root' "); + fprintf(stderr, "(need to read from kernel)\n"); + fprintf(stderr, " If you get this message, then proceed "); + fprintf(stderr, "as follows:\n"); + fprintf(stderr, " $ su\n"); + fprintf(stderr, " $ ./kern_head > sh_ks.h\n"); + fprintf(stderr, " $ exit\n"); + fprintf(stderr, " $ make\n\n"); + exit (EXIT_FAILURE); + } + + kd = kvm_openfiles(NULL, NULL, NULL, O_RDONLY, errbuf); + if (!kd) + { + fprintf(stderr, "check_sysent: kvm_openfiles: %s\n", errbuf); + exit(EXIT_FAILURE); + } + + i = kvm_nlist(kd, list); + if (i == -1) + { + fprintf(stderr, "check_sysent: kvm_nlist: %s\n", kvm_geterr(kd)); + exit(EXIT_FAILURE); + } + else if (i == 1) + { + fprintf(stderr, "check_sysent: kvm_nlist: _sysent not found\n"); + exit(EXIT_FAILURE); + } + else if (list[0].n_value == 0) + { + fprintf(stderr, "check_sysent: kvm_nlist: zero address for _sysent\n"); + exit(EXIT_FAILURE); + } + + if (which == 4) + printf("\n/* Kernel %s, machine %s -- use table %s */\n\n", + utbuf.release, utbuf.machine, "callz_fbsd"); + else if (which == 5 || which == 6) + printf("\n/* Kernel %s, machine %s -- use table %s */\n\n", + utbuf.release, utbuf.machine, "callz_fbsd5"); + else if (which == 38 || which == 40) + printf("\n/* Kernel %s, machine %s -- use table %s */\n\n", + utbuf.release, utbuf.machine, "callz_obsd"); + + + i = 0; + if (which == 4) { + while ((callz_fbsd[i] != NULL) && (i < SYS_MAXSYSCALL)) + { + sys_list[i].n_name = callz_fbsd[i]; + /* fprintf(stderr, "sys_list[%d] = %s\n", i, sys_list[i].n_name); */ + ++i; + } + if ((utbuf.release[1] == '.') && (utbuf.release[2] == '1') && + (utbuf.release[3] == '0')) + { + sys_list[336].n_name = callz_fbsd[151]; /* sendfile -> nosys */ + } + } else if (which == 5 || which == 6) { + while ((callz_fbsd5[i] != NULL) && (i < SYS_MAXSYSCALL)) + { + sys_list[i].n_name = callz_fbsd5[i]; + /* fprintf(stderr, "sys_list[%d] = %s\n", i, sys_list[i].n_name); */ + ++i; + } + } + else if (which == 38 || which == 40) { + while ((callz_obsd[i] != NULL) && (i < SYS_MAXSYSCALL)) + { + sys_list[i].n_name = callz_obsd[i]; + /* fprintf(stderr, "sys_list[%d] = %s\n", i, sys_list[i].n_name); */ + ++i; + } + } + + count = i; + sys_list[i].n_name = NULL; + + i = kvm_nlist(kd, sys_list); + if (i == -1) + { + fprintf(stderr, "check_sysent: kvm_nlist: %s\n", kvm_geterr(kd)); + /* exit(EXIT_FAILURE); */ + } + else if (i != 0 && verbose != 0) + { + fprintf(stderr, "check_sysent: kvm_nlist: %d out of %d invalid.\n", + i, count); + fprintf(stderr, " Probably the table in kern_head.h\n"); + fprintf(stderr, " is not for your kernel version.\n"); + fprintf(stderr, " (No reason to worry, kcheck will "\ + "work anyway)\n\n"); + } + + for (i = 0; i < count /* SYS_MAXSYSCALL */; i++) + { + if (NULL == sys_list[i].n_name) + break; + if (!sys_list[i].n_value && 0 != strcmp(sys_list[i].n_name, "_nosys") + && verbose != 0) + { + fprintf(stderr,"check_sysent: not found: slot %03d [%s]\n", + i, sys_list[i].n_name); + /* exit(EXIT_FAILURE); */ + } + offset = list[0].n_value + (i*sizeof(struct sysent)); + if (kvm_read(kd, offset, &sy, sizeof(struct sysent)) < 0) + { + fprintf(stderr,"check_sysent: kvm_read: %s\n", kvm_geterr(kd)); + exit(EXIT_FAILURE); + } + + if (verbose > 0) + fprintf(stderr, "(kvm_nlist) %#lx %#lx (sysent[%03d]) %03d [%s]\n", + (unsigned long) sys_list[i].n_value, + (unsigned long) sy.sy_call, + i, i, sys_list[i].n_name); + + if((unsigned long)sy.sy_call != sys_list[i].n_value && + sys_list[i].n_value != 0 && + 0 != strcmp(sys_list[i].n_name, "_nosys") && + (unsigned long)sy.sy_call != sys_list[151].n_value) + { + fprintf(stderr, + "WARNING: (kvm_nlist) %#lx != %#lx (sysent[%03d]) %03d [%s]\n", + (unsigned long) sys_list[i].n_value, + (unsigned long) sy.sy_call, + i, i, sys_list[i].n_name); + } + sh_smap[i].addr = (unsigned long) sy.sy_call; + strncpy(sh_smap[i].name, sys_list[i].n_name, 64); + if(kvm_read(kd, (unsigned int) sy.sy_call, &(sh_smap[i].code[0]), + 2 * sizeof(unsigned int)) < 0) + { + fprintf(stderr,"check_sysent: kvm_read: %s\n", kvm_geterr(kd)); + exit(EXIT_FAILURE); + } + } + + if(kvm_close(kd) < 0) + { + fprintf(stderr,"check_sysent: kvm_nlist: %s\n", kvm_geterr(kd)); + exit(EXIT_FAILURE); + } + + printf("#ifndef SH_KERN_CALLS_H\n"); + printf("#define SH_KERN_CALLS_H\n\n"); + + printf("#define SH_MAXCALLS %d\n\n", count); + + printf("typedef struct _sh_syscall_t {\n"); + printf(" unsigned int code[2]; /* 8 bytes */\n"); + printf(" unsigned long addr;\n"); + printf(" char * name;\n"); + printf("} sh_syscall_t;\n\n"); + + printf("static sh_syscall_t sh_syscalls[] = {\n"); + for (i = 0; i < count; ++i) { + printf(" /* %03d */ {{ 0x%-8.8x, 0x%-8.8x }, 0x%-8.8lx, N_(%c%s%c) },\n", + i, sh_smap[i].code[0], sh_smap[i].code[1], + sh_smap[i].addr, '"', sh_smap[i].name, '"'); + } + printf(" /* eof */ { { 0x00000000, 0x00000000 }, 0x00000000, NULL }\n"); + printf("};\n\n"); + printf("#endif\n"); + return 0; +} +/* if defined(HOST_IS_FREEBSD) */ +#endif + +/* #if defined(SH_USE_KERN) */ +#else + +#include +#include + +int main() +{ + printf("#ifndef SH_KERN_CALLS_H\n"); + printf("#define SH_KERN_CALLS_H\n\n"); + + printf("/* Dummy header. */\n\n"); + + printf("typedef struct _sh_syscall_t {\n"); + printf(" unsigned long addr;\n"); + printf(" char * name;\n"); + printf("} sh_syscall_t;\n\n"); + + printf("#endif\n"); + + return (EXIT_SUCCESS); +} + +/* #ifdef SH_USE_KERN */ +#endif Index: /tags/2.5.0/src/make-tests.sh =================================================================== --- /tags/2.5.0/src/make-tests.sh (revision 189) +++ /tags/2.5.0/src/make-tests.sh (revision 189) @@ -0,0 +1,75 @@ +#!/bin/sh + +# Auto generate single AllTests file for CuTest. +# Searches through all *.c files in the current directory. +# Prints to stdout. +# Author: Asim Jalis +# Date: 01/08/2003 + +# Modified to return non-zero if any test has failed +# Rainer Wichmann, 29. Jan 2006 +# ...and to print to stderr if any test has failed +# Rainer Wichmann, 31. Jan 2006 + +if test $# -eq 0 ; then FILES=*.c ; else FILES=$* ; fi + +echo ' + +/* This is auto-generated code. Edit at your own peril. */ + +#include +#include "CuTest.h" + +' + +cat $FILES | grep '^void Test' | + sed -e 's/(.*$//' \ + -e 's/$/(CuTest*);/' \ + -e 's/^/extern /' + +echo \ +' + +int RunAllTests(void) +{ + CuString *output = CuStringNew(); + CuSuite* suite = CuSuiteNew(); + +' +cat $FILES | grep '^void Test' | + sed -e 's/^void //' \ + -e 's/(.*$//' \ + -e 's/^/ SUITE_ADD_TEST(suite, /' \ + -e 's/$/);/' + +echo \ +' + CuSuiteRun(suite); + CuSuiteSummary(suite, output); + CuSuiteDetails(suite, output); + if (suite->failCount > 0) + fprintf(stderr, "%s%c", output->buffer, 0x0A); + else + fprintf(stdout, "%s%c", output->buffer, 0x0A); + return suite->failCount; +} + +int main(void) +{ +#if !defined(USE_SYSTEM_MALLOC) + typedef void assert_handler_tp(const char * error, const char *file, int line); + extern assert_handler_tp *dnmalloc_set_handler(assert_handler_tp *new); + extern void safe_fatal (const char * details, const char *f, int l); +#endif +#if !defined(USE_SYSTEM_MALLOC) && defined(USE_MALLOC_LOCK) + extern int dnmalloc_pthread_init(void); + dnmalloc_pthread_init(); +#endif +#if !defined(USE_SYSTEM_MALLOC) + (void) dnmalloc_set_handler(safe_fatal); +#endif + int retval; + retval = RunAllTests(); + return (retval == 0) ? 0 : 1; +} +' Index: /tags/2.5.0/src/minilzo.c =================================================================== --- /tags/2.5.0/src/minilzo.c (revision 189) +++ /tags/2.5.0/src/minilzo.c (revision 189) @@ -0,0 +1,2851 @@ +/* minilzo.c -- mini subset of the LZO real-time data compression library + + This file is part of the LZO real-time data compression library. + + Copyright (C) 1999 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1998 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1997 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1996 Markus Franz Xaver Johannes Oberhumer + + The LZO library is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of + the License, or (at your option) any later version. + + The LZO library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with the LZO library; see the file COPYING. + If not, write to the Free Software Foundation, Inc., + 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + Markus F.X.J. Oberhumer + + http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html + */ + +/* + * NOTE: + * the full LZO package can be found at + * http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html + */ + +#define _ANSI_C_SOURCE +#define _POSIX_SOURCE + + + +#define __LZO_IN_MINILZO + +#ifdef MINILZO_HAVE_CONFIG_H +# include +#endif + +#undef LZO_HAVE_CONFIG_H +#include "minilzo.h" + +#if !defined(MINILZO_VERSION) || (MINILZO_VERSION != 0x1060) +# error "version mismatch in miniLZO source files" +#endif + +#ifdef MINILZO_HAVE_CONFIG_H +# define LZO_HAVE_CONFIG_H +#endif + +#if !defined(LZO_NO_SYS_TYPES_H) +# include +#endif +#include + +#ifndef __LZO_CONF_H +#define __LZO_CONF_H + +#if !defined(__LZO_IN_MINILZO) +# ifndef __LZOCONF_H +# include +# endif +#endif + +#if !defined(LZO_HAVE_CONFIG_H) +# include +# include +# if !defined(NO_STDLIB_H) +# include +# endif +# define HAVE_MEMCMP +# define HAVE_MEMCPY +# define HAVE_MEMMOVE +# define HAVE_MEMSET +#else +# include +# if defined(STDC_HEADERS) +# include +# include +# endif +# if defined(HAVE_STDDEF_H) +# include +# endif +# if defined(HAVE_MEMORY_H) +# include +# endif +#endif + +#if defined(__LZO_DOS16) || defined(__LZO_WIN16) +# define HAVE_MALLOC_H +# define HAVE_HALLOC +#endif + +#undef NDEBUG +#if !defined(LZO_DEBUG) +# define NDEBUG +#endif +#if defined(LZO_DEBUG) || !defined(NDEBUG) +# if !defined(NO_STDIO_H) +# include +# endif +#endif +#include + +#if defined(__BOUNDS_CHECKING_ON) +# include +#else +# define BOUNDS_CHECKING_OFF_DURING(stmt) stmt +# define BOUNDS_CHECKING_OFF_IN_EXPR(expr) (expr) +#endif + +#if !defined(LZO_UNUSED) +# define LZO_UNUSED(parm) (parm = parm) +#endif + +#if !defined(__inline__) && !defined(__GNUC__) +# if defined(__cplusplus) +# define __inline__ inline +# else +# define __inline__ +# endif +#endif + +#if defined(NO_MEMCMP) +# undef HAVE_MEMCMP +#endif + +#if !defined(HAVE_MEMCMP) +# undef memcmp +# define memcmp lzo_memcmp +#endif +#if !defined(HAVE_MEMCPY) +# undef memcpy +# define memcpy lzo_memcpy +#endif +#if !defined(HAVE_MEMMOVE) +# undef memmove +# define memmove lzo_memmove +#endif +#if !defined(HAVE_MEMSET) +# undef memset +# define memset lzo_memset +#endif + +#if 1 +# define LZO_BYTE(x) ((unsigned char) (x)) +#else +# define LZO_BYTE(x) ((unsigned char) ((x) & 0xff)) +#endif +#if 0 +# define LZO_USHORT(x) ((unsigned short) (x)) +#else +# define LZO_USHORT(x) ((unsigned short) ((x) & 0xffff)) +#endif + +#define LZO_MAX(a,b) ((a) >= (b) ? (a) : (b)) +#define LZO_MIN(a,b) ((a) <= (b) ? (a) : (b)) +#define LZO_MAX3(a,b,c) ((a) >= (b) ? LZO_MAX(a,c) : LZO_MAX(b,c)) +#define LZO_MIN3(a,b,c) ((a) <= (b) ? LZO_MIN(a,c) : LZO_MIN(b,c)) + +#define lzo_sizeof(type) ((lzo_uint) (sizeof(type))) + +#define LZO_HIGH(array) ((lzo_uint) (sizeof(array)/sizeof(*(array)))) + +#define LZO_SIZE(bits) (1u << (bits)) +#define LZO_MASK(bits) (LZO_SIZE(bits) - 1) + +#define LZO_LSIZE(bits) (1ul << (bits)) +#define LZO_LMASK(bits) (LZO_LSIZE(bits) - 1) + +#define LZO_USIZE(bits) ((lzo_uint) 1 << (bits)) +#define LZO_UMASK(bits) (LZO_USIZE(bits) - 1) + +#define LZO_STYPE_MAX(b) (((1l << (8*(b)-2)) - 1l) + (1l << (8*(b)-2))) +#define LZO_UTYPE_MAX(b) (((1ul << (8*(b)-1)) - 1ul) + (1ul << (8*(b)-1))) + +#if !defined(SIZEOF_UNSIGNED) +# if (UINT_MAX == 0xffff) +# define SIZEOF_UNSIGNED 2 +# elif (UINT_MAX == LZO_0xffffffffL) +# define SIZEOF_UNSIGNED 4 +# elif (UINT_MAX >= LZO_0xffffffffL) +# define SIZEOF_UNSIGNED 8 +# else +# error SIZEOF_UNSIGNED +# endif +#endif + +#if !defined(SIZEOF_UNSIGNED_LONG) +# if (ULONG_MAX == LZO_0xffffffffL) +# define SIZEOF_UNSIGNED_LONG 4 +# elif (ULONG_MAX >= LZO_0xffffffffL) +# define SIZEOF_UNSIGNED_LONG 8 +# else +# error SIZEOF_UNSIGNED_LONG +# endif +#endif + +#if !defined(SIZEOF_SIZE_T) +# define SIZEOF_SIZE_T SIZEOF_UNSIGNED +#endif +#if !defined(SIZE_T_MAX) +# define SIZE_T_MAX LZO_UTYPE_MAX(SIZEOF_SIZE_T) +#endif + +#if 1 && defined(__LZO_i386) && (UINT_MAX == LZO_0xffffffffL) +# if !defined(LZO_UNALIGNED_OK_2) && (USHRT_MAX == 0xffff) +# define LZO_UNALIGNED_OK_2 +# endif +# if !defined(LZO_UNALIGNED_OK_4) && (LZO_UINT32_MAX == LZO_0xffffffffL) +# define LZO_UNALIGNED_OK_4 +# endif +#endif + +#if defined(LZO_UNALIGNED_OK_2) || defined(LZO_UNALIGNED_OK_4) +# if !defined(LZO_UNALIGNED_OK) +# define LZO_UNALIGNED_OK +# endif +#endif + +#if defined(__LZO_NO_UNALIGNED) +# undef LZO_UNALIGNED_OK +# undef LZO_UNALIGNED_OK_2 +# undef LZO_UNALIGNED_OK_4 +#endif + +#if defined(LZO_UNALIGNED_OK_2) && (USHRT_MAX != 0xffff) +# error "LZO_UNALIGNED_OK_2 must not be defined on this system" +#endif +#if defined(LZO_UNALIGNED_OK_4) && (LZO_UINT32_MAX != LZO_0xffffffffL) +# error "LZO_UNALIGNED_OK_4 must not be defined on this system" +#endif + +#if defined(__LZO_NO_ALIGNED) +# undef LZO_ALIGNED_OK_4 +#endif + +#if defined(LZO_ALIGNED_OK_4) && (LZO_UINT32_MAX != LZO_0xffffffffL) +# error "LZO_ALIGNED_OK_4 must not be defined on this system" +#endif + +#define LZO_LITTLE_ENDIAN 1234 +#define LZO_BIG_ENDIAN 4321 +#define LZO_PDP_ENDIAN 3412 + +#if !defined(LZO_BYTE_ORDER) +# if defined(MFX_BYTE_ORDER) +# define LZO_BYTE_ORDER MFX_BYTE_ORDER +# elif defined(__LZO_i386) +# define LZO_BYTE_ORDER LZO_LITTLE_ENDIAN +# elif defined(BYTE_ORDER) +# define LZO_BYTE_ORDER BYTE_ORDER +# elif defined(__BYTE_ORDER) +# define LZO_BYTE_ORDER __BYTE_ORDER +# endif +#endif + +#if defined(LZO_BYTE_ORDER) +# if (LZO_BYTE_ORDER != LZO_LITTLE_ENDIAN) && \ + (LZO_BYTE_ORDER != LZO_BIG_ENDIAN) +# error "invalid LZO_BYTE_ORDER" +# endif +#endif + +#if defined(LZO_UNALIGNED_OK) && !defined(LZO_BYTE_ORDER) +# error "LZO_BYTE_ORDER is not defined" +#endif + +#define LZO_OPTIMIZE_GNUC_i386_IS_BUGGY + +#if defined(NDEBUG) && !defined(LZO_DEBUG) && !defined(__BOUNDS_CHECKING_ON) +# if defined(__GNUC__) && defined(__i386__) +# if !defined(LZO_OPTIMIZE_GNUC_i386_IS_BUGGY) +# define LZO_OPTIMIZE_GNUC_i386 +# endif +# endif +#endif + +__LZO_EXTERN_C int __lzo_init_done; +__LZO_EXTERN_C const lzo_byte __lzo_copyright[]; +LZO_EXTERN(const lzo_byte *) lzo_copyright(void); +__LZO_EXTERN_C const lzo_uint32 _lzo_crc32_table[256]; + +#define _LZO_STRINGIZE(x) #x +#define _LZO_MEXPAND(x) _LZO_STRINGIZE(x) + +#define _LZO_CONCAT2(a,b) a ## b +#define _LZO_CONCAT3(a,b,c) a ## b ## c +#define _LZO_CONCAT4(a,b,c,d) a ## b ## c ## d +#define _LZO_CONCAT5(a,b,c,d,e) a ## b ## c ## d ## e + +#define _LZO_ECONCAT2(a,b) _LZO_CONCAT2(a,b) +#define _LZO_ECONCAT3(a,b,c) _LZO_CONCAT3(a,b,c) +#define _LZO_ECONCAT4(a,b,c,d) _LZO_CONCAT4(a,b,c,d) +#define _LZO_ECONCAT5(a,b,c,d,e) _LZO_CONCAT5(a,b,c,d,e) + +#if 0 + +#define __LZO_IS_COMPRESS_QUERY(i,il,o,ol,w) ((lzo_voidp)(o) == (w)) +#define __LZO_QUERY_COMPRESS(i,il,o,ol,w,n,s) \ + (*ol = (n)*(s), LZO_E_OK) + +#define __LZO_IS_DECOMPRESS_QUERY(i,il,o,ol,w) ((lzo_voidp)(o) == (w)) +#define __LZO_QUERY_DECOMPRESS(i,il,o,ol,w,n,s) \ + (*ol = (n)*(s), LZO_E_OK) + +#define __LZO_IS_OPTIMIZE_QUERY(i,il,o,ol,w) ((lzo_voidp)(o) == (w)) +#define __LZO_QUERY_OPTIMIZE(i,il,o,ol,w,n,s) \ + (*ol = (n)*(s), LZO_E_OK) + +#endif + +#ifndef __LZO_PTR_H +#define __LZO_PTR_H + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(__LZO_DOS16) || defined(__LZO_WIN16) +# include +# if 1 && defined(__WATCOMC__) +# include + __LZO_EXTERN_C unsigned char _HShift; +# define __LZO_HShift _HShift +# elif 1 && defined(_MSC_VER) + __LZO_EXTERN_C unsigned short __near _AHSHIFT; +# define __LZO_HShift ((unsigned) &_AHSHIFT) +# elif defined(__LZO_WIN16) +# define __LZO_HShift 3 +# else +# define __LZO_HShift 12 +# endif +# if !defined(_FP_SEG) && defined(FP_SEG) +# define _FP_SEG FP_SEG +# endif +# if !defined(_FP_OFF) && defined(FP_OFF) +# define _FP_OFF FP_OFF +# endif +#endif + +#if (UINT_MAX >= LZO_0xffffffffL) + typedef ptrdiff_t lzo_ptrdiff_t; +#else + typedef long lzo_ptrdiff_t; +#endif + +#if !defined(__LZO_HAVE_PTR_T) +# if defined(lzo_ptr_t) +# define __LZO_HAVE_PTR_T +# endif +#endif +#if !defined(__LZO_HAVE_PTR_T) +# if defined(SIZEOF_CHAR_P) && defined(SIZEOF_UNSIGNED_LONG) +# if (SIZEOF_CHAR_P == SIZEOF_UNSIGNED_LONG) + typedef unsigned long lzo_ptr_t; + typedef long lzo_sptr_t; +# define __LZO_HAVE_PTR_T +# endif +# endif +#endif +#if !defined(__LZO_HAVE_PTR_T) +# if defined(SIZEOF_CHAR_P) && defined(SIZEOF_UNSIGNED) +# if (SIZEOF_CHAR_P == SIZEOF_UNSIGNED) + typedef unsigned int lzo_ptr_t; + typedef int lzo_sptr_t; +# define __LZO_HAVE_PTR_T +# endif +# endif +#endif +#if !defined(__LZO_HAVE_PTR_T) +# if defined(SIZEOF_CHAR_P) && defined(SIZEOF_UNSIGNED_SHORT) +# if (SIZEOF_CHAR_P == SIZEOF_UNSIGNED_SHORT) + typedef unsigned short lzo_ptr_t; + typedef short lzo_sptr_t; +# define __LZO_HAVE_PTR_T +# endif +# endif +#endif +#if !defined(__LZO_HAVE_PTR_T) +# if defined(LZO_HAVE_CONFIG_H) || defined(SIZEOF_CHAR_P) +# error "no suitable type for lzo_ptr_t" +# else + typedef unsigned long lzo_ptr_t; + typedef long lzo_sptr_t; +# define __LZO_HAVE_PTR_T +# endif +#endif + +#if defined(__LZO_DOS16) || defined(__LZO_WIN16) +#define PTR(a) ((lzo_bytep) (a)) +#define PTR_ALIGNED_4(a) ((_FP_OFF(a) & 3) == 0) +#define PTR_ALIGNED2_4(a,b) (((_FP_OFF(a) | _FP_OFF(b)) & 3) == 0) +#else +#define PTR(a) ((lzo_ptr_t) (a)) +#define PTR_LINEAR(a) PTR(a) +#define PTR_ALIGNED_4(a) ((PTR_LINEAR(a) & 3) == 0) +#define PTR_ALIGNED_8(a) ((PTR_LINEAR(a) & 7) == 0) +#define PTR_ALIGNED2_4(a,b) (((PTR_LINEAR(a) | PTR_LINEAR(b)) & 3) == 0) +#define PTR_ALIGNED2_8(a,b) (((PTR_LINEAR(a) | PTR_LINEAR(b)) & 7) == 0) +#endif + +#define PTR_LT(a,b) (PTR(a) < PTR(b)) +#define PTR_GE(a,b) (PTR(a) >= PTR(b)) +#define PTR_DIFF(a,b) ((lzo_ptrdiff_t) (PTR(a) - PTR(b))) + +LZO_EXTERN(lzo_ptr_t) +__lzo_ptr_linear(const lzo_voidp ptr); + +typedef union +{ + char a_char; + unsigned char a_uchar; + short a_short; + unsigned short a_ushort; + int a_int; + unsigned int a_uint; + long a_long; + unsigned long a_ulong; + lzo_int a_lzo_int; + lzo_uint a_lzo_uint; + lzo_int32 a_lzo_int32; + lzo_uint32 a_lzo_uint32; + ptrdiff_t a_ptrdiff_t; + lzo_ptrdiff_t a_lzo_ptrdiff_t; + lzo_ptr_t a_lzo_ptr_t; + char * a_charp; + lzo_bytep a_lzo_bytep; + lzo_bytepp a_lzo_bytepp; +} +lzo_align_t; + +#ifdef __cplusplus +} +#endif + +#endif + +#define LZO_DETERMINISTIC + +#define LZO_DICT_USE_PTR +#if defined(__LZO_DOS16) || defined(__LZO_WIN16) || defined(__LZO_STRICT_16BIT) +# undef LZO_DICT_USE_PTR +#endif + +#if defined(LZO_DICT_USE_PTR) +# define lzo_dict_t const lzo_bytep +# define lzo_dict_p lzo_dict_t __LZO_MMODEL * +#else +# define lzo_dict_t lzo_uint +# define lzo_dict_p lzo_dict_t __LZO_MMODEL * +#endif + +#if !defined(lzo_moff_t) +#define lzo_moff_t lzo_uint +#endif + +#endif + +LZO_PUBLIC(lzo_ptr_t) +__lzo_ptr_linear(const lzo_voidp ptr) +{ + lzo_ptr_t p; + +#if defined(__LZO_DOS16) || defined(__LZO_WIN16) + p = (((lzo_ptr_t)(_FP_SEG(ptr))) << (16 - __LZO_HShift)) + (_FP_OFF(ptr)); +#else + p = PTR_LINEAR(ptr); +#endif + + return p; +} + +LZO_PUBLIC(unsigned) +__lzo_align_gap(const lzo_voidp ptr, lzo_uint size) +{ + lzo_ptr_t p, s, n; + + assert(size > 0); + + p = __lzo_ptr_linear(ptr); + s = (lzo_ptr_t) (size - 1); +#if 0 + assert((size & (size - 1)) == 0); + n = ((p + s) & ~s) - p; +#else + n = (((p + s) / size) * size) - p; +#endif + + assert((long)n >= 0); + assert(n <= s); + + return (unsigned)n; +} + +#ifndef __LZO_UTIL_H +#define __LZO_UTIL_H + +#ifndef __LZO_CONF_H +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#if 1 && defined(HAVE_MEMCPY) +#if !defined(__LZO_DOS16) && !defined(__LZO_WIN16) + +#define MEMCPY8_DS(dest,src,len) \ + memcpy(dest,src,len); \ + dest += len; \ + src += len + +#endif +#endif + +#if 0 && !defined(MEMCPY8_DS) + +#define MEMCPY8_DS(dest,src,len) \ + { do { \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + len -= 8; \ + } while (len > 0); } + +#endif + +#if !defined(MEMCPY8_DS) + +#define MEMCPY8_DS(dest,src,len) \ + { register lzo_uint __l = (len) / 8; \ + do { \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + *dest++ = *src++; \ + } while (--__l > 0); } + +#endif + +#define MEMCPY_DS(dest,src,len) \ + do *dest++ = *src++; \ + while (--len > 0) + +#define MEMMOVE_DS(dest,src,len) \ + do *dest++ = *src++; \ + while (--len > 0) + +#if 0 && defined(LZO_OPTIMIZE_GNUC_i386) + +#define BZERO8_PTR(s,l,n) \ +__asm__ __volatile__( \ + "movl %0,%%eax \n" \ + "movl %1,%%edi \n" \ + "movl %2,%%ecx \n" \ + "cld \n" \ + "rep \n" \ + "stosl %%eax,(%%edi) \n" \ + : \ + :"g" (0),"g" (s),"g" (n) \ + :"eax","edi","ecx", "memory", "cc" \ +) + +#elif (LZO_UINT_MAX <= SIZE_T_MAX) && defined(HAVE_MEMSET) + +#if 1 +#define BZERO8_PTR(s,l,n) memset((s),0,(lzo_uint)(l)*(n)) +#else +#define BZERO8_PTR(s,l,n) memset((lzo_voidp)(s),0,(lzo_uint)(l)*(n)) +#endif + +#else + +#define BZERO8_PTR(s,l,n) \ + lzo_memset((lzo_voidp)(s),0,(lzo_uint)(l)*(n)) + +#endif + +#if 0 +#if defined(__GNUC__) && defined(__i386__) + +unsigned char lzo_rotr8(unsigned char value, int shift); +extern __inline__ unsigned char lzo_rotr8(unsigned char value, int shift) +{ + unsigned char result; + + __asm__ __volatile__ ("movb %b1, %b0; rorb %b2, %b0" + : "=a"(result) : "g"(value), "c"(shift)); + return result; +} + +unsigned short lzo_rotr16(unsigned short value, int shift); +extern __inline__ unsigned short lzo_rotr16(unsigned short value, int shift) +{ + unsigned short result; + + __asm__ __volatile__ ("movw %b1, %b0; rorw %b2, %b0" + : "=a"(result) : "g"(value), "c"(shift)); + return result; +} + +#endif +#endif + +#ifdef __cplusplus +} +#endif + +#endif + +LZO_PUBLIC(lzo_bool) +lzo_assert(int expr) +{ + return (expr) ? 1 : 0; +} + +/* If you use the LZO library in a product, you *must* keep this + * copyright string in the executable of your product. + */ + +const lzo_byte __lzo_copyright[] = +#if !defined(__LZO_IN_MINLZO) + LZO_VERSION_STRING; +#else + "\n\n\n" + "LZO real-time data compression library.\n" + "Copyright (C) 1996, 1997, 1998, 1999 Markus Franz Xaver Johannes Oberhumer\n" + "\n" + "http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html\n" + "\n" + "LZO version: v" LZO_VERSION_STRING ", " LZO_VERSION_DATE "\n" + "LZO build date: " __DATE__ " " __TIME__ "\n\n" + "LZO special compilation options:\n" +#ifdef __cplusplus + " __cplusplus\n" +#endif +#if defined(__PIC__) + " __PIC__\n" +#elif defined(__pic__) + " __pic__\n" +#endif +#if (UINT_MAX < LZO_0xffffffffL) + " 16BIT\n" +#endif +#if defined(__LZO_STRICT_16BIT) + " __LZO_STRICT_16BIT\n" +#endif +#if (UINT_MAX > LZO_0xffffffffL) + " UINT_MAX=" _LZO_MEXPAND(UINT_MAX) "\n" +#endif +#if (ULONG_MAX > LZO_0xffffffffL) + " ULONG_MAX=" _LZO_MEXPAND(ULONG_MAX) "\n" +#endif +#if defined(LZO_BYTE_ORDER) + " LZO_BYTE_ORDER=" _LZO_MEXPAND(LZO_BYTE_ORDER) "\n" +#endif +#if defined(LZO_UNALIGNED_OK_2) + " LZO_UNALIGNED_OK_2\n" +#endif +#if defined(LZO_UNALIGNED_OK_4) + " LZO_UNALIGNED_OK_4\n" +#endif +#if defined(LZO_ALIGNED_OK_4) + " LZO_ALIGNED_OK_4\n" +#endif +#if defined(LZO_DICT_USE_PTR) + " LZO_DICT_USE_PTR\n" +#endif +#if defined(__LZO_QUERY_COMPRESS) + " __LZO_QUERY_COMPRESS\n" +#endif +#if defined(__LZO_QUERY_DECOMPRESS) + " __LZO_QUERY_DECOMPRESS\n" +#endif +#if defined(__LZO_IN_MINILZO) + " __LZO_IN_MINILZO\n" +#endif + "\n\n" + "$Id: LZO " LZO_VERSION_STRING " built " __DATE__ " " __TIME__ +#if defined(__GNUC__) && defined(__VERSION__) + " by gcc " __VERSION__ +#elif defined(__BORLANDC__) + " by Borland C " _LZO_MEXPAND(__BORLANDC__) +#elif defined(_MSC_VER) + " by Microsoft C " _LZO_MEXPAND(_MSC_VER) +#elif defined(__PUREC__) + " by Pure C " _LZO_MEXPAND(__PUREC__) +#elif defined(__SC__) + " by Symantec C " _LZO_MEXPAND(__SC__) +#elif defined(__TURBOC__) + " by Turbo C " _LZO_MEXPAND(__TURBOC__) +#elif defined(__WATCOMC__) + " by Watcom C " _LZO_MEXPAND(__WATCOMC__) +#endif + " $\n" + "$Copyright: LZO (C) 1996, 1997, 1998, 1999 Markus Franz Xaver Johannes Oberhumer $\n"; +#endif + +LZO_PUBLIC(const lzo_byte *) +lzo_copyright(void) +{ + return __lzo_copyright; +} + +LZO_PUBLIC(unsigned) +lzo_version(void) +{ + return LZO_VERSION; +} + +LZO_PUBLIC(const char *) +lzo_version_string(void) +{ + return LZO_VERSION_STRING; +} + +LZO_PUBLIC(const char *) +lzo_version_date(void) +{ + return LZO_VERSION_DATE; +} + +LZO_PUBLIC(const lzo_charp) +_lzo_version_string(void) +{ + return LZO_VERSION_STRING; +} + +LZO_PUBLIC(const lzo_charp) +_lzo_version_date(void) +{ + return LZO_VERSION_DATE; +} + +#define LZO_BASE 65521u +#define LZO_NMAX 5552 + +#define LZO_DO1(buf,i) {s1 += buf[i]; s2 += s1;} +#define LZO_DO2(buf,i) LZO_DO1(buf,i); LZO_DO1(buf,i+1); +#define LZO_DO4(buf,i) LZO_DO2(buf,i); LZO_DO2(buf,i+2); +#define LZO_DO8(buf,i) LZO_DO4(buf,i); LZO_DO4(buf,i+4); +#define LZO_DO16(buf,i) LZO_DO8(buf,i); LZO_DO8(buf,i+8); + +LZO_PUBLIC(lzo_uint32) +lzo_adler32(lzo_uint32 adler, const lzo_byte *buf, lzo_uint len) +{ + lzo_uint32 s1 = adler & 0xffff; + lzo_uint32 s2 = (adler >> 16) & 0xffff; + int k; + + if (buf == NULL) + return 1; + + while (len > 0) + { + k = len < LZO_NMAX ? (int) len : LZO_NMAX; + len -= k; + if (k >= 16) do + { + LZO_DO16(buf,0); + buf += 16; + k -= 16; + } while (k >= 16); + if (k != 0) do + { + s1 += *buf++; + s2 += s1; + } while (--k > 0); + s1 %= LZO_BASE; + s2 %= LZO_BASE; + } + return (s2 << 16) | s1; +} + +LZO_PUBLIC(int) +lzo_memcmp(const lzo_voidp s1, const lzo_voidp s2, lzo_uint len) +{ +#if (LZO_UINT_MAX <= SIZE_T_MAX) && defined(HAVE_MEMCMP) + return memcmp(s1,s2,len); +#else + const lzo_byte *p1 = (const lzo_byte *) s1; + const lzo_byte *p2 = (const lzo_byte *) s2; + int d; + + if (len > 0) do + { + d = *p1 - *p2; + if (d != 0) + return d; + p1++; + p2++; + } + while (--len > 0); + return 0; +#endif +} + +LZO_PUBLIC(lzo_voidp) +lzo_memcpy(lzo_voidp dest, const lzo_voidp src, lzo_uint len) +{ +#if (LZO_UINT_MAX <= SIZE_T_MAX) && defined(HAVE_MEMCPY) + return memcpy(dest,src,len); +#else + lzo_byte *p1 = (lzo_byte *) dest; + const lzo_byte *p2 = (const lzo_byte *) src; + + if (len <= 0 || p1 == p2) + return dest; + do + *p1++ = *p2++; + while (--len > 0); + return dest; +#endif +} + +LZO_PUBLIC(lzo_voidp) +lzo_memmove(lzo_voidp dest, const lzo_voidp src, lzo_uint len) +{ +#if (LZO_UINT_MAX <= SIZE_T_MAX) && defined(HAVE_MEMMOVE) + return memmove(dest,src,len); +#else + lzo_byte *p1 = (lzo_byte *) dest; + const lzo_byte *p2 = (const lzo_byte *) src; + + if (len <= 0 || p1 == p2) + return dest; + + if (p1 < p2) + { + do + *p1++ = *p2++; + while (--len > 0); + } + else + { + p1 += len; + p2 += len; + do + *--p1 = *--p2; + while (--len > 0); + } + return dest; +#endif +} + +LZO_PUBLIC(lzo_voidp) +lzo_memset(lzo_voidp s, int c, lzo_uint len) +{ +#if (LZO_UINT_MAX <= SIZE_T_MAX) && defined(HAVE_MEMSET) + return memset(s,c,len); +#else + lzo_byte *p = (lzo_byte *) s; + + if (len > 0) do + *p++ = LZO_BYTE(c); + while (--len > 0); + return s; +#endif +} + +#include + +#if 0 +# define IS_SIGNED(type) (((type) (1ul << (8 * sizeof(type) - 1))) < 0) +# define IS_UNSIGNED(type) (((type) (1ul << (8 * sizeof(type) - 1))) > 0) +#else +# define IS_SIGNED(type) (((type) (-1)) < ((type) 0)) +# define IS_UNSIGNED(type) (((type) (-1)) > ((type) 0)) +#endif + +static lzo_bool schedule_insns_bug(void); +static lzo_bool strength_reduce_bug(int *); + +#if 0 || defined(LZO_DEBUG) +static lzo_bool __lzo_assert_fail(const char *s, unsigned line) +{ +#if defined(__palmos__) + printf("LZO assertion failed in line %u: '%s'\n",line,s); +#else + fprintf(stderr,"LZO assertion failed in line %u: '%s'\n",line,s); +#endif + return 0; +} +# define __lzo_assert(x) ((x) ? 1 : __lzo_assert_fail(#x,__LINE__)) +#else +# define __lzo_assert(x) ((x) ? 1 : 0) +#endif + +static lzo_bool basic_integral_check(void) +{ + lzo_bool r = 1; + lzo_bool sanity; + + r &= __lzo_assert(CHAR_BIT == 8); + r &= __lzo_assert(sizeof(char) == 1); + r &= __lzo_assert(sizeof(short) >= 2); + r &= __lzo_assert(sizeof(long) >= 4); + r &= __lzo_assert(sizeof(int) >= sizeof(short)); + r &= __lzo_assert(sizeof(long) >= sizeof(int)); + + r &= __lzo_assert(sizeof(lzo_uint32) >= 4); + r &= __lzo_assert(sizeof(lzo_uint32) >= sizeof(unsigned)); +#if defined(__LZO_STRICT_16BIT) + r &= __lzo_assert(sizeof(lzo_uint) == 2); +#else + r &= __lzo_assert(sizeof(lzo_uint) >= 4); + r &= __lzo_assert(sizeof(lzo_uint) >= sizeof(unsigned)); +#endif + +#if defined(SIZEOF_UNSIGNED) + r &= __lzo_assert(SIZEOF_UNSIGNED == sizeof(unsigned)); +#endif +#if defined(SIZEOF_UNSIGNED_LONG) + r &= __lzo_assert(SIZEOF_UNSIGNED_LONG == sizeof(unsigned long)); +#endif +#if defined(SIZEOF_UNSIGNED_SHORT) + r &= __lzo_assert(SIZEOF_UNSIGNED_SHORT == sizeof(unsigned short)); +#endif +#if !defined(__LZO_IN_MINILZO) +#if defined(SIZEOF_SIZE_T) + r &= __lzo_assert(SIZEOF_SIZE_T == sizeof(size_t)); +#endif +#endif + + sanity = IS_UNSIGNED(unsigned short) && IS_UNSIGNED(unsigned) && + IS_UNSIGNED(unsigned long) && + IS_SIGNED(short) && IS_SIGNED(int) && IS_SIGNED(long); + if (sanity) + { + r &= __lzo_assert(IS_UNSIGNED(lzo_uint32)); + r &= __lzo_assert(IS_UNSIGNED(lzo_uint)); + r &= __lzo_assert(IS_SIGNED(lzo_int32)); + r &= __lzo_assert(IS_SIGNED(lzo_int)); + + r &= __lzo_assert(INT_MAX == LZO_STYPE_MAX(sizeof(int))); + r &= __lzo_assert(UINT_MAX == LZO_UTYPE_MAX(sizeof(unsigned))); + r &= __lzo_assert(LONG_MAX == LZO_STYPE_MAX(sizeof(long))); + r &= __lzo_assert(ULONG_MAX == LZO_UTYPE_MAX(sizeof(unsigned long))); + r &= __lzo_assert(SHRT_MAX == LZO_STYPE_MAX(sizeof(short))); + r &= __lzo_assert(USHRT_MAX == LZO_UTYPE_MAX(sizeof(unsigned short))); + r &= __lzo_assert(LZO_UINT32_MAX == LZO_UTYPE_MAX(sizeof(lzo_uint32))); + r &= __lzo_assert(LZO_UINT_MAX == LZO_UTYPE_MAX(sizeof(lzo_uint))); +#if !defined(__LZO_IN_MINILZO) + r &= __lzo_assert(SIZE_T_MAX == LZO_UTYPE_MAX(sizeof(size_t))); +#endif + } + +#if 0 + r &= __lzo_assert(LZO_BYTE(257) == 1); + r &= __lzo_assert(LZO_USHORT(65537L) == 1); +#endif + + return r; +} + +static lzo_bool basic_ptr_check(void) +{ + lzo_bool r = 1; + lzo_bool sanity; + + r &= __lzo_assert(sizeof(char *) >= sizeof(int)); + r &= __lzo_assert(sizeof(lzo_byte *) >= sizeof(char *)); + + r &= __lzo_assert(sizeof(lzo_voidp) == sizeof(lzo_byte *)); + r &= __lzo_assert(sizeof(lzo_voidp) == sizeof(lzo_voidpp)); + r &= __lzo_assert(sizeof(lzo_voidp) == sizeof(lzo_bytepp)); + r &= __lzo_assert(sizeof(lzo_voidp) >= sizeof(lzo_uint)); + + r &= __lzo_assert(sizeof(lzo_ptr_t) == sizeof(lzo_voidp)); + r &= __lzo_assert(sizeof(lzo_ptr_t) >= sizeof(lzo_uint)); + + r &= __lzo_assert(sizeof(lzo_ptrdiff_t) >= 4); + r &= __lzo_assert(sizeof(lzo_ptrdiff_t) >= sizeof(ptrdiff_t)); + +#if defined(SIZEOF_CHAR_P) + r &= __lzo_assert(SIZEOF_CHAR_P == sizeof(char *)); +#endif +#if defined(SIZEOF_PTRDIFF_T) + r &= __lzo_assert(SIZEOF_PTRDIFF_T == sizeof(ptrdiff_t)); +#endif + + sanity = IS_UNSIGNED(unsigned short) && IS_UNSIGNED(unsigned) && + IS_UNSIGNED(unsigned long) && + IS_SIGNED(short) && IS_SIGNED(int) && IS_SIGNED(long); + if (sanity) + { + r &= __lzo_assert(IS_UNSIGNED(lzo_ptr_t)); + r &= __lzo_assert(IS_UNSIGNED(lzo_moff_t)); + r &= __lzo_assert(IS_SIGNED(lzo_ptrdiff_t)); + r &= __lzo_assert(IS_SIGNED(lzo_sptr_t)); + } + + return r; +} + +static lzo_bool ptr_check(void) +{ + lzo_bool r = 1; + int i; + char _wrkmem[10 * sizeof(lzo_byte *) + sizeof(lzo_align_t)]; + lzo_byte *wrkmem; + const lzo_bytepp dict; + unsigned char x[4 * sizeof(lzo_align_t)]; + long d; + lzo_align_t a; + + for (i = 0; i < (int) sizeof(x); i++) + x[i] = LZO_BYTE(i); + + wrkmem = (lzo_byte *) LZO_PTR_ALIGN_UP(_wrkmem,sizeof(lzo_align_t)); + dict = (const lzo_bytepp) wrkmem; + + d = (long) ((const lzo_bytep) dict - (const lzo_bytep) _wrkmem); + r &= __lzo_assert(d >= 0); + r &= __lzo_assert(d < (long) sizeof(lzo_align_t)); + + memset(&a,0xff,sizeof(a)); + r &= __lzo_assert(a.a_ushort == USHRT_MAX); + r &= __lzo_assert(a.a_uint == UINT_MAX); + r &= __lzo_assert(a.a_ulong == ULONG_MAX); + r &= __lzo_assert(a.a_lzo_uint == LZO_UINT_MAX); + + if (r == 1) + { + for (i = 0; i < 8; i++) + r &= __lzo_assert((const lzo_voidp) (&dict[i]) == (const lzo_voidp) (&wrkmem[i * sizeof(lzo_byte *)])); + } + + memset(&a,0,sizeof(a)); + r &= __lzo_assert(a.a_charp == NULL); + r &= __lzo_assert(a.a_lzo_bytep == NULL); + r &= __lzo_assert(NULL == 0); + if (r == 1) + { + for (i = 0; i < 10; i++) + dict[i] = wrkmem; + BZERO8_PTR(dict+1,sizeof(dict[0]),8); + r &= __lzo_assert(dict[0] == wrkmem); + for (i = 1; i < 9; i++) + r &= __lzo_assert(dict[i] == NULL); + r &= __lzo_assert(dict[9] == wrkmem); + } + + if (r == 1) + { + unsigned k = 1; + const unsigned n = (unsigned) sizeof(lzo_uint32); + lzo_byte *p0; + lzo_byte *p1; + + k += __lzo_align_gap(&x[k],n); + p0 = (lzo_bytep) &x[k]; +#if defined(PTR_LINEAR) + r &= __lzo_assert((PTR_LINEAR(p0) & (n-1)) == 0); +#else + r &= __lzo_assert(n == 4); + r &= __lzo_assert(PTR_ALIGNED_4(p0)); +#endif + + r &= __lzo_assert(k >= 1); + p1 = (lzo_bytep) &x[1]; + r &= __lzo_assert(PTR_GE(p0,p1)); + + r &= __lzo_assert(k < 1+n); + p1 = (lzo_bytep) &x[1+n]; + r &= __lzo_assert(PTR_LT(p0,p1)); + + if (r == 1) + { + lzo_uint32 v0 = * (lzo_uint32 *) &x[k]; + lzo_uint32 v1 = * (lzo_uint32 *) &x[k+n]; + + r &= __lzo_assert(v0 > 0); + r &= __lzo_assert(v1 > 0); + } + } + + return r; +} + +LZO_PUBLIC(int) +_lzo_config_check(void) +{ + lzo_bool r = 1; + int i; + union { + lzo_uint32 a; + unsigned short b; + lzo_uint32 aa[4]; + unsigned char x[4*sizeof(lzo_align_t)]; + } u; + +#if 0 + r &= __lzo_assert((const void *)&u == (const void *)&u.a); + r &= __lzo_assert((const void *)&u == (const void *)&u.b); + r &= __lzo_assert((const void *)&u == (const void *)&u.x[0]); + r &= __lzo_assert((const void *)&u == (const void *)&u.aa[0]); +#endif + + r &= basic_integral_check(); + r &= basic_ptr_check(); + if (r != 1) + return LZO_E_ERROR; + + for (i = 0; i < (int) sizeof(u.x); i++) + u.x[i] = LZO_BYTE(i); + +#if 0 + r &= __lzo_assert( (int) (unsigned char) ((char) -1) == 255); +#endif + +#if defined(LZO_BYTE_ORDER) + if (r == 1) + { +# if (LZO_BYTE_ORDER == LZO_LITTLE_ENDIAN) + lzo_uint32 a = (lzo_uint32) (u.a & LZO_0xffffffffL); + unsigned short b = (unsigned short) (u.b & 0xffff); + r &= __lzo_assert(a == 0x03020100L); + r &= __lzo_assert(b == 0x0100); +# elif (LZO_BYTE_ORDER == LZO_BIG_ENDIAN) + lzo_uint32 a = u.a >> (8 * sizeof(u.a) - 32); + unsigned short b = u.b >> (8 * sizeof(u.b) - 16); + r &= __lzo_assert(a == 0x00010203L); + r &= __lzo_assert(b == 0x0001); +# else +# error invalid LZO_BYTE_ORDER +# endif + } +#endif + +#if defined(LZO_UNALIGNED_OK_2) + r &= __lzo_assert(sizeof(short) == 2); + if (r == 1) + { + unsigned short b[4]; + + for (i = 0; i < 4; i++) + b[i] = * (const unsigned short *) &u.x[i]; + +# if (LZO_BYTE_ORDER == LZO_LITTLE_ENDIAN) + r &= __lzo_assert(b[0] == 0x0100); + r &= __lzo_assert(b[1] == 0x0201); + r &= __lzo_assert(b[2] == 0x0302); + r &= __lzo_assert(b[3] == 0x0403); +# elif (LZO_BYTE_ORDER == LZO_BIG_ENDIAN) + r &= __lzo_assert(b[0] == 0x0001); + r &= __lzo_assert(b[1] == 0x0102); + r &= __lzo_assert(b[2] == 0x0203); + r &= __lzo_assert(b[3] == 0x0304); +# endif + } +#endif + +#if defined(LZO_UNALIGNED_OK_4) + r &= __lzo_assert(sizeof(lzo_uint32) == 4); + if (r == 1) + { + lzo_uint32 a[4]; + + for (i = 0; i < 4; i++) + a[i] = * (const lzo_uint32 *) &u.x[i]; + +# if (LZO_BYTE_ORDER == LZO_LITTLE_ENDIAN) + r &= __lzo_assert(a[0] == 0x03020100L); + r &= __lzo_assert(a[1] == 0x04030201L); + r &= __lzo_assert(a[2] == 0x05040302L); + r &= __lzo_assert(a[3] == 0x06050403L); +# elif (LZO_BYTE_ORDER == LZO_BIG_ENDIAN) + r &= __lzo_assert(a[0] == 0x00010203L); + r &= __lzo_assert(a[1] == 0x01020304L); + r &= __lzo_assert(a[2] == 0x02030405L); + r &= __lzo_assert(a[3] == 0x03040506L); +# endif + } +#endif + +#if defined(LZO_ALIGNED_OK_4) + r &= __lzo_assert(sizeof(lzo_uint32) == 4); +#endif + + r &= __lzo_assert(lzo_sizeof_dict_t == sizeof(lzo_dict_t)); + +#if defined(__LZO_IN_MINLZO) + if (r == 1) + { + lzo_uint32 adler; + adler = lzo_adler32(0, NULL, 0); + adler = lzo_adler32(adler, lzo_copyright(), 200); + r &= __lzo_assert(adler == 0x7ea34377L); + } +#endif + + if (r == 1) + { + r &= __lzo_assert(!schedule_insns_bug()); + } + + if (r == 1) + { + static int x[3]; + static unsigned xn = 3; + register unsigned j; + + for (j = 0; j < xn; j++) + x[j] = (int)j - 3; + r &= __lzo_assert(!strength_reduce_bug(x)); + } + + if (r == 1) + { + r &= ptr_check(); + } + + return r == 1 ? LZO_E_OK : LZO_E_ERROR; +} + +static lzo_bool schedule_insns_bug(void) +{ +#if defined(__BOUNDS_CHECKING_ON) || defined(__CHECKER__) + return 0; +#else + const int clone[] = {1, 2, 0}; + const int *q; + q = clone; + return (*q) ? 0 : 1; +#endif +} + +static lzo_bool strength_reduce_bug(int *x) +{ + return x[0] != -3 || x[1] != -2 || x[2] != -1; +} + +int __lzo_init_done = 0; + +LZO_PUBLIC(int) +__lzo_init2(unsigned v, int s1, int s2, int s3, int s4, int s5, + int s6, int s7, int s8, int s9) +{ + int r; + + __lzo_init_done = 1; + + if (v == 0) + return LZO_E_ERROR; + + r = (s1 == -1 || s1 == (int) sizeof(short)) && + (s2 == -1 || s2 == (int) sizeof(int)) && + (s3 == -1 || s3 == (int) sizeof(long)) && + (s4 == -1 || s4 == (int) sizeof(lzo_uint32)) && + (s5 == -1 || s5 == (int) sizeof(lzo_uint)) && + (s6 == -1 || s6 == (int) lzo_sizeof_dict_t) && + (s7 == -1 || s7 == (int) sizeof(char *)) && + (s8 == -1 || s8 == (int) sizeof(lzo_voidp)) && + (s9 == -1 || s9 == (int) sizeof(lzo_compress_t)); + if (!r) + return LZO_E_ERROR; + + r = _lzo_config_check(); + if (r != LZO_E_OK) + return r; + + return r; +} + +#if !defined(__LZO_IN_MINILZO) + +LZO_EXTERN(int) +__lzo_init(unsigned v,int s1,int s2,int s3,int s4,int s5,int s6,int s7); + +LZO_PUBLIC(int) +__lzo_init(unsigned v,int s1,int s2,int s3,int s4,int s5,int s6,int s7) +{ + if (v == 0 || v > 0x1010) + return LZO_E_ERROR; + return __lzo_init2(v,s1,s2,s3,s4,s5,-1,-1,s6,s7); +} + +#endif + +#define do_compress _lzo1x_1_do_compress + +#define LZO_NEED_DICT_H +#define D_BITS 14 +#define D_INDEX1(d,p) d = DM((0x21*DX3(p,5,5,6)) >> 5) +#define D_INDEX2(d,p) d = (d & (D_MASK & 0x7ff)) ^ (D_HIGH | 0x1f) + +#ifndef __LZO_CONFIG1X_H +#define __LZO_CONFIG1X_H + +#if !defined(LZO1X) && !defined(LZO1Y) && !defined(LZO1Z) +# define LZO1X +#endif + +#if !defined(__LZO_IN_MINILZO) +#include +#endif + +#define LZO_EOF_CODE +#undef LZO_DETERMINISTIC + +#define M1_MAX_OFFSET 0x0400 +#ifndef M2_MAX_OFFSET +#define M2_MAX_OFFSET 0x0800 +#endif +#define M3_MAX_OFFSET 0x4000 +#define M4_MAX_OFFSET 0xbfff + +#define MX_MAX_OFFSET (M1_MAX_OFFSET + M2_MAX_OFFSET) + +#define M1_MIN_LEN 2 +#define M1_MAX_LEN 2 +#define M2_MIN_LEN 3 +#ifndef M2_MAX_LEN +#define M2_MAX_LEN 8 +#endif +#define M3_MIN_LEN 3 +#define M3_MAX_LEN 33 +#define M4_MIN_LEN 3 +#define M4_MAX_LEN 9 + +#define M1_MARKER 0 +#define M2_MARKER 64 +#define M3_MARKER 32 +#define M4_MARKER 16 + +#ifndef MIN_LOOKAHEAD +#define MIN_LOOKAHEAD (M2_MAX_LEN + 1) +#endif + +#if defined(LZO_NEED_DICT_H) + +#ifndef LZO_HASH +#define LZO_HASH LZO_HASH_LZO_INCREMENTAL_B +#endif +#define DL_MIN_LEN M2_MIN_LEN + +#ifndef __LZO_DICT_H +#define __LZO_DICT_H + +#ifdef __cplusplus +extern "C" { +#endif + +#if !defined(D_BITS) && defined(DBITS) +# define D_BITS DBITS +#endif +#if !defined(D_BITS) +# error D_BITS is not defined +#endif +#if (D_BITS < 16) +# define D_SIZE LZO_SIZE(D_BITS) +# define D_MASK LZO_MASK(D_BITS) +#else +# define D_SIZE LZO_USIZE(D_BITS) +# define D_MASK LZO_UMASK(D_BITS) +#endif +#define D_HIGH ((D_MASK >> 1) + 1) + +#if !defined(DD_BITS) +# define DD_BITS 0 +#endif +#define DD_SIZE LZO_SIZE(DD_BITS) +#define DD_MASK LZO_MASK(DD_BITS) + +#if !defined(DL_BITS) +# define DL_BITS (D_BITS - DD_BITS) +#endif +#if (DL_BITS < 16) +# define DL_SIZE LZO_SIZE(DL_BITS) +# define DL_MASK LZO_MASK(DL_BITS) +#else +# define DL_SIZE LZO_USIZE(DL_BITS) +# define DL_MASK LZO_UMASK(DL_BITS) +#endif + +#if (D_BITS != DL_BITS + DD_BITS) +# error D_BITS does not match +#endif +#if (D_BITS < 8 || D_BITS > 18) +# error invalid D_BITS +#endif +#if (DL_BITS < 8 || DL_BITS > 20) +# error invalid DL_BITS +#endif +#if (DD_BITS < 0 || DD_BITS > 6) +# error invalid DD_BITS +#endif + +#if !defined(DL_MIN_LEN) +# define DL_MIN_LEN 3 +#endif +#if !defined(DL_SHIFT) +# define DL_SHIFT ((DL_BITS + (DL_MIN_LEN - 1)) / DL_MIN_LEN) +#endif + +#define LZO_HASH_GZIP 1 +#define LZO_HASH_GZIP_INCREMENTAL 2 +#define LZO_HASH_LZO_INCREMENTAL_A 3 +#define LZO_HASH_LZO_INCREMENTAL_B 4 + +#if !defined(LZO_HASH) +# error choose a hashing strategy +#endif + +#if (DL_MIN_LEN == 3) +# define _DV2_A(p,shift1,shift2) \ + (((( (lzo_uint32)((p)[0]) << shift1) ^ (p)[1]) << shift2) ^ (p)[2]) +# define _DV2_B(p,shift1,shift2) \ + (((( (lzo_uint32)((p)[2]) << shift1) ^ (p)[1]) << shift2) ^ (p)[0]) +# define _DV3_B(p,shift1,shift2,shift3) \ + ((_DV2_B((p)+1,shift1,shift2) << (shift3)) ^ (p)[0]) +#elif (DL_MIN_LEN == 2) +# define _DV2_A(p,shift1,shift2) \ + (( (lzo_uint32)(p[0]) << shift1) ^ p[1]) +# define _DV2_B(p,shift1,shift2) \ + (( (lzo_uint32)(p[1]) << shift1) ^ p[2]) +#else +# error invalid DL_MIN_LEN +#endif +#define _DV_A(p,shift) _DV2_A(p,shift,shift) +#define _DV_B(p,shift) _DV2_B(p,shift,shift) +#define DA2(p,s1,s2) \ + (((((lzo_uint32)((p)[2]) << (s2)) + (p)[1]) << (s1)) + (p)[0]) +#define DS2(p,s1,s2) \ + (((((lzo_uint32)((p)[2]) << (s2)) - (p)[1]) << (s1)) - (p)[0]) +#define DX2(p,s1,s2) \ + (((((lzo_uint32)((p)[2]) << (s2)) ^ (p)[1]) << (s1)) ^ (p)[0]) +#define DA3(p,s1,s2,s3) ((DA2((p)+1,s2,s3) << (s1)) + (p)[0]) +#define DS3(p,s1,s2,s3) ((DS2((p)+1,s2,s3) << (s1)) - (p)[0]) +#define DX3(p,s1,s2,s3) ((DX2((p)+1,s2,s3) << (s1)) ^ (p)[0]) +#define DMS(v,s) ((lzo_uint) (((v) & (D_MASK >> (s))) << (s))) +#define DM(v) DMS(v,0) + +#if (LZO_HASH == LZO_HASH_GZIP) +# define _DINDEX(dv,p) (_DV_A((p),DL_SHIFT)) + +#elif (LZO_HASH == LZO_HASH_GZIP_INCREMENTAL) +# define __LZO_HASH_INCREMENTAL +# define DVAL_FIRST(dv,p) dv = _DV_A((p),DL_SHIFT) +# define DVAL_NEXT(dv,p) dv = (((dv) << DL_SHIFT) ^ p[2]) +# define _DINDEX(dv,p) (dv) +# define DVAL_LOOKAHEAD DL_MIN_LEN + +#elif (LZO_HASH == LZO_HASH_LZO_INCREMENTAL_A) +# define __LZO_HASH_INCREMENTAL +# define DVAL_FIRST(dv,p) dv = _DV_A((p),5) +# define DVAL_NEXT(dv,p) \ + dv ^= (lzo_uint32)(p[-1]) << (2*5); dv = (((dv) << 5) ^ p[2]) +# define _DINDEX(dv,p) ((0x9f5f * (dv)) >> 5) +# define DVAL_LOOKAHEAD DL_MIN_LEN + +#elif (LZO_HASH == LZO_HASH_LZO_INCREMENTAL_B) +# define __LZO_HASH_INCREMENTAL +# define DVAL_FIRST(dv,p) dv = _DV_B((p),5) +# define DVAL_NEXT(dv,p) \ + dv ^= p[-1]; dv = (((dv) >> 5) ^ ((lzo_uint32)(p[2]) << (2*5))) +# define _DINDEX(dv,p) ((0x9f5f * (dv)) >> 5) +# define DVAL_LOOKAHEAD DL_MIN_LEN + +#else +# error choose a hashing strategy +#endif + +#ifndef DINDEX +#define DINDEX(dv,p) ((lzo_uint)((_DINDEX(dv,p)) & DL_MASK) << DD_BITS) +#endif +#if !defined(DINDEX1) && defined(D_INDEX1) +#define DINDEX1 D_INDEX1 +#endif +#if !defined(DINDEX2) && defined(D_INDEX2) +#define DINDEX2 D_INDEX2 +#endif + +#if !defined(__LZO_HASH_INCREMENTAL) +# define DVAL_FIRST(dv,p) ((void) 0) +# define DVAL_NEXT(dv,p) ((void) 0) +# define DVAL_LOOKAHEAD 0 +#endif + +#if !defined(DVAL_ASSERT) +#if defined(__LZO_HASH_INCREMENTAL) && !defined(NDEBUG) +static void DVAL_ASSERT(lzo_uint32 dv, const lzo_byte *p) +{ + lzo_uint32 df; + DVAL_FIRST(df,(p)); + assert(DINDEX(dv,p) == DINDEX(df,p)); +} +#else +# define DVAL_ASSERT(dv,p) ((void) 0) +#endif +#endif + +#if defined(LZO_DICT_USE_PTR) +# define DENTRY(p,in) (p) +# define GINDEX(m_pos,m_off,dict,dindex,in) m_pos = dict[dindex] +#else +# define DENTRY(p,in) ((lzo_uint) ((p)-(in))) +# define GINDEX(m_pos,m_off,dict,dindex,in) m_off = dict[dindex] +#endif + +#if (DD_BITS == 0) + +# define UPDATE_D(dict,drun,dv,p,in) dict[ DINDEX(dv,p) ] = DENTRY(p,in) +# define UPDATE_I(dict,drun,index,p,in) dict[index] = DENTRY(p,in) +# define UPDATE_P(ptr,drun,p,in) (ptr)[0] = DENTRY(p,in) + +#else + +# define UPDATE_D(dict,drun,dv,p,in) \ + dict[ DINDEX(dv,p) + drun++ ] = DENTRY(p,in); drun &= DD_MASK +# define UPDATE_I(dict,drun,index,p,in) \ + dict[ (index) + drun++ ] = DENTRY(p,in); drun &= DD_MASK +# define UPDATE_P(ptr,drun,p,in) \ + (ptr) [ drun++ ] = DENTRY(p,in); drun &= DD_MASK + +#endif + +#if defined(LZO_DICT_USE_PTR) + +#define LZO_CHECK_MPOS_DET(m_pos,m_off,in,ip,max_offset) \ + (m_pos == NULL || (m_off = (lzo_moff_t) (ip - m_pos)) > max_offset) + +#define LZO_CHECK_MPOS_NON_DET(m_pos,m_off,in,ip,max_offset) \ + (BOUNDS_CHECKING_OFF_IN_EXPR( \ + (PTR_LT(m_pos,in) || \ + (m_off = (lzo_moff_t) PTR_DIFF(ip,m_pos)) <= 0 || \ + m_off > max_offset) )) + +#else + +#define LZO_CHECK_MPOS_DET(m_pos,m_off,in,ip,max_offset) \ + (m_off == 0 || \ + ((m_off = (lzo_moff_t) ((ip)-(in)) - m_off) > max_offset) || \ + (m_pos = (ip) - (m_off), 0) ) + +#define LZO_CHECK_MPOS_NON_DET(m_pos,m_off,in,ip,max_offset) \ + ((lzo_moff_t) ((ip)-(in)) <= m_off || \ + ((m_off = (lzo_moff_t) ((ip)-(in)) - m_off) > max_offset) || \ + (m_pos = (ip) - (m_off), 0) ) + +#endif + +#if defined(LZO_DETERMINISTIC) +# define LZO_CHECK_MPOS LZO_CHECK_MPOS_DET +#else +# define LZO_CHECK_MPOS LZO_CHECK_MPOS_NON_DET +#endif + +#ifdef __cplusplus +} +#endif + +#endif + +#endif + +#endif + +#define DO_COMPRESS lzo1x_1_compress + +static +lzo_uint do_compress ( const lzo_byte *in , lzo_uint in_len, + lzo_byte *out, lzo_uint *out_len, + lzo_voidp wrkmem ) +{ +#if 0 && defined(__GNUC__) && defined(__i386__) + register const lzo_byte *ip __asm__("%esi"); +#else + register const lzo_byte *ip; +#endif + lzo_byte *op; + const lzo_byte * const in_end = in + in_len; + const lzo_byte * const ip_end = in + in_len - M2_MAX_LEN - 5; + const lzo_byte *ii; + lzo_dict_p const dict = (lzo_dict_p) wrkmem; + + op = out; + ip = in; + ii = ip; + + ip += 4; + for (;;) + { +#if 0 && defined(__GNUC__) && defined(__i386__) + register const lzo_byte *m_pos __asm__("%edi"); +#else + register const lzo_byte *m_pos; +#endif + lzo_moff_t m_off; + lzo_uint m_len; + lzo_uint dindex; + + DINDEX1(dindex,ip); + GINDEX(m_pos,m_off,dict,dindex,in); + if (LZO_CHECK_MPOS_NON_DET(m_pos,m_off,in,ip,M4_MAX_OFFSET)) + goto literal; +#if 1 + if (m_off <= M2_MAX_OFFSET || m_pos[3] == ip[3]) + goto try_match; + DINDEX2(dindex,ip); +#endif + GINDEX(m_pos,m_off,dict,dindex,in); + if (LZO_CHECK_MPOS_NON_DET(m_pos,m_off,in,ip,M4_MAX_OFFSET)) + goto literal; + if (m_off <= M2_MAX_OFFSET || m_pos[3] == ip[3]) + goto try_match; + goto literal; + +try_match: +#if 1 && defined(LZO_UNALIGNED_OK_2) + if (* (const lzo_ushortp) m_pos != * (const lzo_ushortp) ip) +#else + if (m_pos[0] != ip[0] || m_pos[1] != ip[1]) +#endif + { + } + else + { + if (m_pos[2] == ip[2]) + { +#if 0 + if (m_off <= M2_MAX_OFFSET) + goto match; + if (lit <= 3) + goto match; + if (lit == 3) + { + assert(op - 2 > out); op[-2] |= LZO_BYTE(3); + *op++ = *ii++; *op++ = *ii++; *op++ = *ii++; + goto code_match; + } + if (m_pos[3] == ip[3]) +#endif + goto match; + } + else + { +#if 0 +#if 0 + if (m_off <= M1_MAX_OFFSET && lit > 0 && lit <= 3) +#else + if (m_off <= M1_MAX_OFFSET && lit == 3) +#endif + { + register lzo_uint t; + + t = lit; + assert(op - 2 > out); op[-2] |= LZO_BYTE(t); + do *op++ = *ii++; while (--t > 0); + assert(ii == ip); + m_off -= 1; + *op++ = LZO_BYTE(M1_MARKER | ((m_off & 3) << 2)); + *op++ = LZO_BYTE(m_off >> 2); + ip += 2; + goto match_done; + } +#endif + } + } + +literal: + UPDATE_I(dict,0,dindex,ip,in); + ++ip; + if (ip >= ip_end) + break; + continue; + +match: + UPDATE_I(dict,0,dindex,ip,in); + if (ip - ii > 0) + { + register lzo_uint t = ip - ii; + + if (t <= 3) + { + assert(op - 2 > out); + op[-2] |= LZO_BYTE(t); + } + else if (t <= 18) + *op++ = LZO_BYTE(t - 3); + else + { + register lzo_uint tt = t - 18; + + *op++ = 0; + while (tt > 255) + { + tt -= 255; + *op++ = 0; + } + assert(tt > 0); + *op++ = LZO_BYTE(tt); + } + do *op++ = *ii++; while (--t > 0); + } + + assert(ii == ip); + ip += 3; + if (m_pos[3] != *ip++ || m_pos[4] != *ip++ || m_pos[5] != *ip++ || + m_pos[6] != *ip++ || m_pos[7] != *ip++ || m_pos[8] != *ip++ +#ifdef LZO1Y + || m_pos[ 9] != *ip++ || m_pos[10] != *ip++ || m_pos[11] != *ip++ + || m_pos[12] != *ip++ || m_pos[13] != *ip++ || m_pos[14] != *ip++ +#endif + ) + { + --ip; + m_len = ip - ii; + assert(m_len >= 3); assert(m_len <= M2_MAX_LEN); + + if (m_off <= M2_MAX_OFFSET) + { + m_off -= 1; +#if defined(LZO1X) + *op++ = LZO_BYTE(((m_len - 1) << 5) | ((m_off & 7) << 2)); + *op++ = LZO_BYTE(m_off >> 3); +#elif defined(LZO1Y) + *op++ = LZO_BYTE(((m_len + 1) << 4) | ((m_off & 3) << 2)); + *op++ = LZO_BYTE(m_off >> 2); +#endif + } + else if (m_off <= M3_MAX_OFFSET) + { + m_off -= 1; + *op++ = LZO_BYTE(M3_MARKER | (m_len - 2)); + goto m3_m4_offset; + } + else +#if defined(LZO1X) + { + m_off -= 0x4000; + assert(m_off > 0); assert(m_off <= 0x7fff); + *op++ = LZO_BYTE(M4_MARKER | + ((m_off & 0x4000) >> 11) | (m_len - 2)); + goto m3_m4_offset; + } +#elif defined(LZO1Y) + goto m4_match; +#endif + } + else + { + { + const lzo_byte *end = in_end; + const lzo_byte *m = m_pos + M2_MAX_LEN + 1; + while (ip < end && *m == *ip) + m++, ip++; + m_len = (ip - ii); + } + assert(m_len > M2_MAX_LEN); + + if (m_off <= M3_MAX_OFFSET) + { + m_off -= 1; + if (m_len <= 33) + *op++ = LZO_BYTE(M3_MARKER | (m_len - 2)); + else + { + m_len -= 33; + *op++ = M3_MARKER | 0; + goto m3_m4_len; + } + } + else + { +#if defined(LZO1Y) +m4_match: +#endif + m_off -= 0x4000; + assert(m_off > 0); assert(m_off <= 0x7fff); + if (m_len <= M4_MAX_LEN) + *op++ = LZO_BYTE(M4_MARKER | + ((m_off & 0x4000) >> 11) | (m_len - 2)); + else + { + m_len -= M4_MAX_LEN; + *op++ = LZO_BYTE(M4_MARKER | ((m_off & 0x4000) >> 11)); +m3_m4_len: + while (m_len > 255) + { + m_len -= 255; + *op++ = 0; + } + assert(m_len > 0); + *op++ = LZO_BYTE(m_len); + } + } + +m3_m4_offset: + *op++ = LZO_BYTE((m_off & 63) << 2); + *op++ = LZO_BYTE(m_off >> 6); + } + +#if 0 +match_done: +#endif + ii = ip; + if (ip >= ip_end) + break; + } + + *out_len = op - out; + return (lzo_uint) (in_end - ii); +} + +LZO_PUBLIC(int) +DO_COMPRESS ( const lzo_byte *in , lzo_uint in_len, + lzo_byte *out, lzo_uint *out_len, + lzo_voidp wrkmem ) +{ + lzo_byte *op = out; + lzo_uint t; + +#if defined(__LZO_QUERY_COMPRESS) + if (__LZO_IS_COMPRESS_QUERY(in,in_len,out,out_len,wrkmem)) + return __LZO_QUERY_COMPRESS(in,in_len,out,out_len,wrkmem,D_SIZE,lzo_sizeof(lzo_dict_t)); +#endif + + if (in_len <= M2_MAX_LEN + 5) + t = in_len; + else + { + t = do_compress(in,in_len,op,out_len,wrkmem); + op += *out_len; + } + + if (t > 0) + { + const lzo_byte *ii = in + in_len - t; + + if (op == out && t <= 238) + *op++ = LZO_BYTE(17 + t); + else if (t <= 3) + op[-2] |= LZO_BYTE(t); + else if (t <= 18) + *op++ = LZO_BYTE(t - 3); + else + { + lzo_uint tt = t - 18; + + *op++ = 0; + while (tt > 255) + { + tt -= 255; + *op++ = 0; + } + assert(tt > 0); + *op++ = LZO_BYTE(tt); + } + do *op++ = *ii++; while (--t > 0); + } + + *op++ = M4_MARKER | 1; + *op++ = 0; + *op++ = 0; + + *out_len = op - out; + return LZO_E_OK; +} + +#undef do_compress +#undef DO_COMPRESS +#undef LZO_HASH + +#undef LZO_TEST_DECOMPRESS_OVERRUN +#undef LZO_TEST_DECOMPRESS_OVERRUN_INPUT +#undef LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT +#undef LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND +#undef DO_DECOMPRESS +#define DO_DECOMPRESS lzo1x_decompress + +#if defined(LZO_TEST_DECOMPRESS_OVERRUN) +# if !defined(LZO_TEST_DECOMPRESS_OVERRUN_INPUT) +# define LZO_TEST_DECOMPRESS_OVERRUN_INPUT 2 +# endif +# if !defined(LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT) +# define LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT 2 +# endif +# if !defined(LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND) +# define LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND +# endif +#endif + +#undef TEST_IP +#undef TEST_OP +#undef TEST_LOOKBEHIND +#undef NEED_IP +#undef NEED_OP +#undef HAVE_TEST_IP +#undef HAVE_TEST_OP +#undef HAVE_NEED_IP +#undef HAVE_NEED_OP +#undef HAVE_ANY_IP +#undef HAVE_ANY_OP + +#if defined(LZO_TEST_DECOMPRESS_OVERRUN_INPUT) +# if (LZO_TEST_DECOMPRESS_OVERRUN_INPUT >= 1) +# define TEST_IP (ip < ip_end) +# endif +# if (LZO_TEST_DECOMPRESS_OVERRUN_INPUT >= 2) +# define NEED_IP(x) \ + if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun +# endif +#endif + +#if defined(LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT) +# if (LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT >= 1) +# define TEST_OP (op <= op_end) +# endif +# if (LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT >= 2) +# undef TEST_OP +# define NEED_OP(x) \ + if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun +# endif +#endif + +#if defined(LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND) +# define TEST_LOOKBEHIND(m_pos,out) if (m_pos < out) goto lookbehind_overrun +#else +# define TEST_LOOKBEHIND(m_pos,op) ((void) 0) +#endif + +#if !defined(LZO_EOF_CODE) && !defined(TEST_IP) +# define TEST_IP (ip < ip_end) +#endif + +#if defined(TEST_IP) +# define HAVE_TEST_IP +#else +# define TEST_IP 1 +#endif +#if defined(TEST_OP) +# define HAVE_TEST_OP +#else +# define TEST_OP 1 +#endif + +#if defined(NEED_IP) +# define HAVE_NEED_IP +#else +# define NEED_IP(x) ((void) 0) +#endif +#if defined(NEED_OP) +# define HAVE_NEED_OP +#else +# define NEED_OP(x) ((void) 0) +#endif + +#if defined(HAVE_TEST_IP) || defined(HAVE_NEED_IP) +# define HAVE_ANY_IP +#endif +#if defined(HAVE_TEST_OP) || defined(HAVE_NEED_OP) +# define HAVE_ANY_OP +#endif + +#if defined(DO_DECOMPRESS) +LZO_PUBLIC(int) +DO_DECOMPRESS ( const lzo_byte *in , lzo_uint in_len, + lzo_byte *out, lzo_uint *out_len, + lzo_voidp wrkmem ) +#endif +{ + register lzo_byte *op; + register const lzo_byte *ip; + register lzo_uint t; +#if defined(COPY_DICT) + lzo_uint m_off; + const lzo_byte *dict_end; +#else + register const lzo_byte *m_pos; +#endif + + const lzo_byte * const ip_end = in + in_len; +#if defined(HAVE_ANY_OP) + lzo_byte * const op_end = out + *out_len; +#endif +#if defined(LZO1Z) + lzo_uint last_m_off = 0; +#endif + + LZO_UNUSED(wrkmem); + +#if defined(__LZO_QUERY_DECOMPRESS) + if (__LZO_IS_DECOMPRESS_QUERY(in,in_len,out,out_len,wrkmem)) + return __LZO_QUERY_DECOMPRESS(in,in_len,out,out_len,wrkmem,0,0); +#endif + +#if defined(COPY_DICT) + if (dict) + { + if (dict_len > M4_MAX_OFFSET) + { + dict += dict_len - M4_MAX_OFFSET; + dict_len = M4_MAX_OFFSET; + } + dict_end = dict + dict_len; + } + else + { + dict_len = 0; + dict_end = NULL; + } +#endif + + *out_len = 0; + + op = out; + ip = in; + + if (*ip > 17) + { + t = *ip++ - 17; + if (t < 4) + goto match_next; + assert(t > 0); NEED_OP(t); NEED_IP(t+1); + do *op++ = *ip++; while (--t > 0); + goto first_literal_run; + } + + while (TEST_IP && TEST_OP) + { + t = *ip++; + if (t >= 16) + goto match; + if (t == 0) + { + NEED_IP(1); + while (*ip == 0) + { + t += 255; + ip++; + NEED_IP(1); + } + t += 15 + *ip++; + } + assert(t > 0); NEED_OP(t+3); NEED_IP(t+4); +#if defined(LZO_UNALIGNED_OK_4) || defined(LZO_ALIGNED_OK_4) +#if !defined(LZO_UNALIGNED_OK_4) + if (PTR_ALIGNED2_4(op,ip)) + { +#endif + * (lzo_uint32p) op = * (const lzo_uint32p) ip; + op += 4; ip += 4; + if (--t > 0) + { + if (t >= 4) + { + do { + * (lzo_uint32p) op = * (const lzo_uint32p) ip; + op += 4; ip += 4; t -= 4; + } while (t >= 4); + if (t > 0) do *op++ = *ip++; while (--t > 0); + } + else + do *op++ = *ip++; while (--t > 0); + } +#if !defined(LZO_UNALIGNED_OK_4) + } + else +#endif +#endif +#if !defined(LZO_UNALIGNED_OK_4) + { + *op++ = *ip++; *op++ = *ip++; *op++ = *ip++; + do *op++ = *ip++; while (--t > 0); + } +#endif + +first_literal_run: + + t = *ip++; + if (t >= 16) + goto match; +#if defined(COPY_DICT) +#if defined(LZO1Z) + m_off = (1 + M2_MAX_OFFSET) + (t << 6) + (*ip++ >> 2); + last_m_off = m_off; +#else + m_off = (1 + M2_MAX_OFFSET) + (t >> 2) + (*ip++ << 2); +#endif + NEED_OP(3); + t = 3; COPY_DICT(t,m_off) +#else +#if defined(LZO1Z) + t = (1 + M2_MAX_OFFSET) + (t << 6) + (*ip++ >> 2); + m_pos = op - t; + last_m_off = t; +#else + m_pos = op - (1 + M2_MAX_OFFSET); + m_pos -= t >> 2; + m_pos -= *ip++ << 2; +#endif + TEST_LOOKBEHIND(m_pos,out); NEED_OP(3); + *op++ = *m_pos++; *op++ = *m_pos++; *op++ = *m_pos; +#endif + goto match_done; + + while (TEST_IP && TEST_OP) + { +match: + if (t >= 64) + { +#if defined(COPY_DICT) +#if defined(LZO1X) + m_off = 1 + ((t >> 2) & 7) + (*ip++ << 3); + t = (t >> 5) - 1; +#elif defined(LZO1Y) + m_off = 1 + ((t >> 2) & 3) + (*ip++ << 2); + t = (t >> 4) - 3; +#elif defined(LZO1Z) + m_off = t & 0x1f; + if (m_off >= 0x1c) + m_off = last_m_off; + else + { + m_off = 1 + (m_off << 6) + (*ip++ >> 2); + last_m_off = m_off; + } + t = (t >> 5) - 1; +#endif +#else +#if defined(LZO1X) + m_pos = op - 1; + m_pos -= (t >> 2) & 7; + m_pos -= *ip++ << 3; + t = (t >> 5) - 1; +#elif defined(LZO1Y) + m_pos = op - 1; + m_pos -= (t >> 2) & 3; + m_pos -= *ip++ << 2; + t = (t >> 4) - 3; +#elif defined(LZO1Z) + { + lzo_uint off = t & 0x1f; + m_pos = op; + if (off >= 0x1c) + { + assert(last_m_off > 0); + m_pos -= last_m_off; + } + else + { + off = 1 + (off << 6) + (*ip++ >> 2); + m_pos -= off; + last_m_off = off; + } + } + t = (t >> 5) - 1; +#endif + TEST_LOOKBEHIND(m_pos,out); assert(t > 0); NEED_OP(t+3-1); + goto copy_match; +#endif + } + else if (t >= 32) + { + t &= 31; + if (t == 0) + { + NEED_IP(1); + while (*ip == 0) + { + t += 255; + ip++; + NEED_IP(1); + } + t += 31 + *ip++; + } +#if defined(COPY_DICT) +#if defined(LZO1Z) + m_off = 1 + (ip[0] << 6) + (ip[1] >> 2); + last_m_off = m_off; +#else + m_off = 1 + (ip[0] >> 2) + (ip[1] << 6); +#endif +#else +#if defined(LZO1Z) + { + lzo_uint off = 1 + (ip[0] << 6) + (ip[1] >> 2); + m_pos = op - off; + last_m_off = off; + } +#elif defined(LZO_UNALIGNED_OK_2) && (LZO_BYTE_ORDER == LZO_LITTLE_ENDIAN) + m_pos = op - 1; + m_pos -= (* (const lzo_ushortp) ip) >> 2; +#else + m_pos = op - 1; + m_pos -= (ip[0] >> 2) + (ip[1] << 6); +#endif +#endif + ip += 2; + } + else if (t >= 16) + { +#if defined(COPY_DICT) + m_off = (t & 8) << 11; +#else + m_pos = op; + m_pos -= (t & 8) << 11; +#endif + t &= 7; + if (t == 0) + { + NEED_IP(1); + while (*ip == 0) + { + t += 255; + ip++; + NEED_IP(1); + } + t += 7 + *ip++; + } +#if defined(COPY_DICT) +#if defined(LZO1Z) + m_off += (ip[0] << 6) + (ip[1] >> 2); +#else + m_off += (ip[0] >> 2) + (ip[1] << 6); +#endif + ip += 2; + if (m_off == 0) + goto eof_found; + m_off += 0x4000; +#if defined(LZO1Z) + last_m_off = m_off; +#endif +#else +#if defined(LZO1Z) + m_pos -= (ip[0] << 6) + (ip[1] >> 2); +#elif defined(LZO_UNALIGNED_OK_2) && (LZO_BYTE_ORDER == LZO_LITTLE_ENDIAN) + m_pos -= (* (const lzo_ushortp) ip) >> 2; +#else + m_pos -= (ip[0] >> 2) + (ip[1] << 6); +#endif + ip += 2; + if (m_pos == op) + goto eof_found; + m_pos -= 0x4000; +#if defined(LZO1Z) + last_m_off = op - m_pos; +#endif +#endif + } + else + { +#if defined(COPY_DICT) +#if defined(LZO1Z) + m_off = 1 + (t << 6) + (*ip++ >> 2); + last_m_off = m_off; +#else + m_off = 1 + (t >> 2) + (*ip++ << 2); +#endif + NEED_OP(2); + t = 2; COPY_DICT(t,m_off) +#else +#if defined(LZO1Z) + t = 1 + (t << 6) + (*ip++ >> 2); + m_pos = op - t; + last_m_off = t; +#else + m_pos = op - 1; + m_pos -= t >> 2; + m_pos -= *ip++ << 2; +#endif + TEST_LOOKBEHIND(m_pos,out); NEED_OP(2); + *op++ = *m_pos++; *op++ = *m_pos; +#endif + goto match_done; + } + +#if defined(COPY_DICT) + + NEED_OP(t+3-1); + t += 3-1; COPY_DICT(t,m_off) + +#else + + TEST_LOOKBEHIND(m_pos,out); assert(t > 0); NEED_OP(t+3-1); +#if defined(LZO_UNALIGNED_OK_4) || defined(LZO_ALIGNED_OK_4) +#if !defined(LZO_UNALIGNED_OK_4) + if (t >= 2 * 4 - (3 - 1) && PTR_ALIGNED2_4(op,m_pos)) + { + assert((op - m_pos) >= 4); +#else + if (t >= 2 * 4 - (3 - 1) && (op - m_pos) >= 4) + { +#endif + * (lzo_uint32p) op = * (const lzo_uint32p) m_pos; + op += 4; m_pos += 4; t -= 4 - (3 - 1); + do { + * (lzo_uint32p) op = * (const lzo_uint32p) m_pos; + op += 4; m_pos += 4; t -= 4; + } while (t >= 4); + if (t > 0) do *op++ = *m_pos++; while (--t > 0); + } + else +#endif + { +copy_match: + *op++ = *m_pos++; *op++ = *m_pos++; + do *op++ = *m_pos++; while (--t > 0); + } + +#endif + +match_done: +#if defined(LZO1Z) + t = ip[-1] & 3; +#else + t = ip[-2] & 3; +#endif + if (t == 0) + break; + +match_next: + assert(t > 0); NEED_OP(t); NEED_IP(t+1); + do *op++ = *ip++; while (--t > 0); + t = *ip++; + } + } + +#if defined(HAVE_TEST_IP) || defined(HAVE_TEST_OP) + *out_len = op - out; + return LZO_E_EOF_NOT_FOUND; +#endif + +eof_found: + assert(t == 1); + *out_len = op - out; + return (ip == ip_end ? LZO_E_OK : + (ip < ip_end ? LZO_E_INPUT_NOT_CONSUMED : LZO_E_INPUT_OVERRUN)); + +#if defined(HAVE_NEED_IP) +input_overrun: + *out_len = op - out; + return LZO_E_INPUT_OVERRUN; +#endif + +#if defined(HAVE_NEED_OP) +output_overrun: + *out_len = op - out; + return LZO_E_OUTPUT_OVERRUN; +#endif + +#if defined(LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND) +lookbehind_overrun: + *out_len = op - out; + return LZO_E_LOOKBEHIND_OVERRUN; +#endif +} + +#define LZO_TEST_DECOMPRESS_OVERRUN +#undef DO_DECOMPRESS +#define DO_DECOMPRESS lzo1x_decompress_safe + +#if defined(LZO_TEST_DECOMPRESS_OVERRUN) +# if !defined(LZO_TEST_DECOMPRESS_OVERRUN_INPUT) +# define LZO_TEST_DECOMPRESS_OVERRUN_INPUT 2 +# endif +# if !defined(LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT) +# define LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT 2 +# endif +# if !defined(LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND) +# define LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND +# endif +#endif + +#undef TEST_IP +#undef TEST_OP +#undef TEST_LOOKBEHIND +#undef NEED_IP +#undef NEED_OP +#undef HAVE_TEST_IP +#undef HAVE_TEST_OP +#undef HAVE_NEED_IP +#undef HAVE_NEED_OP +#undef HAVE_ANY_IP +#undef HAVE_ANY_OP + +#if defined(LZO_TEST_DECOMPRESS_OVERRUN_INPUT) +# if (LZO_TEST_DECOMPRESS_OVERRUN_INPUT >= 1) +# define TEST_IP (ip < ip_end) +# endif +# if (LZO_TEST_DECOMPRESS_OVERRUN_INPUT >= 2) +# define NEED_IP(x) \ + if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun +# endif +#endif + +#if defined(LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT) +# if (LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT >= 1) +# define TEST_OP (op <= op_end) +# endif +# if (LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT >= 2) +# undef TEST_OP +# define NEED_OP(x) \ + if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun +# endif +#endif + +#if defined(LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND) +# define TEST_LOOKBEHIND(m_pos,out) if (m_pos < out) goto lookbehind_overrun +#else +# define TEST_LOOKBEHIND(m_pos,op) ((void) 0) +#endif + +#if !defined(LZO_EOF_CODE) && !defined(TEST_IP) +# define TEST_IP (ip < ip_end) +#endif + +#if defined(TEST_IP) +# define HAVE_TEST_IP +#else +# define TEST_IP 1 +#endif +#if defined(TEST_OP) +# define HAVE_TEST_OP +#else +# define TEST_OP 1 +#endif + +#if defined(NEED_IP) +# define HAVE_NEED_IP +#else +# define NEED_IP(x) ((void) 0) +#endif +#if defined(NEED_OP) +# define HAVE_NEED_OP +#else +# define NEED_OP(x) ((void) 0) +#endif + +#if defined(HAVE_TEST_IP) || defined(HAVE_NEED_IP) +# define HAVE_ANY_IP +#endif +#if defined(HAVE_TEST_OP) || defined(HAVE_NEED_OP) +# define HAVE_ANY_OP +#endif + +#if defined(DO_DECOMPRESS) +LZO_PUBLIC(int) +DO_DECOMPRESS ( const lzo_byte *in , lzo_uint in_len, + lzo_byte *out, lzo_uint *out_len, + lzo_voidp wrkmem ) +#endif +{ + register lzo_byte *op; + register const lzo_byte *ip; + register lzo_uint t; +#if defined(COPY_DICT) + lzo_uint m_off; + const lzo_byte *dict_end; +#else + register const lzo_byte *m_pos; +#endif + + const lzo_byte * const ip_end = in + in_len; +#if defined(HAVE_ANY_OP) + lzo_byte * const op_end = out + *out_len; +#endif +#if defined(LZO1Z) + lzo_uint last_m_off = 0; +#endif + + LZO_UNUSED(wrkmem); + +#if defined(__LZO_QUERY_DECOMPRESS) + if (__LZO_IS_DECOMPRESS_QUERY(in,in_len,out,out_len,wrkmem)) + return __LZO_QUERY_DECOMPRESS(in,in_len,out,out_len,wrkmem,0,0); +#endif + +#if defined(COPY_DICT) + if (dict) + { + if (dict_len > M4_MAX_OFFSET) + { + dict += dict_len - M4_MAX_OFFSET; + dict_len = M4_MAX_OFFSET; + } + dict_end = dict + dict_len; + } + else + { + dict_len = 0; + dict_end = NULL; + } +#endif + + *out_len = 0; + + op = out; + ip = in; + + if (*ip > 17) + { + t = *ip++ - 17; + if (t < 4) + goto match_next; + assert(t > 0); NEED_OP(t); NEED_IP(t+1); + do *op++ = *ip++; while (--t > 0); + goto first_literal_run; + } + + while (TEST_IP && TEST_OP) + { + t = *ip++; + if (t >= 16) + goto match; + if (t == 0) + { + NEED_IP(1); + while (*ip == 0) + { + t += 255; + ip++; + NEED_IP(1); + } + t += 15 + *ip++; + } + assert(t > 0); NEED_OP(t+3); NEED_IP(t+4); +#if defined(LZO_UNALIGNED_OK_4) || defined(LZO_ALIGNED_OK_4) +#if !defined(LZO_UNALIGNED_OK_4) + if (PTR_ALIGNED2_4(op,ip)) + { +#endif + * (lzo_uint32p) op = * (const lzo_uint32p) ip; + op += 4; ip += 4; + if (--t > 0) + { + if (t >= 4) + { + do { + * (lzo_uint32p) op = * (const lzo_uint32p) ip; + op += 4; ip += 4; t -= 4; + } while (t >= 4); + if (t > 0) do *op++ = *ip++; while (--t > 0); + } + else + do *op++ = *ip++; while (--t > 0); + } +#if !defined(LZO_UNALIGNED_OK_4) + } + else +#endif +#endif +#if !defined(LZO_UNALIGNED_OK_4) + { + *op++ = *ip++; *op++ = *ip++; *op++ = *ip++; + do *op++ = *ip++; while (--t > 0); + } +#endif + +first_literal_run: + + t = *ip++; + if (t >= 16) + goto match; +#if defined(COPY_DICT) +#if defined(LZO1Z) + m_off = (1 + M2_MAX_OFFSET) + (t << 6) + (*ip++ >> 2); + last_m_off = m_off; +#else + m_off = (1 + M2_MAX_OFFSET) + (t >> 2) + (*ip++ << 2); +#endif + NEED_OP(3); + t = 3; COPY_DICT(t,m_off) +#else +#if defined(LZO1Z) + t = (1 + M2_MAX_OFFSET) + (t << 6) + (*ip++ >> 2); + m_pos = op - t; + last_m_off = t; +#else + m_pos = op - (1 + M2_MAX_OFFSET); + m_pos -= t >> 2; + m_pos -= *ip++ << 2; +#endif + TEST_LOOKBEHIND(m_pos,out); NEED_OP(3); + *op++ = *m_pos++; *op++ = *m_pos++; *op++ = *m_pos; +#endif + goto match_done; + + while (TEST_IP && TEST_OP) + { +match: + if (t >= 64) + { +#if defined(COPY_DICT) +#if defined(LZO1X) + m_off = 1 + ((t >> 2) & 7) + (*ip++ << 3); + t = (t >> 5) - 1; +#elif defined(LZO1Y) + m_off = 1 + ((t >> 2) & 3) + (*ip++ << 2); + t = (t >> 4) - 3; +#elif defined(LZO1Z) + m_off = t & 0x1f; + if (m_off >= 0x1c) + m_off = last_m_off; + else + { + m_off = 1 + (m_off << 6) + (*ip++ >> 2); + last_m_off = m_off; + } + t = (t >> 5) - 1; +#endif +#else +#if defined(LZO1X) + m_pos = op - 1; + m_pos -= (t >> 2) & 7; + m_pos -= *ip++ << 3; + t = (t >> 5) - 1; +#elif defined(LZO1Y) + m_pos = op - 1; + m_pos -= (t >> 2) & 3; + m_pos -= *ip++ << 2; + t = (t >> 4) - 3; +#elif defined(LZO1Z) + { + lzo_uint off = t & 0x1f; + m_pos = op; + if (off >= 0x1c) + { + assert(last_m_off > 0); + m_pos -= last_m_off; + } + else + { + off = 1 + (off << 6) + (*ip++ >> 2); + m_pos -= off; + last_m_off = off; + } + } + t = (t >> 5) - 1; +#endif + TEST_LOOKBEHIND(m_pos,out); assert(t > 0); NEED_OP(t+3-1); + goto copy_match; +#endif + } + else if (t >= 32) + { + t &= 31; + if (t == 0) + { + NEED_IP(1); + while (*ip == 0) + { + t += 255; + ip++; + NEED_IP(1); + } + t += 31 + *ip++; + } +#if defined(COPY_DICT) +#if defined(LZO1Z) + m_off = 1 + (ip[0] << 6) + (ip[1] >> 2); + last_m_off = m_off; +#else + m_off = 1 + (ip[0] >> 2) + (ip[1] << 6); +#endif +#else +#if defined(LZO1Z) + { + lzo_uint off = 1 + (ip[0] << 6) + (ip[1] >> 2); + m_pos = op - off; + last_m_off = off; + } +#elif defined(LZO_UNALIGNED_OK_2) && (LZO_BYTE_ORDER == LZO_LITTLE_ENDIAN) + m_pos = op - 1; + m_pos -= (* (const lzo_ushortp) ip) >> 2; +#else + m_pos = op - 1; + m_pos -= (ip[0] >> 2) + (ip[1] << 6); +#endif +#endif + ip += 2; + } + else if (t >= 16) + { +#if defined(COPY_DICT) + m_off = (t & 8) << 11; +#else + m_pos = op; + m_pos -= (t & 8) << 11; +#endif + t &= 7; + if (t == 0) + { + NEED_IP(1); + while (*ip == 0) + { + t += 255; + ip++; + NEED_IP(1); + } + t += 7 + *ip++; + } +#if defined(COPY_DICT) +#if defined(LZO1Z) + m_off += (ip[0] << 6) + (ip[1] >> 2); +#else + m_off += (ip[0] >> 2) + (ip[1] << 6); +#endif + ip += 2; + if (m_off == 0) + goto eof_found; + m_off += 0x4000; +#if defined(LZO1Z) + last_m_off = m_off; +#endif +#else +#if defined(LZO1Z) + m_pos -= (ip[0] << 6) + (ip[1] >> 2); +#elif defined(LZO_UNALIGNED_OK_2) && (LZO_BYTE_ORDER == LZO_LITTLE_ENDIAN) + m_pos -= (* (const lzo_ushortp) ip) >> 2; +#else + m_pos -= (ip[0] >> 2) + (ip[1] << 6); +#endif + ip += 2; + if (m_pos == op) + goto eof_found; + m_pos -= 0x4000; +#if defined(LZO1Z) + last_m_off = op - m_pos; +#endif +#endif + } + else + { +#if defined(COPY_DICT) +#if defined(LZO1Z) + m_off = 1 + (t << 6) + (*ip++ >> 2); + last_m_off = m_off; +#else + m_off = 1 + (t >> 2) + (*ip++ << 2); +#endif + NEED_OP(2); + t = 2; COPY_DICT(t,m_off) +#else +#if defined(LZO1Z) + t = 1 + (t << 6) + (*ip++ >> 2); + m_pos = op - t; + last_m_off = t; +#else + m_pos = op - 1; + m_pos -= t >> 2; + m_pos -= *ip++ << 2; +#endif + TEST_LOOKBEHIND(m_pos,out); NEED_OP(2); + *op++ = *m_pos++; *op++ = *m_pos; +#endif + goto match_done; + } + +#if defined(COPY_DICT) + + NEED_OP(t+3-1); + t += 3-1; COPY_DICT(t,m_off) + +#else + + TEST_LOOKBEHIND(m_pos,out); assert(t > 0); NEED_OP(t+3-1); +#if defined(LZO_UNALIGNED_OK_4) || defined(LZO_ALIGNED_OK_4) +#if !defined(LZO_UNALIGNED_OK_4) + if (t >= 2 * 4 - (3 - 1) && PTR_ALIGNED2_4(op,m_pos)) + { + assert((op - m_pos) >= 4); +#else + if (t >= 2 * 4 - (3 - 1) && (op - m_pos) >= 4) + { +#endif + * (lzo_uint32p) op = * (const lzo_uint32p) m_pos; + op += 4; m_pos += 4; t -= 4 - (3 - 1); + do { + * (lzo_uint32p) op = * (const lzo_uint32p) m_pos; + op += 4; m_pos += 4; t -= 4; + } while (t >= 4); + if (t > 0) do *op++ = *m_pos++; while (--t > 0); + } + else +#endif + { +copy_match: + *op++ = *m_pos++; *op++ = *m_pos++; + do *op++ = *m_pos++; while (--t > 0); + } + +#endif + +match_done: +#if defined(LZO1Z) + t = ip[-1] & 3; +#else + t = ip[-2] & 3; +#endif + if (t == 0) + break; + +match_next: + assert(t > 0); NEED_OP(t); NEED_IP(t+1); + do *op++ = *ip++; while (--t > 0); + t = *ip++; + } + } + +#if defined(HAVE_TEST_IP) || defined(HAVE_TEST_OP) + *out_len = op - out; + return LZO_E_EOF_NOT_FOUND; +#endif + +eof_found: + assert(t == 1); + *out_len = op - out; + return (ip == ip_end ? LZO_E_OK : + (ip < ip_end ? LZO_E_INPUT_NOT_CONSUMED : LZO_E_INPUT_OVERRUN)); + +#if defined(HAVE_NEED_IP) +input_overrun: + *out_len = op - out; + return LZO_E_INPUT_OVERRUN; +#endif + +#if defined(HAVE_NEED_OP) +output_overrun: + *out_len = op - out; + return LZO_E_OUTPUT_OVERRUN; +#endif + +#if defined(LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND) +lookbehind_overrun: + *out_len = op - out; + return LZO_E_LOOKBEHIND_OVERRUN; +#endif +} + +/***** End of minilzo.c *****/ + Index: /tags/2.5.0/src/mkhdr.c =================================================================== --- /tags/2.5.0/src/mkhdr.c (revision 189) +++ /tags/2.5.0/src/mkhdr.c (revision 189) @@ -0,0 +1,222 @@ +#include "config.h" + +#ifdef HAVE_BROKEN_INCLUDES +#define _ANSI_C_SOURCE +#define _POSIX_SOURCE +#endif + +#include + +extern void exit(int status); +extern int fclose(FILE *stream); + +#ifndef TRUE +#define TRUE (1 == 1) +#endif + +#ifndef FALSE +#define FALSE (1 != 1) +#endif + +struct description_int +{ + int int_size; + char int_name[20]; +}; +struct description_int int_descrs[] = +{ +#ifdef LONGLONG + { sizeof(unsigned long long), "unsigned long long" }, +#endif + { sizeof(unsigned long), "unsigned long" }, + { sizeof(unsigned int), "unsigned int" }, + { sizeof(unsigned short), "unsigned short" }, + { sizeof(unsigned char), "unsigned char" } +}; +int size_count = sizeof(int_descrs) / sizeof(struct description_int); + +struct trnc_data +{ + long a, b, q, r; +}; +struct trnc_data trunc_tbl[] = +{ + { 13, 4, 3, 1 }, + { 13, -4, -3, 1 }, + { -13, 4, -3, -1 }, + { -13, -4, 3, -1 }, + { 15, 4, 3, 3 }, + { 15, -4, -3, 3 }, + { -15, 4, -3, -3 }, + { -15, -4, 3, -3 } +}; +int size_trunc_tbl = sizeof(trunc_tbl) / sizeof(struct trnc_data); + +struct rand_data +{ + unsigned long dig_size, a1, c1, a2, c2; +}; +struct rand_data rand_tbl[] = +{ + { 8, 197, 11, 37, 37 }, + { 16, 805, 345, 925, 767 }, + { 18, 13405, 4801, 20325, 19777 }, + { 32, 13405, 4801, 20325, 19777 } +}; +int size_rand_tbl = sizeof(rand_tbl) / sizeof(struct rand_data); + +int digit_bits; + +int +div_trunc_p(void) +{ + int i; + + for (i = 0; i < size_trunc_tbl; i++) + { + if (trunc_tbl[i].a / trunc_tbl[i].b != trunc_tbl[i].q) + { + printf("%ld / %ld = %ld, should have been %ld\n", + trunc_tbl[i].a, + trunc_tbl[i].b, + trunc_tbl[i].a / trunc_tbl[i].b, + trunc_tbl[i].q); + printf("when division truncates towards zero.\n"); + return FALSE; + } + if (trunc_tbl[i].a % trunc_tbl[i].b != trunc_tbl[i].r) + { + printf("%ld %% %ld = %ld, should have been %ld\n", + trunc_tbl[i].a, + trunc_tbl[i].b, + trunc_tbl[i].a % trunc_tbl[i].b, + trunc_tbl[i].r); + printf("when division truncates towards zero.\n"); + printf("Here a != q*b + r. Very strange!\n"); + return FALSE; + } + } + return TRUE; +} + +int +charsize(void) +{ + int i = 0; + unsigned char ch = 1; + unsigned char oldch = 0; + + while (ch > oldch) + { + oldch = ch; + ch <<= 1; + i++; + } + return i; +} + +void +RandDefsOut(FILE *fpOut, int dig_size) +{ + int i = 0; + + while ((i < size_rand_tbl) && (dig_size != (int)rand_tbl[i].dig_size)) + { + i++; + } + if (i == size_rand_tbl) + { + if (dig_size < (int) rand_tbl[0].dig_size) + { + printf("Digit size %d too small.\n", dig_size); + exit(10); + } + while ((int) rand_tbl[--i].dig_size > dig_size) + { + /* Count down `i' */ + } + } + fprintf(fpOut, "\n#define BIG_RAND_A1 %ld\n", rand_tbl[i].a1); + fprintf(fpOut, "#define BIG_RAND_C1 %ld\n", rand_tbl[i].c1); + fprintf(fpOut, "#define BIG_RAND_A2 %ld\n", rand_tbl[i].a2); + fprintf(fpOut, "#define BIG_RAND_C2 %ld\n", rand_tbl[i].c2); +} + +int +main(void) +{ + int i, j = 0, ints_found = FALSE, char_bits; + FILE *fpOut; + + if (!div_trunc_p()) + { + printf("Can't do division on this machine!\n"); + exit(10); + } + + if ((fpOut = fopen("internal.h", "w")) == NULL) + { + printf("Could not create \"internal.h\".\n"); + exit(10); + } + + fprintf(fpOut, "#ifndef _BIGNUM_INTERNAL_H_\n"); + fprintf(fpOut, "#define _BIGNUM_INTERNAL_H_\n\n"); + + char_bits = charsize(); + + for (i = 0; (i < size_count - 1) && !ints_found; i++) + { + for (j = i + 1; (j < size_count) && !ints_found; j++) + { + if (int_descrs[i].int_size >= 2 * int_descrs[j].int_size) + { + fprintf(fpOut, + "#define BIGNUM_DIGIT %s\n", + int_descrs[j].int_name); + fprintf(fpOut, + "#define BIGNUM_TWO_DIGITS %s\n\n", + int_descrs[i].int_name); + ints_found = TRUE; + } + } + } + + if (!ints_found) + { + fprintf(stderr, "Strange, no integer type was two times bigger "); + fprintf(stderr, "than another integer type.\n"); + fprintf(stderr, "Can't create header file.\nExiting.\n"); + exit(10); + } + + if (i > 0) i--; + if (j > 0) j--; + + digit_bits = char_bits * int_descrs[j].int_size; + fprintf(fpOut, "#define BIG_CHARBITS %d\n", char_bits); + fprintf(fpOut, "#define BIGNUM_DIGIT_BITS %d\n", digit_bits); + fprintf(fpOut, "#define BIGNUM_TWO_DIGITS_BITS %d\n\n", + char_bits * int_descrs[i].int_size); + + fprintf(fpOut, "struct big_struct\n{\n int sign;\n"); + fprintf(fpOut, " unsigned long dgs_alloc;\n"); + fprintf(fpOut, " unsigned long dgs_used;\n"); + fprintf(fpOut, " BIGNUM_DIGIT *dp;\n};\n"); + + RandDefsOut(fpOut, char_bits * int_descrs[j].int_size); + + if (sizeof(long) == sizeof(int)) + { + fprintf(fpOut, "\n#define MEMCPY_LONG_COUNTER\n"); + } + +#ifdef BIG_SHORT_NAMES + fprintf(fpOut, "\n#define BIG_SHORT_NAMES\n"); +#endif + + fprintf(fpOut, "\n#endif\n"); + fclose(fpOut); + exit(0); + return 0; /* Keep gcc from complaining */ +} Index: /tags/2.5.0/src/rijndael-alg-fst.c =================================================================== --- /tags/2.5.0/src/rijndael-alg-fst.c (revision 189) +++ /tags/2.5.0/src/rijndael-alg-fst.c (revision 189) @@ -0,0 +1,280 @@ +/* + * rijndael-alg-fst.c v2.3 April '2000 + * + * Optimised ANSI C code + * + * authors: v1.0: Antoon Bosselaers + * v2.0: Vincent Rijmen + * v2.3: Paulo Barreto + * + * This code is placed in the public domain. + */ + +#include "config_xor.h" + +#include +#include + +#ifdef SH_ENCRYPT + +#include "rijndael-alg-fst.h" + +#include "rijndael-boxes-fst.h" + +int rijndaelKeySched(word8 k[MAXKC][4], word8 W[MAXROUNDS+1][4][4], int ROUNDS) { + /* Calculate the necessary round keys + * The number of calculations depends on keyBits and blockBits + */ + int j, r, t, rconpointer = 0; + word8 tk[MAXKC][4]; + int KC = ROUNDS - 6; + + for (j = KC-1; j >= 0; j--) { + *((word32*)tk[j]) = *((word32*)k[j]); + } + r = 0; + t = 0; + /* copy values into round key array */ + for (j = 0; (j < KC) && (r < ROUNDS + 1); ) { + for (; (j < KC) && (t < 4); j++, t++) { + *((word32*)W[r][t]) = *((word32*)tk[j]); + } + if (t == 4) { + r++; + t = 0; + } + } + + while (r < ROUNDS + 1) { /* while not enough round key material calculated */ + /* calculate new values */ + tk[0][0] ^= S[tk[KC-1][1]]; + tk[0][1] ^= S[tk[KC-1][2]]; + tk[0][2] ^= S[tk[KC-1][3]]; + tk[0][3] ^= S[tk[KC-1][0]]; + tk[0][0] ^= rcon[rconpointer++]; + + if (KC != 8) { + for (j = 1; j < KC; j++) { + *((word32*)tk[j]) ^= *((word32*)tk[j-1]); + } + } else { + for (j = 1; j < KC/2; j++) { + *((word32*)tk[j]) ^= *((word32*)tk[j-1]); + } + tk[KC/2][0] ^= S[tk[KC/2 - 1][0]]; + tk[KC/2][1] ^= S[tk[KC/2 - 1][1]]; + tk[KC/2][2] ^= S[tk[KC/2 - 1][2]]; + tk[KC/2][3] ^= S[tk[KC/2 - 1][3]]; + for (j = KC/2 + 1; j < KC; j++) { + *((word32*)tk[j]) ^= *((word32*)tk[j-1]); + } + } + /* copy values into round key array */ + for (j = 0; (j < KC) && (r < ROUNDS + 1); ) { + for (; (j < KC) && (t < 4); j++, t++) { + *((word32*)W[r][t]) = *((word32*)tk[j]); + } + if (t == 4) { + r++; + t = 0; + } + } + } + return 0; +} + +int rijndaelKeyEncToDec(word8 W[MAXROUNDS+1][4][4], int ROUNDS) { + int r; + word8 *w; + + for (r = 1; r < ROUNDS; r++) { + w = W[r][0]; + *((word32*)w) = + *((word32*)U1[w[0]]) + ^ *((word32*)U2[w[1]]) + ^ *((word32*)U3[w[2]]) + ^ *((word32*)U4[w[3]]); + + w = W[r][1]; + *((word32*)w) = + *((word32*)U1[w[0]]) + ^ *((word32*)U2[w[1]]) + ^ *((word32*)U3[w[2]]) + ^ *((word32*)U4[w[3]]); + + w = W[r][2]; + *((word32*)w) = + *((word32*)U1[w[0]]) + ^ *((word32*)U2[w[1]]) + ^ *((word32*)U3[w[2]]) + ^ *((word32*)U4[w[3]]); + + w = W[r][3]; + *((word32*)w) = + *((word32*)U1[w[0]]) + ^ *((word32*)U2[w[1]]) + ^ *((word32*)U3[w[2]]) + ^ *((word32*)U4[w[3]]); + } + return 0; +} + +/** + * Encrypt a single block. + */ +int rijndaelEncrypt(word8 a[16], word8 b[16], word8 rk[MAXROUNDS+1][4][4], int ROUNDS) { + int r; + word8 temp[4][4]; + + *((word32*)temp[0]) = *((word32*)(a )) ^ *((word32*)rk[0][0]); + *((word32*)temp[1]) = *((word32*)(a+ 4)) ^ *((word32*)rk[0][1]); + *((word32*)temp[2]) = *((word32*)(a+ 8)) ^ *((word32*)rk[0][2]); + *((word32*)temp[3]) = *((word32*)(a+12)) ^ *((word32*)rk[0][3]); + *((word32*)(b )) = *((word32*)T1[temp[0][0]]) + ^ *((word32*)T2[temp[1][1]]) + ^ *((word32*)T3[temp[2][2]]) + ^ *((word32*)T4[temp[3][3]]); + *((word32*)(b + 4)) = *((word32*)T1[temp[1][0]]) + ^ *((word32*)T2[temp[2][1]]) + ^ *((word32*)T3[temp[3][2]]) + ^ *((word32*)T4[temp[0][3]]); + *((word32*)(b + 8)) = *((word32*)T1[temp[2][0]]) + ^ *((word32*)T2[temp[3][1]]) + ^ *((word32*)T3[temp[0][2]]) + ^ *((word32*)T4[temp[1][3]]); + *((word32*)(b +12)) = *((word32*)T1[temp[3][0]]) + ^ *((word32*)T2[temp[0][1]]) + ^ *((word32*)T3[temp[1][2]]) + ^ *((word32*)T4[temp[2][3]]); + for (r = 1; r < ROUNDS-1; r++) { + *((word32*)temp[0]) = *((word32*)(b )) ^ *((word32*)rk[r][0]); + *((word32*)temp[1]) = *((word32*)(b+ 4)) ^ *((word32*)rk[r][1]); + *((word32*)temp[2]) = *((word32*)(b+ 8)) ^ *((word32*)rk[r][2]); + *((word32*)temp[3]) = *((word32*)(b+12)) ^ *((word32*)rk[r][3]); + + *((word32*)(b )) = *((word32*)T1[temp[0][0]]) + ^ *((word32*)T2[temp[1][1]]) + ^ *((word32*)T3[temp[2][2]]) + ^ *((word32*)T4[temp[3][3]]); + *((word32*)(b + 4)) = *((word32*)T1[temp[1][0]]) + ^ *((word32*)T2[temp[2][1]]) + ^ *((word32*)T3[temp[3][2]]) + ^ *((word32*)T4[temp[0][3]]); + *((word32*)(b + 8)) = *((word32*)T1[temp[2][0]]) + ^ *((word32*)T2[temp[3][1]]) + ^ *((word32*)T3[temp[0][2]]) + ^ *((word32*)T4[temp[1][3]]); + *((word32*)(b +12)) = *((word32*)T1[temp[3][0]]) + ^ *((word32*)T2[temp[0][1]]) + ^ *((word32*)T3[temp[1][2]]) + ^ *((word32*)T4[temp[2][3]]); + } + /* last round is special */ + *((word32*)temp[0]) = *((word32*)(b )) ^ *((word32*)rk[ROUNDS-1][0]); + *((word32*)temp[1]) = *((word32*)(b+ 4)) ^ *((word32*)rk[ROUNDS-1][1]); + *((word32*)temp[2]) = *((word32*)(b+ 8)) ^ *((word32*)rk[ROUNDS-1][2]); + *((word32*)temp[3]) = *((word32*)(b+12)) ^ *((word32*)rk[ROUNDS-1][3]); + b[ 0] = T1[temp[0][0]][1]; + b[ 1] = T1[temp[1][1]][1]; + b[ 2] = T1[temp[2][2]][1]; + b[ 3] = T1[temp[3][3]][1]; + b[ 4] = T1[temp[1][0]][1]; + b[ 5] = T1[temp[2][1]][1]; + b[ 6] = T1[temp[3][2]][1]; + b[ 7] = T1[temp[0][3]][1]; + b[ 8] = T1[temp[2][0]][1]; + b[ 9] = T1[temp[3][1]][1]; + b[10] = T1[temp[0][2]][1]; + b[11] = T1[temp[1][3]][1]; + b[12] = T1[temp[3][0]][1]; + b[13] = T1[temp[0][1]][1]; + b[14] = T1[temp[1][2]][1]; + b[15] = T1[temp[2][3]][1]; + *((word32*)(b )) ^= *((word32*)rk[ROUNDS][0]); + *((word32*)(b+ 4)) ^= *((word32*)rk[ROUNDS][1]); + *((word32*)(b+ 8)) ^= *((word32*)rk[ROUNDS][2]); + *((word32*)(b+12)) ^= *((word32*)rk[ROUNDS][3]); + + return 0; +} + +/** + * Decrypt a single block. + */ +int rijndaelDecrypt(word8 a[16], word8 b[16], word8 rk[MAXROUNDS+1][4][4], int ROUNDS) { + int r; + word8 temp[4][4]; + + *((word32*)temp[0]) = *((word32*)(a )) ^ *((word32*)rk[ROUNDS][0]); + *((word32*)temp[1]) = *((word32*)(a+ 4)) ^ *((word32*)rk[ROUNDS][1]); + *((word32*)temp[2]) = *((word32*)(a+ 8)) ^ *((word32*)rk[ROUNDS][2]); + *((word32*)temp[3]) = *((word32*)(a+12)) ^ *((word32*)rk[ROUNDS][3]); + + *((word32*)(b )) = *((word32*)T5[temp[0][0]]) + ^ *((word32*)T6[temp[3][1]]) + ^ *((word32*)T7[temp[2][2]]) + ^ *((word32*)T8[temp[1][3]]); + *((word32*)(b+ 4)) = *((word32*)T5[temp[1][0]]) + ^ *((word32*)T6[temp[0][1]]) + ^ *((word32*)T7[temp[3][2]]) + ^ *((word32*)T8[temp[2][3]]); + *((word32*)(b+ 8)) = *((word32*)T5[temp[2][0]]) + ^ *((word32*)T6[temp[1][1]]) + ^ *((word32*)T7[temp[0][2]]) + ^ *((word32*)T8[temp[3][3]]); + *((word32*)(b+12)) = *((word32*)T5[temp[3][0]]) + ^ *((word32*)T6[temp[2][1]]) + ^ *((word32*)T7[temp[1][2]]) + ^ *((word32*)T8[temp[0][3]]); + for (r = ROUNDS-1; r > 1; r--) { + *((word32*)temp[0]) = *((word32*)(b )) ^ *((word32*)rk[r][0]); + *((word32*)temp[1]) = *((word32*)(b+ 4)) ^ *((word32*)rk[r][1]); + *((word32*)temp[2]) = *((word32*)(b+ 8)) ^ *((word32*)rk[r][2]); + *((word32*)temp[3]) = *((word32*)(b+12)) ^ *((word32*)rk[r][3]); + *((word32*)(b )) = *((word32*)T5[temp[0][0]]) + ^ *((word32*)T6[temp[3][1]]) + ^ *((word32*)T7[temp[2][2]]) + ^ *((word32*)T8[temp[1][3]]); + *((word32*)(b+ 4)) = *((word32*)T5[temp[1][0]]) + ^ *((word32*)T6[temp[0][1]]) + ^ *((word32*)T7[temp[3][2]]) + ^ *((word32*)T8[temp[2][3]]); + *((word32*)(b+ 8)) = *((word32*)T5[temp[2][0]]) + ^ *((word32*)T6[temp[1][1]]) + ^ *((word32*)T7[temp[0][2]]) + ^ *((word32*)T8[temp[3][3]]); + *((word32*)(b+12)) = *((word32*)T5[temp[3][0]]) + ^ *((word32*)T6[temp[2][1]]) + ^ *((word32*)T7[temp[1][2]]) + ^ *((word32*)T8[temp[0][3]]); + } + /* last round is special */ + *((word32*)temp[0]) = *((word32*)(b )) ^ *((word32*)rk[1][0]); + *((word32*)temp[1]) = *((word32*)(b+ 4)) ^ *((word32*)rk[1][1]); + *((word32*)temp[2]) = *((word32*)(b+ 8)) ^ *((word32*)rk[1][2]); + *((word32*)temp[3]) = *((word32*)(b+12)) ^ *((word32*)rk[1][3]); + b[ 0] = S5[temp[0][0]]; + b[ 1] = S5[temp[3][1]]; + b[ 2] = S5[temp[2][2]]; + b[ 3] = S5[temp[1][3]]; + b[ 4] = S5[temp[1][0]]; + b[ 5] = S5[temp[0][1]]; + b[ 6] = S5[temp[3][2]]; + b[ 7] = S5[temp[2][3]]; + b[ 8] = S5[temp[2][0]]; + b[ 9] = S5[temp[1][1]]; + b[10] = S5[temp[0][2]]; + b[11] = S5[temp[3][3]]; + b[12] = S5[temp[3][0]]; + b[13] = S5[temp[2][1]]; + b[14] = S5[temp[1][2]]; + b[15] = S5[temp[0][3]]; + *((word32*)(b )) ^= *((word32*)rk[0][0]); + *((word32*)(b+ 4)) ^= *((word32*)rk[0][1]); + *((word32*)(b+ 8)) ^= *((word32*)rk[0][2]); + *((word32*)(b+12)) ^= *((word32*)rk[0][3]); + + return 0; +} + +#endif Index: /tags/2.5.0/src/rijndael-api-fst.c =================================================================== --- /tags/2.5.0/src/rijndael-api-fst.c (revision 189) +++ /tags/2.5.0/src/rijndael-api-fst.c (revision 189) @@ -0,0 +1,319 @@ +/* + * rijndael-api-fst.c v2.3 April '2000 + * + * Optimised ANSI C code + * + * authors: v1.0: Antoon Bosselaers + * v2.0: Vincent Rijmen + * v2.1: Vincent Rijmen + * v2.2: Vincent Rijmen + * v2.3: Paulo Barreto + * v2.4: Vincent Rijmen + * + * This code is placed in the public domain. + */ + +#include "config_xor.h" + +#include +#include +#include +#include + +#ifdef SH_ENCRYPT + +#include "rijndael-alg-fst.h" +#include "rijndael-api-fst.h" + +int makeKey(keyInstance *key, RIJ_BYTE direction, int keyLen, char *keyMaterial) { + word8 k[MAXKC][4]; + int i; + char *keyMat; + + if (key == NULL) { + return BAD_KEY_INSTANCE; + } + + if ((direction == DIR_ENCRYPT) || (direction == DIR_DECRYPT)) { + key->direction = direction; + } else { + return BAD_KEY_DIR; + } + + if ((keyLen == 128) || (keyLen == 192) || (keyLen == 256)) { + key->keyLen = keyLen; + } else { + return BAD_KEY_MAT; + } + + if (keyMaterial != NULL) { + strncpy(key->keyMaterial, keyMaterial, keyLen/4); + } + + key->ROUNDS = keyLen/32 + 6; + + /* initialize key schedule: */ + keyMat = key->keyMaterial; +#ifndef BINARY_KEY_MATERIAL + for (i = 0; i < key->keyLen/8; i++) { + int t, j; + + t = *keyMat++; + if ((t >= '0') && (t <= '9')) j = (t - '0') << 4; + else if ((t >= 'a') && (t <= 'f')) j = (t - 'a' + 10) << 4; + else if ((t >= 'A') && (t <= 'F')) j = (t - 'A' + 10) << 4; + else return BAD_KEY_MAT; + + t = *keyMat++; + if ((t >= '0') && (t <= '9')) j ^= (t - '0'); + else if ((t >= 'a') && (t <= 'f')) j ^= (t - 'a' + 10); + else if ((t >= 'A') && (t <= 'F')) j ^= (t - 'A' + 10); + else return BAD_KEY_MAT; + + k[i >> 2][i & 3] = (word8)j; + } +#else + for (i = 0; i < key->keyLen/8; i++) { + k[i >> 2][i & 3] = (word8)keyMat[i]; + } +#endif /* ?BINARY_KEY_MATERIAL */ + rijndaelKeySched(k, key->keySched, key->ROUNDS); + if (direction == DIR_DECRYPT) { + rijndaelKeyEncToDec(key->keySched, key->ROUNDS); + } + + return TRUE; +} + +int cipherInit(cipherInstance *cipher, RIJ_BYTE mode, char *IV) { + if ((mode == MODE_ECB) || (mode == MODE_CBC) || (mode == MODE_CFB1)) { + cipher->mode = mode; + } else { + return BAD_CIPHER_MODE; + } + if (IV != NULL) { +#ifndef BINARY_KEY_MATERIAL + int i; + for (i = 0; i < MAX_IV_SIZE; i++) { + int t, j; + + t = IV[2*i]; + if ((t >= '0') && (t <= '9')) j = (t - '0') << 4; + else if ((t >= 'a') && (t <= 'f')) j = (t - 'a' + 10) << 4; + else if ((t >= 'A') && (t <= 'F')) j = (t - 'A' + 10) << 4; + else return BAD_CIPHER_INSTANCE; + + t = IV[2*i+1]; + if ((t >= '0') && (t <= '9')) j ^= (t - '0'); + else if ((t >= 'a') && (t <= 'f')) j ^= (t - 'a' + 10); + else if ((t >= 'A') && (t <= 'F')) j ^= (t - 'A' + 10); + else return BAD_CIPHER_INSTANCE; + + cipher->IV[i] = (word8)j; + } +#else + memcpy(cipher->IV, IV, MAX_IV_SIZE); +#endif /* ?BINARY_KEY_MATERIAL */ + } else { + memset(cipher->IV, 0, MAX_IV_SIZE); + } + return TRUE; +} + +int blockEncrypt(cipherInstance *cipher, keyInstance *key, + RIJ_BYTE *input, int inputLen, RIJ_BYTE *outBuffer) { + int i, k, numBlocks; + word8 block[16], iv[4][4]; + + if (cipher == NULL || + key == NULL || + key->direction == DIR_DECRYPT) { + return BAD_CIPHER_STATE; + } + if (input == NULL || inputLen <= 0) { + return 0; /* nothing to do */ + } + + numBlocks = inputLen/128; + + switch (cipher->mode) { + case MODE_ECB: + for (i = numBlocks; i > 0; i--) { + rijndaelEncrypt(input, outBuffer, key->keySched, key->ROUNDS); + input += 16; + outBuffer += 16; + } + break; + + case MODE_CBC: + /* fix the memory alignment for HP-UX 10.20 + * R. Wichmann Mon Jun 18 22:36:55 CEST 2001 + */ +#if STRICT_ALIGN + memcpy(iv, cipher->IV, 16); + ((word32*)block)[0] = ((word32*)iv)[0] ^ ((word32*)input)[0]; + ((word32*)block)[1] = ((word32*)iv)[1] ^ ((word32*)input)[1]; + ((word32*)block)[2] = ((word32*)iv)[2] ^ ((word32*)input)[2]; + ((word32*)block)[3] = ((word32*)iv)[3] ^ ((word32*)input)[3]; +#else /* !STRICT_ALIGN */ + ((word32*)block)[0] = ((word32*)cipher->IV)[0] ^ ((word32*)input)[0]; + ((word32*)block)[1] = ((word32*)cipher->IV)[1] ^ ((word32*)input)[1]; + ((word32*)block)[2] = ((word32*)cipher->IV)[2] ^ ((word32*)input)[2]; + ((word32*)block)[3] = ((word32*)cipher->IV)[3] ^ ((word32*)input)[3]; +#endif /* ?STRICT_ALIGN */ + rijndaelEncrypt(block, outBuffer, key->keySched, key->ROUNDS); + input += 16; + for (i = numBlocks - 1; i > 0; i--) { + ((word32*)block)[0] = ((word32*)outBuffer)[0] ^ ((word32*)input)[0]; + ((word32*)block)[1] = ((word32*)outBuffer)[1] ^ ((word32*)input)[1]; + ((word32*)block)[2] = ((word32*)outBuffer)[2] ^ ((word32*)input)[2]; + ((word32*)block)[3] = ((word32*)outBuffer)[3] ^ ((word32*)input)[3]; + outBuffer += 16; + rijndaelEncrypt(block, outBuffer, key->keySched, key->ROUNDS); + input += 16; + } + break; + + case MODE_CFB1: +#if STRICT_ALIGN + memcpy(iv, cipher->IV, 16); +#else /* !STRICT_ALIGN */ + *((word32*)iv[0]) = *((word32*)(cipher->IV )); + *((word32*)iv[1]) = *((word32*)(cipher->IV+ 4)); + *((word32*)iv[2]) = *((word32*)(cipher->IV+ 8)); + *((word32*)iv[3]) = *((word32*)(cipher->IV+12)); +#endif /* ?STRICT_ALIGN */ + for (i = numBlocks; i > 0; i--) { + for (k = 0; k < 128; k++) { + *((word32*) block ) = *((word32*)iv[0]); + *((word32*)(block+ 4)) = *((word32*)iv[1]); + *((word32*)(block+ 8)) = *((word32*)iv[2]); + *((word32*)(block+12)) = *((word32*)iv[3]); + rijndaelEncrypt(block, block, key->keySched, key->ROUNDS); + outBuffer[k/8] ^= (block[0] & 0x80) >> (k & 7); + iv[0][0] = (iv[0][0] << 1) | (iv[0][1] >> 7); + iv[0][1] = (iv[0][1] << 1) | (iv[0][2] >> 7); + iv[0][2] = (iv[0][2] << 1) | (iv[0][3] >> 7); + iv[0][3] = (iv[0][3] << 1) | (iv[1][0] >> 7); + iv[1][0] = (iv[1][0] << 1) | (iv[1][1] >> 7); + iv[1][1] = (iv[1][1] << 1) | (iv[1][2] >> 7); + iv[1][2] = (iv[1][2] << 1) | (iv[1][3] >> 7); + iv[1][3] = (iv[1][3] << 1) | (iv[2][0] >> 7); + iv[2][0] = (iv[2][0] << 1) | (iv[2][1] >> 7); + iv[2][1] = (iv[2][1] << 1) | (iv[2][2] >> 7); + iv[2][2] = (iv[2][2] << 1) | (iv[2][3] >> 7); + iv[2][3] = (iv[2][3] << 1) | (iv[3][0] >> 7); + iv[3][0] = (iv[3][0] << 1) | (iv[3][1] >> 7); + iv[3][1] = (iv[3][1] << 1) | (iv[3][2] >> 7); + iv[3][2] = (iv[3][2] << 1) | (iv[3][3] >> 7); + iv[3][3] = (iv[3][3] << 1) | ((outBuffer[k/8] >> (7-(k&7))) & 1); + } + } + break; + + default: + return BAD_CIPHER_STATE; + } + + return 128*numBlocks; +} + +int blockDecrypt(cipherInstance *cipher, keyInstance *key, + RIJ_BYTE *input, int inputLen, RIJ_BYTE *outBuffer) { + int i, k, numBlocks; + word8 block[16], iv[4][4]; + + if (cipher == NULL || + key == NULL || + ((cipher->mode != MODE_CFB1) && (key->direction == DIR_ENCRYPT))) { + return BAD_CIPHER_STATE; + } + if (input == NULL || inputLen <= 0) { + return 0; /* nothing to do */ + } + + numBlocks = inputLen/128; + + switch (cipher->mode) { + case MODE_ECB: + for (i = numBlocks; i > 0; i--) { + rijndaelDecrypt(input, outBuffer, key->keySched, key->ROUNDS); + input += 16; + outBuffer += 16; + } + break; + + case MODE_CBC: +#if STRICT_ALIGN + memcpy(iv, cipher->IV, 16); +#else + *((word32*)iv[0]) = *((word32*)(cipher->IV )); + *((word32*)iv[1]) = *((word32*)(cipher->IV+ 4)); + *((word32*)iv[2]) = *((word32*)(cipher->IV+ 8)); + *((word32*)iv[3]) = *((word32*)(cipher->IV+12)); +#endif + for (i = numBlocks; i > 0; i--) { + rijndaelDecrypt(input, block, key->keySched, key->ROUNDS); + ((word32*)block)[0] ^= *((word32*)iv[0]); + ((word32*)block)[1] ^= *((word32*)iv[1]); + ((word32*)block)[2] ^= *((word32*)iv[2]); + ((word32*)block)[3] ^= *((word32*)iv[3]); +#if STRICT_ALIGN + memcpy(iv, input, 16); + memcpy(outBuffer, block, 16); +#else + *((word32*)iv[0]) = ((word32*)input)[0]; ((word32*)outBuffer)[0] = ((word32*)block)[0]; + *((word32*)iv[1]) = ((word32*)input)[1]; ((word32*)outBuffer)[1] = ((word32*)block)[1]; + *((word32*)iv[2]) = ((word32*)input)[2]; ((word32*)outBuffer)[2] = ((word32*)block)[2]; + *((word32*)iv[3]) = ((word32*)input)[3]; ((word32*)outBuffer)[3] = ((word32*)block)[3]; +#endif + input += 16; + outBuffer += 16; + } + break; + + case MODE_CFB1: +#if STRICT_ALIGN + memcpy(iv, cipher->IV, 16); +#else + *((word32*)iv[0]) = *((word32*)(cipher->IV)); + *((word32*)iv[1]) = *((word32*)(cipher->IV+ 4)); + *((word32*)iv[2]) = *((word32*)(cipher->IV+ 8)); + *((word32*)iv[3]) = *((word32*)(cipher->IV+12)); +#endif + for (i = numBlocks; i > 0; i--) { + for (k = 0; k < 128; k++) { + *((word32*) block ) = *((word32*)iv[0]); + *((word32*)(block+ 4)) = *((word32*)iv[1]); + *((word32*)(block+ 8)) = *((word32*)iv[2]); + *((word32*)(block+12)) = *((word32*)iv[3]); + rijndaelEncrypt(block, block, key->keySched, key->ROUNDS); + iv[0][0] = (iv[0][0] << 1) | (iv[0][1] >> 7); + iv[0][1] = (iv[0][1] << 1) | (iv[0][2] >> 7); + iv[0][2] = (iv[0][2] << 1) | (iv[0][3] >> 7); + iv[0][3] = (iv[0][3] << 1) | (iv[1][0] >> 7); + iv[1][0] = (iv[1][0] << 1) | (iv[1][1] >> 7); + iv[1][1] = (iv[1][1] << 1) | (iv[1][2] >> 7); + iv[1][2] = (iv[1][2] << 1) | (iv[1][3] >> 7); + iv[1][3] = (iv[1][3] << 1) | (iv[2][0] >> 7); + iv[2][0] = (iv[2][0] << 1) | (iv[2][1] >> 7); + iv[2][1] = (iv[2][1] << 1) | (iv[2][2] >> 7); + iv[2][2] = (iv[2][2] << 1) | (iv[2][3] >> 7); + iv[2][3] = (iv[2][3] << 1) | (iv[3][0] >> 7); + iv[3][0] = (iv[3][0] << 1) | (iv[3][1] >> 7); + iv[3][1] = (iv[3][1] << 1) | (iv[3][2] >> 7); + iv[3][2] = (iv[3][2] << 1) | (iv[3][3] >> 7); + iv[3][3] = (iv[3][3] << 1) | ((input[k/8] >> (7-(k&7))) & 1); + outBuffer[k/8] ^= (block[0] & 0x80) >> (k & 7); + } + } + break; + + default: + return BAD_CIPHER_STATE; + } + + return 128*numBlocks; +} + +#endif Index: /tags/2.5.0/src/samhain.c =================================================================== --- /tags/2.5.0/src/samhain.c (revision 189) +++ /tags/2.5.0/src/samhain.c (revision 189) @@ -0,0 +1,2176 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999, 2000 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + + +#include +#include +#include +#include +#include + +/* samhainctl */ +#include +#include +#include +#include +#include + + +#if TIME_WITH_SYS_TIME +#include +#include +#else +#if HAVE_SYS_TIME_H +#include +#else +#include +#endif +#endif + +#ifdef HAVE_MEMORY_H +#include +#endif + +#ifdef HAVE_SETPRIORITY +#include +#endif + +#ifndef HAVE_LSTAT +#define lstat stat +#endif + +/* for FLT_EPSILON + */ +#include + +#include "samhain.h" +#include "sh_pthread.h" +#include "sh_files.h" +#include "sh_utils.h" +#include "sh_error.h" +#include "sh_unix.h" +#include "sh_getopt.h" +#include "sh_readconf.h" +#include "sh_hash.h" + +#include "sh_mail.h" + +#include "sh_tiger.h" +#include "sh_gpg.h" +#include "sh_mem.h" +#include "sh_forward.h" +#include "sh_tools.h" +#include "sh_hash.h" +#if defined(WITH_EXTERNAL) +#include "sh_extern.h" +#endif +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) +#include "sh_modules.h" +#include "sh_ignore.h" +#include "sh_prelink.h" +#endif + +#undef FIL__ +#define FIL__ _("samhain.c") + + +/************************************************** + * + * Needed to compile the key into the code. + * + **************************************************/ + +extern UINT32 ErrFlag[2]; +#include "sh_MK.h" + +/************************************************** + * + * Variables for signal handling. + * + **************************************************/ + +volatile int sig_raised; +volatile int sig_urgent; +volatile int sig_debug_switch; /* SIGUSR1 */ +volatile int sig_suspend_switch; /* SIGUSR2 */ +volatile int sh_global_suspend_flag; +volatile int sig_fresh_trail; /* SIGIOT */ +volatile int sh_thread_pause_flag = S_FALSE; +volatile int sig_config_read_again; /* SIGHUP */ +volatile int sig_terminate; /* SIGQUIT */ +volatile int sig_termfast; /* SIGTERM */ +volatile int sig_force_check; /* SIGTTOU */ +long int eintr__result; +char sh_sig_msg[SH_MINIBUF]; + + +#ifdef SH_STEALTH +/************************************************** + * + * The following set of functions is required for + * the 'stealth' mode. + * + **************************************************/ + +#ifndef SH_MAX_GLOBS +#define SH_MAX_GLOBS 16 +#endif + +#ifndef GLOB_LEN +#define GLOB_LEN 511 +#endif + +#ifdef HAVE_PTHREAD +struct gt { + size_t g_count; + char * g_glob; +}; + +pthread_key_t g_key; + +int sh_g_thread() +{ + struct gt * ptr = malloc(sizeof(struct gt)); + if (!ptr) + return -1; + ptr->g_count = 0; + ptr->g_glob = calloc(1, SH_MAX_GLOBS * (GLOB_LEN+1)); + if (!(ptr->g_glob)) + return -1; + return pthread_setspecific(g_key, ptr); +} + +void sh_g_destroy(void * data) +{ + struct gt * ptr = (struct gt *) data; + free(ptr->g_glob); + free(ptr); + return; +} + +void sh_g_init(void) +{ +#if !defined(USE_SYSTEM_MALLOC) && defined(USE_MALLOC_LOCK) + extern int dnmalloc_pthread_init(void); + dnmalloc_pthread_init(); +#endif + + if (0 != pthread_key_create(&g_key, sh_g_destroy)) + { + perror("1"); + exit(EXIT_FAILURE); + } + + if (0 != sh_g_thread()) + { + perror("2"); + exit(EXIT_FAILURE); + } + return; +} +#define SH_G_INIT sh_g_init() +#else +#define SH_G_INIT ((void)0) +#endif + +char * globber(const char * str) +{ + size_t i; + size_t j; + +#ifndef HAVE_PTHREAD + static size_t count = 0; + static char glob[SH_MAX_GLOBS * (GLOB_LEN+1)]; +#else + struct gt * ptr = pthread_getspecific(g_key); + size_t count; + char * glob; + + if (ptr) { + count = ptr->g_count; + glob = ptr->g_glob; + } else { + return NULL; + } +#endif + + if (str != NULL) + j = strlen(str); + else + return NULL; + + ASSERT((j <= GLOB_LEN), _("j <= GLOB_LEN")) + + if (j > GLOB_LEN) + j = GLOB_LEN; + + /* Overwrap the buffer. + */ + if ( (count + j) >= (SH_MAX_GLOBS * (GLOB_LEN+1))) + { + count = 0; + } + + for (i = 0; i < j; ++i) + { + if (str[i] != '\n' && str[i] != '\t' && str[i] != '\r' && str[i] != '"') + glob[count + i] = str[i] ^ XOR_CODE; + else + glob[count + i] = str[i]; + } + glob[count + j] = '\0'; + + i = count; +#ifdef HAVE_PTHREAD + ptr->g_count = count + j + 1; +#else + count = count + j + 1; +#endif + return &glob[i]; +} + +void sh_do_encode (char * str, int len) +{ + register int i; + + /* this is a symmetric operation + */ + for (i = 0; i < len; ++i) + { + str[i] = str[i] ^ XOR_CODE; + } + return; +} + +#else +/* not stealth */ +#define SH_G_INIT ((void)0) +#endif + +/************************************************** + * + * Global variables. + * + **************************************************/ + +sh_struct sh; +/*@null@*/ sh_key_t * skey = NULL; + +extern unsigned char TcpFlag[8][PW_LEN+1]; + +/************************************************** + * + * Initializing. + * + **************************************************/ + +static int is_samhainctl_init = S_FALSE; + +static +void sh_init (void) +{ + unsigned char * dez = NULL; + int i; +#if defined(SH_WITH_MAIL) + char * p; + char q[SH_PATHBUF]; +#endif + + SL_ENTER(_("sh_init")); + +#ifdef MKA_09 + ErrFlag[0] |= (1 << 8); +#endif +#ifdef MKA_10 + ErrFlag[0] |= (1 << 9); +#endif +#ifdef MKA_11 + ErrFlag[0] |= (1 << 10); +#endif +#ifdef MKA_12 + ErrFlag[0] |= (1 << 11); +#endif +#ifdef MKA_13 + ErrFlag[0] |= (1 << 12); +#endif +#ifdef MKA_14 + ErrFlag[0] |= (1 << 13); +#endif +#ifdef MKA_15 + ErrFlag[0] |= (1 << 14); +#endif +#ifdef MKA_16 + ErrFlag[0] |= (1 << 15); +#endif + + /* Signal handling. + */ + sig_raised = 0; + sig_config_read_again = 0; /* SIGHUP */ + sig_debug_switch = 0; /* SIGUSR1 */ + sig_suspend_switch = 0; /* SIGUSR2 */ + sh_global_suspend_flag = 0; /* SIGUSR2 */ + sig_fresh_trail = 0; /* SIGIOT */ + sig_terminate = 0; /* SIGQUIT */ + sig_termfast = 0; /* SIGTERM */ + sig_force_check = 0; /* SIGTTOU */ + strcpy ( sh_sig_msg, _("None")); + +#ifdef MKB_01 + ErrFlag[1] |= (1 << 0); +#endif +#ifdef MKB_02 + ErrFlag[1] |= (1 << 1); +#endif +#ifdef MKB_03 + ErrFlag[1] |= (1 << 2); +#endif +#ifdef MKB_04 + ErrFlag[1] |= (1 << 3); +#endif +#ifdef MKB_05 + ErrFlag[1] |= (1 << 4); +#endif +#ifdef MKB_06 + ErrFlag[1] |= (1 << 5); +#endif +#ifdef MKB_07 + ErrFlag[1] |= (1 << 6); +#endif +#ifdef MKB_08 + ErrFlag[1] |= (1 << 7); +#endif + +#if defined(SH_WITH_SERVER) && !defined(SH_WITH_CLIENT) + strncpy(sh.prg_name, _("Yule"), 8); + sh.prg_name[4] = '\0'; +#else + strncpy(sh.prg_name, _("Samhain"), 8); + sh.prg_name[7] = '\0'; +#endif + + sh.pid = (UINT64) getpid(); + + /* The flags. + */ + if (is_samhainctl_init == S_FALSE) + sh.flag.checkSum = SH_CHECK_NONE; + sh.flag.update = S_FALSE; + sh.flag.opts = S_FALSE; + if (is_samhainctl_init == S_FALSE) + sh.flag.isdaemon = S_FALSE; + sh.flag.isserver = S_FALSE; + sh.flag.islocked = S_FALSE; + sh.flag.smsg = S_FALSE; + sh.flag.log_start = S_TRUE; + sh.flag.reportonce = S_TRUE; + sh.flag.fulldetail = S_FALSE; + sh.flag.audit = S_FALSE; + sh.flag.nice = 0; + sh.flag.aud_mask = 0xFFFFFFFFUL; + sh.flag.client_severity = S_FALSE; + sh.flag.client_class = S_FALSE; + sh.flag.hidefile = S_FALSE; + sh.flag.loop = S_FALSE; + +#ifdef MKB_09 + ErrFlag[1] |= (1 << 8); +#endif +#ifdef MKB_10 + ErrFlag[1] |= (1 << 9); +#endif +#ifdef MKB_11 + ErrFlag[1] |= (1 << 10); +#endif +#ifdef MKB_12 + ErrFlag[1] |= (1 << 11); +#endif +#ifdef MKB_13 + ErrFlag[1] |= (1 << 12); +#endif +#ifdef MKB_14 + ErrFlag[1] |= (1 << 13); +#endif +#ifdef MKB_15 + ErrFlag[1] |= (1 << 14); +#endif +#ifdef MKB_16 + ErrFlag[1] |= (1 << 15); +#endif + + /* The stats. + */ + sh.statistics.bytes_speed = 0; + sh.statistics.bytes_hashed = 0; + sh.statistics.mail_success = 0; + sh.statistics.mail_failed = 0; + sh.statistics.time_start = time(NULL); + sh.statistics.time_check = (time_t) 0; + +#ifdef MKC_01 + ErrFlag[0] |= (1 << 16); +#endif +#ifdef MKC_02 + ErrFlag[0] |= (1 << 17); +#endif +#ifdef MKC_03 + ErrFlag[0] |= (1 << 18); +#endif +#ifdef MKC_04 + ErrFlag[0] |= (1 << 19); +#endif +#ifdef MKC_05 + ErrFlag[0] |= (1 << 20); +#endif +#ifdef MKC_06 + ErrFlag[0] |= (1 << 21); +#endif +#ifdef MKC_07 + ErrFlag[0] |= (1 << 22); +#endif +#ifdef MKC_08 + ErrFlag[0] |= (1 << 23); +#endif + + + /* The local host. + */ + (void) sl_strlcpy (sh.host.name, _("localhost"), SH_MINIBUF); + sh.host.system[0] = '\0'; /* flawfinder: ignore *//* ff bug */ + sh.host.release[0] = '\0'; + sh.host.machine[0] = '\0'; + +#ifdef MKC_09 + ErrFlag[0] |= (1 << 24); +#endif +#ifdef MKC_10 + ErrFlag[0] |= (1 << 25); +#endif +#ifdef MKC_11 + ErrFlag[0] |= (1 << 26); +#endif +#ifdef MKC_12 + ErrFlag[0] |= (1 << 27); +#endif +#ifdef MKC_13 + ErrFlag[0] |= (1 << 28); +#endif +#ifdef MKC_14 + ErrFlag[0] |= (1 << 29); +#endif +#ifdef MKC_15 + ErrFlag[0] |= (1 << 30); +#endif +#ifdef MKC_16 + ErrFlag[0] |= (1UL << 31); +#endif + + /* The paths. + */ + (void) sl_strlcpy (sh.conf.path, DEFAULT_CONFIGFILE, SH_PATHBUF); + sh.conf.hash[0] = '\0'; + (void) sl_strlcpy (sh.data.path, DEFAULT_DATA_FILE, SH_PATHBUF); + sh.data.hash[0] = '\0'; + sh.exec.path[0] = '\0'; + sh.exec.hash[0] = '\0'; + +#ifdef MKD_01 + ErrFlag[1] |= (1 << 16); +#endif +#ifdef MKD_02 + ErrFlag[1] |= (1 << 17); +#endif +#ifdef MKD_03 + ErrFlag[1] |= (1 << 18); +#endif +#ifdef MKD_04 + ErrFlag[1] |= (1 << 19); +#endif +#ifdef MKD_05 + ErrFlag[1] |= (1 << 20); +#endif +#ifdef MKD_06 + ErrFlag[1] |= (1 << 21); +#endif +#ifdef MKD_07 + ErrFlag[1] |= (1 << 22); +#endif +#ifdef MKD_08 + ErrFlag[1] |= (1 << 23); +#endif + + /* The addresses. + */ +#if defined(SH_WITH_MAIL) + if (0 == strcmp (DEFAULT_MAILADDRESS, _("NULL"))) + { +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) + char * saveptr; + (void) sl_strncpy(q, DEFAULT_MAILADDRESS, SH_PATHBUF); + p = strtok_r (q, ", \t", &saveptr); + if (p) + { + (void) sh_mail_setaddress_int (p); + while (NULL != (p = strtok_r (NULL, ", \t", &saveptr))) + (void) sh_mail_setaddress_int (p); + } +#else + (void) sl_strncpy(q, DEFAULT_MAILADDRESS, SH_PATHBUF); + p = strtok (q, ", \t"); + if (p) + { + (void) sh_mail_setaddress_int (p); + while (NULL != (p = strtok (NULL, ", \t"))) + (void) sh_mail_setaddress_int (p); + } +#endif + } +#endif + + if (0 == strcmp (ALT_TIMESERVER, _("NULL"))) + sh.srvtime.alt[0] = '\0'; + else + (void) sl_strlcpy (sh.srvtime.alt, ALT_TIMESERVER, SH_PATHBUF); + if (0 == strcmp (DEFAULT_TIMESERVER, _("NULL"))) + sh.srvtime.name[0] = '\0'; + else + (void) sl_strlcpy (sh.srvtime.name, DEFAULT_TIMESERVER, SH_PATHBUF); + + + if (0 == strcmp (ALT_LOGSERVER, _("NULL"))) + sh.srvexport.alt[0] = '\0'; + else + (void) sl_strlcpy (sh.srvexport.alt, ALT_LOGSERVER, SH_PATHBUF); + if (0 == strcmp (DEFAULT_LOGSERVER, _("NULL"))) + sh.srvexport.name[0] = '\0'; + else + (void) sl_strlcpy (sh.srvexport.name, DEFAULT_LOGSERVER, SH_PATHBUF); + + + if (0 == strcmp (DEFAULT_ERRLOCK, _("NULL"))) + sh.srvlog.alt[0] = '\0'; + else + (void) sl_strlcpy (sh.srvlog.alt, DEFAULT_ERRLOCK, SH_PATHBUF); + if (0 == strcmp (DEFAULT_ERRFILE, _("NULL"))) + sh.srvlog.name[0] = '\0'; + else + (void) sl_strlcpy (sh.srvlog.name, DEFAULT_ERRFILE, SH_PATHBUF); + + if (0 == strcmp (ALT_CONSOLE, _("NULL"))) + sh.srvcons.alt[0] = '\0'; + else + (void) sl_strlcpy (sh.srvcons.alt, ALT_CONSOLE, SH_PATHBUF); +#ifndef DEFAULT_CONSOLE + (void) sl_strlcpy (sh.srvcons.name, _("/dev/console"), SH_PATHBUF); +#else + if (0 == strcmp (DEFAULT_CONSOLE, _("NULL"))) + (void) sl_strlcpy (sh.srvcons.name, _("/dev/console"), SH_PATHBUF); + else + (void) sl_strlcpy (sh.srvcons.name, DEFAULT_CONSOLE, SH_PATHBUF); +#endif + +#ifdef MKD_09 + ErrFlag[1] |= (1 << 24); +#endif +#ifdef MKD_10 + ErrFlag[1] |= (1 << 25); +#endif +#ifdef MKD_11 + ErrFlag[1] |= (1 << 26); +#endif +#ifdef MKD_12 + ErrFlag[1] |= (1 << 27); +#endif +#ifdef MKD_13 + ErrFlag[1] |= (1 << 28); +#endif +#ifdef MKD_14 + ErrFlag[1] |= (1 << 29); +#endif +#ifdef MKD_15 + ErrFlag[1] |= (1 << 30); +#endif +#ifdef MKD_16 + ErrFlag[1] |= (1UL << 31); +#endif + + + /* The timers. + */ + sh.fileCheck.alarm_last = 0; + sh.fileCheck.alarm_interval = 600; /* ten minutes */ + + sh.mailTime.alarm_last = 0; + sh.mailTime.alarm_interval = 86400; + + sh.mailNum.alarm_last = 0; + sh.mailNum.alarm_interval = 10; + + sh.looptime = 60; + + /* The struct to hold privileged information. + */ + skey = (sh_key_t *) malloc (sizeof(sh_key_t)); + if (skey != NULL) + { + + skey->mlock_failed = SL_FALSE; + skey->rngI = BAD; + /* properly initialized later + */ + skey->rng0[0] = 0x03; skey->rng0[1] = 0x09; skey->rng0[2] = 0x17; + skey->rng1[0] = 0x03; skey->rng1[1] = 0x09; skey->rng1[2] = 0x17; + skey->rng2[0] = 0x03; skey->rng2[1] = 0x09; skey->rng2[2] = 0x17; + + for (i = 0; i < KEY_BYT; ++i) + skey->poolv[i] = '\0'; + + skey->poolc = 0; + + skey->ErrFlag[0] = ErrFlag[0]; + ErrFlag[0] = 0; + skey->ErrFlag[1] = ErrFlag[1]; + ErrFlag[1] = 0; + + dez = &(TcpFlag[POS_TF-1][0]); + for (i = 0; i < PW_LEN; ++i) + { + skey->pw[i] = (char) (*dez); + (*dez) = '\0'; + ++dez; + } + + skey->sh_sockpass[0] = '\0'; + skey->sigkey_old[0] = '\0'; + skey->sigkey_new[0] = '\0'; + skey->mailkey_old[0] = '\0'; + skey->mailkey_new[0] = '\0'; + skey->crypt[0] = '\0'; /* flawfinder: ignore *//* ff bug */ + skey->session[0] = '\0'; + skey->vernam[0] = '\0'; + } + else + { + perror(_("sh_init")); + _exit (EXIT_FAILURE); + } + + sh_unix_memlock(); + SL_RET0(_("sh_init")); +} + + +#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) +#include +#endif + +#if defined(SH_USE_XML) +extern int sh_log_file (char * message, char * inet_peer); +#endif + +/******************************************************* + * + * Exit Handler + * + *******************************************************/ +static void exit_handler(void) +{ + /* --- Clean up modules, if any. --- + */ +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + int modnum; +#endif +#if defined(SH_WITH_SERVER) + extern int sh_socket_remove (void); +#endif + + SL_ENTER(_("exit_handler")); + +#if defined(SH_WITH_SERVER) + sh_socket_remove (); +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + for (modnum = 0; modList[modnum].name != NULL; ++modnum) + { + if (modList[modnum].initval == SH_MOD_ACTIVE) + (void) modList[modnum].mod_cleanup(); + } +#ifdef HAVE_PTHREAD + sh_pthread_cancel_all(); +#endif +#endif + + /* --- Push out all pending messages. --- + */ +#if defined(SH_WITH_MAIL) + if (sh.mailNum.alarm_last > 0) + { + (void) sh_mail_msg (NULL); + } +#endif + + /* --- Write the server stat. --- + */ +#if defined(SH_WITH_SERVER) + sh_forward_html_write(); +#endif + + /* --- Clean up memory to check for problems. --- + */ +#ifdef MEM_DEBUG +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + sh_files_deldirstack (); + sh_files_delfilestack (); + sh_hash_hashdelete(); + sh_files_hle_reg (NULL); +#endif +#if defined(SH_WITH_SERVER) + sh_forward_free_all (); +#endif + delete_cache(); + sh_mem_stat(); +#endif + +#ifdef MEM_DEBUG + sh_unix_count_mlock(); +#endif + + /* --- Checksum of executable. --- + */ + (void) sh_unix_self_check(); + + + /* --- Exit Message. --- + */ + sh_error_handle ((-1), FIL__, __LINE__, sh.flag.exit, MSG_EXIT_NORMAL, + sh.prg_name, sh_sig_msg); +#ifdef SH_USE_XML + (void) sh_log_file (NULL, NULL); +#endif + + + /* --- Restrict error logging to stderr. --- + */ +#ifdef WITH_MESSAGE_QUEUE + close_ipc (); +#endif + sh_error_only_stderr (S_TRUE); + + + /* --- Remove lock, delete critical information. --- + */ + (void) sh_unix_rm_lock_file (sh.srvlog.name); + if (sh.flag.isdaemon == S_TRUE) + (void) sh_unix_rm_pid_file (); + if (skey != NULL) + memset (skey, (int) '\0', sizeof(sh_key_t)); + + /* --- Exit. --- + */ + SL_RET0(_("exit_handler")); +} + +/*********************************************************** + * + */ +#ifndef SIGHUP +#define SIGHUP 1 +#endif +#ifndef SIGTERM +#define SIGTERM 15 +#endif +#ifndef SIGKILL +#define SIGKILL 9 +#endif + +#if defined(__linux__) || defined(sun) || defined(__sun) || defined(__sun__) +#include +static pid_t * procdirSamhain (void) +{ + pid_t * pidlist; + struct dirent * d; + DIR * dp; + long ino; + struct stat buf; + int i; + pid_t pid, mypid = getpid(); + char * tail; + char exef[128]; + + if (0 != stat(SH_INSTALL_PATH, &buf)) + { + return NULL; + } + + ino = (long) buf.st_ino; + + if (NULL == (dp = opendir("/proc"))) + { + return NULL; + } + + SH_MUTEX_LOCK(mutex_readdir); + + pidlist = malloc(sizeof(pid_t) * 65535); + if (!pidlist) + goto unlock_and_out; + + for (i = 0; i < 65535; ++i) pidlist[i] = 0; + + i = 0; + while (NULL != (d = readdir(dp)) && i < 65535) + { + if (0 != strcmp(d->d_name, ".") && 0 != strcmp(d->d_name, "..")) + { + errno = 0; + pid = (pid_t) strtol (d->d_name, &tail, 0); + if (*tail != '\0' || errno != 0) + continue; + if (pid == mypid) + continue; +#if defined(__linux__) + sprintf(exef, _("/proc/%d/exe"), (int) pid); /* known to fit */ +#else + sprintf(exef, _("/proc/%d/object/a.out"), /* known to fit */ + (int) pid); +#endif + if (0 == stat(exef, &buf) && ino == (long) buf.st_ino) + { pidlist[i] = (pid_t) pid; ++i; } + } + } + + unlock_and_out: + ; + SH_MUTEX_UNLOCK(mutex_readdir); + + closedir(dp); + return pidlist; +} +#else +static pid_t * procdirSamhain (void) +{ + return NULL; +} +#endif + +static int killprocSamhain (pid_t pid) +{ + int i; + + /* fprintf(stderr, "Killing %d\n", pid); */ + if (pid > 0 && 0 == kill (pid, SIGTERM)) + { + for (i = 0; i < 16; ++i) + { + (void) retry_msleep(1, 0); + if (0 != kill (pid, 0) && errno == ESRCH) + return (0); + } + + (void) kill (pid, SIGKILL); + return (0); + } + if (pid > 0) + { + if (errno == ESRCH) + return 7; + if (errno == EPERM) + return 4; + return 1; + } + else + return (7); +} + +static pid_t pidofSamhain (int flag) +{ + FILE * fp; + char line[256]; + char * tail; + char * p; + pid_t pid; + long inpid; + struct stat buf; + + fp = fopen (DEFAULT_ERRLOCK, "r"); + + if (!fp) + { if (errno != ENOENT) perror(_("fopen")); return 0; } + if (NULL == fgets(line, sizeof(line), fp)) + { perror(_("fgets")); (void) fclose(fp); return 0; } + (void) fclose(fp); + p = line; + while (*p == ' ' || *p == '\f' || *p == '\n' || + *p == '\r' || *p == '\t' || *p == '\v') + ++p; + errno = 0; + inpid = strtol (p, &tail, 0); + if (p == tail || errno != 0) + { perror(_("strtol")); return 0; } + + pid = (pid_t) inpid; + if (inpid != (long) pid) + { perror(_("strtol")); return 0; } + + /* remove stale pid file + */ + if (flag == 1 && pid > 0 && 0 != kill(pid, 0) && errno == ESRCH) + { + if /*@-unrecog@*/ (0 == lstat (DEFAULT_ERRLOCK, &buf))/*@+unrecog@*/ + { + if /*@-usedef@*/(S_ISREG(buf.st_mode))/*@+usedef@*/ + { + (void) unlink(DEFAULT_ERRLOCK); + } + } + else + { + perror(_("lstat")); return 0; + } + pid = 0; + } + return pid; +} + +/* 1: start 2:stop 3:reload 4:status + */ +/*@-exitarg@*/ +static int samhainctl(int ctl, int * argc, char * argv[]) +{ + char * fullpath; + pid_t pid; + int status; + int res; + pid_t respid; + int times; + char * argp[32]; + pid_t * pidlist; + int i; + + + fullpath = strdup (SH_INSTALL_PATH); + if (fullpath == NULL) + { perror(_("strdup")); exit (1); } + + argp[0] = strdup (SH_INSTALL_PATH); + if (argp[0] == NULL) + { perror(_("strdup")); exit (1); } + + for (times = 1; times < 32; ++times) argp[times] = NULL; + + res = (*argc > 32) ? 32 : *argc; + + for (times = 2; times < res; ++times) + { + argp[times-1] = strdup (argv[times]); + if (argp[times-1] == NULL) + { perror(_("strdup")); exit (1); } + } + + if (ctl == 1) + { + pid = pidofSamhain(1); + + if (pid != 0 && 0 == kill (pid, 0)) /* already started */ + exit (0); + + pid = fork(); + switch (pid) { + case ((pid_t) -1): + perror(_("fork")); + exit (1); + case 0: + if (0 != close (0)) + { + _exit(4); + } + (void) execv(fullpath, argp); /* flawfinder: ignore *//* wtf? */ + if (errno == EPERM) + _exit(4); + else if (errno == ENOENT) + _exit(5); + _exit (1); + default: + times = 0; + while (times < 300) { + respid = waitpid(pid, &status, WNOHANG|WUNTRACED); + if ((pid_t)-1 == respid) + { + perror(_("waitpid")); + exit (1); + } + else if (pid == respid) + { +#ifndef USE_UNO + if (0 != WIFEXITED(status)) + { + res = WEXITSTATUS(status); + exit (res == 0 ? 0 : res ); + } + else + exit (1); +#else + exit (1); +#endif + } + ++times; + (void) retry_msleep(1, 0); + } + exit (0); /* assume that it runs ok */ + } + } + + pid = pidofSamhain(0); + + if (ctl == 2) /* stop */ + { + pidlist = procdirSamhain (); + if (pid == 0 && NULL == pidlist) /* pid file not found */ + { + free(fullpath); + return (0); + } + + status = 0; + if (pid != 0) + status = killprocSamhain(pid); + if (pidlist != NULL) + { + i = 0; + while (i < 65535 && pidlist[i] != 0) + { + if (pidlist[i] != pid) + status = killprocSamhain(pidlist[i]); + ++i; + } + } + free(fullpath); + if (status == 7) + return 0; + else + return status; + } + + if (ctl == 3) /* reload */ + { + if (pid == 0) + exit (7); + if (0 == kill (pid, SIGHUP)) + exit (0); + else + { + if (errno == EPERM) + exit (4); + if (errno == ESRCH) + exit (7); + exit (1); + } + } + + if (ctl == 4) /* status */ + { + if (pid == 0) + exit (3); + if (0 == kill (pid, 0)) + exit (0); + else + { + if (errno == EPERM) + exit (4); + if (errno == ESRCH) + exit (1); + } + } + free(fullpath); /* silence smatch false positive */ + exit (1); /* no exit handler installed yet */ + /*@notreached@*/ + return (0); +} +/*@+exitarg@*/ + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) +#include "sh_schedule.h" +static sh_schedule_t * FileSchedOne = NULL; +static sh_schedule_t * FileSchedTwo = NULL; + +/* free a linked list of schedules + */ +static sh_schedule_t * free_sched (sh_schedule_t * isched) +{ + sh_schedule_t * current = isched; + sh_schedule_t * next = NULL; + + while (current != NULL) + { + next = current->next; + SH_FREE(current); + current = next; + } + return NULL; +} + +/* Add a new schedule to the linked list of schedules + */ +static sh_schedule_t * sh_set_schedule_int (const char * str, + sh_schedule_t * FileSchedIn, + /*@out@*/ int * status) +{ + sh_schedule_t * FileSched; + + SL_ENTER(_("sh_set_schedule_int")); + + if (0 == sl_strncmp(str, _("NULL"), 4)) + { + (void) free_sched(FileSchedIn); + FileSchedIn = NULL; + *status = 0; + return 0; + } + + FileSched = SH_ALLOC(sizeof(sh_schedule_t)); + *status = create_sched(str, FileSched); + if (*status != 0) + { + SH_FREE(FileSched); + FileSched = NULL; + SL_RETURN(FileSchedIn , _("sh_set_schedule_int")); + } + FileSched->next = FileSchedIn; + SL_RETURN(FileSched , _("sh_set_schedule_int")); +} + +/* Add a new schedule to the linked list FileSchedOne + */ +int sh_set_schedule_one (const char * str) +{ + int status; + FileSchedOne = sh_set_schedule_int (str, FileSchedOne, &status); + return status; +} + +/* Add a new schedule to the linked list FileSchedTwo + */ +int sh_set_schedule_two (const char * str) +{ + int status; + FileSchedTwo = sh_set_schedule_int (str, FileSchedTwo, &status); + return status; +} + +#endif + +/******************************************************* + * + * Main program + * + *******************************************************/ +#if !defined(SH_CUTEST) +int main(int argc, char * argv[]) +#else +int undef_main(int argc, char * argv[]) +#endif +{ +#if defined(INET_SYSLOG) + extern int create_syslog_socket (int flag); +#endif +#if defined(SH_WITH_SERVER) + extern int sh_create_tcp_socket(void); +#endif + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + int modnum; + time_t runtim; + float st_1, st_2; + int status; + volatile long cct = 0; /* main loop iterations */ + + volatile int flag_check_1 = 0; + volatile int flag_check_2 = 0; + + int check_done = 0; +#endif + + volatile time_t told; + volatile time_t tcurrent; + size_t tzlen; + char * tzptr; + int res; + +#if defined (SH_STEALTH_NOCL) + char command_line[256]; + int my_argc = 0; + char * my_argv[32]; +#endif + +#if !defined(USE_SYSTEM_MALLOC) + typedef void assert_handler_tp(const char * error, const char *file, int line); + extern assert_handler_tp *dnmalloc_set_handler(assert_handler_tp *new); + (void) dnmalloc_set_handler(safe_fatal); +#endif + + SH_G_INIT; /* Must precede any use of _() */ + + SL_ENTER(_("main")); + + /* --- Close all but first three file descriptors. --- + */ + sh_unix_closeall(3, -1, SL_FALSE); /* at program start */ + + + if (argc >= 2 && 0 != getuid() && + (0 == strcmp(argv[1], _("start")) || + 0 == strcmp(argv[1], _("stop")) || + 0 == strcmp(argv[1], _("reload")) || + 0 == strcmp(argv[1], _("force-reload")) || + 0 == strcmp(argv[1], _("status")) || + 0 == strcmp(argv[1], _("restart")))) + { + return 4; + } + + if (argc >= 2 && 0 == getuid()) + { + /* return codes: + * 0 Success + * 1 Can not send signal / start program + * 2 Pid file does not exist + */ + if (0 == strcmp(argv[1], _("start"))) + { + (void) samhainctl (1, &argc, argv); /* does not return */ + } + else if (0 == strcmp(argv[1], _("stop"))) + return (samhainctl (2, &argc, argv)); + else if (0 == strcmp(argv[1], _("reload"))) + (void) samhainctl (3, &argc, argv); /* does not return */ + else if (0 == strcmp(argv[1], _("force-reload"))) + (void) samhainctl (3, &argc, argv); /* does not return */ + else if (0 == strcmp(argv[1], _("status"))) + (void) samhainctl (4, &argc, argv); /* does not return */ + else if (0 == strcmp(argv[1], _("restart"))) + { + res = samhainctl (2, &argc, argv); + if (res == 0 || res == 7) + { + (void) samhainctl (1, &argc, argv); /* does not return */ + } + else + return (res); + } + } + + /* if fd 0 is closed, presume that we want to be daemon and + * run in check mode + */ + if ((-1) == retry_fcntl(FIL__, __LINE__, 0, F_GETFL, 0) && + errno == EBADF) + { + sh.flag.opts = S_TRUE; + (void) sh_unix_setdeamon(NULL); +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + sh.flag.checkSum = SH_CHECK_CHECK; + /* (void) sh_util_setchecksum(_("check")); */ +#endif + is_samhainctl_init = S_TRUE; + sh.flag.opts = S_FALSE; + } + + + /* --- Install the exit handler. --- + */ + (void) atexit(exit_handler); + + /* --- Zero the mailer key, and fill it. --- + */ + memset (ErrFlag, 0, 2*sizeof(UINT32)); + +#ifdef MKA_01 + ErrFlag[0] |= (1 << 0); +#endif +#ifdef MKA_02 + ErrFlag[0] |= (1 << 1); +#endif +#ifdef MKA_03 + ErrFlag[0] |= (1 << 2); +#endif +#ifdef MKA_04 + ErrFlag[0] |= (1 << 3); +#endif +#ifdef MKA_05 + ErrFlag[0] |= (1 << 4); +#endif +#ifdef MKA_06 + ErrFlag[0] |= (1 << 5); +#endif +#ifdef MKA_07 + ErrFlag[0] |= (1 << 6); +#endif +#ifdef MKA_08 + ErrFlag[0] |= (1 << 7); +#endif + +#if defined(SCREW_IT_UP) + BREAKEXIT(sh_sigtrap_prepare); + (void) sh_sigtrap_prepare(); +#endif + + /* Save the timezone. + */ + if (NULL != (tzptr = getenv("TZ"))) /* flawfinder: ignore */ + { + tzlen = strlen(tzptr); + if (tzlen < 1024) + { + sh.timezone = malloc (tzlen + 1); + if (sh.timezone != NULL) + (void) sl_strlcpy (sh.timezone, tzptr, tzlen + 1); + } + else + sh.timezone = NULL; + } + else + sh.timezone = NULL; + + + /* -------- INIT -------- + */ + + /* Restrict error logging to stderr. + */ + sh_error_only_stderr (S_TRUE); + + BREAKEXIT(sh_derr); + (void) sh_derr(); + + /* Check that first three descriptors are open. + */ + if ( retry_fcntl(FIL__, __LINE__, 0, F_GETFL, 0) == (-1)) + (void) aud_open(FIL__, __LINE__, SL_NOPRIV, _("/dev/null"), O_RDWR, 0); + if ( retry_fcntl(FIL__, __LINE__, 1, F_GETFL, 0) == (-1)) + (void) aud_open(FIL__, __LINE__, SL_NOPRIV, _("/dev/null"), O_RDWR, 1); + if ( retry_fcntl(FIL__, __LINE__, 2, F_GETFL, 0) == (-1)) + (void) aud_open(FIL__, __LINE__, SL_NOPRIV, _("/dev/null"), O_RDWR, 2); + + /* --- Set default values. --- + */ + BREAKEXIT(sh_init); + sh_init (); /* we are still privileged here, so we can mlock skey */ +#if (defined (SH_WITH_SERVER) && !defined (SH_WITH_CLIENT)) + sh.flag.isserver = S_TRUE; +#endif + + /* --- Get local hostname. --- + */ + BREAKEXIT(sh_unix_localhost); + sh_unix_localhost(); + + /* --- Read the command line. --- + */ + sh.flag.opts = S_TRUE; + +#if !defined(SH_STEALTH_NOCL) + sh_argc_store = argc; + sh_argv_store = argv; + (void) sh_getopt_get (argc, argv); +#else + if (argc > 1 && argv[1] != NULL && + strlen(argv[1]) > 0 && strlen(NOCL_CODE) > 0) + { + if ( 0 == strcmp(argv[1], NOCL_CODE) ) + { +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) + char * saveptr; +#endif + my_argv[0] = argv[0]; ++my_argc; + command_line[0] = '\0'; + if (NULL != fgets (command_line, sizeof(command_line), stdin)) + command_line[sizeof(command_line)-1] = '\0'; + + do { +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) + my_argv[my_argc] = + strtok_r( (my_argc == 1) ? command_line : NULL, " \n", &saveptr); +#else + my_argv[my_argc] = + strtok( (my_argc == 1) ? command_line : NULL, " \n"); +#endif + if (my_argv[my_argc] != NULL) { + ++my_argc; + } else { + break; + } + } while (my_argc < 32); + + sh_argc_store = my_argc; + sh_argv_store = my_argv; + + (void) sh_getopt_get (my_argc, my_argv); + } + else + { + /* discard command line */ + /* _exit(EXIT_FAILURE) */ ; + } + } +#endif + sh.flag.opts = S_FALSE; + + + /* --- Get user info. --- + */ + TPT((0, FIL__, __LINE__, _("msg=\n"))) + if (0 != sh_unix_getUser ()) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EXIT_ABORT1, + sh.prg_name); + aud_exit(FIL__, __LINE__, EXIT_FAILURE); + } + + + /* ***************************** + * + * Read the configuration file. + * + * *****************************/ + + TPT((0, FIL__, __LINE__, _("msg=\n"))) + BREAKEXIT(sh_readconf_read); + (void) sh_readconf_read (); + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + if (sh.flag.checkSum == SH_CHECK_NONE) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("No action specified: init, update, or check"), + _("main")); + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EXIT_ABORT1, + sh.prg_name); + aud_exit (FIL__, __LINE__, EXIT_FAILURE); + } +#endif + + /* do not append to database if run SUID + */ + if ((sh.flag.checkSum == SH_CHECK_INIT) && (0 != sl_is_suid())) + { + (void) dlog(1, FIL__, __LINE__, + _("Cannot initialize database when running with SUID credentials.\nYou need to run this with the user ID %d.\nYour current user ID is %d."), + (int) geteuid(), (int) sh.real.uid); + sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_ACCESS, + (long) sh.real.uid, sh.data.path); + aud_exit(FIL__, __LINE__, EXIT_FAILURE); + } + + /* avoid daemon mode for initialization + */ + if (sh.flag.checkSum == SH_CHECK_INIT) + { + sh.flag.isdaemon = S_FALSE; + sh.flag.loop = S_FALSE; + } + + /* --- load database; checksum of database + */ +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + TPT((0, FIL__, __LINE__, _("msg=\n"))) + if (sh.flag.checkSum == SH_CHECK_CHECK) + { + if (0 != sl_strcmp(file_path('D', 'R'), _("REQ_FROM_SERVER"))) + { + char hashbuf[KEYBUF_SIZE]; + (void) sl_strlcpy(sh.data.hash, + sh_tiger_hash (file_path('D', 'R'), + TIGER_FILE, TIGER_NOLIM, + hashbuf, sizeof(hashbuf)), + KEY_LEN+1); + } + + /* this eventually fetches the file from server to get checksum + */ + sh_hash_init (); + } +#endif + + /* --- initialize signal handling etc.; fork daemon + */ + if (sh_unix_init(sh.flag.isdaemon) == -1) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EXIT_ABORT1, + sh.prg_name); + aud_exit(FIL__, __LINE__, EXIT_FAILURE); + } + + /* --- drop privileges eventually --- + */ +#if defined(SH_WITH_SERVER) + sh_create_tcp_socket (); +#if defined(INET_SYSLOG) + create_syslog_socket (S_TRUE); +#endif + SL_REQUIRE(sl_policy_get_real(DEFAULT_IDENT) == SL_ENONE, + _("sl_policy_get_real(DEFAULT_IDENT) == SL_ENONE")); +#else + SL_REQUIRE(sl_policy_get_user(DEFAULT_IDENT) == SL_ENONE, + _("sl_policy_get_user(DEFAULT_IDENT) == SL_ENONE")); +#endif + + /* --- Get user info (again). --- + */ + TPT((0, FIL__, __LINE__, _("msg=\n"))) + if (0 != sh_unix_getUser ()) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EXIT_ABORT1, + sh.prg_name); + aud_exit(FIL__, __LINE__, EXIT_FAILURE); + } + + /* --- now check whether we really wanted it; if not, close --- + */ +#if defined(INET_SYSLOG) && defined(SH_WITH_SERVER) + create_syslog_socket (S_FALSE); +#endif + + + /* --- Enable full error logging --- + */ + sh_error_only_stderr (S_FALSE); + + /**************************************************** + * + * SERVER + * + ****************************************************/ + +#if defined(SH_WITH_SERVER) && !defined(SH_WITH_CLIENT) + +#if (defined(WITH_GPG) || defined(WITH_PGP)) + /* log startup */ + sh_gpg_log_startup (); +#else + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_1H, + sh.prg_name, (long) sh.real.uid, + (sh.flag.hidefile == S_TRUE) ? + _("(hidden)") : file_path('C','R'), + sh.conf.hash); +#endif + +#else + + /**************************************************** + * + * CLIENT/STANDALONE + * + ****************************************************/ + + BREAKEXIT(sh_error_handle); + + if (sh.flag.checkSum == SH_CHECK_CHECK) + { +#if (defined(WITH_GPG) || defined(WITH_PGP)) + /* log startup */ + sh_gpg_log_startup (); +#else + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_2H, + sh.prg_name, (long) sh.real.uid, + (sh.flag.hidefile == S_TRUE) ? _("(hidden)") : file_path('C', 'R'), sh.conf.hash, + (sh.flag.hidefile == S_TRUE) ? _("(hidden)") : file_path('D', 'R'), sh.data.hash); +#endif + } + else + { +#if (defined(WITH_GPG) || defined(WITH_PGP)) + /* log startup */ + sh_gpg_log_startup (); +#else + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_1H, + sh.prg_name, (long) sh.real.uid, + (sh.flag.hidefile == S_TRUE) ? _("(hidden)") : file_path('C', 'R'), sh.conf.hash); +#endif + } +#endif + + + if ((skey == NULL) || (skey->mlock_failed == SL_TRUE)) + sh_error_handle ((-1), FIL__, __LINE__, EPERM, MSG_MLOCK); + + /* timer + */ + tcurrent = time (NULL); + told = tcurrent; + sh.mailTime.alarm_last = told; + + + /**************************************************** + * + * SERVER + * + ****************************************************/ + +#if defined(SH_WITH_SERVER) + TPT((0, FIL__, __LINE__, _("msg=\n"))) + +#if defined (SH_WITH_CLIENT) + if (sh.flag.isserver == S_TRUE) + { + sh_receive(); + TPT((0, FIL__, __LINE__, _("msg=\n"))) + aud_exit (FIL__, __LINE__, EXIT_SUCCESS); + } +#else + sh_receive(); + TPT((0, FIL__, __LINE__, _("msg=\n"))) + aud_exit (FIL__, __LINE__, EXIT_SUCCESS); +#endif + +#endif + + /**************************************************** + * + * CLIENT/STANDALONE + * + ****************************************************/ +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + + + /* --- Initialize modules. --- + */ + TPT((0, FIL__, __LINE__, _("msg=\n"))) + for (modnum = 0; modList[modnum].name != NULL; ++modnum) + { + status = modList[modnum].mod_init(&(modList[modnum])); + if ( status < 0 ) + { + if (status == (-1)) { + sh_error_handle (SH_ERR_NOTICE, FIL__, __LINE__, status, + MSG_MOD_FAIL, + _(modList[modnum].name), + status); + } else { + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_MOD_FAIL, + _(modList[modnum].name), + status); + } + modList[modnum].initval = SH_MOD_FAILED; + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_MOD_OK, + _(modList[modnum].name)); + modList[modnum].initval = status; + } + } + + /* -------- TEST SETUP --------- + */ + (void) sh_files_setrec(); + (void) sh_files_test_setup(); + + + /* -------- NICE LEVEL --------- + */ + if (0 != sh.flag.nice) + { +#ifdef HAVE_SETPRIORITY + /*@-unrecog@*/ + (void) setpriority(PRIO_PROCESS, 0, sh.flag.nice); + /*@+unrecog@*/ +#else + (void) nice(sh.flag.nice); +#endif + } + + /* -------- MAIN LOOP --------- + */ + sh.statistics.bytes_speed = 0; + sh.statistics.bytes_hashed = 0; + + while (1 == 1) + { + ++cct; + + BREAKEXIT(sh_error_handle); + + TPT((0, FIL__, __LINE__, _("msg=, iter=<%ld>\n"), cct)) + + tcurrent = time (NULL); + + if (sig_raised > 0) + { + + TPT((0, FIL__, __LINE__, _("msg=\n"))) + + if (sig_termfast == 1) /* SIGTERM */ + { + TPT((0, FIL__, __LINE__, _("msg=\n"))); + /* strncpy (sh_sig_msg, _("SIGTERM"), 20); */ + --sig_raised; --sig_urgent; + aud_exit (FIL__, __LINE__, EXIT_SUCCESS); + } + + if (sig_force_check == 1) /* SIGTTOU */ + { + TPT((0, FIL__, __LINE__, _("msg=\n"))); + flag_check_1 = 1; + flag_check_2 = 1; + sig_force_check = 0; + --sig_raised; + } + + if (sig_config_read_again == 1 && /* SIGHUP */ + sh_global_suspend_flag == 0) + { + TPT((0, FIL__, __LINE__, _("msg=\n"))) + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_RECONF); + + sh_thread_pause_flag = S_TRUE; + +#if defined(WITH_EXTERNAL) + /* delete list of external tasks + */ + (void) sh_ext_cleanup(); +#endif + /* delete the file list, make all database + * entries visible (allignore = FALSE) + */ + (void) sh_files_deldirstack (); + (void) sh_files_delfilestack (); + (void) sh_ignore_clean (); + (void) hash_full_tree (); + +#if defined(SH_WITH_CLIENT) + reset_count_dev_server(); +#endif +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + + + FileSchedOne = free_sched(FileSchedOne); + FileSchedTwo = free_sched(FileSchedTwo); + + for (modnum = 0; modList[modnum].name != NULL; ++modnum) + { + /* sh_thread_pause_flag is true, and we block in lock + * until check has returned, so we are sure check will + * not run until sh_thread_pause_flag is set to false + */ + /* if (modList[modnum].initval >= SH_MOD_ACTIVE) */ + (void) modList[modnum].mod_reconf(); + } +#endif + +#if defined(SH_WITH_MAIL) + reset_count_dev_mail(); +#endif + reset_count_dev_console(); + reset_count_dev_time(); + + (void) sh_unix_maskreset(); + + /* Should this be included ??? + * (i.e. should we reload the database ?) + */ +#ifdef RELOAD_DATABASE + sh_hash_hashdelete(); +#endif + (void) sl_trust_purge_user(); + (void) sh_files_hle_reg (NULL); + (void) sh_prelink_run (NULL, NULL, 0); + + /* -------------------------- + * --- READ CONFIGURATION --- + * -------------------------- + */ + (void) sh_readconf_read (); + sig_config_read_again = 0; + (void) sh_files_setrec(); + (void) sh_files_test_setup(); + if (0 != sh.flag.nice) + { +#ifdef HAVE_SETPRIORITY + setpriority(PRIO_PROCESS, 0, sh.flag.nice); +#else + nice(sh.flag.nice); +#endif + } + + if (sh.flag.checkSum == SH_CHECK_INIT) + { + sh.flag.isdaemon = S_FALSE; + sh.flag.loop = S_FALSE; + } + + + /* --- Initialize modules. --- + */ + TPT((0, FIL__, __LINE__, _("msg=\n"))); + for (modnum = 0; modList[modnum].name != NULL; ++modnum) + { + status = modList[modnum].mod_init(&(modList[modnum])); + + if (status < 0) + { + if (status == (-1)) { + sh_error_handle (SH_ERR_NOTICE, FIL__, __LINE__, + status, MSG_MOD_FAIL, + _(modList[modnum].name), + status); + } else { + sh_error_handle ((-1), FIL__, __LINE__, + status, MSG_MOD_FAIL, + _(modList[modnum].name), + status); + } + modList[modnum].initval = SH_MOD_FAILED; + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_MOD_OK, + _(modList[modnum].name)); + modList[modnum].initval = status; + } + } + + /* module is properly set up now + */ + sh_thread_pause_flag = S_FALSE; + + --sig_raised; + } + + if (sig_fresh_trail == 1) /* SIGIOT */ + { + if (sh_global_suspend_flag == 0) + { + SH_MUTEX_LOCK(mutex_thread_nolog); + + /* Logfile access + */ +#ifdef SH_USE_XML + (void) sh_log_file (NULL, NULL); +#endif + TPT((0, FIL__, __LINE__, _("msg=\n"))); + sh_error_only_stderr (S_TRUE); + (void) sh_unix_rm_lock_file(sh.srvlog.name); + (void) retry_msleep(3, 0); + sh.flag.log_start = S_TRUE; + sh_error_only_stderr (S_FALSE); + sh_thread_pause_flag = S_FALSE; + sig_fresh_trail = 0; + --sig_raised; + SH_MUTEX_UNLOCK(mutex_thread_nolog); + } + } + + if (sig_terminate == 1) /* SIGQUIT */ + { + TPT((0, FIL__, __LINE__, _("msg=\n"))); + strncpy (sh_sig_msg, _("Quit"), 20); + --sig_raised; --sig_urgent; + aud_exit (FIL__, __LINE__, EXIT_SUCCESS); + } + + if (sig_debug_switch == 1) /* SIGUSR1 */ + { + TPT((0, FIL__, __LINE__, _("msg=\n"))); + sh_error_dbg_switch(); + sig_debug_switch = 0; + --sig_raised; + } + + if (sig_suspend_switch > 0) /* SIGUSR2 */ + { + TPT((0, FIL__, __LINE__, _("msg=\n"))); + if (sh_global_suspend_flag != 1) { + SH_MUTEX_LOCK_UNSAFE(mutex_thread_nolog); + sh_global_suspend_flag = 1; + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_SUSPEND, + sh.prg_name); + } else { + sh_global_suspend_flag = 0; + SH_MUTEX_UNLOCK_UNSAFE(mutex_thread_nolog); + } + --sig_suspend_switch; + --sig_raised; --sig_urgent; + } + sig_raised = (sig_raised < 0) ? 0 : sig_raised; + sig_urgent = (sig_urgent < 0) ? 0 : sig_urgent; + TPT((0, FIL__, __LINE__, _("msg=\n"))); + } + + if (sh_global_suspend_flag == 1) + { + (void) retry_msleep (1, 0); + continue; + } + + /* see whether its time to check files + */ + if (sh.flag.checkSum == SH_CHECK_INIT || + (sh.flag.checkSum == SH_CHECK_CHECK && + (sh.flag.isdaemon == S_FALSE && sh.flag.loop == S_FALSE))) + { + flag_check_1 = 1; + if (FileSchedTwo != NULL) + flag_check_2 = 1; + } + else if (sh.flag.checkSum == SH_CHECK_CHECK || + (sh.flag.update == S_TRUE && + (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE))) + { + if (FileSchedOne == NULL) + { + /* use interval if we have no schedule + */ + if (tcurrent - sh.fileCheck.alarm_last >= + sh.fileCheck.alarm_interval) + flag_check_1 = 1; + } + else + { + flag_check_1 = test_sched(FileSchedOne); + if (FileSchedTwo != NULL) + flag_check_2 = test_sched(FileSchedTwo); + if (flag_check_2 == 1) + flag_check_1 = 1; + } + } + + check_done = 0; + + if (sh.flag.checkSum != SH_CHECK_NONE && + (flag_check_1 == 1 || flag_check_2 == 1)) + { + /* + * check directories and files + * ORDER IS IMPORTANT -- DIRZ FIRST + */ + sh.statistics.bytes_hashed = 0; + sh.statistics.time_start = time (NULL); + sh.statistics.dirs_checked = 0; + sh.statistics.files_checked = 0; + + TPT((0, FIL__, __LINE__, _("msg=\n"))) + BREAKEXIT(sh_dirs_chk); + if (flag_check_1 == 1) + { + (void) sh_dirs_chk (1); +#ifndef SH_PROFILE + (void) retry_aud_chdir (FIL__, __LINE__, "/"); +#endif + } + if (flag_check_2 == 1) + { + (void) sh_dirs_chk (2); +#ifndef SH_PROFILE + (void) retry_aud_chdir (FIL__, __LINE__, "/"); +#endif + } + TPT((0, FIL__, __LINE__, _("msg=\n"))) + BREAKEXIT(sh_files_chk); + if (flag_check_1 == 1) + (void) sh_files_chk (); + + if (sig_urgent > 0) + continue; + + /* + * check for files not visited + */ + if (flag_check_2 == 1 || FileSchedTwo == NULL) + { + TPT((0, FIL__, __LINE__, _("msg=\n"))) + sh_hash_unvisited (ShDFLevel[SH_ERR_T_FILE]); + } + + if (sig_urgent > 0) + continue; + + /* reset + */ + TPT((0, FIL__, __LINE__, _("msg=\n"))) + sh_dirs_reset (); + if (sig_urgent > 0) + continue; + + sh_files_reset (); + flag_check_1 = 0; + flag_check_2 = 0; + check_done = 1; + + (void) sh_prelink_run (NULL, NULL, 0); + + if (sig_urgent > 0) + continue; + + runtim = time(NULL) - sh.statistics.time_start; + sh.statistics.time_check = runtim; + + if ((sh.statistics.dirs_checked == 0) && + (sh.statistics.files_checked == 0)) + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_CHECK_0); + + else + { + st_1 = (float) sh.statistics.bytes_hashed; + st_2 = (float) runtim; + + + if (st_1 > FLT_EPSILON && st_2 > FLT_EPSILON) + st_1 = st_1/st_2; + else if (st_1 > FLT_EPSILON) + st_1 = (float) (st_1 * 1.0); + else + st_1 = 0.0; + + sh.statistics.bytes_speed = (unsigned long) st_1; + + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_CHECK_1, + (long) runtim, + 0.001 * st_1); + } + sh.fileCheck.alarm_last = time (NULL); + + if (sig_urgent > 0) + continue; + + /* + * flush mail queue + */ +#if defined(SH_WITH_MAIL) + TPT((0, FIL__, __LINE__, _("msg=\n"))) + (void) sh_mail_msg (NULL); +#endif + } + + if (sig_urgent > 0) + continue; + + /* execute modules + */ + TPT((0, FIL__, __LINE__, _("msg=\n"))) + for (modnum = 0; modList[modnum].name != NULL; ++modnum) + { + if (modList[modnum].initval == SH_MOD_ACTIVE && + 0 != modList[modnum].mod_timer(tcurrent)) + if (0 != (status = modList[modnum].mod_check())) + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_MOD_EXEC, + _(modList[modnum].name), (long) status); + } + + /* 27.05.2002 avoid empty database + * 22.10.2002 moved here b/o suid check initialization + */ + if (sh.flag.checkSum == SH_CHECK_INIT) + sh_hash_pushdata (NULL, NULL); + + /* write out database + */ + if (sh.flag.checkSum == SH_CHECK_CHECK && + sh.flag.update == S_TRUE && + check_done == 1) + sh_hash_writeout (); + + /* no-op unless MEM_LOG is defined in sh_mem.c + */ +#ifdef MEM_DEBUG + sh_mem_dump (); +#endif + + /* no loop if not daemon + */ + if (sh.flag.isdaemon != S_TRUE && sh.flag.loop == S_FALSE) + break; + if (sig_urgent > 0) + continue; + + /* see whether its time to send mail + */ +#if defined(SH_WITH_MAIL) + if (tcurrent - sh.mailTime.alarm_last >= sh.mailTime.alarm_interval) + { + TPT((0, FIL__, __LINE__, _("msg=\n"))) + (void) sh_mail_msg (NULL); + sh.mailTime.alarm_last = time (NULL); + } +#endif + if (sig_urgent > 0) + continue; + + /* log the timestamp + */ + if ((int)(tcurrent - told) >= sh.looptime ) + { + TPT((0, FIL__, __LINE__, _("msg=\n"))) + told = tcurrent; +#ifdef MEM_DEBUG + sh_mem_check(); + sh_unix_count_mlock(); +#else + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_STAMP); +#endif + } + + /* seed / re-seed the PRNG if required + */ + (void) taus_seed(); + + if (sig_urgent > 0) + continue; + + /* go to sleep + */ + (void) retry_msleep (1, 0); + + BREAKEXIT(sh_derr); + (void) sh_derr(); + } + + /* ------ END ----------- + */ + + + + /* + * cleanup + */ + TPT((0, FIL__, __LINE__, _("msg=\n"))); + sh_hash_hashdelete(); + +#if defined(SH_WITH_MAIL) + if (sh.mailNum.alarm_last > 0) + (void)sh_mail_msg (NULL); +#endif + + /* #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) */ +#endif + +#if 0 + { + char command[128]; + sprintf(command, "/bin/cat /proc/%d/status", (int) getpid()); + system(command); /* flawfinder: ignore *//* debug code */ + malloc_stats(); + } +#endif + + aud_exit (FIL__, __LINE__, EXIT_SUCCESS); + SL_RETURN(0, _("main")); +} Index: /tags/2.5.0/src/samhain_erase.c =================================================================== --- /tags/2.5.0/src/samhain_erase.c (revision 189) +++ /tags/2.5.0/src/samhain_erase.c (revision 189) @@ -0,0 +1,140 @@ +/*************************************************************************** + * + * Purpose: + * ------- + * Hide loaded kernel modules with names including the string MAGIC_HIDE + + * + * Configuration: + * ------------- + * If not building within the samhain system, you may remove the + * line '#include "config.h"' and in the line + * '#define MAGIC_HIDE SH_MAGIC_HIDE', replace SH_MAGIC_HIDE with + * "someString" (in quotes !). + */ + + +#include "config.h" + +#define MAGIC_HIDE SH_MAGIC_HIDE + +/* #define MAGIC_HIDE "someString" */ + +/* define this if you have a modversioned kernel */ +/* #define MODVERSIONS */ + +/* + * Install: + * ------- + * gcc -Wall -O2 -c samhain_erase.c + * mv samhain_hide.o /lib/modules/KERNEL_VERSION/misc/ + * + * (Replace KERNEL_VERSION with your kernel's version.) + * + * Usage: + * ----- + * To load the module: + * insmod samhain_hide (for improved safety: 'sync && insmod samhain_hide') + * + * To unload the module + * rmmod samhain_hide (for improved safety: 'sync && rmmod samhain_hide') + * + * + * Tested on: + * --------- + * Linux 2.2 + * + * Copyright: + * --------- + * Copyright (C) 2001 Rainer Wichmann (http://la-samhna.de) + * + * License: + * ------- + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License, version 2, as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + ***************************************************************************/ + +#define __KERNEL__ +#define MODULE + +/* The configure options (#defines) for the Kernel + */ +#include + +#ifdef CONFIG_MODVERSIONS +#include +#endif + +#include +#include +#include + +#define N_(string) string +#include "config.h" + +#ifdef MODULE_LICENSE +MODULE_LICENSE("GPL"); +#endif + +#undef NULL +#define NULL ((void *)0) + + +int init_module() +{ + struct module * ptr; + struct module * prev; + int found = 0; + + ptr = &(__this_module); + prev = &(__this_module); + + /* skip this module to allow 'rmmod' + */ + ptr = ptr->next; + + while (ptr) + { + found = 0; + + if (ptr->name && ptr->name[0] != '\0') + { + /* printk("%s <%s>\n", ptr->name, SH_MAGIC_HIDE); */ + if (NULL != strstr(ptr->name, SH_MAGIC_HIDE)) + { + prev->next = ptr->next; + /* printk("-->HIDE\n"); */ + found = 1; + } + } + + if (ptr->next) + { + if (found == 0) + prev = ptr; + ptr = ptr->next; + } + else + break; + } + + return 0; +} + +void cleanup_module() +{ + return; +} + + Index: /tags/2.5.0/src/samhain_hide.c =================================================================== --- /tags/2.5.0/src/samhain_hide.c (revision 189) +++ /tags/2.5.0/src/samhain_hide.c (revision 189) @@ -0,0 +1,895 @@ +/*************************************************************************** + * + * Purpose: + * ------- + * (1) Hide files with the string MAGIC_HIDE in filename, + * where MAGIC_HIDE is defined below. + * By default, MAGIC_HIDE is defined as "samhain". + * + * (2) Hide all processes, if the executable has the string MAGIC_HIDE + * in its name. + * + * + * Configuration: + * ------------- + * If not building within the samhain system, you may remove the + * line '#include "config.h"' and in the line + * '#define MAGIC_HIDE SH_MAGIC_HIDE', replace SH_MAGIC_HIDE with + * "someString" (in quotes !). + */ + +/* #define _(string) string */ +#include "config.h" + +#undef _ +#define _(string) string + +/* define if this is a 2.6 kernel */ +/* #define LINUX26 */ + +#define MAGIC_HIDE SH_MAGIC_HIDE + +/* #define MAGIC_HIDE "someString" */ + +/* define this if you have a modversioned kernel */ +/* #define MODVERSIONS */ + +/* the address of the sys_call_table (not exported in 2.5 kernels) */ +#define MAGIC_ADDRESS SH_SYSCALLTABLE + +/* + * Install: + * ------- + * gcc -Wall -O2 -c samhain_hide.c + * mv samhain_hide.o /lib/modules/KERNEL_VERSION/misc/ + * + * (Replace KERNEL_VERSION with your kernel's version.) + * + * Usage: + * ----- + * To load the module: + * insmod samhain_hide (for improved safety: 'sync && insmod samhain_hide') + * + * Self-hiding can be switched off by passing the option + * 'removeme=0' to the module: + * insmod ./samhain_hide.ko removeme=0 + * + * To unload the module (only possible if not hidden): + * rmmod samhain_hide (for improved safety: 'sync && rmmod samhain_hide') + * + * + * Details: + * ------- + * The following kernel syscalls are replaced: + * sys_getdents [hide files/directories/processes (/proc/PID)] + * + * Tested on: + * --------- + * Linux 2.2, 2.4, 2.6 + * + * Copyright: + * --------- + * Copyright (C) 2001, 2002 Rainer Wichmann (http://la-samhna.de) + * + * License: + * ------- + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License, version 2, as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + ***************************************************************************/ + + + +/***************************************************** + * + * The defines: + * + *****************************************************/ + +/* This is a Linux Loadable Kernel Module. + */ + +#ifndef LINUX26 +#define __KERNEL__ +#define MODULE +#endif +#define LINUX + +/* Define for debugging. + */ +/* #define HIDE_DEBUG */ /* query_module */ +/* #define FILE_DEBUG */ /* getdents */ +/* #define READ_DEBUG */ /* read */ +/* #define PROC_DEBUG */ /* procfs */ + +/***************************************************** + * + * The include files: + * + *****************************************************/ + + +/* The configure options (#defines) for the Kernel + */ +/* 2.6.19 (((2) << 16) + ((6) << 8) + (19)) */ +#define SH_KERNEL_MIN 132627 + +#if SH_KERNEL_NUMERIC >= SH_KERNEL_MIN +#include +#else +#include +#endif + +#ifndef LINUX26 +#ifdef CONFIG_MODVERSIONS +#include +#endif +#endif + + +#ifdef LINUX26 +#include +#endif + +#include + +/* File tables structures. If directory caching is used, + * will be included here, and __LINUX_DCACHE_H + * will thus be defined. + */ +#include +#include + +/* Include the SYS_syscall defines. + */ +#ifndef LINUX26 +#include +#else +#define SYS_getdents 141 +#define SYS_getdents64 220 +#endif + + +/* Includes for 'getdents' per the manpage. + */ +#include +#include +#include + +/* To access userspace memory. + */ +#include + +/* Include for lock_kernel(). + */ +#include + +#if SH_KERNEL_NUMERIC >= SH_KERNEL_MIN +#include +#endif + +/* Include for fget(). + */ +#include + +/***************************************************** + * + * The global variables: + * + *****************************************************/ + +/* The kernel syscall table. Not exported anymore in 2.5 ff., and also + * not in the RedHat 2.4 kernel. + */ + +#if 0 +extern void * sys_call_table[]; +#define sh_sys_call_table sys_call_table +#endif + +unsigned long * sh_sys_call_table = (unsigned long *) MAGIC_ADDRESS; + +/* The old address of the sys_getdents syscall. + */ +int (*old_getdents)(unsigned int, struct dirent *, unsigned int); +#ifdef __NR_getdents64 +#if SH_KERNEL_NUMERIC >= 132628 +/* + * 'asmlinkage' is __required__ to get this to work. + */ +asmlinkage long (*old_getdents64)(unsigned int, struct linux_dirent64 __user *, unsigned int); +#else +long (*old_getdents64)(unsigned int, struct dirent64 *, unsigned int); +#endif +#endif + +char hidden[] = MAGIC_HIDE; + + +/***************************************************** + * + * The functions: + * + *****************************************************/ + + +MODULE_AUTHOR("Rainer Wichmann"); +MODULE_DESCRIPTION("Hide files/processes/modules with MAGIC_HIDE in name."); +#if defined(MODULE_LICENSE) || defined(LINUX26) +MODULE_LICENSE("GPL"); +#endif + +#ifdef LINUX26 +/* Default is to hide ourselves. + */ +static int removeme = 1; + +#ifdef MODULE_PARM +MODULE_PARM (removeme, "i"); +#else +module_param(removeme, int, 0444); +#endif + +#ifdef MODULE_PARM_DESC +MODULE_PARM_DESC(removeme, "Choose zero for not hiding."); +#endif + +/* LINUX26 */ +#endif + + +/* + * struct task_struct is defined in linux/sched.h + * + * as of 2.4.20, the vanilla kernel holds (among others): + * struct task_struct *next_task, *prev_task; + * + * Redhat kernel seems to have a different scheduler. + * use: + * struct task_struct * find_task_by_pid (int pid); + */ + +#if defined(SH_VANILLA_KERNEL) && !defined(LINUX26) +/* + * Fetch the task struct for a given PID. + */ +struct task_struct * fetch_task_struct (int pid) +{ + struct task_struct * task_ptr; + +#ifdef PROC_DEBUG + printk("FETCH TASK %d\n", pid); +#endif + + task_ptr = current; + + do + { + if (task_ptr->pid == (pid_t) pid ) + return (task_ptr); + task_ptr = task_ptr->next_task; + } + while (task_ptr != current); + +#ifdef PROC_DEBUG + printk("FETCH TASK: NOT FOUND !!!\n"); +#endif + + return (NULL); +} + +#else +/* + * RedHat 2.4.20 kernel + */ +struct task_struct * fetch_task_struct (int pid) +{ + struct task_struct * task_ptr = NULL; + task_ptr = find_task_by_pid (pid); + return (task_ptr); +} +#endif + +/* Convert a string to an int. + * Does not recognize integers with a sign (+/-) in front. + */ +int my_atoi(char * in_str) +{ + int i = 0; + int retval = 0; + int conv = 0; + + if (in_str == NULL) + return (-1); + + while(in_str[i] != '\0') + { + /* Break if not numeric. + */ + if (in_str[i] < '0' || in_str[i] > '9') + break; + + ++conv; + + /* Leading zeroes (should not happen in /proc) + */ + if (retval == 0 && in_str[i] == '0') + retval = retval; + else + retval = retval * 10; + + retval = retval + (in_str[i] - '0'); + + i++; + } + + if (conv == 0) + return (-1); + else + return (retval); +} + +/* Purpose: + * + * Hide all files/dirs that include the string MAGIC_HIDE in their + * name. + */ +int new_getdents (unsigned int fd, struct dirent *dirp, unsigned int count) +{ + int status = 0; /* Return value from original getdents */ + struct inode * dir_inode; + struct file * fd_file; + int dir_is_proc = 0; + + struct dirent * dirp_prev; + struct dirent * dirp_new; + struct dirent * dirp_current; + + int dir_table_bytes; + int forward_bytes; + struct task_struct * task_ptr; + int hide_it = 0; + long dirp_offset; + + unsigned long dummy; + + lock_kernel(); + + status = (*old_getdents)(fd, dirp, count); + +#ifdef FILE_DEBUG + printk("STATUS %d\n", status); +#endif + + /* 0: end of directory. + * -1: some error + */ + if (status <= 0) + { + unlock_kernel(); + return (status); + } + + /* Handle directory caching. dir_inode is the inode of the directory. + */ +#if defined(files_fdtable) + { + struct fdtable *fdt = files_fdtable(current->files); + fd_file = rcu_dereference(fdt->fd[fd]); + } +#else + { + fd_file = current->files->fd[fd]; + } +#endif + +#if defined(__LINUX_DCACHE_H) + dir_inode = fd_file->f_dentry->d_inode; +#else + dir_inode = fd_file->f_inode; +#endif + + /* Check for the /proc directory + */ + if (dir_inode->i_ino == PROC_ROOT_INO +#ifndef LINUX26 + && !MAJOR(dir_inode->i_dev) && + MINOR(dir_inode->i_dev) == 1 +#endif + ) + dir_is_proc = 1; + + /* Allocate space for new dirent table. Can't use GFP_KERNEL + * (kernel oops) + */ + dirp_new = (struct dirent *) kmalloc (status, GFP_ATOMIC); + + if (dirp_new == NULL) + { + unlock_kernel(); + return (status); + } + + /* Copy the dirp table to kernel space. + */ + dummy = (unsigned long) copy_from_user(dirp_new, dirp, status); + +#ifdef FILE_DEBUG + printk("COPY to kernel: %ld\n", dummy); +#endif + + /* Loop over the dirp table to find entries to hide. + */ + dir_table_bytes = status; + dirp_current = dirp_new; + dirp_prev = NULL; + + while (dir_table_bytes > 0) + { + hide_it = 0; + + if (dirp_current->d_reclen == 0) + break; + + dirp_offset = dirp_current->d_off; + +#ifdef FILE_DEBUG + printk("DIRENT %d %d %ld\n", + dir_table_bytes, + dirp_current->d_reclen, + dirp_current->d_off); +#endif + + dir_table_bytes -= dirp_current->d_reclen; + forward_bytes = dirp_current->d_reclen; + +#ifdef FILE_DEBUG + printk("ENTRY %s\n", dirp_current->d_name); +#endif + + /* If /proc is scanned (e.g. by 'ps'), hide the entry for + * any process where the executable has MAGIC_HIDE in its name. + */ + if (dir_is_proc == 1) + { + task_ptr = fetch_task_struct(my_atoi(dirp_current->d_name)); + if (task_ptr != NULL) + { + if (strstr(task_ptr->comm, hidden) != NULL) + hide_it = 1; + } + } + /* If it is a regular directory, hide any entry with + * MAGIC_HIDE in its name. + */ + else + { + if (strstr (dirp_current->d_name, hidden) != NULL) + hide_it = 1; + } + + if (hide_it == 1) + { +#ifdef FILE_DEBUG + printk(" -->HIDDEN %s\n", dirp_current->d_name); +#endif + if (dir_table_bytes > 0) + { + status -= dirp_current->d_reclen; + memmove (dirp_current, + (char *) dirp_current + dirp_current->d_reclen, + dir_table_bytes); + + /* Set forward_bytes to 0, because now dirp_current is the + * (previously) next entry in the dirp table. + */ + forward_bytes = 0; + dirp_prev = dirp_current; + } + else + { + status -= dirp_current->d_reclen; + if (dirp_prev != NULL) + dirp_prev->d_off = dirp_offset; + } + + } + else + { + dirp_prev = dirp_current; + if (dir_table_bytes == 0 && dirp_prev != NULL) + dirp_prev->d_off = dirp_offset; + } + + /* Next entry in dirp table. + */ + if (dir_table_bytes > 0) + dirp_current = (struct dirent *) ( (char *) dirp_current + + forward_bytes); + } + + /* Copy our modified dirp table back to user space. + */ + dummy = (unsigned long) copy_to_user(dirp, dirp_new, status); +#ifdef FILE_DEBUG + printk("COPY to user: %ld\n", dummy); +#endif + + kfree (dirp_new); +#ifdef FILE_DEBUG + printk("KFREE\n"); +#endif + + unlock_kernel(); + return (status); +} + +/* For 2.4 kernel + */ +#ifdef __NR_getdents64 + +#if SH_KERNEL_NUMERIC >= 132628 +/* + * 'asmlinkage' is __required__ to get this to work. + */ +asmlinkage long new_getdents64 (unsigned int fd, struct linux_dirent64 __user *dirp, + unsigned int count) +#else +long new_getdents64 (unsigned int fd, struct dirent64 *dirp, unsigned int count) +#endif +{ + long status = 0; /* Return value from original getdents */ + struct inode * dir_inode; + struct file * fd_file; + int dir_is_proc = 0; + + struct dirent64 * dirp_prev; + struct dirent64 * dirp_new; + struct dirent64 * dirp_current; + + int dir_table_bytes; + int forward_bytes; + struct task_struct * task_ptr; + int hide_it = 0; + __s64 dirp_offset; + + unsigned long dummy; + +#ifdef FILE_DEBUG + printk("FD64 %d\n", fd); +#endif + + lock_kernel(); + +#ifdef FILE_DEBUG + if (!access_ok(VERIFY_WRITE, dirp, count)) + printk("ACCESS64_BAD\n"); + else + printk("ACCESS64_OK\n"); +#endif + +#if SH_KERNEL_NUMERIC >= 132628 + status = (*old_getdents64)(fd, dirp, count); + // status = my_real_getdents64(fd, dirp, count); +#else + status = (*old_getdents64)(fd, dirp, count); +#endif + +#ifdef FILE_DEBUG + printk("STATUS64 %ld\n", status); +#endif + + /* 0: end of directory. + * -1: some error + */ + if (status <= 0) + { + unlock_kernel(); + return (status); + } + + /* Handle directory caching. dir_inode is the inode of the directory. + */ +#if defined(files_fdtable) + { + struct fdtable *fdt = files_fdtable(current->files); + fd_file = rcu_dereference(fdt->fd[fd]); + } +#else + { + fd_file = current->files->fd[fd]; + } +#endif + +#if defined(__LINUX_DCACHE_H) + +/* 2.6.20 (((2) << 16) + ((6) << 8) + (20)) */ +#if SH_KERNEL_NUMERIC >= 132628 + dir_inode = fd_file->f_path.dentry->d_inode; +#else + dir_inode = fd_file->f_dentry->d_inode; +#endif + +#else + dir_inode = fd_file->f_inode; +#endif + +#ifdef FILE_DEBUG + printk("INODE64\n"); +#endif + + /* Check for the /proc directory + */ + if (dir_inode->i_ino == PROC_ROOT_INO +#ifndef LINUX26 + && !MAJOR(dir_inode->i_dev) /* && + MINOR(dir_inode->i_dev) == 1 */ + /* MINOR commented out because of problems with 2.4.17 */ +#endif + ) + { + dir_is_proc = 1; + +#ifdef PROC_DEBUG + printk("PROC_CHECK64\n"); +#endif + } + + /* Allocate space for new dirent table. Can't use GFP_KERNEL + * (kernel oops) + */ + dirp_new = kmalloc ((size_t)status, GFP_ATOMIC); + +#ifdef FILE_DEBUG + printk("KMALLOC64_0\n"); +#endif + + if (dirp_new == NULL) + { + unlock_kernel(); + return (status); + } + +#ifdef FILE_DEBUG + printk("KMALLOC64\n"); +#endif + + /* Copy the dirp table to kernel space. + */ + dummy = (unsigned long) copy_from_user(dirp_new, dirp, status); + +#ifdef FILE_DEBUG + printk("COPY64 to kernel: %ld\n", dummy); +#endif + + /* Loop over the dirp table to find entries to hide. + */ + dir_table_bytes = status; + dirp_current = dirp_new; + dirp_prev = NULL; + + while (dir_table_bytes > 0) + { + hide_it = 0; + + if (dirp_current->d_reclen == 0) + break; + + dirp_offset = dirp_current->d_off; + +#ifdef FILE_DEBUG + printk("DIRENT %d %d %lld\n", + dir_table_bytes, + dirp_current->d_reclen, + dirp_current->d_off); +#endif + + dir_table_bytes -= dirp_current->d_reclen; + forward_bytes = dirp_current->d_reclen; + +#ifdef FILE_DEBUG + printk("ENTRY %s\n", dirp_current->d_name); +#endif + + /* If /proc is scanned (e.g. by 'ps'), hide the entry for + * any process where the executable has MAGIC_HIDE in its name. + */ + if (dir_is_proc == 1) + { +#ifdef PROC_DEBUG + printk("PROC %s\n", dirp_current->d_name); +#endif + task_ptr = fetch_task_struct(my_atoi(dirp_current->d_name)); + if (task_ptr != NULL) + { +#ifdef PROC_DEBUG + printk("PROC %s <> %s\n", task_ptr->comm, hidden); +#endif + if (strstr(task_ptr->comm, hidden) != NULL) + hide_it = 1; + } + } + /* If it is a regular directory, hide any entry with + * MAGIC_HIDE in its name. + */ + else + { + if (strstr (dirp_current->d_name, hidden) != NULL) + hide_it = 1; + } + + if (hide_it == 1) + { +#ifdef FILE_DEBUG + printk(" -->HIDDEN %s\n", dirp_current->d_name); +#endif + if (dir_table_bytes > 0) + { + status -= dirp_current->d_reclen; + memmove (dirp_current, + (char *) dirp_current + dirp_current->d_reclen, + dir_table_bytes); + + /* Set forward_bytes to 0, because now dirp_current is the + * (previously) next entry in the dirp table. + */ + forward_bytes = 0; + dirp_prev = dirp_current; + } + else + { + status -= dirp_current->d_reclen; + if (dirp_prev != NULL) + dirp_prev->d_off = dirp_offset; + } + + } + else + { + dirp_prev = dirp_current; + if (dir_table_bytes == 0 && dirp_prev != NULL) + dirp_prev->d_off = dirp_offset; + } + + /* Next entry in dirp table. + */ + if (dir_table_bytes > 0) + dirp_current = (struct dirent64 *) ( (char *) dirp_current + + forward_bytes); + } + + /* Copy our modified dirp table back to user space. + */ +#ifdef FILE_DEBUG + printk("STATUS64 AT END %ld\n", status); +#endif + dummy = (unsigned long) copy_to_user(dirp, dirp_new, status); +#ifdef FILE_DEBUG + printk("COPY64 to user: %ld\n", dummy); +#endif + + kfree (dirp_new); + unlock_kernel(); + return (status); +} +#endif + +#ifdef LINUX26 +static struct module *find_module(const char *name) +{ + struct module *mod; + struct list_head * modules = (struct list_head *) SH_LIST_MODULES; + + list_for_each_entry(mod, modules, list) { + if (strcmp(mod->name, name) == 0) + return mod; + } + return NULL; +} +#endif + +/* The initialisation function. Automatically called when module is inserted + * via the 'insmod' command. + */ +#ifdef LINUX26 +static int __init samhain_hide_init(void) +#else +int init_module(void) +#endif +{ + + lock_kernel(); + + /* Unfortunately this does not fully prevent the module from appearing + * in /proc/ksyms. + */ +#ifndef LINUX26 + EXPORT_NO_SYMBOLS; +#endif + + /* Replace the 'sys_getdents' syscall with the new version. + */ + old_getdents = (void*) sh_sys_call_table[SYS_getdents]; + sh_sys_call_table[SYS_getdents] = (unsigned long) new_getdents; + +#ifdef __NR_getdents64 + old_getdents64 = (void*) sh_sys_call_table[SYS_getdents64]; + sh_sys_call_table[SYS_getdents64] = (unsigned long) new_getdents64; +#endif + +#ifdef LINUX26 + { +#if defined(SH_MODLIST_LOCK) + spinlock_t * modlist_lock = (spinlock_t * ) SH_MODLIST_LOCK; +#endif +#if SH_KERNEL_NUMERIC >= SH_KERNEL_MIN + struct mutex * module_mutex = (struct mutex *) SH_MODLIST_MUTEX; +#endif + + struct module *mod; + +#if SH_KERNEL_NUMERIC >= SH_KERNEL_MIN + mutex_lock(module_mutex); +#endif + + mod = find_module(SH_INSTALL_NAME"_hide"); + if (mod) { + /* Delete from various lists */ +#if defined(SH_MODLIST_LOCK) + spin_lock_irq(modlist_lock); +#endif + if (removeme == 1) + { + list_del(&mod->list); + } +#if defined(SH_MODLIST_LOCK) + spin_unlock_irq(modlist_lock); +#endif + } +#if SH_KERNEL_NUMERIC >= SH_KERNEL_MIN + mutex_unlock(module_mutex); +#endif + } +#endif + + unlock_kernel(); + return (0); +} + +/* The cleanup function. Automatically called when module is removed + * via the 'rmmod' command. + */ +#ifdef LINUX26 +static void __exit samhain_hide_cleanup(void) +#else +void cleanup_module(void) +#endif +{ + lock_kernel(); + + /* Restore the new syscalls to the original version. + */ + sh_sys_call_table[SYS_getdents] = (unsigned long) old_getdents; +#ifdef __NR_getdents64 + sh_sys_call_table[SYS_getdents64] = (unsigned long) old_getdents64; +#endif + + unlock_kernel(); +} + +#ifdef LINUX26 +module_init(samhain_hide_init); +module_exit(samhain_hide_cleanup); +#endif + + Index: /tags/2.5.0/src/samhain_setpwd.c =================================================================== --- /tags/2.5.0/src/samhain_setpwd.c (revision 189) +++ /tags/2.5.0/src/samhain_setpwd.c (revision 189) @@ -0,0 +1,514 @@ +#include "config_xor.h" + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#if defined(HAVE_SCHED_H) && defined(HAVE_SCHED_YIELD) +#include +#endif + +#if defined(HAVE_INT_32) +typedef unsigned int UINT32; +#elif defined(HAVE_LONG_32) +typedef unsigned long UINT32; +#elif defined(HAVE_SHORT_32) +typedef unsigned short UINT32; +#endif + +#define TAUS_MAX 4294967295UL + +static UINT32 taus_state[3]; + +static UINT32 taus_get () +{ + +#define TAUSWORTHE(s,a,b,c,d) ((s &c) <>b) + taus_state[0] = TAUSWORTHE (taus_state[0], 13, 19, 4294967294UL, 12); + taus_state[1] = TAUSWORTHE (taus_state[1], 2, 25, 4294967288UL, 4); + taus_state[2] = TAUSWORTHE (taus_state[2], 3, 11, 4294967280UL, 17); + return (taus_state[0] ^ taus_state[1] ^ taus_state[2]); +} + +static void taus_seed () +{ + unsigned char buf[12]; + unsigned char buf2[12]; + unsigned char buf3[12]; + ssize_t count; + size_t nbytes = sizeof(buf); + size_t where = 0; + + struct timeval t1, t2; + UINT32 delta, k[3]; + int i, j; + + int fd = open ("/dev/urandom", O_RDONLY); + + if (fd == -1) + { + gettimeofday(&t1, NULL); + delta = t1.tv_usec; + memcpy(&buf[0], &delta, 4); + gettimeofday(&t1, NULL); + delta = t1.tv_usec; + memcpy(&buf[4], &delta, 4); + gettimeofday(&t1, NULL); + delta = t1.tv_usec; + memcpy(&buf[8], &delta, 4); + goto second; + } + + do { + count = read(fd, &buf[where], nbytes); + if (count == -1 && errno == EINTR) + continue; + where += count; + nbytes -= count; + } while (nbytes); + + close(fd); + + second: + for (i = 0; i < 12; ++i) + { + gettimeofday(&t1, NULL); + if (0 == fork()) + _exit(EXIT_SUCCESS); + wait(NULL); + gettimeofday(&t2, NULL); + delta = t2.tv_usec - t1.tv_usec; + buf2[i] = (unsigned char) delta; + } + + for (i = 0; i < 12; ++i) + { + gettimeofday(&t1, NULL); + for (j = 0; j < 32768; ++j) + { + if (0 == kill (j,0)) + k[i % 3] ^= j; + } + gettimeofday(&t2, NULL); + delta = t2.tv_usec - t1.tv_usec; + buf3[i] ^= (unsigned char) delta; + } + + memcpy(&taus_state[0], &buf3[0], 4); + memcpy(&taus_state[1], &buf3[4], 4); + memcpy(&taus_state[2], &buf3[8], 4); + + taus_state[0] ^= k[0]; + taus_state[1] ^= k[1]; + taus_state[2] ^= k[2]; + + memcpy(&k[0], &buf2[0], 4); + memcpy(&k[1], &buf2[4], 4); + memcpy(&k[2], &buf2[8], 4); + + taus_state[0] ^= k[0]; + taus_state[1] ^= k[1]; + taus_state[2] ^= k[2]; + + memcpy(&k[0], &buf[0], 4); + memcpy(&k[1], &buf[4], 4); + memcpy(&k[2], &buf[8], 4); + + taus_state[0] ^= k[0]; + taus_state[1] ^= k[1]; + taus_state[2] ^= k[2]; + + taus_state[0] |= (UINT32) 0x03; + taus_state[1] |= (UINT32) 0x09; + taus_state[2] |= (UINT32) 0x17; +} + +#ifdef SH_STEALTH +char * globber(const char * string); +#define _(string) globber(string) +#define N_(string) string +#else +#define _(string) string +#define N_(string) string +#endif + +#ifdef SH_STEALTH +#ifndef SH_MAX_GLOBS +#define SH_MAX_GLOBS 32 +#endif +char * globber(const char * str) +{ + register int i, j; + static int count = -1; + static char glob[SH_MAX_GLOBS][128]; + + ++count; if (count > (SH_MAX_GLOBS-1) ) count = 0; + j = strlen(str); + if (j > 127) j = 127; + + for (i = 0; i < j; ++i) + { + if (str[i] != '\n' && str[i] != '\t') + glob[count][i] = str[i] ^ XOR_CODE; + else + glob[count][i] = str[i]; + } + glob[count][j] = '\0'; + return glob[count]; +} +#endif + +/* This is a very inefficient algorithm, but there is really no + * need for anything more elaborated here. Can handle NULL's in haystack + * (not in needle), which strstr() apparently cannot. + */ +char * my_strstr (char * haystack, char * needle, int haystack_size) +{ + register int i = 0, j = 0; + register int siz; + register char * ptr = haystack; + register int len; + + siz = strlen(needle); + len = haystack_size - siz; + + while (j < len) + { + i = 0; + while (i < siz) + { + if (needle[i] != ptr[i]) break; + if (i == (siz-1)) + return ptr; + ++i; + } + ++ptr; ++j; + } + return NULL; +} + +/* fread() does not return the number of chars read, thus we need to + * read only a small number of bytes, in order not to expand the binary + * too much with the last fwrite(). Too lazy to fix this now. + */ +#define GRAB_SIZE 1024 + +int readhexchar ( char c ) +{ + if ( c >= '0' && c <= '9' ) + return c - '0'; + else if ( c >= 'a' && c <= 'f' ) + return c - 'a' + 10; + else if ( c >= 'A' && c <= 'F' ) + return c - 'A' + 10; + else return -1; +} + +int main (int argc, char * argv[]) +{ + /* the default password + */ + unsigned char TcpFlag[9] = { 0xF7,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xF7 }; + unsigned char BadFlag[9] = { 0xFF,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xFF }; + + char * found_it; + int i; + int suc = 0; + int badcnt = 0; + + char * newn; + size_t nlen; + int oldf; + int newf; + int ret; + + unsigned long bytecount; + + char in[9]; + int j, k; + char ccd; + char * str; + + char * buf = (char *) malloc(GRAB_SIZE); + size_t dat; + char * newpwd = (char *) malloc(5 * 8 + 2); + char * oldpwd = (char *) malloc(5 * 8 + 2); + + memset (newpwd, '\0', 5 * 8 + 2); + memset (oldpwd, '\0', 5 * 8 + 2); + + + if (argc < 4) + { + fprintf (stderr, _("\nUsage: samhain_setpwd "\ + "\n\n")); + fprintf (stderr, _(" This program is a utility that will:\n")); + fprintf (stderr, _(" - search in the binary executable "\ + "for samhain's\n")); + fprintf (stderr, _(" compiled-in default password,\n")); + fprintf (stderr, _(" - change it to ,\n")); + fprintf (stderr, _(" - and output the modified binary to "\ + ".\n\n")); + fprintf (stderr, _(" To allow for non-printable chars, "\ + " must be\n")); + fprintf (stderr, _(" a 16-digit hexadecimal "\ + "number (only 0-9,A-F allowed in input),\n")); + fprintf (stderr, _(" thus corresponding"\ + " to an 8-byte password.\n\n")); + fprintf (stderr, _(" Example: 'samhain_setpwd samhain new "\ + "4142434445464748'\n")); + fprintf (stderr, _(" takes the file 'samhain', sets the password to "\ + "'ABCDEFGH'\n")); + fprintf (stderr, _(" ('A' = 41 hex, 'B' = 42 hex, ...) "\ + "and outputs the result\n")); + fprintf (stderr, _(" to 'samhain.new'.\n")); + return EXIT_FAILURE; + } + + if (strlen(argv[3]) != 16) + { + fprintf (stdout, _("ERROR %s has not exactly 16 chars\n"), + argv[0]); + fflush(stdout); + return EXIT_FAILURE; + } + + + str = &argv[3][0]; + i = 0; + while (i < 16) + { + k = i/2; j = 0; + if (2*k == i) in[k] = 0; + while (j < 16) + { + if (-1 != readhexchar(str[i])) + { + in[k] += readhexchar(str[i]) * (i == 2*k ? 16 : 1); + break; + } + ++j; + if (j == 16) + { + fprintf(stdout, _("ERROR Invalid char %c\n"), str[i]); + fflush(stdout); + return EXIT_FAILURE; + } + } + ++i; + } + in[8] = '\0'; + + /* ---- initialize ----- + */ + (void) umask (0); + + taus_seed(); + + bytecount = 0; + + + /* ---- open files ----- + */ + + oldf = open(argv[1], O_RDONLY); + + nlen = strlen(argv[1])+strlen(argv[2])+2; + newn = (char *) malloc (nlen); + strncpy(newn, argv[1], nlen); newn[nlen-1] = '\0'; + strncat(newn, ".", nlen); newn[nlen-1] = '\0'; + strncat(newn, argv[2], nlen); newn[nlen-1] = '\0'; + newf = open(newn, O_WRONLY|O_CREAT|O_TRUNC, S_IRWXU); + + if (oldf < 0) + { + fprintf(stdout, _("ERROR Cannot open input file %s.\n"), argv[1]); + fflush(stdout); + return EXIT_FAILURE; + } + if (newf < 0) + { + fprintf(stdout, _("ERROR Cannot open output file %s.\n"), newn); + fflush(stdout); + return EXIT_FAILURE; + } + + /* ---- scan file ----- + */ + + + while (1) + { + dat = read (oldf, buf, GRAB_SIZE); + if (dat == 0) + break; + + bytecount += dat; + + while ( (found_it = my_strstr(buf, (char *) TcpFlag, GRAB_SIZE)) != NULL) + { + suc = 1; + fprintf (stdout, _("INFO old password found\n")); + fflush(stdout); + for (i = 0; i < 8; ++i) + { + sprintf(&oldpwd[i*2], _("%02x"), + (unsigned char) *found_it); + sprintf(&newpwd[i*2], _("%02x"), + (unsigned char) in[i]); + *found_it = in[i]; + ++found_it; + } + fprintf (stdout, _("INFO replaced: %s by: %s\n"), + oldpwd, newpwd); + fflush(stdout); + } + + while ( (found_it = my_strstr(buf, (char *) BadFlag, GRAB_SIZE)) != NULL) + { + badcnt++; + /* fprintf (stderr, _("INFO old filler found\n")); */ + for (i = 0; i < 8; ++i) + { + sprintf(&oldpwd[i*2], _("%02x"), + (unsigned char) *found_it); + + ccd = (unsigned char) (256.0 * (taus_get()/(TAUS_MAX+1.0))); + sprintf(&newpwd[i*2], _("%02x"), + (unsigned char) ccd); + *found_it = ccd; + + ++found_it; + } + /* fprintf (stderr, _("INFO replaced: %s by: %s\n"), + oldpwd, newpwd); + */ + } + + + ret = write (newf, buf, dat); + if (dat > 0 && ret < 0) + { + fprintf(stdout, _("ERROR Cannot write to output file %s.\n"), newn); + fflush(stdout); + return EXIT_FAILURE; + } + } + + if (suc == 1 && badcnt == 7) + { + fprintf (stdout, _("INFO finished\n")); + close (newf); + close (oldf); + fflush(stdout); + return (0); + } + + lseek (oldf, 0, SEEK_SET); + lseek (newf, 0, SEEK_SET); + + fprintf (stdout, _("INFO Not found in first pass.\n")); + fprintf (stdout, _("INFO Second pass ..\n")); + + /* offset the start point + */ + + dat = read (oldf, buf, (GRAB_SIZE / 2)); + ret = write (newf, buf, dat); + if (dat > 0 && ret < 0) + { + fprintf(stdout, _("ERROR Cannot write to output file %s.\n"), newn); + fflush(stdout); + return EXIT_FAILURE; + } + + bytecount = 0; + suc = 0; + badcnt = 0; + + while (1) + { + dat = read (oldf, buf, GRAB_SIZE); + if (dat == 0) + break; + + bytecount += dat; + + while ( (found_it = my_strstr(buf, (char *) TcpFlag, GRAB_SIZE)) != NULL) + { + suc = 1; + fprintf (stdout, _("INFO old password found\n")); + for (i = 0; i < 8; ++i) + { + sprintf(&oldpwd[i*2], _("%02x"), + (unsigned char) *found_it); + sprintf(&newpwd[i*2], _("%02x"), + (unsigned char) in[i]); + *found_it = in[i]; + ++found_it; + } + fprintf (stdout, _("INFO Replaced: %s by: %s\n"), + oldpwd, newpwd); + } + + while ( (found_it = my_strstr(buf, (char *) BadFlag, GRAB_SIZE)) != NULL) + { + badcnt++; + /* fprintf (stderr, _("INFO old filler found\n")); */ + for (i = 0; i < 8; ++i) + { + sprintf(&oldpwd[i*2], _("%02x"), + (unsigned char) *found_it); + + ccd = (unsigned char) (256.0 * taus_get()/(TAUS_MAX+1.0)); + sprintf(&newpwd[i*2], _("%02x"), + (unsigned char) ccd); + *found_it = ccd; + + ++found_it; + } + /* fprintf (stderr, _("INFO Replaced: %s by: %s\n"), + oldpwd, newpwd);*/ + } + + ret = write (newf, buf, dat); + if (dat > 0 && ret < 0) + { + fprintf(stdout, _("ERROR Cannot write to output file %s.\n"), newn); + fflush(stdout); + return EXIT_FAILURE; + } + } + + close (newf); + close (oldf); + + if (suc == 1 && badcnt == 7) + { + fprintf (stdout, _("INFO finished\n")); + fflush(stdout); + return 0; + } + + if (suc == 0 || badcnt < 7) + { + fprintf (stdout, _("ERROR incomplete replacement\n")); + } + else + { + fprintf (stdout, _("ERROR bad replacement\n")); + } + fflush(stdout); + return EXIT_FAILURE; +} Index: /tags/2.5.0/src/samhain_stealth.c =================================================================== --- /tags/2.5.0/src/samhain_stealth.c (revision 189) +++ /tags/2.5.0/src/samhain_stealth.c (revision 189) @@ -0,0 +1,458 @@ +#include "config_xor.h" + +#ifdef HAVE_BROKEN_INCLUDES +#define _ANSI_C_SOURCE +#define _POSIX_SOURCE +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +#ifndef SH_BUFSIZE +#define SH_BUFSIZE 1024 +#endif + +#ifdef SH_STEALTH +char * globber(const char * string); +#define _(string) globber(string) +#define N_(string) string +#else +#define _(string) string +#define N_(string) string +#endif + +#ifdef SH_STEALTH + +#ifndef SH_MAX_GLOBS +#define SH_MAX_GLOBS 32 +#endif + +#ifndef GLOB_LEN +#define GLOB_LEN 511 +#endif + +char * globber(const char * str) +{ + register int i, j; + static int count = -1; + static char glob[SH_MAX_GLOBS][GLOB_LEN+1]; + + ++count; if (count > (SH_MAX_GLOBS-1) ) count = 0; + j = strlen(str); + if (j > GLOB_LEN) j = GLOB_LEN; + + for (i = 0; i < j; ++i) + { + if (str[i] != '\n' && str[i] != '\t') + glob[count][i] = str[i] ^ XOR_CODE; + else + glob[count][i] = str[i]; + } + glob[count][j] = '\0'; + return glob[count]; +} +#endif + +static unsigned long off_data; + +char sh_util_charhex( int c ) +{ + if ( c >= 0 && c <= 9 ) + return '0' + c; + else if ( c >= 10 && c <= 15 ) + return 'a' + (c - 10); + else + { + fprintf(stderr, _("Out of range: %d\n"), c); + return 'X'; + } +} + +int sh_util_hexchar( char c ) +{ + if ( c >= '0' && c <= '9' ) + return c - '0'; + else if ( c >= 'a' && c <= 'f' ) + return c - 'a' + 10; + else if ( c >= 'A' && c <= 'F' ) + return c - 'A' + 10; + else return -1; +} + +/* --------- third step ----------- + * + * get data from a block of hex data + */ +int hideout_hex_block(int fd, unsigned char * str, int len) +{ + register int i, j, k; + unsigned char c, e; + register int num; + unsigned char mask[9] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; + unsigned long here = 0; + unsigned long retval = 0; + + i = 0; + while (i < len) + { + for (j = 0; j < 8; ++j) + { + + /* get a low byte, modify, read back */ + for (k = 0; k < 2; ++k) + { + c = ' '; + do { + do { + num = read (fd, &c, 1); + } while (num == 0 && errno == EINTR); + if (num == 0) return -1; + ++here; + } while (c == '\n' || c == '\t' || c == '\r' || + c == ' '); + } + + + /* e is the value of the low byte + */ + e = (unsigned char) sh_util_hexchar( c ); + if ((e & mask[7]) != 0) /* bit is set */ + str[i] |= mask[j]; + else /* bit is not set */ + str[i] &= ~mask[j]; + + } + if (str[i] == '\n') break; + ++i; + } + str[i+1] = '\0'; + retval += here; + return retval; +} + +/* --------- second step ----------- + * + * hide data in a block of hex data + */ +int hidein_hex_block(int fd, char * str, int len) +{ + register int i, j, k; + unsigned char c, d, e; + register int num; + unsigned char mask[9] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; + unsigned long here = 0; + unsigned long retval = 0; + + for (i = 0; i < len; ++i) + { + d = str[i]; + for (j = 0; j < 8; ++j) + { + + /* get a low byte, modify, read back */ + for (k = 0; k < 2; ++k) + { + c = ' '; + do { + do { + num = read (fd, &c, 1); + } while (num == 0 && errno == EINTR); + if (num == 0) return -1; + ++here; + } while (c == '\n' || c == '\t' || c == '\r' || + c == ' '); + } + + /* e is the value of the low byte + */ + e = (unsigned char) sh_util_hexchar( c ); + if ((d & mask[j]) != 0) /* bit is set */ + e |= mask[7]; + else /* bit is not set */ + e &= ~mask[7]; + + e = sh_util_charhex ( e ); + lseek(fd, -1, SEEK_CUR); + do { + num = write(fd, &e, 1); + } while (num == 0 && errno == EINTR); + } + } + retval += here; + return retval; +} + +/* --------- first step ----------- + * + * find first block of hex data + */ +unsigned long first_hex_block(int fd, unsigned long * max) +{ + int i; + register int num = 1; + char c; + int nothex = 0; + unsigned long retval = 0; + int this_line = 0; + char theline[SH_BUFSIZE]; + + *max = 0; + + while (1) + { + theline[0] = '\0'; + this_line = 0; + c = '\0'; + while (c != '\n' && num > 0) + { + do { + num = read (fd, &c, 1); + } while (num == 0 && errno == EINTR); + if (num > 0) theline[this_line] = c; + else return 0; + this_line += num; + } + theline[this_line] = '\0'; + + /* not only 'newline' */ + if (this_line > 60) + { + nothex = 0; + i = 0; + while (nothex == 0 && i < (this_line-1)) + { + if (! isxdigit((int)theline[i])) nothex = 1; + ++i; + } + if (nothex == 1) retval += this_line; + } + else + { + nothex = 1; + retval += this_line; + } + + if (nothex == 0) + { + *max = 0; + do { + do { + num = read (fd, theline, SH_BUFSIZE); + } while (num == 0 && errno == EINTR); + for (i = 0; i < num; ++i) + { + c = theline[i]; + if (c == '\n' || c == '\t' || c == '\r' || c == ' ') + ; + else if (!isxdigit((int)c)) + break; + else + *max += 1; + } + } while (num > 0); + + *max /= 16; + return retval; + } + + } + /* return 0; *//* unreachable */ +} + +static void usage () +{ + fprintf(stdout, _("\nUsage: samhain_stealth -i|s|g|o "\ + "[what]\n\n")); + + fprintf(stdout, _(" -i info on PS image 'where'\n")); + fprintf(stdout, _(" (how much bytes can be hidden in it).\n")); + fprintf(stdout, _(" -s hide file 'what' in PS image 'where'\n")); + fprintf(stdout, _(" -g get hidden data from PS image 'where'\n")); + fprintf(stdout, _(" (output to stdout)\n\n")); + fprintf(stdout, _(" -o size of file 'where' = offset to "\ + "end-of-file\n")); + fprintf(stdout, _(" (same as wc -c).\n")); + + fprintf(stdout, _(" This program hides a file in an UNCOMPRESSED "\ + "postscript\n")); + fprintf(stdout, _(" image. To generate such an image, you may "\ + "use e.g.:\n")); + fprintf(stdout, _(" 'convert +compress foo.jpg bar.ps'.\n")); + fprintf(stdout, _(" 'gimp' apparently saves postscript uncompressed "\ + "by default\n")); + fprintf(stdout, _(" (V 1.06 of the postscript plugin).\n")); + fprintf(stdout, _(" 'xv' seems to save with run-length compression, "\ + "which is unsuitable.\n")); + fprintf(stdout, _(" The program does not check the compression type of "\ + "the PS file.\n")); + fprintf(stdout, _(" Just have a look at the result to check.\n\n")); + return; +} + +int main (int argc, char * argv[]) +{ + int fd; + int add_off; + unsigned long max; + char buf[1024]; + FILE * infil; + int pgp_flag = 0; + + if (argc == 2 && argv[1][0] == '-' && argv[1][1] == 'h') + { + usage(); + return (0); + } + if (argc == 2 && 0 == strcmp(argv[1], _("--help"))) + { + usage(); + return (0); + } + + if (argc < 3 || argv[1][0] != '-' || + (argv[1][1] != 'o' && argv[1][1] != 'i' && + argv[1][1] != 's' && argv[1][1] != 'g')) + { + usage (); + return (1); + } + + + + /* offset to end + */ + if (argv[1][1] == 'o') + { + fd = open(argv[2], O_RDONLY); + if (fd == -1) + { + fprintf(stderr, _("Error: could not open() %s for reading\n"), argv[2]); + return (1); + } + + off_data = lseek (fd, 0, SEEK_END); + fprintf(stdout, _("%ld %s\n"), + off_data, argv[2]); + close (fd); + return (0); + } + + fd = open(argv[2], O_RDWR); + if (fd == -1) + { + fprintf(stderr, _("Error: could not open() %s for read/write\n"), + argv[2]); + return (1); + } + + /* find the first block of hex data + */ + if (argv[1][1] == 'i') + { + off_data = first_hex_block(fd, &max); + fprintf(stdout, _("IMA START AT: %ld MAX. CAPACITY: %ld Bytes\n"), + off_data, max); + if (max > 0) + return (0); + else + { + fprintf(stderr, _("Error: %s is probably not an uncompressed postscript image\n"), argv[2]); + return (1); + } + } + + /* seek to the first block of fresh hex data and hide data + */ + if (argv[1][1] == 's') + { + infil = fopen(argv[3], "r"); + if (infil == NULL) + { + fprintf(stderr, _("Error: could not open() %s\n"), argv[3]); + return (8); + } + off_data = first_hex_block(fd, &max); + fprintf(stdout, _("IMA START AT: %ld MAX. CAPACITY: %ld Bytes\n"), + off_data, max); + if (max == 0) + { + fprintf(stderr, _("Error: %s is probably not an uncompressed postscript image\n"), argv[2]); + return (1); + } + + fprintf(stdout, _(" .. hide %s in %s .. \n"), argv[3], argv[2]); + while (fgets(buf, sizeof(buf), infil)) + { + lseek(fd, off_data, SEEK_SET); + add_off = hidein_hex_block(fd, buf, strlen(buf)); + if (add_off == -1) + { + fprintf(stderr, _("Error: %s has insufficient capacity\n"), + argv[2]); + return (1); + } + off_data += add_off; + } + fclose(infil); + /* + * make sure there is a terminator + */ + lseek(fd, off_data, SEEK_SET); + add_off = hidein_hex_block(fd, _("[EOF]\n"), 6); + if (add_off == -1) + { + fprintf(stderr, _("Error: %s has insufficient capacity\n"), + argv[2]); + return (1); + } + fprintf(stdout, _(" .. finished\n")); + return (0); + } + + if (argv[1][1] == 'g') + { + off_data = first_hex_block(fd, &max); + if (max == 0) + { + fprintf(stderr, _("Error: %s is probably not an uncompressed postscript image\n"), argv[2]); + return (1); + } + lseek(fd, off_data, SEEK_SET); + + while (1 == 1) + { + add_off = hideout_hex_block(fd, (unsigned char *) buf, 1023); + if (add_off == -1) + { + fprintf(stderr, _("Error: premature end of data in %s\n"), + argv[2]); + return (1); + } + if (0 == strcmp(buf, _("-----BEGIN PGP SIGNED MESSAGE-----\n"))) + pgp_flag = 1; + fprintf(stdout, "%s", buf); + if (0 == strncmp(buf, _("[EOF]"), 5) && pgp_flag == 0) + break; + if (0 == strcmp(buf, _("-----END PGP SIGNATURE-----\n")) && + pgp_flag == 1) + break; + + off_data += add_off; + lseek(fd, off_data, SEEK_SET); + } + return (0); + } + + fprintf(stderr, _("Invalid mode of operation: %s"), argv[1]); + return (1); +} + + Index: /tags/2.5.0/src/sh_calls.c =================================================================== --- /tags/2.5.0/src/sh_calls.c (revision 189) +++ /tags/2.5.0/src/sh_calls.c (revision 189) @@ -0,0 +1,791 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +#ifdef HOST_IS_HPUX +#define _XOPEN_SOURCE_EXTENDED +#endif + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#ifndef S_SPLINT_S +#include +#else +#define AF_INET 2 +#endif + +#include + +#ifndef HAVE_LSTAT +#define lstat stat +#endif + +#include "samhain.h" +#include "sh_error.h" +#include "sh_calls.h" + +#undef FIL__ +#define FIL__ _("sh_calls.c") + +char aud_err_message[64]; + +typedef struct cht_struct +{ + const char * str; + unsigned long val; +} cht_type; + +static cht_type aud_tab[] = +{ + { N_("execve"), AUD_EXEC }, + { N_("utime"), AUD_UTIME }, + { N_("unlink"), AUD_UNLINK }, + { N_("dup"), AUD_DUP }, + { N_("chdir"), AUD_CHDIR }, + { N_("open"), AUD_OPEN }, + { N_("kill"), AUD_KILL }, + { N_("exit"), AUD_EXIT }, + { N_("fork"), AUD_FORK }, + { N_("setuid"), AUD_SETUID }, + { N_("setgid"), AUD_SETGID }, + { N_("pipe"), AUD_PIPE }, + { NULL, 0 } +}; + +/* Set aud functions + */ +int sh_aud_set_functions(const char * str_s) +{ + int i = 0; + + SL_ENTER(_("sh_aud_set_functions")); + + if (str_s == NULL) + return -1; + + while (aud_tab[i].str != NULL) + { + if (NULL != sl_strstr (str_s, _(aud_tab[i].str))) + { + sh.flag.audit = 1; + sh.flag.aud_mask |= aud_tab[i].val; + } + ++i; + } + + SL_RETURN(0,_("sh_aud_set_functions")); +} + + + + +/* Need to catch EINTR for these functions. + */ +long int retry_sigaction(const char * file, int line, + int signum, const struct sigaction *act, + struct sigaction *oldact) +{ + int error; + long int val_retry = -1; + char errbuf[SH_ERRBUF_SIZE]; + errno = 0; + + SL_ENTER(_("retry_sigaction")); + + do { + val_retry = sigaction(signum, act, oldact); + } while (val_retry < 0 && errno == EINTR); + + error = errno; + if (val_retry < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_SIGACT, + sh_error_message(error, errbuf, sizeof(errbuf)), + (long) signum ); + } + errno = error; + SL_RETURN(val_retry, _("retry_sigaction")); +} + +static struct in_addr bind_addr; +static int use_bind_addr = 0; + +int sh_calls_set_bind_addr (const char * str) +{ + static int reject = 0; + + if (reject == 1) + return (0); + + if (sh.flag.opts == S_TRUE) + reject = 1; + + if (0 == /*@-unrecog@*/inet_aton(str, &bind_addr)/*@+unrecog@*/) + { + return -1; + } + use_bind_addr = 1; + return 0; +} + + +long int retry_connect(const char * file, int line, int sockfd, + struct sockaddr *serv_addr, int addrlen) +{ + int error; + long int val_retry = 0; + static struct sockaddr_in new_addr; + char errbuf[SH_ERRBUF_SIZE]; + + SL_ENTER(_("retry_connect")); + + errno = 0; + + if (0 != use_bind_addr) + { + memcpy(&new_addr.sin_addr, &bind_addr, sizeof(struct in_addr)); + new_addr.sin_family = AF_INET; + + val_retry = /*@-unrecog@*/bind(sockfd, + (struct sockaddr*)&new_addr, + sizeof(struct sockaddr_in))/*@+unrecog@*/; + } + + if (val_retry == 0) + { + do { + val_retry = + /*@-unrecog@*/connect(sockfd, serv_addr, addrlen)/*@+unrecog@*/; + } while (val_retry < 0 && (errno == EINTR || errno == EINPROGRESS)); + } + + error = errno; + if (val_retry != 0) { + /* ugly cast back to struct sockaddr_in :-( + */ + sh_error_handle ((-1), file, line, error, MSG_ERR_CONNECT, + sh_error_message(error, errbuf, sizeof(errbuf)), + (long) sockfd, + /*@-unrecog -type@*/ + (long) ntohs(((struct sockaddr_in *)serv_addr)->sin_port), + /*@+unrecog +type@*/ +#ifdef HAVE_INET_ATON + /*@-unrecog -type@*/ + inet_ntoa( ((struct sockaddr_in *)serv_addr)->sin_addr ) + /*@+unrecog +type@*/ +#else + _("unknown") +#endif + ); + } + errno = error; + SL_RETURN(val_retry, _("retry_connect")); +} + +long int retry_accept(const char * file, int line, int fd, + struct sockaddr *serv_addr, int * addrlen) +{ + int error; + long int val_retry = -1; + char errbuf[SH_ERRBUF_SIZE]; + + ACCEPT_TYPE_ARG3 my_addrlen = (ACCEPT_TYPE_ARG3) *addrlen; + + errno = 0; + + SL_ENTER(_("retry_accept")); + + do { + val_retry = /*@-unrecog@*/accept(fd, serv_addr, &my_addrlen)/*@+unrecog@*/; + } while (val_retry < 0 && errno == EINTR); + *addrlen = (int) my_addrlen; + error = errno; + if (val_retry < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_ACCEPT, + sh_error_message(error, errbuf, sizeof(errbuf)), + (long) fd ); + } + errno = error; + SL_RETURN(val_retry, _("retry_accept")); +} + +long int retry_lstat(const char * file, int line, + const char *file_name, struct stat *buf) +{ + int error; + long int val_retry = -1; + char errbuf[SH_ERRBUF_SIZE]; + + SL_ENTER(_("retry_lstat")); + + do { + val_retry = /*@-unrecog@*/lstat (file_name, buf)/*@+unrecog@*/; + } while (val_retry < 0 && errno == EINTR); + error = errno; + if (val_retry < 0) { + (void) sh_error_message(error, aud_err_message, 64); + sh_error_handle ((-1), file, line, error, MSG_ERR_LSTAT, + sh_error_message(error, errbuf, sizeof(errbuf)), + file_name ); + } + errno = error; + SL_RETURN(val_retry, _("retry_lstat")); +} + +long int retry_stat(const char * file, int line, + const char *file_name, struct stat *buf) +{ + int error; + long int val_retry = -1; + char errbuf[SH_ERRBUF_SIZE]; + + SL_ENTER(_("retry_stat")); + + do { + val_retry = stat (file_name, buf); + } while (val_retry < 0 && errno == EINTR); + error = errno; + if (val_retry < 0) { + (void) sh_error_message(error, aud_err_message, 64); + sh_error_handle ((-1), file, line, error, MSG_ERR_STAT, + sh_error_message(error, errbuf, sizeof(errbuf)), + file_name ); + } + errno = error; + SL_RETURN(val_retry, _("retry_stat")); +} + +long int retry_fstat(const char * file, int line, int filed, struct stat *buf) +{ + int error; + long int val_retry = -1; + char errbuf[SH_ERRBUF_SIZE]; + + SL_ENTER(_("retry_fstat")); + + do { + val_retry = fstat (filed, buf); + } while (val_retry < 0 && errno == EINTR); + error = errno; + if (val_retry < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_FSTAT, + sh_error_message(error, errbuf, sizeof(errbuf)), + (long) filed ); + } + errno = error; + SL_RETURN(val_retry, _("retry_fstat")); +} + +long int retry_fcntl(const char * file, int line, int fd, int cmd, long arg) +{ + int error; + long int val_retry = -1; + char errbuf[SH_ERRBUF_SIZE]; + errno = 0; + + SL_ENTER(_("retry_fcntl")); + + if (cmd == F_GETFD || cmd == F_GETFL) + { + do { + val_retry = fcntl(fd, cmd); + } while (val_retry < 0 && errno == EINTR); + } + else + { + do { + val_retry = fcntl(fd, cmd, arg); + } while (val_retry < 0 && errno == EINTR); + } + error = errno; + if (val_retry < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_FCNTL, + sh_error_message(error, errbuf, sizeof(errbuf)), + (long) fd, (long) cmd, arg ); + } + errno = error; + SL_RETURN(val_retry, _("retry_fcntl")); +} + +long int retry_msleep (int sec, int millisec) +{ + int result = 0; +#if defined(HAVE_NANOSLEEP) + struct timespec req, rem; +#endif + + SL_ENTER(_("retry_msleep")); + + errno = 0; + if (millisec > 999) millisec = 999; + if (millisec < 0) millisec = 0; + if (sec < 0) sec = 0; + +#if defined(HAVE_NANOSLEEP) + /*@-usedef@*/ + req.tv_sec = sec; rem.tv_sec = 0; + req.tv_nsec = millisec * 1000000; rem.tv_nsec = 0; + /*@+usedef@*/ + do { + result = /*@-unrecog@*/nanosleep(&req, &rem)/*@+unrecog@*/; + + req.tv_sec = rem.tv_sec; rem.tv_sec = 0; + req.tv_nsec = rem.tv_nsec; rem.tv_nsec = 0; + + } while ((result == -1) && (errno == EINTR)); +#else + if (sec > 0) + { + sleep (sec); /* nanosleep not available */ + } + else + { +#ifdef HAVE_USLEEP + if (millisec > 0) + { + usleep(1000 * millisec); + } +#else + if (millisec > 0) + { + sleep (1); + } +#endif + } +#endif + SL_RETURN(result, _("retry_msleep")); +} + +/*************************************************** + * + * Audit these functions. + * + ***************************************************/ + +long int retry_aud_execve (const char * file, int line, + const char *dateiname, char * argv[], + char * envp[]) +{ + uid_t a = geteuid(); + gid_t b = getegid(); + int i; + int error; + char errbuf[SH_ERRBUF_SIZE]; + + SL_ENTER(_("retry_aud_execve")); + + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_EXEC) != 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_EXEC, + dateiname, (long) a, (long) b ); + do { + i = execve(dateiname, argv, envp); + } while (i < 0 && errno == EINTR); + + error = errno; + if (i < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_EXEC, + sh_error_message(error, errbuf, sizeof(errbuf)), + dateiname, (long) a, (long) b ); + } + errno = error; + SL_RETURN(i, _("retry_aud_execve")); +} + + +long int retry_aud_utime (const char * file, int line, + char * path, struct utimbuf *buf) +{ + long int val_return; + int error; + char errbuf[SH_ERRBUF_SIZE]; + errno = 0; + + SL_ENTER(_("retry_aud_utime")); + + do { + val_return = utime (path, buf); + } while (val_return < 0 && errno == EINTR); + + error = errno; + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_UTIME) != 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_UTIME, + path, + (unsigned long) buf->actime, + (unsigned long) buf->modtime); + if (val_return < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_UTIME, + sh_error_message(error, errbuf, sizeof(errbuf)), + path, + (unsigned long) buf->actime, + (unsigned long) buf->modtime); + } + errno = error; + SL_RETURN(val_return, _("retry_aud_utime")); +} + +long int retry_aud_unlink (const char * file, int line, + char * path) +{ + long int val_return; + int error; + char errbuf[SH_ERRBUF_SIZE]; + errno = 0; + + SL_ENTER(_("retry_aud_unlink")); + + do { + val_return = unlink (path); + } while (val_return < 0 && errno == EINTR); + + error = errno; + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_UNLINK) != 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_UNLINK, + path); + if (val_return < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_UNLINK, + sh_error_message(error, errbuf, sizeof(errbuf)), + path); + } + errno = error; + SL_RETURN(val_return, _("retry_aud_unlink")); +} + +long int retry_aud_dup2 (const char * file, int line, + int fd, int fd2) +{ + long int val_return; + int error; + char errbuf[SH_ERRBUF_SIZE]; + errno = 0; + + SL_ENTER(_("retry_aud_dup2")); + + do { + val_return = dup2 (fd, fd2); + } while (val_return < 0 && errno == EINTR); + + error = errno; + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_DUP) != 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_DUP, + (long) fd, val_return); + if (val_return < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_DUP, + sh_error_message(error, errbuf, sizeof(errbuf)), + (long) fd, val_return); + } + errno = error; + SL_RETURN(val_return, _("retry_aud_dup2")); +} + +long int retry_aud_dup (const char * file, int line, + int fd) +{ + long int val_return; + int error; + char errbuf[SH_ERRBUF_SIZE]; + errno = 0; + + SL_ENTER(_("retry_aud_dup")); + + do { + val_return = dup (fd); + } while (val_return < 0 && errno == EINTR); + error = errno; + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_DUP) != 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_DUP, + (long) fd, val_return); + if (val_return < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_DUP, + sh_error_message(error, errbuf, sizeof(errbuf)), + (long) fd, val_return); + } + errno = error; + SL_RETURN(val_return, _("retry_aud_dup")); +} + + + +long int retry_aud_chdir (const char * file, int line, + const char *path) +{ + long int val_return; + int error = 0; + char errbuf[SH_ERRBUF_SIZE]; + errno = 0; + + SL_ENTER(_("retry_aud_chdir")); + + do { + val_return = chdir (path); + } while (val_return < 0 && errno == EINTR); + + error = errno; + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_CHDIR) != 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_CHDIR, + path); + if (val_return < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_CHDIR, + sh_error_message(error, errbuf, sizeof(errbuf)), + path); + } + errno = error; + SL_RETURN(val_return, _("retry_aud_chdir")); +} + + +long int aud_open_noatime (const char * file, int line, int privs, + const char *pathname, int flags, mode_t mode, + int * o_noatime) +{ + long int val_return; + int error; + char errbuf[SH_ERRBUF_SIZE]; + + SL_ENTER(_("aud_open")); + + val_return = open (pathname, *o_noatime|flags, mode); + if ((val_return < 0) && (*o_noatime != 0)) + { + val_return = open (pathname, flags, mode); + if (val_return >= 0) + *o_noatime = 0; + } + error = errno; + /*@-noeffect@*/ + (void) privs; /* fix compiler warning */ + /*@+noeffect@*/ + + if (val_return < 0) + { + (void) sh_error_message(error, aud_err_message, 64); + } + + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_OPEN) != 0) + { + sh_error_handle ((-1), file, line, 0, MSG_AUD_OPEN, + pathname, (long) flags, (long) mode, val_return); + } + if (val_return < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_OPEN, + sh_error_message(error, errbuf, sizeof(errbuf)), + pathname, (long) flags, (long) mode, val_return); + } + errno = error; + SL_RETURN(val_return, _("aud_open")); +} + +long int aud_open (const char * file, int line, int privs, + const char *pathname, int flags, mode_t mode) +{ + long int val_return; + int error; + char errbuf[SH_ERRBUF_SIZE]; + + SL_ENTER(_("aud_open")); + + val_return = open (pathname, flags, mode); + error = errno; + /*@-noeffect@*/ + (void) privs; /* fix compiler warning */ + /*@+noeffect@*/ + + if (val_return < 0) + { + (void) sh_error_message(error, aud_err_message, 64); + } + + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_OPEN) != 0) + { + sh_error_handle ((-1), file, line, 0, MSG_AUD_OPEN, + pathname, (long) flags, (long) mode, val_return); + } + if (val_return < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_OPEN, + sh_error_message(error, errbuf, sizeof(errbuf)), + pathname, (long) flags, (long) mode, val_return); + } + errno = error; + SL_RETURN(val_return, _("aud_open")); +} + +long int aud_kill (const char * file, int line, pid_t pid, int sig) +{ + int myerror; + long int val_return = kill (pid, sig); + char errbuf[SH_ERRBUF_SIZE]; + myerror = errno; + + SL_ENTER(_("aud_kill")); + + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_KILL) != 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_KILL, + (long) pid, (long) sig); + if (val_return < 0) { + sh_error_handle ((-1), file, line, myerror, MSG_ERR_KILL, + sh_error_message(myerror, errbuf, sizeof(errbuf)), + (long) pid, (long) sig); + } + errno = myerror; + SL_RETURN(val_return, _("aud_kill")); +} + +/*@noreturn@*/ +void aud_exit (const char * file, int line, int fd) +{ + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_EXIT) != 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_EXIT, + (long) fd); + + SL_ENTER(_("aud_exit")); + + sh.flag.exit = fd; + exit(fd); +} + +/*@noreturn@*/ +void aud__exit (const char * file, int line, int fd) +{ + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_EXIT) != 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_EXIT, + (long) fd); + + SL_ENTER(_("aud__exit")); + + sh.flag.exit = fd; + _exit(fd); +} + +pid_t aud_fork (const char * file, int line) +{ + int error; + pid_t i = fork(); + char errbuf[SH_ERRBUF_SIZE]; + + error = errno; + SL_ENTER(_("aud_fork")); + + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_FORK) != 0 && (i > 0)) + sh_error_handle ((-1), file, line, 0, MSG_AUD_FORK, + (long) i); + if (i == (pid_t) -1) { + sh_error_handle ((-1), file, line, error, MSG_ERR_FORK, + sh_error_message(error, errbuf, sizeof(errbuf)), + (long) i); + } + errno = error; + SL_RETURN(i, _("aud_fork")); +} + +int aud_setuid (const char * file, int line, uid_t uid) +{ + int error = 0; + int i = 0; + char errbuf[SH_ERRBUF_SIZE]; + + SL_ENTER(_("aud_setuid")); + + if (uid != (uid_t) 0) { + i = setuid(uid); + error = errno; + } + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_SETUID) != 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_SETUID, + (long) uid); + if (uid == (uid_t) 0) { + i = setuid(uid); + error = errno; + } + if (i < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_SETUID, + sh_error_message(error, errbuf, sizeof(errbuf)), + (long) uid); + } + errno = error; + SL_RETURN(i, _("aud_setuid")); +} + +int aud_setgid (const char * file, int line, gid_t gid) +{ + int error = 0; + int i = 0; + char errbuf[SH_ERRBUF_SIZE]; + + SL_ENTER(_("aud_setgid")); + + if (gid != (gid_t) 0) { + i = setgid(gid); + error = errno; + } + + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_SETGID) != 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_SETGID, + (long) gid); + if (gid == (gid_t) 0) { + i = setgid(gid); + error = errno; + } + if (i < 0) { + sh_error_handle ((-1), file, line, error, MSG_ERR_SETGID, + sh_error_message(error, errbuf, sizeof(errbuf)), + (long) gid); + } + errno = error; + SL_RETURN(i, _("aud_setgid")); +} + +int aud_pipe (const char * file, int line, int * modus) +{ + int error; + int i = pipe (modus); + char errbuf[SH_ERRBUF_SIZE]; + + SL_ENTER(_("aud_pipe")); + + error = errno; + if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_PIPE) != 0) + { + if (i < 0) + sh_error_handle ((-1), file, line, 0, MSG_AUD_PIPE, + (long) 0, (long) 0); + else + sh_error_handle ((-1), file, line, 0, MSG_AUD_PIPE, + (long) modus[0], (long) modus[1]); + } + if (i < 0) { + if (i < 0) + sh_error_handle ((-1), file, line, error, MSG_ERR_PIPE, + sh_error_message(error, errbuf, sizeof(errbuf)), + (long) 0, (long) 0); + else + sh_error_handle ((-1), file, line, error, MSG_ERR_PIPE, + sh_error_message(error, errbuf, sizeof(errbuf)), + (long) modus[0], (long) modus[1]); + } + SL_RETURN(i, _("aud_pipe")); +} Index: /tags/2.5.0/src/sh_cat.c =================================================================== --- /tags/2.5.0/src/sh_cat.c (revision 189) +++ /tags/2.5.0/src/sh_cat.c (revision 189) @@ -0,0 +1,684 @@ +#include "config_xor.h" + +#include "samhain.h" +#include "sh_error.h" + +#include "sh_cat.h" + +/*@-nullassign@*/ + +const char * class_cat[] = { + N_("AUD"), /* 0 */ + N_("PANIC"), /* 1 */ + N_("RUN_OLD"), /* 2 */ + N_("FIL_OLD"), /* 3 */ + N_("TCP"), /* 4 */ + N_("ERR"), /* 5 */ + N_("STAMP"), /* 6 */ + N_("ENET"), /* 7 */ + N_("EINPUT"), /* 8 */ + + /* new simplified classes */ + N_("EVENT"), /* 9 */ + N_("START"), /* 10 */ + N_("LOGKEY"), /* 11 */ + N_("OTHER"), /* 12 */ + /* end simplified classes */ + + N_("RUN"), /* 13 */ + N_("FIL"), /* 14 */ + N_("ERROR"), /* 15 */ + NULL +}; + + +#ifdef SH_USE_XML + +cat_entry msg_cat[] = { + +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + { MSG_FI_CSUM, SH_ERR_ALL, FIL, N_("msg=\"Checksum\" chk=\"%s\" path=\"%s\"")}, + { MSG_FI_DSUM, SH_ERR_INFO, FIL, N_("msg=\"d: %3ld, -: %3ld, l: %3ld, |: %3ld, s: %3ld, c: %3ld, b: %3ld\"")}, + { MSG_FI_CHK, SH_ERR_INFO, FIL, N_("msg=\"Checking\" path=\"%s\"")}, +#endif + + { MSG_EXIT_ABORTS, SH_ERR_FATAL, PANIC, N_("msg=\"PANIC %s\" program=\"%s\" subroutine=\"%s\"")}, + { MSG_START_SRV, SH_ERR_STAMP, START, N_("msg=\"Server up, simultaneous connections: %d\" socket_id=\"%d\"")}, + + { MSG_EXIT_ABORT1, SH_ERR_FATAL, PANIC, N_("msg=\"PANIC Error initializing the application\" program=\"%s\"")}, + { MSG_EXIT_NORMAL, SH_ERR_FATAL, START, N_("msg=\"EXIT\" program=\"%s\" status=\"%s\"")}, + { MSG_START_KEY_MAIL, SH_ERR_FATAL, LOGKEY, N_("msg=\"LOGKEY\" program=\"%s\" hash=\"%s\"\r\n-----BEGIN LOGKEY-----\r\n%s%s")}, + { MSG_START_KEY, SH_ERR_FATAL, LOGKEY, N_("msg=\"LOGKEY\" program=\"%s\" hash=\"%s\"")}, + { MSG_START_0H, SH_ERR_FATAL, START, N_("msg=\"START\" program=\"%s\" userid=\"%ld\"")}, + { MSG_START_1H, SH_ERR_FATAL, START, N_("msg=\"START\" program=\"%s\" userid=\"%ld\" path=\"%s\" hash=\"%s\"")}, + { MSG_START_2H, SH_ERR_FATAL, START, N_("msg=\"START\" program=\"%s\" userid=\"%ld\" path=\"%s\" hash=\"%s\" path_data=\"%s\" hash_data=\"%s\"")}, + { MSG_START_GH, SH_ERR_FATAL, START, N_("msg=\"START\" program=\"%s\" userid=\"%ld\" path=\"%s\" key_uid=\"%s\" key_id=\"%s\"")}, + { MSG_START_GH2, SH_ERR_FATAL, START, N_("msg=\"EXIT\" program=\"%s\" userid=\"%ld\" path=\"%s\" key_uid=\"%s\" key_id=\"%s\" path_data=\"%s\" key_uid_data=\"%s\" key_id_data=\"%s\"")}, + { MSG_SUSPEND, SH_ERR_STAMP, START, N_("msg=\"SUSPEND\" program=\"%s\"")}, + + + { MSG_MLOCK, SH_ERR_WARN, RUN, N_("msg=\"Using insecure memory\"")}, + { MSG_W_SIG, SH_ERR_WARN, RUN, N_("interface=\"sigaction\" msg=\"%s\" sig=\"%ld\"")}, + { MSG_W_CHDIR, SH_ERR_ERR, RUN, N_("interface=\"chdir\" msg=\"%s\" path=\"%s\"")}, + + { MSG_MOD_FAIL, SH_ERR_WARN, RUN, N_("msg=\"Module not initialized\" module=\"%s\" return_code=\"%ld\"")}, + { MSG_MOD_OK, SH_ERR_INFO, RUN, N_("msg=\"Module initialized\" module=\"%s\"")}, + { MSG_MOD_EXEC, SH_ERR_ERR, RUN, N_("msg=\"Module execution error\" module=\"%s\" return_code=\"%ld\"")}, + + { MSG_RECONF, SH_ERR_SEVERE, START, N_("msg=\"Runtime configuration reloaded\"")}, + + { MSG_CHECK_0, SH_ERR_WARN, RUN, N_("msg=\"No files or directories defined for checking\"")}, + { MSG_CHECK_1, SH_ERR_STAMP, STAMP, N_("msg=\"File check completed.\" time=\"%ld\" kBps=\"%f\"")}, + { MSG_STAMP, SH_ERR_STAMP, STAMP, N_("msg=\"---- TIMESTAMP ----\"")}, + + { MSG_D_START, SH_ERR_INFO, RUN, N_("msg=\"Downloading configuration file\"")}, + { MSG_D_DSTART, SH_ERR_INFO, RUN, N_("msg=\"Downloading database file\"")}, + { MSG_D_FAIL, SH_ERR_INFO, RUN, N_("msg=\"No file from server, trying local file\"")}, + + +#ifndef HAVE_URANDOM + { MSG_ENSTART, SH_ERR_ALL, RUN, N_("msg=\"Found entropy source\" path=\"%s\"")}, + { MSG_ENEXEC, SH_ERR_ALL, RUN, N_("msg=\"Execute entropy source\" path=\"%s\" rd_file_id=\"%ld\"")}, + { MSG_ENFAIL, SH_ERR_ALL, RUN, N_("msg=\"Could not execute entropy source\" path=\"%s\"")}, + { MSG_ENTOUT, SH_ERR_ALL, RUN, N_("msg=\"Timeout in entropy collector\" time=\"%ld\"")}, + { MSG_ENCLOS, SH_ERR_ALL, RUN, N_("msg=\"End of data, closing entropy source\" rd_file_id=\"%ld\"")}, + { MSG_ENCLOS1, SH_ERR_ALL, RUN, N_("msg=\"Close entropy source\" rd_file_id=\"%ld\"")}, + { MSG_ENREAD, SH_ERR_ALL, RUN, N_("msg=\"Data from entropy source\" rd_file_id=\"%ld\" bytes=\"%ld\"")}, +#endif + +#ifdef SH_USE_SUIDCHK + { MSG_SUID_POLICY, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [SuidCheck] %s\" path=\"%s\" %s") }, + { MSG_SUID_FOUND, SH_ERR_INFO, RUN, N_("msg=\"Found suid/sgid file\" path=\"%s\"") }, + { MSG_SUID_SUMMARY,SH_ERR_INFO, RUN, N_("msg=\"Checked for SUID programs: %ld files, %ld seconds\"") }, + { MSG_SUID_QREPORT,SH_ERR_SEVERE, EVENT, N_("msg=\"Quarantine report: %s\" path=\"%s\"") }, + { MSG_SUID_ERROR, SH_ERR_SEVERE, EVENT, N_("msg=\"Quarantine error: %s\"") }, +#endif + +#ifdef SH_USE_KERN + /* FreeBSD */ + { MSG_KERN_POLICY, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Kernel] BSD syscall table: new: %#lx old: %#lx\" syscall=\"%03d %s\"") }, + { MSG_KERN_POL_CO, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Kernel] BSD syscall code: new: %#x,%#x old: %#x,%#x\" syscall=\"%03d %s\"") }, + + /* Linux */ + { MSG_KERN_SYSCALL,SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Kernel] SYSCALL modified syscall\" syscall=\"%03d %s\" %s") }, + { MSG_KERN_PROC, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Kernel] PROC modified proc filesystem: %s\"") }, + { MSG_KERN_IDT, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Kernel] IDT modified interrupt %03d: new: 0x%-8.8lx %-9s %3d %c old: 0x%-8.8lx %-9s %3d %c\" %s") }, + { MSG_KERN_GATE, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Kernel] SYS_GATE modified system_call: new: %#x,%#x old: %#x,%#x\" syscall=\"%03d %s\" %s") }, + +#endif + +#ifdef SH_USE_UTMP + { MSG_UT_CHECK, SH_ERR_INFO, RUN, N_("msg=\"Checking logins\"")}, + { MSG_UT_LG1X, SH_ERR_INFO, EVENT, N_("msg=\"Login\" userid=\"%s\" tty=\"%s\" host=\"%s\" ip=\"%s\" time=\"%s\" status=\"%d\"")}, + { MSG_UT_LG1A, SH_ERR_INFO, EVENT, N_("msg=\"Login\" userid=\"%s\" tty=\"%s\" host=\"%s\" time=\"%s\" status=\"%d\"")}, + { MSG_UT_LG1B, SH_ERR_INFO, EVENT, N_("msg=\"Login\" userid=\"%s\" tty=\"%s\" time=\"%s\" status=\"%d\"")}, + { MSG_UT_LG2X, SH_ERR_INFO, EVENT, N_("msg=\"Multiple login\" userid=\"%s\" tty=\"%s\" host=\"%s\" ip=\"%s\" time=\"%s\" status=\"%d\"")}, + { MSG_UT_LG2A, SH_ERR_INFO, EVENT, N_("msg=\"Multiple login\" userid=\"%s\" tty=\"%s\" host=\"%s\" time=\"%s\" status=\"%d\"")}, + { MSG_UT_LG2B, SH_ERR_INFO, EVENT, N_("msg=\"Multiple login\" userid=\"%s\" tty=\"%s\" time=\"%s\" status=\"%d\"")}, + { MSG_UT_LG3X, SH_ERR_INFO, EVENT, N_("msg=\"Logout\" userid=\"%s\" tty=\"%s\" host=\"%s\" ip=\"%s\" time=\"%s\" status=\"%d\"")}, + { MSG_UT_LG3A, SH_ERR_INFO, EVENT, N_("msg=\"Logout\" userid=\"%s\" tty=\"%s\" host=\"%s\" time=\"%s\" status=\"%d\"")}, + { MSG_UT_LG3B, SH_ERR_INFO, EVENT, N_("msg=\"Logout\" userid=\"%s\" tty=\"%s\" time=\"%s\" status=\"%d\"")}, + { MSG_UT_LG3C, SH_ERR_INFO, EVENT, N_("msg=\"Logout\" tty=\"%s\" time=\"%s\" status=\"%d\"")}, + { MSG_UT_ROT, SH_ERR_WARN, RUN, N_("msg=\"Logfile size decreased\" path=\"%s\"")}, + +#endif + +#ifdef SH_USE_PROCESSCHECK + { MSG_PCK_CHECK, SH_ERR_INFO, RUN, N_("msg=\"Checking processes in pid interval [%ld,%ld]\"")}, + { MSG_PCK_OK, SH_ERR_ALL, RUN, N_("msg=\"PID %ld found with tests %s\"")}, + { MSG_PCK_P_HIDDEN,SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Process] Hidden pid: %ld tests: %s\" path=\"%s\" userid=\"%s\"")}, + { MSG_PCK_HIDDEN, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Process] Hidden pid: %ld tests: %s\"")}, + { MSG_PCK_FAKE, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Process] Fake pid: %ld tests: %s\"")}, + { MSG_PCK_MISS, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Process] Missing: %s\"")}, +#endif + +#ifdef SH_USE_PORTCHECK + { MSG_PORT_MISS, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [ServiceMissing] %s\"")}, + { MSG_PORT_NEW, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [ServiceNew] %s\" path=\"%s\" userid=\"%s\"")}, + { MSG_PORT_RESTART,SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [ServiceRestarted] %s\" path=\"%s\" userid=\"%s\"")}, + { MSG_PORT_NEWPORT,SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [ServicePortSwitch] %s\" path=\"%s\" userid=\"%s\"")}, +#endif + +#ifdef SH_USE_MOUNTS + { MSG_MNT_CHECK, SH_ERR_INFO, RUN, N_("msg=\"Checking mounts\"")}, + { MSG_MNT_MEMLIST, SH_ERR_ERR, RUN, N_("msg=\"Cannot read mount list from memory\"")}, + { MSG_MNT_MNTMISS, SH_ERR_WARN, EVENT, N_("msg=\"POLICY [Mounts] Mount missing\" path=\"%s\"")}, + { MSG_MNT_OPTMISS, SH_ERR_WARN, EVENT, N_("msg=\"POLICY [Mounts] Mount option missing\" path=\"%s\" option=\"%s\"")}, +#endif + +#ifdef SH_USE_USERFILES + { MSG_USERFILES_SUMMARY,SH_ERR_INFO, RUN, N_("msg=\"Checked for users files\"") }, +#endif + +#ifdef USE_LOGFILE_MONITOR + { MSG_LOGMON_CHKS, SH_ERR_INFO, RUN, N_("msg=\"Checking logfile %s\"") }, + { MSG_LOGMON_CHKE, SH_ERR_INFO, RUN, N_("msg=\"Finished logfile %s, %lu new records processed\"") }, + { MSG_LOGMON_MISS, SH_ERR_ERR, RUN, N_("msg=\"Missing logfile %s\"") }, + { MSG_LOGMON_EOPEN,SH_ERR_ERR, RUN, N_("msg=\"Cannot open logfile %s\"") }, + { MSG_LOGMON_EREAD,SH_ERR_ERR, RUN, N_("msg=\"Error while reading logfile %s\"") }, + { MSG_LOGMON_REP, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Logfile] %s\" time=\"%s\" host=\"%s\" path=\"%s\"") }, + { MSG_LOGMON_SUM, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Logfile] %s\" host=\"%s\" path=\"%s\"") }, +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + + { MSG_FI_TOOLATE, SH_ERR_ERR, FIL, N_("msg=\"Large lstat/open overhead: %ld sec\" path=\"%s\"")}, + +#if 0 + { MSG_FI_CSUM, SH_ERR_ALL, FIL, N_("msg=\"Checksum\" chk=\"%s\" path=\"%s\"")}, + { MSG_FI_DSUM, SH_ERR_INFO, FIL, N_("msg=\"d: %3ld, -: %3ld, l: %3ld, |: %3ld, s: %3ld, c: %3ld, b: %3ld\"")}, + { MSG_FI_CHK, SH_ERR_INFO, FIL, N_("msg=\"Checking\" path=\"%s\"")}, +#endif + + { MSG_FI_NULL, SH_ERR_ERR, FIL, N_("msg=\"Path is NULL\"")}, + { MSG_FI_FAIL, SH_ERR_ERR, FIL, N_("msg=\"Check failed\" path=\"%s\"")}, + { MSG_FI_GLOB, SH_ERR_ERR, FIL, N_("interface=\"glob\" msg=\"%s\" path=\"%s\"")}, + { MSG_FI_COLL, SH_ERR_WARN, FIL, N_("msg=\"Writeable file with timestamps of parent directory fixed\" dir=\"%s\" path=\"%s\"")}, + { MSG_FI_DOUBLE, SH_ERR_WARN, FIL, N_("msg=\"File or directory appears twice in configuration\" path=\"%s\"")}, + { MSG_FI_2LONG, SH_ERR_ERR, FIL, N_("msg=\"Filename too long\" path=\"%s\"")}, + { MSG_FI_2LONG2, SH_ERR_ERR, FIL, N_("msg=\"Filename too long\" path=\"%s/%s\"")}, + { MSG_FI_NOPATH, SH_ERR_ERR, FIL, N_("msg=\"Filename not an absolute path\" path=\"%s\"")}, + { MSG_FI_DLNK, SH_ERR_INFO, FIL, N_("msg=\"Dangling link\" path=\"%s\" linked_path=\"%s\"")}, + { MSG_FI_RDLNK, SH_ERR_ERR, FIL, N_("interface=\"readlink\" msg=\"%s\" path=\"%s\"")}, + { MSG_FI_NOGRP, SH_ERR_ERR, FIL, N_("interface=\"getgrgid\" msg=\"No such group\" group=\"%ld\" path=\"%s\"")}, + { MSG_FI_NOUSR, SH_ERR_ERR, FIL, N_("interface=\"getpwuid\" msg=\"No such user\" userid=\"%ld\" path=\"%s\"")}, + { MSG_FI_LSTAT, SH_ERR_ERR, FIL, N_("interface=\"lstat\" msg=\"%s\" path=\"%s\"")}, + { MSG_FI_OBSC, SH_ERR_ERR, FIL, N_("msg=\"Weird filename\" path=\"%s\"")}, + { MSG_FI_OBSC2, SH_ERR_ERR, FIL, N_("msg=\"Weird filename\" path=\"%s/%s\"")}, + { MSG_FI_LIST, SH_ERR_ALL, FIL, N_("msg=\"%10s %2d %8s %8s %14ld %21s %s\"")}, + { MSG_FI_LLNK, SH_ERR_ALL, FIL, N_("msg=\" >>> %10s %s\"")}, + { MSG_FI_MISS, SH_ERR_ERR, EVENT, N_("msg=\"POLICY MISSING\" path=\"%s\"")}, + { MSG_FI_MISS2, SH_ERR_ERR, EVENT, N_("msg=\"POLICY MISSING\" path=\"%s\" %s")}, + { MSG_FI_ADD, SH_ERR_ERR, EVENT, N_("msg=\"POLICY ADDED\" path=\"%s\"")}, + { MSG_FI_ADD2, SH_ERR_ERR, EVENT, N_("msg=\"POLICY ADDED\" path=\"%s\" %s")}, + { MSG_FI_CHAN, SH_ERR_ERR, EVENT, N_("msg=\"POLICY %s %s\" path=\"%s\" %s")}, + { MSG_FI_NODIR, SH_ERR_ERR, EVENT, N_("msg=\"POLICY NODIRECTORY\" path=\"%s\"")}, + { MSG_FI_DBEX, SH_ERR_WARN, FIL, N_("msg=\"Signature database exists\" path=\"%s\"")}, +#endif + + { MSG_TCP_NETRP, SH_ERR_ERR, TCP, N_("msg=\"Connection error: %s\" port=\"%ld\" subroutine=\"%s\"")}, + +#ifndef SH_STANDALONE + +#ifdef INET_SYSLOG + { MSG_INET_SYSLOG, SH_ERR_INET, TCP, N_("ip=\"%s\" facility=\"%s\" priority=\"%s\" syslog_msg=\"%s\"")}, + { MSG_ERR_SYSLOG, SH_ERR_ERR, TCP, N_("msg=\"syslog socket: %s\" ip=\"%s\"")}, +#endif + { MSG_TCP_MISMATCH,SH_ERR_ERR, TCP, N_("msg=\"Protocol mismatch\"")}, + { MSG_TCP_MISENC, SH_ERR_ERR, TCP, N_("msg=\"Encryption mismatch in %s: server: %s client: %s\"")}, + { MSG_TCP_NONAME, SH_ERR_ERR, TCP, N_("msg=\"No server name known\"")}, + { MSG_TCP_UNEXP, SH_ERR_ERR, TCP, N_("msg=\"Unexpected reply\"")}, + { MSG_TCP_EFIL, SH_ERR_ERR, TCP, N_("msg=\"Could not open temporary file\"")}, + { MSG_TCP_NOCONF, SH_ERR_ERR, TCP, N_("msg=\"Message delivery not confirmed\"")}, + { MSG_TCP_NOAUTH, SH_ERR_ERR, TCP, N_("msg=\"Session key negotiation failed\"")}, + { MSG_TCP_CONF, SH_ERR_ALL, TCP, N_("msg=\"Message delivery confirmed\"")}, + { MSG_TCP_AUTH, SH_ERR_INFO, TCP, N_("msg=\"Session key negotiated\"")}, + { MSG_TCP_FOK, SH_ERR_INFO, TCP, N_("msg=\"File download completed\"")}, + { MSG_TCP_FBAD, SH_ERR_ERR, TCP, N_("msg=\"File download failed\"")}, + { MSG_TCP_ECONN, SH_ERR_ERR, TCP, N_("msg=\"Connection error: %s\"")}, + { MSG_TCP_EZERO, SH_ERR_ERR, TCP, N_("msg=\"Illegal zero reply\"")}, + { MSG_TCP_EBGN, SH_ERR_ERR, TCP, N_("msg=\"Error in big integer library\"")}, + + { MSG_TCP_CREG, SH_ERR_ALL, TCP, N_("msg=\"Registered %s, salt %s, verifier %s\"")}, + { MSG_TCP_FAUTH, SH_ERR_INFO, TCP, N_("msg=\"Force authentication\" host=\"%s\"")}, + + { MSG_TCP_RESCLT, SH_ERR_SEVERE, TCP, N_("msg=\"Cannot resolve client name\" host=\"%s\"")}, + { MSG_TCP_RESPEER, SH_ERR_SEVERE, TCP, N_("msg=\"Cannot resolve socket peer IP for client\" host=\"%s\" peer=\"%s\"")}, + { MSG_TCP_LOOKERS, SH_ERR_SEVERE, TCP, N_("msg=\"Reverse lookup of socket peer failed\" host=\"%s\" peer=\"%s\" obj=\"%s\"")}, + { MSG_TCP_LOOKUP, SH_ERR_SEVERE, TCP, N_("msg=\"No socket peer alias matches client name\" host=\"%s\" peer=\"%s\"")}, + + { MSG_TCP_TIMOUT, SH_ERR_SEVERE, TCP, N_("msg=\"Connection timeout\" host=\"%s\"")}, + { MSG_TCP_TIMEXC, SH_ERR_SEVERE, TCP, N_("msg=\"Time limit exceeded\" host=\"%s\"")}, + { MSG_TCP_NOCLT, SH_ERR_SEVERE, TCP, N_("msg=\"Hostname is NULL\"")}, + { MSG_TCP_BADCONN, SH_ERR_SEVERE, TCP, N_("msg=\"Invalid connection attempt: %s\" host=\"%s\"")}, + { MSG_TCP_FFILE , SH_ERR_SEVERE, TCP, N_("msg=\"Unknown file request\" host=\"%s\" path=\"%s\"")}, + { MSG_TCP_NFILE , SH_ERR_SEVERE, TCP, N_("msg=\"Requested file not found\" host=\"%s\" path=\"%s\"")}, + { MSG_TCP_FINV , SH_ERR_SEVERE, TCP, N_("msg=\"Invalid request (%d) in pass %d\" host=\"%s\" request=\"%c%03o%c%03o%c%03o%c%03o\"")}, + { MSG_TCP_OKFILE, SH_ERR_INFO, TCP, N_("msg=\"File transfer completed\" host=\"%s\"")}, + { MSG_TCP_OKMSG, SH_ERR_ALL, TCP, N_("msg=\"Message transfer completed\" host=\"%s\"")}, + { MSG_TCP_MSG, SH_ERR_INET, TCP, N_("remote_host=\"%s\" > %s ")}, + { MSG_TCP_NEW, SH_ERR_NOTICE, TCP, N_("msg=\"NEW CLIENT\" host=\"%s\"")}, + { MSG_TCP_ILL, SH_ERR_SEVERE, TCP, N_("msg=\"Restart without prior exit\" host=\"%s\"")}, + { MSG_TCP_SYNC, SH_ERR_SEVERE, TCP, N_("msg=\"Out of sync\" host=\"%s\"")}, + { MSG_TCP_RESET, SH_ERR_NOTICE, TCP, N_("msg=\"Connection reset by peer\" host=\"%s\"")}, + { MSG_TCP_CNEW, SH_ERR_INFO, TCP, N_("msg=\"New connection\" socket_id=\"%d\"")}, + { MSG_E_HTML, SH_ERR_ERR, ERR, N_("msg=\"Error writing HTML status\"")}, +#endif + + + { MSG_E_AUTH, SH_ERR_FATAL, PANIC, N_("msg=\"PANIC - File modified\" path=\"%s\"")}, + { MSG_ACCESS, SH_ERR_FATAL, PANIC, N_("msg=\"PANIC - Access violation\" userid=\"%ld\" path=\"%s\"")}, + { MSG_TRUST, SH_ERR_FATAL, PANIC, N_("msg=\"PANIC - Untrusted path\" userid=\"%ld\" path=\"%s\"")}, + { MSG_NOACCESS, SH_ERR_FATAL, PANIC, N_("msg=\"PANIC - File not accessible\" userid=\"%ld\" path=\"%s\"")}, + { MSG_P_NODATA, SH_ERR_FATAL, PANIC, N_("msg=\"PANIC - No data in file\" path=\"%s\"")}, + + +#ifndef MEM_DEBUG + { MSG_E_MNULL, SH_ERR_ERR, ERR, N_("msg=\"Dereferenced NULL pointer\"")}, + { MSG_E_MMEM, SH_ERR_ERR, ERR, N_("msg=\"Out of memory\"")}, +#else + { MSG_MSTAMP, SH_ERR_STAMP, STAMP, N_("msg=\"Memory used: max.=%lu, current=%lu\"")}, + { MSG_MSTAMP2, SH_ERR_STAMP, STAMP, N_("msg=\"Blocks: %d allocated, %d freed, %d maximum\"")}, + { MSG_E_MNULL, SH_ERR_ERR, ERR, N_("msg=\"Dereferenced NULL pointer\" source_file=\"%s\" source_line=\"%d\"")}, + { MSG_E_MMEM, SH_ERR_ERR, ERR, N_("msg=\"Out of memory\" source_file=\"%s\" source_line=\"%d\"")}, + { MSG_E_MREC, SH_ERR_ERR, ERR, N_("msg=\"Free() on unrecorded block\" source_file=\"%s\" source_line=\"%d\"")}, + { MSG_E_MOVER, SH_ERR_ERR, ERR, N_("msg=\"Memory overrun on block allocated in %s, line %d\" source_file=\"%s\" source_line=\"%d\"")}, + { MSG_E_MUNDER, SH_ERR_ERR, ERR, N_("msg=\"Memory underrun on block allocated in %s, line %d\" source_file=\"%s\" source_line=\"%d\"")}, + { MSG_E_NOTFREE, SH_ERR_ERR, ERR, N_("msg=\"Block not deallocated\" size=\"%14ld\" source_file=\"%19s\" source_line=\"%d\"")}, +#endif + + { MSG_E_TRUST, SH_ERR_ERR, ERR, N_("msg=\"Untrusted path\" userid=\"%ld\" path=\"%s\"")}, + { MSG_E_HASH, SH_ERR_ERR, ERR, N_("msg=\"Incorrect checksum\" path=\"%s\"")}, + { MSG_E_ACCESS, SH_ERR_ERR, ERR, N_("msg=\"File not accessible\" userid=\"%ld\" path=\"%s\"")}, + { MSG_E_READ, SH_ERR_ERR, ERR, N_("msg=\"Not accessible or not a regular file\" path=\"%s\"")}, + { MSG_E_NOTREG, SH_ERR_ERR, ERR, N_("msg=\"Not a regular file\" path=\"%s\"")}, + { MSG_E_TIMEOUT, SH_ERR_ERR, ERR, N_("msg=\"Timeout (%d sec) while checksumming file\" path=\"%s\"")}, + { MSG_NODEV, SH_ERR_ERR, ERR, N_("msg=\"Device not available or timeout during read attempt\" userid=\"%ld\" path=\"%s\"")}, + { MSG_LOCKED, SH_ERR_ERR, ERR, N_("msg=\"File lock error\" userid=\"%ld\" path=\"%s\" obj=\"%s\"")}, + { MSG_PIDFILE, SH_ERR_ERR, ERR, N_("msg=\"Could not write PID file\" userid=\"%ld\" path=\"%s\"")}, + { MSG_NOEXEC, SH_ERR_ERR, ERR, N_("msg=\"Could not execute file\" userid=\"%ld\" path=\"%s\"")}, + + { MSG_ES_ENT, SH_ERR_ERR, ERR, N_("msg=\"No entropy collected\" subroutine=\"%s\"")}, + { MSG_ES_KEY1, SH_ERR_ERR, ERR, N_("msg=\"Insecure key generation\" subroutine=\"%s\"")}, + { MSG_ES_KEY2, SH_ERR_ERR, ERR, N_("msg=\"Error copying key\" subroutine=\"%s\"")}, + { MSG_E_GPG, SH_ERR_ERR, ERR, N_("msg=\"Compiled-in gpg checksum does not match: need %s got %s\"")}, + { MSG_E_GPG_FP, SH_ERR_ERR, ERR, N_("msg=\"Compiled-in fingerprint modified: one %s two %s\"")}, + { MSG_E_GPG_CHK, SH_ERR_ERR, ERR, N_("msg=\"Compiled-in checksum modified: one %s two %s\"")}, + { MSG_E_SUBGEN, SH_ERR_ERR, ERR, N_("msg=\"%s\" subroutine=\"%s\"")}, + { MSG_E_SUBGPATH, SH_ERR_ERR, ERR, N_("msg=\"%s\" subroutine=\"%s\" path=\"%s\"")}, + { MSG_E_UNLNK, SH_ERR_ERR, FIL, N_("interface=\"unlink\" msg=\"%s\" path=\"%s\"")}, + { MSG_E_REGEX, SH_ERR_ERR, ERR, N_("interface=\"regcomp\" msg=\"%s\" obj=\"%s\"")}, + { MSG_E_OPENDIR, SH_ERR_ERR, FIL, N_("interface=\"opendir\" msg=\"%s\" path=\"%s\"")}, + { MSG_E_TRUST1, SH_ERR_ERR, ERR, N_("msg=\"%s\" subroutine=\"trustfile\" path=\"%s\"")}, + { MSG_E_TRUST2, SH_ERR_ERR, ERR, N_("msg=\"%s\" subroutine=\"trustfile\" path=\"%s\" obj=\"%s\"")}, + { MSG_E_PWNULL, SH_ERR_ERR, ERR, N_("msg=\"Empty password file entry: %s\" subroutine=\"%s\" userid=\"%ld\" obj=\"%s\"")}, + { MSG_E_PWLONG, SH_ERR_ERR, ERR, N_("msg=\"Password file entry too long\" subroutine=\"%s\" userid=\"%ld\" obj=\"%s\"")}, + { MSG_E_GRNULL, SH_ERR_ERR, ERR, N_("msg=\"Empty groups file entry: %s\" subroutine=\"%s\" group=\"%ld\" obj=\"%s\"")}, + + { MSG_E_NET, SH_ERR_ERR, ENET, N_("msg=\"%s\" subroutine=\"%s\" service=\"%s\" host=\"%s\"")}, + { MSG_E_NETST, SH_ERR_ERR, ENET, N_("msg=\"Invalid connection state\" expect=\"%4s\" received=\"%4s\"")}, + { MSG_E_NETST1, SH_ERR_ERR, ENET, N_("msg=\"Invalid connection state\" expect=\"%4s\" received=\"%4s\" host=\"%s\"")}, + { MSG_E_NLOST, SH_ERR_ERR, ENET, N_("msg=\"Connection failure\" service=\"%s\" host=\"%s\"")}, + { MSG_E_NEST, SH_ERR_ERR, ENET, N_("msg=\"Connection reestablished\" service=\"%s\" host=\"%s\"")}, + + { MSG_EINVALHEAD, SH_ERR_WARN, EINPUT,N_("msg=\"Unrecognized section heading in line %ld of configuration file\"")}, + { MSG_EINVALCONF, SH_ERR_WARN, EINPUT,N_("msg=\"Invalid line %ld in configuration file: incorrect format, unrecognized option, or missing section header\"")}, + { MSG_EINVALS, SH_ERR_WARN, EINPUT,N_("msg=\"Invalid input\" option=\"%s\" obj=\"%s\"")}, + { MSG_EINVALL, SH_ERR_WARN, EINPUT,N_("msg=\"Invalid input\" option=\"%s\" obj=\"%ld\"")}, + { MSG_EINVALD, SH_ERR_WARN, EINPUT,N_("msg=\"Configuration file: unmatched @end\" option=\"%s\" obj=\"%ld\"")}, + { MSG_EINVALDD, SH_ERR_WARN, EINPUT,N_("msg=\"Configuration file: missing @end\" option=\"%s\" obj=\"%ld\"")}, + + { MSG_SRV_FAIL, SH_ERR_ERR, ERR, N_("msg=\"Service failure\" service=\"%s\" obj=\"%s\"")}, + { MSG_QUEUE_FULL, SH_ERR_ERR, ERR, N_("msg=\"Queue full, messages may get lost\" service=\"%s\"")}, + + { MSG_AUD_OPEN, SH_ERR_NOTICE, AUD, N_("interface=\"open\" path=\"%s\" oflag=\"%ld\" mode=\"%ld\" return_id=\"%ld\"")}, + { MSG_AUD_DUP, SH_ERR_NOTICE, AUD, N_("interface=\"dup\" file_id=\"%ld\" return_id=\"%ld\"")}, + { MSG_AUD_PIPE, SH_ERR_NOTICE, AUD, N_("interface=\"pipe\" rd_file_id=\"%ld\" wr_file_id=\"%ld\"")}, + { MSG_AUD_FORK, SH_ERR_NOTICE, AUD, N_("interface=\"fork\" return_id=\"%ld\"")}, + { MSG_AUD_EXIT, SH_ERR_NOTICE, AUD, N_("interface=\"exit\" exit_code=\"%ld\"")}, + { MSG_AUD_SETUID, SH_ERR_NOTICE, AUD, N_("interface=\"setuid\" uid=\"%ld\"")}, + { MSG_AUD_SETGID, SH_ERR_NOTICE, AUD, N_("interface=\"setgid\" gid=\"%ld\"")}, + { MSG_AUD_UTIME, SH_ERR_NOTICE, AUD, N_("interface=\"utime\" path=\"%s\" atime=\"%ld\" mtime=\"%ld\"")}, + { MSG_AUD_EXEC, SH_ERR_NOTICE, AUD, N_("interface=\"exec\" path=\"%s\" uid=\"%ld\" gid=\"%ld\"")}, + { MSG_AUD_CHDIR, SH_ERR_NOTICE, AUD, N_("interface=\"chdir\" path=\"%s\"")}, + { MSG_AUD_UNLINK, SH_ERR_NOTICE, AUD, N_("interface=\"unlink\" path=\"%s\"")}, + { MSG_AUD_KILL, SH_ERR_NOTICE, AUD, N_("interface=\"kill\" pid=\"%ld\" sig=\"%ld\"")}, + + { MSG_ERR_OPEN, SH_ERR_ALL, ERR, N_("interface=\"open\" msg=\"%s\" path=\"%s\" oflag=\"%ld\" mode=\"%ld\" return_id=\"%ld\"")}, + { MSG_ERR_DUP, SH_ERR_ALL, ERR, N_("interface=\"dup\" msg=\"%s\" file_id=\"%ld\" return_id=\"%ld\"")}, + { MSG_ERR_PIPE, SH_ERR_ALL, ERR, N_("interface=\"pipe\" msg=\"%s\" rd_file_id=\"%ld\" wr_file_id=\"%ld\"")}, + { MSG_ERR_FORK, SH_ERR_ALL, ERR, N_("interface=\"fork\" msg=\"%s\" return_id=\"%ld\"")}, + { MSG_ERR_SETUID, SH_ERR_ALL, ERR, N_("interface=\"setuid\" msg=\"%s\" uid=\"%ld\"")}, + { MSG_ERR_SETGID, SH_ERR_ALL, ERR, N_("interface=\"setgid\" msg=\"%s\" gid=\"%ld\"")}, + { MSG_ERR_UTIME, SH_ERR_ALL, ERR, N_("interface=\"utime\" msg=\"%s\" path=\"%s\" atime=\"%ld\" mtime=\"%ld\"")}, + { MSG_ERR_EXEC, SH_ERR_ALL, ERR, N_("interface=\"exec\" msg=\"%s\" path=\"%s\" uid=\"%ld\" gid=\"%ld\"")}, + { MSG_ERR_CHDIR, SH_ERR_ALL, ERR, N_("interface=\"chdir\" msg=\"%s\" path=\"%s\"")}, + { MSG_ERR_UNLINK, SH_ERR_ALL, ERR, N_("interface=\"unlink\" msg=\"%s\" path=\"%s\"")}, + { MSG_ERR_KILL, SH_ERR_ALL, ERR, N_("interface=\"kill\" msg=\"%s\" pid=\"%ld\" sig=\"%ld\"")}, + + { MSG_ERR_SIGACT, SH_ERR_ALL, ERR, N_("interface=\"sigaction\" msg=\"%s\" sig=\"%ld\"")}, + { MSG_ERR_CONNECT, SH_ERR_ALL, ERR, N_("interface=\"connect\" msg=\"%s\" socket_id=\"%ld\" port=\"%ld\" host=\"%s\"")}, + { MSG_ERR_ACCEPT, SH_ERR_ALL, ERR, N_("interface=\"accept\" msg=\"%s\" socket_id=\"%ld\"")}, + { MSG_ERR_LSTAT, SH_ERR_ALL, ERR, N_("interface=\"lstat\" msg=\"%s\" path=\"%s\"")}, + { MSG_ERR_STAT, SH_ERR_ALL, ERR, N_("interface=\"stat\" msg=\"%s\" path=\"%s\"")}, + { MSG_ERR_FSTAT, SH_ERR_ALL, ERR, N_("interface=\"fstat\" msg=\"%s\" file_id=\"%ld\"")}, + { MSG_ERR_FCNTL, SH_ERR_ALL, ERR, N_("interface=\"fcntl\" msg=\"%s\" file_id=\"%ld\" cmd=\"%ld\" arg=\"%ld\"")}, + + { 0, 0, 0, NULL} +}; + + + +/******************************************************************** + * + * + * NO XML + * + * + ********************************************************************/ + + + + + +/* #ifdef (SH_USE_XML) */ +#else + +cat_entry msg_cat[] = { +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + { MSG_FI_CSUM, SH_ERR_ALL, FIL, N_("msg=, chk=<%s>, path=<%s>")}, + { MSG_FI_DSUM, SH_ERR_INFO, FIL, N_("msg=")}, + { MSG_FI_CHK, SH_ERR_INFO, FIL, N_("msg=, path=<%s>")}, +#endif + + { MSG_EXIT_ABORTS, SH_ERR_FATAL, PANIC, N_("msg=, program=<%s>, subroutine=<%s>")}, + { MSG_START_SRV, SH_ERR_STAMP, START, N_("msg=, socket_id=<%d>")}, + + { MSG_EXIT_ABORT1, SH_ERR_FATAL, PANIC, N_("msg=, program=<%s>")}, + { MSG_EXIT_NORMAL, SH_ERR_FATAL, START, N_("msg=, program=<%s>, status=<%s>")}, + { MSG_START_KEY_MAIL, SH_ERR_FATAL, LOGKEY, N_("msg=, program=<%s>, hash=<%s>\r\n-----BEGIN LOGKEY-----\r\n%s%s")}, + { MSG_START_KEY, SH_ERR_FATAL, LOGKEY, N_("msg=, program=<%s>, hash=<%s>")}, + { MSG_START_0H, SH_ERR_FATAL, START, N_("msg=, program=<%s>, userid=<%ld>")}, + { MSG_START_1H, SH_ERR_FATAL, START, N_("msg=, program=<%s>, userid=<%ld>, path=<%s>, hash=<%s>")}, + { MSG_START_2H, SH_ERR_FATAL, START, N_("msg=, program=<%s>, userid=<%ld>, path=<%s>, hash=<%s>, path=<%s>, hash=<%s>")}, + { MSG_START_GH, SH_ERR_FATAL, START, N_("msg=, program=<%s>, userid=<%ld>, path=<%s>, key_uid=<%s>, key_id=<%s>")}, + { MSG_START_GH2, SH_ERR_FATAL, START, N_("msg=, program=<%s>, userid=<%ld>, path=<%s>, key_uid=<%s>, key_id=<%s>, path=<%s>, key_uid=<%s>, key_id=<%s>")}, + { MSG_SUSPEND, SH_ERR_STAMP, START, N_("msg= program=<%s>")}, + + + { MSG_MLOCK, SH_ERR_WARN, RUN, N_("msg=")}, + { MSG_W_SIG, SH_ERR_WARN, RUN, N_("msg=<%s>, interface=, signal=<%ld>")}, + { MSG_W_CHDIR, SH_ERR_ERR, RUN, N_("msg=<%s>, interface=, path=<%s>")}, + + { MSG_MOD_FAIL, SH_ERR_WARN, RUN, N_("msg=, module=<%s>, return_code=<%ld>")}, + { MSG_MOD_OK, SH_ERR_INFO, RUN, N_("msg=, module=<%s>")}, + { MSG_MOD_EXEC, SH_ERR_ERR, RUN, N_("msg=, module=<%s>, return_code=<%ld>")}, + + { MSG_RECONF, SH_ERR_SEVERE, START, N_("msg=")}, + { MSG_CHECK_0, SH_ERR_WARN, RUN, N_("msg=")}, + { MSG_CHECK_1, SH_ERR_STAMP, STAMP, N_("msg=, time=<%ld>, kBps=<%f>")}, + { MSG_STAMP, SH_ERR_STAMP, STAMP, N_("msg=<---- TIMESTAMP ---->")}, + + { MSG_D_START, SH_ERR_INFO, RUN, N_("msg=")}, + { MSG_D_DSTART, SH_ERR_INFO, RUN, N_("msg=")}, + { MSG_D_FAIL, SH_ERR_INFO, RUN, N_("msg=")}, + + +#ifndef HAVE_URANDOM + { MSG_ENSTART, SH_ERR_ALL, RUN, N_("msg=, path=<%s>")}, + { MSG_ENEXEC, SH_ERR_ALL, RUN, N_("msg=, path=<%s>, rd_file_id=<%ld>")}, + { MSG_ENFAIL, SH_ERR_ALL, RUN, N_("msg=, path=<%s>")}, + { MSG_ENTOUT, SH_ERR_ALL, RUN, N_("msg=, time=<%ld>")}, + { MSG_ENCLOS, SH_ERR_ALL, RUN, N_("msg=, rd_file_id=<%ld>")}, + { MSG_ENCLOS1, SH_ERR_ALL, RUN, N_("msg=, rd_file_id=<%ld>")}, + { MSG_ENREAD, SH_ERR_ALL, RUN, N_("msg=, rd_file_id=<%ld>, bytes=<%ld>")}, +#endif + +#ifdef SH_USE_SUIDCHK + { MSG_SUID_POLICY, SH_ERR_SEVERE, EVENT, N_("msg=, path=<%s>, %s") }, + { MSG_SUID_FOUND, SH_ERR_INFO, RUN, N_("msg= path=<%s>") }, + { MSG_SUID_SUMMARY,SH_ERR_INFO, RUN, N_("msg=") }, + { MSG_SUID_QREPORT,SH_ERR_SEVERE, EVENT, N_("msg=, path=<%s>") }, + { MSG_SUID_ERROR, SH_ERR_SEVERE, EVENT, N_("msg=") }, +#endif + +#ifdef SH_USE_KERN + { MSG_KERN_POLICY, SH_ERR_SEVERE, EVENT, N_("msg=, syscall=<%03d %s>") }, + { MSG_KERN_POL_CO, SH_ERR_SEVERE, EVENT, N_("msg=, syscall=<%03d %s>") }, + + { MSG_KERN_SYSCALL,SH_ERR_SEVERE, EVENT, N_("msg= syscall=<%03d %s>, %s") }, + { MSG_KERN_PROC, SH_ERR_SEVERE, EVENT, N_("msg=") }, + { MSG_KERN_IDT, SH_ERR_SEVERE, EVENT, N_("msg=, %s") }, + { MSG_KERN_GATE, SH_ERR_SEVERE, EVENT, N_("msg= syscall=<%03d %s>, %s") }, + +#endif + +#ifdef SH_USE_UTMP + { MSG_UT_CHECK, SH_ERR_INFO, RUN, N_("msg=")}, + + { MSG_UT_LG1X, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, host=<%s>, ip=<%s>, time=<%s>, status=<%d>")}, + { MSG_UT_LG1A, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, host=<%s>, time=<%s>, status=<%d>")}, + { MSG_UT_LG1B, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, time=<%s>, status=<%d>")}, + + { MSG_UT_LG2X, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, host=<%s>, ip=<%s>, time=<%s>, status=<%d>")}, + { MSG_UT_LG2A, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, host=<%s>, time=<%s>, status=<%d>")}, + { MSG_UT_LG2B, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, time=<%s>, status=<%d>")}, + + { MSG_UT_LG3X, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, host=<%s>, ip=<%s>, time=<%s>, status=<%d>")}, + { MSG_UT_LG3A, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, host=<%s>, time=<%s>, status=<%d>")}, + { MSG_UT_LG3B, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, time=<%s>, status=<%d>")}, + { MSG_UT_LG3C, SH_ERR_INFO, EVENT, N_("msg=, tty=<%s>, time=<%s>")}, + { MSG_UT_ROT, SH_ERR_WARN, RUN, N_("msg=, path=<%s>")}, + +#endif + +#ifdef SH_USE_PROCESSCHECK + { MSG_PCK_CHECK, SH_ERR_INFO, RUN, N_("msg=")}, + { MSG_PCK_OK, SH_ERR_ALL, RUN, N_("msg=")}, + { MSG_PCK_P_HIDDEN,SH_ERR_SEVERE, EVENT, N_("msg=
+ + Index: /tags/2.5.0/scripts/makeself/makeself-header.sh =================================================================== --- /tags/2.5.0/scripts/makeself/makeself-header.sh (revision 189) +++ /tags/2.5.0/scripts/makeself/makeself-header.sh (revision 189) @@ -0,0 +1,365 @@ +cat << EOF > "$archname" +#!/bin/sh +# This script was generated using Makeself $MS_VERSION +CRCsum="$CRCsum" +MD5="$MD5sum" +TMPROOT=\${TMPDIR:=/tmp} + +label="$LABEL" +script="$SCRIPT" +scriptargs="$SCRIPTARGS" +targetdir="$archdirname" +filesizes="$filesizes" +keep=$KEEP + +print_cmd_arg="" +if type printf > /dev/null; then + print_cmd="printf" +elif test -x /usr/ucb/echo; then + print_cmd="/usr/ucb/echo" +else + print_cmd="echo" +fi + +MS_Printf() +{ + \$print_cmd \$print_cmd_arg "\$1" +} + +MS_Progress() +{ + while read a; do + MS_Printf . + done +} + +MS_dd() +{ + blocks=\`expr \$3 / 1024\` + bytes=\`expr \$3 % 1024\` + dd if="\$1" ibs=\$2 skip=1 obs=1024 conv=sync 2> /dev/null | \\ + { test \$blocks -gt 0 && dd ibs=1024 obs=1024 count=\$blocks ; \\ + test \$bytes -gt 0 && dd ibs=1 obs=1024 count=\$bytes ; } 2> /dev/null +} + +MS_Help() +{ + cat << EOH >&2 +Makeself version $MS_VERSION + 1) Getting help or info about \$0 : + \$0 --help Print this message + \$0 --info Print embedded info : title, default target directory, embedded script ... + \$0 --lsm Print embedded lsm entry (or no LSM) + \$0 --list Print the list of files in the archive + \$0 --check Checks integrity of the archive + + 2) Running \$0 : + \$0 [options] [--] [additional arguments to embedded script] + with following options (in that order) + --confirm Ask before running embedded script + --noexec Do not run embedded script + --keep Do not erase target directory after running + the embedded script + --nox11 Do not spawn an xterm + --nochown Do not give the extracted files to the current user + --target NewDirectory Extract in NewDirectory + --tar arg1 [arg2 ...] Access the contents of the archive through the tar command + -- Following arguments will be passed to the embedded script +EOH +} + +MS_Check() +{ + OLD_PATH=\$PATH + PATH=\${GUESS_MD5_PATH:-"\$OLD_PATH:/bin:/usr/bin:/sbin:/usr/local/ssl/bin:/usr/local/bin:/opt/openssl/bin"} + MD5_PATH=\`exec 2>&-; which md5sum || type md5sum\` + MD5_PATH=\${MD5_PATH:-\`exec 2>&-; which md5 || type md5\`} + PATH=\$OLD_PATH + MS_Printf "Verifying archive integrity..." + offset=\`head -n $SKIP "\$1" | wc -c | tr -d " "\` + verb=\$2 + i=1 + for s in \$filesizes + do + crc=\`echo \$CRCsum | cut -d" " -f\$i\` + if test -x "\$MD5_PATH"; then + md5=\`echo \$MD5 | cut -d" " -f\$i\` + if test \$md5 = "00000000000000000000000000000000"; then + test x\$verb = xy && echo " \$1 does not contain an embedded MD5 checksum." >&2 + else + md5sum=\`MS_dd "\$1" \$offset \$s | "\$MD5_PATH" | cut -b-32\`; + if test "\$md5sum" != "\$md5"; then + echo "Error in MD5 checksums: \$md5sum is different from \$md5" >&2 + exit 2 + else + test x\$verb = xy && MS_Printf " MD5 checksums are OK." >&2 + fi + crc="0000000000"; verb=n + fi + fi + if test \$crc = "0000000000"; then + test x\$verb = xy && echo " \$1 does not contain a CRC checksum." >&2 + else + sum1=\`MS_dd "\$1" \$offset \$s | cksum | awk '{print \$1}'\` + if test "\$sum1" = "\$crc"; then + test x\$verb = xy && MS_Printf " CRC checksums are OK." >&2 + else + echo "Error in checksums: \$sum1 is different from \$crc" + exit 2; + fi + fi + i=\`expr \$i + 1\` + offset=\`expr \$offset + \$s\` + done + echo " All good." +} + +UnTAR() +{ + tar \$1vf - 2>&1 || { echo Extraction failed. > /dev/tty; kill -15 \$$; } +} + +finish=true +xterm_loop= +nox11=$NOX11 +copy=$COPY +ownership=y +verbose=n + +initargs="\$@" + +while true +do + case "\$1" in + -h | --help) + MS_Help + exit 0 + ;; + --info) + echo Identification: "\$label" + echo Target directory: "\$targetdir" + echo Uncompressed size: $USIZE KB + echo Compression: $COMPRESS + echo Date of packaging: $DATE + echo Built with Makeself version $MS_VERSION on $OSTYPE + echo Build command was: "$MS_COMMAND" + if test x\$script != x; then + echo Script run after extraction: + echo " " \$script \$scriptargs + fi + if test x"$copy" = xcopy; then + echo "Archive will copy itself to a temporary location" + fi + if test x"$KEEP" = xy; then + echo "directory \$targetdir is permanent" + else + echo "\$targetdir will be removed after extraction" + fi + exit 0 + ;; + --dumpconf) + echo LABEL=\"\$label\" + echo SCRIPT=\"\$script\" + echo SCRIPTARGS=\"\$scriptargs\" + echo archdirname=\"$archdirname\" + echo KEEP=$KEEP + echo COMPRESS=$COMPRESS + echo filesizes=\"\$filesizes\" + echo CRCsum=\"\$CRCsum\" + echo MD5sum=\"\$MD5\" + echo OLDUSIZE=$USIZE + echo OLDSKIP=`expr $SKIP + 1` + exit 0 + ;; + --lsm) +cat << EOLSM +EOF +eval "$LSM_CMD" +cat << EOF >> "$archname" +EOLSM + exit 0 + ;; + --list) + echo Target directory: \$targetdir + offset=\`head -n $SKIP "\$0" | wc -c | tr -d " "\` + for s in \$filesizes + do + MS_dd "\$0" \$offset \$s | eval "$GUNZIP_CMD" | UnTAR t + offset=\`expr \$offset + \$s\` + done + exit 0 + ;; + --tar) + offset=\`head -n $SKIP "\$0" | wc -c | tr -d " "\` + arg1="\$2" + shift 2 + for s in \$filesizes + do + MS_dd "\$0" \$offset \$s | eval "$GUNZIP_CMD" | tar "\$arg1" - \$* + offset=\`expr \$offset + \$s\` + done + exit 0 + ;; + --check) + MS_Check "\$0" y + exit 0 + ;; + --confirm) + verbose=y + shift + ;; + --noexec) + script="" + shift + ;; + --keep) + keep=y + shift + ;; + --target) + keep=y + targetdir=\${2:-.} + shift 2 + ;; + --nox11) + nox11=y + shift + ;; + --nochown) + ownership=n + shift + ;; + --xwin) + finish="echo Press Return to close this window...; read junk" + xterm_loop=1 + shift + ;; + --phase2) + copy=phase2 + shift + ;; + --) + shift + break ;; + -*) + echo Unrecognized flag : "\$1" >&2 + MS_Help + exit 1 + ;; + *) + break ;; + esac +done + +case "\$copy" in +copy) + SCRIPT_COPY="\$TMPROOT/makeself\$\$" + echo "Copying to a temporary location..." >&2 + cp "\$0" "\$SCRIPT_COPY" + chmod +x "\$SCRIPT_COPY" + cd "\$TMPROOT" + exec "\$SCRIPT_COPY" --phase2 + ;; +phase2) + finish="\$finish ; rm -f \$0" + ;; +esac + +if test "\$nox11" = "n"; then + if tty -s; then # Do we have a terminal? + : + else + if test x"\$DISPLAY" != x -a x"\$xterm_loop" = x; then # No, but do we have X? + if xset q > /dev/null 2>&1; then # Check for valid DISPLAY variable + GUESS_XTERMS="xterm rxvt dtterm eterm Eterm kvt konsole aterm" + for a in \$GUESS_XTERMS; do + if type \$a >/dev/null 2>&1; then + XTERM=\$a + break + fi + done + chmod a+x \$0 || echo Please add execution rights on \$0 + if test \`echo "\$0" | cut -c1\` = "/"; then # Spawn a terminal! + exec \$XTERM -title "\$label" -e "\$0" --xwin "\$initargs" + else + exec \$XTERM -title "\$label" -e "./\$0" --xwin "\$initargs" + fi + fi + fi + fi +fi + +if test "\$targetdir" = "."; then + tmpdir="." +else + if test "\$keep" = y; then + echo "Creating directory \$targetdir" >&2 + tmpdir="\$targetdir" + else + tmpdir="\$TMPROOT/selfgz\$\$" + fi + mkdir -p \$tmpdir || { + echo 'Cannot create target directory' \$tmpdir >&2 + echo 'You should try option --target OtherDirectory' >&2 + eval \$finish + exit 1 + } +fi + +location="\`pwd\`" +if test x\$SETUP_NOCHECK != x1; then + MS_Check "\$0" +fi +offset=\`head -n $SKIP "\$0" | wc -c | tr -d " "\` + +if test x"\$verbose" = xy; then + MS_Printf "About to extract $USIZE KB in \$tmpdir ... Proceed ? [Y/n] " + read yn + if test x"\$yn" = xn; then + eval \$finish; exit 1 + fi +fi + +MS_Printf "Uncompressing \$label" +res=3 +if test "\$keep" = n; then + trap 'echo Signal caught, cleaning up >&2; cd \$TMPROOT; /bin/rm -rf \$tmpdir; eval \$finish; exit 15' 1 2 3 15 +fi + +for s in \$filesizes +do + if MS_dd "\$0" \$offset \$s | eval "$GUNZIP_CMD" | ( cd "\$tmpdir"; UnTAR x ) | MS_Progress; then + if test x"\$ownership" = xy; then + (PATH=/usr/xpg4/bin:\$PATH; cd "\$tmpdir"; chown -R \`id -u\` .; chgrp -R \`id -g\` .) + fi + else + echo + echo "Unable to decompress \$0" >&2 + eval \$finish; exit 1 + fi + offset=\`expr \$offset + \$s\` +done +echo + +cd "\$tmpdir" +res=0 +if test x"\$script" != x; then + if test x"\$verbose" = xy; then + MS_Printf "OK to execute: \$script \$scriptargs \$* ? [Y/n] " + read yn + if test x"\$yn" = x -o x"\$yn" = xy -o x"\$yn" = xY; then + eval \$script \$scriptargs \$*; res=\$?; + fi + else + eval \$script \$scriptargs \$*; res=\$? + fi + if test \$res -ne 0; then + test x"\$verbose" = xy && echo "The program '\$script' returned an error code (\$res)" >&2 + fi +fi +if test "\$keep" = n; then + cd \$TMPROOT + /bin/rm -rf \$tmpdir +fi +eval \$finish; exit \$res +EOF Index: /tags/2.5.0/scripts/makeself/makeself.sh =================================================================== --- /tags/2.5.0/scripts/makeself/makeself.sh (revision 189) +++ /tags/2.5.0/scripts/makeself/makeself.sh (revision 189) @@ -0,0 +1,361 @@ +#!/bin/sh +# +# Makeself version 2.1.x +# by Stephane Peter +# +# $Id: makeself.sh,v 1.44 2004/04/23 18:28:48 megastep Exp $ +# +# Utility to create self-extracting tar.gz archives. +# The resulting archive is a file holding the tar.gz archive with +# a small Shell script stub that uncompresses the archive to a temporary +# directory and then executes a given script from withing that directory. +# +# Makeself home page: http://www.megastep.org/makeself/ +# +# Version 2.0 is a rewrite of version 1.0 to make the code easier to read and maintain. +# +# Version history : +# - 1.0 : Initial public release +# - 1.1 : The archive can be passed parameters that will be passed on to +# the embedded script, thanks to John C. Quillan +# - 1.2 : Package distribution, bzip2 compression, more command line options, +# support for non-temporary archives. Ideas thanks to Francois Petitjean +# - 1.3 : More patches from Bjarni R. Einarsson and Francois Petitjean: +# Support for no compression (--nocomp), script is no longer mandatory, +# automatic launch in an xterm, optional verbose output, and -target +# archive option to indicate where to extract the files. +# - 1.4 : Improved UNIX compatibility (Francois Petitjean) +# Automatic integrity checking, support of LSM files (Francois Petitjean) +# - 1.5 : Many bugfixes. Optionally disable xterm spawning. +# - 1.5.1 : More bugfixes, added archive options -list and -check. +# - 1.5.2 : Cosmetic changes to inform the user of what's going on with big +# archives (Quake III demo) +# - 1.5.3 : Check for validity of the DISPLAY variable before launching an xterm. +# More verbosity in xterms and check for embedded command's return value. +# Bugfix for Debian 2.0 systems that have a different "print" command. +# - 1.5.4 : Many bugfixes. Print out a message if the extraction failed. +# - 1.5.5 : More bugfixes. Added support for SETUP_NOCHECK environment variable to +# bypass checksum verification of archives. +# - 1.6.0 : Compute MD5 checksums with the md5sum command (patch from Ryan Gordon) +# - 2.0 : Brand new rewrite, cleaner architecture, separated header and UNIX ports. +# - 2.0.1 : Added --copy +# - 2.1.0 : Allow multiple tarballs to be stored in one archive, and incremental updates. +# Added --nochown for archives +# Stopped doing redundant checksums when not necesary +# - 2.1.1 : Work around insane behavior from certain Linux distros with no 'uncompress' command +# Cleaned up the code to handle error codes from compress. Simplified the extraction code. +# - 2.1.2 : Some bug fixes. Use head -n to avoid problems. +# - 2.1.3 : Bug fixes with command line when spawning terminals. +# Added --tar for archives, allowing to give arbitrary arguments to tar on the contents of the archive. +# Added --noexec to prevent execution of embedded scripts. +# Added --nomd5 and --nocrc to avoid creating checksums in archives. +# Added command used to create the archive in --info output. +# Run the embedded script through eval. +# +# (C) 1998-2004 by Stéphane Peter +# +# This software is released under the terms of the GNU GPL +# Please read the license at http://www.gnu.org/copyleft/gpl.html +# + +MS_VERSION=2.1.3 + +# Procedures + +MS_Usage() +{ + echo "Usage: $0 [params] archive_dir file_name label [startup_script] [args]" + echo "params can be one or more of the following :" + echo " --version | -v : Print out Makeself version number and exit" + echo " --help | -h : Print out this help message" + echo " --gzip : Compress using gzip (default if detected)" + echo " --bzip2 : Compress using bzip2 instead of gzip" + echo " --compress : Compress using the UNIX 'compress' command" + echo " --nocomp : Do not compress the data" + echo " --notemp : The archive will create archive_dir in the" + echo " current directory and uncompress in ./archive_dir" + echo " --copy : Upon extraction, the archive will first copy itself to" + echo " a temporary directory" + echo " --append : Append more files to an existing Makeself archive" + echo " The label and startup scripts will then be ignored" + echo " --current : Files will be extracted to the current directory." + echo " Implies --notemp." + echo " --nomd5 : Don't calculate an MD5 for archive" + echo " --nocrc : Don't calculate a CRC for archive" + echo " --header file : Specify location of the header script" + echo " --follow : Follow the symlinks in the archive" + echo " --nox11 : Disable automatic spawn of a xterm" + echo " --nowait : Do not wait for user input after executing embedded" + echo " program from an xterm" + echo " --lsm file : LSM file describing the package" + echo + echo "Do not forget to give a fully qualified startup script name" + echo "(i.e. with a ./ prefix if inside the archive)." + exit 1 +} + +# Default settings +if type gzip 2>&1 > /dev/null; then + COMPRESS=gzip +else + COMPRESS=Unix +fi +KEEP=n +CURRENT=n +NOX11=n +APPEND=n +COPY=none +TAR_ARGS=cvf +HEADER=`dirname $0`/makeself-header.sh + +# LSM file stuff +LSM_CMD="echo No LSM. >> \"\$archname\"" + +while true +do + case "$1" in + --version | -v) + echo Makeself version $MS_VERSION + exit 0 + ;; + --bzip2) + COMPRESS=bzip2 + shift + ;; + --gzip) + COMPRESS=gzip + shift + ;; + --compress) + COMPRESS=Unix + shift + ;; + --nocomp) + COMPRESS=none + shift + ;; + --notemp) + KEEP=y + shift + ;; + --copy) + COPY=copy + shift + ;; + --current) + CURRENT=y + KEEP=y + shift + ;; + --header) + HEADER="$2" + shift 2 + ;; + --follow) + TAR_ARGS=cvfh + shift + ;; + --nox11) + NOX11=y + shift + ;; + --nowait) + shift + ;; + --nomd5) + NOMD5=y + shift + ;; + --nocrc) + NOCRC=y + shift + ;; + --append) + APPEND=y + shift + ;; + --lsm) + LSM_CMD="cat \"$2\" >> \"\$archname\"" + shift 2 + ;; + -h | --help) + MS_Usage + ;; + -*) + echo Unrecognized flag : "$1" + MS_Usage + ;; + *) + break + ;; + esac +done + +archdir="$1" +archname="$2" +MS_COMMAND="$0 $*" + +if test "$APPEND" = y; then + if test $# -lt 2; then + MS_Usage + fi + + # Gather the info from the original archive + OLDENV=`sh "$archname" --dumpconf` + if test $? -ne 0; then + echo "Unable to update archive: $archname" >&2 + exit 1 + else + eval "$OLDENV" + fi +else + if test "$KEEP" = n -a $# = 3; then + echo "ERROR: Making a temporary archive with no embedded command does not make sense!" >&2 + echo + MS_Usage + fi + # We don't really want to create an absolute directory... + if test "$CURRENT" = y; then + archdirname="." + else + archdirname=`basename "$1"` + fi + + if test $# -lt 3; then + MS_Usage + fi + + LABEL="$3" + SCRIPT="$4" + test x$SCRIPT = x || shift 1 + shift 3 + SCRIPTARGS="$*" +fi + +if test "$KEEP" = n -a "$CURRENT" = y; then + echo "ERROR: It is A VERY DANGEROUS IDEA to try to combine --notemp and --current." >&2 + exit 1 +fi + +case $COMPRESS in +gzip) + GZIP_CMD="gzip -c9" + GUNZIP_CMD="gzip -cd" + ;; +bzip2) + GZIP_CMD="bzip2 -9" + GUNZIP_CMD="bzip2 -d" + ;; +Unix) + GZIP_CMD="compress -cf" + GUNZIP_CMD="exec 2>&-; uncompress -c || test \\\$? -eq 2 || gzip -cd" + ;; +none) + GZIP_CMD="cat" + GUNZIP_CMD="cat" + ;; +esac + +tmpfile="${TMPDIR:=/tmp}/mkself$$" + +if test -f $HEADER; then + oldarchname="$archname" + archname="$tmpfile" + # Generate a fake header to count its lines + SKIP=0 + . $HEADER + SKIP=`cat "$tmpfile" |wc -l` + # Get rid of any spaces + SKIP=`expr $SKIP` + rm -f "$tmpfile" + echo Header is $SKIP lines long >&2 + + archname="$oldarchname" +else + echo "Unable to open header file: $HEADER" >&2 + exit 1 +fi + +echo + +if test "$APPEND" = n; then + if test -f "$archname"; then + echo "WARNING: Overwriting existing file: $archname" >&2 + fi +fi + +test -d "$archdir" || { echo "Error: $archdir does not exist."; rm -f "$tmpfile"; exit 1; } + +USIZE=`du -ks $archdir | cut -f1` +DATE=`LC_ALL=C date` + +echo About to compress $USIZE KB of data... +echo Adding files to archive named \"$archname\"... +(cd "$archdir"; tar $TAR_ARGS - * | eval "$GZIP_CMD" ) >> "$tmpfile" || { echo Aborting; rm -f "$tmpfile"; exit 1; } +echo >> "$tmpfile" >&- # try to close the archive + +fsize=`cat "$tmpfile" | wc -c | tr -d " "` + +# Compute the checksums + +md5sum=00000000000000000000000000000000 +crcsum=0000000000 + +if test "$NOCRC" = y; then + echo "skipping crc at user request" +else + crcsum=`cat "$tmpfile" | cksum | sed -e 's/ /Z/' -e 's/ /Z/' | cut -dZ -f1` + echo "CRC: $crcsum" +fi + +# Try to locate a MD5 binary +OLD_PATH=$PATH +PATH=${GUESS_MD5_PATH:-"$OLD_PATH:/bin:/usr/bin:/sbin:/usr/local/ssl/bin:/usr/local/bin:/opt/openssl/bin"} +MD5_PATH=`type -p md5sum` +MD5_PATH=${MD5_PATH:-`type -p md5`} +PATH=$OLD_PATH + +if test "$NOMD5" = y; then + echo "skipping md5sum at user request" +else + if test -x "$MD5_PATH"; then + md5sum=`cat "$tmpfile" | "$MD5_PATH" | cut -b-32`; + echo "MD5: $md5sum" + else + echo "MD5: none, md5sum binary not found" + fi +fi + +if test "$APPEND" = y; then + mv "$archname" "$archname".bak || exit + + # Prepare entry for new archive + filesizes="$filesizes $fsize" + CRCsum="$CRCsum $crcsum" + MD5sum="$MD5sum $md5sum" + USIZE=`expr $USIZE + $OLDUSIZE` + # Generate the header + . $HEADER + # Append the original data + tail -n +$OLDSKIP "$archname".bak >> "$archname" + # Append the new data + cat "$tmpfile" >> "$archname" + + chmod +x "$archname" + rm -f "$archname".bak + echo Self-extractible archive \"$archname\" successfully updated. +else + filesizes="$fsize" + CRCsum="$crcsum" + MD5sum="$md5sum" + + # Generate the header + . $HEADER + + # Append the compressed tar data after the stub + echo + cat "$tmpfile" >> "$archname" + chmod +x "$archname" + echo Self-extractible archive \"$archname\" successfully created. +fi +rm -f "$tmpfile" Index: /tags/2.5.0/scripts/redhat_i386.client.spec.in =================================================================== --- /tags/2.5.0/scripts/redhat_i386.client.spec.in (revision 189) +++ /tags/2.5.0/scripts/redhat_i386.client.spec.in (revision 189) @@ -0,0 +1,189 @@ +# +# Accepted parameters for 'rpmbuild': +# +# --with tests - make tests before building + +Summary: File integrity and host-based IDS +Name: samhain-client +Version: @VERSION@ +Release: 5 +License: GPL +Group: System Environment/Base +Source: %{name}-%{version}.tar.gz +BuildRoot: %{_tmppath}/samhain-client-%{version}-root +Packager: Andre Oliveira da Costa +Provides: %{name} + + +%description +samhain is an open source file integrity and host-based intrusion +detection system for Linux and Unix. It can run as a daemon process, and +and thus can remember file changes -- contrary to a tool that runs from +cron, if a file is modified you will get only one report, while +subsequent checks of that file will ignore the modification as it is +already reported (unless the file is modified again). + +samhain can optionally be used as client/server system to provide +centralized monitoring for multiple host. Logging to a (MySQL or +PostgreSQL) database is supported. + +NOTE: for security reasons, if you distribute binary executables to +third parties you should point out the use of the --add-key option to +modify the key material within the executable. +This spec file is intended to facilitate installation on YOUR system. +If you use this spec file to build a SRPM for distribution to third parties, +make sure to remove the --enable-base configure option below. + +%prep +%setup -q + +%build +%if %{?_with_tests:1}%{!?_with_tests:0} +# test installation (test #7 is only included if --with gpg has been +# specified) +for i in `seq 6` %{?_with_gpg:7}; do ./test/test.sh $i; done +%endif +# +#./configure --prefix=%{_usr} \ +# --sysconfdir=%{_sysconfdir} \ +# --localstatedir=%{_localstatedir} \ +# --mandir=%{_mandir} +# +./configure '--enable-network=client' \ + '--with-port=@myport@' \ + '--with-logserver=@mylogsrv@' \ + '--with-data-file=REQ_FROM_SERVER/etc/samclient.data' \ + '--with-config-file=REQ_FROM_SERVER/etc/samclient.conf' \ + '--with-kcheck=/boot/System.map' \ + '--enable-khide=/boot/System.map' \ + '--enable-suidcheck' \ + '--enable-static' \ + '--enable-login-watch' \ + '--enable-ptrace' \ + '--enable-db-reload' \ + '--enable-base=@my_key_A@,@my_key_B@' \ + '--enable-xml-log' + +make + +%install +rm -rf ${RPM_BUILD_ROOT} +# sstrip shouldn't be used since binaries will be stripped later +cat << EOF > sstrip +#!/bin/sh +echo "*** SSTRIP DISABLED ***" +EOF +make DESTDIR=${RPM_BUILD_ROOT} install +# copy script files to /var/lib/samhain so that we can use them right +# after the package is installed +install -m 700 samhain-install.sh init/samhain.startLinux init/samhain.startLSB ${RPM_BUILD_ROOT}/etc +install -m 640 -o 0 -g 0 samhain_hide.o ${RPM_BUILD_ROOT}/lib/modules/`uname -r`/samhain_hide.o +install -m 640 -o 0 -g 0 samhain_erase.o ${RPM_BUILD_ROOT}/lib/modules/`uname -r`/samhain_erase.o +install -m 700 -o 0 -g 0 samhain_setpwd ${RPM_BUILD_ROOT}/usr/local/sbin/samhain_setpwd + +%clean +rm -rf ${RPM_BUILD_ROOT} + +%post +if [ "$1" = 1 ]; then + # Activate boot-time start up + cd /etc + ./samhain-install.sh --verbose install-boot + if test -f /sbin/chkconfig; then + /sbin/chkconfig --add samhain + fi +fi +rm -rf /etc/samclient.conf +rm -rf /etc/samhain.startLinux +rm -rf /etc/samhain.startLSB + +cat << EOF + +Samhain is installed but is NOT running yet, and the database of +file signatures is NOT initialized yet. Read the documentation, +review configuration files, and then (i) initialize it +(/usr/local/sbin/samhain -t init) +and (ii) start it manually +(/usr/local/sbin/samhain start). + +It is configured to start automatically on the next boot for runlevels +[2-5]. + +EOF + +%preun +# stop running instance of samhain, if any +if [ -f /var/run/%{name}.pid ]; then + /usr/local/sbin/samhain stop +fi +if [ "$1" = 0 ]; then + # remove boot-time scripts and links + cd /etc + ./samhain-install.sh --verbose uninstall-boot +fi + +%postun +if [ "$1" = 0 ]; then + # remove any kernel modules that might have been installed + RVER=`uname -r` + rm -f /lib/modules/$RVER/samhain* +fi + + +%files +%defattr(-,root,root) +%dir /var/run +%dir /var/log +#%doc docs/BUGS COPYING docs/Changelog docs/TODO +#%doc LICENSE docs/HOWTO* docs/MANUAL-2_3.* docs/README* +/etc +/usr/local/sbin/samhain +/usr/local/sbin/samhain_setpwd +/lib/modules +#%attr(644,root,root) /usr/local/man/man5/samhain* +#%attr(644,root,root) /usr/local/man/man8/samhain* +#%config(noreplace) REQ_FROM_SERVER/etc/samclient.conf + +%changelog +* Thu Apr 3 2003 Rainer Wichmann +- adapt for configure + +* Wed Mar 26 2003 Philipp Stadler +- add samhain modules installation +- stops installation of documentation to server +- replace %config entry for /etc/samclient.conf +- remove samhain.startLinux and samhain.startLSB after installation + +* Sun Jan 12 2003 Rainer Wichmann +- replace %configure with ./configure + +* Tue Dec 24 2002 Rainer Wichmann +- backported applicable changes to samhain.spec.in +- warn user that database must be initialized +- fix version of MANUAL in '%files' +- test for chkconfig, use only if found + +* Sun Dec 22 2002 Andre Oliveira da Costa 1.7.0 +- fixed typo with _usr macro on ./configure +- stops running samhain before uninstall +- implemented conditionals to allow proper uninstalls/upgrades +- 'BuildPreReq: gpg' is considered only if '--with gpg' is provided +- run 'chkconfig' to activate samhain after installation +- warn user that samhain must be manually started after + install/upgrade + +* Fri Dec 20 2002 Rainer Wichmann +- backported to samhain.spec.in (take over user's choices from configure) +- also save samhain.startLSB and samhain.startSuSE for install-boot + +* Thu Dec 19 2002 Andre Oliveira da Costa 1.6.6 +- optional parameters '--with gpg' and '--with tests' +- use of pre-defined macros whenever possible + +* Wed Dec 18 2002 Andre Oliveira da Costa 1.6.6 +- Fixed installation process, avoiding hardcoded paths on the binaries + (thks to samhain's author Rainer Wichmann) + +* Mon Dec 16 2002 Andre Oliveira da Costa 1.6.6 +- First attempt to build from sources + Index: /tags/2.5.0/scripts/samhain.cgi =================================================================== --- /tags/2.5.0/scripts/samhain.cgi (revision 189) +++ /tags/2.5.0/scripts/samhain.cgi (revision 189) @@ -0,0 +1,32 @@ +#! /usr/local/bin/php +\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + $machine = $HTTP_POST_VARS["machine"]; + print "$machine\n"; + $date = $HTTP_POST_VARS["date"]; + print "$date\n"; + + /* INSERT PATH TO YOUR LOGFILE !!! + */ + readfile("/var/log/yule/yule.log"); + + /* INSERT PATH TO YOUR PID FILE !!! + * The final is only written when the + * daemon exits, threfore we need to supply it here. + */ + if (TRUE == file_exists("/var/run/yule.pid")) { + echo "\n"; + fi + + echo "\n"; +?> Index: /tags/2.5.0/scripts/samhain.dtd =================================================================== --- /tags/2.5.0/scripts/samhain.dtd (revision 189) +++ /tags/2.5.0/scripts/samhain.dtd (revision 189) @@ -0,0 +1,11 @@ + + + + + + + Index: /tags/2.5.0/scripts/samhain.ebuild-light.in =================================================================== --- /tags/2.5.0/scripts/samhain.ebuild-light.in (revision 189) +++ /tags/2.5.0/scripts/samhain.ebuild-light.in (revision 189) @@ -0,0 +1,92 @@ +# Copyright 2004 Rainer Wichmann +# Distributed under the terms of the GNU General Public License v2 + +inherit eutils + +MY_P="${PN}_signed-${PV}" +SLOT="0" +LICENSE="GPL-2" +DESCRIPTION="Samhain is a file integrity checker with optional central logging" + +# This is a fake URI that allows us to do a 'make dist' and copy +# the file to distdir. +# The proper URI would be http://www.la-samhna.de/archive/${MY_P}.tar.gz, +# but this would force us to do a 'make dist-sign' ... +# Apparently, portage cannot handle the file:// scheme, +# and not every user might be prepared to create a signed tarball. +# +# SRC_URI="http://www.la-samhna.de/archive/${MY_P}.tar.gz" +SRC_URI="http://www.la-samhna.de/archive/${P}.tar.gz" + + +HOMEPAGE="http://www.la-samhna.de/samhain/" + +KEYWORDS="x86" + +IUSE="" + +DEPEND="app-arch/gzip + app-arch/tar" +# mysql? (>=dev-db/mysql-3.23.58)" +RDEPEND="" + +src_unpack() { + unpack ${A} + cd ${WORKDIR} + if test -f ${P}.tar.gz; then + gunzip -c ${P}.tar.gz | tar xf - || die + cd ${P} + elif test -d "samhain-${PV}"; then + mv "samhain-${PV}" "@install_name@-${PV}" + fi +} + +src_compile() { + local myconf="--with-trusted=0,250" + +# myconf="$myconf --enable-mounts-check" +# myconf="$myconf --enable-userfiles" + +# use mysql && myconf="$myconf --with-database=mysql" +# use postgres && myconf="$myconf --with-database=postgresql" + +# econf \ +# --with-pid-file=/var/run/${PN}.pid \ +# --with-state-dir=/var/lib/${PN} \ +# --with-log-file=/var/log/${PN}.log \ + + ./configure ${myconf} @mydefargs@ || die + emake || die + + echo '#!/bin/sh' > ./sstrip + echo 'echo "*** SSTRIP DISABLED ***"' >> ./sstrip +} + +src_install() { + make DESTDIR=${D} install-light || die + make DESTDIR=${D} install-boot || die + + rm -f ${D}/@sbindir@/@install_name@_stealth +} + +pkg_prerm() { + rc-update del @install_name@ + einfo "Stopping service @install_name@" + test -f /etc/init.d/@install_name@ && /etc/init.d/@install_name@ stop + sleep 3 +} + +pkg_postinst() { + rc-update add @install_name@ default + einfo + einfo "@install_name@ is installed but is NOT running yet, and the database" + einfo "of file signatures is NOT initialized yet." + einfo + einfo "You need to run \"@install_name@ -t init\" to initialize " + einfo "the baseline database of file signatures." + einfo + einfo "After initializing the database, you can start @install_name@" + einfo "with \"/etc/init.d/@install_name@ start\". It is configured to start" + einfo "automatically on the next boot for runlevel \"default\"" +} + Index: /tags/2.5.0/scripts/samhain.ebuild.in =================================================================== --- /tags/2.5.0/scripts/samhain.ebuild.in (revision 189) +++ /tags/2.5.0/scripts/samhain.ebuild.in (revision 189) @@ -0,0 +1,98 @@ +# Copyright 2004 Rainer Wichmann +# Distributed under the terms of the GNU General Public License v2 + +inherit eutils + +MY_P="${PN}_signed-${PV}" +SLOT="0" +LICENSE="GPL-2" +DESCRIPTION="Samhain is a file integrity checker with optional central logging" + +# This is a fake URI that allows us to do a 'make dist' and copy +# the file to distdir. +# The proper URI would be http://www.la-samhna.de/archive/${MY_P}.tar.gz, +# but this would force us to do a 'make dist-sign' ... +# Apparently, portage cannot handle the file:// scheme, +# and not every user might be prepared to create a signed tarball. +# +# SRC_URI="http://www.la-samhna.de/archive/${MY_P}.tar.gz" +SRC_URI="http://www.la-samhna.de/archive/${P}.tar.gz" + + +HOMEPAGE="http://www.la-samhna.de/samhain/" + +KEYWORDS="x86" + +IUSE="" + +DEPEND="app-arch/gzip + app-arch/tar" +# mysql? (>=dev-db/mysql-3.23.58)" +RDEPEND="" + +src_unpack() { + unpack ${A} + cd ${WORKDIR} + if test -f ${P}.tar.gz; then + gunzip -c ${P}.tar.gz | tar xf - || die + cd ${P} + elif test -d "samhain-${PV}"; then + mv "samhain-${PV}" "@install_name@-${PV}" + fi +} + +src_compile() { + local myconf="--with-trusted=0,250" + +# myconf="$myconf --enable-mounts-check" +# myconf="$myconf --enable-userfiles" + +# use mysql && myconf="$myconf --with-database=mysql" +# use postgres && myconf="$myconf --with-database=postgresql" + +# econf \ +# --with-pid-file=/var/run/${PN}.pid \ +# --with-state-dir=/var/lib/${PN} \ +# --with-log-file=/var/log/${PN}.log \ + + ./configure ${myconf} @mydefargs@ || die + emake || die + + echo '#!/bin/sh' > ./sstrip + echo 'echo "*** SSTRIP DISABLED ***"' >> ./sstrip +} + +src_install() { + make DESTDIR=${D} install || die + make DESTDIR=${D} install-boot || die + + dodoc docs/BUGS COPYING docs/Changelog LICENSE docs/README \ + docs/README.UPGRADE docs/sh_mounts.txt docs/sh_userfiles.txt \ + docs/MANUAL-2_3.ps docs/MANUAL-2_3.html.tar + + dohtml docs/HOWTO-client+server.html docs/HOWTO-samhain+GnuPG.html \ + docs/HOWTO-write-modules.html docs/HOWTO-samhain-on-windows.html \ + docs/HOWTO-client+server-troubleshooting.html docs/FAQ.html +} + +pkg_prerm() { + rc-update del @install_name@ + einfo "Stopping service @install_name@" + test -f /etc/init.d/@install_name@ && /etc/init.d/@install_name@ stop + sleep 3 +} + +pkg_postinst() { + rc-update add @install_name@ default + einfo + einfo "@install_name@ is installed but is NOT running yet, and the database" + einfo "of file signatures is NOT initialized yet." + einfo + einfo "You need to run \"@install_name@ -t init\" to initialize " + einfo "the baseline database of file signatures." + einfo + einfo "After initializing the database, you can start @install_name@ " + einfo "with \"/etc/init.d/@install_name@ start\". It is configured to start" + einfo "automatically on the next boot for runlevel \"default\"" +} + Index: /tags/2.5.0/scripts/samhain.logrotator =================================================================== --- /tags/2.5.0/scripts/samhain.logrotator (revision 189) +++ /tags/2.5.0/scripts/samhain.logrotator (revision 189) @@ -0,0 +1,26 @@ +/var/log/samhain_log { + size=1M + nocreate + compress + mail root@mail + maillast + rotate 5 + + prerotate + if test -f /var/run/samhain.pid; then \ + PIN=`cat /var/run/samhain.pid`; \ + /bin/kill -ABRT $PIN; \ + sleep 1; \ + AA=0; \ + while test "x$AA" != "x120"; do \ + let "AA = $AA + 1"; \ + if test -f /var/run/samhain.pid; then \ + sleep 1; \ + else \ + break; \ + fi \ + done; \ + fi + endscript + + Index: /tags/2.5.0/scripts/samhain.spec.in =================================================================== --- /tags/2.5.0/scripts/samhain.spec.in (revision 189) +++ /tags/2.5.0/scripts/samhain.spec.in (revision 189) @@ -0,0 +1,168 @@ +# +# Accepted parameters for 'rpmbuild': +# +# --with gpg - enables gpg support +# --with tests - make tests before building + +Summary: File integrity and host-based IDS +Name: samhain +Version: @VERSION@ +Release: 1 +License: GPL +Group: System Environment/Base +Source: %{name}-%{version}.tar.gz +BuildRoot: %{_tmppath}/%{name}-%{version}-root +Packager: Andre Oliveira da Costa +Provides: %{name} +%if %{?_with_gpg:1}%{!?_with_gpg:0} +BuildPreReq: gpg +%endif + +%description +samhain is an open source file integrity and host-based intrusion +detection system for Linux and Unix. It can run as a daemon process, and +and thus can remember file changes -- contrary to a tool that runs from +cron, if a file is modified you will get only one report, while +subsequent checks of that file will ignore the modification as it is +already reported (unless the file is modified again). + +samhain can optionally be used as client/server system to provide +centralized monitoring for multiple host. Logging to a (MySQL or +PostgreSQL) database is supported. + +This package contains only the single host version. + +%prep +%setup -q -n samhain-%{version} + +%build +%if %{?_with_tests:1}%{!?_with_tests:0} +# test installation (test #7 is only included if --with gpg has been +# specified) +for i in `seq 6` %{?_with_gpg:7}; do ./test/test.sh $i; done +%endif +./configure --prefix=%{_usr} \ + --sbindir=%{_sbindir} \ + --sysconfdir=%{_sysconfdir} \ + --localstatedir=%{_localstatedir} \ + --mandir=%{_mandir} \ +%{?_with_gpg: --with-gpg=`type -p gpg`} + +make + +%install +rm -rf $RPM_BUILD_ROOT +# sstrip shouldn't be used since binaries will be stripped later +cat << EOF > sstrip +#!/bin/sh +echo "*** SSTRIP DISABLED ***" +EOF +make DESTDIR=${RPM_BUILD_ROOT} install +# copy script files to /var/lib/samhain so that we can use them right +# after the package is installed +install -m 700 samhain-install.sh init/samhain.startLinux init/samhain.startLSB ${RPM_BUILD_ROOT}%{_localstatedir}/lib/%{name} + +%clean +rm -rf ${RPM_BUILD_ROOT} + +%post +if [ "$1" = 1 ]; then + # Activate boot-time start up + cd %{_localstatedir}/lib/%{name} + ./samhain-install.sh --verbose install-boot + if test -f /sbin/chkconfig; then + /sbin/chkconfig --add samhain + /sbin/chkconfig samhain on + fi +fi +cat << EOF + +Samhain is installed but is NOT running yet, and the database of +file signatures is NOT initialized yet. Read the documentation, +review configuration files, and then (i) initialize it +(%{_sbindir}/samhain -t init) +and (ii) start it manually +(%{_sysconfdir}/init.d/samhain start). + +It is configured to start automatically on the next boot for runlevels +[2-5]. + +EOF + + +%preun +# stop running instance of samhain, if any +if [ -f %{_localstatedir}/run/%{name}.pid ]; then + %{_sysconfdir}/init.d/samhain stop +fi +if [ "$1" = 0 ]; then + # remove boot-time scripts and links + cd %{_localstatedir}/lib/samhain + if [ -f ./samhain-install.sh ]; then + ./samhain-install.sh --verbose uninstall-boot + else + if [ -f /sbin/chkconfig ]; then + /sbin/chkconfig samhain off + /sbin/chkconfig --del samhain + fi + fi +fi + +%postun +if [ "$1" = 0 ]; then + # remove any kernel modules that might have been installed + RVER=`uname -r` + rm -f /lib/modules/$RVER/samhain* +fi + + +%files +%defattr(-,root,root) +%dir %{_localstatedir}/run +%dir %{_localstatedir}/log +%doc docs/BUGS COPYING docs/Changelog docs/TODO +%doc LICENSE docs/HOWTO* docs/MANUAL-2_3.* docs/README* +%{_localstatedir}/lib/%{name} +%{_sbindir}/%{name} +%attr(644,root,root) %{_mandir}/man5/samhain* +%attr(644,root,root) %{_mandir}/man8/samhain* +%config(noreplace) %{_sysconfdir}/samhainrc + +%changelog +* Sat Jun 19 2004 Rainer Wichmann +- replace ./test.sh $i with make test$i + +* Sat Jan 03 2004 Rainer Wichmann +- Use /sbin/chkconfig as in ../samhain.spec.in + +* Thu Dec 11 2003 Christian Vanguers +- Fixed typo in samhain.spec + +* Tue Dec 24 2002 Rainer Wichmann +- warn user that database must be initialized +- fix version of MANUAL in '%files' +- test for chkconfig, use only if found + +* Sun Dec 22 2002 Andre Oliveira da Costa 1.7.0 +- fixed typo with _usr macro on ./configure +- stops running samhain before uninstall +- implemented conditionals to allow proper uninstalls/upgrades +- 'BuildPreReq: gpg' is considered only if '--with gpg' is provided +- run 'chkconfig' to activate samhain after installation +- warn user that samhain must be manually started after + install/upgrade + +* Fri Dec 20 2002 Rainer Wichmann +- use 'configure' to set version string +- use standard macros for paths + +* Thu Dec 19 2002 Andre Oliveira da Costa 1.6.6 +- optional parameters '--with gpg' and '--with tests' +- use of pre-defined macros whenever possible + +* Wed Dec 18 2002 Andre Oliveira da Costa 1.6.6 +- Fixed installation process, avoiding hardcoded paths on the binaries + (thks to samhain's author Rainer Wichmann) + +* Mon Dec 16 2002 Andre Oliveira da Costa 1.6.6 +- First attempt to build from sources Index: /tags/2.5.0/scripts/samhain.xsl =================================================================== --- /tags/2.5.0/scripts/samhain.xsl (revision 189) +++ /tags/2.5.0/scripts/samhain.xsl (revision 189) @@ -0,0 +1,147 @@ + + + + + + + + + + + Samhain Log + + +
+
+ + +

Logs Samhain


+
+ + + + + + + + +
Date: + + + + + Machine: + + + + +

+
+ + + + + + + + + +
TYPE D'ALERTECHEMINMESSAGEDATEMACHINE
+
+ + + + + + + + + + + + + + + +
"), + sizeof("
")-1); + } + + if (SL_ISERROR(status)) + SL_RETURN((-1), _("sh_html_head")); + + SL_RETURN((0), _("sh_html_head")); +} + +static +int sh_html_foot(SL_TICKET ticket) +{ + long status = SL_ENONE; + SL_TICKET fd = (-1); + char line[512]; + char * p; + + SL_ENTER(_("sh_html_foot")); + + p = sh_util_strconcat(DEFAULT_DATAROOT, _("/foot.html"), NULL); + + if (p) + { + fd = sl_open_read (p, SL_YESPRIV); + SH_FREE(p); + } + + if (!SL_ISERROR(fd)) + { + while (!SL_ISERROR(status) && sh_unix_getline (fd, line, sizeof(line)) > 0) + { + status = sl_write_line (ticket, line, sl_strlen(line)); + } + sl_close(fd); + } + else + { + status = sl_write_line (ticket, _("
"), + sizeof("
")-1); + } + if (SL_ISERROR(status)) + SL_RETURN((-1), _("sh_html_foot")); + + SL_RETURN((0), _("sh_html_foot")); +} + + +static +char * replace_tab (const char * line, char * host, char * status, + char * timestamp) +{ + st_format rep_serv_tab[] = { + { 'H', S_FMT_STRING, 0, 0, NULL}, + { 'S', S_FMT_STRING, 0, 0, NULL}, + { 'T', S_FMT_STRING, 0, 0, NULL}, + {'\0', S_FMT_ULONG, 0, 0, NULL}, + }; + char * p; + + SL_ENTER(_("replace_tab")); + + rep_serv_tab[0].data_str = host; + rep_serv_tab[1].data_str = status; + rep_serv_tab[2].data_str = timestamp; + + p = sh_util_formatted(line, rep_serv_tab); + SL_RETURN(p, _("replace_tab")); +} + +static char * entry_orig = NULL; +static size_t entry_size = 0; + +static +int sh_html_get_entry (void) +{ + long retval = SL_ENONE; + SL_TICKET fd = (-1); + char line[512]; + size_t line_size; + size_t add_size = 0; + char * p; + + SL_ENTER(_("sh_html_get_entry")); + + p = sh_util_strconcat(DEFAULT_DATAROOT, _("/entry.html"), NULL); + + entry_size = 0; + if (entry_orig != NULL) + { + free (entry_orig); + entry_orig = NULL; + entry_size = 0; + } + + if (p) + { + fd = sl_open_read (p, SL_YESPRIV); + SH_FREE(p); + } + if (!SL_ISERROR(fd)) + { + while (!SL_ISERROR(retval) && sh_unix_getline (fd, line, sizeof(line)) > 0) + { + line_size = sl_strlen(line); + add_size = 0; + if (entry_orig != NULL) + { + entry_orig = realloc(entry_orig, /* free() ok */ + entry_size + line_size + 1); + if (entry_orig) { add_size = line_size; } + } + else + { + entry_orig = malloc(line_size + 1); /* free() ok */ + if (entry_orig) { entry_orig[0] = '\0'; add_size = line_size; } + } + if (!entry_orig) + { + entry_size = 0; + add_size = 0; + SL_RETURN( 0, _("sh_html_get_entry")); + } + + sl_strlcat(&entry_orig[entry_size], line, line_size + 1); + entry_size += add_size; + SH_VALIDATE_EQ(entry_orig[entry_size], '\0'); + } + sl_close(fd); + } + SL_RETURN( entry_size, _("sh_html_get_entry")); +} + +static +int sh_html_entry (SL_TICKET ticket, + char * host, char * status, char * timestamp, int flag) +{ + char outline[1024]; + long retval = SL_ENONE; + + char * formatted; + + SL_ENTER(_("sh_html_entry")); + + if (entry_size > 0 && entry_orig != NULL) + { + formatted = replace_tab(entry_orig, host, status, timestamp); + if (formatted) + { + retval = sl_write_line (ticket, formatted, sl_strlen(formatted)); + SH_FREE(formatted); + } + } + else + { + sl_snprintf(outline, 1023, + _("%s%s%s"), + host, status, timestamp); + retval = sl_write_line (ticket, outline, sl_strlen(outline)); + } + + /* write a status line + */ + if ((flag == 1) && (!SL_ISERROR(retval))) + { + sl_snprintf(outline, 1023, + _(""), + host, status, timestamp); + retval = sl_write_line (ticket, outline, sl_strlen(outline)); + } + + if (SL_ISERROR(retval)) + SL_RETURN((-1), _("sh_html_entry")); + + SL_RETURN((0), _("sh_html_entry")); +} + +typedef struct _sort_arr { + char msg[TIM_MAX]; + char tim[TIM_MAX]; +} sort_arr; + +static sort_arr sort_stat[CLT_MAX]; + +static +int comp_arr (const void * ao, const void * bo) +{ + const sort_arr * a; + const sort_arr * b; + + if (ao == NULL && bo == NULL) + return 0; + else if (ao == NULL && bo != NULL) + return (-1); + else if (ao != NULL && bo == NULL) + return (1); + + a = (const sort_arr *) ao; + b = (const sort_arr *) bo; + + return ((-1) * sl_strcmp(a->tim, b->tim)); +} + +static +int sh_html_print_one (SL_TICKET ticket, client_t * top) +{ + int status; + int clt_status; + int i, n; + + SL_ENTER(_("sh_html_print_one")); + + if (top == NULL) + SL_RETURN((0), _("sh_html_print_one")); + + clt_status = top->status_now; + status = sh_html_entry (ticket, + top->hostname, + _(clt_stat[clt_status]), + top->timestamp[clt_status], + 1); + + n = 0; + + if (clt_status != CLT_INACTIVE) + { + for (i = 1; i < CLT_MAX; ++i) + { + if (top->status_arr[i] != CLT_INACTIVE) + { + clt_status = top->status_arr[i]; + sl_strlcpy(sort_stat[n].msg, _(clt_stat[clt_status]), TIM_MAX); + sl_strlcpy(sort_stat[n].tim, top->timestamp[clt_status],TIM_MAX); + ++n; + } + } + } + + if (n > 0) + { + qsort(&(sort_stat[0]), n, sizeof(sort_arr), comp_arr); + + for (i = 1; i < n; ++i) + { + status = sh_html_entry (ticket, + " ", + sort_stat[i].msg, + sort_stat[i].tim, + 0); + } + } + + if (SL_ISERROR(status)) + SL_RETURN((-1), _("sh_html_print_one")); + + SL_RETURN((0), _("sh_html_print_one")); +} + +#include "zAVLTree.h" + +int sh_html_write(void * inptr) +{ + long fd; + zAVLCursor avlcursor; + client_t * item; + zAVLTree * top = (zAVLTree *) inptr; + + SL_ENTER(_("sh_html_write")); + + if (0 != (fd = tf_trust_check (DEFAULT_HTML_FILE, SL_YESPRIV))) + { + sh_error_handle((-1), FIL__, __LINE__, fd, MSG_E_TRUST, + (long) sh.effective.uid, + DEFAULT_HTML_FILE); + SL_RETURN((-1), _("sh_html_write")); + } + + + fd = sl_open_write_trunc (DEFAULT_HTML_FILE, SL_YESPRIV); + + if (SL_ISERROR(fd)) + { + sh_error_handle((-1), FIL__, __LINE__, fd, MSG_E_ACCESS, + (long) sh.effective.uid, + DEFAULT_HTML_FILE); + SL_RETURN((-1), _("sh_html_write")); + } + + sh_html_get_entry(); + + sh_html_head(fd); + for (item = (client_t *) zAVLFirst(&avlcursor, top); item; + item = (client_t *) zAVLNext(&avlcursor)) + sh_html_print_one (fd, item); + sh_html_foot(fd); + sl_close(fd); + + SL_RETURN((0), _("sh_html_write")); +} + +/* SH_WITH_SERVER */ +#endif + + + + + + + + + + + + + + + Index: /tags/2.5.0/src/sh_ignore.c =================================================================== --- /tags/2.5.0/src/sh_ignore.c (revision 189) +++ /tags/2.5.0/src/sh_ignore.c (revision 189) @@ -0,0 +1,198 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 2003 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +#ifndef NULL +#if !defined(__cplusplus) +#define NULL ((void*)0) +#else +#define NULL (0) +#endif +#endif + +#ifdef HAVE_REGEX_H +#include +#include +#endif + +#include "samhain.h" +#include "sh_mem.h" +#include "sh_error.h" + +#define FIL__ _("sh_ignore.c") + +struct sh_ignore_list { +#ifdef HAVE_REGEX_H + regex_t preg; +#else + char * path; +#endif + struct sh_ignore_list * next; +}; + + +static struct sh_ignore_list * sh_del_ign = NULL; +static struct sh_ignore_list * sh_new_ign = NULL; + +static struct sh_ignore_list * sh_ignore_add_int(struct sh_ignore_list * list, + const char * addpath) +{ + struct sh_ignore_list * new; +#ifdef HAVE_REGEX_H + int status = -1; + char * errbuf; +#else + size_t size; +#endif + + SL_ENTER(_("sh_ignore_add")); + + if (addpath == NULL) + { + SL_RETURN(list, _("sh_ignore_add")); + } + + new = SH_ALLOC(sizeof(struct sh_ignore_list)); + +#ifdef HAVE_REGEX_H + status = regcomp(&(new->preg), addpath, REG_NOSUB|REG_EXTENDED); + if (status != 0) + { + errbuf = SH_ALLOC(BUFSIZ+2); + (void) regerror(status, &(new->preg), errbuf, BUFSIZ); + errbuf[BUFSIZ] = '\0'; + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_REGEX, + errbuf, addpath); + SH_FREE(errbuf); + SH_FREE(new); + SL_RETURN(list, _("sh_ignore_add")); + } +#else + size = sl_strlen(addpath); + new->path = SH_ALLOC(size + 1); + sl_strlcpy(new->path, addpath, size+1); +#endif + + new->next = list; + + SL_RETURN(new, _("sh_ignore_add")); +} + +int sh_ignore_add_del (const char * addpath) +{ + if ((addpath == NULL) || (addpath[0] != '/')) + { + return -1; + } + sh_del_ign = sh_ignore_add_int (sh_del_ign, addpath); + return 0; +} + +int sh_ignore_add_new (const char * addpath) +{ + if ((addpath == NULL) || (addpath[0] != '/')) + { + return -1; + } + sh_new_ign = sh_ignore_add_int (sh_new_ign, addpath); + return 0; +} + +static int sh_ignore_chk_int (struct sh_ignore_list * list, + const char * chkpath) +{ + struct sh_ignore_list * new = list; + + SL_ENTER(_("sh_ignore_chk")); + + if (chkpath == NULL) + { + SL_RETURN(S_FALSE, _("sh_ignore_add")); + } + + while (new) + { +#ifdef HAVE_REGEX_H + if (0 == regexec(&(new->preg), chkpath, 0, NULL, 0)) + { + SL_RETURN(S_TRUE, _("sh_ignore_add")); + } +#else + if (0 == sl_strcmp(new->path, chkpath)) + { + SL_RETURN(S_TRUE, _("sh_ignore_add")); + } +#endif + new = new->next; + } + + SL_RETURN(S_FALSE, _("sh_ignore_add")); +} + +int sh_ignore_chk_new (const char * chkpath) +{ + return (sh_ignore_chk_int(sh_new_ign, chkpath)); +} + +int sh_ignore_chk_del (const char * chkpath) +{ + return (sh_ignore_chk_int(sh_del_ign, chkpath)); +} + +int sh_ignore_clean (void) +{ + struct sh_ignore_list * new; + + new = sh_new_ign; + + while (new) + { + sh_new_ign = new->next; +#ifdef HAVE_REGEX_H + regfree (&(new->preg)); +#else + SH_FREE(new->path); +#endif + SH_FREE(new); + new = sh_new_ign; + } + + new = sh_del_ign; + + while (new) + { + sh_del_ign = new->next; +#ifdef HAVE_REGEX_H + regfree (&(new->preg)); +#else + SH_FREE(new->path); +#endif + SH_FREE(new); + new = sh_del_ign; + } + + return 0; +} + + + + + + Index: /tags/2.5.0/src/sh_kern.c =================================================================== --- /tags/2.5.0/src/sh_kern.c (revision 189) +++ /tags/2.5.0/src/sh_kern.c (revision 189) @@ -0,0 +1,2019 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 2001 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + + +#include "config_xor.h" + +#define SH_SYSCALL_CODE + + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +#ifdef SH_USE_KERN + +#undef FIL__ +#define FIL__ _("sh_kern.c") + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + +#if TIME_WITH_SYS_TIME +#include +#include +#else +#if HAVE_SYS_TIME_H +#include +#else +#include +#endif +#endif + + +#include "samhain.h" +#include "sh_pthread.h" +#include "sh_utils.h" +#include "sh_error.h" +#include "sh_modules.h" +#include "sh_kern.h" +#include "sh_ks_xor.h" + +#include "sh_unix.h" +#include "sh_hash.h" + + + +sh_rconf sh_kern_table[] = { + { + N_("severitykernel"), + sh_kern_set_severity + }, + { + N_("kernelcheckactive"), + sh_kern_set_activate + }, + { + N_("kernelcheckinterval"), + sh_kern_set_timer + }, + { + N_("kernelcheckidt"), + sh_kern_set_idt + }, + { + N_("kernelsystemcall"), + sh_kern_set_sc_addr + }, + { + N_("kernelsyscalltable"), + sh_kern_set_sct_addr + }, + { + N_("kernelprocrootlookup"), + sh_kern_set_proc_root_lookup + }, + { + N_("kernelprocrootiops"), + sh_kern_set_proc_root_iops + }, + { + N_("kernelprocroot"), + sh_kern_set_proc_root + }, + { + NULL, + NULL + }, +}; + + +static time_t lastcheck; +static int ShKernActive = S_TRUE; +static int ShKernInterval = 300; +static int ShKernSeverity = SH_ERR_SEVERE; +static int ShKernDelay = 100; /* milliseconds */ +static int ShKernIDT = S_TRUE; + +/* The address of system_call + */ +#ifdef SH_SYS_CALL_ADDR +static unsigned long system_call_addr = SH_SYS_CALL_ADDR; +#else +static unsigned long system_call_addr = 0; +#endif + +/* The address of the sys_call_table + */ +#ifdef SH_SYS_CALL_TABLE +static unsigned int kaddr = SH_SYS_CALL_TABLE; +#else +static unsigned int kaddr = 0; +#endif + +#ifdef PROC_ROOT_LOC +static unsigned long proc_root = PROC_ROOT_LOC; +#else +static unsigned long proc_root = 0; +#endif +#ifdef PROC_ROOT_IOPS_LOC +static unsigned long proc_root_iops = PROC_ROOT_IOPS_LOC; +#else +static unsigned long proc_root_iops = 0; +#endif +#ifdef PROC_ROOT_LOOKUP_LOC +static unsigned long proc_root_lookup = PROC_ROOT_LOOKUP_LOC; +#else +static unsigned long proc_root_lookup = 0; +#endif + +/* This is the module 'reconfigure' function, which is a no-op. + */ +int sh_kern_null() +{ + return 0; +} + +#define SH_KERN_DBPUSH 0 +#define SH_KERN_DBPOP 1 + +char * sh_kern_db_syscall (int num, char * prefix, + void * in_name, unsigned long * addr, + unsigned int * code1, unsigned int * code2, + int * size, int direction) +{ + char path[128]; + char * p = NULL; + unsigned long x1 = 0, x2 = 0; + unsigned char * name = (unsigned char *) in_name; + + sl_snprintf(path, 128, "K_%s_%04d", prefix, num); + + if (direction == SH_KERN_DBPUSH) + { + x1 = *code1; + x2 = *code2; + + sh_hash_push2db (path, *addr, x1, x2, + name, (name == NULL) ? 0 : (*size)); + } + else + { + p = sh_hash_db2pop (path, addr, &x1, &x2, size); + *code1 = (unsigned int) x1; + *code2 = (unsigned int) x2; + } + return p; +} + +static char * sh_kern_pathmsg (char * msg, size_t msg_len, + int num, char * prefix, + unsigned char * old, size_t old_len, + unsigned char * new, size_t new_len) +{ + size_t k; + char tmp[128]; + char *p; + char *linkpath_old; + char *linkpath_new; + char i2h[2]; + +#ifdef SH_USE_XML + sl_snprintf(tmp, sizeof(tmp), _("path=\"K_%s_%04d\" "), + prefix, num); +#else + sl_snprintf(tmp, sizeof(tmp), _("path= "), + prefix, num); +#endif + sl_strlcpy(msg, tmp, msg_len); + + if (SL_TRUE == sl_ok_muls(old_len, 2) && + SL_TRUE == sl_ok_adds(old_len * 2, 1)) + linkpath_old = SH_ALLOC(old_len * 2 + 1); + else + return msg; + + if (SL_TRUE == sl_ok_muls(new_len, 2) && + SL_TRUE == sl_ok_adds(new_len * 2, 1)) + linkpath_new = SH_ALLOC(new_len * 2 + 1); + else + return msg; + + for (k = 0; k < old_len; ++k) + { + p = sh_util_charhex (old[k], i2h); + linkpath_old[2*k] = p[0]; + linkpath_old[2*k+1] = p[1]; + linkpath_old[2*k+2] = '\0'; + } + + for (k = 0; k < new_len; ++k) + { + p = sh_util_charhex (new[k], i2h); + linkpath_new[2*k] = p[0]; + linkpath_new[2*k+1] = p[1]; + linkpath_new[2*k+2] = '\0'; + +} +#ifdef SH_USE_XML + sl_strlcat(msg, _("link_old=\""), msg_len); + sl_strlcat(msg, linkpath_old, msg_len); + sl_strlcat(msg, _("\" link_new=\""), msg_len); + sl_strlcat(msg, linkpath_new, msg_len); + sl_strlcat(msg, _("\""), msg_len); +#else + sl_strlcat(msg, _("link_old=<"), msg_len); + sl_strlcat(msg, linkpath_old, msg_len); + sl_strlcat(msg, _(">, link_new=<"), msg_len); + sl_strlcat(msg, linkpath_new, msg_len); + sl_strlcat(msg, _(">"), msg_len); +#endif + + SH_FREE(linkpath_old); + SH_FREE(linkpath_new); + + return msg; +} + +#ifdef HOST_IS_LINUX + +/* + * Interrupt Descriptor Table + */ +#ifdef HAVE_ASM_SEGMENT_H +#include +#endif + +#define SH_MAXIDT 256 + +static unsigned char sh_idt_table[SH_MAXIDT * 8]; + +static char * sh_strseg(unsigned short segment) +{ + switch (segment) { +#ifdef __KERNEL_CS + case __KERNEL_CS: + return _("KERNEL_CS"); +#endif +#ifdef __KERNEL_DS + case __KERNEL_DS: + return _("KERNEL_DS"); +#endif +#ifdef __USER_CS + case __USER_CS: + return _("USER_CS"); +#endif +#ifdef __USER_DS + case __USER_DS: + return _("USER_DS"); +#endif + default: + return _("unknown"); + } +} + + +static int sh_kern_data_init () +{ + unsigned long store0 = 0; + unsigned int store1 = 0, store2 = 0; + int datasize, i, j; + char * databuf; + + /* system_call code + */ + databuf = sh_kern_db_syscall (0, _("system_call"), + NULL, &store0, &store1, &store2, + &datasize, SH_KERN_DBPOP); + if (datasize == sizeof(system_call_code)) + { + memcpy (system_call_code, databuf, sizeof(system_call_code)); + SH_FREE(databuf); + } + else + { + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("system_call_code not found in database"), + _("sh_kern_data_init")); + return -1; + } + + /* syscall address and code + */ + for (i = 0; i < SH_MAXCALLS; ++i) + { + databuf = sh_kern_db_syscall (i, _("syscall"), + NULL, &store0, &store1, &store2, + &datasize, SH_KERN_DBPOP); + sh_syscalls[i].addr = store0; + if (store0 == 0) { + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, i, MSG_E_SUBGEN, + _("syscall address not found in database"), + _("sh_kern_data_init")); + return -1; + } + + sh_syscalls[i].code[0] = (unsigned int) store1; + sh_syscalls[i].code[1] = (unsigned int) store2; + if ((store1 == 0) || (store2 == 0)) { + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, i, MSG_E_SUBGEN, + _("syscall code not found in database"), + _("sh_kern_data_init")); + } + + if (databuf != NULL) { + SH_FREE(databuf); + } + + } + + if (ShKernIDT == S_TRUE) + { + for (j = 0; j < SH_MAXIDT; ++j) + { + databuf = sh_kern_db_syscall (j, _("idt_table"), + NULL, + &store0, &store1, &store2, + &datasize, SH_KERN_DBPOP); + if (datasize == 8) { + memcpy(&idt_table[j*8], databuf, 8); + SH_FREE(databuf); + } else { + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, j, MSG_E_SUBGEN, + _("idt table not found in database"), + _("sh_kern_data_init")); + return -1; + } + } + } + + return 0; +} + + +/* + * Defined in include/linux/fs.h + */ + +/* Here. we are only interested in 'lookup'. I.e. the struct + * must be <= the real one, and 'lookup' must be at the + * correct position. + */ +struct inode_operations { + int (*create) (int *,int *,int); + int * (*lookup) (int *,int *); + int (*link) (int *,int *,int *); + int (*unlink) (int *,int *); + int (*symlink) (int *,int *,const char *); + int (*mkdir) (int *,int *,int); + int (*rmdir) (int *,int *); + int (*mknod) (int *,int *,int,int); + int (*rename) (int *, int *, + int *, int *); + /* flawfinder: ignore */ + int (*readlink) (int *, char *,int); + int (*follow_link) (int *, int *); + void (*truncate) (int *); + int (*permission) (int *, int); + int (*revalidate) (int *); + /* + int (*setattr) (int *, int *); + int (*getattr) (int *, int *); + int (*setxattr) (int *, const char *, void *, size_t, int); + ssize_t (*getxattr) (int *, const char *, void *, size_t); + ssize_t (*listxattr) (int *, char *, size_t); + int (*removexattr) (int *, const char *); + */ +}; + +/* + * this one is just for dummy purposes + */ +struct file_operations { + int (*create) (int *,int *,int); +}; + +/* Defined in include/linux/proc_fs.h + * Here we are interested in the 'proc_iops' member. + */ +struct proc_dir_entry { + unsigned short low_ino; + unsigned short namelen; + const char * name; + mode_t mode; + nlink_t nlink; + uid_t uid; + gid_t gid; +#if defined TWO_SIX_SEVENTEEN_PLUS + /* size is loff_t in 2.6.17+ kernels */ + unsigned long dummy; +#endif + unsigned long size; + struct inode_operations * proc_iops; + struct file_operations * proc_fops; + /* + get_info_t *get_info; + struct module *owner; + struct proc_dir_entry *next, *parent, *subdir; + void *data; + read_proc_t *read_proc; + write_proc_t *write_proc; + atomic_t count; + int deleted; + */ +}; + + +static int sh_kern_kmem_read (int fd, unsigned long addr, + unsigned char * buf, int len) +{ + if (lseek(fd, addr, SEEK_SET) == (off_t) (-1)) + { + return -1; + } + if (read(fd, buf, len) < 0) + { + return -1; + } + return 0; +} + +static int sh_kern_read_data (int fd, unsigned long addr, + unsigned char * buf, size_t len) +{ + size_t moff, roff; + size_t sz; + char * kmap; + + /* first, try read() + */ + if (0 == sh_kern_kmem_read (fd, addr, buf, len)) + return 0; + + /* next, try mmap() + */ + sz = getpagesize(); /* unistd.h */ + + moff = ((size_t)(addr/sz)) * sz; /* lower page boundary */ + roff = addr - moff; /* off relative to lower address of mmapped area */ + + kmap = mmap(0, len+sz, PROT_READ, MAP_PRIVATE, fd, moff);/* sys/mman.h */ + + if (kmap == MAP_FAILED) + { + return -1; + } + memcpy (buf, &kmap[roff], len); + return munmap(kmap, len+sz); +} + + +static int check_init (int * init_retval) +{ + static int is_init = 0; + + SL_ENTER(_("check_init")); + + if (is_init == 0) + { + if (sh.flag.checkSum != SH_CHECK_INIT && sh.flag.update != S_TRUE) + { + if (0 == sh_kern_data_init()) { + is_init = 1; + } else { + sh_error_handle (ShKernSeverity, FIL__, __LINE__, 1, + MSG_E_SUBGEN, + _("could not initialize kernel check - switching off"), + _("check_init") ); + ShKernActive = S_FALSE; + *init_retval = is_init; + SL_RETURN( (-1), _("check_init")); + } + } + else if ((sh.flag.checkSum == SH_CHECK_INIT || + sh.flag.checkSum == SH_CHECK_CHECK) && + (sh.flag.update == S_TRUE)) + { + if (0 == sh_kern_data_init()) { + is_init = 1; + } else { + sh_error_handle (SH_ERR_WARN, FIL__, __LINE__, 0, + MSG_E_SUBGEN, + _("no or incomplete data in baseline database for kernel check"), + _("check_init") ); + } + } + } + *init_retval = is_init; + SL_RETURN( (0), _("check_init")); +} + +#define SH_KERN_SIZ 512 +#define SH_KERN_SCC 256 + +static void run_child(int kd, int mpipe[2]) +{ + int j; + + unsigned long kmem_call_table[SH_KERN_SIZ]; + unsigned int kmem_code_table[SH_KERN_SIZ][2]; + + unsigned char buf[6]; + unsigned short idt_size; + unsigned long idt_addr; + + unsigned char new_system_call_code[SH_KERN_SCC]; + + struct inode_operations proc_root_inode; + struct proc_dir_entry proc_root_dir; + + int status = close(mpipe[0]); + + setpgid(0, 0); + + /* Seek to the system call table (at kaddr) and read it into + * the kmem_call_table array + */ + if(status == 0) + { + retry_msleep (0, ShKernDelay); /* milliseconds */ + + if (sh_kern_read_data (kd, kaddr, + (unsigned char *) &kmem_call_table, + sizeof(kmem_call_table))) + { + status = -2; + } + } + + /* + * Seek to the system call address (at sh_syscalls[j].addr) and + * read first 8 bytes into the array kmem_code_table[j][] (2 * unsigned int) + */ + if(status == 0) + { + memset(kmem_code_table, 0, sizeof(kmem_code_table)); + for (j = 0; j < SH_MAXCALLS; ++j) + { + if (sh_syscalls[j].addr == 0UL) { + sh_syscalls[j].addr = kmem_call_table[j]; + } + + if (sh_syscalls[j].name == NULL || + sh_syscalls[j].addr == 0UL) + break; + + if ((sh.flag.checkSum == SH_CHECK_INIT || + sh.flag.checkSum == SH_CHECK_CHECK) && + (sh.flag.update == S_TRUE)) + { + sh_kern_read_data (kd, kmem_call_table[j], + (unsigned char *) &(kmem_code_table[j][0]), + 2 * sizeof(unsigned int)); + } + else + { + sh_kern_read_data (kd, sh_syscalls[j].addr, + (unsigned char *) &(kmem_code_table[j][0]), + 2 * sizeof(unsigned int)); + } + } + } + + if(status == 0) + { + /* + * Get the address and size of Interrupt Descriptor Table, + * and read the content into the global array sh_idt_table[] + */ + __asm__ volatile ("sidt %0": "=m" (buf)); + idt_size = *((unsigned short *) &buf[0]); + idt_addr = *((unsigned long *) &buf[2]); + idt_size = (idt_size + 1)/8; + + if (idt_size > SH_MAXIDT) + idt_size = SH_MAXIDT; + + memset(sh_idt_table, '\0', SH_MAXIDT*8); + sh_kern_read_data (kd, idt_addr, + (unsigned char *) sh_idt_table, idt_size*8); + } + + /* + * Seek to the system_call address (at system_call_addr) and + * read first 256 bytes into new_system_call_code[] + * + * system_call_addr is defined in the include file. + */ + if(status == 0) + { + sh_kern_read_data (kd, system_call_addr, + (unsigned char *) new_system_call_code, SH_KERN_SCC); + } + + /* + * Seek to proc_root and read the structure. + * Seek to proc_root_inode_operations and get the structure. + */ + if(status == 0) + { + sh_kern_read_data (kd, proc_root, + (unsigned char *) &proc_root_dir, + sizeof(proc_root_dir)); + sh_kern_read_data (kd, proc_root_iops, + (unsigned char *) &proc_root_inode, + sizeof(proc_root_inode)); + } + + /* + * Write out data to the pipe + */ + if(status == 0) + { + status = write(mpipe[1], &kmem_call_table, sizeof(kmem_call_table)); + + if(status > 0) + status = write(mpipe[1], &kmem_code_table, sizeof(kmem_code_table)); + + if(status > 0) + status = write(mpipe[1], &sh_idt_table, sizeof(sh_idt_table)); + + if(status > 0) + status = write(mpipe[1], new_system_call_code, SH_KERN_SCC); + + if(status > 0) + status = write(mpipe[1], &proc_root_dir, sizeof(proc_root_dir)); + + if(status > 0) + status = write(mpipe[1], &proc_root_inode, sizeof(proc_root_inode)); + } + _exit( (status >= 0) ? 0 : status); +} + + +struct sh_kernel_info { + unsigned long kmem_call_table[SH_KERN_SIZ]; + unsigned int kmem_code_table[SH_KERN_SIZ][2]; + + unsigned char new_system_call_code[SH_KERN_SCC]; + + struct inode_operations proc_root_inode; + struct proc_dir_entry proc_root_dir; +}; + +static int read_from_child(pid_t mpid, int * mpipe, + struct sh_kernel_info * kinfo) +{ + int res; + int status; + long size; + + /* Close reading side of pipe, and wait some milliseconds + */ + close (mpipe[1]); + retry_msleep (0, ShKernDelay); /* milliseconds */ + + size = SH_KERN_SIZ * sizeof(unsigned long); + + if (size != read(mpipe[0], &(kinfo->kmem_call_table), size)) + status = -4; + else + status = 0; + + if(status == 0) + { + size = sizeof(unsigned int) * 2 * SH_KERN_SIZ; + + if (size != read(mpipe[0], &(kinfo->kmem_code_table), size)) + status = -5; + else + status = 0; + } + + if(status == 0) + { + memset(sh_idt_table, '\0', SH_MAXIDT*8); + if (sizeof(sh_idt_table) != + read(mpipe[0], &sh_idt_table, sizeof(sh_idt_table))) + status = -5; + else + status = 0; + } + + if(status == 0) + { + size = SH_KERN_SCC; + + if (size != read(mpipe[0], &(kinfo->new_system_call_code), size)) + status = -6; + else + status = 0; + } + + if(status == 0) + { + size = sizeof (struct proc_dir_entry); + + if (size != read(mpipe[0], &(kinfo->proc_root_dir), size)) + status = -7; + else + status = 0; + } + + if(status == 0) + { + size = sizeof (struct inode_operations); + + if (size != read(mpipe[0], &(kinfo->proc_root_inode), size)) + status = -8; + else + status = 0; + } + + if (status < 0) + res = waitpid(mpid, NULL, WNOHANG|WUNTRACED); + else + { + res = waitpid(mpid, &status, WNOHANG|WUNTRACED); + if (res == 0 && 0 != WIFEXITED(status)) + status = WEXITSTATUS(status); + } + close (mpipe[0]); + if (res <= 0) + { + aud_kill(FIL__, __LINE__, mpid, 9); + waitpid(mpid, NULL, 0); + } + return status; +} + + +static void check_idt_table(int is_init) +{ + int i, j; + + unsigned short idt_offset_lo, idt_offset_hi, idt_selector; + unsigned char idt_reserved, idt_flag; + unsigned short sh_idt_offset_lo, sh_idt_offset_hi, sh_idt_selector; + unsigned char sh_idt_reserved, sh_idt_flag; + int dpl; + unsigned long idt_iaddr; + int sh_dpl; + unsigned long sh_idt_iaddr; + char idt_type, sh_idt_type; + + unsigned long store0; + unsigned int store1, store2; + int datasize; + char msg[2*SH_BUFSIZE]; + + if (ShKernIDT == S_TRUE) + { + if (sh.flag.checkSum == SH_CHECK_INIT || sh.flag.update == S_TRUE) + { + datasize = 8; + for (j = 0; j < SH_MAXIDT; ++j) + { + sh_kern_db_syscall (j, _("idt_table"), + &sh_idt_table[j*8], + &store0, &store1, &store2, + &datasize, SH_KERN_DBPUSH); + } + } + + if ((sh.flag.checkSum != SH_CHECK_INIT) || + (sh.flag.update == S_TRUE && is_init == 1)) + { + /* Check the Interrupt Descriptor Table + * + * Stored(old) is idt_table[] + */ + for (j = 0; j < SH_MAXIDT; ++j) + { + i = j * 8; + + sh_idt_offset_lo = *((unsigned short *) &sh_idt_table[i]); + sh_idt_selector = *((unsigned short *) &sh_idt_table[i+2]); + sh_idt_reserved = (unsigned char) sh_idt_table[i+4]; + sh_idt_flag = (unsigned char) sh_idt_table[i+5]; + sh_idt_offset_hi = *((unsigned short *) &sh_idt_table[i+6]); + sh_idt_iaddr = (unsigned long)(sh_idt_offset_hi << 16) + + sh_idt_offset_lo; + + if (sh_idt_iaddr == 0) + { + sh_idt_table[i+2] = '\0'; + sh_idt_table[i+3] = '\0'; + sh_idt_table[i+5] = '\0'; + + idt_offset_lo = *((unsigned short *) &idt_table[i]); + idt_offset_hi = *((unsigned short *) &idt_table[i+6]); + idt_iaddr = (unsigned long)(idt_offset_hi << 16) + + idt_offset_lo; + if (idt_iaddr == 0) + { + idt_table[i+2] = '\0'; + idt_table[i+3] = '\0'; + idt_table[i+5] = '\0'; + } + + } + + if (memcmp(&sh_idt_table[i], &idt_table[i], 8) != 0) + { + + idt_offset_lo = *((unsigned short *) &idt_table[i]); + idt_selector = *((unsigned short *) &idt_table[i+2]); + idt_reserved = (unsigned char) idt_table[i+4]; + idt_flag = (unsigned char) idt_table[i+5]; + idt_offset_hi = *((unsigned short *) &idt_table[i+6]); + idt_iaddr = (unsigned long)(idt_offset_hi << 16) + + idt_offset_lo; + + if (idt_iaddr != 0) + { + if (idt_flag & 64) { dpl = 3; } + else { dpl = 0; } + if (idt_flag & 1) { + if (dpl == 3) idt_type = 'S'; + else idt_type = 'T'; } + else { idt_type = 'I'; } + } + else { dpl = -1; idt_type = 'U'; } + + if (sh_idt_iaddr != 0) + { + if (sh_idt_flag & 64) { sh_dpl = 3; } + else { sh_dpl = 0; } + if (sh_idt_flag & 1) { + if (sh_dpl == 3) sh_idt_type = 'S'; + else sh_idt_type = 'T'; } + else { sh_idt_type = 'I'; } + } + else { sh_dpl = -1; sh_idt_type = 'U'; } + + sh_kern_pathmsg (msg, SH_BUFSIZE, + j, _("idt_table"), + &idt_table[i], 8, + &sh_idt_table[i], 8); + + sh_error_handle (ShKernSeverity, FIL__, __LINE__, + 0, MSG_KERN_IDT, + j, + sh_idt_iaddr, sh_strseg(sh_idt_selector), + (int) sh_dpl, sh_idt_type, + idt_iaddr, sh_strseg(idt_selector), + (int) dpl, idt_type, msg); + + memcpy(&idt_table[i], &sh_idt_table[i], 8); + } + } + } + } +} + + +#define SYS_BUS_PCI _("/sys/bus/pci/devices") +#include + +static void check_rom (char * pcipath, char * name) +{ + file_type theFile; + char fileHash[2*(KEY_LEN + 1)]; + int status; + char * tmp; + extern unsigned long sh_files_maskof (int class); + + (void) sl_strlcpy (theFile.fullpath, pcipath, PATH_MAX); + theFile.check_mask = sh_files_maskof(SH_LEVEL_READONLY); + theFile.check_mask &= ~(MODI_MTM|MODI_CTM|MODI_INO); + CLEAR_SH_FFLAG_REPORTED(theFile.file_reported); + theFile.attr_string = NULL; + theFile.link_path = NULL; + + status = sh_unix_getinfo (ShDFLevel[SH_ERR_T_RO], + name, &theFile, fileHash, 0); + + if (status != 0) + { + tmp = sh_util_safe_name(pcipath); + sh_error_handle (ShKernSeverity, FIL__, __LINE__, + 0, MSG_E_SUBGPATH, + _("Could not check PCI ROM"), + _("check_rom"), + tmp); + SH_FREE(tmp); + goto out; + } + + if ( sh.flag.checkSum == SH_CHECK_INIT ) + { + sh_hash_pushdata (&theFile, fileHash); + } + else if (sh.flag.checkSum == SH_CHECK_CHECK ) + { + sh_hash_compdata (SH_LEVEL_READONLY, &theFile, fileHash, NULL, -1); + } + + out: + if (theFile.attr_string) SH_FREE(theFile.attr_string); + if (theFile.link_path) SH_FREE(theFile.link_path); + return; +} + +static void check_pci_rom (char * pcipath, char * name) +{ + struct stat buf; + int fd; + int status; + + if (0 == stat(pcipath, &buf)) + { + /* Need to write "1" to the file to enable the ROM. Afterwards, + * write "0" to disable it. + */ + fd = open ( pcipath, O_RDWR ); + do { + status = write( fd, "1", 1 ); + } while (status < 0 && errno == EINTR); + close ( fd ); + + check_rom(pcipath, name); + + fd = open ( pcipath, O_RDWR ); + do { + status = write( fd, "0", 1 ); + } while (status < 0 && errno == EINTR); + close ( fd ); + } + return; +} + +static void check_pci() +{ + char pci_dir[256]; + char * pcipath; + DIR * df; + struct dirent * entry; + + sl_strlcpy(pci_dir, SYS_BUS_PCI, sizeof(pci_dir)); + + df = opendir(pci_dir); + if (df) + { + while (1) + { + SH_MUTEX_LOCK(mutex_readdir); + entry = readdir(df); + SH_MUTEX_UNLOCK(mutex_readdir); + + if (entry == NULL) + break; + + if (0 == strcmp(entry->d_name, ".") && + 0 == strcmp(entry->d_name, "..")) + continue; + + pcipath = sh_util_strconcat(pci_dir, "/", + entry->d_name, "/rom", NULL); + check_pci_rom(pcipath, entry->d_name); + SH_FREE(pcipath); + } + + closedir(df); + } +} + +/* -- Check the proc_root inode. + * + * This will detect adore-ng. + */ +static void check_proc_root (struct sh_kernel_info * kinfo) +{ + struct proc_dir_entry proc_root_dir; + +/* 2.6.21 (((2) << 16) + ((6) << 8) + (21)) */ +#if SH_KERNEL_NUMBER < 132629 + struct inode_operations proc_root_inode; + + memcpy (&proc_root_inode, &(kinfo->proc_root_inode), sizeof(struct inode_operations)); + + /* Seems that the info does not relate anymore to proc_root_lookup(?) + */ + if ( (unsigned int) *proc_root_inode.lookup != proc_root_lookup) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_KERN_PROC, + _("proc_root_inode_operations.lookup != proc_root_lookup")); + } +#endif + + memcpy (&proc_root_dir, &(kinfo->proc_root_dir), sizeof(struct proc_dir_entry)); + if ( (((unsigned int) * &proc_root_dir.proc_iops) != proc_root_iops) + && (proc_root_dir.size != proc_root_iops) + && (((unsigned int) * &proc_root_dir.proc_fops) != proc_root_iops) + ) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_KERN_PROC, + _("proc_root.proc_iops != proc_root_inode_operations")); + } + + return; +} + +/* -- Check the system_call syscall gate. + * + * Stored(old) is system_call_code[] + */ +static void check_syscall_gate(int is_init, struct sh_kernel_info * kinfo) +{ + int i, j; + unsigned long store0; + unsigned int store1, store2; + int datasize; + int max_system_call = (SYS_CALL_LOC < 128) ? 128 : SYS_CALL_LOC; + char msg[2*SH_BUFSIZE]; + + if (sh.flag.checkSum == SH_CHECK_INIT || sh.flag.update == S_TRUE) + { + store0 = 0; store1 = 0; store2 = 0; + datasize = SH_KERN_SCC; + sh_kern_db_syscall (0, _("system_call"), + &(kinfo->new_system_call_code), &store0, &store1, &store2, + &datasize, SH_KERN_DBPUSH); + } + + if ((sh.flag.checkSum != SH_CHECK_INIT) || + (sh.flag.update == S_TRUE && is_init == 1)) + { + for (i = 0; i < (max_system_call + 4); ++i) + { + if (system_call_code[i] != kinfo->new_system_call_code[i]) + { + + sh_kern_pathmsg (msg, sizeof(msg), + 0, _("system_call"), + system_call_code, SH_KERN_SCC, + kinfo->new_system_call_code, SH_KERN_SCC); + + sh_error_handle (ShKernSeverity, FIL__, __LINE__, + 0, MSG_KERN_GATE, + kinfo->new_system_call_code[i], 0, + system_call_code[i], 0, + 0, _("system_call (interrupt handler)"), + msg); + + for (j = 0; j < (max_system_call + 4); ++j) + system_call_code[j] = kinfo->new_system_call_code[j]; + break; + } + } + } + return; +} + +static void check_system_calls (int is_init, struct sh_kernel_info * kinfo) +{ + int i; + +#ifdef SH_USE_LKM + static int check_getdents = 0; + /* #ifdef __NR_getdents64 */ + static int check_getdents64 = 0; + /* #endif */ + static int copy_if_next = -1; + static int copy_if_next_64 = -1; +#endif + + unsigned long store0; + unsigned int store1, store2; + int mod_syscall_addr = 0; + int mod_syscall_code = 0; + UINT64 size_old = 0, size_new = 0; + UINT64 mtime_old = 0, mtime_new = 0; + UINT64 ctime_old = 0, ctime_new = 0; + char tmp[128]; + char msg[2*SH_BUFSIZE]; + char timstr_o[32]; + char timstr_n[32]; + + if (sh.flag.checkSum == SH_CHECK_INIT || sh.flag.update == S_TRUE) + { + for (i = 0; i < SH_MAXCALLS; ++i) + { + store0 = kinfo->kmem_call_table[i]; + store1 = kinfo->kmem_code_table[i][0]; store2 = kinfo->kmem_code_table[i][1]; + sh_kern_db_syscall (i, _("syscall"), + NULL, &store0, &store1, &store2, + 0, SH_KERN_DBPUSH); + } + } + + if ((sh.flag.checkSum != SH_CHECK_INIT) || + (sh.flag.update == S_TRUE && is_init == 1)) + { + for (i = 0; i < SH_MAXCALLS; ++i) + { + if (sh_syscalls[i].name == NULL /* || sh_syscalls[i].addr == 0UL */) + break; + +#ifdef SH_USE_LKM + if (sh_syscalls[i].addr != kinfo->kmem_call_table[i]) + { + if (check_getdents == 0 && + 0 == strcmp(_(sh_syscalls[i].name), _("sys_getdents"))) + { + check_getdents = 1; + sh_error_handle (SH_ERR_WARN, FIL__, __LINE__, + 0, MSG_E_SUBGEN, + _("Modified kernel syscall (expected)."), + _(sh_syscalls[i].name) ); + copy_if_next = i; + sh_syscalls[i].addr = kinfo->kmem_call_table[i]; + continue; + } + /* #ifdef __NR_getdents64 */ + else if (check_getdents64 == 0 && + 0 == strcmp(_(sh_syscalls[i].name), + _("sys_getdents64"))) + { + check_getdents64 = 1; + sh_error_handle (SH_ERR_WARN, FIL__, __LINE__, + 0, MSG_E_SUBGEN, + _("Modified kernel syscall (expected)."), + _(sh_syscalls[i].name) ); + copy_if_next_64 = i; + sh_syscalls[i].addr = kinfo->kmem_call_table[i]; + continue; + } + /* #endif */ + else + { + size_old = sh_syscalls[i].addr; + size_new = kinfo->kmem_call_table[i]; + mod_syscall_addr = 1; + } + sh_syscalls[i].addr = kinfo->kmem_call_table[i]; + } +#else + if (sh_syscalls[i].addr != kinfo->kmem_call_table[i]) + { + size_old = sh_syscalls[i].addr; + size_new = kinfo->kmem_call_table[i]; + mod_syscall_addr = 1; + sh_syscalls[i].addr = kinfo->kmem_call_table[i]; + } +#endif + + + /* -- Check the code at syscall address + * + * Stored(old) is sh_syscalls[] + */ + if ( (mod_syscall_addr == 0) && + ((sh_syscalls[i].code[0] != kinfo->kmem_code_table[i][0]) || + (sh_syscalls[i].code[1] != kinfo->kmem_code_table[i][1])) + ) + { + mtime_old = sh_syscalls[i].code[0]; + mtime_new = kinfo->kmem_code_table[i][0]; + ctime_old = sh_syscalls[i].code[1]; + ctime_new = kinfo->kmem_code_table[i][1]; + mod_syscall_code = 1; + +#ifdef SH_USE_LKM + if (i == copy_if_next) + { + mod_syscall_code = 0; + copy_if_next = -1; + } + if (i == copy_if_next_64) + { + mod_syscall_code = 0; + copy_if_next_64 = -1; + } +#endif + + sh_syscalls[i].code[0] = kinfo->kmem_code_table[i][0]; + sh_syscalls[i].code[1] = kinfo->kmem_code_table[i][1]; + } + + /* Build the error message, if something has been + * detected. + */ + if ((mod_syscall_addr != 0) || (mod_syscall_code != 0)) + { +#ifdef SH_USE_XML + sl_snprintf(tmp, 128, "path=\"K_%s_%04d\" ", + _("syscall"), i); +#else + sl_snprintf(tmp, 128, "path=, ", + _("syscall"), i); +#endif + sl_strlcpy(msg, tmp, SH_BUFSIZE); + + if (mod_syscall_addr != 0) + { + sl_snprintf(tmp, 128, sh_hash_size_format(), + size_old, size_new); + sl_strlcat(msg, tmp, SH_BUFSIZE); + } + if (mod_syscall_code != 0) + { + (void) sh_unix_gmttime (ctime_old, timstr_o, sizeof(timstr_o)); + (void) sh_unix_gmttime (ctime_new, timstr_n, sizeof(timstr_n)); +#ifdef SH_USE_XML + sl_snprintf(tmp, 128, + _("ctime_old=\"%s\" ctime_new=\"%s\" "), + timstr_o, timstr_n); +#else + sl_snprintf(tmp, 128, + _("ctime_old=<%s>, ctime_new=<%s>, "), + timstr_o, timstr_n); +#endif + sl_strlcat(msg, tmp, SH_BUFSIZE); + (void) sh_unix_gmttime (mtime_old, timstr_o, sizeof(timstr_o)); + (void) sh_unix_gmttime (mtime_new, timstr_n, sizeof(timstr_n)); +#ifdef SH_USE_XML + sl_snprintf(tmp, 128, + _("mtime_old=\"%s\" mtime_new=\"%s\" "), + timstr_o, timstr_n); +#else + sl_snprintf(tmp, 128, + _("mtime_old=<%s>, mtime_new=<%s> "), + timstr_o, timstr_n); +#endif + sl_strlcat(msg, tmp, SH_BUFSIZE); + } + sh_error_handle (ShKernSeverity, FIL__, __LINE__, + 0, MSG_KERN_SYSCALL, + i, _(sh_syscalls[i].name), msg); + mod_syscall_addr = 0; + mod_syscall_code = 0; + } + } + } + return; +} + +int sh_kern_check_internal () +{ + int kd; + int is_init; + pid_t mpid; + int mpipe[2]; + int status = 0; + + struct sh_kernel_info kinfo; + + + SL_ENTER(_("sh_kern_check_internal")); + + /* -- Check whether initialisation is required; if yes, initialize. + */ + + if (0 != check_init(&is_init)) + { + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + + + /* -- Open /dev/kmem and fork subprocess to read from it. + */ + + if (kaddr == (unsigned int) -1) /* kaddr = address of the sys_call_table */ + { + sh_error_handle (ShKernSeverity, FIL__, __LINE__, status, MSG_E_SUBGEN, + _("no address for sys_call_table - switching off"), + _("kern_check_internal") ); + ShKernActive = S_FALSE; + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + + kd = aud_open(FIL__, __LINE__, SL_YESPRIV, _("/dev/kmem"), O_RDONLY, 0); + + if (kd < 0) + { + status = errno; + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + _("error opening /dev/kmem"), + _("kern_check_internal") ); + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + + status = aud_pipe(FIL__, __LINE__, mpipe); + + if (status == 0) + { + mpid = aud_fork(FIL__, __LINE__); + + switch (mpid) + { + case -1: + status = -1; + break; + case 0: + + /* -- Child process reads /dev/kmem and writes to pipe + */ + run_child(kd, mpipe); + break; + + /* -- Parent process reads from child via pipe + */ + default: + close(kd); + status = read_from_child(mpid, mpipe, &kinfo); + break; + } + } + + if ( status < 0) + { + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + _("error reading from /dev/kmem"), + _("kern_check_internal") ); + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + + /* -- Check the proc_root inode. + * + * This will detect adore-ng. + */ + check_proc_root( &kinfo ); + + + /* -- Check the system_call syscall gate. + * + * Stored(old) is system_call_code[] + */ + check_syscall_gate( is_init, &kinfo ); + + /* -- Check the individual syscalls + * + * Stored(old) is sh_syscalls[] array. + */ + check_system_calls ( is_init, &kinfo ); + + /* -- Check the Interrupt Descriptor Table + */ + check_idt_table(is_init); + + /* -- Check PCI ROM + */ + check_pci(); + + SL_RETURN( (0), _("sh_kern_check_internal")); +} +/* ifdef HOST_IS_LINUX */ +#else + +/******************************************************** + * + * --- BSD --- + * + ********************************************************/ + +#include +#include +#include + +/* not OpenBSD */ +#if defined(HOST_IS_FREEBSD) +#include +#endif + +#include +#ifndef SYS_MAXSYSCALL +#define SYS_MAXSYSCALL 512 +#endif + +#ifdef __OpenBSD__ +struct proc; +struct sysent { + short sy_narg; + short sy_argsize; + int (*sy_call)(struct proc *, void *, register_t *); +}; +#endif + +int sh_kern_data_init () +{ + unsigned long store0 = 0; + unsigned int store1 = 0, store2 = 0; + int datasize, i; + char * databuf = NULL; + + /* syscall address and code + */ + for (i = 0; i < SH_MAXCALLS; ++i) + { + databuf = sh_kern_db_syscall (i, _("syscall"), + NULL, &store0, &store1, &store2, + &datasize, SH_KERN_DBPOP); + sh_syscalls[i].addr = store0; + if (databuf != NULL) { SH_FREE(databuf); } + if (store0 == 0) { + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("syscall address not found in database"), + _("sh_kern_data_init")); + return -1; + } + + sh_syscalls[i].code[0] = (unsigned int) store1; + sh_syscalls[i].code[1] = (unsigned int) store2; + if ((store1 == 0) || (store2 == 0)) { + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("syscall code not found in database"), + _("sh_kern_data_init")); + return -1; + } + + } + + return 0; +} + +int sh_kern_check_internal () +{ + struct sysent sy; + kvm_t * kd; + int i; + int status = -1; + char errbuf[_POSIX2_LINE_MAX+1]; + struct nlist * sys_list; + struct nlist list[2]; + + unsigned long offset = 0L; + unsigned int syscall_code[2]; /* 8 bytes */ + unsigned long syscall_addr; + + unsigned long store0 = 0; + unsigned int store1 = 0, store2 = 0; + + UINT64 size_old = 0, size_new = 0; + UINT64 mtime_old = 0, mtime_new = 0; + UINT64 ctime_old = 0, ctime_new = 0; + char tmp[128]; + char msg[2*SH_BUFSIZE]; + char timstr_o[32]; + char timstr_n[32]; + + static int is_init = 0; + + SL_ENTER(_("sh_kern_check_internal")); + + if (is_init == 0) + { + if (sh.flag.checkSum != SH_CHECK_INIT && sh.flag.update != S_TRUE) + { + if (0 == sh_kern_data_init()) { + is_init = 1; + } else { + sh_error_handle (ShKernSeverity, FIL__, __LINE__, status, + MSG_E_SUBGEN, + _("could not initialize - switching off"), + _("kern_check_internal") ); + ShKernActive = S_FALSE; + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + } + else if ((sh.flag.checkSum == SH_CHECK_INIT || + sh.flag.checkSum == SH_CHECK_CHECK) && + (sh.flag.update == S_TRUE)) + { + if (0 == sh_kern_data_init()) { + is_init = 1; + } else { + sh_error_handle (ShKernSeverity, FIL__, __LINE__, status, + MSG_E_SUBGEN, + _("no or incomplete data in baseline database"), + _("kern_check_internal") ); + } + } + } + + /* defined, but not used + */ + ShKernDelay = 0; + + list[0].n_name = "_sysent"; + list[1].n_name = NULL; + + kd = kvm_openfiles(NULL, NULL, NULL, O_RDONLY, errbuf); + if (!kd) + { + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + errbuf, + _("kvm_openfiles") ); + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + + i = kvm_nlist(kd, list); + if (i == -1) + { + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + kvm_geterr(kd), + _("kvm_nlist (_sysent)") ); + kvm_close(kd); + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + + sys_list = SH_ALLOC((SYS_MAXSYSCALL+1) * sizeof(struct nlist)); + + for (i = 0; i < SH_MAXCALLS; ++i) + sys_list[i].n_name = sh_syscalls[i].name; + sys_list[SH_MAXCALLS].n_name = NULL; + + i = kvm_nlist(kd, sys_list); + if (i == -1) + { + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + kvm_geterr(kd), + _("kvm_nlist (syscalls)") ); + kvm_close(kd); + SH_FREE(sys_list); + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + else if (i > 0) + { + sl_snprintf(tmp, 128, + _("%d invalid syscalls"), i); + /* + for (i = 0; i < SH_MAXCALLS; ++i) { + if (sys_list[i].n_type == 0 && sys_list[i].n_value == 0) + fprintf(stderr, "invalid: [%3d] %s\n", i, sh_syscalls[i].name); + } + */ + sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN, + tmp, + _("kvm_nlist (syscalls)") ); + } + + /* Check the individual syscalls + * + * Stored(old) is sh_syscalls[] array. + */ + if (sh.flag.checkSum == SH_CHECK_INIT || sh.flag.update == S_TRUE) + { + for (i = 0; i < SH_MAXCALLS; ++i) + { + if (sh_syscalls[i].name == NULL) + { + sl_snprintf(tmp, 128, + _("too few entries in sh_syscalls[]: have %d, expect %d"), + i, SH_MAXCALLS); + + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + tmp, + _("sh_kern_check_internal") ); + break; + } + + /* read address of syscall from sysent table + */ + offset = list[0].n_value + (i*sizeof(struct sysent)); + if (kvm_read(kd, offset, &sy, sizeof(struct sysent)) < 0) + { + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + kvm_geterr(kd), + _("kvm_read (syscall table)") ); + kvm_close(kd); + SH_FREE(sys_list); + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + syscall_addr = (unsigned long) sy.sy_call; + store0 = syscall_addr; + + /* read the syscall code + */ + if(kvm_read(kd, (unsigned int) sy.sy_call, &(syscall_code[0]), + 2 * sizeof(unsigned int)) < 0) + { + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + kvm_geterr(kd), + _("kvm_read (syscall code)") ); + kvm_close(kd); + SH_FREE(sys_list); + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + store1 = syscall_code[0]; store2 = syscall_code[1]; + + sh_kern_db_syscall (i, _("syscall"), + NULL, &store0, &store1, &store2, + 0, SH_KERN_DBPUSH); + } + } + + if ((sh.flag.checkSum != SH_CHECK_INIT) || + (sh.flag.update == S_TRUE && is_init == 1)) + { + for (i = 0; i < SH_MAXCALLS; ++i) + { + if (sh_syscalls[i].name == NULL) + { + sl_snprintf(tmp, 128, + _("too few entries in sh_syscalls[]: have %d, expect %d"), + i, SH_MAXCALLS); + + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + tmp, + _("sh_kern_check_internal") ); + break; + } + + /* read address of syscall from sysent table + */ + offset = list[0].n_value + (i*sizeof(struct sysent)); + if (kvm_read(kd, offset, &sy, sizeof(struct sysent)) < 0) + { + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + kvm_geterr(kd), + _("kvm_read (syscall table)") ); + kvm_close(kd); + SH_FREE(sys_list); + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + syscall_addr = (unsigned long) sy.sy_call; + + if (sh_syscalls[i].addr != syscall_addr) + { +#ifdef SH_USE_XML + sl_snprintf(tmp, 128, "path=\"K_%s_%04d\" ", + _("syscall"), i); +#else + sl_snprintf(tmp, 128, "path=, ", + _("syscall"), i); +#endif + sl_strlcpy(msg, tmp, SH_BUFSIZE); + + size_old = sh_syscalls[i].addr; + size_new = syscall_addr; + sl_snprintf(tmp, 128, sh_hash_size_format(), + size_old, size_new); + sl_strlcat(msg, tmp, SH_BUFSIZE); + + sh_error_handle (ShKernSeverity, FIL__, __LINE__, + status, MSG_KERN_SYSCALL, + i, _(sh_syscalls[i].name), + msg); + sh_syscalls[i].addr = syscall_addr; + } + else + { + /* read the syscall code + */ + if(kvm_read(kd, (unsigned int) sy.sy_call, &(syscall_code[0]), + 2 * sizeof(unsigned int)) < 0) + { + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + kvm_geterr(kd), + _("kvm_read (syscall code)") ); + kvm_close(kd); + SH_FREE(sys_list); + SL_RETURN( (-1), _("sh_kern_check_internal")); + } + + if (sh_syscalls[i].code[0] != syscall_code[0] || + sh_syscalls[i].code[1] != syscall_code[1]) + { + mtime_old = sh_syscalls[i].code[0]; + mtime_new = syscall_code[0]; + ctime_old = sh_syscalls[i].code[1]; + ctime_new = syscall_code[1]; + +#ifdef SH_USE_XML + sl_snprintf(tmp, 128, "path=\"K_%s_%04d\" ", + _("syscall"), i); +#else + sl_snprintf(tmp, 128, "path=, ", + _("syscall"), i); +#endif + sl_strlcpy(msg, tmp, SH_BUFSIZE); + + (void) sh_unix_gmttime (ctime_old, timstr_o, sizeof(timstr_o)); + (void) sh_unix_gmttime (ctime_new, timstr_n, sizeof(timstr_n)); +#ifdef SH_USE_XML + sl_snprintf(tmp, 128, + _("ctime_old=\"%s\" ctime_new=\"%s\" "), + timstr_o, timstr_n); +#else + sl_snprintf(tmp, 128, + _("ctime_old=<%s>, ctime_new=<%s>, "), + timstr_o, timstr_n); +#endif + sl_strlcat(msg, tmp, SH_BUFSIZE); + (void) sh_unix_gmttime (mtime_old, timstr_o, sizeof(timstr_o)); + (void) sh_unix_gmttime (mtime_new, timstr_n, sizeof(timstr_n)); +#ifdef SH_USE_XML + sl_snprintf(tmp, 128, + _("mtime_old=\"%s\" mtime_new=\"%s\" "), + timstr_o, timstr_n); +#else + sl_snprintf(tmp, 128, + _("mtime_old=<%s>, mtime_new=<%s> "), + timstr_o, timstr_n); +#endif + sl_strlcat(msg, tmp, SH_BUFSIZE); + + sh_error_handle (ShKernSeverity, FIL__, __LINE__, + status, MSG_KERN_SYSCALL, + i, _(sh_syscalls[i].name), + msg); + sh_syscalls[i].code[0] = syscall_code[0]; + sh_syscalls[i].code[1] = syscall_code[1]; + } + } + } + } + SH_FREE(sys_list); + if(kvm_close(kd) < 0) + { + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + kvm_geterr(kd), + _("kvm_close") ); + exit(EXIT_FAILURE); + } + + SL_RETURN( (0), _("sh_kern_check_internal")); +} + +#endif + +/************* + * + * module init + * + *************/ +#if defined(HOST_IS_LINUX) +#include +#endif + +static int AddressReconf = 0; + +int sh_kern_init (struct mod_type * arg) +{ +#if defined(HOST_IS_LINUX) + struct utsname buf; + char * str; +#endif + (void) arg; + + SL_ENTER(_("sh_kern_init")); + if (ShKernActive == S_FALSE) + SL_RETURN( (-1), _("sh_kern_init")); + +#if defined(HOST_IS_LINUX) + uname(&buf); + + if ((AddressReconf < 5) && (0 != strcmp(SH_KERNEL_VERSION, buf.release))) + { + str = SH_ALLOC(256); + sl_snprintf(str, 256, + "Compiled for kernel %s, but current kernel is %s, and kernel addresses have not been re-configured", + SH_KERNEL_VERSION, buf.release); + sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, EINVAL, MSG_E_SUBGEN, + str, + _("kern_check") ); + SH_FREE(str); + ShKernActive = S_FALSE; + SL_RETURN( (-1), _("sh_kern_init")); + } +#endif + + lastcheck = time (NULL); + if (sh.flag.checkSum != SH_CHECK_INIT) + { + sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("Checking kernel syscalls"), + _("kern_check") ); + } + sh_kern_check_internal (); + SL_RETURN( (0), _("sh_kern_init")); +} + +/************* + * + * module cleanup + * + *************/ +int sh_kern_end () +{ + return (0); +} + + +/************* + * + * module timer + * + *************/ +int sh_kern_timer (time_t tcurrent) +{ + if (ShKernActive == S_FALSE) + return 0; + + if ((int) (tcurrent - lastcheck) >= ShKernInterval) + { + lastcheck = tcurrent; + return (-1); + } + return 0; +} + +/************* + * + * module check + * + *************/ +int sh_kern_check () +{ + sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, EINVAL, MSG_E_SUBGEN, + _("Checking kernel syscalls"), + _("kern_check") ); + return (sh_kern_check_internal ()); +} + +/************* + * + * module setup + * + *************/ + +int sh_kern_set_severity (const char * c) +{ + char tmp[32]; + tmp[0] = '='; tmp[1] = '\0'; + sl_strlcat (tmp, c, 32); + sh_error_set_level (tmp, &ShKernSeverity); + return 0; +} + +int sh_kern_set_timer (const char * c) +{ + long val; + + SL_ENTER(_("sh_kern_set_timer")); + + val = strtol (c, (char **)NULL, 10); + if (val <= 0) + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("kern timer"), c); + + val = (val <= 0 ? 60 : val); + + ShKernInterval = (time_t) val; + SL_RETURN( 0, _("sh_kern_set_timer")); +} + +int sh_kern_set_activate (const char * c) +{ + int i; + SL_ENTER(_("sh_kern_set_activate")); + i = sh_util_flagval(c, &ShKernActive); + SL_RETURN(i, _("sh_kern_set_activate")); +} + +int sh_kern_set_idt (const char * c) +{ + int i; + SL_ENTER(_("sh_kern_set_idt")); + i = sh_util_flagval(c, &ShKernIDT); + SL_RETURN(i, _("sh_kern_set_idt")); +} + +int sh_kern_set_sc_addr (const char * c) +{ + char * endptr; + unsigned long value; + + SL_ENTER(_("sh_kern_set_sc_addr")); + errno = 0; + value = strtoul(c, &endptr, 16); + if ((ULONG_MAX == value) && (errno == ERANGE)) + { + SL_RETURN((-1), _("sh_kern_set_sc_addr")); + } + if ((*c == '\0') || (*endptr != '\0')) + { + SL_RETURN((-1), _("sh_kern_set_sc_addr")); + } + system_call_addr = value; + ++AddressReconf; + SL_RETURN((0), _("sh_kern_set_sc_addr")); +} + +int sh_kern_set_sct_addr (const char * c) +{ + char * endptr; + unsigned long value; + + SL_ENTER(_("sh_kern_set_sct_addr")); + errno = 0; + value = strtoul(c, &endptr, 16); + if ((ULONG_MAX == value) && (errno == ERANGE)) + { + SL_RETURN((-1), _("sh_kern_set_sct_addr")); + } + if ((*c == '\0') || (*endptr != '\0')) + { + SL_RETURN((-1), _("sh_kern_set_sct_addr")); + } + kaddr = (unsigned int) value; + ++AddressReconf; + SL_RETURN((0), _("sh_kern_set_sct_addr")); +} + +int sh_kern_set_proc_root (const char * c) +{ + char * endptr; + unsigned long value; + + SL_ENTER(_("sh_kern_set_proc_root")); + errno = 0; + value = strtoul(c, &endptr, 16); + if ((ULONG_MAX == value) && (errno == ERANGE)) + { + SL_RETURN((-1), _("sh_kern_set_proc_root")); + } + if ((*c == '\0') || (*endptr != '\0')) + { + SL_RETURN((-1), _("sh_kern_set_proc_root")); + } + + proc_root = value; + ++AddressReconf; + SL_RETURN((0), _("sh_kern_set_proc_root")); +} + +int sh_kern_set_proc_root_iops (const char * c) +{ + char * endptr; + unsigned long value; + + SL_ENTER(_("sh_kern_set_proc_root_iops")); + errno = 0; + value = strtoul(c, &endptr, 16); + if ((ULONG_MAX == value) && (errno == ERANGE)) + { + SL_RETURN((-1), _("sh_kern_set_proc_root_iops")); + } + if ((*c == '\0') || (*endptr != '\0')) + { + SL_RETURN((-1), _("sh_kern_set_proc_root_iops")); + } + + proc_root_iops = value; + ++AddressReconf; + SL_RETURN((0), _("sh_kern_set_proc_root_iops")); +} + +int sh_kern_set_proc_root_lookup (const char * c) +{ + char * endptr; + unsigned long value; + + SL_ENTER(_("sh_kern_set_proc_root_lookup")); + errno = 0; + value = strtoul(c, &endptr, 16); + if ((ULONG_MAX == value) && (errno == ERANGE)) + { + SL_RETURN((-1), _("sh_kern_set_proc_root_lookup")); + } + if ((*c == '\0') || (*endptr != '\0')) + { + SL_RETURN((-1), _("sh_kern_set_proc_root_lookup")); + } + proc_root_lookup = value; + ++AddressReconf; + SL_RETURN((0), _("sh_kern_set_proc_root_lookup")); +} + +#endif + +/* #ifdef SH_USE_KERN */ +#endif Index: /tags/2.5.0/src/sh_log_check.c =================================================================== --- /tags/2.5.0/src/sh_log_check.c (revision 189) +++ /tags/2.5.0/src/sh_log_check.c (revision 189) @@ -0,0 +1,1172 @@ + +#include "config_xor.h" + +#include +#include +#include +#include +#include + +#ifdef USE_LOGFILE_MONITOR + +#undef FIL__ +#define FIL__ _("sh_log_check.c") + +/* Debian/Ubuntu: libpcre3-dev */ +#include + +#include "samhain.h" +#include "sh_pthread.h" +#include "sh_utils.h" +#include "sh_string.h" +#include "sh_log_check.h" +#include "sh_log_evalrule.h" + +/* List of supported logfile types, format is + * { "TYPE_CODE", Reader_Callback_Function, Parser_Callback_function } + * If Reader_Callback_Function is NULL, the default (line-oriented + * text file) reader is used. + */ +struct sh_logfile_type sh_logtypes_def[] = { + { "SYSLOG", NULL, sh_parse_syslog, NULL }, + { "SAMBA", sh_read_samba, sh_parse_samba, NULL }, + { "APACHE", NULL, sh_parse_apache, sh_eval_fileinfo_apache }, +#if defined(HAVE_SYS_ACCT_H) + { "PACCT", sh_read_pacct, sh_parse_pacct, NULL }, +#endif +}; + +/* -------------------------- Internal Stuff -------------------------- */ + +struct logfile_record { + dev_t device_id; + ino_t inode; + fpos_t offset; + /* FIXME include filename hash */ +}; + +const char * save_dir = NULL; + +static char * build_path (struct sh_logfile * record) +{ + size_t plen; + int retval; + char * path = NULL; + + if (!save_dir) + { + save_dir = sh_util_strdup(DEFAULT_PIDDIR); + + SH_MUTEX_LOCK(mutex_thread_nolog); + retval = tf_trust_check (save_dir, SL_YESPRIV); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + + if (retval != 0) + { + return(NULL); + } + } + + plen = strlen(save_dir); + + if (SL_TRUE == sl_ok_adds(plen, 129)) + { + plen += 129; /* 64 + 64 + 1 */ + path = SH_ALLOC(plen); + (void) sl_snprintf(path, plen, "%s/%lu_%lu", save_dir, + (unsigned long) record->device_id, + (unsigned long) record->inode); + } + + return path; +} + +static void save_pos (struct sh_logfile * record) +{ + char * path; + FILE * fd; + struct logfile_record save_rec; + + path = build_path(record); + + if (path) + { + fd = fopen(path, "wb"); + if (fd) + { + save_rec.device_id = record->device_id; + save_rec.inode = record->inode; + memcpy(&(save_rec.offset), &(record->offset), sizeof(fpos_t)); + if (1 != fwrite(&save_rec, sizeof(struct logfile_record), 1, fd)) + { + (void) fclose(fd); + (void) remove(path); + } + else + { + (void) fclose(fd); + } + } + SH_FREE(path); + } + return; +} + +static int read_pos (struct sh_logfile * record) +{ + int retval = 0; + char * path; + FILE * fd; + struct logfile_record save_rec; + + path = build_path(record); + + if (path) + { + fd = fopen(path, "rb"); + if (fd) + { + if (1 == fread(&save_rec, sizeof(struct logfile_record), 1, fd)) + { + if (save_rec.device_id == record->device_id && + save_rec.inode == record->inode) + { + memcpy(&(record->offset),&(save_rec.offset),sizeof(fpos_t)); + retval = 1; + } + } + (void) fclose(fd); + } + SH_FREE(path); + } + return retval; +} + +/*@null@*/ static struct sh_logfile * sh_watched_logs = NULL; + +int sh_add_watch (const char * str) +{ + char * filename; + + unsigned int i; + unsigned int defsize; + struct sh_logfile_type * log_type = NULL; + struct sh_logfile * thisfile; + struct stat buf; + + unsigned int nfields = 3; /* logtype:path[:regex] */ + size_t lengths[3]; + char * new = sh_util_strdup(str); + char ** splits = split_array(new, &nfields, ':', lengths); + + if (nfields < 2 || (lengths[0] == 0 || lengths[0] >= SH_MAX_LCODE_SIZE || lengths[1] == 0)) + { + sh_string * msg = sh_string_new(0); + sh_string_add_from_char(msg, _("Format error: ")); + sh_string_add_from_char(msg, str); + + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, + sh_string_str(msg), + _("sh_add_watch")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + sh_string_destroy(&msg); + + SH_FREE(new); + return -2; + } + + defsize = + (unsigned int) (sizeof(sh_logtypes_def)/sizeof(struct sh_logfile_type)); + + for (i = 0; i < defsize; ++i) + { + if (0 == strcmp(splits[0], sh_logtypes_def[i].code)) + { + log_type = &(sh_logtypes_def[i]); + break; + } + } + + if (log_type == NULL) + { + sh_string * msg = sh_string_new(0); + sh_string_add_from_char(msg, _("Unsupported log type: ")); + sh_string_add_from_char(msg, splits[0]); + + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, + sh_string_str(msg), + _("sh_add_watch")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + sh_string_destroy(&msg); + + SH_FREE(new); + return -3; + } + + if (splits[1][0] != '/') + { + sh_string * msg = sh_string_new(0); + sh_string_add_from_char(msg, _("Logfile path not absolute: ")); + sh_string_add_from_char(msg, splits[1]); + + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, + sh_string_str(msg), + _("sh_add_watch")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + sh_string_destroy(&msg); + + SH_FREE(new); + return -4; + } + + filename = /*@i@*/sh_util_strdup(splits[1]); + thisfile = SH_ALLOC(sizeof(struct sh_logfile)); + + thisfile->filename = filename; + thisfile->flags = SH_LOGFILE_REWIND; + thisfile->inode = 0; + thisfile->device_id = 0; + thisfile->fp = NULL; + if (log_type->get_record) + thisfile->get_record = log_type->get_record; + else + thisfile->get_record = sh_default_reader; + thisfile->parse_record = log_type->parse_record; + + /* An optional regex for parsing the file. The result + * 'fileinfo' should contain info about host/time position. + */ + if (log_type->eval_fileinfo) + { + if (nfields == 3 && lengths[2] > 0) + { + thisfile->fileinfo = log_type->eval_fileinfo(splits[2]); + + if (thisfile->fileinfo == NULL) + { + sh_string * msg = sh_string_new(0); + sh_string_add_from_char(msg, _("Logfile format description not recognized: ")); + sh_string_add_from_char(msg, splits[2]); + + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, + sh_string_str(msg), + _("sh_add_watch")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + sh_string_destroy(&msg); + + SH_FREE(filename); + SH_FREE(thisfile); + SH_FREE(new); + return -1; + } + } + else + { + sh_string * msg = sh_string_new(0); + sh_string_add_from_char(msg, _("Logfile format description missing: ")); + sh_string_add_from_char(msg, splits[1]); + + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, + sh_string_str(msg), + _("sh_add_watch")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + sh_string_destroy(&msg); + + SH_FREE(filename); + SH_FREE(thisfile); + SH_FREE(new); + return -1; + } + } + else + { + thisfile->fileinfo = NULL; + } + thisfile->next = sh_watched_logs; + + /* Try reading saved offset. On success clear rewind flag. + */ + if (0 == stat(thisfile->filename, &buf)) + { + thisfile->inode = buf.st_ino; + thisfile->device_id = buf.st_dev; + + if (0 != read_pos(thisfile)) + { + thisfile->flags &= ~SH_LOGFILE_REWIND; + } + } + + sh_watched_logs = thisfile; + + SH_FREE(new); + return 0; +} + +void sh_dump_watches() +{ + struct sh_logfile * thisfile; + + while (sh_watched_logs) + { + thisfile = sh_watched_logs; + sh_watched_logs = thisfile->next; + + save_pos(thisfile); + + if (thisfile->fp) + fclose(thisfile->fp); + if (thisfile->filename) + SH_FREE(thisfile->filename); + SH_FREE(thisfile); + } + return; +} + +/* This variable is not used anywhere. It only exist + * to assign &new to them, which keeps gcc from + * putting it into a register, and avoids the 'clobbered + * by longjmp' warning. And no, 'volatile' proved insufficient. + */ +static void * sh_dummy_thisfile = NULL; + +void sh_check_watches() +{ + static size_t count = 0; + struct sh_logrecord * logrecord; + struct sh_logfile * thisfile = sh_watched_logs; + sh_string * record = sh_string_new(0); + char * tmp; + + /* Take the address to keep gcc from putting them into registers. + * Avoids the 'clobbered by longjmp' warning. + */ + sh_dummy_thisfile = (void*) &thisfile; + + while (thisfile) + { + SH_MUTEX_LOCK(mutex_thread_nolog); + tmp = sh_util_safe_name (thisfile->filename); + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_LOGMON_CHKS, + tmp); + SH_FREE(tmp); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + + for (;;) { + + record = thisfile->get_record(record, thisfile); + + if (record) + { + logrecord = thisfile->parse_record(record, thisfile->fileinfo); + ++count; + + if (logrecord) + { + logrecord->filename = thisfile->filename; + + /* Don't report if 'init', just set file pointer + */ + if (sh.flag.checkSum != SH_CHECK_INIT) + { + sh_eval_process_msg(logrecord); + } + + if (logrecord->message) + sh_string_destroy(&(logrecord->message)); + if (logrecord->host) + sh_string_destroy(&(logrecord->host)); + if (logrecord->timestr) + sh_string_destroy(&(logrecord->timestr)); + SH_FREE(logrecord); + } + } + else + { + record = sh_string_new(0); + break; + } + } + + SH_MUTEX_LOCK(mutex_thread_nolog); + tmp = sh_util_safe_name (thisfile->filename); + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_LOGMON_CHKE, + tmp, (unsigned long)count); + SH_FREE(tmp); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + + thisfile = thisfile->next; + } + sh_string_destroy(&record); + return; +} + +/******************************************************** + * Search rotated logfile + */ +#include +#include +#include + +char * sh_rotated_log_search(const char * path, struct stat * buf) +{ + + size_t size; + int i; + char * searchpath; + struct stat sbuf; + DIR * dp; + char * dname; + char * bname; + + dname = sh_util_dirname(path); + bname = sh_util_basename(path); + + size = strlen(dname) + strlen(bname) + 4; + searchpath = SH_ALLOC(size); + + for (i = 0; i < 2; ++i) + { + snprintf(searchpath, size, "%s/%s.%1d", dname, bname, i); + if (0 == stat(searchpath, &sbuf) && sbuf.st_ino == buf->st_ino) + { + SH_FREE(dname); + SH_FREE(bname); + return searchpath; + } + } + + SH_FREE(searchpath); + + if (NULL != (dp = opendir(dname))) + { + struct dirent * de; + + while (NULL != (de = readdir(dp))) + { + if (0 == strcmp(de->d_name, ".") || 0 == strcmp(de->d_name, "..")) + continue; + + size = strlen(dname) + strlen(de->d_name) + 2; + searchpath = SH_ALLOC(size); + snprintf(searchpath, size, "%s/%s", dname, de->d_name); + + if (0 == stat(searchpath, &sbuf) && sbuf.st_ino == buf->st_ino) + { + SH_FREE(dname); + SH_FREE(bname); + closedir(dp); + return searchpath; + } + + SH_FREE(searchpath); + } + closedir(dp); + } + + SH_FREE(dname); + SH_FREE(bname); + + return NULL; +} + +/* Open file, position at stored offset + */ +int sh_open_for_reader (struct sh_logfile * logfile) +{ + struct stat buf; + sh_string * filename; + + /* check whether file exists, get inode to check for + * logfile rotation + */ + if (0 != retry_stat(FIL__, __LINE__, logfile->filename, &buf)) + { + char * tmp; + + SH_MUTEX_LOCK(mutex_thread_nolog); + tmp = sh_util_safe_name (logfile->filename); + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_LOGMON_MISS, + tmp); + SH_FREE(tmp); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + + memset (&(logfile->offset), '\0', sizeof(fpos_t)); + logfile->flags |= SH_LOGFILE_REWIND; + return 0; + } + + filename = sh_string_new(0); + (void) sh_string_set_from_char (filename, logfile->filename); + + /* detect and handle logfile rotation + */ + if (logfile->inode != buf.st_ino && logfile->inode != 0) + { + /* Case 1) We have dealt with the moved file already. + * Clear the moved flag, set the rewind flag, + * fix logfile->inode. + */ + if ((logfile->flags & SH_LOGFILE_MOVED) != 0) + { + /* done with rotated file, start with current file + */ + memset (&(logfile->offset), '\0', sizeof(fpos_t)); + logfile->flags |= SH_LOGFILE_REWIND; + logfile->flags &= ~SH_LOGFILE_MOVED; + logfile->inode = buf.st_ino; + logfile->device_id = buf.st_dev; + } + + /* Case 2) Searching for rotated file. + * If found: set the moved flag, fix path for fopen. + * If not found: set the rewind flag, fix logfile->inode. + */ + else + { + char *oldfile = sh_rotated_log_search(logfile->filename, &buf); + + if (NULL != oldfile) + { + (void) sh_string_set_from_char (filename, oldfile); + SH_FREE(oldfile); + logfile->flags |= SH_LOGFILE_MOVED; + } + else + { + memset (&(logfile->offset), '\0', sizeof(fpos_t)); + logfile->flags |= SH_LOGFILE_REWIND; + logfile->inode = buf.st_ino; + logfile->device_id = buf.st_dev; + } + } + } + + /* open file + */ + logfile->fp = fopen(filename->str, "r"); + if (!logfile->fp) + { + char * tmp; + + SH_MUTEX_LOCK(mutex_thread_nolog); + tmp = sh_util_safe_name (logfile->filename); + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_LOGMON_EOPEN, + tmp); + SH_FREE(tmp); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + + sh_string_destroy(&filename); + return 0; + } + + sh_string_destroy(&filename); + + if ((logfile->flags & SH_LOGFILE_REWIND) != 0) + { + rewind(logfile->fp); + fgetpos(logfile->fp, &(logfile->offset)); + logfile->flags &= ~SH_LOGFILE_REWIND; + } + else + { + /* file too short + */ + if (0 != fsetpos(logfile->fp, &(logfile->offset))) + { + rewind(logfile->fp); + fgetpos(logfile->fp, &(logfile->offset)); + } + } + + return 1; +} + +/****************************************************** + * Default reader for ascii text files + */ +sh_string * sh_default_reader (sh_string * s, struct sh_logfile * logfile) +{ + int status; + char * tmp; + + start_read: + + if (logfile->fp) + { + /* Result cannot be larger than 8192, thus cast is ok + */ + status = (int) sh_string_read(s, logfile->fp, 8192); + if (status <= 0) + { + fgetpos(logfile->fp, &(logfile->offset)); + fclose(logfile->fp); + logfile->fp = NULL; + sh_string_destroy(&s); + if (status == 0) + { + return NULL; + } + + SH_MUTEX_LOCK(mutex_thread_nolog); + tmp = sh_util_safe_name (logfile->filename); + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_LOGMON_EREAD, + tmp); + SH_FREE(tmp); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + + return NULL; + } + return s; + } + + if (0 != sh_open_for_reader(logfile)) + goto start_read; + + return NULL; +} + +/****************************************************** + * Reader for continued text files + */ +sh_string * sh_cont_reader (sh_string * s, struct sh_logfile * logfile, char*cont) +{ + int status; + char * tmp; + sh_string * str; + int remain = 8192; + int count = 0; + + if (!sh_string_truncate(s, 0)) + return NULL; + + start_read: + + if (logfile->fp) + { + str = sh_string_new(0); + + /* Result cannot be larger than 8192, thus cast is ok + */ + status = (int) sh_string_read(str, logfile->fp, 8192); + + if (status > 0) + { + + do { + s = sh_string_add (s, str); + count += status; + remain -= status; + + if (remain <= 0) + { + return s; + } + + status = (int) sh_string_read_cont(str, logfile->fp, count, cont); + + if (status == 0) + { + return s; + } + } + while (status > 0); + } + + if (status <= 0) + { + fgetpos(logfile->fp, &(logfile->offset)); + fclose(logfile->fp); + logfile->fp = NULL; + sh_string_destroy(&s); + if (status == 0) + { + return NULL; + } + + SH_MUTEX_LOCK(mutex_thread_nolog); + tmp = sh_util_safe_name (logfile->filename); + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_LOGMON_EREAD, + tmp); + SH_FREE(tmp); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + + return NULL; + } + + return s; + } + + if (0 != sh_open_for_reader(logfile)) + goto start_read; + + return NULL; +} + +/****************************************************** + * Reader for binary files + */ +sh_string * sh_binary_reader (void * s, size_t size, struct sh_logfile * logfile) +{ + size_t status; + + start_read: + + if (logfile->fp) + { + + status = fread(s, size, 1, logfile->fp); + + if (status != 1) + { + if (ferror(logfile->fp)) + { + char * tmp; + SH_MUTEX_LOCK(mutex_thread_nolog); + tmp = sh_util_safe_name (logfile->filename); + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_LOGMON_EREAD, + tmp); + SH_FREE(tmp); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + } + fgetpos(logfile->fp, &(logfile->offset)); + fclose(logfile->fp); + logfile->fp = NULL; + memset(s, '\0', size); + return NULL; + } + return s; + } + + if (0 != sh_open_for_reader(logfile)) + goto start_read; + + return NULL; +} + + + +/********************************************************** + * + * Utilities + * + **********************************************************/ + +time_t conv_timestamp (struct tm * btime, + struct tm * old_tm, time_t * old_time) +{ + time_t timestamp; + long offtime; + + /* timestamp - mktime is slooow, thus cache result + */ + if (btime->tm_isdst == old_tm->tm_isdst && + btime->tm_year == old_tm->tm_year && + btime->tm_mon == old_tm->tm_mon && + btime->tm_mday == old_tm->tm_mday) + { + offtime = + (btime->tm_hour - old_tm->tm_hour) * 3600 + + (btime->tm_min - old_tm->tm_min) * 60 + + (btime->tm_sec - old_tm->tm_sec); + *old_time += offtime; + memcpy(old_tm, btime, sizeof(struct tm)); + timestamp = *old_time; + } + else + { + timestamp = mktime(btime); + *old_time = timestamp; + memcpy(old_tm, btime, sizeof(struct tm)); + } + return timestamp; +} + +/********************************************************* + * + * MODULE STUFF + * + *********************************************************/ +#include "sh_modules.h" + +SH_MUTEX_STATIC(mutex_logmon_check, PTHREAD_MUTEX_INITIALIZER); + +static int ShLogmonActive = S_FALSE; +#define SH_LOGMON_INTERVAL 10 +static time_t sh_logmon_interval = SH_LOGMON_INTERVAL; + +int sh_log_check_init (struct mod_type * arg) +{ + if (ShLogmonActive == S_FALSE) + return SH_MOD_FAILED; +#ifdef HAVE_PTHREAD + if (arg != NULL && arg->initval < 0 && + (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE)) + { + if (0 == sh_pthread_create(sh_threaded_module_run, (void *)arg)) + return SH_MOD_THREAD; + else + return SH_MOD_FAILED; + } +#endif + if (sh_watched_logs != NULL) + return 0; + + return -1; +} + +int sh_log_check_timer(time_t tcurrent) +{ + static time_t lastcheck = 0; + + SL_ENTER(_("sh_log_check_timer")); + if ((time_t) (tcurrent - lastcheck) >= sh_logmon_interval) + { + lastcheck = tcurrent; + SL_RETURN((-1), _("sh_log_check_timer")); + } + SL_RETURN(0, _("sh_log_check_timer")); +} + + +int sh_log_check_check(void) +{ + int status = 0; + + SL_ENTER(_("sh_log_check_check")); + + SH_MUTEX_LOCK(mutex_logmon_check); + + status = 0; + + if( ShLogmonActive != S_FALSE ) + { + sh_check_watches(); + } + SH_MUTEX_UNLOCK(mutex_logmon_check); + + SL_RETURN(status, _("sh_log_check_check")); +} + +int sh_log_check_reconf(void) +{ + int status = 0; + + SL_ENTER(_("sh_log_check_check")); + + SH_MUTEX_LOCK(mutex_logmon_check); + + ShLogmonActive = S_FALSE; + sh_logmon_interval = SH_LOGMON_INTERVAL; + sh_dump_watches(); + sh_eval_cleanup(); + + SH_MUTEX_UNLOCK(mutex_logmon_check); + + SL_RETURN(status, _("sh_log_check_check")); +} + +int sh_log_check_cleanup(void) +{ + return sh_log_check_reconf(); +} + +/********************* OPTIONS **********************/ + +static int sh_logmon_set_active (const char *str); +static int sh_logmon_set_interval(const char *str); +static int sh_logmon_add_watch (const char * str); +static int sh_logmon_add_group (const char * str); +static int sh_logmon_end_group (const char * str); +static int sh_logmon_add_host (const char * str); +static int sh_logmon_end_host (const char * str); +static int sh_logmon_add_queue (const char * str); +static int sh_logmon_add_rule (const char * str); +extern int sh_set_hidepid(const char *s); + +sh_rconf sh_log_check_table[] = { + { + N_("logmonactive"), + sh_logmon_set_active, + }, + { + N_("logmoninterval"), + sh_logmon_set_interval, + }, + { + N_("logmonwatch"), + sh_logmon_add_watch, + }, + { + N_("logmonqueue"), + sh_logmon_add_queue, + }, + { + N_("logmongroup"), + sh_logmon_add_group, + }, + { + N_("logmonendgroup"), + sh_logmon_end_group, + }, + { + N_("logmonhost"), + sh_logmon_add_host, + }, + { + N_("logmonendhost"), + sh_logmon_end_host, + }, + { + N_("logmonrule"), + sh_logmon_add_rule, + }, + { + N_("logmonhidepid"), + sh_set_hidepid, + }, + { + NULL, + NULL + } +}; + +/* Decide if we're active. + */ +static int sh_logmon_set_active(const char *str) +{ + int value; + + SL_ENTER(_("sh_logmon_set_active")); + + value = sh_util_flagval(str, &ShLogmonActive); + + SL_RETURN((value), _("sh_logmon_set_active")); +} + +static int sh_logmon_set_interval (const char * c) +{ + int retval = 0; + long val; + + SL_ENTER(_("sh_logmon_set_interval")); + val = strtol (c, (char **)NULL, 10); + if (val <= 0) + { + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("log monitoring interval"), c); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + retval = -1; + } + + sh_logmon_interval = (time_t) val; + SL_RETURN(0, _("sh_logmon_set_interval")); +} + +/* Add a watch on a logfile. + * Format: TYPE : Filename [: File_Format] + */ +static int sh_logmon_add_watch (const char * str) +{ + return sh_add_watch(str); +} + +/* Add a host. + * Format: Name_Regex + */ +static int sh_logmon_add_host (const char * str) +{ + return sh_eval_hadd(str); +} + +/* End a host. + * Format: Name + */ +static int sh_logmon_end_host (const char * str) +{ + (void) str; + return sh_eval_hend(NULL); +} + +/* Add a group of rules. + * Groups can be under hosts, but not vice versa. + * Format: Name : Prefix_Regex + */ +static int sh_logmon_add_group (const char * str) +{ + return sh_eval_gadd(str); +} + +/* End a group of rules. + * Format: Name + */ +static int sh_logmon_end_group (const char * str) +{ + (void) str; + return sh_eval_gend(NULL); +} + +/* Define a reporting queue. + * Format: Label : [Interval] : TYPE : Severity + * TYPE must be 'report' or 'sum' + * Interval is ignored for TYPE='report' + */ +static int sh_logmon_add_queue (const char * str) +{ + return sh_eval_qadd(str); +} + +/* Define a check rule. + * Format: Queue_Label : Regex + * TYPE must be 'report' or 'sum' + */ +static int sh_logmon_add_rule (const char * str) +{ + return sh_eval_radd(str); +} + + +#if 0 + +/* >>>>>>>>>>> MAIN <<<<<<<<<<<<<<<<<<< */ + +int main (int argc, char * argv[]) +{ + int status, i; + FILE * fp; + sh_string * s = NULL; + static char template[] = "/tmp/xtest.XXXXXX"; + + /* pacct */ + status = sh_add_watch("PACCT:/var/log/account/pacct"); + sh_check_watches(); + sh_dump_watches(); + exit(0); + + /* apache log */ + sh_eval_gadd("four_o_four:404"); + sh_eval_qadd("test:1:sum:7"); + sh_eval_radd("test:^(\\d+.\\d+.\\d+.\\d+).*"); + sh_eval_gend(NULL); + sh_eval_radd("trash:.*"); + status = sh_add_watch("APACHE:/var/log/apache2/access.log:combined"); + sh_check_watches(); + sh_dump_watches(); + exit(0); + + /* logfile */ + sh_set_hidepid(1); + sh_eval_hadd("hslxmsrv1"); + sh_eval_gadd("postfix:postfix"); + sh_eval_qadd("test::report:7"); + sh_eval_radd("test:postfix/smtpd: disconnect from localhost.*"); + sh_eval_radd("trash:postfix/smtpd: disconnect.*"); + sh_eval_hadd("hspc05"); + sh_eval_gadd("cron:CRON"); + sh_eval_qadd("test:1:sum:7"); + sh_eval_radd("test:CRON: PAM adding faulty module: (/lib/security/.*.so)"); + sh_eval_radd("trash:.*"); + status = sh_add_watch("SYSLOG:/var/log/messages"); + sh_check_watches(); + + sh_dump_watches(); + exit(0); + + printf("%d types\n", + (int) (sizeof(sh_logtypes_def)/sizeof(struct sh_logfile_type))); + + /* test sh_add_watch + */ + status = sh_add_watch(""); + printf("%2d: zero length, expect -1\n", status); + status = sh_add_watch(NULL); + printf("%2d: NULL, expect -2\n", status); + status = sh_add_watch("0123456789012345:/var/log/messages"); + printf("%2d: long, expect -2\n", status); + status = sh_add_watch("012345678901234:/var/log/messages"); + printf("%2d: exact length, expect -3\n", status); + status = sh_add_watch("01234567890123:56789"); + printf("%2d: short length, expect -3\n", status); + status = sh_add_watch("SYSLOG:var/log/messages"); + printf("%2d: short badpath, expect -4\n", status); + status = sh_add_watch("SYSLOG:/var/log/messages"); + // status = sh_add_watch("SYSLOG:/var/log/dpkg.log.1"); + printf("%2d: short path ok, expect 0\n", status); + + /* test sh_string_read + */ + s = sh_string_new(); + + status = /*@i@*/mkstemp(template); + + if (status < 0) { + fprintf(stderr, "error in mkstemp!\n"); exit(EXIT_FAILURE); } + + fp = fdopen(status, "r+"); + if (!fp) { + fprintf(stderr, "error in fdopen!\n"); exit(EXIT_FAILURE); } + + for (i = 0; i < 80; ++i) { fputc ('a', fp); } fputc ('\n', fp); // 0 + for (i = 0; i < 118; ++i) { fputc ('a', fp); } fputc ('\n', fp); // 1 + for (i = 0; i < 119; ++i) { fputc ('a', fp); } fputc ('\n', fp); // 2 + for (i = 0; i < 120; ++i) { fputc ('a', fp); } fputc ('\n', fp); // 3 + for (i = 0; i < 121; ++i) { fputc ('a', fp); } fputc ('\n', fp); // 4 + for (i = 0; i < 238; ++i) { fputc ('a', fp); } fputc ('\n', fp); + for (i = 0; i < 239; ++i) { fputc ('a', fp); } fputc ('\n', fp); + for (i = 0; i < 240; ++i) { fputc ('a', fp); } fputc ('\n', fp); + for (i = 0; i < 241; ++i) { fputc ('a', fp); } fputc ('\n', fp); + + rewind(fp); + + for (i = 0; i < 9; ++i) + { + status = (int) sh_string_read(s, fp, 120); + printf("%d: status = %d, len = %d, size = %d\n", + i, status, (int)s->len, (int)s->siz); + if (status == -2) + (void) sh_string_read(s, fp, 240); + else + printf("%s\n", s->str); + } + + rewind(fp); + + (void) sh_string_truncate(s, 0); + + for (i = 0; i < 9; ++i) + { + status = (int) sh_string_read(s, fp, 240); + printf("%d: status = %d, len = %d, size = %d\n", + i, status, (int)s->len, (int)s->siz); + if (status == -2) + (void) sh_string_read(s, fp, 240); + else + { + for (status = 0; status < (int)s->len; ++status) + { + if (s->str[status] != 'a') + { + break; + } + } + printf("%d %s\n", status, s->str); + } + } + + fclose(fp); remove(template); + + + + return 0; +} +#endif + +/* #ifdef USE_LOGFILE_MONITOR */ +#endif + Index: /tags/2.5.0/src/sh_log_evalrule.c =================================================================== --- /tags/2.5.0/src/sh_log_evalrule.c (revision 189) +++ /tags/2.5.0/src/sh_log_evalrule.c (revision 189) @@ -0,0 +1,1005 @@ + +#include "config_xor.h" + +#include +#include +#include +#include +#include +#include + +#ifdef USE_LOGFILE_MONITOR + +#undef FIL__ +#define FIL__ _("sh_log_evalrule.c") + +/* Debian/Ubuntu: libpcre3-dev */ +#include + +#include "samhain.h" +#include "sh_pthread.h" +#include "sh_utils.h" +#include "sh_string.h" +#include "sh_log_check.h" +#include "sh_log_evalrule.h" +#include "zAVLTree.h" + +extern int flag_err_debug; + +/* #define DEBUG_EVALRULES */ + +#ifdef DEBUG_EVALRULES +void DEBUG(const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + vfprintf(stderr, fmt, ap); /* flawfinder: ignore *//* we control fmt string */ + va_end(ap); + return; +} +#else +void DEBUG(const char *fmt, ...) +{ + (void) fmt; + return; +} +#endif + +enum policies { + EVAL_REPORT, + EVAL_SUM +}; + +struct sh_ceval /* Counter for summarizing */ +{ + sh_string * hostname; + sh_string * counted_str; + sh_string * filename; + unsigned long count; + time_t start; + time_t interval; +}; + +void sh_ceval_free(void * item) +{ + struct sh_ceval * counter = (struct sh_ceval *) item; + if (!counter) + return; + sh_string_destroy(&(counter->hostname)); + sh_string_destroy(&(counter->counted_str)); + sh_string_destroy(&(counter->filename)); + SH_FREE(counter); +} + +struct sh_qeval /* Queue with definitions */ +{ + sh_string * label; + enum policies policy; + int severity; + time_t interval; /* if EVAL_SUM, interval */ + struct sh_qeval * next; +}; + +struct sh_geval /* Group of rules (may be a single rule) */ +{ + sh_string * label; /* label for this group */ + pcre * rule; /* compiled regex for rule */ + pcre_extra * rule_extra; + int * ovector; /* captured substrings */ + int ovecnum; /* how many captured */ + int captures; /* (captures+1)*3 required */ + zAVLTree * counterlist; /* counters if EVAL_SUM */ + struct sh_qeval * queue; /* queue for this rule */ + struct sh_geval * nextrule; /* next rule in this group */ + struct sh_geval * next; /* next group of rules */ + struct sh_geval * gnext; /* grouplist next */ +}; + +struct sh_heval /* host-specific rules */ +{ + pcre * hostname; /* compiled regex for hostname */ + pcre_extra * hostname_extra; + struct sh_geval * rulegroups; /* list of group of rules */ + struct sh_heval * next; +}; + +static struct sh_heval * hostlist = NULL; +static struct sh_qeval * queuelist = NULL; +static struct sh_geval * grouplist = NULL; + +/* These flags are set if we are within + * the define of a host/rule group. + */ +static struct sh_heval * host_open = NULL; +static struct sh_geval * group_open = NULL; + +int sh_eval_gend (const char * str) +{ + (void) str; + if (group_open) { + group_open = NULL; + return 0; + } + return -1; +} + +int sh_eval_gadd (const char * str) +{ + struct sh_geval * ng; + struct sh_geval * tmp; + pcre * group; + pcre_extra * group_extra; + const char * error; + int erroffset; + unsigned int nfields = 2; + size_t lengths[2]; + char * new = sh_util_strdup(str); + char ** splits = split_array(new, &nfields, ':', lengths); + + if (group_open) + group_open = NULL; + + if (nfields != 2) + { + SH_FREE(splits); + SH_FREE(new); + return -1; + } + + group = pcre_compile(splits[1], PCRE_NO_AUTO_CAPTURE, + &error, &erroffset, NULL); + if (!group) + { + sh_string * msg = sh_string_new(0); + sh_string_add_from_char(msg, _("Bad regex: ")); + sh_string_add_from_char(msg, splits[1]); + + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, + sh_string_str(msg), + _("sh_eval_gadd")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + sh_string_destroy(&msg); + + SH_FREE(splits); + SH_FREE(new); + return -1; + } + group_extra = NULL; /* pcre_study(group, 0, &error); */ + + ng = SH_ALLOC(sizeof(struct sh_geval)); + ng->label = sh_string_new_from_lchar(splits[0], lengths[0]); + ng->rule = group; + ng->rule_extra = group_extra; + ng->ovector = NULL; + ng->ovecnum = 0; + ng->captures = 0; + ng->counterlist = NULL; + ng->queue = NULL; + ng->nextrule = NULL; + ng->next = NULL; + ng->gnext = NULL; + + if (!host_open) + { + if (0 != sh_eval_hadd("^.*")) + { + pcre_free(group); + sh_string_destroy(&(ng->label)); + SH_FREE(splits); + SH_FREE(new); + SH_FREE(ng); + return -1; + } + } + + /* + * Insert at end, to keep user-defined order + */ + + if (host_open) + { + if (grouplist) + { + tmp = grouplist; + while (tmp->gnext != NULL) { tmp = tmp->gnext; } + tmp->gnext = ng; + } else { + grouplist = ng; + } + + + /* + * If there is an open host group, add it to its + * rulegroups + */ + + if (host_open->rulegroups) + { + tmp = host_open->rulegroups; + while (tmp->next != NULL) { tmp = tmp->next; } + tmp->next = ng; + } else { + host_open->rulegroups = ng; + } + } + + group_open = ng; + SH_FREE(splits); + SH_FREE(new); + return 0; +} + +int sh_eval_hend (const char * str) +{ + (void) str; + if (host_open) { + host_open = NULL; + return 0; + } + return -1; +} + +int sh_eval_hadd (const char * str) +{ + struct sh_heval * nh; + struct sh_heval * tmp; + pcre * host; + pcre_extra * host_extra; + const char * error; + int erroffset; + + if (host_open) + host_open = NULL; + + host = pcre_compile(str, PCRE_NO_AUTO_CAPTURE, + &error, &erroffset, NULL); + if (!host) + { + sh_string * msg = sh_string_new(0); + sh_string_add_from_char(msg, _("Bad regex: ")); + sh_string_add_from_char(msg, str); + + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, + sh_string_str(msg), + _("sh_eval_hadd")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + sh_string_destroy(&msg); + + return -1; + } + host_extra = NULL; /* pcre_study(host, 0, &error); */ + + nh = SH_ALLOC(sizeof(struct sh_heval)); + nh->hostname = host; + nh->hostname_extra = host_extra; + nh->rulegroups = NULL; + + /* + * Insert at end, to keep user-defined order + */ + nh->next = NULL; + if (hostlist) { + tmp = hostlist; + while (tmp->next != NULL) { tmp = tmp->next; } + tmp->next = nh; + } else { + hostlist = nh; + } + host_open = nh; + + return 0; +} + +int sh_eval_qadd (const char * str) +{ + struct sh_qeval * nq; + int severity; + unsigned int nfields = 4; /* label:interval:(report|sum):severity */ + size_t lengths[4]; + char * new = sh_util_strdup(str); + char ** splits = split_array(new, &nfields, ':', lengths); + + if (nfields != 4) + { + SH_FREE(splits); + SH_FREE(new); + return -1; + } + + if (strcmp(splits[2], _("sum")) && strcmp(splits[2], _("report"))) + { + SH_FREE(splits); + SH_FREE(new); + return -1; + } + + if (!strcmp(splits[2], _("sum")) && atoi(splits[1]) < 0) + { + SH_FREE(splits); + SH_FREE(new); + return -1; + } + + if (!strcmp(splits[1], _("trash"))) /* predefined, reserved */ + { + SH_FREE(splits); + SH_FREE(new); + return -1; + } + + severity = sh_error_convert_level (splits[3]); + if (severity < 0) + { + SH_FREE(splits); + SH_FREE(new); + return -1; + } + + nq = SH_ALLOC(sizeof(struct sh_qeval)); + nq->label = sh_string_new_from_lchar(splits[0], lengths[0]); + + DEBUG("debug: splits[2] = %s, policy = %d\n",splits[2],nq->policy); + if (0 == strcmp(splits[2], _("report"))) { + nq->policy = EVAL_REPORT; + nq->interval = 0; + } + else { + nq->policy = EVAL_SUM; + nq->interval = (time_t) atoi(splits[1]); + } + + nq->severity = severity; + nq->next = queuelist; + queuelist = nq; + + SH_FREE(splits); + SH_FREE(new); + return 0; +} + +static struct sh_qeval * find_queue(const char * str) +{ + struct sh_qeval * retval = queuelist; + + if (!str) + return NULL; + + while (retval) + { + if (0 == strcmp(str, sh_string_str(retval->label))) + break; + retval = retval->next; + } + return retval; +} + +static struct sh_qeval ** dummy_queue; + +int sh_eval_radd (const char * str) +{ + struct sh_geval * nr; + struct sh_geval * tmp; + struct sh_qeval * queue = NULL; + pcre * rule; + pcre_extra * rule_extra; + const char * error; + int erroffset; + int captures = 0; + unsigned int nfields = 2; /* queue:regex */ + size_t lengths[2]; + char * new = sh_util_strdup(str); + char ** splits = split_array(new, &nfields, ':', lengths); + + dummy_queue = &queue; + + if (nfields != 2) + { + SH_FREE(splits); + SH_FREE(new); + return -1; + } + + if (0 != strcmp(splits[0], _("trash"))) + { + queue = find_queue(splits[0]); + if (!queue) + { + SH_FREE(splits); + SH_FREE(new); + return -1; + } + } + + rule = pcre_compile(splits[1], 0, + &error, &erroffset, NULL); + if (!rule) + { + sh_string * msg = sh_string_new(0); + sh_string_add_from_char(msg, _("Bad regex: ")); + sh_string_add_from_char(msg, splits[1]); + + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, + sh_string_str(msg), + _("sh_eval_radd")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + sh_string_destroy(&msg); + + SH_FREE(splits); + SH_FREE(new); + return -1; + } + rule_extra = NULL; /* pcre_study(rule, 0, &error); */ + pcre_fullinfo(rule, rule_extra, PCRE_INFO_CAPTURECOUNT, &captures); + + if (flag_err_debug == SL_TRUE) + { + char * emsg = SH_ALLOC(SH_ERRBUF_SIZE); + sl_snprintf(emsg, SH_ERRBUF_SIZE, _("Adding rule: |%s| with %d captures"), + splits[1], captures); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, + emsg, _("sh_eval_radd")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SH_FREE(emsg); + } + + DEBUG("adding rule: |%s| with %d captures\n", splits[1], captures); + + SH_FREE(splits); + SH_FREE(new); + + nr = SH_ALLOC(sizeof(struct sh_geval)); + nr->label = NULL; + nr->rule = rule; + nr->rule_extra = rule_extra; + nr->captures = captures; + nr->ovector = SH_ALLOC(sizeof(int) * (captures+1) * 3); + nr->ovecnum = 0; + nr->counterlist = NULL; + nr->queue = queue; + nr->nextrule = NULL; + nr->next = NULL; + nr->gnext = NULL; + + /* + * If there is an open group, add it to its + * rules + */ + if (group_open) + { + if (flag_err_debug == SL_TRUE) + { + char * emsg = SH_ALLOC(SH_ERRBUF_SIZE); + sl_snprintf(emsg, SH_ERRBUF_SIZE, _("Adding rule to group |%s|"), + sh_string_str(group_open->label)); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, + emsg, _("sh_eval_radd")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SH_FREE(emsg); + } + + DEBUG("adding rule to group |%s|\n", sh_string_str(group_open->label)); + + if (group_open->nextrule) + { + tmp = group_open->nextrule; + while (tmp->nextrule != NULL) { tmp = tmp->nextrule; } /* next -> nextrule */ + tmp->nextrule = nr; /* next -> nextrule */ + } else { + group_open->nextrule = nr; + } + } + + /* + * ..else, add it to the currently open host (open the + * default host, if there is no open one) + */ + else + { + if (!host_open) + { + if (0 != sh_eval_hadd("^.*")) + { + SH_FREE(nr->ovector); + SH_FREE(nr); + return -1; + } + } + + if (host_open) + { + /* + * Add rule as member to grouplist, to facilitate cleanup + */ + + DEBUG("adding solitary rule to grouplist\n"); + + if (grouplist) + { + tmp = grouplist; + while (tmp->gnext != NULL) { tmp = tmp->gnext; } + tmp->gnext = nr; + } else { + grouplist = nr; + } + + + /* + * Add rule to host rulegroups + */ + DEBUG("adding solitary rule to host rulegroups\n"); + + if (host_open->rulegroups) + { + /* Second, third, ... rule go to host_open->rulegroups->next, + * since test_grules() iterates over nextrules + */ + tmp = host_open->rulegroups; + while (tmp->next != NULL) { tmp = tmp->next; } + tmp->next = nr; + } + else + { + /* First rule goes to host_open->rulegroups */ + host_open->rulegroups = nr; + } + } + else + { + SH_FREE(nr->ovector); + SH_FREE(nr); + return -1; + } + } + + return 0; +} + +void sh_eval_cleanup() +{ + struct sh_geval * gtmp; + struct sh_qeval * qtmp; + struct sh_heval * htmp; + + while (grouplist) + { + gtmp = grouplist; + grouplist = gtmp->gnext; + + if (gtmp->label) sh_string_destroy(&(gtmp->label)); + if (gtmp->rule_extra) (*pcre_free)(gtmp->rule_extra); + if (gtmp->rule) (*pcre_free)(gtmp->rule); + if (gtmp->counterlist) + zAVLFreeTree(gtmp->counterlist, sh_ceval_free); + if (gtmp->ovector) + SH_FREE(gtmp->ovector); +#if 0 + while (gtmp->nextrule) + { + tmp = gtmp->nextrule; + gtmp->nextrule = tmp->nextrule; + + if (tmp->rule_extra) (*pcre_free)(tmp->rule_extra); + if (tmp->rule) (*pcre_free)(tmp->rule); + if (tmp->counterlist) + zAVLFreeTree(tmp->counterlist, sh_ceval_free); + if (tmp->ovector) + SH_FREE(tmp->ovector); + SH_FREE(tmp); + } +#endif + SH_FREE(gtmp); + } + + qtmp = queuelist; + while (qtmp) + { + if (qtmp->label) sh_string_destroy(&(qtmp->label)); + queuelist = qtmp->next; + SH_FREE(qtmp); + qtmp = queuelist; + } + + htmp = hostlist; + while (htmp) + { + if (htmp->hostname_extra) (*pcre_free)(htmp->hostname_extra); + if (htmp->hostname) (*pcre_free)(htmp->hostname); + hostlist = htmp->next; + SH_FREE(htmp); + htmp = hostlist; + } + +} + +/********************************************************************** + * + * Actual rule processing + * + **********************************************************************/ + +/* Test a list of rules against msg; return matched rule, with ovector + * filled in + */ +static struct sh_geval ** dummy1; + +static struct sh_geval * test_rule (struct sh_geval * rule, sh_string *msg) +{ + int res; + volatile int count; + + dummy1 = &rule; + + if (!rule) + DEBUG("debug: (NULL) rule\n"); + + if (rule && sh_string_len(msg) < (size_t)INT_MAX) + { + count = 1; + do { + + if (flag_err_debug == SL_TRUE) + { + char * emsg = SH_ALLOC(SH_ERRBUF_SIZE); + sl_snprintf(emsg, SH_ERRBUF_SIZE, _("Check rule %d for |%s|"), + count, sh_string_str(msg)); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, + emsg, _("test_rule")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SH_FREE(emsg); + } + + DEBUG("debug: check rule %d for <%s>\n", count, msg->str); + res = pcre_exec(rule->rule, rule->rule_extra, + sh_string_str(msg), (int)sh_string_len(msg), 0, + 0, rule->ovector, (3*(1+rule->captures))); + if (res >= 0) + { + rule->ovecnum = res; + + if (flag_err_debug == SL_TRUE) + { + char * emsg = SH_ALLOC(SH_ERRBUF_SIZE); + sl_snprintf(emsg, SH_ERRBUF_SIZE, _("Rule %d matches, result = %d"), + count, res); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, + emsg, _("test_rule")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SH_FREE(emsg); + } + DEBUG("debug: rule %d matches, result = %d\n", count, res); + break; /* return the matching rule; ovector is filled in */ + } + + if (flag_err_debug == SL_TRUE) + { + char * emsg = SH_ALLOC(SH_ERRBUF_SIZE); + sl_snprintf(emsg, SH_ERRBUF_SIZE, _("Rule %d did not match"), + count); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, + emsg, _("test_rule")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SH_FREE(emsg); + } + DEBUG("debug: rule %d did not match\n", count); + rule = rule->nextrule; ++count; + } while (rule); + } + if (!rule) + DEBUG("debug: no match found\n"); + /* If there was no match, this is NULL */ + return rule; +} + +/* Test a (struct sh_geval *), which may be single rule or a group of rules, + * against msg + */ +static struct sh_geval ** dummy2; +static struct sh_geval ** dummy3; + +static struct sh_geval * test_grules (struct sh_heval * host, + sh_string *msg) +{ + struct sh_geval * result = NULL; + struct sh_geval * group = host->rulegroups; + + dummy2 = &result; + dummy3 = &group; + + if (group && sh_string_len(msg) < (size_t)INT_MAX) + { + DEBUG("debug: if group\n"); + do { + if(group->label != NULL) + { + /* this is a rule group; only groups have labels */ + + if (flag_err_debug == SL_TRUE) + { + char * emsg = SH_ALLOC(SH_ERRBUF_SIZE); + sl_snprintf(emsg, SH_ERRBUF_SIZE, _("Checking group |%s| of rules against |%s|"), + sh_string_str(group->label), sh_string_str(msg)); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, + emsg, _("test_rule")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SH_FREE(emsg); + } + + DEBUG("debug: if group->label %s\n", sh_string_str(group->label)); + if (pcre_exec(group->rule, group->rule_extra, + sh_string_str(msg), (int) sh_string_len(msg), + 0, 0, NULL, 0) >= 0) + { + result = test_rule(group->nextrule, msg); + if (result) + break; + } + } + else + { + /* If there is no group label, the 'group' is actually a solitary + * rule (not within any group). + */ + + if (flag_err_debug == SL_TRUE) + { + char * emsg = SH_ALLOC(SH_ERRBUF_SIZE); + sl_snprintf(emsg, SH_ERRBUF_SIZE, _("Checking solitary rules")); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, + emsg, _("test_rule")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SH_FREE(emsg); + } + + DEBUG("debug: else (single rule)\n"); + result = test_rule(group, msg); + if (result) + break; + } + group = group->next; /* next group of rules */ + } while (group); + } + return result; +} + +/* Top-level find_rule() function + */ +static struct sh_geval * find_rule (sh_string *host, + sh_string *msg) +{ + struct sh_geval * result = NULL; + struct sh_heval * hlist = hostlist; + + if (hlist && sh_string_len(host) < (size_t)INT_MAX) + { + do { + if (pcre_exec(hlist->hostname, hlist->hostname_extra, + sh_string_str(host), (int) sh_string_len(host), + 0, 0, NULL, 0) >= 0) + { + /* matching host, check rules/groups of rules */ + result = test_grules(hlist, msg); + if (result) + break; + } + hlist = hlist->next; + } while (hlist); + } + return result; +} + +/* copy the message and replace captured substrings with '___' + */ +static sh_string * replace_captures(const sh_string * message, + int * ovector, int ovecnum) +{ + sh_string * retval = sh_string_new_from_lchar(sh_string_str(message), + sh_string_len(message)); + + if (ovecnum > 1) + { + retval = sh_string_replace(retval, &(ovector[2]), (ovecnum-1), "___", 3); + } + return retval; +} + +static void msg_report(int severity, struct sh_geval * rule, struct sh_logrecord * record) +{ + char * tmp; + char * msg; + sh_string * mmm = NULL; + char * ttt; + + + SH_MUTEX_LOCK(mutex_thread_nolog); + if (rule) { + mmm = replace_captures(record->message, rule->ovector, + rule->ovecnum); + msg = sh_util_safe_name_keepspace (sh_string_str(mmm)); + } + else { + msg = sh_util_safe_name_keepspace (sh_string_str(record->message)); + } + tmp = sh_util_safe_name (record->filename); + ttt = sh_util_safe_name_keepspace (sh_string_str(record->timestr)); + sh_error_handle (severity, FIL__, __LINE__, 0, MSG_LOGMON_REP, + msg, + ttt, + sh_string_str(record->host), + tmp); + SH_FREE(ttt); + SH_FREE(msg); + SH_FREE(tmp); + if (mmm) + sh_string_destroy(&mmm); + SH_MUTEX_UNLOCK(mutex_thread_nolog); +} + +static void sum_report(int severity, sh_string * host, sh_string * message, sh_string * path) +{ + char * tmp; + char * msg; + + SH_MUTEX_LOCK(mutex_thread_nolog); + tmp = sh_util_safe_name (sh_string_str(path)); + msg = sh_util_safe_name_keepspace (sh_string_str(message)); + sh_error_handle (severity, FIL__, __LINE__, 0, MSG_LOGMON_SUM, + msg, + sh_string_str(host), + tmp); + SH_FREE(msg); + SH_FREE(tmp); + SH_MUTEX_UNLOCK(mutex_thread_nolog); +} + +static zAVLKey sh_eval_getkey(void const *item) +{ + return ((struct sh_ceval *)item)->hostname->str; +} + +/* Find the counter, or initialize one if there is none already + */ +static struct sh_ceval * find_counter(struct sh_geval * rule, + sh_string * host, time_t interval) +{ + struct sh_ceval * counter; + + if (!(rule->counterlist)) + { + DEBUG("debug: allocate new counterlist AVL tree\n"); + rule->counterlist = zAVLAllocTree(sh_eval_getkey); + } + + counter = (struct sh_ceval *) zAVLSearch (rule->counterlist, + sh_string_str(host)); + + if (!counter) + { + DEBUG("debug: no counter found\n"); + + counter = SH_ALLOC(sizeof(struct sh_ceval)); + counter->hostname = sh_string_new_from_lchar(sh_string_str(host), + sh_string_len(host)); + counter->counted_str = NULL; + counter->filename = NULL; + counter->count = 0; + counter->start = time(NULL); + counter->interval = interval; + + zAVLInsert(rule->counterlist, counter); + } + return counter; + +} + + +/* process the counter for a SUM rule + */ +static int process_counter(struct sh_ceval * counter, + struct sh_geval * rule, struct sh_logrecord * record) +{ + int retval = -1; + time_t now; + + if (!(counter->counted_str)) + { + counter->counted_str = replace_captures(record->message, rule->ovector, + rule->ovecnum); + counter->filename = sh_string_new_from_lchar(record->filename, + strlen(record->filename)); + DEBUG("debug: counted_str after replace: %s\n", + sh_string_str(counter->counted_str)); + } + + ++(counter->count); + now = time(NULL); now -= counter->start; + DEBUG("debug: count %lu, interval %lu, time %lu\n", + counter->count, counter->interval, now); + if (now >= counter->interval) + { + DEBUG("debug: report count\n"); + sum_report(rule->queue->severity, counter->hostname, + counter->counted_str, counter->filename); + counter->start = time(NULL); + counter->count = 0; + } + return retval; +} + +/* Process a rule + */ +static int process_rule(struct sh_geval * rule, struct sh_logrecord * record) +{ + int retval = -1; + struct sh_qeval * queue = rule->queue; + + if (queue) + { + DEBUG("debug: queue policy = %d found\n", queue->policy); + if (queue->policy == EVAL_REPORT) + { + DEBUG("debug: EVAL_REPORT host: %s, message: %s\n", + sh_string_str(record->host), + sh_string_str(record->message)); + msg_report(queue->severity, rule, record); + retval = 0; + } + else if (queue->policy == EVAL_SUM) + { + + struct sh_ceval * counter = + find_counter(rule, record->host, queue->interval); + DEBUG("debug: EVAL_SUM host: %s, message: %s\n", + sh_string_str(record->host), + sh_string_str(record->message)); + if (counter) + { + DEBUG("debug: counter found\n"); + retval = process_counter(counter, rule, record); + } + } + } + else + { + DEBUG("debug: no queue found -- trash\n"); + /* No queue means 'trash' */ + retval = 0; + } + return retval; +} + +#define DEFAULT_SEVERITY (-1) + +int sh_eval_process_msg(struct sh_logrecord * record) +{ + static unsigned long i = 0; + if (record) + { + struct sh_geval * rule = find_rule (record->host, + record->message); + + if (rule) + { + DEBUG("debug: (%lu) rule found\n", i); ++i; + return process_rule(rule, record); + } + else + { + DEBUG("debug: (%lu) no rule found\n", i); ++i; + msg_report(DEFAULT_SEVERITY, NULL, record); + } + return 0; + } + return -1; +} + +#endif Index: /tags/2.5.0/src/sh_log_parse_apache.c =================================================================== --- /tags/2.5.0/src/sh_log_parse_apache.c (revision 189) +++ /tags/2.5.0/src/sh_log_parse_apache.c (revision 189) @@ -0,0 +1,425 @@ +/************************************** + ** + ** PARSER RULES + ** + ** (a) must set record->host + ** (eventually to dummy value) + ** + ** (b) must set record->prefix + ** (itoa(status)) + ** + ** + **************************************/ + +/* for strptime */ +#define _XOPEN_SOURCE 500 + +#include "config_xor.h" + +#include +#include +#include +#include +#include + +#ifdef USE_LOGFILE_MONITOR + +#undef FIL__ +#define FIL__ _("sh_log_parse_apache.c") + +/* Debian/Ubuntu: libpcre3-dev */ +#include + +#include "samhain.h" +#include "sh_pthread.h" +#include "sh_log_check.h" +#include "sh_utils.h" +#include "sh_string.h" + +extern int flag_err_debug; + +struct sh_fileinfo_apache { + pcre * line_regex; + int * line_ovector; /* captured substrings */ + int line_ovecnum; /* how many captured */ + + int pos_host; + int pos_status; + int pos_time; + char * format_time; +}; + +static const char lf_error0[] = N_("%error"); +static const char lf_common0[] = N_("%h %l %u %t \"%r\" %>s %b"); +static const char lf_combined0[] = N_("%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""); + +/* This variable is not used anywhere. It only exist + * to assign &new to them, which keeps gcc from + * putting it into a register, and avoids the 'clobbered + * by longjmp' warning. And no, 'volatile' proved insufficient. + */ +static void * sh_dummy_new = NULL; +static void * sh_dummy_fti = NULL; + +void * sh_eval_fileinfo_apache(char * str) +{ + struct sh_fileinfo_apache * result = NULL; + unsigned int i, quotes; + unsigned int nfields = 64; + size_t lengths[64]; + char * new = NULL; + char ** splits; + char * token; + sh_string * re_string; + char * p; + volatile int p_host = -1; + volatile int p_status = -1; + volatile int p_time = -1; + char * f_time = NULL; + const char * error; + int erroffset; + + /* Take the address to keep gcc from putting them into registers. + * Avoids the 'clobbered by longjmp' warning. + */ + sh_dummy_new = (void*) &new; + sh_dummy_fti = (void*) &f_time; + + if (0 == strncmp("common", str, 6)) + { + new = sh_util_strdup(_(lf_common0)); + } + else if (0 == strncmp("combined", str, 8)) + { + new = sh_util_strdup(_(lf_combined0)); + } + else if (0 == strncmp("error", str, 8)) + { + new = sh_util_strdup(_(lf_error0)); + } + else + { + new = sh_util_strdup(str); + } + + if (flag_err_debug == SL_TRUE) + { + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, + new, + _("eval_fileinfo")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + } + + splits = split_array_ws(new, &nfields, lengths); + + if (nfields < 1) + { + SH_FREE(splits); + SH_FREE(new); + return NULL; + } + + /* Build the regex string re_string + */ + re_string = sh_string_new(0); + sh_string_add_from_char(re_string, "^"); + + for (i = 0; i < nfields; ++i) + { + + if (i > 0) + sh_string_add_from_char(re_string, " "); + + if (splits[i][0] != '"') + quotes = 0; + else + quotes = 1; + + if (quotes && lengths[i] > 1 && splits[i][lengths[i]-1] == '"') + { + splits[i][lengths[i]-1] = '\0'; /* cut trailing quote */ + token = &(splits[i][1]); + } else { + token = splits[i]; + } + + if(quotes) + { + if(strcmp(token, "%r") == 0 || + strstr(token, _("{Referer}")) == 0 || + strstr(token, _("{User-Agent}")) == 0) + { + /* + p = "\"([^\"\\\\]*(?:\\\\.[^\"\\\\]*)*)\""; + sh_string_add_from_char(re_string, p); + */ + sh_string_add_from_char(re_string, "\"([^"); + sh_string_add_from_char(re_string, "\"\\\\"); + sh_string_add_from_char(re_string, "]*"); + sh_string_add_from_char(re_string, "(?:"); + sh_string_add_from_char(re_string, "\\\\."); + sh_string_add_from_char(re_string, "[^\""); + sh_string_add_from_char(re_string, "\\\\]*"); + sh_string_add_from_char(re_string, ")*)\""); + } + else + { + sh_string_add_from_char(re_string, "("); + sh_string_add_from_char(re_string, "\\S+"); + sh_string_add_from_char(re_string, ")"); + } + } + else if (token[0] == '%' && token[strlen(token)-1] == 't') + { + char * lb = strchr(token, '{'); + char * rb = strchr(token, '}'); + + sh_string_add_from_char(re_string, "\\["); + sh_string_add_from_char(re_string, "([^"); + sh_string_add_from_char(re_string, "(\\]"); + sh_string_add_from_char(re_string, "]+)"); + sh_string_add_from_char(re_string, "\\]"); + + p_time = i+1; + if (lb && rb) + { + ++lb; *rb = '\0'; + f_time = sh_util_strdup(lb); + } + else + { + f_time = sh_util_strdup(_("%d/%b/%Y:%T")); + } + } + else if (token[0] == '%' && token[1] == 'e' && 0 == strcmp(token, _("%error"))) + { + sh_string_add_from_char(re_string, "\\["); + sh_string_add_from_char(re_string, "([^"); + sh_string_add_from_char(re_string, "]"); + sh_string_add_from_char(re_string, "]+)"); + sh_string_add_from_char(re_string, "\\]"); + + p_time = i+1; f_time = sh_util_strdup(_("%a %b %d %T %Y")); ++i; + sh_string_add_from_char(re_string, " "); + + sh_string_add_from_char(re_string, "\\["); + sh_string_add_from_char(re_string, "([^"); + sh_string_add_from_char(re_string, "]"); + sh_string_add_from_char(re_string, "]+)"); + sh_string_add_from_char(re_string, "\\]"); + + p_status = i+1; + sh_string_add_from_char(re_string, " "); + + p = "(.+)"; + sh_string_add_from_char(re_string, p); + + nfields = 3; + + break; + } + else + { + sh_string_add_from_char(re_string, "("); + sh_string_add_from_char(re_string, "\\S+"); + sh_string_add_from_char(re_string, ")"); + if (token[0] == '%' && token[strlen(token)-1] == 's') + p_status = i+1; + else if (token[0] == '%' && token[strlen(token)-1] == 'v') + p_host = i+1; + } + } + sh_string_add_from_char(re_string, "$"); + + if (flag_err_debug == SL_TRUE) + { + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, + sh_string_str(re_string), + _("eval_fileinfo")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + } + + result = SH_ALLOC(sizeof(struct sh_fileinfo_apache)); + result->line_regex = pcre_compile(sh_string_str(re_string), 0, + &error, &erroffset, NULL); + if (!(result->line_regex)) + { + sh_string * msg = sh_string_new(0); + sh_string_add_from_char(msg, _("Bad regex: ")); + sh_string_add_from_char(msg, sh_string_str(re_string)); + + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, + sh_string_str(msg), + _("eval_fileinfo")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + + SH_FREE(result); + SH_FREE(splits); + SH_FREE(new); + sh_string_destroy(&msg); + sh_string_destroy(&re_string); + + return NULL; + } + sh_string_destroy(&re_string); + + result->line_ovector = SH_ALLOC(sizeof(int) * (nfields+1) * 3); + result->line_ovecnum = nfields; + result->pos_host = p_host; + result->pos_status = p_status; + result->pos_time = p_time; + result->format_time = f_time; + + SH_FREE(splits); + SH_FREE(new); + return (void*)result; +} + +struct sh_logrecord * sh_parse_apache (sh_string * logline, void * fileinfo) +{ + static struct tm old_tm; + static time_t old_time; + + char tstr[128]; + char sstr[128]; + char * hstr; + int res; + const char **hstr_addr = (const char **) &hstr; + + struct sh_fileinfo_apache * info = (struct sh_fileinfo_apache *) fileinfo; + + if (sh_string_len(logline) > 0 && flag_err_debug == SL_TRUE) + { + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, + sh_string_str(logline), + _("sh_parse_apache")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + } + + if (logline == NULL || info == NULL) + { + return NULL; + } + + res = pcre_exec(info->line_regex, NULL, + sh_string_str(logline), (int)sh_string_len(logline), 0, + 0, info->line_ovector, (3*(1+info->line_ovecnum))); + + if (res == (1+info->line_ovecnum)) + { + struct sh_logrecord * record; + time_t timestamp = 0; + + if (info->pos_time > 0) + { + res = pcre_copy_substring(sh_string_str(logline), + info->line_ovector, res, + info->pos_time, tstr, sizeof(tstr)); + if (res <= 0) + goto corrupt; + } + else + { + res = 0; + timestamp = 0; + info->format_time = sh_util_strdup(_("%d/%b/%Y:%T")); + sl_strlcpy(tstr, _("01/Jan/1970:00:00:00"), sizeof(tstr)); + } + + if (res > 0) + { + struct tm btime; + char * ptr = NULL; + + /* example: 01/Jun/2008:07:55:28 +0200 */ + + ptr = /*@i@*/strptime(tstr, info->format_time, &btime); + + if (ptr) + { + timestamp = conv_timestamp(&btime, &old_tm, &old_time); + } + else + goto corrupt; + } + + if (info->pos_status > 0) + { + res = pcre_copy_substring(sh_string_str(logline), + info->line_ovector, res, + info->pos_status, sstr, sizeof(sstr)); + if (res <= 0) + goto corrupt; + } + else + { + sl_strlcpy(sstr, _("000"), sizeof(sstr)); + } + + if (info->pos_host > 0) + { + res = pcre_get_substring(sh_string_str(logline), + info->line_ovector, res, + info->pos_host, hstr_addr); + if (res <= 0) + goto corrupt; + } + else + { + hstr = NULL; + } + + record = SH_ALLOC(sizeof(struct sh_logrecord)); + + record->timestamp = timestamp; + record->timestr = sh_string_new_from_lchar(tstr, strlen(tstr)); + + if (hstr) + record->host = sh_string_new_from_lchar(hstr, strlen(hstr)); + else + record->host = sh_string_new_from_lchar(sh.host.name, strlen(sh.host.name)); + + record->message = sh_string_new_from_lchar(sh_string_str(logline), + sh_string_len(logline)); + record->pid = 0; + + pcre_free(hstr); + return record; + } + else + { + char msg[128]; + sl_snprintf(msg, sizeof(msg), _("Incorrect number of captured subexpressions: %d vs %d"), + res, info->line_ovecnum); + + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, + msg, + _("sh_parse_apache")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + } + + /* Corrupted logline */ + corrupt: + + { + sh_string * msg = sh_string_new(0); + sh_string_add_from_char(msg, _("Corrupt logline: ")); + sh_string_add_from_char(msg, sh_string_str(logline)); + + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, + sh_string_str(msg), + _("sh_parse_apache")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + sh_string_destroy(&msg); + } + return NULL; +} + +/* USE_LOGFILE_MONITOR */ +#endif Index: /tags/2.5.0/src/sh_log_parse_pacct.c =================================================================== --- /tags/2.5.0/src/sh_log_parse_pacct.c (revision 189) +++ /tags/2.5.0/src/sh_log_parse_pacct.c (revision 189) @@ -0,0 +1,340 @@ +/************************************** + ** + ** PARSER RULES + ** + ** (a) must set record->host + ** (eventually to dummy value) + ** + ** (b) must set record->prefix + ** (command) + ** + ** + **************************************/ + +/* Based on the GNU Accounting Utilities, which is distributed with the + * following copyright: + */ + +/* Copyright (C) 1993, 1996, 1997, 2003, 2005 Free Software Foundation, Inc. + * + * This file is part of the GNU Accounting Utilities + * + * The GNU Accounting Utilities are free software; you can redistribute + * them and/or modify them under the terms of the GNU General Public + * License as published by the Free Software Foundation; either version + * 2, or (at your option) any later version. + * + * The GNU Accounting Utilities are distributed in the hope that they will + * be useful, but WITHOUT ANY WARRANTY; without even the implied warranty + * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with the GNU Accounting Utilities; see the file COPYING. If + * not, write to the Free Software Foundation, 675 Mass Ave, Cambridge, + * MA 02139, USA. */ + +#include "config_xor.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#if defined(USE_LOGFILE_MONITOR) && defined(HAVE_SYS_ACCT_H) + +#include + +#include "samhain.h" +#include "sh_pthread.h" +#include "sh_log_check.h" +#include "sh_utils.h" +#include "sh_string.h" + +#undef FIL__ +#define FIL__ _("sh_log_parse_pacct.c") + +extern int flag_err_debug; + +#ifndef ACCT_COMM +#define ACCT_COMM 16 +#endif +#ifndef AHZ +#define AHZ 100 +#endif + +#if defined(ACUTIME_COMPT) || defined(ACSTIME_COMPT) || defined(ACETIME_COMPT) +static double comp_t_2_double (comp_t ct) +{ + unsigned long out = 0; + + out = ct & 017777; + ct >>= 13; + + while (ct) { + ct--; + out <<= 3; + } + + return (double) out; +} +#endif + +#ifdef ACUTIME_COMPT +# define ACUTIME_2_DOUBLE(x) (comp_t_2_double(x)) +#else +# define ACUTIME_2_DOUBLE(x) ((double)(x)) +#endif + +#ifdef ACSTIME_COMPT +# define ACSTIME_2_DOUBLE(x) (comp_t_2_double(x)) +#else +# define ACSTIME_2_DOUBLE(x) ((double)(x)) +#endif + +#ifdef ACETIME_COMPT +# define ACETIME_2_DOUBLE(x) (comp_t_2_double(x)) +#else +# define ACETIME_2_DOUBLE(x) ((double)(x)) +#endif + + +static void expand_flags(char flag, char * out) +{ + int i = 0; + +#define BIT(flg, ch) if (flag & flg) out[i] = ch; else out[i] = ' '; ++i + + BIT(ASU, 'S'); + BIT(AFORK, 'F'); +#ifdef ACOMPAT + BIT(ACOMPAT, 'C'); +#endif + BIT(ACORE, 'D'); + BIT(AXSIG, 'X'); + + out[i] = '\0'; + return; +} + +static char * uid_name (int uid) +{ + static int userid = 0; + static char user[16] = ""; + + if (uid == userid && user[0] != '\0') + { + return user; + } + else + { + struct passwd *thispw = getpwuid (uid); + if (thispw) + sl_strlcpy (user, thispw->pw_name, sizeof(user)); + else + sl_snprintf(user, sizeof(user), "%d", uid); + user[sizeof(user)-1] = '\0'; + userid = uid; + } + return user; +} + +struct dev_struct { + char * device; + long dev_id; + struct dev_struct * next; +}; +static struct dev_struct * devicelist = NULL; + +static void add_devices(const char * dir) +{ + DIR * mdir; + char dirl[256]; + + sl_strlcpy(dirl, dir, sizeof(dirl)); + dirl[sizeof(dirl)-1] = '\0'; + + mdir = opendir(dir); + + if (mdir) + { + char * path; + size_t len; + struct dirent * dent; + struct stat buf; + + while (NULL != (dent = readdir(mdir))) + { + if (0 == strcmp(dent->d_name, ".")) + continue; + if (0 == strcmp(dent->d_name, "..")) + continue; + len = strlen(dir) + strlen(dent->d_name) + 2; + path = SH_ALLOC(len); + snprintf(path, len, "%s/%s", dir, dent->d_name); + if (0 == lstat(path, &buf) && S_ISCHR(buf.st_mode)) + { + struct dev_struct * dstruct; + dstruct = SH_ALLOC(sizeof(struct dev_struct)); + /* eliminate leading '/dev/' */ + memmove(path, &path[5], strlen(path)-4); + dstruct->device = path; + dstruct->dev_id = buf.st_rdev; + dstruct->next = devicelist; + devicelist = dstruct; + } + else + { + SH_FREE(path); + } + } + closedir(mdir); + } + return; +} + +static char * dev_name(long tty) +{ + struct dev_struct * dstruct; + + if (!devicelist) + { + add_devices("/dev"); + add_devices("/dev/pts"); + add_devices("/dev/pty"); + add_devices("/dev/ptym"); + } + + dstruct = devicelist; + while (dstruct) + { + if (dstruct->dev_id == tty) + return dstruct->device; + dstruct = dstruct->next; + } + return "??"; +} + +/* This looks strange, but it's real ANSI C. */ +extern struct acct pacct_rd_never_used; +#define COMM_LEN ((int) sizeof (pacct_rd_never_used.ac_comm)) + +sh_string * sh_read_pacct (sh_string * record, struct sh_logfile * logfile) +{ +#if defined(__linux__) +# define STRUCT_ACCT struct acct_v3 +#else +# define STRUCT_ACCT struct acct +#endif + + STRUCT_ACCT rec; + + if (NULL != sh_binary_reader ((void*) &rec, sizeof(STRUCT_ACCT), logfile)) + { + time_t btime = (time_t) rec.ac_btime; + double ut = ACUTIME_2_DOUBLE (rec.ac_utime); + double st = ACSTIME_2_DOUBLE (rec.ac_stime); + char fl[6]; + char comm[COMM_LEN+1]; + int i; + char out[64+COMM_LEN+1+5+8+8+32+4+19+7]; /* see printf format below */ + + expand_flags(rec.ac_flag, fl); + + /* ac_comm may not be null terminated + */ + for (i = 0; i < COMM_LEN; i++) + { + if (rec.ac_comm[i] == '\0') + { + comm[i] = '\0'; + break; + } + if (! isprint (rec.ac_comm[i])) + comm[i] = '?'; + else + comm[i] = rec.ac_comm[i]; + } + comm[COMM_LEN] = '\0'; + + sl_snprintf (out, sizeof(out), + "%ld:%-*.*s %5.5s %-8.8s %-8.8s %6.2f secs %-19.19s", + btime, + COMM_LEN, COMM_LEN, comm, fl, + uid_name(rec.ac_uid), + dev_name((long)rec.ac_tty), + ((ut + st) / (double) AHZ), + ctime (&btime)); + + + sh_string_set_from_char(record, out); + return record; + } + + if (record) + sh_string_destroy(&record); + return NULL; +} + +struct sh_logrecord * sh_parse_pacct (sh_string * logline, void * fileinfo) +{ + char * p; + char * endptr; + unsigned long ltime; + struct sh_logrecord * record = NULL; + + (void) fileinfo; + + if (sh_string_len(logline) > 0 && flag_err_debug == SL_TRUE) + { + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, + sh_string_str(logline), + _("sh_parse_pacct")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + } + + p = strchr(sh_string_str(logline), ':'); + + if (!p || p == sh_string_str(logline)) + return NULL; + + ltime = strtoul(sh_string_str(logline), &endptr, 10); + if (p != endptr) + return NULL; + + ++p; /* points to first char of pacct record */ + + if (*p != '\0') + { + size_t lengths[7]; + unsigned int fields = 7; + char ** array; + sh_string * message = sh_string_new_from_lchar(p, strlen(p)); + array = split_array_ws(p, &fields, lengths); + + if (fields == 7) + { + record = SH_ALLOC(sizeof(struct sh_logrecord)); + + record->timestamp = ltime; + record->timestr = sh_string_new_from_lchar(array[6], lengths[6]); + record->message = message; + record->pid = 0; + record->host = sh_string_new_from_lchar(sh.host.name, strlen(sh.host.name)); + } + else + { + sh_string_destroy(&message); + } + SH_FREE(array); + } + return record; +} +/* USE_LOGFILE_MONITOR */ +#endif Index: /tags/2.5.0/src/sh_log_parse_samba.c =================================================================== --- /tags/2.5.0/src/sh_log_parse_samba.c (revision 189) +++ /tags/2.5.0/src/sh_log_parse_samba.c (revision 189) @@ -0,0 +1,96 @@ +/************************************** + ** + ** PARSER RULES + ** + ** (a) must set record->host + ** (eventually to dummy value) + ** + ** (b) must set record->prefix + ** (command) + ** + ** + **************************************/ + +/* for strptime */ +#define _XOPEN_SOURCE + +#include "config_xor.h" +#include +#include + +#if defined(USE_LOGFILE_MONITOR) + +#include "samhain.h" +#include "sh_pthread.h" +#include "sh_log_check.h" +#include "sh_string.h" + +#undef FIL__ +#define FIL__ _("sh_log_parse_samba.c") + + +sh_string * sh_read_samba (sh_string * record, struct sh_logfile * logfile) +{ + return sh_cont_reader (record, logfile, " \t"); +} + +struct sh_logrecord * sh_parse_samba (sh_string * logline, void * fileinfo) +{ + static struct tm old_tm; + static time_t old_time; + + struct sh_logrecord * record = NULL; + + static const char * format0_1 = N_("[%Y/%m/%d %T"); + static char format_1[16]; + static int format_init = 0; + + (void) fileinfo; + + if (!format_init) + { + sl_strlcpy(format_1, _(format0_1), sizeof(format_1)); + format_init = 1; + } + + if (logline && sh_string_len(logline) > 0) + { + size_t lengths[3]; + unsigned int fields = 3; + char ** array; + char * p = strchr(sh_string_str(logline), ','); + + *p = '\0'; ++p; + array = split_array_ws(p, &fields, lengths); + + if (fields == 3) + { + struct tm btime; + char * ptr; + + memset(&btime, '\0', sizeof(struct tm)); + ptr = strptime(sh_string_str(logline), format_1, &btime); + + if (ptr && *ptr == '\0') /* no error, whole string consumed */ + { + record = SH_ALLOC(sizeof(struct sh_logrecord)); + + record->timestamp = conv_timestamp(&btime, &old_tm, &old_time); + + p = sh_string_str(logline); ++p; + + record->timestr = sh_string_new_from_lchar(p, strlen(p)); + + record->message = sh_string_new_from_lchar(array[2], lengths[2]); + + record->pid = 0; + record->host = sh_string_new_from_lchar(sh.host.name, + strlen(sh.host.name)); + } + } + SH_FREE(array); + } + return record; +} + +#endif Index: /tags/2.5.0/src/sh_log_parse_syslog.c =================================================================== --- /tags/2.5.0/src/sh_log_parse_syslog.c (revision 189) +++ /tags/2.5.0/src/sh_log_parse_syslog.c (revision 189) @@ -0,0 +1,183 @@ +/************************************** + ** + ** PARSER RULES + ** + ** (a) must set record->host + ** (eventually to dummy value) + ** + ** (b) must set record->prefix + ** (eventually to dummy value) + ** + ** + **************************************/ + +/* for strptime */ +#define _XOPEN_SOURCE + +#include "config_xor.h" + +#include +#include +#include +#include +#include + +#ifdef USE_LOGFILE_MONITOR + +#include "samhain.h" +#include "sh_pthread.h" +#include "sh_log_check.h" +#include "sh_utils.h" +#include "sh_string.h" + +#undef FIL__ +#define FIL__ _("sh_log_parse_syslog.c") + +static int hidepid = 0; +extern int flag_err_debug; + +int sh_get_hidepid() +{ + return hidepid; +} + +int sh_set_hidepid(const char *s) +{ + return sh_util_flagval(s, &hidepid); +} + +struct sh_logrecord * sh_parse_syslog (sh_string * logline, void * fileinfo) +{ + static const char * format0_1 = N_("%b %d %T"); + static const char * format0_2 = N_("%Y-%m-%dT%T"); + + static char format_1[16]; + static char format_2[16]; + static int format_init = 0; + + static struct tm old_tm; + static time_t old_time; + + const unsigned int Tpos = 10; + unsigned int tlen = 16; + + (void) fileinfo; + + if (!format_init) + { + sl_strlcpy(format_1, _(format0_1), sizeof(format_1)); + sl_strlcpy(format_2, _(format0_2), sizeof(format_2)); + format_init = 1; + } + + + if (sh_string_len(logline) > 0 && flag_err_debug == SL_TRUE) + { + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, + logline->str, + _("sh_parse_syslog")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + } + + if (logline && sh_string_len(logline) > tlen) + { + struct tm btime; + char * ptr; + int flag; + size_t lengths[3]; + + memset(&btime, '\0', sizeof(struct tm)); + + /* This is RFC 3164. + */ + if (logline->str[Tpos] != 'T') + { + logline->str[tlen-1] = '\0'; + ptr = /*@i@*/strptime(logline->str, format_1, &btime); + } + + /* RFC 3339 describes an alternative timestamp format. + * Unfortunately, POSIX strptime() does not support reading + * the TZ offset. + */ + else + { + ptr = strptime(logline->str, format_2, &btime); + if (ptr) + { + tlen = 20; + if (*ptr && *ptr != ' ') { + do { ++ptr; ++tlen; } while (*ptr && *ptr != ' '); + if (*ptr == ' ') *ptr = '\0'; + } + } + } + + if (ptr && *ptr == '\0') /* no error, whole string consumed */ + { + unsigned int fields = 3; /* host program(\[pid\])+: message */ + char ** array = split_array_ws(&(logline->str[tlen]), &fields, lengths); + + if (fields == 3) + { + struct sh_logrecord * record = SH_ALLOC(sizeof(struct sh_logrecord)); + + record->timestamp = conv_timestamp(&btime, &old_tm, &old_time); + record->timestr = sh_string_new_from_lchar(logline->str, (tlen-1)); + + /* host + */ + record->host = sh_string_new_from_lchar(array[0], lengths[0]); + + /* program and pid + */ + if (NULL != (ptr = strchr(array[1], '['))) + { + *ptr = '\0'; + ++ptr; + record->pid = (pid_t) atoi(ptr); + + if (hidepid == 0 || !*ptr) { + --ptr; + *ptr = '['; + } else { + *ptr = '\0'; /* overwrite first digit */ + --ptr; + *ptr = ':'; /* overwrite ex-':' */ + lengths[1] = strlen(array[1]); + } + } + else + { + flag = 0; + ptr = array[1]; + if (ptr[lengths[1]] == ':') { + ptr[lengths[1]] = '\0'; + flag = 1; + } + record->pid = PID_INVALID; + if (flag == 1) { + ptr[lengths[1]] = ':'; + } + } + + /* message + */ + record->message = sh_string_new_from_lchar3(array[1], lengths[1], + " ", 1, + array[2], lengths[2]); + + SH_FREE(array); + return record; + } + SH_FREE(array); + } + } + /* corrupted logline + */ + return NULL; +} + +/* USE_LOGFILE_MONITOR */ +#endif Index: /tags/2.5.0/src/sh_mail.c =================================================================== --- /tags/2.5.0/src/sh_mail.c (revision 189) +++ /tags/2.5.0/src/sh_mail.c (revision 189) @@ -0,0 +1,2272 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999, 2000 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#if defined(SH_WITH_MAIL) + +#if TIME_WITH_SYS_TIME +#include +#include +#else +#if HAVE_SYS_TIME_H +#include +#else +#include +#endif +#endif + + +#ifdef HAVE_MEMORY_H +#include +#endif + +#include "samhain.h" +#include "sh_error.h" +#include "sh_unix.h" +#include "sh_tiger.h" +#include "sh_mail.h" +#include "sh_utils.h" +#include "sh_fifo.h" +#include "sh_tools.h" +#include "sh_pthread.h" + +#undef FIL__ +#define FIL__ _("sh_mail.c") +#undef GOOD +#undef BAD + +static int failedMail = SL_FALSE; + +/* MX Resolver Struct + */ +typedef struct mx_ { + int pref; + char * address; +} mx; + +typedef struct dnsrep_ { + int count; + mx * reply; +} dnsrep; + +static int free_mx (dnsrep * answers); +static dnsrep * return_mx (char *domain); + +/********************************************* + * utility function for verifying mails + *********************************************/ + +typedef struct mail_trail_struct { + char trail_id[2*SH_MINIBUF]; + char trail_key[KEY_LEN+1]; + struct mail_trail_struct * next; +} mail_trail_type; + +static mail_trail_type * mail_trail = NULL; + +int sh_mail_sigverify (const char * s) +{ + SL_TICKET fd; + long i; + char * buf; + char * bufc; + char key[81]; + char number[2*SH_MINIBUF]; + char audit_id[2 * SH_MINIBUF]; + long numsig; + char key2[KEY_LEN+1]; + + char * theSig; + + mail_trail_type * mail_trail_ptr = NULL; + + sh_error_logoff(); + + ASSERT((s != NULL && sl_strlen(s) < PATH_MAX), + _("(s != NULL && sl_strlen(s) < PATH_MAX)")); + + if (s == NULL || sl_strlen(s) >= PATH_MAX) + _exit (EXIT_FAILURE); + + /* open the file, then check it + */ + if (0 != sl_is_suid()) + { + fprintf(stderr, _("Cannot open file %s in suid mode\n"), s); + _exit (EXIT_FAILURE); + } + if ( SL_ISERROR(fd = sl_open_read (s, SL_NOPRIV))) + { + fprintf(stderr, _("Could not open file %s\n"), s); + _exit (EXIT_FAILURE); + } + + buf = SH_ALLOC( (size_t)(SH_MSG_BUF+SH_BUFSIZE+1)); + bufc = SH_ALLOC( (size_t)(SH_MSG_BUF+SH_MAXBUF+1)); + + while (1 == 1) + { + buf[0] = '\0'; + bufc[0] = '\0'; + + /* find start of next message + */ + while (0 != sl_strncmp(buf, _("-----BEGIN MESSAGE-----"), + sizeof("-----BEGIN MESSAGE-----")-1)) + { + (void) sh_unix_getline (fd, buf, SH_MSG_BUF+SH_BUFSIZE); + if (buf[0] == '\0') + { + /* End of mailbox reached, exit. + */ + (void) fflush(stdout); + _exit (EXIT_SUCCESS); + + /* Fix for AIX cc complaint. + */ + /*@notreached@*/ + return 0; + } + } + + /* Read message, compress into bufc. + */ + while (1 == 1) + { + (void) sh_unix_getline (fd, buf, SH_MSG_BUF+SH_BUFSIZE); + if (0 == sl_strncmp(buf, _("-----BEGIN SIGNATURE-----"), + sizeof("-----BEGIN SIGNATURE-----")-1)) + break; + if (buf[0] == '\0') + _exit (EXIT_FAILURE); + (void) sh_util_compress(bufc, buf, SH_MSG_BUF+SH_MAXBUF-KEY_LEN); + } + + /* get signature and number + */ + (void) sh_unix_getline (fd, key, (int)sizeof(key)); + key[KEY_LEN] = '\0'; + + (void) sh_unix_getline (fd, number, (int)sizeof(number)); + number[(2*SH_MINIBUF) - 2] = '\0'; + numsig = atol (number); + (void) sl_strlcpy (audit_id, &number[7], 2*SH_MINIBUF); + + fprintf(stderr, _("Message %06ld Trail %s\n"), + numsig, /*@-usedef@*/ audit_id /*@+usedef@*/); + + mail_trail_ptr = mail_trail; + while (mail_trail_ptr) + { + if (0 == sl_strcmp(mail_trail_ptr->trail_id, audit_id)) + break; + mail_trail_ptr = mail_trail_ptr->next; + } + + if (!mail_trail_ptr) + { + if (numsig > 0) + { + fprintf (stderr, _("ERROR (no key -- cannot check)\n")); + continue; + } + else + { + mail_trail_ptr = SH_ALLOC (sizeof(mail_trail_type)); + mail_trail_ptr->next = mail_trail; + mail_trail = mail_trail_ptr; + (void) sl_strlcpy (mail_trail_ptr->trail_id, + audit_id, 2*SH_MINIBUF); + } + } + else if (numsig == 0) + { + fprintf (stderr, _("ERROR (repeated audit trail)\n")); + continue; + } + + + if (numsig == 0) + { + sh_util_encode(key, bufc, 1, 'A'); + (void) sl_strlcpy (mail_trail_ptr->trail_key, key, KEY_LEN+1); + fprintf (stderr, _("(unchecked)\n")); + } + else + { + char sigbuf[KEYBUF_SIZE]; + + /* iterate key + */ + (void) sl_strlcpy(key2, mail_trail_ptr->trail_key, KEY_LEN+1); + for (i = 0; i < numsig; ++i) + { + char hashbuf[KEYBUF_SIZE]; + (void) sl_strlcpy (key2, + sh_tiger_hash (key2, TIGER_DATA, KEY_LEN, + hashbuf, sizeof(hashbuf)), + KEY_LEN+1); + } + + + theSig = sh_util_siggen (key2, bufc, sl_strlen(bufc), sigbuf, sizeof(sigbuf)); + if (sl_strncmp (key, + theSig, + KEY_LEN) != 0) + { + fprintf (stderr, _("(FAILED)\n")); + } + else + { + fprintf (stderr, _("(passed)\n")); + } + + } + + } /* end scan mailbox */ + + /*@notreached@*/ +} + +#define SH_FILT_NUM 32 +#define SH_FILT_OR 0 +#define SH_FILT_AND 1 +#define SH_FILT_NOT 2 +#define SH_FILT_INIT { 0, { NULL }, 0, { NULL }, 0, { NULL }} + +typedef struct _sh_filter_type +{ + int for_c; + char * for_v[SH_FILT_NUM]; + int fand_c; + char * fand_v[SH_FILT_NUM]; + int fnot_c; + char * fnot_v[SH_FILT_NUM]; + +} sh_filter_type; + +static +int sh_filter_filteradd (const char * argstring, + sh_filter_type * filter, int ftype) +{ + int i = 0; + int flag = 0; + size_t s; + + char * dupp; + char * p; + char * end; + int * ntok; + char ** stok; + + SL_ENTER(_("sh_filter_filteradd")); + + if (NULL == argstring) + { + SL_RETURN((-1), _("sh_filter_filteradd")); + } + + if (ftype == SH_FILT_OR) { + ntok = &(filter->for_c); + stok = filter->for_v; + } + else if (ftype == SH_FILT_AND) { + ntok = &(filter->fand_c); + stok = filter->fand_v; + } + else if (ftype == SH_FILT_NOT) { + ntok = &(filter->fnot_c); + stok = filter->fnot_v; + } + else { + SL_RETURN((-1), _("sh_filter_filteradd")); + } + + *ntok = 0; + + dupp = sh_util_strdup(argstring); + p = dupp; + + do + { + while (*p == ',' || *p == ' ' || *p == '\t') + ++p; + if (*p == '\0') + break; + + end = p; ++end; + if (*end == '\0') + break; + + if (*p == '\'') + { + ++p; end = p; ++end; + if (*p == '\0' || *end == '\0') + break; + while (*end != '\0' && *end != '\'') + ++end; + } + else if (*p == '"') + { + ++p; end = p; ++end; + if (*p == '\0' || *end == '\0') + break; + while (*end != '\0' && *end != '"') + ++end; + } + else + { + while (*end != '\0' && *end != ',' && *end != ' ' && *end != '\t') + ++end; + } + if (*end == '\0') + flag = 1; + else + *end = '\0'; + + s = strlen(p) + 1; + if (stok[i] != NULL) + SH_FREE(stok[i]); + stok[i] = SH_ALLOC(s); + (void) sl_strlcpy(stok[i], p, s); + + p = end; ++p; + + ++i; + if (i == SH_FILT_NUM) + break; + } + while (p != NULL && *p != '\0' && flag == 0); + + *ntok = i; + SH_FREE(dupp); + + SL_RETURN (0, _("sh_filter_filteradd")); +} + +/* + * -- check filters + */ +static +int sh_filter_filter (const char * message, sh_filter_type * filter) +{ + int i; + int j = 0; + + SL_ENTER(_("sh_mail_filter")); + + /* Presence of any of these keywords prevents execution. + */ + if (filter->fnot_c > 0) + { + for (i = 0; i < filter->fnot_c; ++i) + { + if (NULL != sl_strstr(message, filter->fnot_v[i])) + { + SL_RETURN ((-1), _("sh_filter_filter")); + } + } + } + + /* Presence of all of these keywords is required for execution. + */ + if (filter->fand_c > 0) + { + j = 0; + + for (i = 0; i < filter->fand_c; ++i) + if (NULL != sl_strstr(message, filter->fand_v[i])) + ++j; + + if (j != filter->fand_c) + { + SL_RETURN ((-1), _("sh_filter_filter")); + } + } + + /* Presence of at least one of these keywords is required for execution. + */ + if (filter->for_c > 0) + { + for (i = 0; i < filter->for_c; ++i) + { + if (NULL != sl_strstr(message, filter->for_v[i])) + { + goto isok; + } + } + SL_RETURN ((-1), _("sh_filter_filter")); + } + + isok: + SL_RETURN ((0), _("sh_filter_filter")); +} + + +static sh_filter_type mail_filter = SH_FILT_INIT; + +/* + * -- add keywords to the OR filter + */ +int sh_mail_add_or (const char * str) +{ + return (sh_filter_filteradd (str, &(mail_filter), SH_FILT_OR)); +} + +/* + * -- add keywords to the AND filter + */ +int sh_mail_add_and (const char * str) +{ + return (sh_filter_filteradd (str, &(mail_filter), SH_FILT_AND)); +} + +/* + * -- add keywords to the NOT filter + */ +int sh_mail_add_not (const char * str) +{ + return (sh_filter_filteradd (str, &(mail_filter), SH_FILT_NOT)); +} + + +static char * address_list[8] = { + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL +}; + +static int address_num = 0; +static int address_num_compiled = 0; +static int setaddress_compiled = S_FALSE; + +void reset_count_dev_mail(void) +{ + /* if not, then we still have the compiled-in address (if any), so we + * don' touch them + */ + if (address_num_compiled == -99) + address_num = 0; + return; +} + +int sh_mail_setaddress (const char * address) +{ + char * p; + + SL_ENTER(_("sh_mail_setaddress")); + + if (0 == strcmp(address, _("NULL"))) + SL_RETURN ( (0), _("sh_mail_setaddress")); + + if (address != NULL && address_num < (2 * SH_PATHBUF / 64 )) + { + if (address_num < (SH_PATHBUF / 64 )) + p = &sh.srvmail.name[address_num*64]; + else + p = &sh.srvmail.alt[address_num*64]; + + (void) sl_strlcpy (p, address, 64); + + if ((p == NULL) || ( sl_strlen(address) != sl_strlen(p))) + { + memset(p, (int)'\0', 64); + SL_RETURN ( (-1), _("sh_mail_setaddress")); + } + address_list[address_num] = p; +#if 0 + if (!sl_is_suid()) + { + TPT(( 0, FIL__, __LINE__, _("msg=\n"), + address_num, address_list[address_num])); + } +#endif + if (setaddress_compiled == S_TRUE) + { + ++address_num; + ++address_num_compiled; + } + else + { + if (address_num == address_num_compiled) + { + address_num = 0; + address_num_compiled = -99; + } + ++address_num; + } + SL_RETURN ( (0), _("sh_mail_setaddress")); + } + SL_RETURN ( (-1), _("sh_mail_setaddress")); +} + +int sh_mail_setaddress_int (const char * address) +{ + int i; + SL_ENTER(_("sh_mail_setaddress_int")); + setaddress_compiled = S_TRUE; + i = sh_mail_setaddress(address); + setaddress_compiled = S_FALSE; + SL_RETURN(i, _("sh_mail_setaddress_int")); +} + +int sh_mail_setNum (const char * str) +{ + int i = atoi (str); + + SL_ENTER(_("sh_mail_setNum")); + + if (i >= 0 && i < SH_FIFO_MAX) + sh.mailNum.alarm_interval = (time_t) i; + else + SL_RETURN ((-1), _("sh_mail_setNum")); + SL_RETURN( (0), _("sh_mail_setNum")); +} + + +static int all_in_one = S_FALSE; + +int sh_mail_setFlag (const char * str) +{ + int i; + SL_ENTER(_("sh_mail_setFlag")); + i = sh_util_flagval(str, &all_in_one); + SL_RETURN(i, _("sh_mail_setFlag")); +} + +static char * mail_subject = NULL; + +int set_mail_subject (const char * str) +{ + SL_ENTER(_("set_mail_subject")); + if (!str) + SL_RETURN( (-1), _("set_mail_subject")); + + if (mail_subject != NULL) + SH_FREE(mail_subject); + + if (0 == sl_strncmp(str, _("NULL"), 4)) + { + mail_subject = NULL; + SL_RETURN( 0, _("set_mail_subject")); + } + + mail_subject = sh_util_strdup(str); + SL_RETURN( (0), _("set_mail_subject")); +} + + +static SH_FIFO * fifo_mail = NULL; + +static +void sh_mail_emptystack (void) +{ + char * msg; + size_t len; + + SL_ENTER(_("sh_mail_emptystack")); + + if (fifo_mail == NULL) + SL_RET0(_("sh_mail_emptystack")); + + while (NULL != (msg = pop_list(fifo_mail))) + { + len = sl_strlen(msg); + memset(msg, 0, len); + SH_FREE(msg); + } + + SL_RET0(_("sh_mail_emptystack")); +} + +/* insert "\r\n" after each 998 char + */ +static char * split_string(char * str); + +int sh_mail_pushstack (/*@null@*/char * msg) +{ + char * p; + int retval = 0; + int status; + + SL_ENTER(_("sh_mail_pushstack")); + + if (msg == NULL || failedMail == SL_TRUE || sh.srvmail.name[0] == '\0') + SL_RETURN((0), (_("sh_mail_pushstack"))); + + if (0 != sh_filter_filter(msg, &mail_filter)) + SL_RETURN((0), (_("sh_mail_pushstack"))); + +#if 0 + if (msg != NULL && sl_strlen(msg) > 998) /* RFC 2822 */ + msg[998] = '\0'; +#endif + + p = split_string(msg); + + if (fifo_mail == NULL) + { + fifo_mail = SH_ALLOC(sizeof(SH_FIFO)); + fifo_init(fifo_mail); + } + + status = push_list (fifo_mail, p); + if (status >= 0) + ++sh.mailNum.alarm_last; + + SH_FREE(p); + + if (sh.mailNum.alarm_last >= sh.mailNum.alarm_interval) + { + BREAKEXIT(sh_mail_msg); + retval = sh_mail_msg (NULL); + } + + if (status == SH_FIFO_MAX) + retval = -2; + SL_RETURN(retval, (_("sh_mail_pushstack"))); +} + + +/* The mailer. + */ +static int sh_mail_end_conn (FILE * connfile, int fd); +static FILE * sh_mail_start_conn (int aFlag, int * fd); + +static +void sh_mail_get_subject(char * message, + char * mheader, size_t len) +{ + st_format rep_serv_tab[] = { + { 'T', S_FMT_TIME, 0, 0, NULL}, + { 'H', S_FMT_STRING, 0, 0, NULL}, + { 'M', S_FMT_STRING, 0, 0, NULL}, + { 'S', S_FMT_STRING, 0, 0, NULL}, + {'\0', S_FMT_ULONG, 0, 0, NULL}, + }; + + char * p; + char * mptr; + char sev[8]; + + SL_ENTER(_("sh_mail_get_subject")); + + (void) sl_strlcpy(mheader, _("Subject: "), len); + if (NULL == strchr(mail_subject, '%')) + { + (void) sl_strlcat(mheader, mail_subject, len); + SL_RET0(_("sh_mail_get_subject")); + } + + + rep_serv_tab[0].data_ulong = (unsigned long) time(NULL); + rep_serv_tab[1].data_str = sh.host.name; + + /* fast forward to the important part + */ + mptr = sl_strstr(message, _("msg=")); + if (mptr) + { + mptr += 4; + rep_serv_tab[2].data_str = mptr; + } + else + rep_serv_tab[2].data_str = message; + + mptr = sl_strstr(message, _("sev=")); + if (mptr) + { + mptr += 5; + sev[0] = *mptr; ++mptr; + sev[1] = *mptr; ++mptr; + sev[2] = *mptr; ++mptr; + sev[3] = *mptr; ++mptr; + sev[4] = '\0'; + } + else + { + mptr = message; + sev[0] = *mptr; ++mptr; + sev[1] = *mptr; ++mptr; + sev[2] = *mptr; ++mptr; + sev[3] = *mptr; ++mptr; + if (*mptr == ' ') { + sev[4] = '\0'; + } else { + sev[4] = *mptr; ++mptr; + if (*mptr == ' ') { + sev[5] = '\0'; + } else { + sev[5] = *mptr; + sev[6] = '\0'; + } + } + } + rep_serv_tab[3].data_str = sev; + + + p = sh_util_formatted(mail_subject, rep_serv_tab); + (void) sl_strlcat(mheader, p, len); + SH_FREE(p); + SL_RET0(_("sh_mail_get_subject")); +} + + +#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) +#include +#endif + +static char * sh_mail_realloc (char * inbuf, size_t * insize, size_t increase) +{ + size_t newsize; + char * outbuf = inbuf; + + SL_ENTER(_("sh_mail_realloc")); + + if (sl_ok_adds((*insize), 1)) + { + newsize = (*insize) + 1; + + if (sl_ok_adds(newsize, increase)) + { + newsize += increase; + + outbuf = SH_ALLOC(newsize); + MLOCK(outbuf, newsize); + (void) sl_strlcpy(outbuf, inbuf, newsize); + + memset (inbuf, 0, (*insize)); + MUNLOCK(inbuf, (*insize)); + SH_FREE(inbuf); + + *insize = newsize; + } + } + + SL_RETURN( (outbuf), _("sh_mail_realloc")); +} + +int sh_mail_msg (/*@null@*/char * message) +{ + char subject[32+32+SH_MINIBUF+2+3+SH_PATHBUF]; + char mheader[32+32+SH_MINIBUF+2+3]; + + char * mailMsg; + char * popMsg; + int status = 0, errcount; + size_t wrlen; + int i; + int num_popped = 0; + int retval = -1; + + char * bufcompress; + static int failcount = 0; + static int isfirst = 1; + static int mailcount = 0; + FILE * connfile = NULL; + + struct sigaction old_act; + struct sigaction new_act; + + static time_t id_audit = 0; + static time_t fail_time = 0; + static time_t success_time = 0; + + static int ma_block = 0; + + int ma_socket = -1; + + SH_FIFO * fifo_temp = NULL; + + char * theSig; + char * theMsg = NULL; + + /* #define SH_MAILBUF (256) */ +#define SH_MAILBUF (8*4096) + + size_t msgbufsize = SH_MAILBUF; + size_t combufsize = SH_MAILBUF; + char timebuf[81]; + char hashbuf[KEYBUF_SIZE]; + + SL_ENTER(_("sh_mail_msg")); + + if (ma_block == 1) + SL_RETURN( (0), _("sh_mail_msg")); + + /* Return if we cannot mail. + */ + if (failedMail == SL_TRUE) + SL_RETURN((-1), _("sh_mail_msg")); + + if (failedMail == SL_FALSE && address_list[0] == NULL) + { + TPT((0, FIL__, __LINE__, + _("msg=\n"))); + failedMail = SL_TRUE; + SL_RETURN((-1), _("sh_mail_msg")); + } + + if ( (success_time > 0) && (fail_time > 0) && + (time(NULL) - success_time) > 3600*SH_MAX_FAIL) + { + ma_block = 1; + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_SRV_FAIL, + _("mail"), address_list[0]); + ma_block = 0; + sh_mail_emptystack(); + sh.mailNum.alarm_last = 0; + failedMail = SL_TRUE; + SL_RETURN((-1), _("sh_mail_msg")); + } + + /* Try at most each hour. + */ + if ((fail_time > 0) && (time(NULL) - fail_time) < 3/*600*/) + { + if (failcount > 3) + { + /* -- Save for later. -- + */ + sh_mail_pushstack (message); + ++failcount; + + SL_RETURN((-1), _("sh_mail_msg")); + } + else + { + (void) retry_msleep(2, 0); + ++failcount; + } + } + + /* -- Reset time of last failure. -- + */ + fail_time = 0; + + /* -- Polling, empty queue. -- + */ + if (message == NULL && sh.mailNum.alarm_last == 0) + SL_RETURN((-1), _("sh_mail_msg")); + + /* -- Filtered. -- + */ + if (message != NULL && 0 != sh_filter_filter(message, &mail_filter)) + SL_RETURN((-1), (_("sh_mail_msg"))); + + + + /* --------- Build complete message. ------------------------ */ + + theMsg = split_string(message); + + /* ---------- Header ---------------------------------------- */ + + if (mail_subject == NULL) + { + (void) sl_strlcpy(mheader, _("Subject: "), sizeof(mheader)-5); + (void) sl_strlcat(mheader, sh_unix_time (0, timebuf, sizeof(timebuf)), + sizeof(mheader)-5); + (void) sl_strlcat(mheader, " ", sizeof(mheader)-5); + (void) sl_strlcat(mheader, sh.host.name, sizeof(mheader)-5); + } + else + { + + if (message == NULL) + { + theMsg = pop_list(fifo_mail); + message = theMsg; + if (message) + --sh.mailNum.alarm_last; + } + + if (message) + { + sh_mail_get_subject(message, mheader, sizeof(mheader)-5); + } + else + { + (void) sl_strlcpy(mheader, _("Subject: "), sizeof(mheader)-5); + (void) sl_strlcat(mheader, sh_unix_time (0, timebuf, sizeof(timebuf)), + sizeof(mheader)-5); + (void) sl_strlcat(mheader, " ", sizeof(mheader)-5); + (void) sl_strlcat(mheader, sh.host.name, sizeof(mheader)-5); + } + } + + /* RFC 821: Header is terminated by an empty line + */ + (void) sl_strlcat(mheader, "\015\012\015\012", sizeof(mheader)); + + /* ---------- Message --------------------------------------- */ + + (void) sl_strlcpy(subject, sh_unix_time (0, timebuf, sizeof(timebuf)), + sizeof(subject)); + (void) sl_strlcat(subject, " ", sizeof(subject)); + (void) sl_strlcat(subject, sh.host.name, sizeof(subject)); + (void) sl_strlcat(subject, "\r\n", sizeof(subject)); + + + mailMsg = (char *) SH_ALLOC (msgbufsize); + bufcompress = (char *) SH_ALLOC (combufsize); + + MLOCK(mailMsg , msgbufsize); + MLOCK(bufcompress , combufsize); + + (void) sl_strlcpy(mailMsg, mheader, msgbufsize); + bufcompress[0] = '\0'; + + (void) sl_strlcat(mailMsg, _("-----BEGIN MESSAGE-----\r\n"), msgbufsize); + (void) sl_strlcat(mailMsg, subject, msgbufsize); + (void) sh_util_compress (bufcompress, subject, + (combufsize - KEY_LEN - 1)); + if (message != NULL) + { + if ((sl_strlen(theMsg) + sl_strlen(mailMsg) + 1) > + (msgbufsize-(4*KEY_LEN))) + { + mailMsg = sh_mail_realloc(mailMsg, + &msgbufsize, sl_strlen(theMsg)+2); + bufcompress = sh_mail_realloc(bufcompress, + &combufsize, sl_strlen(theMsg)); + } + (void) sl_strlcat(mailMsg, theMsg, msgbufsize-(4*KEY_LEN)); + (void) sl_strlcat(mailMsg, "\r\n", msgbufsize-(4*KEY_LEN)); + + (void) sh_util_compress (bufcompress, theMsg, combufsize-KEY_LEN-1); + } + + if (sh.mailNum.alarm_last > 0) + { + fifo_temp = SH_ALLOC (sizeof(SH_FIFO)); + fifo_init (fifo_temp); + + while ( NULL != (popMsg = pop_list(fifo_mail)) ) + { + (void) push_list (fifo_temp, popMsg); + + if ((sl_strlen(popMsg) + sl_strlen(mailMsg) + 1) > + (msgbufsize-(4*KEY_LEN))) + { + mailMsg = sh_mail_realloc(mailMsg, + &msgbufsize, + sl_strlen(popMsg)+2); + bufcompress = sh_mail_realloc(bufcompress, + &combufsize, + sl_strlen(popMsg)); + } + + (void) sl_strlcat(mailMsg, popMsg, msgbufsize-(4*KEY_LEN)); + (void) sl_strlcat(mailMsg, "\r\n", msgbufsize-(4*KEY_LEN)); + (void) sh_util_compress(bufcompress, popMsg, combufsize-KEY_LEN-1); + SH_FREE(popMsg); + --sh.mailNum.alarm_last; + ++num_popped; + } + } + + /* ------ signature block ------------------------------------ */ + + (void) sl_strlcat(mailMsg, _("-----BEGIN SIGNATURE-----\r\n"), msgbufsize); + + /* Generate new signature key. + */ + if (isfirst == 1) + { + BREAKEXIT(sh_util_keyinit); + (void) sh_util_keyinit (skey->mailkey_old, KEY_LEN+1); + } + + /* iterate the key + */ + (void) sl_strlcpy(skey->mailkey_new, + sh_tiger_hash (skey->mailkey_old, TIGER_DATA, KEY_LEN, + hashbuf, sizeof(hashbuf)), + KEY_LEN+1); + + if (isfirst == 0) + { + char sigbuf[KEYBUF_SIZE]; + + /* Sign the message with the signature key. + */ + theSig = sh_util_siggen (skey->mailkey_new, + bufcompress, sl_strlen(bufcompress), + sigbuf, sizeof(sigbuf)); + (void) sl_strlcat (mailMsg, + theSig, + msgbufsize); + } + else + { + id_audit = time (NULL); + + /* reveal first signature key + */ + /* flawfinder: ignore */ + (void) sl_strlcpy(skey->crypt, skey->mailkey_new, KEY_LEN+1); + + BREAKEXIT(sh_util_encode); + /* flawfinder: ignore */ + sh_util_encode(skey->crypt, bufcompress, 0, 'A'); + + /* flawfinder: ignore */ + (void) sl_strlcat (mailMsg, skey->crypt, msgbufsize); + /* flawfinder: ignore */ + memset (skey->crypt, 0, KEY_LEN); + isfirst = 0; + } + (void) sl_strlcat (mailMsg, "\r\n", msgbufsize); + + /* X(n) -> X(n-1) + */ + (void) sl_strlcpy (skey->mailkey_old, skey->mailkey_new, KEY_LEN+1); + + sl_snprintf(subject, sizeof(subject), _("%06d %010ld::%s\r\n"), + mailcount, (long) id_audit, sh.host.name); + + (void) sl_strlcat (mailMsg, subject, msgbufsize); + ++mailcount; + + (void) sl_strlcat (mailMsg, _("-----END MESSAGE-----"), msgbufsize); + + + + /* ---------- Connect ---------------------------------------- */ + + + + /* -- Catch (ignore) 'broken pipe'. + */ + new_act.sa_handler = SIG_IGN; + sigemptyset( &new_act.sa_mask ); /* set an empty mask */ + new_act.sa_flags = 0; /* init sa_flags */ + + (void) sigaction (SIGPIPE, &new_act, &old_act); + + i = 0; + errcount = 0; + + if (all_in_one == S_FALSE) + { + while (address_list[i] != NULL && i < address_num) + { + connfile = sh_mail_start_conn (i, &ma_socket); + + if (NULL != connfile) + { + wrlen = fwrite (mailMsg, 1, sl_strlen(mailMsg), + connfile); + wrlen -= sl_strlen(mailMsg); + if (wrlen == 0) + status = sh_mail_end_conn (connfile, ma_socket); + else + status = -1; + } + if (NULL == connfile || status != 0) + { + ma_block = 1; + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_SRV_FAIL, + _("mail"), address_list[i]); + ma_block = 0; + ++errcount; + ++sh.statistics.mail_failed; + } + else + { + ++sh.statistics.mail_success; + } + + if (connfile != NULL) + { + (void) fclose (connfile); + connfile = NULL; + } + ++i; + } + } + else + { + connfile = sh_mail_start_conn ( -9 , &ma_socket); + + if (NULL != connfile) + { + wrlen = fwrite (mailMsg, 1, sl_strlen(mailMsg), connfile); + wrlen -= sl_strlen(mailMsg); + if (wrlen == 0) + status = sh_mail_end_conn (connfile, ma_socket); + else + status = -1; + } + if (NULL == connfile || status != 0) + { + ma_block = 1; + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_SRV_FAIL, + _("mail"), address_list[0]); + ma_block = 0; + errcount = address_num; + ++sh.statistics.mail_failed; + } + else + { + ++sh.statistics.mail_success; + } + + if (connfile != NULL) + { + (void) fclose (connfile); + connfile = NULL; + } + } + + + memset (bufcompress, 0, combufsize); + MUNLOCK(bufcompress , combufsize); + SH_FREE(bufcompress); + + memset (mailMsg, 0, msgbufsize); + MUNLOCK(mailMsg , msgbufsize); + SH_FREE(mailMsg); + + /* --- Stay responsible for delivery in case of failure --- */ + + if (errcount == address_num && fifo_temp != NULL) + { + while ( (NULL != (popMsg = pop_list(fifo_temp))) ) + { + if (push_list (fifo_mail, popMsg) >= 0) + ++sh.mailNum.alarm_last; + SH_FREE(popMsg); + } + if (message != NULL) + { + if (fifo_mail == NULL) + { + fifo_mail = SH_ALLOC(sizeof(SH_FIFO)); + fifo_init(fifo_mail); + } + retval = push_list (fifo_mail, theMsg); + if (retval >= 0) + ++sh.mailNum.alarm_last; + if (retval == SH_FIFO_MAX) + retval = -2; + else + retval = -1; + } + } + else if (fifo_temp != NULL) + { + while ( (NULL != (popMsg = pop_list(fifo_temp))) ) + { + SH_FREE(popMsg); + } + } + if (fifo_temp != NULL) + SH_FREE(fifo_temp); + + /* + if (connfile != NULL) + fclose (connfile); + */ + + if (theMsg != NULL) + SH_FREE(theMsg); + + /* --- Reset signal. --- + */ + (void) sigaction (SIGPIPE, &old_act, NULL); + + if (errcount == address_num) + { + fail_time = time(NULL); + SL_RETURN((retval), _("sh_mail_msg")); + } + success_time = time(NULL); + failcount = 0; + + SL_RETURN((0), _("sh_mail_msg")); +} + + +/* + * + * SMTP CODE BELOW + * + * + */ + +#include +#ifdef HOST_IS_HPUX +#define _XOPEN_SOURCE_EXTENDED +#endif +#include +#include +#include +#include +#ifndef S_SPLINT_S +#include +#else +#define AF_INET 2 +#endif + +#define SH_NEED_GETHOSTBYXXX +#include "sh_static.h" + +/* missing on HP-UX 10.20 */ +#ifndef IPPORT_SMTP +#define IPPORT_SMTP 25 +#endif + +static int sh_mail_wait(int code, int ma_socket); + +static char * relay_host = NULL; + +int sh_mail_set_relay (const char * str_s) +{ + SL_ENTER(_("sh_mail_set_relay")); + + if (str_s == NULL) + SL_RETURN( -1, _("sh_mail_set_relay")); + + if (relay_host != NULL) + { + SH_FREE (relay_host); + relay_host = NULL; + } + + if (0 == sl_strncmp(str_s, _("NULL"), 4)) + { + SL_RETURN( 0, _("sh_mail_set_relay")); + } + + relay_host = sh_util_strdup(str_s); + + SL_RETURN( 0, _("sh_mail_set_relay")); +} + +static char * mail_sender = NULL; + +int sh_mail_set_sender (const char *str) +{ + if (mail_sender != NULL) + { + SH_FREE (mail_sender); + mail_sender = NULL; + } + if (str != NULL) + { + mail_sender = sh_util_strdup (str); + } + if (mail_sender == NULL) + { + return -1; + } + return 0; +} + + +/************************* + * + * start connection + * for details on SMTP, see RFC 821 + */ + +static time_t time_wait = 300; + +static FILE * sh_mail_start_conn (int aFlag, int * ma_socket) +{ + char * address; + + int ecount; + + char this_address[256]; + char ma_machine[256]; + char ma_user[256]; + char error_msg[256]; + char error_call[SH_MINIBUF]; + int error_num = 0; + register int i, j, k; + FILE * connFile = NULL; + struct tm * my_tm; +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) + struct tm time_tm; +#endif + time_t my_time; + char my_tbuf[128]; + + int fd; + + dnsrep * answers; + mx * result; + + SL_ENTER(_("sh_mail_start_conn")); + + *ma_socket = -1; + time_wait = 300; + + if (aFlag >= 0) + address = address_list[aFlag]; + else + address = address_list[0]; + + TPT(( 0, FIL__, __LINE__, _("msg=\n"), + aFlag, address)); + + /* ------- split adress ------------------ */ + + if (0 == strcmp(address, _("NULL"))) + { + SL_RETURN( NULL, _("sh_mail_start_conn")); + } + + if (strchr (address, '@') == NULL) { + (void) sl_strlcpy(ma_user, address, 256); + (void) sl_strlcpy(ma_machine, _("localhost"), 256); + } else { + i = 0; + while (i < 255 && address[i] != '@') { + ma_user[i] = address[i]; + ++i; + } + + /* adress[i] = '@' + */ + ma_user[i] = '\0'; + j = i + 1; k = i; i = 0; + while (i < 255 && address[i+j] != '\0') { + ma_machine[i] = address[i+j]; + ++i; + } + ma_machine[i] = '\0'; + if (address[k] != '@' || address[k+i+1] != '\0') + { + SL_RETURN( NULL, _("sh_mail_start_conn")); + } + } + + + if (relay_host != NULL) + { + (void) sl_strlcpy (ma_machine, relay_host, sizeof(ma_machine)); + TPT((0, FIL__, __LINE__, _("msg=\n"), + ma_user, ma_machine)); + fd = connect_port (ma_machine, IPPORT_SMTP, + error_call, &error_num, error_msg, 256); + } + else + { + answers = return_mx (ma_machine); + if (answers) + { + result = answers->reply; + fd = -1; + for (i = 0; i < answers->count; ++i) + { + (void) sl_strlcpy(ma_machine, result[i].address, + sizeof(ma_machine)); + TPT((0, FIL__, __LINE__, + _("msg=\n"), + ma_user, ma_machine, result[i].pref)); + fd = connect_port (ma_machine, IPPORT_SMTP, + error_call, &error_num, error_msg, 256); + if (fd >= 0) + break; + } + (void) free_mx(answers); + } + else + { + (void) sl_strlcpy(error_call, _("return_mx"), SH_MINIBUF); + (void) sl_strlcpy(error_msg, _("The specified host is unknown: "), + 256); + (void) sl_strlcat(error_msg, ma_machine, 256); + fd = -1; + } + } + + + if (fd < 0) + { + sh_error_handle ((-1), FIL__, __LINE__, error_num, + MSG_E_NET, error_msg, error_call, + _("email"), ma_machine); + SL_RETURN( NULL, _("sh_mail_start_conn")); + } + + /* associate a FILE structure with it + */ + connFile = fdopen (fd, "r+"); + if (connFile == NULL) + { + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + (void) close(fd); + SL_RETURN( NULL, _("sh_mail_start_conn")); + } + + + /* say HELO to the other socket + */ + if (0 == sh_mail_wait (220, fd)) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, + _("Timeout on SMTP session init"), + _("sh_mail_start_conn"), + _("mail"), sh.host.name); + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + (void) fclose(connFile); + SL_RETURN( NULL, _("sh_mail_start_conn")); + } + + (void) fflush(connFile); + + if (0 != is_numeric(sh.host.name)) + { + TPT(( 0, FIL__, __LINE__, _("msg=%c%c"), + sh.host.name, 13, 10)); + } + else + { + TPT(( 0, FIL__, __LINE__, _("msg=%c%c"), + sh.host.name, 13, 10)); + } + if (0 != is_numeric(sh.host.name)) + fprintf(connFile, _("HELO [%s]%c%c"), sh.host.name, 13, 10); + else + fprintf(connFile, _("HELO %s%c%c"), sh.host.name, 13, 10); + + (void) fflush(connFile); + + if (0 == sh_mail_wait(250, fd)) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, + _("HELO failed"), _("sh_mail_start_conn"), + _("mail"), sh.host.name); + + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + (void) fclose(connFile); + SL_RETURN( NULL, _("sh_mail_start_conn")); + } + + /* tell them who we are + */ + (void) sl_strlcpy (this_address, + mail_sender ? mail_sender : DEFAULT_SENDER, 256); + if (NULL == strchr(this_address, '@')) + { + (void) sl_strlcat (this_address, "@", 256); + if (0 != is_numeric(sh.host.name)) + (void) sl_strlcat (this_address, _("example.com"), 256); + else + (void) sl_strlcat (this_address, sh.host.name, 256); + } + + TPT(( 0, FIL__, __LINE__, _("msg=>%c%c"), + this_address, 13, 10)); + + (void) fflush(connFile); + /*@-usedef@*/ + fprintf(connFile, _("MAIL FROM:<%s>%c%c"), this_address, 13, 10); + /*@+usedef@*/ + (void) fflush(connFile); + + if (0 == sh_mail_wait(250, fd)) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, + _("MAIL FROM failed"), _("sh_mail_start_conn"), + _("mail"), this_address); + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + (void) fclose(connFile); + SL_RETURN( NULL, _("sh_mail_start_conn")); + } + + /* tell them who to send mail to + */ + if (aFlag >= 0) + { + TPT(( 0, FIL__, __LINE__, _("msg=>%c%c"), + address, 13, 10)); + + (void) fflush(connFile); + fprintf(connFile, _("RCPT TO:<%s>%c%c"), address, 13, 10); + (void) fflush(connFile); + + if (0 == sh_mail_wait(250, fd)) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, + _("RCPT TO failed"), _("sh_mail_start_conn"), + _("mail"), address); + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + (void) fclose(connFile); + SL_RETURN( NULL, _("sh_mail_start_conn")); + } + } + else + { + ecount = 0; + for (i = 0; i < address_num; ++i) + { + if (address_list[i] == NULL) /* paranoia */ + break; + TPT(( 0, FIL__, __LINE__, _("msg=>%c%c"), + address_list[i], 13, 10)); + + (void) fflush(connFile); + fprintf(connFile, _("RCPT TO:<%s>%c%c"), address_list[i], 13, 10); + (void) fflush(connFile); + + if (0 == sh_mail_wait(250, fd)) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, + _("RCPT TO failed"), _("sh_mail_start_conn"), + _("mail"), address_list[i]); + + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + ++ecount; + } + } + if (ecount == address_num) + { + (void) fclose(connFile); + SL_RETURN( NULL, _("sh_mail_start_conn")); + } + } + + /* Send the message + */ + TPT(( 0, FIL__, __LINE__, _("msg=%c%c"), 13, 10)); + + (void) fflush(connFile); + fprintf(connFile, _("DATA%c%c"), 13, 10); + (void) fflush(connFile); + + if (0 == sh_mail_wait(354, fd)) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, + _("DATA failed"), _("sh_mail_start_conn"), + _("mail"), address); + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + (void) fclose(connFile); + SL_RETURN( NULL, _("sh_mail_start_conn")); + } + + + my_time = time(NULL); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) + my_tm = localtime_r(&my_time, &time_tm); +#else + my_tm = localtime(&my_time); +#endif + (void) strftime(my_tbuf, 127, _("%a, %d %b %Y %H:%M:%S %Z"), my_tm); + + TPT(( 0, FIL__, __LINE__, _("msg=%c%cTo: <%s>%c%cDate: %s>%c%c"), + this_address, 13, 10, address, 13, 10, my_tbuf, 13, 10)); + + (void) fflush(connFile); + fprintf(connFile, + _("From: <%s>%c%c"\ + "To: <%s>%c%c"\ + "Date: %s%c%c"), + this_address, 13, 10, + address, 13, 10, + my_tbuf, 13, 10); + + *ma_socket = fd; + SL_RETURN( connFile, _("sh_mail_start_conn")); +} + +/************************* + * + * end connection + * + */ + +static int sh_mail_end_conn (FILE * connFile, int fd) +{ + SL_ENTER(_("sh_mail_end_conn")); + + time_wait = 300; + + (void) fflush(connFile); + fprintf(connFile, _("%c%c.%c%c"), 13, 10, 13, 10); + (void) fflush(connFile); + + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + + if (0 != sh_mail_wait(250, fd)) + { + (void) fflush(connFile); + fprintf(connFile, _("QUIT%c%c"), 13, 10); + (void) fflush(connFile); + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + + SL_RETURN (0, _("sh_mail_end_conn")); + } + + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, + _("QUIT failed"), _("sh_mail_end_conn"), + _("mail"), _("SMTP server")); + + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + + SL_RETURN ((-1), _("sh_mail_end_conn")); +} + + + +/**************************** + * + * Handle server replies + * + * + */ + +static int sh_mail_wait(int code, int ma_socket) +{ + int rcode, g; + + char c; + + char errmsg[128]; + + enum { + WAIT_CODE_START, + WAIT_CODE, + WAIT_NL, + WAIT_NL_CONT + } state; + + time_t waited_time; + + SL_ENTER(_("mail_wait")); + + waited_time = time(NULL); + + /* timeout after 5 minutes + */ + + rcode = 0; + state = WAIT_CODE_START; + + while (sl_read_timeout_fd (ma_socket, &c, 1, time_wait, SL_FALSE) > 0) { + + g = (int) c; + + /* + if (g == EOF) + { + TPT((0, FIL__, __LINE__, _("msg=\n"))); + SL_RETURN( 0, _("mail_wait")); + } + */ + + switch(state) { + + /* wait for start of a numerical code + */ + case WAIT_CODE_START: + if (0 != isspace(g)) + break; /* Skip white space */ + if (0 == isdigit(g)) + return 0; /* No leading number */ + rcode = g-(int)'0'; /* convert to number */ + state = WAIT_CODE; + break; + + /* wait for completion of numerical code + */ + case WAIT_CODE: + if (0 != isdigit(g)) { + rcode = rcode * 10 + (g-(int)'0'); /* next digit */ + break; + } + /*@+charintliteral@*/ + state = ((g == '-') ? WAIT_NL_CONT : WAIT_NL); + /*@-charintliteral@*/ + break; + + /* wait for newline, then return with status code + */ + case WAIT_NL: + /*@+charintliteral@*/ + if (g != '\n') + break; + /*@-charintliteral@*/ + + TPT((0, FIL__, __LINE__, + _("msg=\n"), + rcode, (int)(rcode/100), code, (int)(code/100) )); + g = ((int)(rcode/100) == (int)(code/100)) ? 1 : 0; + if (g != 1) + { + sl_snprintf(errmsg, sizeof(errmsg), + _("Bad response (%d), expected %d"), rcode, code); + + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, + errmsg, _("sh_mail_wait"), + _("mail"), _("SMTP server")); + } + waited_time = time(NULL) - waited_time; + time_wait -= waited_time; + TPT((0, FIL__, __LINE__, + _("msg=\n"), + (int) time_wait)); + SL_RETURN( (g), _("mail_wait")) ; + + /* wait for continuation line + */ + /*@fallthrough@*//* no, but splint doesn't understand */ + case WAIT_NL_CONT: + /*@+charintliteral@*/ + if (g == '\n') + state = WAIT_CODE_START; /* There is a continuation line */ + /*@-charintliteral@*/ + break; + + default: + + TPT((0, FIL__, __LINE__, _("msg=\n"))); + SL_RETURN( 0, _("mail_wait")); + + } + } + + TPT((0, FIL__, __LINE__, _("msg=\n"))); + + /* Failed, EOF or error on socket */ + SL_RETURN( 0, _("mail_wait")); +} + +/* -- function to insert "\r\n" after each 998 chars -- + */ + +#define SPLIT_AT 998 + +static char * split_string(char * str) +{ + size_t size; + size_t blocks; + int count = 0; + + char * p, * p0; + char * q; + + if (!str) + return NULL; + + size = strlen(str) + 1; + blocks = 1 + (size / SPLIT_AT); + + if (sl_ok_muls(2, blocks) && sl_ok_adds(size, (2*blocks))) + { + size = size + (2*blocks); + } + else + { + /* integer overflow, do not split */ + p = sh_util_strdup(str); + return p; + } + + p = SH_ALLOC(size); + memset(p, 0, size); + + p0 = p; + + q = str; + while (*q != '\0') { + *p = *q; + ++p; + ++q; + ++count; + if (0 == (count % SPLIT_AT)) { + count = 0; + *p = '\r'; + ++p; + *p = '\n'; + ++p; + } + } + /* fprintf(stderr, "used = %d\n", strlen(p0)); */ + + return p0; +} + + + +/***************************************************************** + * + * MX Resolver Routines + * + *****************************************************************/ + +#if defined(HAVE_ARPA_NAMESER_H) + +#include +#ifdef __APPLE__ +#define BIND_8_COMPAT 1 +#endif +#ifndef S_SPLINT_S +#include +#include +#endif +#include +#include +#ifndef S_SPLINT_S +#include +#endif + +#include "sh_tools.h" + +#ifndef HFIXEDSZ +#define HFIXEDSZ 12 +#endif +#ifndef QFIXEDSZ +#define QFIXEDSZ 4 +#endif + +/*@unused@*//* used in get_mx() which is not parsed by splint */ +static unsigned int get_short (unsigned char * loc) +{ + unsigned int retval = 0; + if (loc) + { + /* byte order: MSB first + */ + /*@+charint@*/ + retval = (((unsigned char) * loc) * 256) | ((unsigned char) * (loc + 1)); + /*@-charint@*/ + } + return (retval); +} + +/* parser errors with splint */ +#ifndef S_SPLINT_S +static dnsrep * get_mx (char *hostname) +{ + int ret, length, status; + mx * result; + size_t len; + + typedef union + { + HEADER head; + unsigned char buffer[4096]; + } querybuf; + + querybuf * reply; + char expanded[1024]; + unsigned char * comp_dn, * eom; + HEADER * header; + int type, rdlength, pref; + unsigned int count, theindex; + dnsrep * retval; + + SL_ENTER(_("get_mx")); + + if (0 != res_init ()) + SL_RETURN (NULL, _("get_mx")); + + reply = SH_ALLOC(sizeof(querybuf)); + + errno = 0; + length = res_query (hostname, C_IN, T_MX, + (unsigned char *) reply, 4095); + if (length < 1) + { + char errbuf[SH_ERRBUF_SIZE]; + + /* error handling + */ + if (length == -1) + { + if (errno == ECONNREFUSED) + status = ECONNREFUSED; + else + status = h_errno; + +#ifdef FIL__ + sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN, + (errno == ECONNREFUSED) ? + sh_error_message (status, errbuf, sizeof(errbuf)) : + sh_tools_errmessage(status, errbuf, sizeof(errbuf)), + _("res_query")); +#else + if (errno == ECONNREFUSED) + fprintf(stderr, " ERROR: %s: \n", strerror(errno)); /* TESTONLY */ + else + fprintf(stderr, "HERROR: %s\n", hstrerror(h_errno));/* TESTONLY */ +#endif + } + SH_FREE(reply); + SL_RETURN (NULL, _("get_mx")); + } + + ret = 0; + header = (HEADER *) reply; + + /* start of data section + */ + comp_dn = (unsigned char *) reply + HFIXEDSZ; + + /* end-of-message + */ + eom = (unsigned char *) reply + length; + + /* HEADER NAME -- must be skipped or decompressed + * TYPE -- type of data we got back, 16 bit integer + * CLASS -- class we got back, also a 16 bit integer + * TTL -- 32 bit time-to-live. just skip this + * RDLENGTH -- length of the data to follow + * RDATA -- the data: + * PREF -- 16 bit preference + * MX -- name of mail exchanger, must be decompressed + */ + + /* Skip the query data. + * QDCOUNT is the number of entries (unsigned 16 bit int). + */ + count = ntohs (header->qdcount); + for (theindex = 0; theindex < count; ++theindex) + { + ret = dn_skipname (comp_dn, eom); + comp_dn += ret + QFIXEDSZ; + if (ret < 1 || comp_dn >= eom) + { + SH_FREE(reply); + SL_RETURN (NULL, _("get_mx")); + } + } + count = ntohs (header->ancount); + if (count < 1) + { + SH_FREE(reply); + SL_RETURN (NULL, _("get_mx")); + } + + retval = SH_ALLOC (sizeof (dnsrep)); + if (!retval) + { + SH_FREE(reply); + SL_RETURN (NULL, _("get_mx")); + } + + retval->count = count; + + /* allocate space for the results */ + + if (!sl_ok_muls(count, sizeof (mx))) + { + SH_FREE(reply); + SH_FREE (retval); + SL_RETURN (NULL, _("get_mx")); + } + + result = SH_ALLOC (count * sizeof (mx)); + + if (!result) + { + SH_FREE(reply); + SH_FREE (retval); + SL_RETURN (NULL, _("get_mx")); + } + retval->reply = result; + + do + { + /* HEADER NAME + */ + ret = dn_expand ((unsigned char *) &reply, eom, comp_dn, + (char *) expanded, 1023); + comp_dn += ret; + if (ret < 1 || comp_dn >= eom) + { + SH_FREE(reply); + SH_FREE (result); + SH_FREE (retval); + SL_RETURN (NULL, _("get_mx")); + } + + /* TYPE + */ + type = get_short (comp_dn); + comp_dn += 2; + if (type != T_MX || comp_dn >= eom) + { + SH_FREE(reply); + SH_FREE (result); + SH_FREE (retval); + SL_RETURN (NULL, _("get_mx")); + } + + /* CLASS (re-use 'type' var) + */ + type = get_short (comp_dn); + comp_dn += 2; + if (comp_dn >= eom) + { + SH_FREE(reply); + SH_FREE (result); + SH_FREE (retval); + SL_RETURN (NULL, _("get_mx")); + } + + /* TTL + */ + comp_dn += 4; + if (comp_dn >= eom) + { + SH_FREE(reply); + SH_FREE (result); + SH_FREE (retval); + SL_RETURN (NULL, _("get_mx")); + } + + /* RDLENGTH + */ + rdlength = get_short (comp_dn); + comp_dn += 2; + if (rdlength < 1 || comp_dn >= eom) + { + SH_FREE(reply); + SH_FREE (result); + SH_FREE (retval); + SL_RETURN (NULL, _("get_mx")); + } + + /* RDATA + */ + pref = get_short (comp_dn); + comp_dn += 2; + if (comp_dn >= eom) + { + SH_FREE(reply); + SH_FREE (result); + SH_FREE (retval); + SL_RETURN (NULL, _("get_mx")); + } + + ret = dn_expand ((unsigned char *) &reply, eom, comp_dn, + (char *) expanded, 1023); + comp_dn += ret; + if (ret < 1) + { + SH_FREE(reply); + SH_FREE (result); + SH_FREE (retval); + SL_RETURN (NULL, _("get_mx")); + } + count--; + + /* fill in the struct + */ + result[count].pref = pref; + len = strlen (expanded) + 1; + result[count].address = SH_ALLOC (len); + sl_strlcpy (result[count].address, expanded, len); + } + while (ret > 0 && comp_dn < eom && count); + + SH_FREE(reply); + SL_RETURN (retval, _("get_mx")); +} +/* ifndef S_SPLINT_S */ +#endif + +/* #if defined(HAVE_ARPA_NAMESER_H) */ +#endif + + +static int comp_mx_pref (const void * a, const void * b) +{ + const mx * ax = (const mx *) a; + const mx * bx = (const mx *) b; + + if (ax->pref > bx->pref) + return 1; + else if (ax->pref < bx->pref) + return -1; + else + return 0; +} + +/* + * return_mx returns a list of valid mail exchangers for domain + */ +static dnsrep * return_mx (char *domain) +{ + struct hostent *host; + dnsrep * answers = NULL; + mx * result; + dnsrep * retval; + char errmsg[128]; + size_t len; + + SL_ENTER(_("return_mx")); + +#if defined(HAVE_ARPA_NAMESER_H) + if (domain != NULL) + answers = /*@-unrecog@*/get_mx (domain)/*@+unrecog@*/; +#endif + + if (answers != NULL && answers->count > 0) + { + qsort(answers->reply, (size_t) answers->count, sizeof(mx), + comp_mx_pref); + SL_RETURN (answers, _("return_mx")); + } + else + { + if (domain != NULL) + { +#if defined(HAVE_ARPA_NAMESER_H) +#ifdef FIL__ + (void) sl_strlcpy (errmsg, _("No MX record for domain "), 127); + (void) sl_strlcat (errmsg, domain, 127); + sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, + errmsg, + _("get_mx")); +#else + /* flawfinder: ignore *//* test code only */ + strcpy (errmsg, /* known to fit */ + _("No MX record for domain ")); + strncat (errmsg, domain, 100); + errmsg[122] = '\0'; + fprintf(stderr, "Warning: %s\n", errmsg); +#endif +#endif + } + + SH_MUTEX_LOCK(mutex_resolv); + + host = NULL; + retval = NULL; + + if (domain != NULL) + host = /*@-unrecog@*/sh_gethostbyname (domain)/*@+unrecog@*/; + + if (host) + { + result = SH_ALLOC (sizeof (mx)); + retval = SH_ALLOC (sizeof (dnsrep)); + retval->reply = result; + retval->count = 1; + result->pref = 0; + /*@-type@*/ + len = strlen (host->h_name) + 1; + result->address = SH_ALLOC (len); + sl_strlcpy (result->address, host->h_name, len); + /*@+type@*/ + } + SH_MUTEX_UNLOCK(mutex_resolv); + + if (!host) + { +#ifdef FIL__ + (void) sl_strlcpy (errmsg, _("Unknown host "), 127); + (void) sl_strlcat (errmsg, domain, 127); + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + errmsg, + _("return_mx")); +#endif + SL_RETURN (NULL, _("return_mx")); + } + + SL_RETURN (retval, _("return_mx")); + } +} + +static int free_mx (dnsrep * answers) +{ + mx * result; + int i; + + SL_ENTER(_("free_mx")); + if (!answers) + SL_RETURN (0, _("return_mx")); + + result = answers->reply; + for (i = 0; i < answers->count; ++i) + { + SH_FREE (result[i].address); + } + SH_FREE(result); + SH_FREE(answers); + SL_RETURN (0, _("return_mx")); +} + +#ifdef TEST_ONLY +int main(int argc, char * argv[]) +{ + int i; + dnsrep * answers; + mx * result; + + if (argc < 2) + { + fprintf(stderr, "Usage: dns \n"); + return -1; + } + answers = return_mx(argv[1]); + + if (!answers) + { + fprintf(stderr, "No answer\n"); + return -1; + } + + if (answers->count > 0) + { + result = answers->reply; + for (i = 0; i < answers->count; ++i) + { + fprintf(stderr, "Record %3d: [%3d] %s\n", i, + result[i].pref, result[i].address); + } + } + else + { + fprintf(stderr, "No answer\n"); + free_mx(answers); + return -1; + } + free_mx(answers); + return (0); +} +#endif + + + +/* if defined(SH_WITH_MAIL) */ +#endif + + + Index: /tags/2.5.0/src/sh_mem.c =================================================================== --- /tags/2.5.0/src/sh_mem.c (revision 189) +++ /tags/2.5.0/src/sh_mem.c (revision 189) @@ -0,0 +1,370 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999, 2000 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +#if defined(HAVE_PTHREAD_MUTEX_RECURSIVE) +#define _XOPEN_SOURCE 500 +#endif + +#include +#include +#include +#include +#include + + +#ifdef HAVE_MEMORY_H +#include +#endif + +#define SH_REAL_SET + +#include "samhain.h" +#include "sh_error.h" +#include "sh_utils.h" +#include "sh_mem.h" +#include "sh_pthread.h" + +extern int safe_logger (int thesignal, int method, char * details); + +#undef FIL__ +#define FIL__ _("sh_mem.c") + +#ifdef MEM_DEBUG + +#define CHECKBYTE 0x7F + +/* Memory alignment; should be 16 bytes on 64 bit machines. + * -> 32 bytes overhead/allocation + */ +#define SH_MEMMULT 16 + + +typedef struct mem_struct { + struct mem_struct *next; /* link to next struct */ + char * real_address; /* address assigned */ + char * address; /* address returned */ + unsigned long size; /* size allocated */ + char file[20]; /* Allocation file name */ + int line; /* Allocation line number */ +} memlist_t; + +memlist_t * memlist = NULL; + +int Free_Count = 0, Alloc_Count = 0; +int Now_Alloc_Count = 0, Max_Alloc_Count = 0; +unsigned long Mem_Current = 0, Mem_Max = 0; + +#ifdef HAVE_PTHREAD +SH_MUTEX_RECURSIVE(mutex_mem); +#endif + +/* define MEM_LOG to an absolute filename to enable this */ +#ifdef MEM_LOG +void sh_mem_dump () +{ + memlist_t * this = memlist; + FILE * fd; + + SH_MUTEX_RECURSIVE_INIT(mutex_mem); + SH_MUTEX_RECURSIVE_LOCK(mutex_mem); + + fd = fopen(MEM_LOG, "w"); + if (!fd) + { + perror(MEM_LOG); + _exit(EXIT_FAILURE); + } + + while (this != NULL) + { + fprintf (fd, "## %20s %5d %ld\n", this->file, this->line, this->size); + fprintf (fd, "%10p %8ld\n", (void *)this->address, this->size); + this = this->next; + } + fclose(fd); + + SH_MUTEX_RECURSIVE_UNLOCK(mutex_mem); + _exit(EXIT_SUCCESS); +} +#else +void sh_mem_dump () +{ + return; +} +#endif + +void sh_mem_stat () +{ + memlist_t * this; + + + SL_ENTER(_("sh_mem_stat")); + + SH_MUTEX_RECURSIVE_INIT(mutex_mem); + SH_MUTEX_RECURSIVE_LOCK(mutex_mem); + + if (Alloc_Count == Free_Count) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_MSTAMP, + Mem_Max, Mem_Current); + goto out; + } + + sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, 0, MSG_MSTAMP2, + Alloc_Count, Free_Count, Max_Alloc_Count); + sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, 0, MSG_MSTAMP, + Mem_Max, Mem_Current); + + this = memlist; + + while (this != NULL) + { + sh_error_handle (SH_ERR_WARN, FIL__, __LINE__, 0, MSG_E_NOTFREE, + this->size, this->file, this->line); + this = this->next; + } + out: + ; /* label at end of compound statement */ + SH_MUTEX_RECURSIVE_UNLOCK(mutex_mem); + SL_RET0(_("sh_mem_stat")); +} + +void sh_mem_check () +{ + memlist_t * this; + long nerr = 0; + + SL_ENTER(_("sh_mem_check")); + + SH_MUTEX_RECURSIVE_INIT(mutex_mem); + SH_MUTEX_RECURSIVE_LOCK(mutex_mem); + + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_MSTAMP, + Mem_Max, Mem_Current); + + this = memlist; + + while (this != NULL) + { + if ( this->address == NULL ) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MNULL); + ++nerr; + } + else + { + if ( this->address[this->size] != CHECKBYTE ) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MOVER, + this->file, this->line, FIL__, __LINE__); + ++nerr; + } + if ( this->real_address[SH_MEMMULT-1] != CHECKBYTE ) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MUNDER, + this->file, this->line, FIL__, __LINE__); + ++nerr; + } + } + this = this->next; + } + + + SH_MUTEX_RECURSIVE_UNLOCK(mutex_mem); + SL_RET0(_("sh_mem_check")); +} + +void * sh_mem_malloc (size_t size, char * file, int line) +{ + void * the_realAddress; + void * theAddress; + memlist_t * this; + + SL_ENTER(_("sh_mem_malloc")); + + SH_MUTEX_RECURSIVE_INIT(mutex_mem); + SH_MUTEX_RECURSIVE_LOCK(mutex_mem); + the_realAddress = malloc(size + 2 * SH_MEMMULT); + + if ( the_realAddress == NULL ) + { + (void) safe_logger (0, 0, NULL); + + /* use _exit() rather than exit() - we malloc() in atexit() functions + */ + _exit (EXIT_FAILURE); + } + + /* --- Set check bytes. --- + */ + theAddress = ((char *) the_realAddress + SH_MEMMULT); + + memset(the_realAddress, CHECKBYTE, SH_MEMMULT); + memset(theAddress, CHECKBYTE, size + 1); + memset(theAddress, 0, 1); + + ++Alloc_Count; + ++Now_Alloc_Count; + + if (Max_Alloc_Count < Now_Alloc_Count) + Max_Alloc_Count = Now_Alloc_Count; + + Mem_Current += size; + Mem_Max = ( (Mem_Current > Mem_Max) ? Mem_Current : Mem_Max); + + this = (memlist_t *) malloc (sizeof(memlist_t)); + + if ( this == NULL) + { + (void) safe_logger(0, 0, NULL); + + _exit(EXIT_FAILURE); + } + else + { + /* make list entry */ + + this->real_address = the_realAddress; + this->address = theAddress; + this->size = size; + this->line = line; + sl_strlcpy(this->file, file, 20); + + this->next = memlist; + memlist = this; + } + + SH_MUTEX_RECURSIVE_UNLOCK(mutex_mem); + SL_RETURN( theAddress, _("sh_mem_malloc")); +} + + +void sh_mem_free (void * aa, char * file, int line) +{ + memlist_t * this; + memlist_t * before; + unsigned long size = 0; + void * a; + SL_ENTER(_("sh_mem_free")); + + SH_MUTEX_RECURSIVE_INIT(mutex_mem); + SH_MUTEX_RECURSIVE_LOCK(mutex_mem); + + a = aa; + this = memlist; + before = memlist; + + if ( a == NULL ) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MNULL, + file, line); + goto out; + } + + /* -- Find record. -- + */ + while (this != NULL) + { + if (this->address == a) + break; + before = this; + this = this->next; + } + + if (this == NULL) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MREC, + file, line); + goto out; + } + else + { + a = this->real_address; + + if ( this->address[this->size] != CHECKBYTE ) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MOVER, + this->file, this->line, file, line); + } + if ( this->real_address[SH_MEMMULT-1] != CHECKBYTE ) + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MUNDER, + this->file, this->line, file, line); + + size = this->size; + + if (this == memlist) + memlist = this->next; + else + before->next = this->next; + } + + free(a); + if (this) + free(this); + ++Free_Count; + --Now_Alloc_Count; + + Mem_Current -= size; + out: + ; /* label at end of compound statement */ + SH_MUTEX_RECURSIVE_UNLOCK(mutex_mem); + SL_RET0(_("sh_mem_free")); +} + +#else + +void sh_mem_free (void * a) +{ + SL_ENTER(_("sh_mem_free")); + + if (a) + { + free(a); + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MNULL); + } + SL_RET0(_("sh_mem_free")); +} + +void * sh_mem_malloc (size_t size) +{ + void * theAddress; + + SL_ENTER(_("sh_mem_malloc")); + + theAddress = malloc(size); + + if ( theAddress != NULL ) + { + SL_RETURN( theAddress, _("sh_mem_malloc")); + } + else + { + (void) safe_logger(0, 0, NULL); + + /* use _exit() rather than exit() - we malloc() in atexit() + */ + _exit (EXIT_FAILURE); + } +} +#endif Index: /tags/2.5.0/src/sh_modules.c =================================================================== --- /tags/2.5.0/src/sh_modules.c (revision 189) +++ /tags/2.5.0/src/sh_modules.c (revision 189) @@ -0,0 +1,166 @@ +#include "config_xor.h" + +#include +#include + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + +#include "sh_modules.h" +#include "sh_pthread.h" + +#include "sh_utmp.h" +#include "sh_mounts.h" +#include "sh_userfiles.h" +#include "sh_kern.h" +#include "sh_suidchk.h" +#include "sh_processcheck.h" +#include "sh_portcheck.h" +#include "sh_logmon.h" + +sh_mtype modList[] = { +#ifdef SH_USE_UTMP + { + N_("UTMP"), + -1, + sh_utmp_init, + sh_utmp_timer, + sh_utmp_check, + sh_utmp_end, + sh_utmp_reconf, + + N_("[Utmp]"), + sh_utmp_table, + PTHREAD_MUTEX_INITIALIZER, + }, +#endif + +#ifdef SH_USE_MOUNTS + { + N_("MOUNTS"), + -1, + sh_mounts_init, + sh_mounts_timer, + sh_mounts_check, + sh_mounts_cleanup, + sh_mounts_reconf, + + N_("[Mounts]"), + sh_mounts_table, + PTHREAD_MUTEX_INITIALIZER, + }, +#endif + +#ifdef SH_USE_USERFILES + { + N_("USERFILES"), + -1, + sh_userfiles_init, + sh_userfiles_timer, + sh_userfiles_check, + sh_userfiles_cleanup, + sh_userfiles_reconf, + + N_("[UserFiles]"), + sh_userfiles_table, + PTHREAD_MUTEX_INITIALIZER, + }, +#endif + +#ifdef SH_USE_KERN + { + N_("KERNEL"), + -1, + sh_kern_init, + sh_kern_timer, + sh_kern_check, + sh_kern_end, + sh_kern_null, + + N_("[Kernel]"), + sh_kern_table, + PTHREAD_MUTEX_INITIALIZER, + }, +#endif + +#ifdef SH_USE_SUIDCHK + { + N_("SUIDCHECK"), + -1, + sh_suidchk_init, + sh_suidchk_timer, + sh_suidchk_check, + sh_suidchk_end, + sh_suidchk_reconf, + + N_("[SuidCheck]"), + sh_suidchk_table, + PTHREAD_MUTEX_INITIALIZER, + }, +#endif + +#ifdef SH_USE_PROCESSCHECK + { + N_("PROCESSCHECK"), + -1, + sh_prochk_init, + sh_prochk_timer, + sh_prochk_check, + sh_prochk_cleanup, + sh_prochk_reconf, + + N_("[ProcessCheck]"), + sh_prochk_table, + PTHREAD_MUTEX_INITIALIZER, + }, +#endif + +#ifdef SH_USE_PORTCHECK + { + N_("PORTCHECK"), + -1, + sh_portchk_init, + sh_portchk_timer, + sh_portchk_check, + sh_portchk_cleanup, + sh_portchk_reconf, + + N_("[PortCheck]"), + sh_portchk_table, + PTHREAD_MUTEX_INITIALIZER, + }, +#endif + +#ifdef USE_LOGFILE_MONITOR + { + N_("LOGMON"), + -1, + sh_log_check_init, + sh_log_check_timer, + sh_log_check_check, + sh_log_check_cleanup, + sh_log_check_reconf, + + N_("[Logmon]"), + sh_log_check_table, + PTHREAD_MUTEX_INITIALIZER, + }, +#endif + + { + NULL, + -1, + + NULL, + NULL, + NULL, + NULL, + NULL, + + NULL, + NULL, + PTHREAD_MUTEX_INITIALIZER, + }, +}; + +#endif + Index: /tags/2.5.0/src/sh_mounts.c =================================================================== --- /tags/2.5.0/src/sh_mounts.c (revision 189) +++ /tags/2.5.0/src/sh_mounts.c (revision 189) @@ -0,0 +1,824 @@ +/* + * File: sh_mounts.c + * Desc: A module for Samhain; checks for mounts present and options on them. + * Auth: Cian Synnott + * + */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + + +/* Used in the call tracing macros to keep track of where we are in the code */ +#undef FIL__ +#define FIL__ _("sh_mounts.c") + + +#include "samhain.h" +#include "sh_utils.h" +#include "sh_error.h" +#include "sh_modules.h" +#include "sh_mounts.h" + +#ifdef SH_USE_MOUNTS +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + +/* + * #ifdef HAVE_STRING_H + * #include + * #endif + */ + +#ifdef TM_IN_SYS_TIME +#include +#else +#include +#endif + +/* Prototypes for configuration functions */ +int sh_mounts_config_activate (const char * opt); +int sh_mounts_config_timer (const char * opt); +int sh_mounts_config_mount (const char * opt); +int sh_mounts_config_sevmnt (const char * opt); +int sh_mounts_config_sevopt (const char * opt); + +/* Prototype for the function to read info on mounted filesystems */ +static struct sh_mounts_mnt *readmounts(void); + +/* Table for configuration options, and pointers to the functions that will + * configure them. Each function is passed the string resulting from stripping + * the option and the "equals" from the config file; e.g. MountCheckActive=1 in + * the configuration file will result in the string "1" being passed to + * sh_mounts_config_activate() */ +sh_rconf sh_mounts_table[] = { + { + N_("mountcheckactive"), + sh_mounts_config_activate + }, + { + N_("mountcheckinterval"), + sh_mounts_config_timer + }, + { + N_("checkmount"), + sh_mounts_config_mount + }, + { + N_("severitymountmissing"), + sh_mounts_config_sevmnt + }, + { + N_("severityoptionmissing"), + sh_mounts_config_sevopt + }, + { + NULL, + NULL + }, +}; + +/* Structures for storing my configuration information, and functions for + * manipulating them */ +struct sh_mounts_mnt { + char * path; + struct sh_mounts_opt * opts; + struct sh_mounts_mnt * next; +}; + +struct sh_mounts_opt { + char * opt; + struct sh_mounts_opt * next; +}; + +/* Return the mount structure whose path matches 'mnt' or NULL if not found */ +static +struct sh_mounts_mnt *sh_mounts_mnt_member(struct sh_mounts_mnt *m, char *mnt) +{ + struct sh_mounts_mnt *it; + + for (it = m; it != NULL; it = it->next) { + if (0 == sl_strcmp(it->path, mnt)) { + return it; + } + } + return NULL; +} + +/* Return the opt structure whose option matches 'opt' or NULL if not found */ +static +struct sh_mounts_opt *sh_mounts_opt_member(struct sh_mounts_opt *o, char *opt) +{ + struct sh_mounts_opt *it; + + for (it = o; it != NULL; it = it->next) { + /* if (!strcmp(it->opt, opt)) { */ + if (0 == sl_strcmp(it->opt, opt)) { + return it; + } + } + return NULL; +} + +static +void sh_mounts_opt_free(struct sh_mounts_opt *o) { + if (o != NULL) { + sh_mounts_opt_free(o->next); + SH_FREE(o->opt); + SH_FREE(o); + } +} + +static +void sh_mounts_mnt_free(struct sh_mounts_mnt *m) { + if (m != NULL) { + sh_mounts_mnt_free(m->next); + sh_mounts_opt_free(m->opts); + SH_FREE(m->path); + SH_FREE(m); + } +} + +/* Some configuration variables I'll be using */ +static time_t lastcheck = (time_t) 0; +static int ShMountsActive = S_FALSE; +static time_t ShMountsInterval = 86400; +static int ShMountsSevMnt = 7; +static int ShMountsSevOpt = 7; + +static struct sh_mounts_mnt *mountlist = NULL; + +/* Module initialisation + * This is called once at the start of each samhain run. + * Non-configuration setup code should be placed here. */ +int sh_mounts_init (struct mod_type * arg) +{ + (void) arg; + SL_ENTER(_("sh_mounts_init")); + + /* This is a little odd. Because we've built the configured mount list at + * this point, if we've set the module inactive, we need to free the list - + * otherwise when we reconf() with it set active, we'll end up with a + * duplicated list. Interesting. */ + if (ShMountsActive == S_FALSE) { + sh_mounts_mnt_free(mountlist); + mountlist = NULL; + SL_RETURN(-1, _("sh_mounts_init")); + } + + SL_RETURN(0, _("sh_mounts_init")); +} + +/* Module timer + * This timer function is called periodically with the current time to see if + * it is time to run the module's "check" function. On nonzero return, the + * check is run. */ +int sh_mounts_timer (time_t tcurrent) +{ + SL_ENTER(_("sh_mounts_timer")); + + if ((time_t) (tcurrent - lastcheck) >= ShMountsInterval) { + lastcheck = tcurrent; + SL_RETURN(-1, _("sh_mounts_timer")); + } + + SL_RETURN(0, _("sh_mounts_timer")); +} + +/* Module check + * The business end of things. This is the actual check code for this module. + * Everything you want to do periodically should go here. */ +int sh_mounts_check () +{ + struct sh_mounts_mnt *memlist; + struct sh_mounts_mnt *cfgmnt, *mnt; + struct sh_mounts_opt *cfgopt, *opt; + + SL_ENTER(_("sh_mounts_check")); + + /* Log the check run. For each message type you want, you need to define it + * as an enum in sh_cat.h, and then set it up in terms of priority and format + * string in sh_cat.c */ + sh_error_handle(-1, FIL__, __LINE__, 0, MSG_MNT_CHECK); + + /* Read the list of mounts from memory */ + memlist = readmounts(); + + if (memlist == NULL) { + sh_error_handle(-1, FIL__, __LINE__, 0, MSG_MNT_MEMLIST); + } + + /* For each mount we are configured to check, run through the list of mounted + * filesystems and compare the pathnames */ + for (cfgmnt = mountlist; cfgmnt != NULL; cfgmnt = cfgmnt->next) { + mnt = sh_mounts_mnt_member(memlist, cfgmnt->path); + + if (mnt) { + for (cfgopt = cfgmnt->opts; cfgopt != NULL; cfgopt = cfgopt->next) { + opt = sh_mounts_opt_member(mnt->opts, cfgopt->opt); + + if (!opt) { + sh_error_handle(ShMountsSevOpt, FIL__, __LINE__, 0, MSG_MNT_OPTMISS, + cfgmnt->path, cfgopt->opt); + } + } + } + + else { + sh_error_handle(ShMountsSevMnt, FIL__, __LINE__, 0, MSG_MNT_MNTMISS, + cfgmnt->path); + } + } + + /* Make sure to clean up after ourselves */ + sh_mounts_mnt_free(memlist); + + SL_RETURN(0, _("sh_mounts_check")); +} + +/* Module cleanup + * The end of the tour - when samhain is shutting down, this is run. */ +int sh_mounts_cleanup () +{ + SL_ENTER(_("sh_mounts_cleanup")); + sh_mounts_mnt_free(mountlist); + mountlist = NULL; + SL_RETURN( (0), _("sh_mounts_cleanup")); +} + +/* Module reconfiguration + * Run on receipt of a HUP. + */ +int sh_mounts_reconf() +{ + SL_ENTER(_("sh_mounts_null")); + sh_mounts_mnt_free(mountlist); + mountlist = NULL; + + /* re-set defaults + */ + ShMountsActive = S_FALSE; + ShMountsInterval = 86400; + ShMountsSevMnt = 7; + ShMountsSevOpt = 7; + + SL_RETURN( (0), _("sh_mounts_null")); +} + +/* Module configuration + * These functions are called when the configuration file is being parsed. */ + +/* Configure to check a particular mount */ +int sh_mounts_config_mount (const char * opt_in) +{ + struct sh_mounts_mnt *m; + struct sh_mounts_opt *o; + char *sp, *temp, *opt; + + SL_ENTER(_("sh_mounts_config_mount")); + + /* It's probably best to make a copy of opt before messing about with it + * via string functions. Good practice and all that. */ + temp = sh_util_strdup(opt_in); + + /* Since we're going to "consume" this new buffer, it'll be good to have a + * reference to it's allocated memory so we can free it later. Let's use + * temp for that, and "opt" for consumption */ + opt = temp; + + m = (struct sh_mounts_mnt *) SH_ALLOC(sizeof(struct sh_mounts_mnt)); + + /* First, strip out the mount path. */ + m->path = sh_util_strdup(sh_util_strsep(&opt, " \t")); + m->opts = NULL; + + /* Now get all of the mount options - they can be delimited by comma or + * whitespace */ + while (opt != NULL) { + sp = sh_util_strsep(&opt, ", \t"); + + /* This just catches multiple separators appearing together */ + if (*sp == '\0') { + continue; + } + + o = (struct sh_mounts_opt *) SH_ALLOC(sizeof(struct sh_mounts_opt)); + o->next = m->opts; + m->opts = o; + + o->opt = sh_util_strdup(sp); + } + + /* Add to the list of configured mounts */ + m->next = mountlist; + mountlist = m; + + /* Free the string buffer we allocated earlier */ + SH_FREE(temp); + + SL_RETURN(0, _("sh_mounts_config_mount")); +} + +/* Simply sets our boolean as to whether this module is active */ +int sh_mounts_config_activate (const char * opt) +{ + int i; + SL_ENTER(_("sh_mounts_config_activate")); + i = sh_util_flagval(opt, &ShMountsActive); + SL_RETURN(i, _("sh_mounts_config_activate")); +} + +/* Sets up our timer */ +int sh_mounts_config_timer (const char * opt) +{ + long val; + int retval = 0; + + SL_ENTER(_("sh_mounts_config_timer")); + val = strtol (opt, (char **)NULL, 10); + if (val <= 0) + { + sh_error_handle (-1, FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("mounts timer"), opt); + retval = -1; + } + val = (val <= 0 ? 86400 : val); + + ShMountsInterval = (time_t) val; + + SL_RETURN(retval, _("sh_mounts_config_timer")); +} + +/* Configure severity for "mount missing" messages */ +int sh_mounts_config_sevmnt (const char * opt) +{ + int retval = 0; + char tmp[32]; + + + SL_ENTER(_("sh_mounts_config_sevmnt")); + tmp[0] = '='; tmp[1] = '\0'; + (void) sl_strlcat (tmp, opt, 32); + retval = sh_error_set_level (tmp, &ShMountsSevMnt); + SL_RETURN(retval, _("sh_mounts_config_sevmnt")); +} + +int sh_mounts_config_sevopt (const char * opt) +{ + int retval = 0; + char tmp[32]; + + SL_ENTER(_("sh_mounts_config_sevopt")); + tmp[0] = '='; tmp[1] = '\0'; + (void) sl_strlcat (tmp, opt, 32); + retval = sh_error_set_level (tmp, &ShMountsSevOpt); + SL_RETURN(retval, _("sh_mounts_config_sevopt")); +} + + +/* + * Below here we have the code for actually reading options on mounted fs's + * I've just got code here to work on FreeBSD, Linux and Solaris. I'm sure + * others could be added. Note that some small bits of the OS-specific code + * are from mountlist.c in GNU fileutils. + */ + +/* FreeBSD includes */ +#if defined(HOST_IS_FREEBSD) || defined(HOST_IS_OPENBSD) +#include +#include +#include +#endif + +/* Linux includes */ +#ifdef HOST_IS_LINUX +#include +#include +#endif + +/* Solaris includes */ +#ifdef HOST_IS_SOLARIS +#include +#include +#endif + +/* HP_UX includes */ +#ifdef HOST_IS_HPUX +#include +#include +#endif + +/* AIX includes and helper routines (from gnome-vfs-unix-mounts.c */ +#if 0 +#ifdef HOST_IS_AIX +#include +#include +#include + +/* gnome-vfs-unix-mounts.c - read and monitor fstab/mtab + + Copyright (C) 2003 Red Hat, Inc + + The Gnome Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public License as + published by the Free Software Foundation; either version 2 of the + License, or (at your option) any later version. + + The Gnome Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Library General Public + License along with the Gnome Library; see the file COPYING.LIB. If not, + write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. + + Author: Alexander Larsson +*/ + +/* read character, ignoring comments (begin with '*', end with '\n' */ +static int aix_fs_getc (FILE *fd) +{ + int c; + + while ((c = getc (fd)) == '*') { + while (((c = getc (fd)) != '\n') && (c != EOF)) {} /* do nothing */ + } +} + +/* eat all continuous spaces in a file */ +static int aix_fs_ignorespace (FILE *fd) +{ + int c; + + while ((c = aix_fs_getc (fd)) != EOF) { + if (! (isascii(c) && isspace (c)) ) { + ungetc (c,fd); + return c; + } + } + + return EOF; +} + +/* read one word from file */ +static int aix_fs_getword (FILE *fd, char *word, int len) +{ + int c; + int i = 0; + + --len; + + aix_fs_ignorespace (fd); + + while (((c = aix_fs_getc (fd)) != EOF) && !( isascii(c) && isspace(c) )) + { + if (c == '"') + { + while (((c = aix_fs_getc (fd)) != EOF) && (c != '"')) + { + *word++ = c; ++i; + if (i == len) + break; + } + } + else + { + *word++ = c; ++i; + } + if (i == len) + break; + } + *word = 0; + + return c; +} + +/* PATH_MAX is in sys/limits.h, included via stdio.h + */ +typedef struct { + char mnt_mount[PATH_MAX]; + char mnt_special[PATH_MAX]; + char mnt_fstype[16]; + char mnt_options[128]; +} AixMountTableEntry; + +/* read mount points properties */ +static int aix_fs_get (FILE *fd, AixMountTableEntry *prop) +{ + /* Need space for PATH_MAX + ':' (terminating '\0' is in PATH_MAX; SUSv3) + */ + static char word[PATH_MAX+1] = { 0 }; + char value[PATH_MAX]; + + /* reset */ + + if (fd == NULL) + { + word[0] = '\0'; + return 0; + } + + /* read stanza */ + + if (word[0] == 0) { + if (aix_fs_getword (fd, word, (PATH_MAX+1)) == EOF) + return EOF; + } + + word[strlen(word) - 1] = 0; + sl_strlcpy (prop->mnt_mount, word, PATH_MAX); + + /* read attributes and value */ + + while (aix_fs_getword (fd, word, (PATH_MAX+1)) != EOF) { + /* test if is attribute or new stanza */ + + if (word[strlen(word) - 1] == ':') { + return 0; + } + + /* read "=" */ + aix_fs_getword (fd, value, PATH_MAX); + + /* read value */ + aix_fs_getword (fd, value, PATH_MAX); + + if (strcmp (word, "dev") == 0) { + sl_strlcpy (prop->mnt_special, value, PATH_MAX); + } else if (strcmp (word, "vfs") == 0) { + sl_strlcpy (prop->mnt_fstype, value, 16); + } else if (strcmp (word, "options") == 0) { + sl_strlcpy(prop->mnt_options, value, 128); + } + } + + return 0; +} + +/* end AIX helper routines */ +#endif +#endif + +#if defined(HOST_IS_FREEBSD) || defined(HOST_IS_OPENBSD) + +/* FreeBSD returns flags instead of strings as mount options, so we'll convert + * them here. */ +static +struct sh_mounts_opt * getoptlist(int flags) { + struct sh_mounts_opt *list, *o; + int i; + + struct {char *opt; int flag;} table[] = { +#ifdef MNT_RDONLY + {"ro", MNT_RDONLY}, +#endif +#ifdef MNT_NOEXEC + {"noexec", MNT_NOEXEC}, +#endif +#ifdef MNT_NOSUID + {"nosuid", MNT_NOSUID}, +#endif +#ifdef MNT_NODEV + {"nodev", MNT_NODEV}, +#endif +#ifdef MNT_SYNCHRONOUS + {"sync", MNT_SYNCHRONOUS}, +#endif +#ifdef MNT_ASYNC + {"async", MNT_ASYNC}, +#endif +#ifdef MNT_LOCAL + {"local", MNT_LOCAL}, +#endif +#ifdef MNT_QUOTA + {"quota", MNT_QUOTA}, +#endif +#ifdef MNT_NOATIME + {"noatime", MNT_NOATIME}, +#endif + {"bound", -1} + }; + + SL_ENTER(_("getoptlist")); + + list = NULL; + + /* Add any flags found to the list */ + for (i = 0; table[i].flag != -1; i++) { + if (flags & table[i].flag) { + o = (struct sh_mounts_opt *) SH_ALLOC(sizeof(struct sh_mounts_opt)); + o->opt = sh_util_strdup(table[i].opt); + o->next = list; + list = o; + } + } + + SL_RETURN(list, _("getoptlist")); +} + +/* Solaris & Linux return identical option string formats */ +#else + +/* We just separate the options out by parsing for commas */ +static +struct sh_mounts_opt * getoptlist(char *opt) +{ + struct sh_mounts_opt *list, *o; + char *sp, *temp; + + SL_ENTER(_("getoptlist")); + + /* See the comments in sh_mounts_config_mount() above for the reasons for + * this arcane little zig-zag */ + temp = sh_util_strdup(opt); + opt = temp; + + list = NULL; + + /* For each option, add to the list */ + while (opt != NULL) { + sp = sh_util_strsep(&opt, ", \t"); + + if (*sp == '\0') { + continue; + } + + o = (struct sh_mounts_opt *) SH_ALLOC(sizeof(struct sh_mounts_opt)); + o->next = list; + list = o; + + o->opt = sh_util_strdup(sp); + } + + SH_FREE(temp); + + SL_RETURN(list, _("getoptlist")); +} + +#endif + +/* Read the list of mounts from whereever is appropriate to the OS and return + * it. Return NULL on error. */ +static struct sh_mounts_mnt * readmounts(void) { + struct sh_mounts_mnt *list, *m; + + SL_ENTER(_("readmounts")); + m = NULL; /* use it to avoid compiler warning */ + list = m; + +/* The Open/FreeBSD way */ +#if defined(HOST_IS_FREEBSD) || defined(HOST_IS_OPENBSD) +{ + struct statfs *fsp; + int entries; + + entries = getmntinfo(&fsp, MNT_NOWAIT); + if (entries < 0) { + SL_RETURN((NULL), _("readmounts")); + } + + for (; entries-- > 0; fsp++) { + m = (struct sh_mounts_mnt *) SH_ALLOC(sizeof (struct sh_mounts_mnt)); + m->path = sh_util_strdup(fsp->f_mntonname); + m->opts = getoptlist(fsp->f_flags); + + m->next = list; + list = m; + } +} +#endif + +/* The Linux way */ +#ifdef HOST_IS_LINUX +{ + struct mntent *mp; + FILE *tab = setmntent(_PATH_MOUNTED, "r"); + + if (tab == NULL) { + SL_RETURN((NULL), _("readmounts")); + } + + mp = getmntent(tab); + while (mp != NULL) { + m = (struct sh_mounts_mnt *) SH_ALLOC(sizeof (struct sh_mounts_mnt)); + m->path = sh_util_strdup(mp->mnt_dir); + m->opts = getoptlist(mp->mnt_opts); + + m->next = list; + list = m; + + mp = getmntent(tab); + } + + (void) endmntent(tab); +} +#endif + +/* The Solaris way */ +#ifdef HOST_IS_SOLARIS +{ + struct mnttab mp; + FILE *tab = fopen(MNTTAB, "r"); + + if (tab == NULL) { + SL_RETURN((NULL), _("readmounts")); + } + + while (!getmntent(tab, &mp)) { + m = (struct sh_mounts_mnt *) SH_ALLOC(sizeof (struct sh_mounts_mnt)); + m->path = sh_util_strdup(mp.mnt_mountp); + m->opts = getoptlist(mp.mnt_mntopts); + + m->next = list; + list = m; + } + + fclose(tab); +} +#endif + + +/* The HP-UX way */ +#ifdef HOST_IS_HPUX +{ + struct mntent *mp; + FILE *tab = setmntent(MNT_MNTTAB, "r"); + + if (tab == NULL) { + SL_RETURN((NULL), _("readmounts")); + } + + mp = getmntent(tab); + while (mp != NULL) { + m = (struct sh_mounts_mnt *) SH_ALLOC(sizeof (struct sh_mounts_mnt)); + m->path = sh_util_strdup(mp->mnt_dir); + m->opts = getoptlist(mp->mnt_opts); + + m->next = list; + list = m; + + mp = getmntent(tab); + } + + (void) endmntent(tab); +} +#endif + +/* The AIX way */ +#if 0 +#ifdef HOST_IS_AIX +{ + AixMountTableEntry mntent; + FILE *tab = fopen("/etc/filesystems", "r"); + + if (tab == NULL) { + SL_RETURN((NULL), _("readmounts")); + } + + while (!aix_fs_get (tab, &mntent)) + { + m = (struct sh_mounts_mnt *) SH_ALLOC(sizeof (struct sh_mounts_mnt)); + m->path = sh_util_strdup(mntent.mnt_mount); + m->opts = getoptlist(mntent.mnt_options); + + m->next = list; + list = m; + + mntent.mnt_mount[0] = '\0'; + mntent.mnt_special[0] = '\0'; + mntent.mnt_fstype[0] = '\0'; + mntent.mnt_options[0] = '\0'; + } + + (void) fclose(tab); + aix_fs_get (NULL, NULL); /* reset */ +} +#endif +#endif + + SL_RETURN((list), _("readmounts")); + +} + + +/* #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) */ +#endif + +/* #ifdef SH_USE_MOUNTS */ +#endif + Index: /tags/2.5.0/src/sh_port2proc.c =================================================================== --- /tags/2.5.0/src/sh_port2proc.c (revision 189) +++ /tags/2.5.0/src/sh_port2proc.c (revision 189) @@ -0,0 +1,372 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 2008 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +#include +#include +#include +#include +#include + +#ifdef HAVE_DIRENT_H +#include +#define NAMLEN(dirent) sl_strlen((dirent)->d_name) +#else +#define dirent direct +#define NAMLEN(dirent) (dirent)->d_namlen +#ifdef HAVE_SYS_NDIR_H +#include +#endif +#ifdef HAVE_SYS_DIR_H +#include +#endif +#ifdef HAVE_NDIR_H +#include +#endif +#endif +#define NEED_ADD_DIRENT + +#if defined(SH_USE_PORTCHECK) && (defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)) + +#if defined(__linux__) + +#include "samhain.h" +#include "sh_error_min.h" +#include "sh_utils.h" +#include "sh_pthread.h" + +#define FIL__ _("sh_port2proc.c") + +static size_t sh_minpid = 0x0001; +static size_t sh_maxpid = 0x8000; + +#ifndef HAVE_LSTAT +#define lstat(x,y) stat(x,y) +#endif /* HAVE_LSTAT */ + +#if defined(S_IFLNK) && !defined(S_ISLNK) +#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK) +#else +#if !defined(S_ISLNK) +#define S_ISLNK(mode) (0) +#endif +#endif + +struct sock_store { + unsigned long sock; + size_t pid; + char * path; + char * user; + struct sock_store * next; +}; + +/* /proc: + * linux: /proc/pid/exe + * freebsd: /proc/pid/file + * solaris10: /proc/pid/path/a.out + */ +static void get_user_and_path (struct sock_store * add) +{ + extern char * sh_unix_getUIDname (int level, uid_t uid, char * out, size_t len); + + char path[128]; + char * buf; + struct stat sbuf; + int len; + char * tmp; + + sl_snprintf (path, sizeof(path), "/proc/%ld/exe", (unsigned long) add->pid); + + if (0 == retry_lstat(FIL__, __LINE__, path, &sbuf) && S_ISLNK(sbuf.st_mode)) + { + goto linkread; + } + + sl_snprintf (path, sizeof(path), "/proc/%ld/file", (unsigned long) add->pid); + + if (0 == retry_lstat(FIL__, __LINE__, path, &sbuf) && S_ISLNK(sbuf.st_mode)) + { + goto linkread; + } + + sl_snprintf (path, sizeof(path), "/proc/%ld/path/a.out", (unsigned long) add->pid); + + if (0 == retry_lstat(FIL__, __LINE__, path, &sbuf) && S_ISLNK(sbuf.st_mode)) + { + goto linkread; + } + + return; + + linkread: + + buf = SH_ALLOC(PATH_MAX); + len = readlink(path, buf, PATH_MAX); /* flawfinder: ignore */ + len = (len >= PATH_MAX) ? (PATH_MAX-1) : len; + + if (len > 0) + { + buf[len] = '\0'; + add->path = buf; + } + else + { + SH_FREE(buf); + } + + add->user = SH_ALLOC(USER_MAX); + tmp = sh_unix_getUIDname (SH_ERR_ALL, sbuf.st_uid, add->user, USER_MAX); + + if (!tmp) + sl_snprintf (add->user, USER_MAX, "%ld", (unsigned long) sbuf.st_uid); + + return; +} + +#if defined(__linux__) +#define PROC_PID_MAX _("/proc/sys/kernel/pid_max") + +static int proc_max_pid (size_t * procpid) +{ + char * ret; + unsigned long pid; + FILE * fd; + char str[128]; + char * ptr; + + SL_ENTER(_("proc_max_pid")); + + if (0 == access(PROC_PID_MAX, R_OK)) /* flawfinder: ignore */ + { + if (NULL != (fd = fopen(PROC_PID_MAX, "r"))) + { + str[0] = '\0'; + ret = fgets(str, 128, fd); + if (ret && *str != '\0') + { + pid = strtoul(str, &ptr, 0); + if (*ptr == '\0' || *ptr == '\n') + { + fclose(fd); + *procpid = (size_t) pid; + SL_RETURN(0, _("proc_max_pid")); + } + } + fclose(fd); + } + } + SL_RETURN((-1), _("proc_max_pid")); +} +#else +static int proc_max_pid(size_t * procpid) +{ + *procpid = sh_maxpid; + return 0; +} +#endif + +static struct sock_store * socklist = NULL; + +static void del_sock_all() +{ + struct sock_store * del = socklist; + + while (del) + { + socklist = del->next; + if (del->path) + SH_FREE(del->path); + if (del->user) + SH_FREE(del->user); + SH_FREE(del); + del = socklist; + } + socklist = NULL; + return; +} + +static void add_sock(unsigned long sock, size_t pid) +{ + struct sock_store * add = SH_ALLOC(sizeof(struct sock_store)); + + add->sock = sock; + add->pid = pid; + add->path = NULL; + add->user = NULL; + SH_MUTEX_LOCK(mutex_thread_nolog); + get_user_and_path(add); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + add->next = socklist; + socklist = add; + return; +} + +static void check_and_add_sock(char * fbuf, size_t pid) +{ + if (0 == strncmp(_("socket:["), fbuf, 8)) + { + char * end; + unsigned long sock; + size_t len = strlen(fbuf); + if (fbuf[len-1] == ']') + fbuf[len-1] = '\0'; + sock = strtoul(&fbuf[8], &end, 0); + if (*end == '\0' && fbuf[8] != '\0') + { + add_sock(sock, pid); + } + } +} + +static void fetch_socks(size_t pid) +{ + char path[128]; + DIR * dir; + sl_snprintf(path, sizeof(path), _("/proc/%lu/fd"), (unsigned long) pid); + + dir = opendir(path); + if (dir) + { + struct dirent *entry; + while (NULL != (entry = readdir(dir))) + { + char fpath[384]; + char fbuf[64]; + int ret; + /* /proc/PID/fd/N-> socket:[15713] */ + sl_snprintf(fpath, sizeof(fpath), _("%s/%s"), path, entry->d_name); + ret = readlink(fpath, fbuf, sizeof(fbuf)-1); /* flawfinder: ignore */ + if (ret > 0) + { + fbuf[ret] = '\0'; + check_and_add_sock(fbuf, pid); + } + } + closedir(dir); + } +} + +int sh_port2proc_prepare() +{ + size_t i; + + if (0 != proc_max_pid(&sh_maxpid)) + { + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("Failed to detect max_pid"), + _("sh_port2proc")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SL_RETURN ((-1), _("sh_port2proc")); + } + + /* Delete old socket list and re-create it + */ + del_sock_all(); + + for (i = sh_minpid; i < sh_maxpid; ++i) + { + fetch_socks(i); + } + + return 0; +} + +#include +#include +#include + +char * sh_port2proc_query(int proto, struct in_addr * saddr, int sport, + char * user, size_t userlen) +{ + FILE * fd; + + if (proto == IPPROTO_TCP) + fd = fopen("/proc/net/tcp", "r"); + else + fd = fopen("/proc/net/udp", "r"); + + if (fd) + { + int n, iface, port, inode; + char line[512]; + + while (NULL != fgets(line, sizeof(line), fd)) + { + + if (4 == sscanf(line, + "%d: %X:%X %*X:%*X %*X %*X:%*X %*X:%*X %*X %*d %*d %d %*s", + &n, &iface, &port, &inode)) + { + struct in_addr haddr; + haddr.s_addr = (unsigned long)iface; + + if (haddr.s_addr == saddr->s_addr && port == sport) + { + struct sock_store * new = socklist; + + while (new) + { + if ((unsigned int)inode == new->sock) + { + fclose(fd); + if (new->path) + { + if (new->user) + sl_strlcpy(user, new->user, userlen); + else + sl_strlcpy(user, "-", userlen); + return sh_util_strdup(new->path); + } + goto err_out; + } + new = new->next; + } + } + } + } + fclose(fd); + } + err_out: + sl_strlcpy(user, "0", userlen); + return sh_util_strdup("-"); +} + +#else /* !defined(__linux__) */ + +char * sh_port2proc_query(int proto, struct in_addr * saddr, int sport, + char * user, size_t userlen) +{ + (void) proto; + (void) saddr; + (void) sport; + + sl_strlcpy(user, "-", userlen); + return sh_util_strdup("-"); +} + +int sh_port2proc_prepare() +{ + return 0; +} + +#endif + +#endif /* defined(SH_USE_PORTCHECK) */ Index: /tags/2.5.0/src/sh_portcheck.c =================================================================== --- /tags/2.5.0/src/sh_portcheck.c (revision 189) +++ /tags/2.5.0/src/sh_portcheck.c (revision 189) @@ -0,0 +1,1721 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 2006 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +/*************************************************************************** + * + * This file provides a module for samhain to check for open ports + * on the local machine. + * + */ + + +/* #define TEST_ONLY */ +#ifndef TEST_ONLY +#include "config_xor.h" +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define PORTCHK_VERSION "1.0" + +#if defined(TEST_ONLY) || (defined(SH_USE_PORTCHECK) && (defined (SH_WITH_CLIENT) || defined (SH_STANDALONE))) + + +#define PORTMAP +#include +#ifdef HAVE_RPC_RPCENT_H +#include +#endif +#include +#include +#include + +/* + * struct pmaplist { + * struct pmap pml_map; + * struct pmaplist *pml_next; + * }; + */ + +/* struct pmap { + * long unsigned pm_prog; + * long unsigned pm_vers; + * long unsigned pm_prot; + * long unsigned pm_port; + * }; + */ + +/* TIME_WAIT ? 60-240 seconds */ + +/* the size of an interface string + */ +#define SH_INTERFACE_SIZE 16 + +#define SH_PORT_NOT 0 +#define SH_PORT_REQ 1 +#define SH_PORT_OPT 2 +#define SH_PORT_IGN 3 +#define SH_PORT_BLACKLIST 4 + +#define SH_PORT_MISS 0 +#define SH_PORT_ISOK 1 +#define SH_PORT_UNKN 2 + +#define SH_PORT_NOREPT 0 +#define SH_PORT_REPORT 1 + +#define SH_PROTO_TCP 0 +#define SH_PROTO_UDP 1 +#define SH_PROTO_STR(a) (((a) == IPPROTO_TCP) ? _("tcp") : _("udp")) + +struct sh_portentry { + int port; + char interface[SH_INTERFACE_SIZE]; + char * service; + char * error; + int flag; /* required or not */ + int status; /* missing or not */ + struct sh_portentry * next; +}; + +static struct sh_portentry * portlist_tcp = NULL; +static struct sh_portentry * portlist_udp = NULL; + +struct sh_port { + int port; + struct in_addr haddr; + struct sh_port * next; +}; + +static struct sh_port * blacklist_tcp = NULL; +static struct sh_port * blacklist_udp = NULL; + +#define SH_PORTCHK_INTERVAL 300 + +static int sh_portchk_check_udp = 1; +static int sh_portchk_active = 1; +static int sh_portchk_interval = SH_PORTCHK_INTERVAL; +#if !defined(TEST_ONLY) + +#define FIL__ _("sh_portcheck.c") +#include "samhain.h" +#include "sh_error.h" +#include "sh_mem.h" +#include "sh_calls.h" +#include "sh_utils.h" +#include "sh_modules.h" +#include "sh_static.h" +#include "sh_pthread.h" + +SH_MUTEX_STATIC(mutex_port_check, PTHREAD_MUTEX_INITIALIZER); + +static int sh_portchk_severity = SH_ERR_SEVERE; + +extern char * sh_port2proc_query(int proto, struct in_addr * saddr, int sport, + char * user, size_t userlen); +extern int sh_port2proc_prepare(); + +#endif + +/* Exported interface to add ignoreable ports as 'iface:portlist' + */ +static int sh_portchk_add_ignore (const char * str); + +/* Exported interface to add required ports as 'iface:portlist' + */ +static int sh_portchk_add_required (const char * str); + +/* Exported interface to add optional ports as 'iface:portlist' + */ +static int sh_portchk_add_optional (const char * str); + +/* Exported interface to add blacklisted ports as 'iface:portlist' + */ +static int sh_portchk_add_blacklist (const char * str); + +/* Exported interface to add an ethernet interface + */ +static int sh_portchk_add_interface (const char * str); + +/* verify whether port/interface is blacklisted (do not check) + */ +static int sh_portchk_is_blacklisted(int port, struct in_addr haddr, int proto); + +#ifndef TEST_ONLY + +static int sh_portchk_set_interval (const char * c) +{ + int retval = 0; + long val; + + SL_ENTER(_("sh_portchk_set_interval")); + val = strtol (c, (char **)NULL, 10); + if (val <= 0) + { + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("port check interval"), c); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + retval = -1; + } + + sh_portchk_interval = (time_t) val; + SL_RETURN(0, _("sh_portchk_set_interval")); +} + + +static int sh_portchk_set_active (const char * str) +{ + return sh_util_flagval(str, &sh_portchk_active); +} + +static int sh_portchk_set_udp (const char * str) +{ + return sh_util_flagval(str, &sh_portchk_check_udp); +} + +static int sh_portchk_set_severity (const char * str) +{ + char tmp[32]; + tmp[0] = '='; tmp[1] = '\0'; + sl_strlcat (tmp, str, 32); + return sh_error_set_level (tmp, &sh_portchk_severity); +} + +sh_rconf sh_portchk_table[] = { + { + N_("severityportcheck"), + sh_portchk_set_severity, + }, + { + N_("portcheckrequired"), + sh_portchk_add_required, + }, + { + N_("portcheckoptional"), + sh_portchk_add_optional, + }, + { + N_("portcheckignore"), + sh_portchk_add_ignore, + }, + { + N_("portcheckskip"), + sh_portchk_add_blacklist, + }, + { + N_("portcheckactive"), + sh_portchk_set_active, + }, + { + N_("portcheckinterface"), + sh_portchk_add_interface, + }, + { + N_("portcheckinterval"), + sh_portchk_set_interval, + }, + { + N_("portcheckudp"), + sh_portchk_set_udp, + }, + { + NULL, + NULL + } +}; + +#endif + +/* Interface to initialize port check + */ +int sh_portchk_init (struct mod_type * arg); + +/* Interface to reset port check + */ +int sh_portchk_reset (void); + +/* Interface to run port check + */ +int sh_portchk_check (void); + + +static char * check_services (int port, int proto); + +#ifdef TEST_ONLY + +static int portchk_debug = 0; +#define SH_ALLOC malloc +#define SH_FREE free +#define sh_util_strdup strdup +#define sl_strlcpy strncpy +#define _(a) a + +#else + +static int portchk_debug = 0; + +#endif + +static void sh_portchk_add_to_list (int proto, + int port, struct in_addr haddr, char * service, + int flag, int status) +{ + struct sh_portentry * new = SH_ALLOC (sizeof(struct sh_portentry)); + + if (portchk_debug) + fprintf(stderr, _("add to list: port %d/%s %d %d (%s)\n"), + port, SH_PROTO_STR(proto), flag, status, service ? service : _("undef")); + + new->port = port; + sl_strlcpy (new->interface, inet_ntoa(haddr), SH_INTERFACE_SIZE); + new->status = status; + new->flag = flag; + + new->error = NULL; + + if (service) + new->service = sh_util_strdup (service); + else + new->service = NULL; + if (proto == IPPROTO_TCP) + { + new->next = portlist_tcp; + portlist_tcp = new; + } + else + { + new->next = portlist_udp; + portlist_udp = new; + } + return; +} + +/* Reset the list by setting all entries to UNKN. + * In the next cycle we will check, and set found ports to ISOK. + * Thereafter, we check for entries that are still UNKN. + */ +static void sh_portchk_reset_lists (void) +{ + struct sh_portentry * portlist; + + portlist = portlist_tcp; + while (portlist) + { + if (portlist->status != SH_PORT_MISS) + portlist->status = SH_PORT_UNKN; + portlist = portlist->next; + } + portlist = portlist_udp; + while (portlist) + { + if (portlist->status != SH_PORT_MISS) + portlist->status = SH_PORT_UNKN; + portlist = portlist->next; + } + return; +} + +static struct sh_portentry * sh_portchk_kill_list (struct sh_portentry * head) +{ + if (head) + { + if (head->next) + sh_portchk_kill_list (head->next); + + if (head->service) + SH_FREE(head->service); + SH_FREE(head); + } + return NULL; +} + +static struct sh_port * sh_portchk_kill_blacklist (struct sh_port * head) +{ + if (head) + { + if (head->next) + sh_portchk_kill_blacklist (head->next); + + SH_FREE(head); + } + return NULL; +} + +/* These variables are not used anywhere. They only exist + * to assign &pre, &ptr to them, which keeps gcc from + * putting it into a register, and avoids the 'clobbered + * by longjmp' warning. And no, 'volatile' proved insufficient. + */ +static void * sh_dummy_pre = NULL; +static void * sh_dummy_ptr = NULL; + +/* check the list of open ports for any that are marked as UNKN + */ +static void sh_portchk_check_list (struct sh_portentry ** head, int proto, int report) +{ + struct sh_portentry * ptr = *head; + struct sh_portentry * pre = *head; + char errbuf[256]; + + /* Take the address to keep gcc from putting them into registers. + * Avoids the 'clobbered by longjmp' warning. + */ + sh_dummy_pre = (void*) ⪯ + sh_dummy_ptr = (void*) &ptr; + + while (ptr) + { + if (portchk_debug && report) + fprintf(stderr, _("check list: port %d/%s %d %d\n"), + ptr->port, SH_PROTO_STR(proto), ptr->flag, ptr->status); + + if (ptr->status == SH_PORT_UNKN) + { + /* Don't report missing ports that are marked as optional + */ + if (ptr->flag != SH_PORT_OPT && ptr->flag != SH_PORT_IGN) + { + snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s)"), + ptr->interface, ptr->port, SH_PROTO_STR(proto), + ptr->service ? ptr->service : check_services(ptr->port, proto)); +#ifdef TEST_ONLY + if (report == SH_PORT_REPORT) + fprintf(stderr, _("%s\n"), errbuf); +#else + if (report == SH_PORT_REPORT) + { + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, + MSG_PORT_MISS, errbuf); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + } +#endif + } + + ptr->status = SH_PORT_MISS; + + if ((ptr->flag != SH_PORT_REQ) && (ptr->flag != SH_PORT_OPT) && (ptr->flag != SH_PORT_IGN)) + { + if (portchk_debug && report) + fprintf(stderr, _("removing: port %d/%s %d %d\n"), + ptr->port, SH_PROTO_STR(proto), ptr->flag, ptr->status); + + if (ptr == *head) + { + *head = ptr->next; + if (ptr->service) + SH_FREE(ptr->service); + SH_FREE(ptr); + ptr = *head; + pre = *head; + continue; + } + else if (ptr->next == NULL) + { + pre->next = NULL; + if (ptr->service) + SH_FREE(ptr->service); + SH_FREE(ptr); + return; + } + else + { + pre->next = ptr->next; + if (ptr->service) + SH_FREE(ptr->service); + SH_FREE(ptr); + ptr = pre->next; + continue; + } + } + } + pre = ptr; + ptr = ptr->next; + } + return; +} + + +static struct sh_portentry * sh_portchk_get_from_list (int proto, int port, + struct in_addr haddr, char * service) +{ + struct sh_portentry * portlist; + char iface_all[8]; + + sl_strlcpy (iface_all, _("0.0.0.0"), sizeof(iface_all)); + + if (proto == IPPROTO_TCP) + portlist = portlist_tcp; + else + portlist = portlist_udp; + + if (service) + { + while (portlist) + { + if (portlist->service && + 0 == strcmp(service, portlist->service) && + (0 == strcmp(portlist->interface, inet_ntoa(haddr)) || + 0 == strcmp(portlist->interface, iface_all))) + return portlist; + portlist = portlist->next; + } + } + else + { + while (portlist) + { + if (port == portlist->port && + (0 == strcmp(portlist->interface, inet_ntoa(haddr)) || + 0 == strcmp(portlist->interface, iface_all))) + return portlist; + portlist = portlist->next; + } + } + return NULL; +} + + +static void sh_portchk_cmp_to_list (int proto, int port, struct in_addr haddr, char * service) +{ + struct sh_portentry * portent; + char errbuf[256]; + + + portent = sh_portchk_get_from_list (proto, port, haddr, service); + + if (service) + { + if (!portent) + { + char * path; + char user[USER_MAX]; + + snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s)"), + inet_ntoa(haddr), port, SH_PROTO_STR(proto), service); +#ifdef TEST_ONLY + fprintf(stderr, _("open port: %s:%d/%s (%s)\n"), + inet_ntoa(haddr), port, SH_PROTO_STR(proto), service); +#else + path = sh_port2proc_query(proto, &haddr, port, user, sizeof(user)); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, + MSG_PORT_NEW, errbuf, path, user); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SH_FREE(path); +#endif + /* + * was not there, thus it is not in 'required' or 'optional' list + */ + sh_portchk_add_to_list (proto, port, haddr, service, SH_PORT_NOT, SH_PORT_ISOK); + } + else if (portent->status == SH_PORT_MISS && portent->flag != SH_PORT_IGN) + { + char * path; + char user[USER_MAX]; + + snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s), was %d/%s"), + inet_ntoa(haddr), port, SH_PROTO_STR(proto), service, portent->port, SH_PROTO_STR(proto)); +#ifdef TEST_ONLY + fprintf(stderr, _("service: %s\n"), errbuf); +#else + path = sh_port2proc_query(proto, &haddr, port, user, sizeof(user)); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, + MSG_PORT_RESTART, errbuf, path, user); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SH_FREE(path); +#endif + + portent->status = SH_PORT_ISOK; + } + else if (port != portent->port && (-1) != portent->port) + { + char * path; + char user[USER_MAX]; + + snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s), was %d/%s"), + inet_ntoa(haddr), port, SH_PROTO_STR(proto), service, portent->port, SH_PROTO_STR(proto)); +#ifdef TEST_ONLY + fprintf(stderr, _("service: %s\n"), errbuf); +#else + path = sh_port2proc_query(proto, &haddr, port, user, sizeof(user)); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, + MSG_PORT_NEWPORT, errbuf, path, user); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SH_FREE(path); +#endif + portent->port = port; + portent->status = SH_PORT_ISOK; + } + else + { + portent->status = SH_PORT_ISOK; + } + } + else + { + if (!portent) + { + char * path; + char user[USER_MAX]; + + snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s)"), + inet_ntoa(haddr), port, SH_PROTO_STR(proto), check_services(port, proto)); +#ifdef TEST_ONLY + fprintf(stderr, _("open port: %s:%d/%s (%s)\n"), + inet_ntoa(haddr), port, SH_PROTO_STR(proto), check_services(port, proto)); +#else + path = sh_port2proc_query(proto, &haddr, port, user, sizeof(user)); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, + MSG_PORT_NEW, errbuf, path, user); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SH_FREE(path); +#endif + + /* was not there, thus it is not in 'required' or 'optional' list + */ + sh_portchk_add_to_list (proto, port, haddr, service, SH_PORT_NOT, SH_PORT_ISOK); + } + else if (portent->status == SH_PORT_MISS && portent->flag != SH_PORT_IGN) + { + char * path; + char user[USER_MAX]; + + snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s)"), + inet_ntoa(haddr), port, SH_PROTO_STR(proto), check_services(port, proto)); +#ifdef TEST_ONLY + fprintf(stderr, _("port : %s\n"), errbuf); +#else + path = sh_port2proc_query(proto, &haddr, port, user, sizeof(user)); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, + MSG_PORT_RESTART, errbuf, path, user); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SH_FREE(path); +#endif + + portent->status = SH_PORT_ISOK; + } + else + { + portent->status = SH_PORT_ISOK; + } + } + + return; +} + + +/* Returns a static buffer containing the name of the service + * running on port (from /etc/services) + * Returns NULL on failure + */ +static char * check_services (int port, int proto) +{ + static char buf[256]; + struct servent * service = getservbyport(htons(port), SH_PROTO_STR(proto)); + + if (service && service->s_name && service->s_name[0] != '\0') + { + snprintf (buf, sizeof(buf), _("maybe_%s"), service->s_name); + } + else + { + snprintf (buf, sizeof(buf), _("unknown")); + } + return buf; +} + +/* Returns a static buffer containing the name of the service + * running on port at
(from portmap daemon) + * Returns NULL on failure + */ +static char * check_rpc_list (int port, struct sockaddr_in * address, + unsigned long prot) +{ + struct pmaplist * head; + struct rpcent *r; + static char buf[256]; + + head = pmap_getmaps(address); + + if (head) + { + do /* while (head != NULL) */ + { + if ((head->pml_map.pm_prot == prot) && + (port == (int)head->pml_map.pm_port)) + { + r = getrpcbynumber((int)head->pml_map.pm_prog); + if (r && r->r_name && r->r_name[0] != '\0') + { + snprintf (buf, sizeof(buf), "%s", r->r_name); + return buf; + } + else + { + snprintf (buf, sizeof(buf), "RPC_%lu", + (unsigned long)head->pml_map.pm_prog); + return buf; + } + } + head = head->pml_next; + } + while (head != NULL); + } + + return NULL; +} + +static int check_port_udp_internal (int fd, int port, struct in_addr haddr) +{ + struct sockaddr_in sinr; + /* struct in_addr haddr; */ + int retval; + char * p; + char buf[8]; +#ifndef TEST_ONLY + char errmsg[256]; + int nerr; +#endif + char errbuf[SH_ERRBUF_SIZE]; + + /* inet_aton(interface, &haddr); */ + + sinr.sin_family = AF_INET; + sinr.sin_port = htons (port); + sinr.sin_addr = haddr; + + do { + retval = connect(fd, (struct sockaddr *) &sinr, sizeof(sinr)); + } while (retval < 0 && (errno == EINTR || errno == EINPROGRESS)); + + if (retval == -1) + { +#ifdef TEST_ONLY + if (portchk_debug) + perror(_("connect")); +#else + nerr = errno; + sl_snprintf(errmsg, sizeof(errmsg), _("check port: %5d/udp on %15s: %s"), + port, inet_ntoa(haddr), sh_error_message(errno, errbuf, sizeof(errbuf))); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle((-1), FIL__, __LINE__, nerr, MSG_E_SUBGEN, + errmsg, _("connect")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); +#endif + } + else + { + do { + retval = send (fd, buf, 0, 0); + } while (retval < 0 && errno == EINTR); + + if (retval == -1 && errno == ECONNREFUSED) + { + if (portchk_debug) + fprintf(stderr, _("check port: %5d/udp on %15s established/time_wait\n"), + port, inet_ntoa(haddr)); + } + else + { + /* Only the second send() may catch the error + */ + do { + retval = send (fd, buf, 0, 0); + } while (retval < 0 && errno == EINTR); + + if (retval == -1 && errno == ECONNREFUSED) + { + if (portchk_debug) + fprintf(stderr, _("check port: %5d/udp on %15s established/time_wait\n"), + port, inet_ntoa(haddr)); + } + else if (retval != -1) + { + /* Try to get service name from portmap + */ + p = check_rpc_list (port, &sinr, IPPROTO_UDP); + + sh_portchk_cmp_to_list (IPPROTO_UDP, port, haddr, p ? p : NULL); + + /* If not an RPC service, try to get name from /etc/services + */ + if (!p) + p = check_services(port, IPPROTO_UDP); + + if (portchk_debug) + fprintf(stderr, _("check port: %5d/udp on %15s open %s\n"), + port, inet_ntoa(haddr), p); + + } + } + } + close (fd); + return 0; +} + +static int check_port_tcp_internal (int fd, int port, struct in_addr haddr) +{ + struct sockaddr_in sinr; + /* struct in_addr haddr; */ + int retval; + int flags; + char * p; +#ifndef TEST_ONLY + char errmsg[256]; + int nerr; +#endif + char errbuf[SH_ERRBUF_SIZE]; + + /* inet_aton(interface, &haddr); */ + + sinr.sin_family = AF_INET; + sinr.sin_port = htons (port); + sinr.sin_addr = haddr; + + do { + retval = connect(fd, (struct sockaddr *) &sinr, sizeof(sinr)); + } while (retval < 0 && (errno == EINTR || errno == EINPROGRESS)); + + if (retval == -1 && errno == ECONNREFUSED) + { + if (portchk_debug) + fprintf(stderr, _("check port: %5d on %15s established/time_wait\n"), + port, inet_ntoa(haddr)); + } + else if (retval == -1) + { +#ifdef TEST_ONLY + if (portchk_debug) + perror(_("connect")); +#else + nerr = errno; + sl_snprintf(errmsg, sizeof(errmsg), _("check port: %5d/tcp on %15s: %s"), + port, inet_ntoa(haddr), sh_error_message(errno, errbuf, sizeof(errbuf))); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle((-1), FIL__, __LINE__, nerr, MSG_E_SUBGEN, + errmsg, _("connect")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); +#endif + } + else + { + /* Try to get service name from portmap + */ + p = check_rpc_list (port, &sinr, IPPROTO_TCP); + + sh_portchk_cmp_to_list (IPPROTO_TCP, port, haddr, p ? p : NULL); + + /* If not an RPC service, try to get name from /etc/services + */ + if (!p) + p = check_services(port, IPPROTO_TCP); + + if (portchk_debug) + fprintf(stderr, _("check port: %5d on %15s open %s\n"), + port, inet_ntoa(haddr), p); + +#if !defined(O_NONBLOCK) +#if defined(O_NDELAY) +#define O_NONBLOCK O_NDELAY +#else +#define O_NONBLOCK 0 +#endif +#endif + + /* prepare to close connection gracefully + */ + if (port == 22) /* ssh */ + { + flags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0); + retry_fcntl(FIL__, __LINE__, fd, F_SETFL, flags | O_NONBLOCK); + retval = write (fd, _("SSH-2.0-Foobar"), 14); + if (retval > 0) retval = write (fd, "\r\n", 2); + } + else if (port == 25) /* smtp */ + { + flags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0); + retry_fcntl(FIL__, __LINE__, fd, F_SETFL, flags | O_NONBLOCK); + retval = write (fd, _("QUIT"), 4); + if (retval > 0) retval = write (fd, "\r\n", 2); + } + else if (port == 79) /* finger */ + { + flags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0); + retry_fcntl(FIL__, __LINE__, fd, F_SETFL, flags | O_NONBLOCK); + retval = write (fd, "\r\n", 2); + } + else if (port == 110) /* pop3 */ + { + flags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0); + retry_fcntl(FIL__, __LINE__, fd, F_SETFL, flags | O_NONBLOCK); + retval = write (fd, _("QUIT"), 4); + if (retval > 0) retval = write (fd, "\r\n", 2); + } + else if (port == 143) /* imap */ + { + flags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0); + retry_fcntl(FIL__, __LINE__, fd, F_SETFL, flags | O_NONBLOCK); + retval = write (fd, _("A01 LOGOUT"), 10); + if (retval > 0) retval = write (fd, "\r\n", 2); + } + + if (portchk_debug && retval < 0) + fprintf(stderr, _("check port: error writing to port %5d\n"), + port); + } + close (fd); + return 0; +} + +/* typedef uint32_t in_addr_t; + * struct in_addr + * { + * in_addr_t s_addr; + * }; + */ + +#define SH_IFACE_MAX 16 + +struct portchk_interfaces { + struct in_addr iface[SH_IFACE_MAX]; + int used; +}; + +static struct portchk_interfaces iface_list; +static int iface_initialized = 0; + +#ifdef TEST_ONLY +static char * portchk_hostname = NULL; +#else +static char * portchk_hostname = sh.host.name; +#endif + +static int sh_portchk_init_internal (void) +{ + struct hostent * hent; + volatile int i; /* might be clobbered by ‘longjmp’ or ‘vfork’*/ + char errbuf[256]; + + if (portchk_debug) + fprintf(stderr, _("checking ports on: %s\n"), portchk_hostname ? portchk_hostname : _("NULL")); + + if (!portchk_hostname) + return -1; + + if (sh_portchk_active == S_FALSE) + return -1; + + SH_MUTEX_LOCK(mutex_port_check); + if (iface_initialized == 0) + { + iface_list.used = 0; + iface_initialized = 1; + } + + SH_MUTEX_LOCK(mutex_resolv); + hent = sh_gethostbyname(portchk_hostname); + i = 0; + while (hent && hent->h_addr_list[i] && (iface_list.used < SH_IFACE_MAX)) + { + memcpy (&(iface_list.iface[iface_list.used].s_addr), hent->h_addr_list[i], sizeof(in_addr_t)); + ++iface_list.used; + ++i; + } + SH_MUTEX_UNLOCK(mutex_resolv); + + for (i = 0; i < iface_list.used; ++i) + { + sl_snprintf(errbuf, sizeof(errbuf), _("interface: %s"), + inet_ntoa(iface_list.iface[i])); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN, + errbuf, _("sh_portchk_init")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + } + SH_MUTEX_UNLOCK(mutex_port_check); + + return 0; +} + +int sh_portchk_init (struct mod_type * arg) +{ + if (sh_portchk_active == S_FALSE) + return SH_MOD_FAILED; + if (!portchk_hostname) + return SH_MOD_FAILED; + +#ifdef HAVE_PTHREAD + if (arg != NULL && arg->initval < 0 && + (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE)) + { + if (0 == sh_pthread_create(sh_threaded_module_run, (void *)arg)) + return SH_MOD_THREAD; + else + return SH_MOD_FAILED; + } +#endif + return sh_portchk_init_internal(); +} + + + +#if !defined(TEST_ONLY) +int sh_portchk_reconf (void) +{ + SH_MUTEX_LOCK(mutex_port_check); + iface_initialized = 0; + sh_portchk_active = 1; + sh_portchk_check_udp = 1; + sh_portchk_interval = SH_PORTCHK_INTERVAL; + + portlist_udp = sh_portchk_kill_list (portlist_udp); + portlist_tcp = sh_portchk_kill_list (portlist_tcp); + + blacklist_udp = sh_portchk_kill_blacklist (blacklist_udp); + blacklist_tcp = sh_portchk_kill_blacklist (blacklist_tcp); + SH_MUTEX_UNLOCK(mutex_port_check); + return 0; +} + +int sh_portchk_cleanup (void) +{ + return sh_portchk_reconf (); +} + +int sh_portchk_timer (time_t tcurrent) +{ + static time_t lastcheck = 0; + + SL_ENTER(_("sh_portchk_timer")); + if ((time_t) (tcurrent - lastcheck) >= sh_portchk_interval) + { + lastcheck = tcurrent; + SL_RETURN((-1), _("sh_portchk_timer")); + } + SL_RETURN(0, _("sh_portchk_timer")); +} +#endif + +static int check_port_generic (int port, int type, int protocol) +{ + volatile int i = 0; + int sock = -1; + int flag = 1; /* non-zero to enable an option */ + struct in_addr haddr; + char errbuf[SH_ERRBUF_SIZE]; + + /* Check all interfaces for this host + */ + while (i < iface_list.used) + { + haddr.s_addr = iface_list.iface[i].s_addr; + + if (0 != sh_portchk_is_blacklisted(port, haddr, protocol)) + { + ++i; continue; + } + + if ((sock = socket(AF_INET, type, protocol)) < 0 ) + { + ++i; +#ifdef TEST_ONLY + if (portchk_debug) + perror(_("socket")); +#else + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message(errno, errbuf, sizeof(errbuf)), _("socket")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); +#endif + continue; + } + if ( setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, + (void *) &flag, sizeof(flag)) < 0 ) + { + ++i; +#ifdef TEST_ONLY + if (portchk_debug) + perror(_("setsockopt")); +#else + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message(errno, errbuf, sizeof(errbuf)),_("setsockopt")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); +#endif + continue; + } + + + if (protocol == IPPROTO_TCP) + check_port_tcp_internal(sock, port, haddr); + else + check_port_udp_internal(sock, port, haddr); + + ++i; + } + + return 0; +} + + + +static int check_port_udp (int port) +{ + return check_port_generic(port, SOCK_DGRAM, IPPROTO_UDP); +} + +static int check_port_tcp (int port) +{ + return check_port_generic(port, SOCK_STREAM, IPPROTO_TCP); +} + + + +static int sh_portchk_scan_ports_generic (int min_port, int max_port_arg, int type, int protocol) +{ + /* + int min_port = 1024; + int max_port = 65535; + */ + + volatile int port; /* might be clobbered by ‘longjmp’ or ‘vfork’*/ + volatile int max_port = max_port_arg; + int retval; + int sock = -1; + int flag = 1; /* non-zero to enable an option */ + + struct sockaddr_in addr; + int addrlen = sizeof(addr); + char errbuf[SH_ERRBUF_SIZE]; + + if (min_port == -1) + min_port = 0; + if (max_port == -1) + max_port = 65535; + + for (port = min_port; port <= max_port; ++port) + { + + if ((sock = socket(AF_INET, type, protocol)) < 0 ) + { +#ifdef TEST_ONLY + if (portchk_debug) + perror(_("socket")); +#else + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message(errno, errbuf, sizeof(errbuf)), _("socket")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); +#endif + continue; + } + if ( setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, + (void *) &flag, sizeof(flag)) < 0 ) + { +#ifdef TEST_ONLY + if (portchk_debug) + perror(_("setsockopt")); +#else + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message(errno, errbuf, sizeof(errbuf)),_("setsockopt")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); +#endif + continue; + } + + addr.sin_family = AF_INET; + addr.sin_port = htons(port); + addr.sin_addr.s_addr = INADDR_ANY; + + retval = bind (sock, (struct sockaddr *) &addr, addrlen); + + if (retval == 0) + { + /* we can bind the port, thus it is unused + */ + close (sock); + } + else + { + if (errno == EINVAL || errno == EADDRINUSE) + { + /* try to connect to the port + */ + if (protocol == IPPROTO_TCP) + check_port_tcp(port); + else + check_port_udp(port); + } + else + { +#ifdef TEST_ONLY + if (portchk_debug) + perror(_("bind")); +#else + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message(errno, errbuf, sizeof(errbuf)), _("bind")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); +#endif + } + close (sock); + } + } + return 0; +} + +static int sh_portchk_scan_ports_tcp (int min_port, int max_port) +{ + return sh_portchk_scan_ports_generic (min_port, max_port, SOCK_STREAM, IPPROTO_TCP); +} + +static int sh_portchk_scan_ports_udp (int min_port, int max_port) +{ + return sh_portchk_scan_ports_generic (min_port, max_port, SOCK_DGRAM, IPPROTO_UDP); +} + +/* Subroutine to add an interface + */ +static int sh_portchk_add_interface (const char * str) +{ + struct in_addr haddr; + char errbuf[256]; + + if (iface_initialized == 0) + { + iface_list.used = 0; + iface_initialized = 1; + } + + if (0 == inet_aton(str, &haddr)) + return -1; + + if (iface_list.used == SH_IFACE_MAX) + return -1; + + sl_snprintf(errbuf, sizeof(errbuf), _("interface: %s"), inet_ntoa(haddr)); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN, + errbuf, _("sh_portchk_add_interface")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + + memcpy (&(iface_list.iface[iface_list.used].s_addr), &(haddr.s_addr), sizeof(in_addr_t)); + ++iface_list.used; + + return 0; +} + +/* verify whether port/interface is blacklisted (do not check) + */ +static int sh_portchk_is_blacklisted(int port, struct in_addr haddr, int proto) +{ + struct sh_port * head; + + if (proto == IPPROTO_TCP) + head = blacklist_tcp; + else + head = blacklist_udp; + + while (head) + { + if (head->port == port) + { + if ((head->haddr.s_addr == 0) || (head->haddr.s_addr == haddr.s_addr)) + return 1; + else + return 0; + } + head = head->next; + } + return 0; +} + + +static int sh_portchk_blacklist(int port, struct in_addr haddr, int proto) +{ + struct sh_port * black; + struct sh_port * head; + + if (proto == IPPROTO_TCP) + head = blacklist_tcp; + else + head = blacklist_udp; + + black = head; + + while (black) + { + if (black->port == port && head->haddr.s_addr == haddr.s_addr) + return -1; + black = black->next; + } + black = SH_ALLOC (sizeof(struct sh_port)); + black->port = port; + black->haddr.s_addr = haddr.s_addr; + black->next = head; + + if (proto == IPPROTO_TCP) + blacklist_tcp = black; + else + blacklist_udp = black; + return 0; +} + + +/* Subroutine to add a required or optional port/service + */ +static int sh_portchk_add_required_port_generic (char * service, char * interface, int type) +{ + char buf[256]; + int proto; + char * p; + char * endptr; + unsigned long int port; + struct in_addr haddr; + struct sh_portentry * portent; + + if (0 == inet_aton(interface, &haddr)) + return -1; + + sl_strlcpy (buf, service, sizeof(buf)); + + p = strchr(buf, '/'); + if (!p) + return -1; + if (0 == strcmp(p, _("/tcp"))) + proto = IPPROTO_TCP; + else if (0 == strcmp(p, _("/udp"))) + proto = IPPROTO_UDP; + else + return -1; + + *p = '\0'; + port = strtoul(buf, &endptr, 0); + + /* Blacklisted ports + */ + if (*endptr == '\0' && port <= 65535 && type == SH_PORT_BLACKLIST) + return (sh_portchk_blacklist(port, haddr, proto)); + + if (*endptr != '\0') + { + portent = sh_portchk_get_from_list (proto, -1, haddr, buf); + if (!portent) + sh_portchk_add_to_list (proto, -1, haddr, buf, type, SH_PORT_UNKN); + else + { +#ifdef TEST_ONLY + fprintf(stderr, "** WARNING: duplicate port definition %s/%s\n", buf, SH_PROTO_STR(proto)); +#else + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("duplicate port definition"), _("sh_portchk_add_required_port_generic")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); +#endif + return -1; + } + } + else if (port <= 65535) + { + portent = sh_portchk_get_from_list (proto, port, haddr, NULL); + if (!portent) + sh_portchk_add_to_list (proto, port, haddr, NULL, type, SH_PORT_UNKN); + else + { +#ifdef TEST_ONLY + fprintf(stderr, "** WARNING: duplicate port definition %lu/%s\n", port, SH_PROTO_STR(proto)); +#else + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("duplicate port definition"), _("sh_portchk_add_required_port_generic")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); +#endif + return -1; + } + } + else + return -1; + + return 0; +} + +/* Internal interface to add required or optional ports as 'iface:portlist' + */ +static int sh_portchk_add_required_generic (const char * str, int type) +{ + size_t len; + size_t ll = 0; + int status; + + char * interface = NULL; + char * list; + char * p; +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) + char * saveptr; +#endif + + if (!str) + return -1; + + if (strchr(str, ':')) + { + len = strlen(str); + for (ll = 0; ll < len; ++ll) + { + if (str[ll] == ':' || str[ll] == ' ' || str[ll] == '\t') + { + interface = SH_ALLOC(ll+1); + sl_strlcpy(interface, str, ll+1); + interface[ll] = '\0'; + while (str[ll] == ':' || str[ll] == ' ' || str[ll] == '\t') + ++ll; + break; + } + } + } + else + { + interface = SH_ALLOC(8); + sl_strlcpy(interface, _("0.0.0.0"), 8); + interface[7] = '\0'; + while (str[ll] == ' ' || str[ll] == '\t') + ++ll; + } + + if (!interface) + return -1; + + if (str[ll] == '\0') + { + SH_FREE(interface); + return -1; + } + + if (portchk_debug) + fprintf(stderr, "add ports for interface: %s\n", interface); + + list = sh_util_strdup(&str[ll]); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) + p = strtok_r (list, " ,\t", &saveptr); +#else + p = strtok (list, " ,\t"); +#endif + if (!p) + { + SH_FREE(interface); + SH_FREE(list); + return -1; + } + while (p) + { + status = sh_portchk_add_required_port_generic (p, interface, type); + + if (-1 == status) + { + SH_FREE(interface); + SH_FREE(list); + return -1; + } +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) + p = strtok_r (NULL, " ,\t", &saveptr); +#else + p = strtok (NULL, " ,\t"); +#endif + } + SH_FREE(interface); + SH_FREE(list); + return 0; +} + +/* User interface to add required ports as 'iface:portlist' + */ +static int sh_portchk_add_required (const char * str) +{ + return sh_portchk_add_required_generic (str, SH_PORT_REQ); +} + +/* User interface to add optional ports as 'iface:portlist' + */ +static int sh_portchk_add_optional (const char * str) +{ + return sh_portchk_add_required_generic (str, SH_PORT_OPT); +} + +/* User interface to add ignoreable ports as 'iface:portlist' + */ +static int sh_portchk_add_ignore (const char * str) +{ + return sh_portchk_add_required_generic (str, SH_PORT_IGN); +} + +/* User interface to add ports that should not be checked as 'iface:portlist' + */ +static int sh_portchk_add_blacklist (const char * str) +{ + return sh_portchk_add_required_generic (str, SH_PORT_BLACKLIST); +} + +/* Interface to run port check + */ +int sh_portchk_check () +{ + volatile int min_port; + + SH_MUTEX_LOCK(mutex_port_check); + + min_port = 0; + + if (sh_portchk_active != S_FALSE) + { + sh_portchk_reset_lists(); + if (0 != geteuid()) + { + min_port = 1024; +#ifdef TEST_ONLY + fprintf(stderr, "** WARNING not scanning ports < 1024\n"); +#else + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("not scanning ports below 1024"), _("sh_portchk_check")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); +#endif + } + + sh_port2proc_prepare(); + + if (sh_portchk_check_udp == 1) + sh_portchk_scan_ports_udp(min_port, -1); + sh_portchk_scan_ports_tcp(min_port, -1); + + + sh_portchk_check_list (&portlist_tcp, IPPROTO_TCP, SH_PORT_REPORT); + if (sh_portchk_check_udp == 1) + sh_portchk_check_list (&portlist_udp, IPPROTO_UDP, SH_PORT_REPORT); + + } + SH_MUTEX_UNLOCK(mutex_port_check); + return 0; +} +#endif + +#ifdef SH_CUTEST +#include "CuTest.h" + +void Test_portcheck_lists (CuTest *tc) +{ +#if defined(SH_USE_PORTCHECK) && (defined(SH_WITH_CLIENT) || defined(SH_STANDALONE)) + struct in_addr haddr_local; + struct sh_portentry * portent; + + CuAssertTrue(tc, 0 != inet_aton("127.0.0.1", &haddr_local)); + + sh_portchk_add_to_list (IPPROTO_TCP, 8000, haddr_local, NULL, SH_PORT_NOT, SH_PORT_UNKN); + + portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, haddr_local, NULL); + CuAssertPtrNotNull(tc, portent); + + CuAssertTrue(tc, portent->port == 8000); + CuAssertTrue(tc, 0 == strcmp("127.0.0.1", portent->interface)); + CuAssertTrue(tc, portent->status == SH_PORT_UNKN); + CuAssertTrue(tc, portent->flag == SH_PORT_NOT); + + sh_portchk_check_list (&portlist_tcp, IPPROTO_TCP, SH_PORT_NOREPT); + + CuAssertTrue(tc, NULL == portlist_tcp); + + sh_portchk_add_to_list (IPPROTO_TCP, 8000, haddr_local, NULL, SH_PORT_REQ, SH_PORT_UNKN); + sh_portchk_add_to_list (IPPROTO_TCP, 8001, haddr_local, NULL, SH_PORT_NOT, SH_PORT_UNKN); + sh_portchk_add_to_list (IPPROTO_TCP, 8002, haddr_local, NULL, SH_PORT_REQ, SH_PORT_UNKN); + sh_portchk_add_to_list (IPPROTO_TCP, 8003, haddr_local, NULL, SH_PORT_NOT, SH_PORT_UNKN); + sh_portchk_add_to_list (IPPROTO_TCP, 8004, haddr_local, NULL, SH_PORT_IGN, SH_PORT_UNKN); + sh_portchk_add_to_list (IPPROTO_TCP, -1, haddr_local, "foo1", SH_PORT_NOT, SH_PORT_UNKN); + sh_portchk_add_to_list (IPPROTO_TCP, -1, haddr_local, "foo2", SH_PORT_REQ, SH_PORT_UNKN); + sh_portchk_add_to_list (IPPROTO_TCP, -1, haddr_local, "foo3", SH_PORT_NOT, SH_PORT_UNKN); + sh_portchk_add_to_list (IPPROTO_TCP, -1, haddr_local, "foo4", SH_PORT_REQ, SH_PORT_UNKN); + sh_portchk_add_to_list (IPPROTO_TCP, -1, haddr_local, "foo5", SH_PORT_IGN, SH_PORT_UNKN); + + sh_portchk_check_list (&portlist_tcp, IPPROTO_TCP, SH_PORT_NOREPT); + + CuAssertPtrNotNull(tc, portlist_tcp); + + portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, haddr_local, NULL); + CuAssertPtrNotNull(tc, portent); + + portent = sh_portchk_get_from_list(IPPROTO_TCP, 8001, haddr_local, NULL); + CuAssertTrue(tc, NULL == portent); + + portent = sh_portchk_get_from_list(IPPROTO_TCP, 8002, haddr_local, NULL); + CuAssertPtrNotNull(tc, portent); + + portent = sh_portchk_get_from_list(IPPROTO_TCP, 8003, haddr_local, NULL); + CuAssertTrue(tc, NULL == portent); + + portent = sh_portchk_get_from_list(IPPROTO_TCP, 8004, haddr_local, NULL); + CuAssertPtrNotNull(tc, portent); + + portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, haddr_local, "foo1"); + CuAssertTrue(tc, NULL == portent); + + portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, haddr_local, "foo2"); + CuAssertPtrNotNull(tc, portent); + CuAssertTrue(tc, 0 == strcmp(portent->service, "foo2")); + + portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, haddr_local, "foo3"); + CuAssertTrue(tc, NULL == portent); + + portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, haddr_local, "foo4"); + CuAssertPtrNotNull(tc, portent); + CuAssertTrue(tc, 0 == strcmp(portent->service, "foo4")); + + portent = sh_portchk_get_from_list(IPPROTO_TCP, 8000, haddr_local, "foo5"); + CuAssertPtrNotNull(tc, portent); + CuAssertTrue(tc, 0 == strcmp(portent->service, "foo5")); + + CuAssertTrue(tc, 0 == sh_portchk_blacklist(666, haddr_local, IPPROTO_TCP)); + CuAssertTrue(tc, 0 != sh_portchk_blacklist(666, haddr_local, IPPROTO_TCP)); + CuAssertTrue(tc, 0 == sh_portchk_blacklist(667, haddr_local, IPPROTO_TCP)); + CuAssertTrue(tc, 0 == sh_portchk_blacklist(668, haddr_local, IPPROTO_TCP)); + CuAssertTrue(tc, 0 == sh_portchk_blacklist(666, haddr_local, IPPROTO_UDP)); + CuAssertTrue(tc, 0 != sh_portchk_blacklist(666, haddr_local, IPPROTO_UDP)); + CuAssertTrue(tc, 0 == sh_portchk_blacklist(667, haddr_local, IPPROTO_UDP)); + CuAssertTrue(tc, 0 == sh_portchk_blacklist(668, haddr_local, IPPROTO_UDP)); + + CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(668, haddr_local, IPPROTO_UDP)); + CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(667, haddr_local, IPPROTO_UDP)); + CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(666, haddr_local, IPPROTO_UDP)); + CuAssertTrue(tc, 0 == sh_portchk_is_blacklisted(665, haddr_local, IPPROTO_UDP)); + + CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(668, haddr_local, IPPROTO_TCP)); + CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(667, haddr_local, IPPROTO_TCP)); + CuAssertTrue(tc, 0 != sh_portchk_is_blacklisted(666, haddr_local, IPPROTO_TCP)); + CuAssertTrue(tc, 0 == sh_portchk_is_blacklisted(665, haddr_local, IPPROTO_TCP)); +#else + (void) tc; /* fix compiler warning */ +#endif + return; +} +#endif + +#ifdef TEST_ONLY + +void usage (char * pname) +{ + printf ("%s [-r|--required interface:portlist][-o|--optional interface:portlist][--no-udp][-d|--debug] hostname\n\n", pname); + printf (" Check local host for open ports; Version %s\n\n", PORTCHK_VERSION); + printf (" Interface: Numeric address for an interface, e.g. 127.0.0.1\n"); + printf (" Portlist: List of ports or services, e.g. 22/tcp,nfs/udp,nlockmgr/udp\n"); + printf (" required -> must be open\n"); + printf (" optional -> may be open or closed\n"); + printf (" RPC services must be specified with service **name**, others with **port number**\n\n"); + printf (" Example:\n"); + printf (" %s --required 192.168.1.2:22/tcp,nfs/udp,nlockmgr/udp\n\n", pname); + return; +} + +int main(int argc, char *argv[]) +{ + char * pname = argv[0]; + + + /* + test_lists(); + + portlist_tcp = sh_portchk_kill_list (portlist_tcp); + portlist_udp = sh_portchk_kill_list (portlist_udp); + */ + + // sh_portchk_add_required ("127.0.0.1 : nlockmgr/tcp, 5308/tcp, nfs/tcp"); + + while (argc > 1 && argv[1][0] == '-') + { + if (0 == strcmp(argv[1], "--help") || 0 == strcmp(argv[1], "-h")) + { + usage(pname); + exit (0); + } + else if (0 == strcmp(argv[1], "--required") || 0 == strcmp(argv[1], "-r")) + { + if (argc < 3) + { + usage(pname); + exit (1); + } + sh_portchk_add_required (argv[2]); + --argc; ++argv; + } + else if (0 == strcmp(argv[1], "--optional") || 0 == strcmp(argv[1], "-o")) + { + if (argc < 3) + { + usage(pname); + exit (1); + } + sh_portchk_add_optional (argv[2]); + --argc; ++argv; + } + else if (0 == strcmp(argv[1], "--no-udp")) + { + sh_portchk_check_udp = 0; + } + else if (0 == strcmp(argv[1], "--debug") || 0 == strcmp(argv[1], "-d")) + { + portchk_debug = 1; + } + else + { + usage(pname); + exit (1); + } + --argc; ++argv; + } + + if (argc < 2) + { + usage(pname); + exit (1); + } + + portchk_hostname = argv[1]; + + if (0 != sh_portchk_init ()) + { + usage(pname); + exit (1); + } + + sh_portchk_check(); + + return 0; +} +#endif Index: /tags/2.5.0/src/sh_prelink.c =================================================================== --- /tags/2.5.0/src/sh_prelink.c (revision 189) +++ /tags/2.5.0/src/sh_prelink.c (revision 189) @@ -0,0 +1,281 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 2004 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +#include +#include +#include + +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + +#include "samhain.h" +#include "sh_tiger.h" +#include "sh_extern.h" +#include "sh_utils.h" +#include "sh_unix.h" + +#undef FIL__ +#define FIL__ _("sh_prelink.c") + +static char * prelink_path = NULL; +static char * prelink_hash = NULL; + +int sh_prelink_set_path (const char * str) +{ + SL_ENTER(_("sh_prelink_set_path")); + if (prelink_path != NULL) + SH_FREE(prelink_path); + if (str[0] != '/') + { + prelink_path = NULL; + SL_RETURN((-1), _("sh_prelink_set_path")); + } + + prelink_path = sh_util_strdup(str); + + SL_RETURN(0, _("sh_prelink_set_path")); +} + +int sh_prelink_set_hash (const char * str) +{ + size_t len; + SL_ENTER(_("sh_prelink_set_hash")); + if (prelink_hash != NULL) + SH_FREE(prelink_hash); + len = sl_strlen (str); + if (len != KEY_LEN) + { + prelink_hash = NULL; + SL_RETURN((-1), _("sh_prelink_set_hash")); + } + prelink_hash = SH_ALLOC(len+1); + (void) sl_strlcpy(prelink_hash, str, len+1); + SL_RETURN(0, _("sh_prelink_set_hash")); +} + +int sh_prelink_iself (SL_TICKET fd, off_t size, int alert_timeout, char * path) +{ + long status; + char magic[4]; + char * tmp; + + /* 42 bytes is about the minimum an ELF binary might have + * (with plenty of hacks to reduce the size, such as interleaving + * the code with the header...) + */ + if (size < 42) + return S_FALSE; + + status = sl_read_timeout (fd, magic, 4, alert_timeout, SL_FALSE); + (void) sl_rewind(fd); + if (status == 4) + { + /*@-usedef@*/ + if (magic[0] == (char) 0x7f && + magic[1] == 'E' && + magic[2] == 'L' && + magic[3] == 'F') + return S_TRUE; + /*@+usedef@*/ + } + else + { + tmp = sh_util_safe_name (path); + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_SUBGPATH, + _("Error reading file"), _("sh_prelink_iself"), tmp); + SH_FREE(path); + } + return S_FALSE; +} + +extern int get_the_fd (SL_TICKET ticket); + +static void sh_prelink_fd(sh_tas_t * task) +{ + SL_TICKET ticket; + char * tmp; + char hashbuf[KEYBUF_SIZE]; + + if (task->com_ti != (-1)) + { + (void) sl_close(task->com_ti); + task->com_fd = -1; + task->com_ti = -1; + } + ticket = sl_open_read(task->command, + task->privileged == 0 ? SL_NOPRIV : SL_YESPRIV); + if (SL_ISERROR(ticket)) + { + tmp = sh_util_safe_name (task->command); + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, ticket, MSG_E_READ, tmp); + SH_FREE(tmp); + return; + } + + if (*(task->checksum) == '\0' || + 0 == sl_strcmp(task->checksum, + sh_tiger_hash (task->command, ticket, TIGER_NOLIM, hashbuf, sizeof(hashbuf)))) + { + task->com_fd = get_the_fd(ticket); + task->com_ti = ticket; + } + else + { + tmp = sh_util_safe_name (task->command); + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, ticket, MSG_E_HASH, tmp); + SH_FREE(tmp); + (void) sl_close(ticket); + } + return; +} + +/* returns static storage + */ +int sh_prelink_run (char * path, char * file_hash, int alert_timeout) +{ + static int init = S_FALSE; + static int args_filled = 0; + static sh_tas_t task; + + int status = 0; + char * p; + struct sigaction new_act; + struct sigaction old_act; + + SL_ENTER(_("sh_prelink_run")); + + /* reset if path == NULL + */ + if (path == NULL) + { + if (init == S_FALSE) + { + SL_RETURN (0, _("sh_prelink_run")); + } + sh_ext_tas_free(&task); + init = S_FALSE; + args_filled = 0; + SL_RETURN (0, _("sh_prelink_run")); + } + + /* initialize task structure + */ + if (init == S_FALSE) + { + char dir[SH_PATHBUF]; + + sh_ext_tas_init(&task); + p = sh_unix_getUIDdir (SH_ERR_ERR, task.run_user_uid, dir, sizeof(dir)); + if (p) + { + (void) sh_ext_tas_add_envv (&task, _("HOME"), p); + } + (void) sh_ext_tas_add_envv (&task, _("SHELL"), + _("/bin/sh")); + (void) sh_ext_tas_add_envv (&task, _("PATH"), + _("/sbin:/usr/sbin:/bin:/usr/bin")); + if (sh.timezone != NULL) + { + (void) sh_ext_tas_add_envv(&task, "TZ", sh.timezone); + } + if (prelink_path == NULL) + { + sh_ext_tas_command(&task, _("/usr/sbin/prelink")); + (void) sh_ext_tas_add_argv(&task, _("/usr/sbin/prelink")); + } + else + { + sh_ext_tas_command(&task, prelink_path); + (void) sh_ext_tas_add_argv(&task, prelink_path); + } + args_filled = sh_ext_tas_add_argv(&task, _("--verify")); + + if (prelink_hash != NULL) + { + (void) sl_strlcpy(task.checksum, prelink_hash, KEY_LEN+1); + } + task.rw = 'r'; + task.fork_twice = S_FALSE; + + sh_prelink_fd(&task); + + init = S_TRUE; + } + + /* rm filename arg if set; fill in filename + */ + if (args_filled == 3) + args_filled = sh_ext_tas_rm_argv(&task); + if (args_filled == 2) + args_filled = sh_ext_tas_add_argv(&task, path); + else + { + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, args_filled, MSG_E_SUBGEN, + _("Bad argument count"), _("sh_prelink_run")); + SL_RETURN ((-1), _("sh_prelink_run")); + } + + /* open pipe + */ + status = sh_ext_popen(&task); + if (status != 0) + { + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN, + _("Could not open pipe"), _("sh_prelink_run")); + SL_RETURN ((-1), _("sh_prelink_run")); + } + + if (SL_ISERROR(task.pipeTI)) + { + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, task.pipeTI, MSG_E_SUBGEN, + _("No valid ticket"), _("sh_prelink_run")); + SL_RETURN ((-1), _("sh_prelink_run")); + } + + /* ignore SIGPIPE (instead get EPIPE if connection is closed) + */ + new_act.sa_handler = SIG_IGN; + (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &new_act, &old_act); + + /* read from pipe + */ + sl_read_timeout_prep (task.pipeTI); + + { + char hashbuf[KEYBUF_SIZE]; + UINT64 length_nolim = TIGER_NOLIM; + sl_strlcpy(file_hash, + sh_tiger_generic_hash (path, task.pipeTI, &length_nolim, alert_timeout, + hashbuf, sizeof(hashbuf)), + KEY_LEN+1); + } + + /* restore old signal handler + */ + (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &old_act, NULL); + + /* close pipe and return exit status + */ + status = sh_ext_pclose(&task); + SL_RETURN ((status), _("sh_prelink_run")); +} +/* defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + */ +#endif Index: /tags/2.5.0/src/sh_prelude.c =================================================================== --- /tags/2.5.0/src/sh_prelude.c (revision 189) +++ /tags/2.5.0/src/sh_prelude.c (revision 189) @@ -0,0 +1,1320 @@ +/* + * + * Copyright (C) 2005 Yoann Vandoorselaere, Prelude IDS Technologies + * Rainer Wichmann + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; see the file COPYING. If not, write to + * the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. + * + */ + +/* + * 28/04/2005 : R.W.: + * move libprelude 0.8 code to seperate file + * + * 23/04/2005 : R.W.: + * include libprelude 0.9 code from Yoann Vandoorselaere + */ + + +/* + * for strptime() + */ +#define _GNU_SOURCE 1 + +#include "config_xor.h" + +#include +#include +#include + +#if TIME_WITH_SYS_TIME + +# include +# include + +#else + +# if HAVE_SYS_TIME_H +# include +# else +# include +# endif + +#endif + +#include +#include +#include + +int sh_argc_store; +char ** sh_argv_store; + +#if defined(HAVE_LIBPRELUDE) + + +/* + * _() macros are samhain specific; they are used to replace string + * constants at runtime. This is part of the samhain stealth mode + * (fill string constants with encoded strings, decode at runtime). + */ +#define FIL__ _("sh_prelude.c") + + +#include +#include + +/* + * includes for samhain-specific functions (sl_strstr, sh_error_handle) + */ +#include "samhain.h" +#include "sh_cat.h" +#include "sh_error_min.h" +#include "sh_prelude.h" +#define SH_NEED_PWD_GRP 1 +#include "sh_static.h" +char * sh_util_strdup (const char * str) SH_GNUC_MALLOC; +/* + * When SH_USE_XML is set, value are formated using name="value". + * Otherwise, value is formatted using the format name=. + */ +#ifdef SH_USE_XML +# define VALUE_DELIM_START '"' +# define VALUE_DELIM_END '"' +#else +# define VALUE_DELIM_START '<' +# define VALUE_DELIM_END '>' +#endif + +#define IDMEF_ANALYZER_MODEL _("Samhain") +#define IDMEF_ANALYZER_CLASS _("Integrity Checker") +#define IDMEF_ANALYZER_VERSION VERSION +#define IDMEF_ANALYZER_MANUFACTURER _("http://www.la-samhna.de/samhain/") + + + +/* + * 0 = not initialized; -1 = failed; 1 = initialized + */ +static int initialized = 0; +static int ready_for_init = 0; + +static char *profile = NULL; +static prelude_client_t *client = NULL; + +static int severity_map[1 + (unsigned int) IDMEF_IMPACT_SEVERITY_HIGH] = { + /* 0: unused (?) */ 0, + /* 1: INFO */ 0, + /* 2: LOW */ SH_ERR_ALL|SH_ERR_INFO, + /* 3: MEDIUM */ SH_ERR_NOTICE|SH_ERR_WARN|SH_ERR_STAMP|SH_ERR_ERR, + /* 4: HIGH */ SH_ERR_SEVERE|SH_ERR_FATAL +}; + +/* returns 0/tiger, 1/sha1, or 2/md5 + */ +extern int sh_tiger_get_hashtype(void); + +static void clear_and_set (int setpos, int flag) +{ + unsigned int i; + /* clear everywhere, and set at correct position */ + for (i = 1; i < (1 + (unsigned int) IDMEF_IMPACT_SEVERITY_HIGH); ++i) + severity_map[i] &= ~flag; + severity_map[setpos] |= flag; + return; +} + +static int set_prelude_severity_int (const char * str, int prelude_sev) +{ + char * p; + char * dup = strdup (str); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) + char * saveptr; +#endif + + if (!dup) + return -1; + +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) + p = strtok_r (dup, ", \t", &saveptr); +#else + p = strtok (dup, ", \t"); +#endif + if (p) { + do { + if (0 == strcmp (p, _("alert"))) + clear_and_set (prelude_sev, SH_ERR_FATAL); + else if (0 == strcmp (p, _("crit"))) + clear_and_set (prelude_sev, SH_ERR_SEVERE); + else if (0 == strcmp (p, _("err"))) + clear_and_set (prelude_sev, SH_ERR_ERR); + else if (0 == strcmp (p, _("mark"))) + clear_and_set (prelude_sev, SH_ERR_STAMP); + else if (0 == strcmp (p, _("warn"))) + clear_and_set (prelude_sev, SH_ERR_WARN); + else if (0 == strcmp (p, _("notice"))) + clear_and_set (prelude_sev, SH_ERR_NOTICE); + else if (0 == strcmp (p, _("debug"))) + clear_and_set (prelude_sev, SH_ERR_ALL); + else if (0 == strcmp (p, _("info"))) + clear_and_set (prelude_sev, SH_ERR_INFO); + else { + free (dup); + return -1; + } +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) + p = strtok_r (NULL, ", \t", &saveptr); +#else + p = strtok (NULL, ", \t"); +#endif + } while (p); + } + free(dup); + return 0; +} + +int sh_prelude_map_info (const char * str) +{ + return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_INFO)); +} +int sh_prelude_map_low (const char * str) +{ + return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_LOW)); +} +int sh_prelude_map_medium (const char * str) +{ + return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_MEDIUM)); +} +int sh_prelude_map_high (const char * str) +{ + return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_HIGH)); +} + +static idmef_impact_severity_t map_severity (int sam_sev) +{ + int i; + int max = 1 + (unsigned int) IDMEF_IMPACT_SEVERITY_HIGH; + idmef_impact_severity_t retval = IDMEF_IMPACT_SEVERITY_MEDIUM; + + for (i = 0; i < max; ++i) { + if (severity_map[i] & sam_sev) { + retval = (idmef_impact_severity_t) i; + } + } + return retval; +} + +static char *do_get_value(char *ptr, char delim_start, char delim_end) +{ + char *ret = NULL; + + ptr = strchr(ptr, delim_start); + if ( ! ptr ) + return NULL; + + ret = ++ptr; + + ptr = strchr(ptr, delim_end); + if ( ! ptr ) + return NULL; + + *ptr = '\0'; + ret = strdup(ret); + *ptr = delim_end; + + return ret; +} + + + +static char *get_value(char *msg, const char *toktmp, const char *toksuffix) +{ + char *ptr, tok[128]; + + snprintf(tok, sizeof(tok), "%s%s=", toktmp, (toksuffix) ? toksuffix : ""); + + ptr = strstr(msg, tok); + if ( ! ptr ) + return NULL; + + return do_get_value(ptr, VALUE_DELIM_START, VALUE_DELIM_END); +} + + + +static char *get_time_value(char *msg, const char *toktmp, const char *toksuffix) +{ + + char *ret, *ptr, tok[128]; + + snprintf(tok, sizeof(tok), "%s%s=", toktmp, (toksuffix) ? toksuffix : ""); + + ptr = strstr(msg, tok); + if ( ! ptr ) + return NULL; + +#ifndef SH_USE_XML + ret = do_get_value(ptr, '[', ']'); +#else + ret = do_get_value(ptr, VALUE_DELIM_START, VALUE_DELIM_END); +#endif + + return ret; +} + + + + +#if 0 +void debug_print_message(idmef_message_t *msg) +{ + int ret; + prelude_io_t *fd; + + ret = prelude_io_new(&fd); + if ( ret < 0 ) + return; + + prelude_io_set_file_io(fd, stderr); + idmef_message_print(idmef, fd); + + prelude_io_destroy(fd); +} +#endif + + + +static int idmef_time_from_samhain(idmef_time_t **time, const char *str) +{ + int ret; + char *ptr; + time_t utc; + struct tm lt; + + /* + * Samhain stamp are encoded in UTC. + */ + ptr = strptime(str, _("%Y-%m-%dT%H:%M:%S"), <); + if ( ! ptr ) { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("could not format Samhain time"), _("idmef_time_from_samhain")); + return -1; + } + + utc = prelude_timegm(<); + + ret = idmef_time_new_from_time(time, &utc); + if ( ret < 0 ) + return ret; + + return 0; +} + +/* flawfinder: ignore *//* is part of name, not access() */ +static void get_access_info(idmef_file_access_t *access, char * mode, int pos, int mpos) +{ + int got = 0; + int ret; + prelude_string_t *str; + + do { + if ( mode[pos] == 'r' ) { + /* flawfinder: ignore *//* is part of name, not access() */ + ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND); + if ( ret < 0 ) + return; + prelude_string_set_dup(str, _("read")); + ++got; + } + else if ( mode[pos] == 'w' ) { + /* flawfinder: ignore *//* is part of name, not access() */ + ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND); + if ( ret < 0 ) + return; + prelude_string_set_dup(str, _("write")); + ++got; + } + else if ( mode[pos] == 'x' || mode[pos] == 's' || mode[pos] == 't') { + /* flawfinder: ignore *//* is part of name, not access() */ + ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND); + if ( ret < 0 ) + return; + + if ( mode[pos] == 'x' && mode[0] == 'd' ) + prelude_string_set_dup(str, _("search")); + + else if ( mode[pos] == 'x' || mode[pos] == 't' ) + prelude_string_set_dup(str, _("execute")); + + else /* 's' */ + prelude_string_set_dup(str, _("executeAs")); + ++got; + } + ++pos; + } while (pos <= mpos); + + if ( got == 0 ) { + /* flawfinder: ignore *//* is part of name, not access() */ + ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND); + if ( ret < 0 ) + return; + prelude_string_set_dup(str, _("noAccess")); + } + return; +} + + +static void get_file_infos(idmef_target_t *target, char *msg, + idmef_file_category_t category) +{ + int ret; + int hashtype = 0; + char *ptr; + idmef_time_t *time; + idmef_file_t *file; + idmef_inode_t *inode; + prelude_string_t *str; + idmef_checksum_t *checksum; + idmef_file_access_t *access; /* flawfinder: ignore */ + idmef_user_id_t *userid; + const char *suffix = (category == IDMEF_FILE_CATEGORY_CURRENT) ? "_new" : "_old"; + char *mode = NULL; + + ret = idmef_target_new_file(target, &file, IDMEF_LIST_APPEND); + if ( ret < 0 ) + return; + idmef_file_set_category(file, category); + + ptr = get_value(msg, _("path"), NULL); + if ( ptr ) { + /* + * In term of IDMEF, this is the full path, + * including the name. + */ + ret = idmef_file_new_path(file, &str); + if ( ret < 0 ) { + free(ptr); + return; + } + prelude_string_set_nodup(str, ptr); + + ptr = strrchr(ptr, '/'); + if ( ptr ) { + ret = idmef_file_new_name(file, &str); + if ( ret == 0 ) { + prelude_string_set_dup(str, ptr + 1); + } + } + } + + ptr = get_value(msg, _("size"), suffix); + if ( ptr ) { + idmef_file_set_data_size(file, strtoul(ptr, NULL, 10)); + free(ptr); + } + + ptr = get_time_value(msg, _("mtime"), suffix); + if ( ptr ) { + ret = idmef_time_from_samhain(&time, ptr); + if ( ret == 0 ) { + idmef_file_set_modify_time(file, time); + } + free(ptr); + } + + ptr = get_time_value(msg, _("ctime"), suffix); + if ( ptr ) { + ret = idmef_time_from_samhain(&time, ptr); + if ( ret == 0 ) { + idmef_file_set_create_time(file, time); + } + free(ptr); + } + + ptr = get_value(msg, _("inode"), suffix); + if ( ptr ) { + ret = idmef_file_new_inode(file, &inode); + if ( ret == 0 ) { + char * dev = get_value(msg, _("dev"), suffix); + if (dev) { + char * q = strchr(dev, ','); + if (*q) { + *q = '\0'; ++q; + idmef_inode_set_major_device(inode, strtoul(dev, NULL, 0)); + idmef_inode_set_minor_device(inode, strtoul( q, NULL, 0)); + } + free(dev); + } + idmef_inode_set_number(inode, strtoul(ptr, NULL, 10)); + } + free(ptr); + } + + ptr = get_value(msg, _("chksum"), suffix); + if ( ptr ) { + ret = idmef_file_new_checksum(file, &checksum, IDMEF_LIST_APPEND); + if ( ret < 0 ) { + free(ptr); + goto get_mode; + } + + hashtype = sh_tiger_get_hashtype(); + + if (hashtype == 0) + idmef_checksum_set_algorithm(checksum, IDMEF_CHECKSUM_ALGORITHM_TIGER); + + else if (hashtype == 1) + idmef_checksum_set_algorithm(checksum, IDMEF_CHECKSUM_ALGORITHM_SHA1); + + else if (hashtype == 2) + idmef_checksum_set_algorithm(checksum, IDMEF_CHECKSUM_ALGORITHM_MD5); + + else + idmef_checksum_set_algorithm(checksum, IDMEF_CHECKSUM_ALGORITHM_TIGER); + + + ret = idmef_checksum_new_value(checksum, &str); + if ( ret < 0 ) { + free(ptr); + goto get_mode; + } + + /* will be freed on destroy() + */ + prelude_string_set_nodup(str, ptr); + } + + get_mode: + + mode = get_value(msg, _("mode"), suffix); + if ( mode ) { + /* flawfinder: ignore *//* is part of name, not access() */ + ret = idmef_file_new_file_access(file, &access, IDMEF_LIST_APPEND); + if ( ret < 0 ) + goto get_owner; + + /* flawfinder: ignore *//* is part of name, not access() */ + ret = idmef_file_access_new_user_id(access, &userid); + if ( ret < 0 ) + goto get_owner; + idmef_user_id_set_type(userid, IDMEF_USER_ID_TYPE_OTHER_PRIVS); + + /* flawfinder: ignore *//* is part of name, not access() */ + get_access_info ( access, mode, 7, 9 ); + } + + get_owner: + + ptr = get_value(msg, _("owner"), suffix); + if ( ptr ) { + char * uid; + + /* flawfinder: ignore *//* is part of name, not access() */ + ret = idmef_file_new_file_access(file, &access, IDMEF_LIST_APPEND); + if ( ret < 0 ) { + free(ptr); + goto get_group; + } + + /* flawfinder: ignore *//* is part of name, not access() */ + ret = idmef_file_access_new_user_id(access, &userid); + if ( ret < 0 ) { + free(ptr); + goto get_group; + } + idmef_user_id_set_type(userid, IDMEF_USER_ID_TYPE_USER_PRIVS); + + ret = idmef_user_id_new_name(userid, &str); + if ( ret < 0 ) { + free(ptr); + goto get_group; + } + prelude_string_set_nodup(str, ptr); + + uid = get_value(msg, _("iowner"), suffix); + if ( ! uid ) + goto get_group; + + idmef_user_id_set_number(userid, strtoul(uid, NULL, 0)); + + if ( mode ) { + /* flawfinder: ignore *//* is part of name, not access() */ + get_access_info ( access, mode, 1, 3 ); + } + + free(uid); + } + + get_group: + + ptr = get_value(msg, _("group"), suffix); + if ( ptr ) { + char *gid; + + /* flawfinder: ignore *//* is part of name, not access() */ + ret = idmef_file_new_file_access(file, &access, IDMEF_LIST_APPEND); + if ( ret < 0 ) { + free(ptr); + goto mode_free; + } + + ret = idmef_file_access_new_user_id(access, &userid);/* flawfinder: ignore *//* is part of name, not access() */ + if ( ret < 0 ) { + free(ptr); + goto mode_free; + } + + idmef_user_id_set_type(userid, IDMEF_USER_ID_TYPE_GROUP_PRIVS); + + ret = idmef_user_id_new_name(userid, &str); + if ( ret < 0 ) { + free(ptr); + goto mode_free; + } + + prelude_string_set_nodup(str, ptr); + + gid = get_value(msg, _("igroup"), suffix); + if ( ! gid ) + goto mode_free; + + idmef_user_id_set_number(userid, strtoul(gid, NULL, 0)); + + if ( mode ) { + get_access_info ( access, mode, 4, 6 ); /* flawfinder: ignore */ + } + + free(gid); + } + + mode_free: + + if ( mode ) { + free ( mode ); + } + + return; +} + + + +static int map_policy_to_class(char *msg, unsigned long msgid, idmef_impact_t *impact, prelude_string_t *out) +{ + char *ptr; + int ret, i; + struct tbl { + unsigned int msgid; + const char *name; + idmef_impact_type_t type; + } tbl[] = { + +#ifdef SH_USE_UTMP + { MSG_UT_LG1X, N_("User Login"), IDMEF_IMPACT_TYPE_USER }, + { MSG_UT_LG1A, N_("User Login"), IDMEF_IMPACT_TYPE_USER }, + { MSG_UT_LG1B, N_("User Login"), IDMEF_IMPACT_TYPE_USER }, + { MSG_UT_LG2X, N_("Multiple User Login"), IDMEF_IMPACT_TYPE_USER }, + { MSG_UT_LG2A, N_("Multiple User Login"), IDMEF_IMPACT_TYPE_USER }, + { MSG_UT_LG2B, N_("Multiple User Login"), IDMEF_IMPACT_TYPE_USER }, + { MSG_UT_LG3X, N_("User Logout"), IDMEF_IMPACT_TYPE_USER }, + { MSG_UT_LG3A, N_("User Logout"), IDMEF_IMPACT_TYPE_USER }, + { MSG_UT_LG3B, N_("User Logout"), IDMEF_IMPACT_TYPE_USER }, + { MSG_UT_LG3C, N_("User Logout"), IDMEF_IMPACT_TYPE_USER }, +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + { MSG_FI_MISS, N_("File Missing"), IDMEF_IMPACT_TYPE_FILE }, + { MSG_FI_MISS2, N_("File Missing"), IDMEF_IMPACT_TYPE_FILE }, + { MSG_FI_ADD, N_("File Added"), IDMEF_IMPACT_TYPE_FILE }, + { MSG_FI_ADD2, N_("File Added"), IDMEF_IMPACT_TYPE_FILE }, + { MSG_FI_CHAN, N_("File Modified"), IDMEF_IMPACT_TYPE_FILE }, + { MSG_FI_NODIR, N_("File found where directory was expected"), IDMEF_IMPACT_TYPE_FILE }, +#endif + +#ifdef SH_USE_KERN + { MSG_KERN_POLICY, N_("Kernel Modified"), IDMEF_IMPACT_TYPE_OTHER }, + { MSG_KERN_POL_CO, N_("Kernel Modified"), IDMEF_IMPACT_TYPE_OTHER }, + { MSG_KERN_PROC, N_("Kernel Modified"), IDMEF_IMPACT_TYPE_OTHER }, + { MSG_KERN_GATE, N_("Kernel Modified"), IDMEF_IMPACT_TYPE_OTHER }, + { MSG_KERN_IDT, N_("Kernel Modified"), IDMEF_IMPACT_TYPE_OTHER }, + { MSG_KERN_SYSCALL, N_("Kernel Modified"), IDMEF_IMPACT_TYPE_OTHER }, +#endif + +#ifdef SH_USE_PORTCHECK + { MSG_PORT_MISS, N_("Service closed"), IDMEF_IMPACT_TYPE_OTHER }, + { MSG_PORT_NEW, N_("Service opened"), IDMEF_IMPACT_TYPE_OTHER }, + { MSG_PORT_RESTART, N_("Service restarted"), IDMEF_IMPACT_TYPE_OTHER }, + { MSG_PORT_NEWPORT, N_("Service restarted"), IDMEF_IMPACT_TYPE_OTHER }, +#endif + +#ifdef SH_USE_SUIDCHK + { MSG_SUID_POLICY, N_("SUID/SGID File Detected"), IDMEF_IMPACT_TYPE_FILE }, +#endif + /* + * This must be the last table entry + */ + { 0, NULL, IDMEF_IMPACT_TYPE_OTHER }, + }; + + for ( i = 0; tbl[i].name != NULL; i++ ) { + if ( tbl[i].msgid != msgid ) + continue; + + idmef_impact_set_type(impact, tbl[i].type); + return prelude_string_cat(out, _(tbl[i].name)); + } + + /* some other message + */ + ptr = get_value(msg, _("msg"), NULL); + if ( ! ptr ) { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("could not format Samhain message"), _("map_policy_to_class")); + return -1; + } + + ret = prelude_string_cat(out, ptr); + free(ptr); + + return ret; +} + + +#ifdef SH_USE_PORTCHECK +static int get_service_info(char *msg, idmef_alert_t *alert) +{ + int ret; + long port; + char *ptr, *new, *tmp, *ip, *srv, *end; + prelude_string_t *str; + idmef_address_t *address; + idmef_node_t *node; + idmef_user_t *user; + idmef_process_t *process; + idmef_service_t *service; + idmef_source_t *source = idmef_alert_get_next_source(alert, NULL); + + new = sh_util_strdup(msg); + + ptr = strstr(new, _("port: ")); + if ( ! ptr ) { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("malformed Samhain port check message"), _("get_service_info")); + SH_FREE( new ); + return -1; + } + + ptr += 6; /* skip 'port: ', position on first byte of interface */ + tmp = strchr(ptr, ':'); + if ( ! tmp ) { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("malformed Samhain port check message (no port)"), _("get_service_info")); + SH_FREE( new ); + return -1; + } + *tmp = '\0'; + + /* Get interface + */ + ip = strdup(ptr); + if ( ip ) { + if ( ! source ) { + ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND); + if ( ret < 0 ) { + free(ip); + SH_FREE( new ); + return ret; + } + } + + ret = idmef_source_new_node(source, &node); + if ( ret < 0 ) { + free(ip); + SH_FREE( new ); + return ret; + } + + ret = idmef_node_new_address(node, &address, IDMEF_LIST_APPEND); + if ( ret < 0 ) { + free(ip); + SH_FREE( new ); + return ret; + } + + ret = idmef_address_new_address(address, &str); + if ( ret < 0 ) { + free(ip); + SH_FREE( new ); + return ret; + } + + prelude_string_set_nodup(str, ip); + } + + ptr = tmp; + ++ptr; + tmp = strchr(ptr, '/'); + if ( ! tmp ) { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("malformed Samhain port check message (no protocol)"), _("get_service_info")); + SH_FREE( new ); + return -1; + } + *tmp = '\0'; + + /* Get port number + */ + port = strtol(ptr, &end, 0); + if ( *ptr && *end == '\0' && port >= 0 && port < 65536) { + + if ( ! source ) { + ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND); + if ( ret < 0 ) { + free(srv); + SH_FREE( new ); + return ret; + } + } + + ret = idmef_source_new_service(source, &service); + if ( ret < 0 ) { + free(srv); + SH_FREE( new ); + return ret; + } + + idmef_service_set_port(service, port); + } + + ptr = tmp; + ++ptr; + ptr = strchr(ptr, '('); + if ( ! ptr ) { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("malformed Samhain port check message (no service)"), _("get_service_info")); + SH_FREE( new ); + return -1; + } + ++ptr; + tmp = strchr(ptr, ')'); + if ( ! tmp ) { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("malformed Samhain port check message (service not closed)"), _("get_service_info")); + SH_FREE( new ); + return -1; + } + *tmp = '\0'; + + /* Get service + */ + srv = strdup(ptr); + if ( srv ) { + if ( ! source ) { + ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND); + if ( ret < 0 ) { + free(srv); + SH_FREE( new ); + return ret; + } + } + + if ( ! service ) { + ret = idmef_source_new_service(source, &service); + if ( ret < 0 ) { + free(srv); + SH_FREE( new ); + return ret; + } + } + + ret = idmef_service_new_name(service, &str); + if ( ret < 0 ) { + free(srv); + SH_FREE( new ); + return ret; + } + + prelude_string_set_nodup(str, srv); + } + + SH_FREE( new ); + + ptr = get_value(msg, _("user"), NULL); + + if ( ptr ) { + + ret = idmef_source_new_user(source, &user); + if ( ret < 0 ) { + free(ptr); + return ret; + } + + ret = idmef_user_new_ident(user, &str); + if ( ret < 0 ) { + free(ptr); + return ret; + } + prelude_string_set_nodup(str, ptr); + } + + ptr = get_value(msg, _("path"), NULL); + + if ( ptr ) { + + /* + * In term of IDMEF, this is the full path, + * including the name. + */ + ret = idmef_source_new_process(source, &process); + if ( ret < 0 ) { + free(ptr); + return ret; + } + + ret = idmef_process_new_path(process, &str); + if ( ret < 0 ) { + free(ptr); + return ret; + } + prelude_string_set_nodup(str, ptr); + + ptr = strrchr(ptr, '/'); + if ( ptr ) { + ret = idmef_process_new_name(process, &str); + if ( ret == 0 ) { + prelude_string_set_dup(str, ptr + 1); + } + } + } + + return 0; +} +#endif + +static int get_login_info(char *msg, idmef_alert_t *alert) +{ + int ret; + char *ptr, *ip; + idmef_user_t *user; + idmef_node_t *node; + struct passwd *pw; +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + struct passwd pwd; + char buffer[SH_PWBUF_SIZE]; +#endif + prelude_string_t *str; + idmef_user_id_t *user_id; + idmef_address_t *address; + idmef_target_t *target = idmef_alert_get_next_target(alert, NULL); + idmef_source_t *source = idmef_alert_get_next_source(alert, NULL); + + ip = ptr = get_value(msg, _("ip"), NULL); + if ( ptr ) { + if ( ! source ) { + ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND); + if ( ret < 0 ) { + free(ptr); + return ret; + } + } + + ret = idmef_source_new_node(source, &node); + if ( ret < 0 ) { + free(ptr); + return ret; + } + + ret = idmef_node_new_address(node, &address, IDMEF_LIST_APPEND); + if ( ret < 0 ) { + free(ptr); + return ret; + } + + ret = idmef_address_new_address(address, &str); + if ( ret < 0 ) { + free(ptr); + return ret; + } + + prelude_string_set_nodup(str, ptr); + } + + ptr = get_value(msg, _("host"), NULL); + if ( ptr ) { + if ( ip && strcmp(ptr, ip) == 0 ) + free(ptr); + else { + if ( ! source ) { + ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND); + if ( ret < 0 ) { + free(ptr); + return ret; + } + } + + ret = idmef_source_new_node(source, &node); + if ( ret < 0 ) { + free(ptr); + return ret; + } + + ret = idmef_node_new_name(node, &str); + if ( ret < 0 ) { + free(ptr); + return ret; + } + + prelude_string_set_nodup(str, ptr); + } + } + + ptr = get_value(msg, _("name"), NULL); + if ( ptr ) { + ret = idmef_target_new_user(target, &user); + if ( ret < 0 ) { + free(ptr); + return ret; + } + + idmef_user_set_category(user, IDMEF_USER_CATEGORY_OS_DEVICE); + + ret = idmef_user_new_user_id(user, &user_id, IDMEF_LIST_APPEND); + if ( ret < 0 ) { + free(ptr); + return ret; + } + + idmef_user_id_set_type(user_id, IDMEF_USER_ID_TYPE_TARGET_USER); + +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + sh_getpwnam_r(ptr, &pwd, buffer, sizeof(buffer), &pw); +#else + pw = sh_getpwnam(ptr); +#endif + if ( pw ) + idmef_user_id_set_number(user_id, pw->pw_uid); + + ret = idmef_user_id_new_name(user_id, &str); + if ( ret < 0 ) { + free(ptr); + return ret; + } + prelude_string_set_nodup(str, ptr); + + ptr = get_value(msg, _("tty"), NULL); + if ( ptr ) { + ret = idmef_user_id_new_tty(user_id, &str); + if ( ret < 0 ) { + free(ptr); + return ret; + } + + prelude_string_set_nodup(str, ptr); + } + } + + ptr = get_time_value(msg, _("time"), NULL); + if ( ptr ) { + idmef_time_t *time; + + ret = idmef_time_from_samhain(&time, ptr); + free(ptr); + + if ( ret < 0 ) + return ret; + + idmef_alert_set_detect_time(alert, time); + } + + return 0; +} + + +static int samhain_alert_prelude(int priority, int sh_class, + char *message, unsigned long msgid) +{ + int ret; + idmef_time_t *time; + idmef_alert_t *alert; + idmef_message_t *idmef; + idmef_classification_t *classification; + idmef_assessment_t *assessment; + idmef_additional_data_t *data; + idmef_impact_t *impact; + idmef_target_t *target; + idmef_confidence_t *confidence; + prelude_string_t *str; + + if ( !client || sh_class == STAMP) + return 0; + + ret = idmef_message_new(&idmef); + if ( ret < 0 ) + goto err; + + ret = idmef_message_new_alert(idmef, &alert); + if ( ret < 0 ) + goto err; + + idmef_alert_set_analyzer(alert, idmef_analyzer_ref(prelude_client_get_analyzer(client)), IDMEF_LIST_PREPEND); + + ret = idmef_time_new_from_gettimeofday(&time); + if ( ret < 0 ) + goto err; + idmef_alert_set_detect_time(alert, time); + + ret = idmef_time_new_from_gettimeofday(&time); + if ( ret < 0 ) + goto err; + idmef_alert_set_create_time(alert, time); + + ret = idmef_alert_new_classification(alert, &classification); + if ( ret < 0 ) + goto err; + + ret = idmef_alert_new_target(alert, &target, IDMEF_LIST_APPEND); + if ( ret < 0 ) + goto err; + + idmef_target_set_decoy(target, IDMEF_TARGET_DECOY_NO); + + if ( idmef_analyzer_get_node(prelude_client_get_analyzer(client)) ) { + idmef_node_ref(idmef_analyzer_get_node(prelude_client_get_analyzer(client))); + idmef_target_set_node(target, idmef_analyzer_get_node(prelude_client_get_analyzer(client))); + } + + if ( strstr(message, _("path=")) ) { +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + if ( msgid != MSG_FI_ADD && msgid != MSG_FI_ADD2 ) + get_file_infos(target, message, IDMEF_FILE_CATEGORY_ORIGINAL); +#endif + + get_file_infos(target, message, IDMEF_FILE_CATEGORY_CURRENT); + } + + ret = idmef_alert_new_assessment(alert, &assessment); + if ( ret < 0 ) + goto err; + + ret = idmef_assessment_new_impact(assessment, &impact); + if ( ret < 0 ) + goto err; + + ret = idmef_classification_new_text(classification, &str); + if ( ret < 0 ) + goto err; + + ret = get_login_info(message, alert); + if ( ret < 0 ) + goto err; + +#ifdef SH_USE_PORTCHECK + if (msgid == MSG_PORT_MISS || msgid == MSG_PORT_NEW || msgid == MSG_PORT_RESTART || msgid == MSG_PORT_NEWPORT) { + ret = get_service_info(message, alert); + if ( ret < 0 ) + goto err; + } +#endif + + map_policy_to_class(message, msgid, impact, str); + +#if 0 + if ( priority == SH_ERR_SEVERE || priority == SH_ERR_FATAL ) + idmef_impact_set_severity(impact, IDMEF_IMPACT_SEVERITY_HIGH); + + else if ( priority == SH_ERR_ALL || priority == SH_ERR_INFO || priority == SH_ERR_NOTICE ) + idmef_impact_set_severity(impact, IDMEF_IMPACT_SEVERITY_LOW); + + else + idmef_impact_set_severity(impact, IDMEF_IMPACT_SEVERITY_MEDIUM); +#endif + idmef_impact_set_severity(impact, map_severity(priority)); + + idmef_impact_set_completion(impact, IDMEF_IMPACT_COMPLETION_SUCCEEDED); + + ret = idmef_assessment_new_confidence(assessment, &confidence); + if ( ret < 0 ) + goto err; + + idmef_confidence_set_rating(confidence, IDMEF_CONFIDENCE_RATING_HIGH); + + ret = idmef_alert_new_additional_data(alert, &data, IDMEF_LIST_APPEND); + if ( ret < 0 ) + goto err; + + ret = idmef_additional_data_new_meaning(data, &str); + if ( ret < 0 ) + goto err; + + prelude_string_set_dup(str, _("Message generated by Samhain")); + idmef_additional_data_set_type(data, IDMEF_ADDITIONAL_DATA_TYPE_STRING); + idmef_additional_data_set_string_ref(data, message); + + /* debug_print_message(idmef); */ + + prelude_client_send_idmef(client, idmef); + idmef_message_destroy(idmef); + + return 0; + + err: + idmef_message_destroy(idmef); + return -1; +} + + +int sh_prelude_alert(int priority, int sh_class, char *message, long msgflags, unsigned long msgid) +{ + int ret; + + (void) msgflags; /* fix compiler warning */ + + if ( initialized < 1 ) + return -1; + + ret = samhain_alert_prelude(priority, sh_class, message, msgid); + if ( ret < 0 ) { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("Problem with IDMEF for prelude-ids support: alert lost"), + _("sh_prelude_alert")); + } + + return ret; +} + + + +int sh_prelude_set_profile(const char *arg) +{ + if ( profile ) { + free(profile); + profile = NULL; + } + + if ( arg ) { + profile = strdup(arg); + if ( ! profile ) + return -1; + } + + return 0; +} + +/* Allow initialization of prelude; to be called + * after forking the daemon. Delays heartbeat + * start after config read until it is safe. + */ +void sh_prelude_reset(void) +{ + extern void sh_error_init_prelude(); + + ready_for_init = 1; + sh_error_init_prelude(); + return; +} + + + +void sh_prelude_stop(void) +{ + if (initialized < 1) + return; + + if (sh.flag.isdaemon == S_TRUE) + prelude_client_destroy(client, PRELUDE_CLIENT_EXIT_STATUS_FAILURE); + else + prelude_client_destroy(client, PRELUDE_CLIENT_EXIT_STATUS_SUCCESS); + + client = NULL; + + prelude_deinit(); + + initialized = 0; + return; +} + + + +int sh_prelude_init(void) +{ + int ret; + prelude_string_t *str; + idmef_analyzer_t *analyzer; + prelude_client_flags_t flags; +#ifdef SH_NOFAILOVER + prelude_connection_pool_t *pool; + prelude_connection_pool_flags_t conn_flags; +#endif + + if (ready_for_init == 0) + return initialized; + + if (initialized > 0) + return initialized; + + prelude_thread_init(NULL); + prelude_init(&sh_argc_store, sh_argv_store); + + ret = prelude_client_new(&client, profile ? profile : _("samhain")); + if ( ret < 0 ) { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("Failed to initialize Prelude"), _("sh_prelude_init")); + initialized = -1; + return -1; + } + + /* + * Enable automatic heartbeat sending. + */ + flags = prelude_client_get_flags(client); + ret = prelude_client_set_flags(client, flags | PRELUDE_CLIENT_FLAGS_ASYNC_TIMER); + + analyzer = prelude_client_get_analyzer(client); + + ret = idmef_analyzer_new_model(analyzer, &str); + prelude_string_set_dup(str, IDMEF_ANALYZER_MODEL); + + ret = idmef_analyzer_new_class(analyzer, &str); + prelude_string_set_dup(str, IDMEF_ANALYZER_CLASS); + + ret = idmef_analyzer_new_version(analyzer, &str); + prelude_string_set_dup(str, IDMEF_ANALYZER_VERSION); + +#ifdef SH_NOFAILOVER + pool = prelude_client_get_connection_pool(client); + conn_flags = prelude_connection_pool_get_flags(pool); + + conn_flags &= ~PRELUDE_CONNECTION_POOL_FLAGS_FAILOVER; + prelude_connection_pool_set_flags(pool, conn_flags); +#endif + + ret = prelude_client_start(client); + if ( ret < 0 ) { + prelude_perror(ret, _("error starting prelude client")); + + if ( prelude_client_is_setup_needed(ret) ) + prelude_client_print_setup_error(client); + + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("Failed to start Prelude"), _("sh_prelude_init")); + initialized = -1; + return -1; + } + + initialized = 1; + return 1; +} + +/* HAVE_LIBPRELUDE_9 */ +#endif + Index: /tags/2.5.0/src/sh_processcheck.c =================================================================== --- /tags/2.5.0/src/sh_processcheck.c (revision 189) +++ /tags/2.5.0/src/sh_processcheck.c (revision 189) @@ -0,0 +1,1462 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 2006 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +/*************************************************************************** + * + * This file provides a module for samhain to check for hidden/faked/missing + * processes on the host. + * + */ + +#include "config_xor.h" + +#define _XOPEN_SOURCE 500 + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef _POSIX_PRIORITY_SCHEDULING +#include +#endif + +#ifdef HAVE_GETPRIORITY +#include +#include +#endif + +#ifdef HAVE_SYS_STATVFS_H +#include +#endif + + +#ifdef HAVE_REGEX_H +#include +#endif + +#include "samhain.h" +#include "sh_modules.h" +#include "sh_processcheck.h" +#include "sh_utils.h" +#include "sh_error.h" +#include "sh_extern.h" +#include "sh_calls.h" +#include "sh_pthread.h" + +#ifdef SH_USE_PROCESSCHECK + +#define FIL__ _("sh_processcheck.c") + +#ifdef __linux__ +#define PS_THREADS +#endif + +/* We won't want to build this into yule + */ +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + +SH_MUTEX_STATIC(mutex_proc_check, PTHREAD_MUTEX_INITIALIZER); + +/* sh_prochk_maxpid is one more than the largest pid + */ +static size_t sh_prochk_minpid = 0x0001; +static size_t sh_prochk_maxpid = 0x8000; +static size_t sh_prochk_size = 0; + +static int ShProchkActive = S_TRUE; +static short * sh_prochk_res = NULL; + +static char * sh_prochk_pspath = NULL; +static char * sh_prochk_psarg = NULL; + +#define SH_PROCHK_INTERVAL 300 +static time_t sh_prochk_interval = SH_PROCHK_INTERVAL; +static int sh_prochk_severity = SH_ERR_SEVERE; + + +static int sh_prochk_set_maxpid (const char * str); +static int sh_prochk_set_minpid (const char * str); +static int sh_prochk_set_active (const char *str); +static int sh_prochk_add_process (const char *str); +static int sh_prochk_set_pspath (const char *str); +static int sh_prochk_set_psarg (const char *str); +static int sh_prochk_set_interval(const char *str); +static int sh_prochk_set_severity(const char *str); + +sh_rconf sh_prochk_table[] = { + { + N_("severityprocesscheck"), + sh_prochk_set_severity, + }, + { + N_("processcheckexists"), + sh_prochk_add_process, + }, + { + N_("processcheckactive"), + sh_prochk_set_active, + }, + { + N_("processcheckminpid"), + sh_prochk_set_minpid, + }, + { + N_("processcheckmaxpid"), + sh_prochk_set_maxpid, + }, + { + N_("processcheckpspath"), + sh_prochk_set_pspath, + }, + { + N_("processcheckpsarg"), + sh_prochk_set_psarg, + }, + { + N_("processcheckinterval"), + sh_prochk_set_interval, + }, + { + NULL, + NULL + } +}; + +#define SH_PROC_MISSING 1 +#define SH_PROC_FAKED 2 +#define SH_PROC_HIDDEN 4 +#define SH_PROC_EXISTS 8 + +#ifndef HAVE_LSTAT +#define lstat(x,y) stat(x,y) +#endif /* HAVE_LSTAT */ + +#if defined(S_IFLNK) && !defined(S_ISLNK) +#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK) +#else +#if !defined(S_ISLNK) +#define S_ISLNK(mode) (0) +#endif +#endif + +static const short SH_PR_PS = 0x0001; + +static const short SH_PR_GETSID = 0x0002; +static const short SH_PR_KILL = 0x0004; +static const short SH_PR_GETPGID = 0x0008; + +static const short SH_PR_LSTAT = 0x0010; +static const short SH_PR_OPENDIR = 0x0020; +static const short SH_PR_CHDIR = 0x0040; +static const short SH_PR_SCHED = 0x0080; + +static const short SH_PR_PRIORITY = 0x0100; +static const short SH_PR_STATVSF = 0x0200; + +static const short SH_PR_PS2 = 0x1000; +static const short SH_PR_PS_ANY = 0x2000; +static const short SH_PR_ALL = 0x4000; +static const short SH_PR_ANY = 0x8000; + +/* /proc: + * linux: /proc/pid/exe + * freebsd: /proc/pid/file + * solaris10: /proc/pid/path/a.out + */ +static char * get_user_and_path (pid_t pid, char * user, size_t usrlen) +{ + extern char * sh_unix_getUIDname (int level, uid_t uid, char * out, size_t len); + + char path[128]; + char * buf; + struct stat sbuf; + int len; + char * tmp; + + sl_snprintf (path, sizeof(path), "/proc/%ld/exe", (unsigned long) pid); + + if (0 == retry_lstat(FIL__, __LINE__, path, &sbuf) && S_ISLNK(sbuf.st_mode)) + { + goto linkread; + } + + sl_snprintf (path, sizeof(path), "/proc/%ld/file", (unsigned long) pid); + + if (0 == retry_lstat(FIL__, __LINE__, path, &sbuf) && S_ISLNK(sbuf.st_mode)) + { + goto linkread; + } + + sl_snprintf (path, sizeof(path), "/proc/%ld/path/a.out", (unsigned long) pid); + + if (0 == retry_lstat(FIL__, __LINE__, path, &sbuf) && S_ISLNK(sbuf.st_mode)) + { + goto linkread; + } + + return NULL; + + linkread: + + buf = SH_ALLOC(PATH_MAX); + len = readlink(path, buf, PATH_MAX); /* flawfinder: ignore */ + len = (len >= PATH_MAX) ? (PATH_MAX-1) : len; + + if (len > 0) + { + buf[len] = '\0'; + } + else + { + SH_FREE(buf); + return NULL; + } + + tmp = sh_unix_getUIDname (SH_ERR_ALL, sbuf.st_uid, user, usrlen); + + if (!tmp) + sl_snprintf (user, usrlen, "%ld", (unsigned long) sbuf.st_uid); + + return buf; +} + + +struct watchlist { + char * str; + unsigned long pid; +#ifdef HAVE_REGEX_H + regex_t preg; +#endif + int seen; + + struct watchlist *next; +}; + +static struct watchlist * process_check = NULL; + +static struct watchlist * list_missing = NULL; +static struct watchlist * list_fake = NULL; +static struct watchlist * list_hidden = NULL; + +/* recursively remove all list entries + */ +static void kill_list (struct watchlist * head) +{ + if (head->next) + kill_list (head->next); + + if (head->str) + SH_FREE(head->str); + SH_FREE(head); + + return; +} + + +/* check the list for old entries; clean out old entries; reset others + * Return number of non-obsolete entries + */ +static size_t clean_list (struct watchlist ** head_ptr) +{ + size_t count = 0; + struct watchlist * ptr = *head_ptr; + struct watchlist * pre = *head_ptr; + + while (ptr) + { + if (ptr->seen == S_FALSE) /* obsolete entry */ + { + if (ptr == pre) /* at head */ + { + ptr = pre->next; + *head_ptr = pre->next; + if (pre->str) + SH_FREE(pre->str); + SH_FREE(pre); + pre = ptr; + } + else + { + pre->next = ptr->next; + if (ptr->str) + SH_FREE(ptr->str); + SH_FREE(ptr); + ptr = pre->next; + } + } + else + { + ++count; + ptr->seen = S_FALSE; /* reset status */ + pre = ptr; + ptr = ptr->next; + } + } + return count; +} + +/* check if process is in list; if not, add it and return false + */ +static int is_in_list (struct watchlist ** head_ptr, + char * str, unsigned long pid) +{ + struct watchlist * ptr = *head_ptr; + + if (str) + { + while (ptr) + { + if (ptr->str && (0 == strcmp(str, ptr->str))) + { + ptr->seen = S_TRUE; + return S_TRUE; + } + ptr = ptr->next; + } + } + else + { + while (ptr) + { + if (ptr->pid == pid) + { + ptr->seen = S_TRUE; + return S_TRUE; + } + ptr = ptr->next; + } + } + + ptr = SH_ALLOC(sizeof(struct watchlist)); + + if (str) + { + ptr->str = sh_util_strdup(str); + } + else + { + ptr->str = NULL; + ptr->pid = pid; + } + ptr->next = *head_ptr; + ptr->seen = S_TRUE; + *head_ptr = ptr; + + return S_FALSE; +} + +static int is_in_watchlist (const char *str, unsigned long num) +{ + struct watchlist * list = process_check; + + while (list) + { +#ifdef HAVE_REGEX_H + if (0 == regexec(&(list->preg), str, 0, NULL, 0)) + { + list->seen = S_TRUE; + list->pid = num; + return S_TRUE; + } +#else + if (strstr(str, list->str)) + { + list->seen = S_TRUE; + list->pid = num; + return S_TRUE; + } +#endif + list = list->next; + } + return S_FALSE; +} + +/* These variables are not used anywhere. They only exist + * to assign &userold, &user to them, which keeps gcc from + * putting them into a register, and avoids the 'clobbered + * by longjmp' warning. And no, 'volatile' proved insufficient. + */ +static void * sh_dummy_watchlist = NULL; + +static void check_watchlist (short * res) +{ + struct watchlist * list = process_check; + char * tmp; + size_t indx; + + /* Take the address to keep gcc from putting them into registers. + * Avoids the 'clobbered by longjmp' warning. + */ + sh_dummy_watchlist = (void*) &list; + + while (list) + { + if (list->seen == S_FALSE) + { + /* avoid repetition of messages + */ + if (S_FALSE == is_in_list(&list_missing, list->str, 0)) + { + SH_MUTEX_LOCK(mutex_thread_nolog); + tmp = sh_util_safe_name (list->str); + sh_error_handle(sh_prochk_severity, FIL__, __LINE__, 0, + MSG_PCK_MISS, + tmp); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + } + } + else + { + indx = list->pid - sh_prochk_minpid; + + if (list->pid < sh_prochk_maxpid && list->pid >= sh_prochk_minpid && + ((res[indx] & SH_PR_ANY) == 0) && /* not found */ + ((res[indx] & SH_PR_PS) != 0) && /* seen in first ps */ + ((res[indx] & SH_PR_PS2) != 0)) /* seen in second ps */ + { + /* fake process, thus considered missing + */ + if (S_FALSE == is_in_list(&list_missing, list->str, 0)) + { + SH_MUTEX_LOCK(mutex_thread_nolog); + tmp = sh_util_safe_name (list->str); + sh_error_handle(sh_prochk_severity, FIL__, __LINE__, 0, + MSG_PCK_MISS, + tmp); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SH_FREE(tmp); + } + } + list->seen = S_FALSE; + } + list = list->next; + } +} + +/* Add 'str' to the list of watched processes for which + * existence should be checked. + */ +int sh_prochk_add_process (const char *str) +{ + struct watchlist *new; + int status; + char errbuf[256]; + + SL_ENTER(_("sh_prochk_add_process")); + + if( str == NULL ) + SL_RETURN(-1, _("sh_prochk_add_process") ); + + new = SH_ALLOC(sizeof(struct watchlist)); + new->next = process_check; + new->str = sh_util_strdup(str); +#ifdef HAVE_REGEX_H + status = regcomp(&(new->preg), str, REG_NOSUB|REG_EXTENDED); + if (status != 0) + { + regerror(status, &(new->preg), errbuf, sizeof(errbuf)); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + errbuf, _("sh_processes_add_process")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SH_FREE(new->str); + SH_FREE(new); + SL_RETURN(-1, _("sh_prochk_add_process") ); + } +#endif + new->pid = 0; + new->seen = S_FALSE; + + process_check = new; + SL_RETURN(0, _("sh_prochk_add_process") ); +} + +/* severity + */ +int sh_prochk_set_severity (const char * c) +{ + char tmp[32]; + tmp[0] = '='; tmp[1] = '\0'; + sl_strlcat (tmp, c, 32); + return sh_error_set_level (tmp, &sh_prochk_severity); +} + + + +/* Path to ps + */ +int sh_prochk_set_pspath(const char *str) +{ + SL_ENTER(_("sh_prochk_set_pspath")); + + if (!str && ('/' != str[0])) + SL_RETURN((-1), _("sh_prochk_set_psarg")); + if (sh_prochk_pspath) + SH_FREE(sh_prochk_pspath); + sh_prochk_pspath = sh_util_strdup (str); + + SL_RETURN((0), _("sh_prochk_set_pspath")); + +} + +/* argument for ps + */ +int sh_prochk_set_psarg(const char *str) +{ + SL_ENTER(_("sh_prochk_set_psarg")); + + if (sh_prochk_psarg) + SH_FREE(sh_prochk_psarg); + sh_prochk_psarg = sh_util_strdup (str); + + SL_RETURN((0), _("sh_prochk_set_psarg")); + +} + + +/* Decide if we're active. + */ +int sh_prochk_set_active(const char *str) +{ + int value; + + SL_ENTER(_("sh_prochk_set_active")); + + value = sh_util_flagval(str, &ShProchkActive); + + SL_RETURN((value), _("sh_prochk_set_active")); +} + +/* Minimum PID + */ +int sh_prochk_set_minpid(const char * str) +{ + size_t value; + char * foo; + int retval = 0; + + SL_ENTER(_("sh_prochk_set_minpid")); + + value = (size_t) strtoul(str, &foo, 0); + if (*foo != '\0') + retval = -1; + else + sh_prochk_minpid = value; + + SL_RETURN((retval), _("sh_prochk_set_minpid")); +} + +/* Maximum PID + */ +static int userdef_maxpid = 0; + +int sh_prochk_set_maxpid(const char * str) +{ + size_t value; + char * foo; + int retval = -1; + + SL_ENTER(_("sh_prochk_set_maxpid")); + + value = (size_t) strtoul(str, &foo, 0); + + if (*foo == '\0' && SL_TRUE == sl_ok_adds(value, 1)) { + sh_prochk_maxpid = value + 1; + userdef_maxpid = 1; + } + + SL_RETURN((retval), _("sh_prochk_set_maxpid")); +} + +int sh_prochk_set_interval (const char * c) +{ + int retval = 0; + long val; + + SL_ENTER(_("sh_prochk_set_interval")); + val = strtol (c, (char **)NULL, 10); + if (val <= 0) + { + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("process check interval"), c); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + retval = -1; + } + + sh_prochk_interval = (time_t) val; + SL_RETURN(0, _("sh_prochk_set_interval")); +} + + + +/* Recurse to the end of the list and then free the data as we return + * back up towards the start, making sure to free any strdupped strings + */ +static void sh_prochk_free_list(struct watchlist *head) +{ + if ( head != NULL ) + { + sh_prochk_free_list(head->next); + if (head->str) + SH_FREE(head->str); +#ifdef HAVE_REGEX_H + regfree(&(head->preg)); +#endif + SH_FREE(head); + } + return; +} + +#if defined(__linux__) +#define PROC_PID_MAX _("/proc/sys/kernel/pid_max") + +static int proc_max_pid (size_t * procpid) +{ + char * ret; + unsigned long pid; + FILE * fd; + char str[128]; + char * ptr; + + SL_ENTER(_("proc_max_pid")); + + if (userdef_maxpid != 0) + SL_RETURN((-1), _("proc_max_pid")); + + if (0 == access(PROC_PID_MAX, R_OK)) /* flawfinder: ignore */ + { + if (NULL != (fd = fopen(PROC_PID_MAX, "r"))) + { + str[0] = '\0'; + ret = fgets(str, 128, fd); + if (ret && *str != '\0') + { + pid = strtoul(str, &ptr, 0); + if (*ptr == '\0' || *ptr == '\n') + { + fclose(fd); + *procpid = (size_t) pid; + SL_RETURN(0, _("proc_max_pid")); + } + } + fclose(fd); + } + } + SL_RETURN((-1), _("proc_max_pid")); +} +#else +static int proc_max_pid(size_t * dummy) +{ + (void) dummy; + return -1; +} +#endif + +static void sh_processes_tlist (char * list, size_t len, short res) +{ + if (res & SH_PR_PS) sl_strlcat(list, _(" ps(initial)"), len); + if (res & SH_PR_CHDIR) sl_strlcat(list, _(" chdir"), len); + if (res & SH_PR_OPENDIR) sl_strlcat(list, _(" opendir"), len); + if (res & SH_PR_LSTAT) sl_strlcat(list, _(" lstat"), len); + if (res & SH_PR_PRIORITY) sl_strlcat(list, _(" getpriority"), len); + if (res & SH_PR_SCHED) sl_strlcat(list, _(" sched_getparam"), len); + if (res & SH_PR_GETSID) sl_strlcat(list, _(" getsid"), len); + if (res & SH_PR_GETPGID) sl_strlcat(list, _(" getpgid"), len); + if (res & SH_PR_KILL) sl_strlcat(list, _(" kill"), len); + if (res & SH_PR_STATVSF) sl_strlcat(list, _(" statvfs"), len); + if (res & SH_PR_PS2) sl_strlcat(list, _(" ps(final)"), len); + return; +} + + +static short sh_processes_check (pid_t pid, short res) +{ + int have_checks = 0; + int need_checks = 0; +#ifdef HAVE_PROCFS + char path[128]; + struct stat buf; + DIR * dir; + int retval; +#ifdef HAVE_STATVFS + struct statvfs vfsbuf; +#endif +#endif + +#if !defined(sun) && !defined(__sun) && !defined(__sun__) +#ifdef _POSIX_PRIORITY_SCHEDULING + struct sched_param p; +#endif +#endif + + if (0 == kill(pid, 0)) + { + res |= SH_PR_KILL; res |= SH_PR_ANY; ++have_checks; + ++need_checks; + } + else if (errno != EPERM) + { + ++need_checks; + } + + +#ifdef HAVE_GETPGID + if ((pid_t)-1 != getpgid(pid)) + { + res |= SH_PR_GETPGID; res |= SH_PR_ANY; ++have_checks; + } + ++need_checks; +#endif + +#ifdef HAVE_GETSID + if ((pid_t)-1 != getsid(pid)) + { + res |= SH_PR_GETSID; res |= SH_PR_ANY; ++have_checks; + } + ++need_checks; +#endif + + /* sched_getparam() is broken on solaris 10, may segfault in librt + */ +#if !defined(sun) && !defined(__sun) && !defined(__sun__) +#ifdef _POSIX_PRIORITY_SCHEDULING + if (0 == sched_getparam (pid, &p)) + { + res |= SH_PR_SCHED; res |= SH_PR_ANY; ++have_checks; + } + ++need_checks; +#endif +#endif + +#ifdef HAVE_GETPRIORITY + errno = 0; + if (((-1) == getpriority (PRIO_PROCESS, (int) pid)) && (errno == ESRCH)); + else + { + res |= SH_PR_PRIORITY; res |= SH_PR_ANY; ++have_checks; + } + ++need_checks; +#endif + +#ifdef HAVE_PROCFS + sl_snprintf (path, sizeof(path), "/proc/%ld", (unsigned long) pid); + + do { + retval = lstat (path, &buf); + } while (retval < 0 && errno == EINTR); + + if (0 == retval) + { + res |= SH_PR_LSTAT; res |= SH_PR_ANY; ++have_checks; + } + ++need_checks; + + if (NULL != (dir = opendir(path))) + { + res |= SH_PR_OPENDIR; res |= SH_PR_ANY; ++have_checks; + closedir(dir); + } + ++need_checks; + +#ifdef HAVE_STATVFS + do { + retval = statvfs (path, &vfsbuf); + } while (retval < 0 && errno == EINTR); + + if (0 == retval) + { + res |= SH_PR_STATVSF; res |= SH_PR_ANY; ++have_checks; + } + ++need_checks; +#endif + +#if !defined(SH_PROFILE) + if (0 == chdir(path)) + { + res |= SH_PR_CHDIR; res |= SH_PR_ANY; ++have_checks; + do { + retval = chdir ("/"); + } while (retval < 0 && errno == EINTR); + } + ++need_checks; +#endif +#endif + + if (have_checks == need_checks) + { + res |= SH_PR_ALL; + } + return res; +} + +extern int flag_err_debug; + +static int sh_processes_readps (FILE * in, short * res, + char * str, size_t len, + short flag, pid_t pid) +{ + int cc; + unsigned int lnum = 0; + unsigned long num = 0; + char c; + unsigned int pos = 0; + char tstr[256]; + enum { SKIP_TO_WS, SKIP_WS, SKIP_TO_WS2, SKIP_WS2, GET_NUM, SKIP_END, GET_NUM2 } line; + + SL_ENTER(_("sh_processes_readps")); + + if (!in) { + SL_RETURN((-1), _("sh_processes_readps")); + } + + tstr[(sizeof(tstr)-1)] = '\0'; + tstr[0] = '\0'; + line = SKIP_END; /* Skip 1st line */ + + do + { + cc = fgetc(in); + + if (EOF == cc) + { + if (feof(in)) + { + break; + } + else if (errno == EAGAIN) + { + clearerr(in); + continue; + } +#ifdef HOST_IS_OPENBSD + else if (errno == ENODEV) + { + clearerr(in); + continue; + } +#endif + else + { + char errbuf[SH_ERRBUF_SIZE]; + + /* SH_MUTEX_LOCK(mutex_thread_nolog) is in caller */ + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message(errno, errbuf, sizeof(errbuf)), + _("sh_processes_readps")); + break; + } + } + + c = (char) cc; + + if (pos < (sizeof(tstr)-1)) + { + tstr[pos] = c; ++pos; + } + + switch(line) + { + case SKIP_END: + if (c == '\n') + { + tstr[pos-1] = '\0'; + if (flag_err_debug == SL_TRUE) + { + /* SH_MUTEX_LOCK(mutex_thread_nolog) is in caller */ + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, num, + MSG_E_SUBGEN, + tstr, + _("sh_processes_readps")); + } + /* fprintf(stderr, "<%ld> %s\n", num, tstr); */ + line = SKIP_WS; pos = 0; + if (str != NULL && num == (unsigned long) pid) + sl_strlcpy(str, tstr, len); + if (lnum != 0) + is_in_watchlist (tstr, num); + ++lnum; + } + break; + case SKIP_TO_WS: + if (!isspace(cc)) + break; + line = SKIP_WS; + /* fallthrough */ + case SKIP_WS: + if (isspace(cc)) + break; + num = 0; + line = GET_NUM; + /* fallthrough */ + case GET_NUM: + if (isdigit(cc)) + { + num = num * 10 + (c - '0'); + break; + } + else if (isspace(cc)) + { +#ifdef PS_THREADS + num = 0; + line = SKIP_WS2; +#else + if (num < sh_prochk_maxpid && num >= sh_prochk_minpid) + { + res[num - sh_prochk_minpid] |= flag; + } + line = SKIP_END; +#endif + break; + } + else + { + line = SKIP_TO_WS; + break; + } + case SKIP_TO_WS2: + if (!isspace(cc)) + break; + line = SKIP_WS2; + /* fallthrough */ + case SKIP_WS2: + if (isspace(cc)) + break; + num = 0; + line = GET_NUM2; + /* fallthrough */ + case GET_NUM2: + if (isdigit(cc)) + { + num = num * 10 + (c - '0'); + break; + } + else if (isspace(cc)) + { + if (num < sh_prochk_maxpid && num >= sh_prochk_minpid) + { + res[num - sh_prochk_minpid] |= flag; + } + line = SKIP_END; + break; + } + else + { + line = SKIP_TO_WS2; + break; + } + default: + SL_RETURN ((-1), _("sh_processes_readps")); + } + } while (1); + + if (ferror(in)) + { + SL_RETURN ((-1), _("sh_processes_readps")); + } + + SL_RETURN ((0), _("sh_processes_readps")); +} + +static int sh_processes_runps (short * res, char * str, size_t len, + short flag, pid_t pid) +{ + sh_tas_t task; + + int status = 0; + char * p; + struct sigaction new_act; + struct sigaction old_act; + int retval = 0; + char dir[SH_PATHBUF]; + + SL_ENTER(_("sh_processes_runps")); + + sh_ext_tas_init(&task); + p = sh_unix_getUIDdir (SH_ERR_ERR, task.run_user_uid, dir, sizeof(dir)); + if (p) + { + (void) sh_ext_tas_add_envv (&task, _("HOME"), p); + } + (void) sh_ext_tas_add_envv (&task, _("SHELL"), + _("/bin/sh")); + (void) sh_ext_tas_add_envv (&task, _("PATH"), + _("/sbin:/usr/sbin:/bin:/usr/bin")); + if (sh.timezone != NULL) + { + (void) sh_ext_tas_add_envv(&task, "TZ", sh.timezone); + } + + if (!sh_prochk_pspath) + sh_ext_tas_command(&task, PSPATH); + else + sh_ext_tas_command(&task, sh_prochk_pspath); + + (void) sh_ext_tas_add_argv(&task, _("ps")); + + if (!sh_prochk_psarg) + { +#ifdef PS_THREADS + (void) sh_ext_tas_add_argv(&task, _("-eT")); +#else + (void) sh_ext_tas_add_argv(&task, PSARG); +#endif + } + else + { + (void) sh_ext_tas_add_argv(&task, sh_prochk_psarg); + } + + task.rw = 'r'; + task.fork_twice = S_FALSE; + + status = sh_ext_popen(&task); + if (status != 0) + { + /* SH_MUTEX_LOCK(mutex_thread_nolog) is in caller */ + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN, + _("Could not open pipe"), _("sh_processes_runps")); + SL_RETURN ((-1), _("sh_processes_runps")); + } + + /* ignore SIGPIPE (instead get EPIPE if connection is closed) + */ + new_act.sa_handler = SIG_IGN; + (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &new_act, &old_act); + + /* read from the open pipe + */ + if (task.pipe != NULL) + { + retval = sh_processes_readps (task.pipe, res, str, len, flag, pid); + } + + /* restore old signal handler + */ + (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &old_act, NULL); + + /* close pipe and return exit status + */ + (void) sh_ext_pclose(&task); + sh_ext_tas_free (&task); + SL_RETURN ((retval), _("sh_processes_runps")); +} + +static int sh_process_check_int (short * res) +{ + volatile size_t i; + size_t j; + char tests[512]; + volatile int retval; + + pid_t this_pid; + + SL_ENTER(_("sh_process_check_int")); + + this_pid = getpid(); + + if (!res) + { + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("Internal error: NULL argument, switching off"), + _("sh_process_check_int")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SL_RETURN ((-1), _("sh_process_check_int")); + } + + SH_MUTEX_LOCK(mutex_thread_nolog); + retval = sh_processes_runps (res, NULL, 0, SH_PR_PS, 0); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + for (i = sh_prochk_minpid; i != sh_prochk_maxpid; ++i) + { + j = i - sh_prochk_minpid; + res[j] = sh_processes_check ((pid_t) i, res[j]); + } + SH_MUTEX_LOCK(mutex_thread_nolog); + retval += sh_processes_runps (res, NULL, 0, SH_PR_PS2, 0); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + + if (retval != 0) + { + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("Failed to run ps, switching off"), + _("sh_process_check_int")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SL_RETURN ((-1), _("sh_process_check_int")); + } + + /* Evaluate results + */ + for (i = sh_prochk_minpid; i != sh_prochk_maxpid; ++i) + { + /* don't check the current process + */ + if (i == (size_t) this_pid) + continue; + + j = i - sh_prochk_minpid; + + if (((res[j] & SH_PR_PS) != 0) || ((res[j] & SH_PR_PS2) != 0)) + { + res[j] |= SH_PR_PS_ANY; + } + else + { + res[j] &= ~SH_PR_PS_ANY; + } + + tests[0] = '\0'; + + if ((res[j] & SH_PR_ANY) || (res[j] & SH_PR_PS_ANY)) + { + /* list all tests where the pid was found + */ + sh_processes_tlist (tests, sizeof(tests), res[j]); + + /* + * case 1: in ps and found + */ + if ((res[j] & SH_PR_PS_ANY) && (res[j] & SH_PR_ANY)) + { + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_PCK_OK, + (unsigned long) i, tests); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + } + + /* + * case 2: not in ps and found + */ + else if ((res[j] & SH_PR_PS_ANY) == 0) + { + res[j] = sh_processes_check ((pid_t) i, 0); + /* + * if still there, it is real and hidden + */ + if (res[j] & SH_PR_ANY) + { + if (S_FALSE == is_in_list(&list_hidden, NULL, i)) + { + char user[16]; + char * aout; + char * safe; + + SH_MUTEX_LOCK(mutex_thread_nolog); + aout = get_user_and_path ((pid_t) i, user, sizeof(user)); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + + if (aout) + { + safe = sh_util_safe_name (aout); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(sh_prochk_severity, FIL__, __LINE__, 0, + MSG_PCK_P_HIDDEN, + (unsigned long) i, tests, safe, user); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SH_FREE(safe); + SH_FREE(aout); + } + else + { + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(sh_prochk_severity, FIL__, __LINE__, 0, + MSG_PCK_HIDDEN, + (unsigned long) i, tests); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + } + } + } + } + + /* + * case 3: in ps, but not found + */ + else + { + if (((res[j] & SH_PR_PS) != 0) && ((res[j] & SH_PR_PS2) != 0)) + { + if (S_FALSE == is_in_list(&list_fake, NULL, i)) + { + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle(sh_prochk_severity, FIL__, __LINE__, 0, + MSG_PCK_FAKE, + (unsigned long) i, tests); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + } + } + } + } + } /* loop end */ + + check_watchlist (res); + + SL_RETURN (0, _("sh_process_check_int")); +} + +/* Initialise. + */ +static int sh_prochk_init_internal(void) +{ + SL_ENTER(_("sh_prochk_init")); + + (void) proc_max_pid (&sh_prochk_maxpid); + + if (sh_prochk_minpid > sh_prochk_maxpid) + ShProchkActive = S_FALSE; + + /* We need to free anything allocated by the configuration functions if + * we find that the module is to be left inactive - otherwise _reconf() + * won't quite work. + */ + if( ShProchkActive == S_FALSE ) + { + sh_prochk_free_list(process_check); + process_check = NULL; + SL_RETURN(-1, _("sh_prochk_init")); + } + + sh_prochk_size = sh_prochk_maxpid - sh_prochk_minpid; + + sh_prochk_res = SH_ALLOC(sizeof(short) * sh_prochk_size); + memset (sh_prochk_res, 0, sizeof(short) * sh_prochk_size); + + SL_RETURN(0, _("sh_prochk_init")); +} + +int sh_prochk_init (struct mod_type * arg) +{ + if (ShProchkActive == S_FALSE) + return SH_MOD_FAILED; +#ifdef HAVE_PTHREAD + if (arg != NULL && arg->initval < 0 && + (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE)) + { + if (0 == sh_pthread_create(sh_threaded_module_run, (void *)arg)) + return SH_MOD_THREAD; + else + return SH_MOD_FAILED; + } +#endif + return sh_prochk_init_internal(); +} + +int sh_prochk_timer(time_t tcurrent) +{ + static time_t lastcheck = 0; + + SL_ENTER(_("sh_prochk_timer")); + if ((time_t) (tcurrent - lastcheck) >= sh_prochk_interval) + { + lastcheck = tcurrent; + SL_RETURN((-1), _("sh_prochk_timer")); + } + SL_RETURN(0, _("sh_prochk_timer")); +} + +int sh_prochk_check(void) +{ + int status; + + SL_ENTER(_("sh_prochk_check")); + + SH_MUTEX_LOCK(mutex_proc_check); + + status = 0; + + if( ShProchkActive != S_FALSE ) + { + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_PCK_CHECK, + (unsigned long) sh_prochk_minpid, + (unsigned long) (sh_prochk_maxpid-1)); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + + if (sh_prochk_res) { + memset (sh_prochk_res, 0, sizeof(short) * sh_prochk_size); + } + status = sh_process_check_int(sh_prochk_res); + + if (status != 0) + ShProchkActive = S_FALSE; + + /* clean out old entries which are not marked + * as missing/hidden/fake anymore + */ + clean_list (&list_missing); + clean_list (&list_hidden); + clean_list (&list_fake); + } + + SH_MUTEX_UNLOCK(mutex_proc_check); + + SL_RETURN(status, _("sh_prochk_check")); +} + +/* Free our lists and the associated memory + */ +int sh_prochk_cleanup(void) +{ + SL_ENTER(_("sh_prochk_cleanup")); + + sh_prochk_reconf(); + + if (list_missing) { + kill_list(list_missing); + list_missing = NULL; + } + if (list_hidden) { + kill_list(list_hidden); + list_hidden = NULL; + } + if (list_fake) { + kill_list(list_fake); + list_fake = NULL; + } + + SL_RETURN(0, _("sh_prochk_cleanup")); +} + +/* Free our lists and the associated memory + */ +int sh_prochk_reconf(void) +{ + SL_ENTER(_("sh_prochk_reconf")); + + SH_MUTEX_LOCK(mutex_proc_check); + userdef_maxpid = 0; + sh_prochk_maxpid = 0x8000; + sh_prochk_minpid = 0x0001; + sh_prochk_interval = SH_PROCHK_INTERVAL; + + sh_prochk_free_list(process_check); + process_check = NULL; + if (sh_prochk_res != NULL) + SH_FREE(sh_prochk_res); + sh_prochk_res = NULL; + + if (sh_prochk_psarg) + SH_FREE(sh_prochk_psarg); + sh_prochk_psarg = NULL; + if (sh_prochk_pspath) + SH_FREE(sh_prochk_pspath); + sh_prochk_pspath = NULL; + SH_MUTEX_UNLOCK(mutex_proc_check); + + SL_RETURN(0, _("sh_prochk_reconf")); +} + +/* #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) */ +#endif + +/* #ifdef SH_USE_PROCESSCHECK */ +#endif + + +#ifdef SH_CUTEST +#include "CuTest.h" + +void Test_processcheck_watchlist_ok (CuTest *tc) { +#if defined(SH_USE_PROCESSCHECK) && (defined(SH_WITH_CLIENT) || defined(SH_STANDALONE)) + CuAssertTrue(tc, 0 == sh_prochk_add_process("init")); + CuAssertTrue(tc, + S_TRUE == is_in_watchlist(" 1 ? 00:00:00 init", 0)); + CuAssertTrue(tc, + S_FALSE == is_in_watchlist(" 1 ? 00:00:00 flix", 0)); + CuAssertTrue(tc, + S_TRUE == is_in_watchlist("25218 ? SNs 0:01 /usr/sbin/init -k start -DSSL", 0)); + CuAssertTrue(tc, + S_FALSE == is_in_watchlist("25218 ? SNs 0:01 /usr/sbin/apache2 -k start -DSSL", 0)); + + + sh_prochk_free_list(process_check); + process_check = NULL; + CuAssertTrue(tc, S_FALSE == is_in_watchlist("init", 0)); + + CuAssertTrue(tc, 0 == sh_prochk_add_process("init")); + CuAssertTrue(tc, 0 == sh_prochk_add_process("ssh")); + CuAssertTrue(tc, 0 == sh_prochk_add_process("syslog")); + CuAssertTrue(tc, S_TRUE == is_in_watchlist("init", 0)); + CuAssertTrue(tc, S_TRUE == is_in_watchlist("ssh", 0)); + CuAssertTrue(tc, S_TRUE == is_in_watchlist("syslog", 0)); + + sh_prochk_free_list(process_check); + process_check = NULL; + CuAssertTrue(tc, S_FALSE == is_in_watchlist("init", 0)); + CuAssertTrue(tc, S_FALSE == is_in_watchlist("ssh", 0)); + CuAssertTrue(tc, S_FALSE == is_in_watchlist("syslog", 0)); +#else + (void) tc; /* fix compiler warning */ +#endif + return; +} + +void Test_processcheck_listhandle_ok (CuTest *tc) { +#if defined(SH_USE_PROCESSCHECK) && (defined(SH_WITH_CLIENT) || defined(SH_STANDALONE)) + CuAssertTrue(tc, S_FALSE == is_in_list(&list_missing, "init", 0)); + CuAssertTrue(tc, S_TRUE == is_in_list(&list_missing, "init", 0)); + CuAssertTrue(tc, S_FALSE == is_in_list(&list_missing, "foobar", 0)); + CuAssertTrue(tc, S_TRUE == is_in_list(&list_missing, "foobar", 0)); + + if (list_missing) + kill_list(list_missing); + list_missing = NULL; + + CuAssertTrue(tc, S_FALSE == is_in_list(&list_missing, "init", 0)); + CuAssertTrue(tc, S_TRUE == is_in_list(&list_missing, "init", 0)); + CuAssertTrue(tc, S_FALSE == is_in_list(&list_missing, "foobar", 0)); + CuAssertTrue(tc, S_TRUE == is_in_list(&list_missing, "foobar", 0)); + + if (list_missing) + kill_list(list_missing); + list_missing = NULL; + + CuAssertTrue(tc, S_FALSE == is_in_list(&list_missing, "init", 0)); + CuAssertTrue(tc, S_TRUE == is_in_list(&list_missing, "init", 0)); + CuAssertTrue(tc, S_FALSE == is_in_list(&list_missing, "foobar", 0)); + CuAssertTrue(tc, S_TRUE == is_in_list(&list_missing, "foobar", 0)); + + CuAssertTrue(tc, 2 == clean_list(&list_missing)); + CuAssertPtrNotNull(tc, list_missing); + + CuAssertTrue(tc, S_TRUE == is_in_list(&list_missing, "init", 0)); + CuAssertTrue(tc, S_TRUE == is_in_list(&list_missing, "foobar", 0)); + + CuAssertTrue(tc, 2 == clean_list(&list_missing)); + CuAssertPtrNotNull(tc, list_missing); + + CuAssertTrue(tc, 0 == clean_list(&list_missing)); + CuAssertTrue(tc, NULL == list_missing); +#else + (void) tc; /* fix compiler warning */ +#endif + return; +} + + +/* #ifdef SH_CUTEST */ +#endif + Index: /tags/2.5.0/src/sh_pthread.c =================================================================== --- /tags/2.5.0/src/sh_pthread.c (revision 189) +++ /tags/2.5.0/src/sh_pthread.c (revision 189) @@ -0,0 +1,290 @@ +#include "config_xor.h" + +#include "sh_pthread.h" + +#ifdef HAVE_PTHREAD + +#include +#include "sh_calls.h" +#include "sh_modules.h" +extern volatile int sh_thread_pause_flag; + +SH_MUTEX_INIT(mutex_skey, PTHREAD_MUTEX_INITIALIZER); +SH_MUTEX_INIT(mutex_resolv, PTHREAD_MUTEX_INITIALIZER); +SH_MUTEX_INIT(mutex_pwent, PTHREAD_MUTEX_INITIALIZER); +SH_MUTEX_INIT(mutex_readdir, PTHREAD_MUTEX_INITIALIZER); +SH_MUTEX_INIT(mutex_thread_nolog, PTHREAD_MUTEX_INITIALIZER); + +void sh_pthread_mutex_unlock (void *arg) +{ + (void) pthread_mutex_unlock ((pthread_mutex_t *)arg); + return; +} + +int sh_pthread_init_threadspecific(void) +{ + int rc = 0; +#ifdef SH_STEALTH + extern int sh_g_thread(void); + + rc = sh_g_thread(); + if (rc != 0) + return rc; +#endif + + return rc; +} + + +/* + * ---- Utilities for modules ---- + */ + +/* MODULES: init() + * + * #ifdef HAVE_PTHREAD + * if (arg != NULL) + * { + * if (0 == sh_pthread_create(sh_threaded_module_run, (void *)arg)) + * return SH_MOD_THREAD; + * else + * return SH_MOD_FAILED; + * } + * #else + * return sh_utmp_init_internal(); + * #endif + * + * + * sh_threaded_module_run(module_struct) + * -- calls internal init, + * -- polls timer, + * -- runs module check, + * -- runs sh_pthread_testcancel() + * -- returns (return == exit) + */ + +#define SH_NUM_THREADS 16 +static pthread_t threads[SH_NUM_THREADS]; +static int ithread[SH_NUM_THREADS]; +static pthread_mutex_t create_mutex = PTHREAD_MUTEX_INITIALIZER; + +int sh_pthread_create(void *(*start_routine)(void*), void *arg) +{ + int rc, nthread = 1; + sigset_t signal_set; + int retval = 0; + + pthread_mutex_lock(&create_mutex); + + /* block all signals + */ + sigfillset( &signal_set ); + pthread_sigmask( SIG_BLOCK, &signal_set, NULL ); + + /* find a free slot in threads[] + */ + while (nthread < SH_NUM_THREADS) + { + if (ithread[nthread] == 0) + break; + ++nthread; + if (nthread == SH_NUM_THREADS) + { + retval = -1; + goto err_out; + } + } + + rc = pthread_create(&threads[nthread], NULL, start_routine, arg); + if (rc != 0) + { + retval = -1; + goto err_out; + } + + ithread[nthread] = 1; + + err_out: + pthread_sigmask( SIG_UNBLOCK, &signal_set, NULL ); + pthread_mutex_unlock(&create_mutex); + return retval; +} + +int sh_pthread_cancel_all() +{ + int i; + int ret = 0; + + SH_MUTEX_LOCK(create_mutex); + + for (i = 1; i < SH_NUM_THREADS; ++i) + { + if (ithread[i] != 0) + if (0 != pthread_cancel(threads[i])) + ithread[i] = 0; + } + + for (i = 1; i < SH_NUM_THREADS; ++i) + { + if (ithread[i] != 0) + pthread_join(threads[i], NULL); + ithread[i] = 0; + } + + SH_MUTEX_UNLOCK(create_mutex); + return ret; +} + +/* ---- Utility functions for modules ---- + */ + +#undef S_TRUE +#define S_TRUE 1 +#undef S_FALSE +#define S_FALSE 0 + +void sh_threaded_module_cleanup(void *arg) +{ + sh_mtype * this_module = (sh_mtype *) arg; + this_module->mod_cleanup(); + return; +} + +void * sh_threaded_module_run(void *arg) +{ + sh_mtype * this_module = (sh_mtype *) arg; + + /* First we lock the module. This ensures that it cannot be + * run twice. + */ + pthread_cleanup_push(sh_pthread_mutex_unlock, (void*) &(this_module->mod_mutex)); + pthread_mutex_lock(&(this_module->mod_mutex)); + + if (0 == sh_pthread_init_threadspecific()) + { + + if (0 == this_module->mod_init(NULL)) + { + pthread_cleanup_push(sh_threaded_module_cleanup, arg); + + while (1) + { + if (sh_thread_pause_flag != S_TRUE && + 0 != this_module->mod_timer(time(NULL))) + { + /* If module has been de-activated on reconfigure, + * mod_check() must return non-zero. + * The mod_cleanup() routine must then enable the + * module to be re-activated eventually. + */ + if (0 != this_module->mod_check()) + break; + pthread_testcancel(); + } + retry_msleep(1,0); + } + + pthread_cleanup_pop(1); /* notreached,but required */ + } + } + + pthread_cleanup_pop(1); + + return NULL; +} + + +/* + * ---- Implementation of recursive mutexes from libxml2 ---- + */ +#if !defined(HAVE_PTHREAD_MUTEX_RECURSIVE) +/** + * libxml2 threads.c: set of generic threading related routines + * + * Gary Pennington + * daniel@veillard.com + + * Except where otherwise noted in the source code (e.g. the files hash.c, + * list.c and the trio files, which are covered by a similar licence but + * with different Copyright notices) all the files are: + * + * Copyright (C) 1998-2003 Daniel Veillard. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is fur- + * nished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FIT- + * NESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * DANIEL VEILLARD BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CON- + * NECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * Except as contained in this notice, the name of Daniel Veillard shall not + * be used in advertising or otherwise to promote the sale, use or other deal- + * ings in this Software without prior written authorization from him. + */ + +/* Modified NewRMutex -> InitRMutex. We use a static structure, rather than + * allocating one. Also dropped code for non-POSIX OSes. + */ +void sh_InitRMutex(struct sh_RMutex * tok) +{ + pthread_mutex_init(&tok->lock, NULL); + tok->held = 0; + tok->waiters = 0; + pthread_cond_init(&tok->cv, NULL); + + return; +} + +void sh_RMutexLock(struct sh_RMutex * tok) +{ + if (tok == NULL) + return; + + pthread_mutex_lock(&tok->lock); + if (tok->held) { + if (pthread_equal(tok->tid, pthread_self())) { + tok->held++; + pthread_mutex_unlock(&tok->lock); + return; + } else { + tok->waiters++; + while (tok->held) + pthread_cond_wait(&tok->cv, &tok->lock); + tok->waiters--; + } + } + tok->tid = pthread_self(); + tok->held = 1; + pthread_mutex_unlock(&tok->lock); +} + +void sh_RMutexUnlock(void * arg) +{ + struct sh_RMutex * tok = (struct sh_RMutex *) arg; + + if (tok == NULL) + return; + + pthread_mutex_lock(&tok->lock); + tok->held--; + if (tok->held == 0) { + if (tok->waiters) + pthread_cond_signal(&tok->cv); + tok->tid = 0; + } + pthread_mutex_unlock(&tok->lock); +} +#endif + + +#endif Index: /tags/2.5.0/src/sh_readconf.c =================================================================== --- /tags/2.5.0/src/sh_readconf.c (revision 189) +++ /tags/2.5.0/src/sh_readconf.c (revision 189) @@ -0,0 +1,1296 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999, 2000 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + + +#include +#include +#include +#include + + +#include "samhain.h" +#include "sh_error.h" +#include "sh_database.h" +#include "sh_unix.h" +#include "sh_utils.h" +#include "sh_files.h" +#include "sh_mail.h" +#include "sh_calls.h" +#include "sh_tiger.h" +#include "sh_forward.h" +#include "sh_modules.h" +#include "sh_gpg.h" +#include "sh_hash.h" +#include "sh_ignore.h" +#include "sh_prelink.h" +#include "sh_extern.h" + +#ifdef WITH_DATABASE +#include "sh_database.h" +#endif + +#ifdef HAVE_LIBPRELUDE +#include "sh_prelude.h" +#endif + +extern int set_reverse_lookup (const char * c); + +#undef FIL__ +#define FIL__ _("sh_readconf.c") + +typedef enum { + SH_SECTION_NONE, + SH_SECTION_LOG, + SH_SECTION_MISC, + SH_SECTION_ATTRIBUTES, + SH_SECTION_READONLY, + SH_SECTION_LOGFILES, + SH_SECTION_LOGGROW, + SH_SECTION_NOIGNORE, + SH_SECTION_ALLIGNORE, + SH_SECTION_USER0, + SH_SECTION_USER1, + SH_SECTION_USER2, + SH_SECTION_USER3, + SH_SECTION_USER4, + SH_SECTION_PRELINK, +#if defined (SH_WITH_MAIL) + SH_SECTION_MAIL, +#endif +#if defined (SH_WITH_CLIENT) + SH_SECTION_CLT, +#endif +#ifdef WITH_EXTERNAL + SH_SECTION_EXTERNAL, +#endif +#ifdef WITH_DATABASE + SH_SECTION_DATABASE, +#endif +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + SH_SECTION_OTHER, +#endif +#ifdef SH_WITH_SERVER + SH_SECTION_CLIENTS, + SH_SECTION_SRV, +#endif + SH_SECTION_THRESHOLD +} ShSectionType; + +typedef struct str_ListSections { + const char * name; + int type; +} sh_str_ListSections; + +struct str_ListSections tab_ListSections[] = { + { N_("[Log]"), SH_SECTION_LOG}, + { N_("[Misc]"), SH_SECTION_MISC}, + { N_("[Attributes]"), SH_SECTION_ATTRIBUTES}, + { N_("[ReadOnly]"), SH_SECTION_READONLY}, + { N_("[LogFiles]"), SH_SECTION_LOGFILES}, + { N_("[GrowingLogFiles]"), SH_SECTION_LOGGROW}, + { N_("[IgnoreAll]"), SH_SECTION_ALLIGNORE}, + { N_("[IgnoreNone]"), SH_SECTION_NOIGNORE}, + { N_("[User0]"), SH_SECTION_USER0}, + { N_("[User1]"), SH_SECTION_USER1}, + { N_("[User2]"), SH_SECTION_USER2}, + { N_("[User3]"), SH_SECTION_USER3}, + { N_("[User4]"), SH_SECTION_USER4}, + { N_("[Prelink]"), SH_SECTION_PRELINK}, +#ifdef WITH_EXTERNAL + { N_("[External]"), SH_SECTION_EXTERNAL}, +#endif +#ifdef WITH_DATABASE + { N_("[Database]"), SH_SECTION_DATABASE}, +#endif + { N_("[EventSeverity]"), SH_SECTION_THRESHOLD}, +#ifdef SH_WITH_SERVER + { N_("[Clients]"), SH_SECTION_CLIENTS}, + { N_("[Server]"), SH_SECTION_SRV}, +#endif +#if defined (SH_WITH_CLIENT) + { N_("[Client]"), SH_SECTION_CLT}, +#endif +#if defined (SH_WITH_MAIL) + { N_("[Mail]"), SH_SECTION_MAIL}, +#endif + { NULL, SH_SECTION_NONE} +}; + + +static int sh_readconfig_line (char * line); + +static ShSectionType read_mode = SH_SECTION_NONE; + +static int conf_line = 0; + +/* --- Read the configuration file. --- + */ +int sh_readconf_read (void) +{ +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + /* This is for modules. + */ + int modnum; +#endif + + int i; + + SL_TICKET fd = -1; +#if defined(SH_STEALTH) && !defined(SH_STEALTH_MICRO) + SL_TICKET fdTmp = -1; + SL_TICKET open_tmp (void); +#endif + char * tmp; + char * lptr; + + char line_in[512+2]; + char * line; + int line_int; + + char myident[3*SH_MINIBUF+3]; + + /* This is for nested conditionals. + */ + int some_other_host[16] = { 0 }; + int some_other_system[16] = { 0 }; + int seen_host = 0; + int seen_system = 0; + int host_int = 0; + int sys_int = 0; + + int invert = 0; + int length = sl_strlen(sh.host.name); + + int local_file = 1; + char local_flag = 'R'; + +#if defined(WITH_GPG) || defined(WITH_PGP) + int signed_content = S_FALSE; + int true_content = S_FALSE; +#endif +#if defined(SH_STEALTH) && !defined(SH_STEALTH_MICRO) + int hidden_count = 0; +#endif + uid_t euid; + char hashbuf[KEYBUF_SIZE]; + + SL_ENTER(_("sh_readconf_read")); + + /* --- Open config file, exit on failure. --- + */ +#if defined(SH_WITH_CLIENT) + if (0 == sl_strcmp(file_path('C', 'R'), _("REQ_FROM_SERVER"))) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_D_START); + + fd = sh_forward_req_file(_("CONF")); + + if (!SL_ISERROR(fd)) + local_file = 0; + else if (sh.flag.checkSum != SH_CHECK_INIT) + aud_exit (FIL__, __LINE__, EXIT_FAILURE); + else + { + sh_error_handle ((-1), FIL__, __LINE__, fd, MSG_D_FAIL); + local_file = 1; + local_flag = 'I'; + } + } +#endif + + /* Use a local configuration file. + */ + if (local_file == 1) + { + if (0 != tf_trust_check (file_path('C', local_flag), SL_YESPRIV)) + { + sl_get_euid(&euid); + dlog(1, FIL__, __LINE__, + _("The configuration file: %s is untrusted, i.e. an\nuntrusted user owns or can write to some directory in the path.\n"), + ( (NULL == file_path('C', local_flag)) + ? _("(null)") : file_path('C', local_flag) )); + sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_TRUST, + (long) euid, + ( (NULL == file_path('C', local_flag)) + ? _("(null)") : file_path('C', local_flag) ) + ); + aud_exit (FIL__, __LINE__, EXIT_FAILURE); + } + if (SL_ISERROR(fd = sl_open_read(file_path('C',local_flag),SL_YESPRIV))) + { + sl_get_euid(&euid); + dlog(1, FIL__, __LINE__, + _("Could not open the local configuration file for reading because\nof the following error: %s (errnum = %ld)\nIf this is a permission problem, you need to change file permissions\nto make the file readable for the effective UID: %d\n"), + sl_get_errmsg(), fd, (int) euid); + sh_error_handle ((-1), FIL__, __LINE__, fd, MSG_NOACCESS, + (long) euid, + ( (NULL == file_path('C', local_flag)) + ? _("(null)") : file_path('C', local_flag) ) + ); + aud_exit (FIL__, __LINE__, EXIT_FAILURE); + } + } + + /* Compute the checksum of the open file. + */ + sl_strlcpy(sh.conf.hash, + sh_tiger_hash(file_path('C',local_flag), fd, TIGER_NOLIM, hashbuf, sizeof(hashbuf)), + KEY_LEN+1); + sl_rewind (fd); + +#if defined(SH_STEALTH) && !defined(SH_STEALTH_MICRO) + /* extract the data and copy to temporary file + */ + fdTmp = open_tmp(); + while ( sh_unix_getline_stealth (fd, line_in, 512) > 0) { + hidden_count++; + if (line_in[0] == '\n') + { + sl_write(fdTmp, line_in, 1); + } + else + { + sl_write_line(fdTmp, line_in, sl_strlen(line_in)); + } +#if defined(WITH_GPG) || defined(WITH_PGP) + if (0 == sl_strncmp(line_in, _("-----END PGP SIGNATURE-----"), 25)) + break; +#else + if (0 == sl_strncmp(line_in, _("[EOF]"), 5)) + break; +#endif + if (hidden_count > 4096) /* arbitrary safeguard */ + break; + } + sl_close(fd); + fd = fdTmp; + sl_rewind (fd); +#endif + + /* The system type, release, and machine. + */ + sl_snprintf(myident, sizeof(myident), _("%s:%s:%s"), + sh.host.system, /* flawfinder: ignore */ + sh.host.release, sh.host.machine); + + + /* --- Start reading lines. --- + */ + conf_line = 0; + + while ( sh_unix_getline (fd, line_in, 512) > 0) { + + ++conf_line; + + line = &(line_in[0]); + + /* fprintf(stderr, "<%s>\n", line); */ + + /* Sun May 27 18:40:05 CEST 2001 + */ +#if defined(WITH_GPG) || defined(WITH_PGP) + if (signed_content == S_FALSE) + { + if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNED MESSAGE-----"))) + signed_content = S_TRUE; + else + continue; + } + else if (true_content == S_FALSE) + { + if (line[0] == '\n') + true_content = S_TRUE; + else + continue; + } + else if (signed_content == S_TRUE) + { + if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNATURE-----"))) + break; + else if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNED MESSAGE-----"))) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("second signed message in file"), + _("sh_readconf_read")); + dlog(1, FIL__, __LINE__, + _("There seems to be more than one signed message in the configuration\nfile. Please make sure there is only one signed message.\n")); + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EXIT_ABORT1, + sh.prg_name); + aud_exit (FIL__, __LINE__,EXIT_FAILURE); + } + } +#endif + + /* Skip leading white space. + */ + while (*line) + { + line_int = *line; + if (!isspace(line_int)) + break; + ++line; + } + + /* Skip header etc. + */ + if (line[0] == '#' || line[0] == '\0' || line[0] == ';' || + (line[0] == '/' && line[1] == '/')) + continue; + + /* Clip off trailing white space. + */ + tmp = line + sl_strlen( line ); --tmp; + while( isspace((int) *tmp ) && tmp >= line ) *tmp-- = '\0'; + + + /* ------- starts a section ------------ */ + + if (line[0] == '[' && + some_other_host[seen_host] == 0 && + some_other_system[seen_system] == 0) + { + read_mode = SH_SECTION_NONE; + + if (sl_strncmp (line, _("[EOF]"), + 5) == 0) + { + goto nopel; + } + + i = 0; + + while (tab_ListSections[i].name != 0) + { + if (sl_strncmp (line, _(tab_ListSections[i].name), + sl_strlen(tab_ListSections[i].name)) == 0) + { + read_mode = tab_ListSections[i].type; + break; + } + ++i; + } + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + if (read_mode == SH_SECTION_NONE) + { + for (modnum = 0; modList[modnum].name != NULL; ++modnum) + { + if (0 == sl_strncmp (line, _(modList[modnum].conf_section), + sl_strlen(modList[modnum].conf_section)) ) + read_mode = SH_SECTION_OTHER; + } + } +#endif + if (read_mode == SH_SECTION_NONE) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALHEAD, + (long) conf_line); + } + } + + /* --- an @host directive -------------- */ + + else if (line[0] == '@' || (line[0] == '!' && line[1] == '@')) + { + if (line[0] == '!') + { + lptr = &line[2]; + invert = 1; + } + else + { + lptr = &line[1]; + invert = 0; + } + + if (sl_strncmp (lptr, _("end"), 3) == 0) + { + if (0 == seen_host) + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALD, + _("config file"), + (long) conf_line); + + else if (host_int == 0) + { + /* end of an @host directive + */ + some_other_host[seen_host] = 0; + --seen_host; + seen_host = (seen_host < 0) ? 0 : seen_host; + } + + else + { + --host_int; + host_int = (host_int < 0) ? 0 : host_int; + } + } + else if (some_other_host[seen_host] == 0 && + some_other_system[seen_system] == 0 && + seen_host < 15) + { + if (sl_strncmp (lptr, sh.host.name, length) == 0 +#ifdef HAVE_REGEX_H + || sh_util_regcmp (lptr, sh.host.name) == 0 +#endif + ) + { + /* if match and '@', set some_other_host = 0; + * if match and '!@', set some_other_host = 1; + */ + ++seen_host; + some_other_host[seen_host] = invert; + } + else + { + /* if no match and '@', set some_other_host = 1; + * if no match and '!@', set some_other_host = 0; + */ + ++seen_host; + some_other_host[seen_host] = (invert == 0) ? 1 : 0; + } + } + else + ++host_int; + } + + /* --- an %schedule directive ------------ */ + + else if (line[0] == '%' || (line[0] == '!' && line[1] == '%')) + { +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + if (line[0] == '!' && 0 == sl_strcmp(&(line[2]), _("SCHEDULE_TWO"))) + set_dirList(1); + else if (0 == sl_strcmp(&(line[1]), _("SCHEDULE_TWO"))) + set_dirList(2); +#else + ; +#endif + } + + /* --- an $system directive -------------- */ + + else if (line[0] == '$' || (line[0] == '!' && line[1] == '$')) + { + if (line[0] == '!') + { + lptr = &line[2]; + invert = 1; + } + else + { + lptr = &line[1]; + invert = 0; + } + + if (sl_strncmp (lptr, _("end"), 3) == 0) + { + if (0 == seen_system) + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALD, + _("config file"), + (long) conf_line); + + else if (sys_int == 0) + { + /* end of an $system directive + */ + some_other_system[seen_system] = 0; + --seen_system; + seen_system = (seen_system < 0) ? 0 : seen_system; + } + else + { + --sys_int; + sys_int = (sys_int < 0) ? 0 : sys_int; + } + } + else if (some_other_host[seen_host] == 0 && + some_other_system[seen_system] == 0 && + seen_system < 15) + { + if (sl_strncmp (lptr, myident, sl_strlen(myident)) == 0 +#ifdef HAVE_REGEX_H + || sh_util_regcmp (lptr, myident) == 0 +#endif + ) + { + ++seen_system; + some_other_system[seen_system] = invert; + } + else + { + ++seen_system; + some_other_system[seen_system] = (invert == 0) ? 1 : 0; + } + } + else + ++sys_int; + } + + /* ------ no new section -------------- */ + + + else if (some_other_host[seen_host] == 0 && + some_other_system[seen_system] == 0 && + read_mode != SH_SECTION_NONE) + { + if (0 != sh_readconfig_line (line)) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALCONF, + (long) conf_line); + } + } + + } + + nopel: + + if (0 != seen_host || 0 != seen_system) + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALDD, + _("config file"), + (long) conf_line); + +#if defined(WITH_GPG) || defined(WITH_PGP) + /* Validate signature of open file. + */ + sl_rewind (fd); + if (0 != sh_gpg_check_sign (fd, 0, 1)) + aud_exit (FIL__, __LINE__, EXIT_FAILURE); +#endif + + sl_close (fd); + + sh_error_fixup(); + + read_mode = SH_SECTION_NONE; /* reset b/o sighup reload */ + + SL_RETURN( 0, _("sh_readconf_read")); +} + +int sh_readconf_set_path (char * which, const char * what) +{ + int len; + SL_ENTER( _("sh_readconf_set_path")); + + if (which == NULL || what == NULL) + { + TPT((0, FIL__, __LINE__ , _("msg=\n"))); + SL_RETURN( -1, _("sh_readconf_set_path")); + } + + if (0 == sl_strcmp(what, _("AUTO"))) + { + len = sl_strlen(which); + if ( (len + sl_strlen(sh.host.name) + 2) > SH_PATHBUF) + { + TPT((0, FIL__, __LINE__ , _("msg=\n"), + which, sh.host.name)); + SL_RETURN( -1, _("sh_readconf_set_path")); + } + else + { + which[len] = ':'; which[len+1] = '\0'; + sl_strlcat(which, sh.host.name, SH_PATHBUF); + } + } + else /* not auto */ + { + if (sl_strlen(what) > (SH_PATHBUF-1)) + { + TPT((0, FIL__, __LINE__ , _("msg=\n"), what)); + SL_RETURN( -1, _("sh_readconf_set_path")); + } + else + { + sl_strlcpy(which, what, SH_PATHBUF); + } + } + SL_RETURN( 0, _("sh_readconf_set_path")); +} + +int sh_readconf_set_database_path (const char * what) +{ + return (sh_readconf_set_path(sh.data.path, what)); +} + +int sh_readconf_set_logfile_path (const char * what) +{ + return (sh_readconf_set_path(sh.srvlog.name, what)); +} + +int sh_readconf_set_lockfile_path (const char * what) +{ + return( sh_readconf_set_path(sh.srvlog.alt, what)); +} + + + + +typedef enum { + SET_MAILTIME, + SET_FILETIME +} ShTimerItem; + + +int sh_readconf_setTime (const char * str, ShTimerItem what) +{ + unsigned long i = atoi (str); + + SL_ENTER( _("sh_readconf_setTime")); + + if (i < LONG_MAX) + { + if (what == SET_MAILTIME) + { + TPT((0, FIL__, __LINE__, _("msg=\n"), i)); + sh.mailTime.alarm_interval = i; + } + else if (what == SET_FILETIME) + { + TPT((0, FIL__, __LINE__, _("msg=\n"),i)); + sh.fileCheck.alarm_interval = i; + } + + SL_RETURN( 0, _("sh_readconf_setTime")); + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALL, + _("set timer"), (long) i); + SL_RETURN( (-1), _("sh_readconf_setTime")); + } +} + +int sh_readconf_setMailtime (const char * c) +{ + return sh_readconf_setTime (c, SET_MAILTIME); +} + +int sh_readconf_setFiletime (const char * c) +{ + return sh_readconf_setTime (c, SET_FILETIME); +} + +int sh_readconf_set_nice (const char * c) +{ + long val; + + SL_ENTER(_("sh_readconf_set_nice")); + + val = strtol (c, (char **)NULL, 10); + if (val < -20 || val > 20) + { + SL_RETURN((-1), _("sh_readconf_set_nice")); + } + + val = (val < -19 ? -19 : val); + val = (val > 19 ? 19 : val); + + sh.flag.nice = val; + SL_RETURN((0), _("sh_readconf_set_nice")); +} + +#ifdef FANCY_LIBCAP +int sh_readconf_setCaps(const char * c) +{ + int i; + SL_ENTER(_("sh_readconf_setCaps")); + + i = sh_util_flagval(c, &sl_useCaps); + SL_RETURN((i), _("sh_readconf_setCaps")); +} +#endif + +typedef struct _cfg_options { + const char * optname; + ShSectionType section; + ShSectionType alt_section; + int (*func)(const char * opt); +} cfg_options; + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) +extern int sh_set_schedule_one(const char * str); +extern int sh_set_schedule_two(const char * str); +#endif +#if defined (SH_WITH_SERVER) +extern int sh_socket_use (const char * c); +extern int sh_socket_uid (const char * c); +extern int sh_socket_password (const char * c); +#endif + +cfg_options ext_table[] = { +#if defined(WITH_EXTERNAL) + { N_("opencommand"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_setcommand }, + { N_("closecommand"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_close_command }, + { N_("setcommandline"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_add_argv }, + { N_("setchecksum"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_checksum }, + { N_("setdefault"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_add_default }, + { N_("setenviron"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_add_environ }, + { N_("setdeadtime"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_deadtime }, + { N_("settype"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_type }, + { N_("setcredentials"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_priv }, + { N_("setfilternot"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_add_not }, + { N_("setfilterand"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_add_and }, + { N_("setfilteror"), SH_SECTION_EXTERNAL, SH_SECTION_NONE, + sh_ext_add_or }, + { N_("externalseverity"),SH_SECTION_LOG, SH_SECTION_EXTERNAL, + sh_error_set_external }, + { N_("externalclass"), SH_SECTION_LOG, SH_SECTION_EXTERNAL, + sh_error_external_mask }, +#endif + +#if defined(WITH_DATABASE) + { N_("usepersistent"), SH_SECTION_DATABASE, SH_SECTION_NONE, + sh_database_use_persistent }, + { N_("setdbname"), SH_SECTION_DATABASE, SH_SECTION_NONE, + sh_database_set_database }, + { N_("setdbtable"), SH_SECTION_DATABASE, SH_SECTION_NONE, + sh_database_set_table }, + { N_("setdbhost"), SH_SECTION_DATABASE, SH_SECTION_NONE, + sh_database_set_host }, + { N_("setdbuser"), SH_SECTION_DATABASE, SH_SECTION_NONE, + sh_database_set_user }, + { N_("setdbpassword"), SH_SECTION_DATABASE, SH_SECTION_NONE, + sh_database_set_password }, + { N_("addtodbhash"), SH_SECTION_DATABASE, SH_SECTION_NONE, + sh_database_add_to_hash }, + { N_("databaseseverity"),SH_SECTION_LOG, SH_SECTION_DATABASE, + sh_error_set_database }, + { N_("databaseclass"), SH_SECTION_LOG, SH_SECTION_DATABASE, + sh_error_database_mask }, + { N_("setdbservertstamp"), SH_SECTION_DATABASE, SH_SECTION_NONE, + set_enter_wrapper }, +#endif + + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + { N_("dir"), SH_SECTION_ATTRIBUTES, SH_SECTION_NONE, + sh_files_pushdir_attr }, + { N_("file"), SH_SECTION_ATTRIBUTES, SH_SECTION_NONE, + sh_files_pushfile_attr }, + { N_("dir"), SH_SECTION_READONLY, SH_SECTION_NONE, + sh_files_pushdir_ro }, + { N_("file"), SH_SECTION_READONLY, SH_SECTION_NONE, + sh_files_pushfile_ro }, + { N_("dir"), SH_SECTION_LOGFILES, SH_SECTION_NONE, + sh_files_pushdir_log }, + { N_("file"), SH_SECTION_LOGFILES, SH_SECTION_NONE, + sh_files_pushfile_log }, + { N_("dir"), SH_SECTION_LOGGROW, SH_SECTION_NONE, + sh_files_pushdir_glog }, + { N_("file"), SH_SECTION_LOGGROW, SH_SECTION_NONE, + sh_files_pushfile_glog }, + { N_("dir"), SH_SECTION_NOIGNORE, SH_SECTION_NONE, + sh_files_pushdir_noig }, + { N_("file"), SH_SECTION_NOIGNORE, SH_SECTION_NONE, + sh_files_pushfile_noig }, + { N_("dir"), SH_SECTION_ALLIGNORE, SH_SECTION_NONE, + sh_files_pushdir_allig }, + { N_("file"), SH_SECTION_ALLIGNORE, SH_SECTION_NONE, + sh_files_pushfile_allig }, + + { N_("dir"), SH_SECTION_USER0, SH_SECTION_NONE, + sh_files_pushdir_user0 }, + { N_("file"), SH_SECTION_USER0, SH_SECTION_NONE, + sh_files_pushfile_user0 }, + { N_("dir"), SH_SECTION_USER1, SH_SECTION_NONE, + sh_files_pushdir_user1 }, + { N_("file"), SH_SECTION_USER1, SH_SECTION_NONE, + sh_files_pushfile_user1 }, + { N_("dir"), SH_SECTION_USER2, SH_SECTION_NONE, + sh_files_pushdir_user2 }, + { N_("file"), SH_SECTION_USER2, SH_SECTION_NONE, + sh_files_pushfile_user2 }, + { N_("dir"), SH_SECTION_USER3, SH_SECTION_NONE, + sh_files_pushdir_user3 }, + { N_("file"), SH_SECTION_USER3, SH_SECTION_NONE, + sh_files_pushfile_user3 }, + { N_("dir"), SH_SECTION_USER4, SH_SECTION_NONE, + sh_files_pushdir_user4 }, + { N_("file"), SH_SECTION_USER4, SH_SECTION_NONE, + sh_files_pushfile_user4 }, + { N_("dir"), SH_SECTION_PRELINK, SH_SECTION_NONE, + sh_files_pushdir_prelink }, + { N_("file"), SH_SECTION_PRELINK, SH_SECTION_NONE, + sh_files_pushfile_prelink }, + + { N_("ignoreadded"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_ignore_add_new }, + { N_("ignoremissing"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_ignore_add_del }, + + { N_("filecheckscheduleone"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_set_schedule_one }, + { N_("filecheckscheduletwo"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_set_schedule_two }, + + { N_("usehardlinkcheck"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_check_hardlinks }, + { N_("hardlinkoffset"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_hle_reg }, +#if defined(USE_XATTR) + { N_("useselinuxcheck"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_unix_setcheckselinux }, +#endif +#if defined(USE_ACL) + { N_("useaclcheck"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_unix_setcheckacl }, +#endif + { N_("addokchars"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_util_obscure_ok }, + { N_("filenamesareutf8"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_util_obscure_utf8 }, + { N_("setrecursionlevel"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_setrecursion }, + { N_("checksumtest"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_util_setchecksum }, + { N_("reportonlyonce"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_reportonce }, + { N_("reportfulldetail"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_fulldetail }, + { N_("uselocaltime"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_unix_uselocaltime }, + + { N_("setnicelevel"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_readconf_set_nice }, + +#if defined(FANCY_LIBCAP) + { N_("usecaps"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_readconf_setCaps }, +#endif + + { N_("setiolimit"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_unix_set_io_limit }, + + { N_("versionstring"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_hash_version_string }, + + { N_("digestalgo"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_tiger_hashtype }, + + { N_("redefreadonly"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_readonly }, + + { N_("redeflogfiles"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_logfiles }, + + { N_("redefgrowinglogfiles"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_loggrow }, + + { N_("redefattributes"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_attributes }, + + { N_("redefignorenone"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_noignore }, + + { N_("redefignoreall"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_allignore }, + + { N_("redefuser0"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_user0 }, + + { N_("redefuser1"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_user1 }, + + { N_("redefuser2"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_user2 }, + + { N_("redefuser3"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_user3 }, + + { N_("redefuser4"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_user4 }, + + { N_("redefprelink"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_files_redef_prelink }, + + + { N_("setprelinkpath"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_prelink_set_path }, + { N_("setprelinkchecksum"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_prelink_set_hash }, + + /* client or standalone + */ +#endif + +#ifdef SH_WITH_SERVER +#ifdef INET_SYSLOG + { N_("setudpactive"), SH_SECTION_SRV, SH_SECTION_MISC, + set_syslog_active }, +#endif + { N_("setusesocket"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_socket_use }, + { N_("setsocketallowuid"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_socket_uid }, + { N_("setsocketpassword"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_socket_password }, + { N_("setstripdomain"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_forward_set_strip }, + { N_("useseparatelogs"), SH_SECTION_SRV, SH_SECTION_MISC, + set_flag_sep_log }, + { N_("setchrootdir"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_unix_set_chroot }, + { N_("setclienttimelimit"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_forward_set_time_limit }, + { N_("useclientseverity"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_forward_use_clt_sev }, + { N_("useclientclass"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_forward_use_clt_class }, + { N_("severitylookup"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_forward_lookup_level }, + { N_("setclientfromaccept"), SH_SECTION_SRV, SH_SECTION_MISC, + set_socket_peer }, + { N_("setserverport"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_forward_set_port }, + { N_("setserverinterface"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_forward_set_interface }, + { N_("client"), SH_SECTION_CLIENTS, SH_SECTION_NONE, + sh_forward_register_client }, +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) + { N_("exportseverity"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_setexport }, + { N_("exportclass"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_export_mask }, +#if defined(SH_WITH_SERVER) + { N_("setlogserver"), SH_SECTION_SRV, SH_SECTION_MISC, + sh_forward_setlogserver }, +#else + { N_("setlogserver"), SH_SECTION_CLT, SH_SECTION_MISC, + sh_forward_setlogserver }, +#endif +#endif + { N_("setfilechecktime"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_readconf_setFiletime }, + { N_("setlooptime"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_util_setlooptime }, + +#ifdef SH_WITH_MAIL + { N_("mailseverity"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_setseverity }, + { N_("mailclass"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_mail_mask }, + { N_("setmailtime"), SH_SECTION_MAIL, SH_SECTION_MISC, + sh_readconf_setMailtime }, + { N_("setmailnum"), SH_SECTION_MAIL, SH_SECTION_MISC, + sh_mail_setNum }, + { N_("setmailaddress"), SH_SECTION_MAIL, SH_SECTION_MISC, + sh_mail_setaddress }, + { N_("setmailrelay"), SH_SECTION_MAIL, SH_SECTION_MISC, + sh_mail_set_relay }, + { N_("mailsingle"), SH_SECTION_MAIL, SH_SECTION_MISC, + sh_mail_setFlag }, + { N_("mailsubject"), SH_SECTION_MAIL, SH_SECTION_MISC, + set_mail_subject }, + { N_("setmailsender"), SH_SECTION_MAIL, SH_SECTION_MISC, + sh_mail_set_sender }, + { N_("setmailfilternot"), SH_SECTION_MAIL, SH_SECTION_MISC, + sh_mail_add_not }, + { N_("setmailfilterand"), SH_SECTION_MAIL, SH_SECTION_MISC, + sh_mail_add_and }, + { N_("setmailfilteror"), SH_SECTION_MAIL, SH_SECTION_MISC, + sh_mail_add_or }, +#endif + { N_("setbindaddress"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_calls_set_bind_addr }, + { N_("daemon"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_unix_setdeamon }, + { N_("samhainpath"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_unix_self_hash }, + { N_("trusteduser"), SH_SECTION_MISC, SH_SECTION_NONE, + tf_add_trusted_user }, + { N_("settimeserver"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_unix_settimeserver }, + + { N_("printseverity"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_setprint }, + { N_("printclass"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_print_mask }, + + { N_("logseverity"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_setlog }, + { N_("logclass"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_log_mask }, + + { N_("syslogseverity"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_set_syslog }, + { N_("syslogclass"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_syslog_mask }, +#ifdef HAVE_LIBPRELUDE + { N_("preludeseverity"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_set_prelude }, + { N_("preludeclass"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_error_prelude_mask }, + { N_("preludeprofile"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_prelude_set_profile }, + { N_("preludemaptoinfo"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_prelude_map_info }, + { N_("preludemaptolow"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_prelude_map_low }, + { N_("preludemaptomedium"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_prelude_map_medium }, + { N_("preludemaptohigh"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_prelude_map_high }, +#endif + + { N_("logcalls"), SH_SECTION_LOG, SH_SECTION_NONE, + sh_aud_set_functions }, + + { N_("messageheader"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_error_ehead }, + + { N_("setconsole"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_log_set_console }, + +#ifdef WITH_MESSAGE_QUEUE + { N_("messagequeueactive"),SH_SECTION_MISC, SH_SECTION_NONE, + enable_msgq }, +#endif + + { N_("setreverselookup"), SH_SECTION_MISC, SH_SECTION_NONE, + set_reverse_lookup }, + + { N_("setdatabasepath"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_readconf_set_database_path }, + + { N_("setlogfilepath"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_readconf_set_logfile_path }, + + { N_("setlockfilepath"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_readconf_set_lockfile_path }, + + { N_("hidesetup"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_util_hidesetup }, + + { N_("syslogfacility"), SH_SECTION_LOG, SH_SECTION_MISC, + sh_log_set_facility }, + + { N_("mactype"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_util_sigtype }, + + { NULL, 0, 0, NULL} +}; + + + + +static int sh_readconfig_line (char * line) +{ + char * key; + const char * value; + char * tmp; + int i; + int good_opt = -1; + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + int modnum, modkey; +#endif + + static const char *dummy = N_("dummy"); + + static const char *closing[] = { + N_("closecommand"), + N_("logmonendgroup"), + N_("logmonendhost"), + NULL + }; + + static const char *ident[] = { + N_("severityreadonly"), + N_("severitylogfiles"), + N_("severitygrowinglogs"), + N_("severityignorenone"), + N_("severityignoreall"), + N_("severityattributes"), + N_("severitydirs"), + N_("severityfiles"), + N_("severitynames"), + N_("severityuser0"), + N_("severityuser1"), + N_("severityuser2"), + N_("severityuser3"), + N_("severityuser4"), + N_("severityprelink"), + NULL + }; + + static int identnum[] = { + SH_ERR_T_RO, + SH_ERR_T_LOGS, + SH_ERR_T_GLOG, + SH_ERR_T_NOIG, + SH_ERR_T_ALLIG, + SH_ERR_T_ATTR, + SH_ERR_T_DIR, + SH_ERR_T_FILE, + SH_ERR_T_NAME, + SH_ERR_T_USER0, + SH_ERR_T_USER1, + SH_ERR_T_USER2, + SH_ERR_T_USER3, + SH_ERR_T_USER4, + SH_ERR_T_PRELINK, + }; + + SL_ENTER(_("sh_readconf_line")); + + /* convert to lowercase */ + + tmp = line; + while (*tmp != '=' && *tmp != '\0') + { + *tmp = tolower( (int) *tmp); + ++tmp; + } + + key = line; + + /* interpret line */ + + value = strchr(line, '='); + + if (value == NULL || (*value) == '\0') + { + if (key != NULL) + { + i = 0; + while (closing[i] != NULL) + { + if (sl_strncmp(key,_(closing[i]),sl_strlen(closing[i])-1) == 0) + { + value = dummy; + goto ok_novalue; + } + ++i; + } + + TPT(( 0, FIL__, __LINE__, _("msg=\n"), + line)); + } + SL_RETURN(good_opt, _("sh_readconf_line")); + } + else + ++value; + + /* skip leading whitespace + */ + while ((*value) == ' ' || (*value) == '\t') + ++value; + + if ((*value) == '\0') /* no value */ + { + if (key != NULL) + { + TPT(( 0, FIL__, __LINE__, _("msg=\n"), + line)); + } + SL_RETURN(good_opt, _("sh_readconf_line")); + } + + ok_novalue: + + if (!sl_is_suid()) + { + TPT(( 0, FIL__, __LINE__, _("msg=\n"), line)); + } + + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + if (read_mode == SH_SECTION_OTHER) + { + for (modnum = 0; modList[modnum].name != NULL; ++modnum) + { + for (modkey = 0; modList[modnum].conf_table[modkey].the_opt != NULL; + ++modkey) + { + if (sl_strncmp (key, + _(modList[modnum].conf_table[modkey].the_opt), + sl_strlen(modList[modnum].conf_table[modkey].the_opt) ) == 0) + { + good_opt = 0; + if (0 != modList[modnum].conf_table[modkey].func(value)) + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALS, + _(modList[modnum].conf_table[modkey].the_opt), value); + if (!sl_is_suid()) + { + TPT(( 0, FIL__, __LINE__, + _("msg=\n"), line, + _(modList[modnum].conf_table[modkey].the_opt))); + } + goto outburst; + } + } + } + } + outburst: +#endif + + + if (read_mode == SH_SECTION_THRESHOLD) + { + i = 0; + while (ident[i] != NULL) { + if (sl_strncmp (key, _(ident[i]), sl_strlen(ident[i])-1) == 0) + { + good_opt = 0; + sh_error_set_iv (identnum[i], value); + break; + } + ++i; + } + } + else + { + i = 0; + while (ext_table[i].optname != NULL) + { + if ((ext_table[i].section == read_mode || + ext_table[i].alt_section == read_mode) && + sl_strncmp (key, _(ext_table[i].optname), + sl_strlen(ext_table[i].optname)) == 0) + { + good_opt = 0; + if (0 != ext_table[i].func (value)) + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALS, + _(ext_table[i].optname), value); + break; + } + ++i; + } + } + + SL_RETURN(good_opt, _("sh_readconf_line")); +} + + Index: /tags/2.5.0/src/sh_schedule.c =================================================================== --- /tags/2.5.0/src/sh_schedule.c (revision 189) +++ /tags/2.5.0/src/sh_schedule.c (revision 189) @@ -0,0 +1,445 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 2002 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +#include +#include +#include +#include + +#include +#include +#include + +/* + gcc -Wall -O2 -o mysched sh_schedule.c -DTESTONLY + */ +#ifndef TESTONLY + + +#undef FIL__ +#define FIL__ _("sh_schedule.c") + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) +#define SCHEDULER_YES +#endif + +#if TIME_WITH_SYS_TIME +#include +#include +#else +#if HAVE_SYS_TIME_H +#include +#else +#include +#endif +#endif + +#include "samhain.h" +#include "sh_mem.h" + +/* TESTONLY */ +#else + +#define SCHEDULER_YES +#include + +#endif + +#include "sh_schedule.h" + + + +#ifdef SCHEDULER_YES + +/************************************************ + * + * Scheduler class - private area + * + ************************************************/ + + +static const int sh_schedule_max[5] = { 59, 23, 31, 12, 7 }; +static const int sh_schedule_min[5] = { 0, 0, 0, 0, 0 }; + +static +int test_val (int i, int min, int max, int min_step, + time_t * last, time_t now, int nval, int first_flag) +{ + /* don't miss a minute's task + * IDEA: set last = now after first check (? seems to work) + */ + if (i == 0 && max == min && nval > max + /* && ( ((now - *last) > min_step) || (*last == (time_t)-1) ) */ ) + { + if (*last == (time_t)-1) + { + /* fake execution at nval-max + */ + *last = now - 60 * (nval-max); + return 0; + } + if ((int)(now - *last) > min_step) + return 1; + } + + /* out of range + */ + if (nval > max || nval < min) + return 0; + + /* first call - invalid last_exec + + if (*last == (time_t)-1) + return 1; + */ + + if (first_flag == 0) + return 1; + + + /* before min_step - too early (e.g. same minute) + */ + if ((int)(now - *last) <= min_step) + return 0; + + return 1; +} + +static +int test_sched_int (sh_schedule_t * isched) +{ + time_t now; + struct tm * tval; + int count, i, nval; +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) + struct tm time_tm; +#endif + + if (!isched) + return 0; + + now = time(NULL); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) + tval = localtime_r(&now, &time_tm); +#else + tval = localtime(&now); +#endif + count = 0; + for (i = 0; i < 5; ++i) + { + if (i == 0) nval = tval->tm_min; + else if (i == 1) nval = tval->tm_hour; + else if (i == 2) nval = tval->tm_mday; + else if (i == 3) nval = tval->tm_mon; + else nval = tval->tm_wday; + count += test_val (i, isched->min[i], isched->max[i], + isched->min_step, &(isched->last_exec), + now, nval, isched->first); + } + + if (count == 5) + { + isched->first = 1; + isched->last_exec = now; + return 1; + } + + return 0; +} + +/* test a linked list of schedules + */ +int test_sched (sh_schedule_t * isched) +{ + sh_schedule_t * intern = isched; + int retval = 0; + + while (intern != NULL) + { + if (test_sched_int(intern) == 1) + retval = 1; + intern = intern->next; + } + return retval; +} + +static +char DayNames[7][4] = { "sun", "mon", "tue", "wed", "thu", "fri", "sat" }; +static +char MonNames[12][4] = { "jan", "feb", "mar", "apr", "may", "jun", + "jul", "aug", "sep", "oct", "nov", "dec" }; + +static +int parse_func (int i, char * p) +{ + int j, k, l; + char *tail; + + errno = 0; + j = (int) strtol(p, &tail, 10); + + if (errno != 0) /* overflow */ + return -1; + if (j < 0) + return -1; + if (tail != p) /* numeric */ + return j; + if (i < 3) /* names not allowed */ + return -1; + + if (i == 3) + { + for (j = 0; j < 12; ++j) { + l = 0; + /*@+charint@*//* Incompatible types for == (char, char): ??? */ + for (k = 0; k < 3; ++k) + if (p[k] != '\0' && tolower(p[k]) == MonNames[j][k]) ++l; + /*@-charint@*/ + if (l == 3) + return j; + } + } + if (i == 4) + { + for (j = 0; j < 7; ++j) { + l = 0; + /*@+charint@*//* Incompatible types for == (char, char): ??? */ + for (k = 0; k < 3; ++k) + if (p[k] != '\0' && tolower(p[k]) == DayNames[j][k]) ++l; + /*@-charint@*/ + if (l == 3) + return j; + } + } + + return -1; +} + +static +int parse_token(int i, sh_schedule_t * isched, char * p) +{ + char * q; + + if ( NULL != (q = strchr(p, ','))) + return -1; + + if (*p == '*') + { + isched->min[i] = sh_schedule_min[i]; + isched->max[i] = sh_schedule_max[i]; + } + else + { + isched->min[i] = parse_func(i, p); + if (i == 4 && isched->min[i] == 7) + isched->min[i] = 0; + if (isched->min[i] < sh_schedule_min[i] || + isched->min[i] > sh_schedule_max[i]) + { + return -1; + } + if ( NULL != (q = strchr(p, '-'))) + { + ++q; + isched->max[i] = parse_func(i, q); + if (i == 4 && isched->max[i] == 7) + isched->max[i] = 0; + if (isched->max[i] < sh_schedule_min[i] || + isched->max[i] > sh_schedule_max[i] || + isched->max[i] < isched->min[i]) + { + return -1; + } + } + else + isched->max[i] = isched->min[i]; + } + + if ( NULL != (q = strchr(p, '/'))) + { + ++q; + isched->step[i] = atoi(q); + if (isched->step[i] < 1 || isched->step[i] > sh_schedule_max[i]) + { + return -1; + } + if (i == 4 && isched->step[i] == 7) + isched->step[i] = 6; + } + else + { + isched->step[i] = 1; + } + + switch (i) + { + case 0: + if (isched->max[i] == isched->min[i]) + isched->min_step = 3599; + else + isched->min_step = (isched->step[i] * 60) - 1; + break; + case 1: + if (isched->max[i] == isched->min[i]) + { + /* fix for daylight saving time: subtract 3600 sec + */ + if (isched->min_step == 3599) + isched->min_step = 86399 - 3600; + } + else + { + if (isched->min_step == 3599) + isched->min_step = (isched->step[i] * 3600) - 1; + } + break; + default: + break; + } + + return 0; +} + +static +int parse_sched (const char * ssched, sh_schedule_t * isched) +{ + char * p; + char * copy; + int i = 0; + size_t len; +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) + char * saveptr; +#endif + + if (!ssched || !isched) + return -1; + + len = strlen(ssched)+1; +#ifdef TESTONLY + copy = malloc(len); /* testonly code */ +#else + copy = SH_ALLOC(len); +#endif + sl_strlcpy(copy, ssched, len); + +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) + p = strtok_r(copy, " \t", &saveptr); /* parse crontab-style schedule */ +#else + p = strtok(copy, " \t"); /* parse crontab-style schedule */ +#endif + + if (!p) + goto err; + if (parse_token(i, isched, p) == -1) + goto err; + + for (i = 1; i < 5; ++i) + { +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) + p = strtok_r(NULL, " \t", &saveptr); /* parse crontab-style schedule */ +#else + p = strtok(NULL, " \t"); /* parse crontab-style schedule */ +#endif + if (!p) + goto err; + if (parse_token(i, isched, p) == -1) + goto err; + } + + isched->last_exec = (time_t)-1; + isched->first = 0; + isched->next = NULL; + +#ifdef TESTONLY + free(copy); +#else + SH_FREE(copy); +#endif + return 0; + + err: +#ifdef TESTONLY + free(copy); +#else + SH_FREE(copy); +#endif + return -1; +} + +int create_sched (const char * ssched, sh_schedule_t * isched) +{ + int j; + + if (!isched || !ssched) + return -1; + + j = parse_sched(ssched, isched); + +#ifdef TESTONLY + if (j == 0) + { + int i; + for (i = 0; i < 5; ++i) + printf("%2d MIN %3d MAX %3d STEP %3d\n", + i, isched->max[i], isched->min[i], isched->step[i]); + printf("MINSTEP %7d\n", isched->min_step); + printf("LASTEXEC %7ld\n", (long) isched->last_exec); + } +#endif + + return j; +} + +/* #ifdef SCHEDULER_YES */ +#endif + +/************************************************** + * + * Schedule class - Test driver + * + **************************************************/ +#ifdef TESTONLY + +int main(int argc, char * argv[]) +{ + sh_schedule_t isched; + + if (argc < 2) + { + fprintf(stderr, "Usage: %s 'schedule'\n", argv[0]); + exit (1); + } + + if (create_sched(argv[1], &isched) < 0) + { + fprintf(stderr, "Bad schedule <%s>\n", argv[1]); + exit (1); + } + + while (1 == 1) + { + if (test_sched(&isched)) + printf("EXECUTE at: %s", ctime(&(isched.last_exec))); /* TESTONLY */ + sleep (1); /* TESTONLY */ + } + return 0; +} +#endif Index: /tags/2.5.0/src/sh_socket.c =================================================================== --- /tags/2.5.0/src/sh_socket.c (revision 189) +++ /tags/2.5.0/src/sh_socket.c (revision 189) @@ -0,0 +1,1068 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 2003,2005 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +/* define if you want debug info + * #define SH_DEBUG_SOCKET + */ +#if defined(SH_WITH_SERVER) && defined(__linux__) +#define _GNU_SOURCE +#endif + +#include +#include +#include +#include + +#include "samhain.h" +#include "sh_socket.h" +#include "sh_error.h" +#include "sh_unix.h" +#include "sh_calls.h" + +#undef FIL__ +#define FIL__ _("sh_socket.c") + +#if defined (SH_WITH_CLIENT) + +#include + +void sh_socket_server_cmd(const char * srvcmd) +{ + SL_ENTER(_("sh_tools_server_cmd")); + + if ((srvcmd == NULL) || (srvcmd[0] == '\0') || (sl_strlen(srvcmd) < 4)) + { + SL_RET0(_("sh_socket_server_cmd")); + } + if ((srvcmd[0] == 'S') || (srvcmd[1] == 'T') || + (srvcmd[2] == 'O') || (srvcmd[3] == 'P')) + { + TPT((0, FIL__, __LINE__, _("msg=\n"))); +#ifdef SIGQUIT + raise(SIGQUIT); +#else + TPT((0, FIL__, __LINE__, _("msg=\n"))); +#endif + } + else if ((srvcmd[0] == 'R') || (srvcmd[1] == 'E') || + (srvcmd[2] == 'L') || (srvcmd[3] == 'O') || + (srvcmd[4] == 'A') || (srvcmd[5] == 'D')) + { + TPT((0, FIL__, __LINE__, _("msg=\n"))); +#ifdef SIGHUP + raise(SIGHUP); +#else + TPT((0, FIL__, __LINE__, _("msg=\n"))); +#endif + } + else + { + sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN, + srvcmd, + _("sh_socket_server_cmd")); + } + SL_RET0(_("sh_socket_server_cmd")); +} +/* #if defined (SH_WITH_CLIENT) + */ +#endif + +#if defined(SH_WITH_SERVER) +#include + +#include +#include + +#include +#include + +#include + +#include +#include + + +#ifdef HAVE_SYS_UIO_H +#include +#endif +#if !defined(HAVE_GETPEEREID) && !defined(SO_PEERCRED) +#if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED) +#include +#include +#endif +#endif + + +int pf_unix_fd = -1; +static char * sh_sockname = NULL; +static char sh_sockpass_real[SOCKPASS_MAX+1]; + +struct socket_cmd { + char cmd[SH_MAXMSGLEN]; + char clt[SH_MAXMSGLEN]; + char cti[81]; + struct socket_cmd * next; +}; + +#if !defined(O_NONBLOCK) +#if defined(O_NDELAY) +#define O_NONBLOCK O_NDELAY +#else +#define O_NONBLOCK 0 +#endif +#endif + +#if !defined(AF_FILE) +#define AF_FILE AF_UNIX +#endif + +static struct socket_cmd * cmdlist = NULL; +static struct socket_cmd * runlist = NULL; + +static int sh_socket_flaguse = S_FALSE; +static int sh_socket_flaguid = 0; + +#include "sh_utils.h" + + +struct reload_cmd { + char clt[SH_MAXMSGLEN]; + time_t cti; + struct reload_cmd * next; +}; +static struct reload_cmd * reloadlist = NULL; + +void sh_socket_add2reload (const char * clt) +{ + struct reload_cmd * new = reloadlist; + + while (new) + { + if (0 == sl_strcmp(new->clt, clt)) + { + sl_strlcpy (new->clt, clt, SH_MAXMSGLEN); + new->cti = time(NULL); + return; + } + new = new->next; + } + + new = SH_ALLOC(sizeof(struct reload_cmd)); + sl_strlcpy (new->clt, clt, SH_MAXMSGLEN); + new->cti = time(NULL); + + new->next = reloadlist; + reloadlist = new; + + return; +} + +#include "zAVLTree.h" +#include "sh_html.h" +#include "sh_tools.h" +static void sh_socket_add2list (struct socket_cmd * in); + +static void sh_socket_probe4reload (void) +{ + struct reload_cmd * new; + struct socket_cmd cmd; + + zAVLCursor avlcursor; + client_t * item; + extern zAVLTree * all_clients; + + char * file; + unsigned long dummy; + struct stat buf; + + for (item = (client_t *) zAVLFirst(&avlcursor, all_clients); item; + item = (client_t *) zAVLNext(&avlcursor)) + { + if (item->status_now != CLT_INACTIVE) + { + file = get_client_conf_file (item->hostname, &dummy); + + if (0 == stat (file, &buf)) + { + new = reloadlist; + while (new) + { + if (0 == sl_strcmp(new->clt, item->hostname)) + { + if (buf.st_mtime > new->cti) + { + /* reload */ + sl_strlcpy(cmd.cmd, _("RELOAD"), SH_MAXMSGLEN); + sl_strlcpy(cmd.clt, item->hostname, SH_MAXMSGLEN); + sh_socket_add2list (&cmd); + } + break; + } + new = new->next; + } + } + } + } + return; +} + +char * sh_get_sockpass (void) +{ + size_t j = 0; + + while (skey->sh_sockpass[2*j] != '\0' && j < sizeof(sh_sockpass_real)) + { + sh_sockpass_real[j] = skey->sh_sockpass[2*j]; + ++j; + } + sh_sockpass_real[j] = '\0'; + + return sh_sockpass_real; +} + +void sh_set_sockpass (void) +{ + int j; + for (j = 0; j < 15; ++j) + { + sh_sockpass_real[j] = '\0'; + } +} + +int sh_socket_use (const char * c) +{ + return sh_util_flagval(c, &sh_socket_flaguse); +} + +int sh_socket_remove () +{ + int retval = 0; +#ifdef S_ISSOCK + struct stat sbuf; +#endif + + SL_ENTER(_("sh_socket_remove")); + + if (NULL == sh_sockname) + { + SL_RETURN((retval),_("sh_socket_remove")); + } + + if (0 != tf_trust_check (DEFAULT_PIDDIR, SL_YESPRIV)) + { + SL_RETURN((-1),_("sh_socket_remove")); + } + + if ( (retry_lstat(FIL__, __LINE__, sh_sockname, &sbuf) == 0) && + (sbuf.st_uid == getuid())) + { +#ifdef S_ISSOCK + if (S_ISSOCK (sbuf.st_mode)) + { + retval = retry_aud_unlink (FIL__, __LINE__, sh_sockname); + } +#else + retval = retry_aud_unlink (FIL__, __LINE__, sh_sockname); +#endif + } + SL_RETURN((retval),_("sh_socket_remove")); +} + +#if !defined(HAVE_GETPEEREID) && !defined(SO_PEERCRED) && !defined(HAVE_STRUCT_CMSGCRED) && !defined(HAVE_STRUCT_FCRED) && !(defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)) + +#define NEED_PASSWORD_AUTH + +#endif + +int sh_socket_uid (const char * c) +{ + uid_t val = (uid_t) strtol (c, (char **)NULL, 10); + sh_socket_flaguid = val; +#if defined(NEED_PASSWORD_AUTH) + sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, errno, MSG_E_SUBGEN, + _("Config option SetSocketAllowUID not supported, use SetSocketPassword"), + _("sh_socket_uid")); +#endif + return 0; +} + +int sh_socket_password (const char * c) +{ +#if defined(NEED_PASSWORD_AUTH) + int j, i; + +#define LCG(n) ((69069 * n) & 0xffffffffUL) + + i = sl_strlen(c); + if (i > SOCKPASS_MAX) { + return -1; + } + for (j = 0; j < (2*SOCKPASS_MAX+1); ++j) + { + skey->sh_sockpass[j] = '\0'; + } + for (j = 0; j < i; ++j) + { + skey->sh_sockpass[2*j] = c[j]; + skey->sh_sockpass[(2*j)+1] = (LCG(c[j]) % 256); + } + return 0; +#else + sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, errno, MSG_E_SUBGEN, + _("Config option SetSocketPassword not supported, use SetSocketAllowUID"), + _("sh_socket_password")); + (void) c; + return 0; +#endif +} + + +int sh_socket_open_int () +{ + struct sockaddr_un name; + size_t size; + int flags; +#if defined(SO_PASSCRED) + socklen_t optval = 1; +#endif + struct stat buf; + char errbuf[SH_ERRBUF_SIZE]; + + SL_ENTER(_("sh_socket_open_int")); + + if (sh_socket_flaguse == S_FALSE) + { + SL_RETURN(0, _("sh_socket_open_int")); + } + + if (sh_sockname == NULL) + { + size = sl_strlen(DEFAULT_PIDDIR) + 1 + sl_strlen(SH_INSTALL_NAME) + 6; + sh_sockname = SH_ALLOC(size); /* compile-time constant */ + sl_strlcpy(sh_sockname, DEFAULT_PIDDIR, size); + sl_strlcat(sh_sockname, "/", size); + sl_strlcat(sh_sockname, SH_INSTALL_NAME, size); + sl_strlcat(sh_sockname, _(".sock"), size); + } + + pf_unix_fd = socket (PF_UNIX, SOCK_STREAM, 0); + if ((pf_unix_fd) < 0) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno, errbuf, sizeof(errbuf)), + _("sh_socket_open_int: socket")); + SL_RETURN( (-1), _("sh_socket_open_int")); + } + + if (sizeof(name.sun_path) < (1 + sl_strlen(sh_sockname))) + { + close(pf_unix_fd); pf_unix_fd = -1; + sh_error_handle ((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("PID dir path too long"), + _("sh_socket_open_int")); + SL_RETURN( (-1), _("sh_socket_open_int")); + } + + name.sun_family = AF_FILE; + sl_strlcpy (name.sun_path, sh_sockname, sizeof(name.sun_path)); + + size = (offsetof (struct sockaddr_un, sun_path) + + strlen (name.sun_path) + 1); + + flags = retry_lstat (FIL__, __LINE__, sh_sockname, &buf); + + if (flags == 0) + { + sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("Socket exists, trying to unlink it"), + _("sh_socket_open_int")); + if (sh_socket_remove() < 0) + { + close(pf_unix_fd); pf_unix_fd = -1; + sh_error_handle ((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("Unlink of socket failed, maybe path not trusted"), + _("sh_socket_open_int")); + SL_RETURN( (-1), _("sh_socket_open_int")); + } + } + + if (bind ((pf_unix_fd), (struct sockaddr *) &name, size) < 0) + { + close(pf_unix_fd); pf_unix_fd = -1; + sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno, errbuf, sizeof(errbuf)), + _("sh_socket_open_int: bind")); + SL_RETURN( (-1), _("sh_socket_open_int")); + } + +#ifdef SO_PASSCRED + if (0 != setsockopt(pf_unix_fd, SOL_SOCKET, SO_PASSCRED, + &optval, sizeof(optval))) + { + close(pf_unix_fd); pf_unix_fd = -1; + sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno, errbuf, sizeof(errbuf)), + _("sh_socket_open_int: setsockopt")); + SL_RETURN( (-1), _("sh_socket_open_int")); + } +#endif + + flags = fcntl((pf_unix_fd), F_GETFL); + if (flags < 0) + { + close(pf_unix_fd); pf_unix_fd = -1; + sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno, errbuf, sizeof(errbuf)), + _("sh_socket_open_int: fcntl1")); + SL_RETURN( (-1), _("sh_socket_open_int")); + } + + flags = fcntl((pf_unix_fd), F_SETFL, flags|O_NONBLOCK); + if (flags < 0) + { + close(pf_unix_fd); pf_unix_fd = -1; + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno, errbuf, sizeof(errbuf)), + _("sh_socket_open_int: fcntl2")); + SL_RETURN( (-1), _("sh_socket_open_int")); + } + + if (0 != listen(pf_unix_fd, 5)) + { + close(pf_unix_fd); pf_unix_fd = -1; + sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno, errbuf, sizeof(errbuf)), + _("sh_socket_open_int: listen")); + SL_RETURN( (-1), _("sh_socket_open_int")); + } + SL_RETURN( (0), _("sh_socket_open_int")); +} +/* #if !defined(HAVE_CMSGCRED) || !defined(SO_PEERCRED) */ +/* #endif */ + +/* +#if !defined(HAVE_GETPEEREID) && !defined(SO_PEERCRED) && !defined(HAVE_STRUCT_CMSGCRED) && !defined(HAVE_STRUCT_FCRED) && !(defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)) +static +int sh_socket_read (struct socket_cmd * srvcmd) +{ + srvcmd->cmd[0] = '\0'; + srvcmd->clt[0] = '\0'; + return 0; +} +#else +*/ + +/* + * Parts of the socket authentication code is copied from PostgreSQL: + * + * PostgreSQL Database Management System + * (formerly known as Postgres, then as Postgres95) + * + * Portions Copyright (c) 1996-2001, The PostgreSQL Global Development Group + * + * Portions Copyright (c) 1994, The Regents of the University of California + * + * Permission to use, copy, modify, and distribute this software and its + * documentation for any purpose, without fee, and without a written agreement + * is hereby granted, provided that the above copyright notice and this + * paragraph and the following two paragraphs appear in all copies. + * + * IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR + * DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING + * LOST PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS + * DOCUMENTATION, EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS + * ON AN "AS IS" BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATIONS TO + * PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. + */ +static +int sh_socket_read (struct socket_cmd * srvcmd) +{ + struct socket_cmd * list_cmd; + char message[SH_MAXMSG]; + struct sockaddr_un name; + int size; + int nbytes; + int talkfd; + int retry = 0; + + char * cmd = NULL; + char * clt = NULL; + + int client_uid = -1; + char errbuf[SH_ERRBUF_SIZE]; + + + struct msghdr msg; + struct iovec iov; + +#if defined(NEED_PASSWORD_AUTH) + char * eopw = NULL; + char * goodpassword = NULL; +#endif + +#if defined(HAVE_GETPEEREID) + uid_t peer_uid; + gid_t peer_gid; +#elif defined(SO_PEERCRED) + struct ucred cr; +#ifdef HAVE_SOCKLEN_T + socklen_t cl = sizeof(cr); +#else + int cl = sizeof(cr); +#endif + +#elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)) + +#ifdef HAVE_STRUCT_CMSGCRED + typedef struct cmsgcred Cred; +#define CRED_UID cmcred_uid + +#elif HAVE_STRUCT_FCRED + typedef struct fcred Cred; +#define CRED_UID fc_uid + +#elif HAVE_STRUCT_SOCKCRED + typedef struct sockcred Cred; +#define CRED_UID sc_uid + +#endif + Cred *cred; + + /* Compute size without padding */ + char cmsgmem[ALIGN(sizeof(struct cmsghdr)) + ALIGN(sizeof(Cred))]; + /* for NetBSD */ + + /* Point to start of first structure */ + struct cmsghdr *cmsg = (struct cmsghdr *) cmsgmem; +#endif + + if (pf_unix_fd < 0) + { + return 0; + } + + iov.iov_base = (char *) &message; + iov.iov_len = sizeof(message); + + memset (&msg, 0, sizeof (msg)); + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + +#if !defined(SO_PEERCRED) && !defined(HAVE_GETPEEREID) +#if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)) + msg.msg_control = (char *) cmsg; + msg.msg_controllen = sizeof (cmsgmem); + memset (cmsg, 0, sizeof (cmsgmem)); +#endif +#endif + + /* the socket is non-blocking + * 'name' is the address of the sender socket + */ + size = sizeof (name); + talkfd = retry_accept(FIL__, __LINE__, + pf_unix_fd, (struct sockaddr *) & name, &size); + if ((talkfd < 0) && (errno == EAGAIN)) + { + return 0; + } + else if (talkfd < 0) + { + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno, errbuf, sizeof(errbuf)), + _("sh_socket_read: accept")); + return -1; + } + + +#if defined(LOCAL_CREDS) && !defined(SO_PEERCRED) && !defined(HAVE_GETPEEREID) + /* Set the socket to receive credentials on the next message + */ + { + int on = 1; + if (setsockopt (talkfd, 0, LOCAL_CREDS, &on, sizeof (on)) < 0) + { + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno, errbuf, sizeof(errbuf)), + _("sh_socket_read: setsockopt")); + close(talkfd); + return -1; + } + } +#endif + + do { + nbytes = recvmsg (talkfd, &msg, 0); + if ((nbytes < 0) && (errno != EAGAIN)) + { + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno, errbuf, sizeof(errbuf)), + _("sh_socket_read: recvmsg")); + close(talkfd); + return -1; + } + else if (nbytes < 0) + { + ++retry; + retry_msleep(0, 1); + } + } while ((nbytes < 0) && (retry < 3)); + +#ifdef SH_DEBUG_SOCKET + fprintf(stderr, "%d bytes received\n", nbytes); +#endif + + /* msg.msg_iov.iov_base, filled by recvmsg + */ + message[sizeof(message)-1] = '\0'; + + if (nbytes < 0) + { + if (errno == EAGAIN) + { + /* no data */ + close(talkfd); + return 0; + } + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno, errbuf, sizeof(errbuf)), + _("sh_socket_read: recvfrom")); + close(talkfd); + return -1; + } + +#if defined(HAVE_GETPEEREID) + if (0 != getpeereid(talkfd, &peer_uid, &peer_gid)) + { + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno, errbuf, sizeof(errbuf)), + _("sh_socket_read: getpeereid")); + close(talkfd); + return -1; + } + client_uid = peer_uid; + cmd = message; +#elif defined(SO_PEERCRED) + if (0 != getsockopt(talkfd, SOL_SOCKET, SO_PEERCRED, &cr, &cl)) + { + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno, errbuf, sizeof(errbuf)), + _("sh_socket_read: getsockopt")); + close(talkfd); + return -1; + } + client_uid = cr.uid; + cmd = message; +#elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)) + if (cmsg->cmsg_len < sizeof (cmsgmem) || cmsg->cmsg_type != SCM_CREDS) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("Message from recvmsg() was not SCM_CREDS"), + _("sh_socket_read")); + + /* Check for file descriptors sent using SCM_RIGHTS, and + * close them. If MSG_CTRUNC is set, the buffer was too small, + * and no fds are duped. + */ + if (msg.msg_controllen >= sizeof(struct cmsghdr) && + (msg.msg_flags & MSG_CTRUNC) == 0) + { + unsigned int data_size; + unsigned int data_i; + int fdcount, fdmax; + struct cmsghdr * cmptr; + int fdsbuf[1 + (sizeof(cmsgmem)/sizeof(int))]; + + for (cmptr = CMSG_FIRSTHDR(&msg); cmptr != NULL; + cmptr = CMSG_NXTHDR(&msg, cmptr)) + { + if (cmptr->cmsg_len > sizeof (cmsgmem) || + cmptr->cmsg_level != SOL_SOCKET || + cmptr->cmsg_type != SCM_RIGHTS) + continue; + + /* Crappy way of finding the data length. + * cmptr->cmsg_len includes both header and padding, + * how are you supposed to find the data length? + * cmptr->cmsg_len - ALIGN(sizeof(struct cmsghdr)) ? + */ + data_size = 0; + + for (data_i = 0; data_i < cmptr->cmsg_len; ++data_i) + { + if (CMSG_LEN(data_i) == cmptr->cmsg_len) + { + data_size = data_i; + break; + } + } + memcpy(fdsbuf, CMSG_DATA(cmptr), data_size); + fdmax = data_size / sizeof(int); + for (fdcount = 0; fdcount < fdmax; ++fdcount) + (void) close(fdsbuf[fdcount]); + } + } + + close(talkfd); + return -1; + } + cred = (Cred *) CMSG_DATA (cmsg); + client_uid = cred->CRED_UID; + cmd = message; +#elif defined(NEED_PASSWORD_AUTH) + goodpassword = sh_get_sockpass(); + eopw = strchr(message, '@'); + if (eopw) + *eopw = '\0'; + /* + * message is null-terminated and >> goodpassword + */ + if (0 == strcmp(goodpassword, message) && + strlen(goodpassword) < (sizeof(message)/2)) + { + client_uid = sh_socket_flaguid; + cmd = &message[strlen(goodpassword)+1]; + sh_set_sockpass(); + } + else + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("Bad password"), + _("sh_socket_read")); + sh_set_sockpass(); + close(talkfd); + return -1; + } +#else + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + _("Socket credentials not supported on this OS"), + _("sh_socket_read")); + close(talkfd); + return -1; +#endif + +#ifdef SH_DEBUG_SOCKET + fprintf(stderr, "Peer uid=%d, required=%d\n", + client_uid, sh_socket_flaguid); +#endif + + if (client_uid != sh_socket_flaguid) + { + sh_error_handle((-1), FIL__, __LINE__, client_uid, MSG_E_SUBGEN, + _("client does not have required uid"), + _("sh_socket_read: getsockopt")); + close(talkfd); + return -1; + } + + + /* Give a diagnostic message. + */ +#ifdef SH_DEBUG_SOCKET + fprintf (stderr, "Server: got message: %s\n", cmd); +#endif + + clt = strchr(cmd, ':'); + if (clt != NULL) + { + *clt = '\0'; ++clt; + if (sl_strlen(cmd) >= SH_MAXMSGLEN) + { + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + _("Bad message format: command too long"), + _("sh_socket_read")); + close(talkfd); + return -1; + } + else if (sl_strlen(clt) >= SH_MAXMSGLEN) + { + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + _("Bad message format: hostname too long"), + _("sh_socket_read")); + close(talkfd); + return -1; + } + if (cmd[0] == 'L' && cmd[1] == 'I' && + cmd[2] == 'S' && cmd[3] == 'T') + { + goto list_all; + } + else if (cmd[0] == 'P' && cmd[1] == 'R' && + cmd[2] == 'O' && cmd[3] == 'B' && cmd[4] == 'E') + { + sh_socket_probe4reload(); + cmd[0] = 'L'; cmd[1] = 'I'; cmd[2] = 'S'; cmd[3] = 'T';cmd[4] = '\0'; + goto list_all; + } + sl_strlcpy (srvcmd->cmd, cmd, SH_MAXMSGLEN); + sl_strlcpy (srvcmd->clt, clt, SH_MAXMSGLEN); + --clt; *clt = ':'; + } + else + { + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + _("Bad message format"), + _("sh_socket_read")); + close(talkfd); + return -1; + } + + /* Bounce the message back to the sender. + * 'name' is the receiver address; it has been been filled + * with the sender address in the recvfrom call + */ +#ifdef SH_DEBUG_SOCKET + fprintf (stderr, "Server: send message: %s to %s\n", + cmd, name.sun_path); +#endif + /* + nbytes = sendto (pf_unix_fd, message, nbytes, 0, + (struct sockaddr *) & name, size); + */ + nbytes = send (talkfd, cmd, strlen(cmd) + 1, 0); + close(talkfd); + if (nbytes < 0) + { + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno, errbuf, sizeof(errbuf)), + _("sh_socket_read: send")); + return -1; + } +#ifdef SH_DEBUG_SOCKET + fprintf (stderr, "Server: message is out\n"); +#endif + return nbytes; + + list_all: +#ifdef SH_DEBUG_SOCKET + fprintf (stderr, "Server: list all\n"); +#endif + if (cmd[4] == 'A' && cmd[5] == 'L' && cmd[6] == 'L') + { + list_cmd = runlist; + while (list_cmd) + { + sl_snprintf(message, sizeof(message), _("SENT %8s %32s %s"), + list_cmd->cmd, list_cmd->clt, list_cmd->cti); + /* + sl_strlcpy(message, _("DONE"), SH_MAXMSG); + sl_strlcat(message, " ", SH_MAXMSG); + sl_strlcat(message, list_cmd->cmd, SH_MAXMSG); + sl_strlcat(message, " ", SH_MAXMSG); + sl_strlcat(message, list_cmd->clt, SH_MAXMSG); + sl_strlcat(message, " ", SH_MAXMSG); + sl_strlcat(message, list_cmd->cti, SH_MAXMSG); + */ + nbytes = send (talkfd, message, sl_strlen(message) + 1, 0); + if (nbytes < 0) + { + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno, errbuf, sizeof(errbuf)), + _("sh_socket_read: sendto")); + close(talkfd); + return -1; + } + list_cmd = list_cmd->next; + } + } + + list_cmd = cmdlist; + while (list_cmd) + { + sl_snprintf(message, sizeof(message), _(">>>> %8s %32s %s"), + list_cmd->cmd, list_cmd->clt, list_cmd->cti); + /* + sl_strlcpy(message, _(">>>>"), SH_MAXMSG); + sl_strlcat(message, " ", SH_MAXMSG); + sl_strlcat(message, list_cmd->cmd, SH_MAXMSG); + sl_strlcat(message, " ", SH_MAXMSG); + sl_strlcat(message, list_cmd->clt, SH_MAXMSG); + sl_strlcat(message, " ", SH_MAXMSG); + sl_strlcat(message, list_cmd->cti, SH_MAXMSG); + */ + /* + nbytes = sendto (pf_unix_fd, message, sl_strlen(message) + 1, 0, + (struct sockaddr *) & name, size); + */ + nbytes = send (talkfd, message, sl_strlen(message) + 1, 0); + if (nbytes < 0) + { + sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + sh_error_message (errno, errbuf, sizeof(errbuf)), + _("sh_socket_read: sendto")); + close(talkfd); + return -1; + } + list_cmd = list_cmd->next; + } + + /* + nbytes = sendto (pf_unix_fd, _("END"), 4, 0, + (struct sockaddr *) & name, size); + */ + nbytes = send (talkfd, _("END"), 4, 0); + close(talkfd); + return 0; +} +/* #if !defined(HAVE_CMSGCRED) || !defined(SO_PEERCRED) */ +/* #endif */ + +static void sh_socket_add2list (struct socket_cmd * in) +{ + struct socket_cmd * new; + + new = SH_ALLOC(sizeof(struct socket_cmd)); + sl_strlcpy (new->cmd, in->cmd, sizeof(new->cmd)); + sl_strlcpy (new->clt, in->clt, sizeof(new->clt)); + (void) sh_unix_time(0, new->cti, sizeof(new->cti)); + new->next = cmdlist; + cmdlist = new; + + return; +} + +static void sh_socket_add2run (struct socket_cmd * in) +{ + struct socket_cmd * new = runlist; + char * client_name = in->clt; + + while (new) + { + if (0 == sl_strcmp(new->clt, client_name)) + { + sl_strlcpy (new->cmd, in->cmd, sizeof(new->cmd)); + sl_strlcpy (new->clt, in->clt, sizeof(new->clt)); + (void) sh_unix_time(0, new->cti, sizeof(new->cti)); + return; + } + new = new->next; + } + + new = SH_ALLOC(sizeof(struct socket_cmd)); + sl_strlcpy (new->cmd, in->cmd, sizeof(new->cmd)); + sl_strlcpy (new->clt, in->clt, sizeof(new->clt)); + (void) sh_unix_time(0, new->cti, sizeof(new->cti)); + new->next = runlist; + runlist = new; + + return; +} + + + +static void sh_socket_rm2list (const char * client_name) +{ + struct socket_cmd * old = cmdlist; + struct socket_cmd * new = cmdlist; + + while (new) + { + if (0 == sl_strcmp(new->clt, client_name)) + { + if ((new == cmdlist) && (new->next == NULL)) + { + cmdlist = NULL; + SH_FREE(new); + return; + } + else if (new == cmdlist) + { + cmdlist = new->next; + SH_FREE(new); + return; + } + else + { + old->next = new->next; + SH_FREE(new); + return; + } + } + old = new; + new = new->next; + } + return; +} + +/* poll the socket to gather input + */ +int sh_socket_poll() +{ + struct socket_cmd cmd; + char cancel_cmd[SH_MAXMSGLEN]; + + /* struct pollfd sh_poll = { pf_unix_fd, POLLIN, 0 }; */ + + if (pf_unix_fd < 0) + { + return 0; + } + + sl_strlcpy(cancel_cmd, _("CANCEL"), sizeof(cancel_cmd)); + + while (sh_socket_read (&cmd) > 0) + { + if (0 == sl_strcmp(cmd.cmd, cancel_cmd)) + { + sh_socket_rm2list (cmd.clt); + } + else + { + sh_socket_rm2list (cmd.clt); + sh_socket_add2list (&cmd); + } + } + return 0; +} + +/* return the command associated with client_name + and remove the corresponding entry + */ +char * sh_socket_check(const char * client_name) +{ + struct socket_cmd * old = cmdlist; + struct socket_cmd * new = cmdlist; + static char out[SH_MAXMSGLEN]; + + while (new) + { + if (0 == sl_strcmp(new->clt, client_name)) + { + sl_strlcpy(out, new->cmd, sizeof(out)); + sh_socket_add2run (new); + sh_socket_rm2list (client_name); + return out; + } + old = new; + new = new->next; + } + return NULL; +} + +/* #if defined (SH_WITH_SERVER) + */ +#endif + Index: /tags/2.5.0/src/sh_srp.c =================================================================== --- /tags/2.5.0/src/sh_srp.c (revision 189) +++ /tags/2.5.0/src/sh_srp.c (revision 189) @@ -0,0 +1,714 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999, 2000 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +#include +#include +#include + + +#include "samhain.h" + +#ifdef USE_SRP_PROTOCOL + +#if (defined (SH_WITH_CLIENT) || defined (SH_WITH_SERVER)) + +#include "sh_tiger.h" +#include "sh_mem.h" +#include "sh_utils.h" +#include "sh_srp.h" + +#if !defined(HAVE_LIBGMP) || !defined(HAVE_GMP_H) +#include "bignum.h" +#else + +#include + +#define BIG_OK 0 +#define bigerr_t int +int big_errno = BIG_OK; + +#define bignum MP_INT + +inline +int big_create (bignum * a) +{ + mpz_init(a); + return 0; +} + +inline +int big_zerop (bignum * a) +{ + mpz_t b; + int i; + mpz_init_set_str(b, "0", 10); + i = mpz_cmp(a, b); + mpz_clear(b); + if (i) + return 0; + else + return 1; +} + +inline +int big_trunc (bignum * a, bignum * b, bignum * q, bignum *r) +{ + mpz_tdiv_qr(q, r, a, b); + return 0; +} + +inline +int big_exptmod (bignum * a, bignum * b, bignum * c, bignum *d) +{ + mpz_powm(d, a, b, c); + return 0; +} + +char * get_str_internal = NULL; +int siz_str_internal = 0; + +inline +char * big_string (bignum * a, int base) +{ + char * str = NULL; + int size; + int i; + str = mpz_get_str (str, base, a); + + if (get_str_internal == NULL) + { + get_str_internal = malloc(512); /* only once */ + if (get_str_internal) + { + siz_str_internal = 512; + } + else + { + if (str != NULL) + free(str); + return 0; + } + get_str_internal[0] = '\0'; + } + + if (str != NULL) + { + size = strlen(str) + 1; + if (size > siz_str_internal) + get_str_internal = realloc (get_str_internal, size); + if (get_str_internal == NULL) + { + free(str); + return NULL; + } + siz_str_internal = size; + sl_strlcpy (get_str_internal, str, siz_str_internal); + for (i = 0; i < (size-1); ++i) + if (get_str_internal[i] >= 'a' && get_str_internal[i] <= 'f' ) + get_str_internal[i] = get_str_internal[i] - 'a' + 'A'; + free (str); + } + return get_str_internal; +} + +inline +int big_add(bignum * a, bignum * b, bignum * c) +{ + mpz_add(c, a, b); + return 0; +} + +inline +int big_sub(bignum * a, bignum * b, bignum * c) +{ + mpz_sub(c, a, b); + return 0; +} + +inline +int big_mul(bignum * a, bignum * b, bignum * c) +{ + mpz_mul(c, a, b); + return 0; +} + +inline +int big_greaterp(bignum * a, bignum * b) +{ + return mpz_cmp(a, b) > 0; +} + +inline +int big_set_big(bignum * a, bignum * b) +{ + mpz_set(b, a); + return 0; +} + + +inline +int big_set_string(const char * str, int base, bignum * a) +{ + mpz_set_str (a, str, base); + return 0; +} + + +#define big_init_pkg() 0 +#define big_release_pkg() +#define big_destroy mpz_clear + +/* #if defined(HAVE_LIBGMP) + */ +#endif + +#undef FIL__ +#define FIL__ _("sh_srp.c") + +typedef struct sh_srp_struc { + char x[KEY_LEN+1]; + bignum a; + bignum p; + bignum g; +} sh_srp_t; + +static sh_srp_t sh_srp; + +void sh_srp_x (char * salt, char * password) +{ + + char *combi; + size_t len, l2; + register int i; + unsigned char * dez = NULL; + char hashbuf[KEYBUF_SIZE]; + + SL_ENTER(_("sh_srp_x")); + + /* patch by Andreas Piesk + */ + if (password == NULL) + dez = (unsigned char *) &(skey->pw[0]); + else + dez = (unsigned char *) password; + + for (i = 0; i < PW_LEN; ++i) + { + skey->vernam[i] = (char)(*dez); + ++dez; + } + skey->vernam[PW_LEN] = '\0'; + + (void) sl_strlcpy (skey->vernam, + sh_tiger_hash(skey->vernam, TIGER_DATA, PW_LEN, + hashbuf, sizeof(hashbuf)), + KEY_LEN); + skey->vernam[KEY_LEN] = '\0'; + + len = sl_strlen(salt) + 1; + l2 = sl_strlen(skey->vernam); + if (sl_ok_adds(len, l2)) + len += l2; + + /* H(s,P) + */ + combi = SH_ALLOC(len); + (void) sl_strlcpy (combi, salt, len); + (void) sl_strlcat (combi, skey->vernam, len); + (void) sl_strlcpy (sh_srp.x, + sh_tiger_hash(combi, TIGER_DATA, + (unsigned long) sl_strlen(combi), + hashbuf, sizeof(hashbuf)), + KEY_LEN+1); + SH_FREE (combi); + + SL_RET0(_("sh_srp_x")); +} + +char * sh_srp_M (char * x1, char * x2, char * x3, char * hash, size_t size) +{ + char *combi; + size_t len, l2, l3; + + SL_ENTER(_("sh_srp_M")); + + ASSERT_RET((x1 != NULL && x2 != NULL && x3 !=NULL), + _("x1 != NULL && x2 != NULL && x3 !=NULL"), NULL); + + len = sl_strlen(x1) + 1; + l2 = sl_strlen(x2); + l3 = sl_strlen(x3); + + if (sl_ok_adds(len, l2)) + len += l2; + if (sl_ok_adds(len, l3)) + len += l3; + + /* H(x1,x2,x3) + */ + combi = SH_ALLOC(len); + (void) sl_strlcpy (combi, x1, len); + (void) sl_strlcat (combi, x2, len); + (void) sl_strlcat (combi, x3, len); + (void) sh_tiger_hash(combi, TIGER_DATA, (unsigned long) (len-1), + hash, size); + SH_FREE (combi); + + SL_RETURN(hash, _("sh_srp_M")); +} + + +void sh_srp_exit() +{ + SL_ENTER(_("sh_srp_exit")); + big_destroy(&sh_srp.g); + big_destroy(&sh_srp.p); + big_destroy(&sh_srp.a); + + big_release_pkg(); + + big_errno = BIG_OK; + SL_RET0(_("sh_srp_exit")); +} + + +int sh_srp_init() +{ + bigerr_t res; + char modulus[80*4]; + + SL_ENTER(_("sh_srp_init")); + + big_errno = BIG_OK; + + res = big_init_pkg(); + + if (res == BIG_OK) + { + res = big_create(&sh_srp.p); + if (res == BIG_OK) + res = big_create(&sh_srp.g); + if (res == BIG_OK) + res = big_create(&sh_srp.a); + if (res == BIG_OK) + { + (void) sl_strlcpy(modulus, SRP_MODULUS_1024_1, sizeof(modulus)); + (void) sl_strlcat(modulus, SRP_MODULUS_1024_2, sizeof(modulus)); + (void) sl_strlcat(modulus, SRP_MODULUS_1024_3, sizeof(modulus)); + (void) sl_strlcat(modulus, SRP_MODULUS_1024_4, sizeof(modulus)); + } + if (res == BIG_OK) + res = big_set_string (modulus, 16, &sh_srp.p); + if (res == BIG_OK) + res = big_set_string (SRP_GENERATOR_1024, 16, &sh_srp.g); + if (res == BIG_OK) + { + SL_RETURN (0, _("sh_srp_init")); + } + else + sh_srp_exit(); + } + SL_RETURN ((-1), _("sh_srp_init")); +} + + +int sh_srp_make_a () +{ + UINT32 randl[6]; + int i; + int res; + char hash[KEY_LEN+1]; + char hashbuf[KEYBUF_SIZE]; + + SL_ENTER(_("sh_srp_make_a")); + + for (i = 0; i < 6; ++i) + randl[i] = (UINT32) taus_get (); + + (void) sl_strlcpy (hash, + sh_tiger_hash((char *)&randl[0], TIGER_DATA, + (unsigned long) 6*sizeof(UINT32), + hashbuf, sizeof(hashbuf)), + KEY_LEN+1); + + hash[KEY_LEN] = '\0'; + + res = big_set_string (hash, 16, &sh_srp.a); + if (res == BIG_OK) + { + SL_RETURN((0), _("sh_srp_make_a")); + } + else + { + SL_RETURN((-1), _("sh_srp_make_a")); + } +} + +/* return 0 if AB is NOT zero + */ +int sh_srp_check_zero (char * AB_str) +{ + bignum AB, q, r; + bigerr_t res; + int val; + + SL_ENTER(_("sh_srp_check_zero")); + + ASSERT_RET((AB_str != NULL), _("AB_str != NULL"), (-1)); + + res = big_create(&AB); + if (res == BIG_OK) + res = big_create(&q); + if (res == BIG_OK) + res = big_create(&r); + + if (res == BIG_OK) + res = big_set_string (AB_str, 16, &AB); + if (res == BIG_OK) + res = big_trunc(&AB, &sh_srp.p, &q, &r); /* is last one the remainder ? */ + + if (res != BIG_OK) val = (-1); + else if (0 != big_zerop(&AB) ) val = (-1); /* 0 != (sign == 0) */ + else val = 0; + + big_destroy(&AB); + big_destroy(&q); + big_destroy(&r); + + SL_RETURN((val), _("sh_srp_check_zero")); +} + +#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) + + +char * sh_srp_A () +{ + bignum A; + char *str; + char *combi; + bigerr_t res; + + SL_ENTER(_("sh_srp_A")); + + res = big_create(&A); + + if (res == BIG_OK) + res = big_exptmod (&sh_srp.g, &sh_srp.a, &sh_srp.p, &A); + + if (res == BIG_OK) + str = big_string (&A, 16); + else + str = NULL; + + if (str != NULL) + combi = sh_util_strdup(str); + else + combi = NULL; + + big_destroy(&A); + SL_RETURN(combi, _("sh_srp_A")); +} + +/* #ifdef SH_WITH_CLIENT */ +#endif + +#ifdef SH_WITH_SERVER + +char * sh_srp_B (char * verifier) +{ + bignum B, v, t, dummy; + char *str; + char *combi; + bigerr_t res; + + SL_ENTER(_("sh_srp_B")); + + ASSERT_RET((verifier != NULL), _("verifier != NULL"), (NULL)); + + res = big_create(&dummy); + + if (res == BIG_OK) + res = big_create(&t); + if (res == BIG_OK) + res = big_create(&v); + if (res == BIG_OK) + res = big_create(&B); + + if (res == BIG_OK) + res = big_exptmod (&sh_srp.g, &sh_srp.a, &sh_srp.p, &t); + + if (res == BIG_OK) + big_set_string (verifier, 16, &v); + + if (res == BIG_OK) + res = big_add (&t, &v, &dummy); + + if (res == BIG_OK) + { + if ( big_greaterp(&dummy, &sh_srp.p) ) + res = big_sub(&dummy, &sh_srp.p, &B); + else + res = big_set_big(&dummy, &B); + } + + if (res == BIG_OK) + str = big_string (&B, 16); + else + str = NULL; + + if (str != NULL) + combi = sh_util_strdup(str); + else + combi = NULL; + + big_destroy(&B); + big_destroy(&v); + big_destroy(&t); + big_destroy(&dummy); + + SL_RETURN(combi, _("sh_srp_B")); +} +/* #ifdef SH_WITH_SERVER */ +#endif + + +#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) + +char * sh_srp_S_c (char * u_str, char * B_str) +{ + bignum u, B, x, t, base, z1, z2; + char *str; + char *combi; + bigerr_t res; + + SL_ENTER(_("sh_srp_S_c")); + + ASSERT_RET((u_str != NULL && B_str != NULL), + _("u_str != NULL && B_str != NULL"), (NULL)); + + big_errno = BIG_OK; + + res = big_create(&z2); + if (res == BIG_OK) + res = big_create(&z1); + if (res == BIG_OK) + res = big_create(&base); + if (res == BIG_OK) + res = big_create(&t); + if (res == BIG_OK) + res = big_create(&x); + if (res == BIG_OK) + res = big_create(&B); + if (res == BIG_OK) + res = big_create(&u); + + if (res == BIG_OK) + res = big_set_string (B_str, 16, &B); + if (res == BIG_OK) + res = big_set_string (sh_srp.x, 16, &x); + if (res == BIG_OK) + res = big_set_string (u_str, 16, &u); + + /* the base (B - g^x) + */ + if (res == BIG_OK) + res = big_exptmod (&sh_srp.g, &x, &sh_srp.p, &t); + + if (res == BIG_OK) + { + if ( big_greaterp(&B, &t) != 0) + { + res = big_sub(&B, &t, &base); + } + else + { + res = big_add(&B, &sh_srp.p, &z2); + if (res == BIG_OK) + res = big_sub(&z2, &t, &base); + } + } + + /* the exponent (a + ux) + */ + if (res == BIG_OK) + res = big_mul (&u, &x, &t); + if (res == BIG_OK) + res = big_trunc(&t, &sh_srp.p, &z1, &z2); /* is last one the remainder ? */ + if (res == BIG_OK) + res = big_add(&sh_srp.a, &z2, &z1); + if (res == BIG_OK) + { + if ( big_greaterp(&z1, &sh_srp.p) != 0) + res = big_sub(&z1, &sh_srp.p, &z2); + else + res = big_set_big(&z1, &z2); + } + + if (res == BIG_OK) + res = big_exptmod (&base, &z2, &sh_srp.p, &t); + + if (res == BIG_OK) + str = big_string (&t, 16); + else + str = NULL; + + if (str != NULL) + combi = sh_util_strdup(str); + else + combi = NULL; + + big_destroy(&z1); + big_destroy(&z2); + big_destroy(&base); + big_destroy(&t); + big_destroy(&x); + big_destroy(&B); + big_destroy(&u); + + SL_RETURN(combi, _("sh_srp_S_c")); +} + +/* #ifdef SH_WITH_CLIENT */ +#endif + +#ifdef SH_WITH_SERVER + + +char * sh_srp_S_s (char * u_str, char * A_str, char * v_str) +{ + bignum u, A, v, t, base, z1, z2; + char *str; + char *combi; + bigerr_t res; + + SL_ENTER(_("sh_srp_S_s")); + + ASSERT_RET((u_str != NULL && A_str != NULL && v_str != NULL), + _("u_str != NULL && A_str != NULL && v_str != NULL"), + (NULL)); + + big_errno = BIG_OK; + + res = big_create(&z2); + if (res == BIG_OK) + res = big_create(&z1); + if (res == BIG_OK) + res = big_create(&base); + if (res == BIG_OK) + res = big_create(&t); + if (res == BIG_OK) + res = big_create(&v); + if (res == BIG_OK) + res = big_create(&A); + if (res == BIG_OK) + res = big_create(&u); + + if (res == BIG_OK) + res = big_set_string (A_str, 16, &A); + if (res == BIG_OK) + res = big_set_string (v_str, 16, &v); + if (res == BIG_OK) + res = big_set_string (u_str, 16, &u); + + /* the base (Av^u) + */ + if (res == BIG_OK) + res = big_exptmod (&v, &u, &sh_srp.p, &t); + if (res == BIG_OK) + res = big_mul (&A, &t, &z1); + if (res == BIG_OK) + res = big_trunc(&z1, &sh_srp.p, &z2, &base); /* is last the remainder ? */ + + if (res == BIG_OK) + res = big_exptmod (&base, &sh_srp.a, &sh_srp.p, &t); + + if (res == BIG_OK) + str = big_string (&t, 16); + else + str = NULL; + + if (str != NULL) + combi = sh_util_strdup(str); + else + combi = NULL; + + big_destroy(&z1); + big_destroy(&z2); + big_destroy(&base); + big_destroy(&t); + big_destroy(&v); + big_destroy(&A); + big_destroy(&u); + + SL_RETURN(combi, _("sh_srp_S_s")); +} + +/* #ifdef SH_WITH_SERVER */ +#endif + + +char * sh_srp_verifier (void) +{ + bignum x, v; + char *combi; + char *str; + bigerr_t res; + + SL_ENTER(_("sh_srp_verifier")); + + res = big_create(&x); + if (res == BIG_OK) + res = big_create(&v); + + if (res == BIG_OK) + res = big_set_string (sh_srp.x, 16, &x); + + if (res == BIG_OK) + res = big_exptmod (&sh_srp.g, &x, &sh_srp.p, &v); + + if (res == BIG_OK) + str = big_string (&v, 16); + else + str = NULL; + + if (str != NULL) + combi = sh_util_strdup(str); + else + combi = NULL; + + big_destroy(&x); + big_destroy(&v); + + SL_RETURN(combi, _("sh_srp_verifier")); +} + + +/* #if (defined (SH_WITH_CLIENT) || defined (SH_WITH_SERVER)) */ + +#endif + +/* #ifdef USE_SRP_PROTOCOL */ + +#endif + + + + Index: /tags/2.5.0/src/sh_static.c =================================================================== --- /tags/2.5.0/src/sh_static.c (revision 189) +++ /tags/2.5.0/src/sh_static.c (revision 189) @@ -0,0 +1,2006 @@ +/* Copyright (C) 2003 Manuel Novoa III + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with this library; if not, write to the Free + * Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* Nov 6, 2003 Initial version. + * + * NOTE: This implementation is quite strict about requiring all + * field seperators. It also does not allow leading whitespace + * except when processing the numeric fields. glibc is more + * lenient. See the various glibc difference comments below. + * + * TODO: + * Move to dynamic allocation of (currently staticly allocated) + * buffers; especially for the group-related functions since + * large group member lists will cause error returns. + * + */ + +/* Jul 20, 2004 Adapted for samhain. Rainer Wichmann. + * + * Stripped all unneeded code. + */ + +#include "config_xor.h" + +#if defined(SH_COMPILE_STATIC) && defined(__linux__) + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "sh_pthread.h" + +#ifndef _PATH_PASSWD +#define _PATH_PASSWD "/etc/passwd" +#endif +#ifndef _PATH_GROUP +#define _PATH_GROUP "/etc/group" +#endif + +extern int sl_strlcpy(char * dst, /*@null@*/const char * src, size_t siz); +extern int sl_strlcat(char * dst, /*@null@*/const char * src, size_t siz); + + +/**********************************************************************/ +/* Sizes for staticly allocated buffers. */ + +#define PWD_BUFFER_SIZE 256 +#define GRP_BUFFER_SIZE 256 + +/**********************************************************************/ +/* Prototypes for internal functions. */ + +static int __parsepwent(void *pw, char *line); +static int __parsegrent(void *gr, char *line); + +static int __pgsreader(int (*__parserfunc)(void *d, char *line), void *data, + char *__restrict line_buff, + size_t buflen, FILE *f); + +#undef GETXXKEY_R_FUNC +#undef GETXXKEY_R_PARSER +#undef GETXXKEY_R_ENTTYPE +#undef GETXXKEY_R_TEST +#undef DO_GETXXKEY_R_KEYTYPE +#undef DO_GETXXKEY_R_PATHNAME +#define GETXXKEY_R_FUNC sh_getpwnam_r +#define GETXXKEY_R_PARSER __parsepwent +#define GETXXKEY_R_ENTTYPE struct passwd +#define GETXXKEY_R_TEST(ENT) (!strcmp((ENT)->pw_name, key)) +#define DO_GETXXKEY_R_KEYTYPE const char *__restrict +#define DO_GETXXKEY_R_PATHNAME _PATH_PASSWD + +int GETXXKEY_R_FUNC(DO_GETXXKEY_R_KEYTYPE key, + GETXXKEY_R_ENTTYPE *__restrict resultbuf, + char *__restrict buffer, size_t buflen, + GETXXKEY_R_ENTTYPE **__restrict result) +{ + FILE *stream; + int rv; + + *result = NULL; + + if (!(stream = fopen(DO_GETXXKEY_R_PATHNAME, "r"))) { + rv = errno; + } else { + /* __STDIO_SET_USER_LOCKING(stream); */ + do { + if (!(rv = __pgsreader(GETXXKEY_R_PARSER, resultbuf, + buffer, buflen, stream)) + ) { + if (GETXXKEY_R_TEST(resultbuf)) { /* Found key? */ + *result = resultbuf; + break; + } + } else { + if (rv == ENOENT) { /* end-of-file encountered. */ + rv = 0; + } + break; + } + } while (1); + fclose(stream); + } + + return rv; +} + +#undef GETXXKEY_R_FUNC +#undef GETXXKEY_R_PARSER +#undef GETXXKEY_R_ENTTYPE +#undef GETXXKEY_R_TEST +#undef DO_GETXXKEY_R_KEYTYPE +#undef DO_GETXXKEY_R_PATHNAME +#define GETXXKEY_R_FUNC sh_getgrnam_r +#define GETXXKEY_R_PARSER __parsegrent +#define GETXXKEY_R_ENTTYPE struct group +#define GETXXKEY_R_TEST(ENT) (!strcmp((ENT)->gr_name, key)) +#define DO_GETXXKEY_R_KEYTYPE const char *__restrict +#define DO_GETXXKEY_R_PATHNAME _PATH_GROUP + +int GETXXKEY_R_FUNC(DO_GETXXKEY_R_KEYTYPE key, + GETXXKEY_R_ENTTYPE *__restrict resultbuf, + char *__restrict buffer, size_t buflen, + GETXXKEY_R_ENTTYPE **__restrict result) +{ + FILE *stream; + int rv; + + *result = NULL; + + if (!(stream = fopen(DO_GETXXKEY_R_PATHNAME, "r"))) { + rv = errno; + } else { + /* __STDIO_SET_USER_LOCKING(stream); */ + do { + if (!(rv = __pgsreader(GETXXKEY_R_PARSER, resultbuf, + buffer, buflen, stream)) + ) { + if (GETXXKEY_R_TEST(resultbuf)) { /* Found key? */ + *result = resultbuf; + break; + } + } else { + if (rv == ENOENT) { /* end-of-file encountered. */ + rv = 0; + } + break; + } + } while (1); + fclose(stream); + } + + return rv; +} + +#undef GETXXKEY_R_FUNC +#undef GETXXKEY_R_PARSER +#undef GETXXKEY_R_ENTTYPE +#undef GETXXKEY_R_TEST +#undef DO_GETXXKEY_R_KEYTYPE +#undef DO_GETXXKEY_R_PATHNAME +#define GETXXKEY_R_FUNC sh_getpwuid_r +#define GETXXKEY_R_PARSER __parsepwent +#define GETXXKEY_R_ENTTYPE struct passwd +#define GETXXKEY_R_TEST(ENT) ((ENT)->pw_uid == key) +#define DO_GETXXKEY_R_KEYTYPE uid_t +#define DO_GETXXKEY_R_PATHNAME _PATH_PASSWD + +int GETXXKEY_R_FUNC(DO_GETXXKEY_R_KEYTYPE key, + GETXXKEY_R_ENTTYPE *__restrict resultbuf, + char *__restrict buffer, size_t buflen, + GETXXKEY_R_ENTTYPE **__restrict result) +{ + FILE *stream; + int rv; + + *result = NULL; + + if (!(stream = fopen(DO_GETXXKEY_R_PATHNAME, "r"))) { + rv = errno; + } else { + /* __STDIO_SET_USER_LOCKING(stream); */ + do { + if (!(rv = __pgsreader(GETXXKEY_R_PARSER, resultbuf, + buffer, buflen, stream)) + ) { + if (GETXXKEY_R_TEST(resultbuf)) { /* Found key? */ + *result = resultbuf; + break; + } + } else { + if (rv == ENOENT) { /* end-of-file encountered. */ + rv = 0; + } + break; + } + } while (1); + fclose(stream); + } + + return rv; +} + +#undef GETXXKEY_R_FUNC +#undef GETXXKEY_R_PARSER +#undef GETXXKEY_R_ENTTYPE +#undef GETXXKEY_R_TEST +#undef DO_GETXXKEY_R_KEYTYPE +#undef DO_GETXXKEY_R_PATHNAME +#define GETXXKEY_R_FUNC sh_getgrgid_r +#define GETXXKEY_R_PARSER __parsegrent +#define GETXXKEY_R_ENTTYPE struct group +#define GETXXKEY_R_TEST(ENT) ((ENT)->gr_gid == key) +#define DO_GETXXKEY_R_KEYTYPE gid_t +#define DO_GETXXKEY_R_PATHNAME _PATH_GROUP + +int GETXXKEY_R_FUNC(DO_GETXXKEY_R_KEYTYPE key, + GETXXKEY_R_ENTTYPE *__restrict resultbuf, + char *__restrict buffer, size_t buflen, + GETXXKEY_R_ENTTYPE **__restrict result) +{ + FILE *stream; + int rv; + + *result = NULL; + + if (!(stream = fopen(DO_GETXXKEY_R_PATHNAME, "r"))) { + rv = errno; + } else { + /* __STDIO_SET_USER_LOCKING(stream); */ + do { + if (!(rv = __pgsreader(GETXXKEY_R_PARSER, resultbuf, + buffer, buflen, stream)) + ) { + if (GETXXKEY_R_TEST(resultbuf)) { /* Found key? */ + *result = resultbuf; + break; + } + } else { + if (rv == ENOENT) { /* end-of-file encountered. */ + rv = 0; + } + break; + } + } while (1); + fclose(stream); + } + + return rv; +} + +struct passwd * sh_getpwuid(uid_t uid) +{ + static char buffer[PWD_BUFFER_SIZE]; + static struct passwd resultbuf; + struct passwd *result; + + sh_getpwuid_r(uid, &resultbuf, buffer, sizeof(buffer), &result); + return result; +} + +struct passwd * getpwuid(uid_t uid) +{ + return sh_getpwuid(uid); +} + +struct group * sh_getgrgid(gid_t gid) +{ + static char buffer[GRP_BUFFER_SIZE]; + static struct group resultbuf; + struct group *result; + + sh_getgrgid_r(gid, &resultbuf, buffer, sizeof(buffer), &result); + return result; +} + +struct group * getgrgid(gid_t gid) +{ + return sh_getgrgid(gid); +} + +struct passwd * sh_getpwnam(const char *name) +{ + static char buffer[PWD_BUFFER_SIZE]; + static struct passwd resultbuf; + struct passwd *result; + + sh_getpwnam_r(name, &resultbuf, buffer, sizeof(buffer), &result); + return result; +} + +struct group * sh_getgrnam(const char *name) +{ + static char buffer[GRP_BUFFER_SIZE]; + static struct group resultbuf; + struct group *result; + + sh_getgrnam_r(name, &resultbuf, buffer, sizeof(buffer), &result); + return result; +} + +SH_MUTEX_STATIC(pwf_lock, PTHREAD_MUTEX_INITIALIZER); + + +static FILE *pwf = NULL; + +void sh_setpwent(void) +{ + SH_MUTEX_LOCK(pwf_lock); + if (pwf) { + rewind(pwf); + } + SH_MUTEX_UNLOCK(pwf_lock); +} + +void sh_endpwent(void) +{ + SH_MUTEX_LOCK(pwf_lock); + if (pwf) { + fclose(pwf); + pwf = NULL; + } + SH_MUTEX_UNLOCK(pwf_lock); +} + + +static int sh_getpwent_r(struct passwd *__restrict resultbuf, + char *__restrict buffer, size_t buflen, + struct passwd **__restrict result) +{ + int rv; + + SH_MUTEX_LOCK(pwf_lock); + + *result = NULL; /* In case of error... */ + + if (!pwf) { + if (!(pwf = fopen(_PATH_PASSWD, "r"))) { + rv = errno; + goto ERR; + } + /* __STDIO_SET_USER_LOCKING(pwf); */ + } + + if (!(rv = __pgsreader(__parsepwent, resultbuf, + buffer, buflen, pwf))) { + *result = resultbuf; + } + + ERR: + ; /* 'label at end of compound statement' */ + SH_MUTEX_UNLOCK(pwf_lock); + + return rv; +} + +SH_MUTEX_STATIC(grf_lock, PTHREAD_MUTEX_INITIALIZER); + +static FILE *grf = NULL; + +void sh_setgrent(void) +{ + SH_MUTEX_LOCK(grf_lock); + if (grf) { + rewind(grf); + } + SH_MUTEX_UNLOCK(grf_lock); +} + +void sh_endgrent(void) +{ + SH_MUTEX_LOCK(grf_lock); + if (grf) { + fclose(grf); + grf = NULL; + } + SH_MUTEX_UNLOCK(grf_lock); +} + +static int sh_getgrent_r(struct group *__restrict resultbuf, + char *__restrict buffer, size_t buflen, + struct group **__restrict result) +{ + int rv; + + SH_MUTEX_LOCK(grf_lock); + + *result = NULL; /* In case of error... */ + + if (!grf) { + if (!(grf = fopen(_PATH_GROUP, "r"))) { + rv = errno; + goto ERR; + } + /* __STDIO_SET_USER_LOCKING(grf); */ + } + + if (!(rv = __pgsreader(__parsegrent, resultbuf, + buffer, buflen, grf))) { + *result = resultbuf; + } + + ERR: + ; /* 'label at end of compound statement' */ + SH_MUTEX_UNLOCK(grf_lock); + + return rv; +} + + +struct passwd * sh_getpwent(void) +{ + static char line_buff[PWD_BUFFER_SIZE]; + static struct passwd pwd; + struct passwd *result; + + sh_getpwent_r(&pwd, line_buff, sizeof(line_buff), &result); + return result; +} + + +struct group * sh_getgrent(void) +{ + static char line_buff[GRP_BUFFER_SIZE]; + static struct group gr; + struct group *result; + + sh_getgrent_r(&gr, line_buff, sizeof(line_buff), &result); + return result; +} + +int sh_initgroups(const char *user, gid_t gid) +{ + FILE *grf; + gid_t *group_list; + int num_groups, rv; + char **m; + struct group group; + char buff[PWD_BUFFER_SIZE]; + + rv = -1; + + /* We alloc space for 8 gids at a time. */ + if (((group_list = (gid_t *) malloc(8*sizeof(gid_t *))) != NULL) + && ((grf = fopen(_PATH_GROUP, "r")) != NULL) + ) { + + /* __STDIO_SET_USER_LOCKING(grf); */ + + *group_list = gid; + num_groups = 1; + + while (!__pgsreader(__parsegrent, &group, buff, sizeof(buff), grf)) { + assert(group.gr_mem); /* Must have at least a NULL terminator. */ + if (group.gr_gid != gid) { + for (m=group.gr_mem ; *m ; m++) { + if (!strcmp(*m, user)) { + if (!(num_groups & 7)) { + gid_t *tmp = (gid_t *) + realloc(group_list, + (num_groups+8) * sizeof(gid_t *)); + if (!tmp) { + rv = -1; + goto DO_CLOSE; + } + group_list = tmp; + } + group_list[num_groups++] = group.gr_gid; + break; + } + } + } + } + + rv = setgroups(num_groups, group_list); + DO_CLOSE: + fclose(grf); + } + + /* group_list will be NULL if initial malloc failed, which may trigger + * warnings from various malloc debuggers. */ + free(group_list); + return rv; +} + + +/**********************************************************************/ +/* Internal uClibc functions. */ +/**********************************************************************/ + +static const unsigned char pw_off[] = { + offsetof(struct passwd, pw_name), /* 0 */ + offsetof(struct passwd, pw_passwd), /* 1 */ + offsetof(struct passwd, pw_uid), /* 2 - not a char ptr */ + offsetof(struct passwd, pw_gid), /* 3 - not a char ptr */ + offsetof(struct passwd, pw_gecos), /* 4 */ + offsetof(struct passwd, pw_dir), /* 5 */ + offsetof(struct passwd, pw_shell) /* 6 */ +}; + +static int __parsepwent(void *data, char *line) +{ + char *endptr; + char *p; + int i; + + i = 0; + do { + p = ((char *) ((struct passwd *) data)) + pw_off[i]; + + if ((i & 6) ^ 2) { /* i!=2 and i!=3 */ + *((char **) p) = line; + if (i==6) { + return 0; + } + /* NOTE: glibc difference - glibc allows omission of + * ':' seperators after the gid field if all remaining + * entries are empty. We require all separators. */ + if (!(line = strchr(line, ':'))) { + break; + } + } else { + unsigned long t = strtoul(line, &endptr, 10); + /* Make sure we had at least one digit, and that the + * failing char is the next field seperator ':'. See + * glibc difference note above. */ + /* TODO: Also check for leading whitespace? */ + if ((endptr == line) || (*endptr != ':')) { + break; + } + line = endptr; + if (i & 1) { /* i == 3 -- gid */ + *((gid_t *) p) = t; + } else { /* i == 2 -- uid */ + *((uid_t *) p) = t; + } + } + + *line++ = 0; + ++i; + } while (1); + + return -1; +} + +static const unsigned char gr_off[] = { + offsetof(struct group, gr_name), /* 0 */ + offsetof(struct group, gr_passwd), /* 1 */ + offsetof(struct group, gr_gid) /* 2 - not a char ptr */ +}; + +static int __parsegrent(void *data, char *line) +{ + char *endptr; + char *p; + int i; + char **members; + char *end_of_buf; + + end_of_buf = ((struct group *) data)->gr_name; /* Evil hack! */ + i = 0; + do { + p = ((char *) ((struct group *) data)) + gr_off[i]; + + if (i < 2) { + *((char **) p) = line; + if (!(line = strchr(line, ':'))) { + break; + } + *line++ = 0; + ++i; + } else { + *((gid_t *) p) = strtoul(line, &endptr, 10); + + /* NOTE: glibc difference - glibc allows omission of the + * trailing colon when there is no member list. We treat + * this as an error. */ + + /* Make sure we had at least one digit, and that the + * failing char is the next field seperator ':'. See + * glibc difference note above. */ + if ((endptr == line) || (*endptr != ':')) { + break; + } + + i = 1; /* Count terminating NULL ptr. */ + p = endptr; + + if (p[1]) { /* We have a member list to process. */ + /* Overwrite the last ':' with a ',' before counting. + * This allows us to test for initial ',' and adds + * one ',' so that the ',' count equals the member + * count. */ + *p = ','; + do { + /* NOTE: glibc difference - glibc allows and trims leading + * (but not trailing) space. We treat this as an error. */ + /* NOTE: glibc difference - glibc allows consecutive and + * trailing commas, and ignores "empty string" users. We + * treat this as an error. */ + if (*p == ',') { + ++i; + *p = 0; /* nul-terminate each member string. */ + if (!*++p || (*p == ',') || isspace(*p)) { + goto ERR; + } + } + } while (*++p); + } + + /* Now align (p+1), rounding up. */ + /* Assumes sizeof(char **) is a power of 2. */ + members = (char **)( (((intptr_t) p) + sizeof(char **)) + & ~((intptr_t)(sizeof(char **) - 1)) ); + + if (((char *)(members + i)) > end_of_buf) { /* No space. */ + break; + } + + ((struct group *) data)->gr_mem = members; + + if (--i) { + p = endptr; /* Pointing to char prior to first member. */ + do { + *members++ = ++p; + if (!--i) break; + while (*++p) {} + } while (1); + } + *members = NULL; + + return 0; + } + } while (1); + + ERR: + return -1; +} + +/* Reads until if EOF, or until if finds a line which fits in the buffer + * and for which the parser function succeeds. + * + * Returns 0 on success and ENOENT for end-of-file (glibc concession). + */ + +static int __pgsreader(int (*__parserfunc)(void *d, char *line), void *data, + char *__restrict line_buff, size_t buflen, FILE *f) +{ + size_t line_len; /* int -> size_t R.W. */ + int skip; + int rv = ERANGE; + + if (buflen < PWD_BUFFER_SIZE) { + errno = rv; + } else { + /* __STDIO_THREADLOCK(f); */ + + skip = 0; + do { + if (!fgets(line_buff, buflen, f)) { + if (feof(f)) { + rv = ENOENT; + } + break; + } + + line_len = strlen(line_buff) - 1; /* strlen() must be > 0. */ + if (line_buff[line_len] == '\n') { + line_buff[line_len] = 0; + } else if (line_len + 2 == buflen) { /* line too long */ + ++skip; + continue; + } + + if (skip) { + --skip; + continue; + } + + /* NOTE: glibc difference - glibc strips leading whitespace from + * records. We do not allow leading whitespace. */ + + /* Skip empty lines, comment lines, and lines with leading + * whitespace. */ + if (*line_buff && (*line_buff != '#') && !isspace(*line_buff)) { + if (__parserfunc == __parsegrent) { /* Do evil group hack. */ + /* The group entry parsing function needs to know where + * the end of the buffer is so that it can construct the + * group member ptr table. */ + ((struct group *) data)->gr_name = line_buff + buflen; + } + + if (!__parserfunc(data, line_buff)) { + rv = 0; + break; + } + } + } while (1); + + /* __STDIO_THREADUNLOCK(f); */ + } + + return rv; +} + +/* resolv.c: DNS Resolver + * + * Copyright (C) 1998 Kenneth Albanowski , + * The Silver Hammer Group, Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. +*/ + +/* + * Portions Copyright (c) 1985, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * Portions Copyright (c) 1993 by Digital Equipment Corporation. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies, and that + * the name of Digital Equipment Corporation not be used in advertising or + * publicity pertaining to distribution of the document or software without + * specific, written prior permission. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT + * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Portions Copyright (c) 1996-1999 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * + * 5-Oct-2000 W. Greathouse wgreathouse@smva.com + * Fix memory leak and memory corruption. + * -- Every name resolution resulted in + * a new parse of resolv.conf and new + * copy of nameservers allocated by + * strdup. + * -- Every name resolution resulted in + * a new read of resolv.conf without + * resetting index from prior read... + * resulting in exceeding array bounds. + * + * Limit nameservers read from resolv.conf + * + * Add "search" domains from resolv.conf + * + * Some systems will return a security + * signature along with query answer for + * dynamic DNS entries. + * -- skip/ignore this answer + * + * Include arpa/nameser.h for defines. + * + * General cleanup + * + * 20-Jun-2001 Michal Moskal + * partial IPv6 support (i.e. gethostbyname2() and resolve_address2() + * functions added), IPv6 nameservers are also supported. + * + * 6-Oct-2001 Jari Korva + * more IPv6 support (IPv6 support for gethostbyaddr(); + * address family parameter and improved IPv6 support for get_hosts_byname + * and read_etc_hosts; getnameinfo() port from glibc; defined + * defined ip6addr_any and in6addr_loopback) + * + * 2-Feb-2002 Erik Andersen + * Added gethostent(), sethostent(), and endhostent() + * + * 17-Aug-2002 Manuel Novoa III + * Fixed __read_etc_hosts_r to return alias list, and modified buffer + * allocation accordingly. See MAX_ALIASES and ALIAS_DIM below. + * This fixes the segfault in the Python 2.2.1 socket test. + * + * 04-Jan-2003 Jay Kulpinski + * Fixed __decode_dotted to count the terminating null character + * in a host name. + * + * 02-Oct-2003 Tony J. White + * Lifted dn_expand() and dependent ns_name_uncompress(), ns_name_unpack(), + * and ns_name_ntop() from glibc 2.3.2 for compatibility with ipsec-tools + * and openldap. + * + */ + +#include +#include +#include + +/* close() + */ +#include + +/* 'struct hostent' + */ +#include + +/* constanst like HFIXEDSZ + */ +#include + +SH_MUTEX_STATIC(resolv_lock, PTHREAD_MUTEX_INITIALIZER); + +#define __UCLIBC_HAS_IPV6__ +#define MAX_RECURSE 5 +#define REPLY_TIMEOUT 10 +#define MAX_RETRIES 3 +#define MAX_SERVERS 3 +#define MAX_SEARCH 4 +#define MAX_ALIASES 5 + +/* 1:ip + 1:full + MAX_ALIASES:aliases + 1:NULL */ +#define ALIAS_DIM (2 + MAX_ALIASES + 1) + +static int __nameservers; +static char * __nameserver[MAX_SERVERS]; +static int __searchdomains; +static char * __searchdomain[MAX_SEARCH]; + +#undef DEBUG +/*#define DEBUG*/ + +#ifdef DEBUG +/* flawfinder: ignore *//* definition of debug macro */ +#define DPRINTF(X,args...) fprintf(stderr, X, ##args) +#else +#define DPRINTF(X,args...) +#endif /* DEBUG */ + +struct resolv_header { + int id; + int qr,opcode,aa,tc,rd,ra,rcode; + int qdcount; + int ancount; + int nscount; + int arcount; +}; + +struct resolv_question { + char * dotted; + int qtype; + int qclass; +}; + +struct resolv_answer { + char * dotted; + int atype; + int aclass; + int ttl; + int rdlength; + unsigned char * rdata; + int rdoffset; +}; + +enum etc_hosts_action { + GET_HOSTS_BYNAME = 0, + GETHOSTENT, + GET_HOSTS_BYADDR, +}; + +static int __encode_header(struct resolv_header *h, unsigned char *dest, int maxlen) +{ + if (maxlen < HFIXEDSZ) + return -1; + + dest[0] = (h->id & 0xff00) >> 8; + dest[1] = (h->id & 0x00ff) >> 0; + dest[2] = (h->qr ? 0x80 : 0) | + ((h->opcode & 0x0f) << 3) | + (h->aa ? 0x04 : 0) | + (h->tc ? 0x02 : 0) | + (h->rd ? 0x01 : 0); + dest[3] = (h->ra ? 0x80 : 0) | (h->rcode & 0x0f); + dest[4] = (h->qdcount & 0xff00) >> 8; + dest[5] = (h->qdcount & 0x00ff) >> 0; + dest[6] = (h->ancount & 0xff00) >> 8; + dest[7] = (h->ancount & 0x00ff) >> 0; + dest[8] = (h->nscount & 0xff00) >> 8; + dest[9] = (h->nscount & 0x00ff) >> 0; + dest[10] = (h->arcount & 0xff00) >> 8; + dest[11] = (h->arcount & 0x00ff) >> 0; + + return HFIXEDSZ; +} + +static int __decode_header(unsigned char *data, struct resolv_header *h) +{ + h->id = (data[0] << 8) | data[1]; + h->qr = (data[2] & 0x80) ? 1 : 0; + h->opcode = (data[2] >> 3) & 0x0f; + h->aa = (data[2] & 0x04) ? 1 : 0; + h->tc = (data[2] & 0x02) ? 1 : 0; + h->rd = (data[2] & 0x01) ? 1 : 0; + h->ra = (data[3] & 0x80) ? 1 : 0; + h->rcode = data[3] & 0x0f; + h->qdcount = (data[4] << 8) | data[5]; + h->ancount = (data[6] << 8) | data[7]; + h->nscount = (data[8] << 8) | data[9]; + h->arcount = (data[10] << 8) | data[11]; + + return HFIXEDSZ; +} + +static int __length_dotted(const unsigned char *data, int offset) +{ + int orig_offset = offset; + int l; + + if (!data) + return -1; + + while ((l = data[offset++])) { + + if ((l & 0xc0) == (0xc0)) { + offset++; + break; + } + + offset += l; + } + + return offset - orig_offset; +} + +static int __length_question(unsigned char *message, int offset) +{ + int i; + + i = __length_dotted(message, offset); + if (i < 0) + return i; + + return i + 4; +} + +/* Decode a dotted string from nameserver transport-level encoding. + This routine understands compressed data. */ + +static int __decode_dotted(const unsigned char *data, int offset, + char *dest, int maxlen) +{ + int l; + int measure = 1; + int total = 0; + int used = 0; + + if (!data) + return -1; + + while ((l=data[offset++])) { + if (measure) + total++; + if ((l & 0xc0) == (0xc0)) { + if (measure) + total++; + /* compressed item, redirect */ + offset = ((l & 0x3f) << 8) | data[offset]; + measure = 0; + continue; + } + + if ((used + l + 1) >= maxlen) + return -1; + + memcpy(dest + used, data + offset, l); + offset += l; + used += l; + if (measure) + total += l; + + if (data[offset] != 0) + dest[used++] = '.'; + else + dest[used++] = '\0'; + } + + /* The null byte must be counted too */ + if (measure) { + total++; + } + + DPRINTF("Total decode len = %d\n", total); + + return total; +} + +static int __decode_answer(unsigned char *message, int offset, + struct resolv_answer *a) +{ + char temp[256]; + int i; + + i = __decode_dotted(message, offset, temp, sizeof(temp)); + if (i < 0) + return i; + + message += offset + i; + + a->dotted = strdup(temp); + a->atype = (message[0] << 8) | message[1]; + message += 2; + a->aclass = (message[0] << 8) | message[1]; + message += 2; + a->ttl = (message[0] << 24) | + (message[1] << 16) | (message[2] << 8) | (message[3] << 0); + message += 4; + a->rdlength = (message[0] << 8) | message[1]; + message += 2; + a->rdata = message; + a->rdoffset = offset + i + RRFIXEDSZ; + + DPRINTF("i=%d,rdlength=%d\n", i, a->rdlength); + + return i + RRFIXEDSZ + a->rdlength; +} + + +/* Encode a dotted string into nameserver transport-level encoding. + This routine is fairly dumb, and doesn't attempt to compress + the data */ + +static int __encode_dotted(const char *dotted, unsigned char *dest, int maxlen) +{ + unsigned int used = 0; + + while (dotted && *dotted) { + char *c = strchr(dotted, '.'); + unsigned int l = c ? (unsigned int)(c - dotted) : strlen(dotted); + + if (l >= ((unsigned int)maxlen - used - 1)) + return -1; + + dest[used++] = l; + memcpy(dest + used, dotted, l); + used += l; + + if (c) + dotted = c + 1; + else + break; + } + + if (maxlen < 1) + return -1; + + dest[used++] = 0; + + return used; +} + +static int __encode_question(struct resolv_question *q, + unsigned char *dest, int maxlen) +{ + int i; + + i = __encode_dotted(q->dotted, dest, maxlen); + if (i < 0) + return i; + + dest += i; + maxlen -= i; + + if (maxlen < 4) + return -1; + + dest[0] = (q->qtype & 0xff00) >> 8; + dest[1] = (q->qtype & 0x00ff) >> 0; + dest[2] = (q->qclass & 0xff00) >> 8; + dest[3] = (q->qclass & 0x00ff) >> 0; + + return i + 4; +} + + +/* Just for the record, having to lock __dns_lookup() just for these two globals + * is pretty lame. I think these two variables can probably be de-global-ized, + * which should eliminate the need for doing locking here... Needs a closer + * look anyways. */ +static int ns=0, id=1; + +static int __dns_lookup(const char *name, int type, int nscount, char **nsip, + unsigned char **outpacket, struct resolv_answer *a) +{ + int i, j, len, fd, pos, rc; + struct timeval tv; + fd_set fds; + struct resolv_header h; + struct resolv_question q; + int retries = 0; + unsigned char * packet = malloc(PACKETSZ); + char *dns, *lookup = malloc(MAXDNAME); + int variant = 0; + struct sockaddr_in sa; +#ifdef __UCLIBC_HAS_IPV6__ + int v6; + struct sockaddr_in6 sa6; +#endif + + fd = -1; + + if (!packet || !lookup || !nscount) + goto fail; + + DPRINTF("Looking up type %d answer for '%s'\n", type, name); + + SH_MUTEX_LOCK_UNSAFE(resolv_lock); + ns %= nscount; + SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); + + while (retries++ < MAX_RETRIES) { + if (fd != -1) + close(fd); + + memset(packet, 0, PACKETSZ); + + memset(&h, 0, sizeof(h)); + + /* Mess with globals while under lock */ + SH_MUTEX_LOCK_UNSAFE(resolv_lock); + ++id; + id &= 0xffff; + h.id = id; + dns = nsip[ns]; + SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); + + h.qdcount = 1; + h.rd = 1; + + DPRINTF("encoding header\n", h.rd); + + i = __encode_header(&h, packet, PACKETSZ); + if (i < 0) + goto fail; + + sl_strlcpy(lookup,name,MAXDNAME); + SH_MUTEX_LOCK_UNSAFE(resolv_lock); + if (variant < __searchdomains && strchr(lookup, '.') == NULL) + { + sl_strlcat(lookup,".", MAXDNAME); + sl_strlcat(lookup,__searchdomain[variant], MAXDNAME); + } + SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); + DPRINTF("lookup name: %s\n", lookup); + q.dotted = (char *)lookup; + q.qtype = type; + q.qclass = C_IN; /* CLASS_IN */ + + j = __encode_question(&q, packet+i, PACKETSZ-i); + if (j < 0) + goto fail; + + len = i + j; + + DPRINTF("On try %d, sending query to port %d of machine %s\n", + retries, NAMESERVER_PORT, dns); + +#ifdef __UCLIBC_HAS_IPV6__ + v6 = inet_pton(AF_INET6, dns, &sa6.sin6_addr) > 0; + fd = socket(v6 ? AF_INET6 : AF_INET, SOCK_DGRAM, IPPROTO_UDP); +#else + fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); +#endif + if (fd < 0) { + continue; + } + + /* Connect to the UDP socket so that asyncronous errors are returned */ +#ifdef __UCLIBC_HAS_IPV6__ + if (v6) { + sa6.sin6_family = AF_INET6; + sa6.sin6_port = htons(NAMESERVER_PORT); + /* sa6.sin6_addr is already here */ + rc = connect(fd, (struct sockaddr *) &sa6, sizeof(sa6)); + } else { +#endif + sa.sin_family = AF_INET; + sa.sin_port = htons(NAMESERVER_PORT); + sa.sin_addr.s_addr = inet_addr(dns); + rc = connect(fd, (struct sockaddr *) &sa, sizeof(sa)); +#ifdef __UCLIBC_HAS_IPV6__ + } +#endif + if (rc < 0) { + if (errno == ENETUNREACH) { + /* routing error, presume not transient */ + goto tryall; + } else + /* retry */ + continue; + } + + DPRINTF("Transmitting packet of length %d, id=%d, qr=%d\n", + len, h.id, h.qr); + + send(fd, packet, len, 0); + + FD_ZERO(&fds); + FD_SET(fd, &fds); + tv.tv_sec = REPLY_TIMEOUT; + tv.tv_usec = 0; + if (select(fd + 1, &fds, NULL, NULL, &tv) <= 0) { + DPRINTF("Timeout\n"); + + /* timed out, so retry send and receive, + * to next nameserver on queue */ + goto again; + } + + i = recv(fd, packet, 512, 0); + if (i < HFIXEDSZ) { + /* too short ! */ + goto again; + } + + __decode_header(packet, &h); + + DPRINTF("id = %d, qr = %d\n", h.id, h.qr); + + SH_MUTEX_LOCK_UNSAFE(resolv_lock); + if ((h.id != id) || (!h.qr)) { + SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); + /* unsolicited */ + goto again; + } + SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); + + + DPRINTF("Got response %s\n", "(i think)!"); + DPRINTF("qrcount=%d,ancount=%d,nscount=%d,arcount=%d\n", + h.qdcount, h.ancount, h.nscount, h.arcount); + DPRINTF("opcode=%d,aa=%d,tc=%d,rd=%d,ra=%d,rcode=%d\n", + h.opcode, h.aa, h.tc, h.rd, h.ra, h.rcode); + + if ((h.rcode) || (h.ancount < 1)) { + /* negative result, not present */ + goto again; + } + + pos = HFIXEDSZ; + + for (j = 0; j < h.qdcount; j++) { + DPRINTF("Skipping question %d at %d\n", j, pos); + i = __length_question(packet, pos); + DPRINTF("Length of question %d is %d\n", j, i); + if (i < 0) + goto again; + pos += i; + } + DPRINTF("Decoding answer at pos %d\n", pos); + + for (j=0;jatype != T_SIG) + break; + + DPRINTF("skipping T_SIG %d\n", i); + free(a->dotted); + pos += i; + } + + DPRINTF("Answer name = |%s|\n", a->dotted); + DPRINTF("Answer type = |%d|\n", a->atype); + + close(fd); + + if (outpacket) + *outpacket = packet; + else + free(packet); + free(lookup); + return (0); /* success! */ + + tryall: + /* if there are other nameservers, give them a go, + otherwise return with error */ + { + int sdomains; + + SH_MUTEX_LOCK_UNSAFE(resolv_lock); + sdomains=__searchdomains; + SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); + variant = 0; + if (retries >= nscount*(sdomains+1)) + goto fail; + } + + again: + /* if there are searchdomains, try them or fallback as passed */ + { + int sdomains; + SH_MUTEX_LOCK_UNSAFE(resolv_lock); + sdomains=__searchdomains; + SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); + + if (variant < sdomains) { + /* next search */ + variant++; + } else { + /* next server, first search */ + SH_MUTEX_LOCK_UNSAFE(resolv_lock); + ns = (ns + 1) % nscount; + SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); + variant = 0; + } + } + } + +fail: + if (fd != -1) + close(fd); + if (lookup) + free(lookup); + if (packet) + free(packet); + return -1; +} + +static void __open_etc_hosts(FILE **fp) +{ + if ((*fp = fopen("/etc/hosts", "r")) == NULL) { + *fp = fopen("/etc/config/hosts", "r"); + } + return; +} + +static int __read_etc_hosts_r(FILE * fp, const char * name, int type, + enum etc_hosts_action action, + struct hostent * result_buf, + char * buf, size_t buflen, + struct hostent ** result, + int * h_errnop) +{ + struct in_addr *in=NULL; + struct in_addr **addr_list=NULL; +#ifdef __UCLIBC_HAS_IPV6__ + struct in6_addr *in6=NULL; + struct in6_addr **addr_list6=NULL; +#endif /* __UCLIBC_HAS_IPV6__ */ + char *cp; + char **alias; + int aliases, i; + int ret=HOST_NOT_FOUND; + + if (buflen < sizeof(char *)*(ALIAS_DIM)) + return ERANGE; + alias=(char **)buf; + buf+=sizeof(char **)*(ALIAS_DIM); + buflen-=sizeof(char **)*(ALIAS_DIM); + + if (action!=GETHOSTENT) { +#ifdef __UCLIBC_HAS_IPV6__ + char *p=buf; + size_t len=buflen; +#endif /* __UCLIBC_HAS_IPV6__ */ + *h_errnop=NETDB_INTERNAL; + if (buflen < sizeof(*in)) + return ERANGE; + in=(struct in_addr*)buf; + buf+=sizeof(*in); + buflen-=sizeof(*in); + + if (buflen < sizeof(*addr_list)*2) + return ERANGE; + addr_list=(struct in_addr **)buf; + buf+=sizeof(*addr_list)*2; + buflen-=sizeof(*addr_list)*2; + +#ifdef __UCLIBC_HAS_IPV6__ + if (len < sizeof(*in6)) + return ERANGE; + in6=(struct in6_addr*)p; + p+=sizeof(*in6); + len-=sizeof(*in6); + + if (len < sizeof(*addr_list6)*2) + return ERANGE; + addr_list6=(struct in6_addr**)p; + p+=sizeof(*addr_list6)*2; + len-=sizeof(*addr_list6)*2; + + if (len < buflen) { + buflen=len; + buf=p; + } +#endif /* __UCLIBC_HAS_IPV6__ */ + + if (buflen < 80) + return ERANGE; + + __open_etc_hosts(&fp); + if (fp == NULL) { + result=NULL; + return errno; + } + } + + *h_errnop=HOST_NOT_FOUND; + while (fgets(buf, buflen, fp)) { + if ((cp = strchr(buf, '#'))) + *cp = '\0'; + DPRINTF("Looking at: %s\n", buf); + aliases = 0; + + cp = buf; + while (*cp) { + while (*cp && isspace(*cp)) + *cp++ = '\0'; + if (!*cp) + continue; + if (aliases < (2+MAX_ALIASES)) + alias[aliases++] = cp; + while (*cp && !isspace(*cp)) + cp++; + } + alias[aliases] = 0; + + if (aliases < 2) + continue; /* syntax error really */ + + if (action==GETHOSTENT) { + /* Return whatever the next entry happens to be. */ + break; + } else if (action==GET_HOSTS_BYADDR) { + if (strcmp(name, alias[0]) != 0) + continue; + } else { + /* GET_HOSTS_BYNAME */ + for (i = 1; i < aliases; i++) + if (strcasecmp(name, alias[i]) == 0) + break; + if (i >= aliases) + continue; + } + + if (type == AF_INET && inet_pton(AF_INET, alias[0], in) > 0) { + DPRINTF("Found INET\n"); + addr_list[0] = in; + addr_list[1] = 0; + result_buf->h_name = alias[1]; + result_buf->h_addrtype = AF_INET; + result_buf->h_length = sizeof(*in); + result_buf->h_addr_list = (char**) addr_list; + result_buf->h_aliases = alias + 2; + *result=result_buf; + ret=NETDB_SUCCESS; +#ifdef __UCLIBC_HAS_IPV6__ + } else if (type == AF_INET6 && inet_pton(AF_INET6, alias[0], in6) > 0) { + DPRINTF("Found INET6\n"); + addr_list6[0] = in6; + addr_list6[1] = 0; + result_buf->h_name = alias[1]; + result_buf->h_addrtype = AF_INET6; + result_buf->h_length = sizeof(*in6); + result_buf->h_addr_list = (char**) addr_list6; + result_buf->h_aliases = alias + 2; + *result=result_buf; + ret=NETDB_SUCCESS; +#endif /* __UCLIBC_HAS_IPV6__ */ + } else { + DPRINTF("Error\n"); + ret=TRY_AGAIN; + break; /* bad ip address */ + } + + if (action!=GETHOSTENT) { + fclose(fp); + } + return ret; + } + if (action!=GETHOSTENT) { + fclose(fp); + } + return ret; +} + +/* + * we currently read formats not quite the same as that on normal + * unix systems, we can have a list of nameservers after the keyword. + */ +int __get_hosts_byname_r(const char * name, int type, + struct hostent * result_buf, + char * buf, size_t buflen, + struct hostent ** result, + int * h_errnop) +{ + return(__read_etc_hosts_r(NULL, name, type, GET_HOSTS_BYNAME, result_buf, buf, buflen, result, h_errnop)); +} + +static int __open_nameservers(void) +{ + FILE *fp; + int i; +#define RESOLV_ARGS 5 + char szBuffer[128], *p, *argv[RESOLV_ARGS]; + int argc; + + SH_MUTEX_LOCK(resolv_lock); + if (__nameservers > 0) { + goto the_end; + } + + if ((fp = fopen("/etc/resolv.conf", "r")) || + (fp = fopen("/etc/config/resolv.conf", "r"))) { + + while (fgets(szBuffer, sizeof(szBuffer), fp) != NULL) { + + for (p = szBuffer; *p && isspace(*p); p++) + /* skip white space */; + if (*p == '\0' || *p == '\n' || *p == '#') /* skip comments etc */ + continue; + argc = 0; + while (*p && argc < RESOLV_ARGS) { + argv[argc++] = p; + while (*p && !isspace(*p) && *p != '\n') + p++; + while (*p && (isspace(*p) || *p == '\n')) /* remove spaces */ + *p++ = '\0'; + } + + if (strcmp(argv[0], "nameserver") == 0) { + for (i = 1; i < argc && __nameservers < MAX_SERVERS; i++) { + __nameserver[__nameservers++] = strdup(argv[i]); + DPRINTF("adding nameserver %s\n", argv[i]); + } + } + + /* domain and search are mutually exclusive, the last one wins */ + if (strcmp(argv[0],"domain")==0 || strcmp(argv[0],"search")==0) { + while (__searchdomains > 0) { + free(__searchdomain[--__searchdomains]); + __searchdomain[__searchdomains] = NULL; + } + for (i=1; i < argc && __searchdomains < MAX_SEARCH; i++) { + __searchdomain[__searchdomains++] = strdup(argv[i]); + DPRINTF("adding search %s\n", argv[i]); + } + } + } + fclose(fp); + } else { + DPRINTF("failed to open %s\n", "resolv.conf"); + } + DPRINTF("nameservers = %d\n", __nameservers); + the_end: + ; /* 'label at end of compound statement' */ + SH_MUTEX_UNLOCK(resolv_lock); + return 0; +} + +static int sh_gethostbyname_r(const char * name, + struct hostent * result_buf, + char * buf, size_t buflen, + struct hostent ** result, + int * h_errnop) +{ + struct in_addr *in; + struct in_addr **addr_list; + unsigned char *packet; + struct resolv_answer a; + int i; + int nest = 0; + int __nameserversXX; + char ** __nameserverXX; + + __open_nameservers(); + + *result=NULL; + if (!name) + return EINVAL; + + /* do /etc/hosts first */ + if ((i=__get_hosts_byname_r(name, AF_INET, result_buf, + buf, buflen, result, h_errnop))==0) + return i; + switch (*h_errnop) { + case HOST_NOT_FOUND: + case NO_ADDRESS: + break; + case NETDB_INTERNAL: + if (errno == ENOENT) { + break; + } + /* else fall through */ + default: + return i; + } + + DPRINTF("Nothing found in /etc/hosts\n"); + + *h_errnop = NETDB_INTERNAL; + if (buflen < sizeof(*in)) + return ERANGE; + in=(struct in_addr*)buf; + buf+=sizeof(*in); + buflen-=sizeof(*in); + + if (buflen < sizeof(*addr_list)*2) + return ERANGE; + addr_list=(struct in_addr**)buf; + buf+=sizeof(*addr_list)*2; + buflen-=sizeof(*addr_list)*2; + + addr_list[0] = in; + addr_list[1] = 0; + + if (buflen<256) + return ERANGE; + strncpy(buf, name, buflen); + + /* First check if this is already an address */ + if (inet_aton(name, in)) { + result_buf->h_name = buf; + result_buf->h_addrtype = AF_INET; + result_buf->h_length = sizeof(*in); + result_buf->h_addr_list = (char **) addr_list; + *result=result_buf; + *h_errnop = NETDB_SUCCESS; + return NETDB_SUCCESS; + } + + for (;;) { + + SH_MUTEX_LOCK_UNSAFE(resolv_lock); + __nameserversXX=__nameservers; + __nameserverXX=__nameserver; + SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); + i = __dns_lookup(buf, T_A, __nameserversXX, __nameserverXX, &packet, &a); + + if (i < 0) { + *h_errnop = HOST_NOT_FOUND; + DPRINTF("__dns_lookup\n"); + return TRY_AGAIN; + } + + strncpy(buf, a.dotted, buflen); + free(a.dotted); + + if (a.atype == T_CNAME) { /* CNAME */ + DPRINTF("Got a CNAME in gethostbyname()\n"); + i = __decode_dotted(packet, a.rdoffset, buf, buflen); + free(packet); + + if (i < 0) { + *h_errnop = NO_RECOVERY; + DPRINTF("__decode_dotted\n"); + return -1; + } + if (++nest > MAX_RECURSE) { + *h_errnop = NO_RECOVERY; + DPRINTF("recursion\n"); + return -1; + } + continue; + } else if (a.atype == T_A) { /* ADDRESS */ + memcpy(in, a.rdata, sizeof(*in)); + result_buf->h_name = buf; + result_buf->h_addrtype = AF_INET; + result_buf->h_length = sizeof(*in); + result_buf->h_addr_list = (char **) addr_list; + free(packet); + break; + } else { + free(packet); + *h_errnop=HOST_NOT_FOUND; + return TRY_AGAIN; + } + } + + *result=result_buf; + *h_errnop = NETDB_SUCCESS; + return NETDB_SUCCESS; +} + +struct hostent * sh_gethostbyname(const char *name) +{ + static struct hostent h; + static char buf[sizeof(struct in_addr) + + sizeof(struct in_addr *)*2 + + sizeof(char *)*(ALIAS_DIM) + 256/*namebuffer*/ + 32/* margin */]; + struct hostent *hp; + + sh_gethostbyname_r(name, &h, buf, sizeof(buf), &hp, &h_errno); + + return hp; +} + +static int __get_hosts_byaddr_r(const char * addr, int len, int type, + struct hostent * result_buf, + char * buf, size_t buflen, + struct hostent ** result, + int * h_errnop) +{ +#ifndef __UCLIBC_HAS_IPV6__ + char ipaddr[INET_ADDRSTRLEN]; +#else + char ipaddr[INET6_ADDRSTRLEN]; +#endif /* __UCLIBC_HAS_IPV6__ */ + + switch (type) { + case AF_INET: + if (len != sizeof(struct in_addr)) + return 0; + break; +#ifdef __UCLIBC_HAS_IPV6__ + case AF_INET6: + if (len != sizeof(struct in6_addr)) + return 0; + break; +#endif /* __UCLIBC_HAS_IPV6__ */ + default: + return 0; + } + + inet_ntop(type, addr, ipaddr, sizeof(ipaddr)); + + return(__read_etc_hosts_r(NULL, ipaddr, type, GET_HOSTS_BYADDR, + result_buf, buf, buflen, result, h_errnop)); +} + +static int sh_gethostbyaddr_r (const void *addr, socklen_t len, int type, + struct hostent * result_buf, + char * buf, size_t buflen, + struct hostent ** result, + int * h_errnop) + +{ + struct in_addr *in; + struct in_addr **addr_list; +#ifdef __UCLIBC_HAS_IPV6__ + char *qp; + size_t plen; + struct in6_addr *in6; + struct in6_addr **addr_list6; +#endif /* __UCLIBC_HAS_IPV6__ */ + unsigned char *packet; + struct resolv_answer a; + int i; + int nest = 0; + int __nameserversXX; + char ** __nameserverXX; + + *result=NULL; + if (!addr) + return EINVAL; + + switch (type) { + case AF_INET: + if (len != sizeof(struct in_addr)) + return EINVAL; + break; +#ifdef __UCLIBC_HAS_IPV6__ + case AF_INET6: + if (len != sizeof(struct in6_addr)) + return EINVAL; + break; +#endif /* __UCLIBC_HAS_IPV6__ */ + default: + return EINVAL; + } + + /* do /etc/hosts first */ + if ((i=__get_hosts_byaddr_r(addr, len, type, result_buf, + buf, buflen, result, h_errnop))==0) + return i; + switch (*h_errnop) { + case HOST_NOT_FOUND: + case NO_ADDRESS: + break; + default: + return i; + } + + __open_nameservers(); + +#ifdef __UCLIBC_HAS_IPV6__ + qp=buf; + plen=buflen; +#endif /* __UCLIBC_HAS_IPV6__ */ + + *h_errnop = NETDB_INTERNAL; + if (buflen < sizeof(*in)) + return ERANGE; + in=(struct in_addr*)buf; + buf+=sizeof(*in); + buflen-=sizeof(*in); + + if (buflen < sizeof(*addr_list)*2) + return ERANGE; + addr_list=(struct in_addr**)buf; + buf+=sizeof(*addr_list)*2; + buflen-=sizeof(*addr_list)*2; + +#ifdef __UCLIBC_HAS_IPV6__ + if (plen < sizeof(*in6)) + return ERANGE; + in6=(struct in6_addr*)qp; + qp+=sizeof(*in6); + plen-=sizeof(*in6); + + if (plen < sizeof(*addr_list6)*2) + return ERANGE; + addr_list6=(struct in6_addr**)qp; + qp+=sizeof(*addr_list6)*2; + plen-=sizeof(*addr_list6)*2; + + if (plen < buflen) { + buflen=plen; + buf=qp; + } +#endif /* __UCLIBC_HAS_IPV6__ */ + + if (buflen<256) + return ERANGE; + + if(type == AF_INET) { + const unsigned char *tmp_addr = (const unsigned char *)addr; + + memcpy(&in->s_addr, addr, len); + + addr_list[0] = in; + + sprintf(buf, "%u.%u.%u.%u.in-addr.arpa", + tmp_addr[3], tmp_addr[2], tmp_addr[1], tmp_addr[0]); +#ifdef __UCLIBC_HAS_IPV6__ + } else { + memcpy(in6->s6_addr, addr, len); + + addr_list6[0] = in6; + qp = buf; + + for (i = len - 1; i >= 0; i--) { + qp += sprintf(qp, "%x.%x.", in6->s6_addr[i] & 0xf, + (in6->s6_addr[i] >> 4) & 0xf); + } + strcpy(qp, "ip6.int"); +#endif /* __UCLIBC_HAS_IPV6__ */ + } + + addr_list[1] = 0; + + for (;;) { + + SH_MUTEX_LOCK_UNSAFE(resolv_lock); + __nameserversXX=__nameservers; + __nameserverXX=__nameserver; + SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); + i = __dns_lookup(buf, T_PTR, __nameserversXX, __nameserverXX, &packet, &a); + + if (i < 0) { + *h_errnop = HOST_NOT_FOUND; + return TRY_AGAIN; + } + + strncpy(buf, a.dotted, buflen); + free(a.dotted); + + if (a.atype == T_CNAME) { /* CNAME */ + DPRINTF("Got a CNAME in gethostbyaddr()\n"); + i = __decode_dotted(packet, a.rdoffset, buf, buflen); + free(packet); + + if (i < 0) { + *h_errnop = NO_RECOVERY; + return -1; + } + if (++nest > MAX_RECURSE) { + *h_errnop = NO_RECOVERY; + return -1; + } + continue; + } else if (a.atype == T_PTR) { /* ADDRESS */ + i = __decode_dotted(packet, a.rdoffset, buf, buflen); + free(packet); + + result_buf->h_name = buf; + result_buf->h_addrtype = type; + + if(type == AF_INET) { + result_buf->h_length = sizeof(*in); +#ifdef __UCLIBC_HAS_IPV6__ + } else { + result_buf->h_length = sizeof(*in6); +#endif /* __UCLIBC_HAS_IPV6__ */ + } + + result_buf->h_addr_list = (char **) addr_list; + break; + } else { + free(packet); + *h_errnop = NO_ADDRESS; + return TRY_AGAIN; + } + } + + *result=result_buf; + *h_errnop = NETDB_SUCCESS; + return NETDB_SUCCESS; +} + +struct hostent * sh_gethostbyaddr (const void *addr, socklen_t len, int type) +{ + static struct hostent h; + static char buf[ +#ifndef __UCLIBC_HAS_IPV6__ + sizeof(struct in_addr) + sizeof(struct in_addr *)*2 + +#else + sizeof(struct in6_addr) + sizeof(struct in6_addr *)*2 + +#endif /* __UCLIBC_HAS_IPV6__ */ + sizeof(char *)*(ALIAS_DIM) + 256/*namebuffer*/ + 32/* margin */]; + struct hostent *hp; + + sh_gethostbyaddr_r(addr, len, type, &h, buf, sizeof(buf), &hp, &h_errno); + + return hp; +} + +/* NEED_STATIC_LIBS */ +#else + +/* include something to avoid empty compilation unit */ +#include + +#endif + Index: /tags/2.5.0/src/sh_string.c =================================================================== --- /tags/2.5.0/src/sh_string.c (revision 189) +++ /tags/2.5.0/src/sh_string.c (revision 189) @@ -0,0 +1,939 @@ + +#include "config_xor.h" + +#include +#include +#include + +#include "sh_string.h" +#include "sh_mem.h" + +#undef FIL__ +#define FIL__ _("sh_string.c") + +extern int sl_ok_adds (size_t a, size_t b); +#define SL_TRUE 1 +#define SL_FALSE 0 + +#include +/* Split array at delim in at most nfields fields. + * Empty fields are returned as empty (zero-length) strings. + * Leading and trailing WS are removed from token. + * The number of fields is returned in 'nfields', their + * lengths in 'lengths'. + * A single delimiter will return two empty fields. + */ +char ** split_array(char *line, unsigned int * nfields, + char delim, size_t * lengths) +{ + char *a, *e, *s; + unsigned int i = 0; + int flag = 0; + char **arr; + unsigned int maxfields = (*nfields); + + arr = SH_ALLOC((maxfields+1) * sizeof (char*)); + + e = line; + + do + { + /* skip leading WS + */ + for (s=e; *s && isspace((int)*s); ++s) /* nothing */; + + if (*s) + { + a = s; + + /* move a to next delim + */ + for (a=s; *a && *a != delim; ++a) /* nothing */; + + /* set e to next after delim + */ + if (*a == delim) + { + e = a+1; + flag = 1; + } + else /* (!*a) */ + { + e = a; + flag = 0; + } + + if (a != line) + { + if (i < (maxfields -1)) + { + + /* chop off trailing WS + */ + for (a--; isspace((int)*a) && a > s; a--) /* do nothing */; + + /* terminate string + */ + ++a; *a = '\0'; + } + else + { + /* If nfields < actual fields, last string + * will be remainder, therefore skip to end. + */ + if ( *a ) + { + do { + a++; + } while ( *a ); + } + } + } + else + { + *a = '\0'; + } + } + else /* (!*s) */ + { + a = s; + /* (i == 0) handles the special case of splitting the empty string */ + if (flag || i == 0) + { + flag = 0; + goto setnext; + } + break; + } + + setnext: + lengths[i] = (size_t) (a-s); /* a >= s always */ + arr[i] = s; + ++i; + + } while (i < maxfields); + + *nfields = i; + arr[i] = NULL; + + return arr; +} + +/* Split array at whitespace in at most nfields fields. + * Multiple whitespaces are collapsed. + * Empty fields are returned as empty (zero-length) strings. + * The number of fields is returned in nfields. + * An empty string will return zero fields. + * If nfields < actual fields, last string will be remainder. + */ +char ** split_array_ws(char *line, unsigned int * nfields, size_t * lengths) +{ + char *a, *e, *s; + unsigned int i = 0; + char **arr; + unsigned int maxfields = (*nfields); + + arr = SH_ALLOC((maxfields+1) * sizeof (char*)); + + e = line; + + do + { + s = e; + + /* skip leading WS + */ + if ( *s && isspace((int)*s) ) + { + do { + ++s; + } while ( *s && isspace((int)*s) ); + } + + if (*s) + { + + /* s is at non-ws, move a to next ws + */ + a = s; + do { + a++; + } while ( *a && (!isspace((int)*a)) ); + + /* next token, *a is either ws or '\0' + */ + e = ( (*a) ? a+1 : a); + + /* terminate and set arr[i] + */ + if (i < (maxfields-1)) + { + *a = '\0'; + } + else + { + /* If nfields < actual fields, last + * string will be remainder. Therefore + * skip to end. + */ + if ( *a ) + { + do { + a++; + } while ( *a ); + } + } + lengths[i] = (size_t)(a-s); /* a >= s always */ + arr[i] = s; + ++i; + } + else /* if (!*s) */ + { + break; + } + + } while (i < maxfields); + + *nfields = i; + arr[i] = NULL; + + return arr; +} + + +#define SH_STRING_PARCEL 120 + +static +size_t sh_string_read_int(sh_string * s, FILE * fp, size_t maxlen, char *start); + +size_t sh_string_read(sh_string * s, FILE * fp, size_t maxlen) +{ + return sh_string_read_int(s, fp, maxlen, NULL); +} + +size_t sh_string_read_cont(sh_string * s, FILE * fp, size_t maxlen, char *cont) +{ + return sh_string_read_int(s, fp, maxlen, cont); +} + +size_t sh_string_read_int(sh_string * s, FILE * fp, size_t maxlen, char *start) +{ + + /* case 0) start != NULL and first char not in 'start' + */ + if (start) + { + int first = fgetc(fp); + + if (first == EOF) + { + sh_string_truncate(s, 0); + if (ferror(fp)) + return -1; + return 0; + } + + if (NULL == strchr(start, first)) + { + ungetc(first, fp); + return 0; + } + ungetc(first, fp); + } + + /* case 1) EOF or error + */ + if (fgets(s->str, s->siz, fp) == NULL) + { + sh_string_truncate(s, 0); + if (ferror(fp)) + return -1; + return 0; + } + + /* case 2) end of line reached. strlen should always be > 0 + * because of the '\n', but we check. + */ + s->len = strlen(s->str); + if (s->len > 0 && (s->str)[s->len-1] == '\n') + { + (s->str)[s->len-1] = '\0'; + --(s->len); + return (s->len + 1); + } + + /* case 3) incomplete string + */ + for (;;) { + + if (maxlen > 0 && (s->siz+SH_STRING_PARCEL) > maxlen) + { + if (s->siz < maxlen) + sh_string_grow(s, (maxlen-s->siz)); + else + return -2; + } + else + { + sh_string_grow(s, 0); + } + + if (fgets(&(s->str[s->len]), (s->siz - s->len), fp) == NULL) + { + if (ferror(fp)) + { + sh_string_truncate(s, 0); + return -1; + } + return s->len; + } + + s->len += strlen( &(s->str[s->len]) ); + if (s->len > 0 && s->str[s->len-1] == '\n') + { + (s->str)[s->len-1] = '\0'; + --(s->len); + return (s->len + 1); + } + } + + /* notreached */ +} + +sh_string * sh_string_cat_lchar(sh_string * s, const char * str, size_t len) +{ + if (sl_ok_adds(len, s->siz) == SL_TRUE) + { + if ((len + 1 + s->len) > s->siz) + { + sh_string_grow(s, ((len+1+s->len) - s->siz) ); + } + memcpy(&(s->str[s->len]), str, len); + s->len += len; + s->str[s->len] = '\0'; + return s; + } + + return NULL; +} + +sh_string * sh_string_set_from_char(sh_string * s, const char * str) +{ + size_t len = strlen(str); + + if ((len+1) > s->siz) + { + sh_string_grow(s, ((len+1) - s->siz) ); + } + memcpy(s->str, str, (len+1)); + s->len = len; + return s; +} + +sh_string * sh_string_add_from_char(sh_string * s, const char * str) +{ + size_t len = strlen(str); + size_t avail = (s->siz - s->len); + + if ((len+1) > avail) + { + (void) sh_string_grow(s, ((len+1) - avail) ); + } + memcpy(&(s->str[s->len]), str, (len+1)); + s->len += len; + return s; +} + +sh_string * sh_string_new_from_lchar(const char * str, size_t len) +{ + sh_string * s; + s = SH_ALLOC(sizeof(sh_string)); + s->str = SH_ALLOC(len+1); + memcpy(s->str, str, len); + s->str[len] = '\0'; + s->siz = len+1; + s->len = len; + return s; +} + +sh_string * sh_string_new_from_lchar3(const char * str1, size_t len1, + const char * str2, size_t len2, + const char * str3, size_t len3) +{ + sh_string * s; + size_t len = 0; + + if (sl_ok_adds(len1, len2) == SL_TRUE) + len = len1 + len2; + else + return NULL; + if (sl_ok_adds( len, len3) == SL_TRUE) + len = len + len3; + else + return NULL; + + s = SH_ALLOC(sizeof(sh_string)); + s->str = SH_ALLOC(len+1); + + memcpy(s->str, str1, len1); + memcpy(&s->str[len1], str2, len2); + memcpy(&s->str[len1+len2], str3, len3); + + s->str[len] = '\0'; + s->siz = len+1; + s->len = len; + return s; +} + +sh_string * sh_string_grow(sh_string * s, size_t increase) +{ + char * new; + + if (increase == 0) + increase = SH_STRING_PARCEL; + + if (s && sl_ok_adds(s->siz, increase) == SL_TRUE) + { + new = SH_ALLOC(s->siz + increase); + + if (s->str) + { + memcpy(new, s->str, s->len+1); + SH_FREE(s->str); + } + else + { + new[0] = '\0'; + } + s->str = new; + s->siz += increase; + return s; + } + return NULL; +} + +sh_string * sh_string_truncate(sh_string * s, size_t len) +{ + if (s) + { + if (s->str && (s->len > len) ) + { + s->len = len; + (s->str)[len] = '\0'; + } + return s; + } + return NULL; +} + +void sh_string_destroy(sh_string ** s) +{ + if (s) + { + if ((*s) && (*s)->str) + SH_FREE ((*s)->str); + SH_FREE(*s); + *s = NULL; + } + return; +} + +sh_string * sh_string_new(size_t size) +{ + sh_string * s; + s = SH_ALLOC (sizeof(sh_string)); + if (size == 0) + size = SH_STRING_PARCEL; + s->str = SH_ALLOC (size); + s->str[0] = '\0'; + s->siz = size; + s->len = 0; + return s; +} + +/* Replaces fields in s with 'replacement'. Fields are given + * in the ordered array ovector, comprising ovecnum pairs + * ovector[i], ovector[i+1] which list offset of first char + * of field, offset of first char after field (this is how + * the pcre library does it). + */ +sh_string * sh_string_replace(const sh_string * s, + const int * ovector, int ovecnum, + const char * replacement, size_t rlen) +{ + sh_string * r = NULL; + char * p; + long tlen; + size_t len; + int end = 0; + int start = 0; + size_t oldlen = 0; + size_t newlen = 0; + long diff; + int i, curr, last; + + + for (i = 0; i < ovecnum; ++i) + { + start = ovector[2*i]; /* offset of first char of substring */ + if (start >= end) + { + end = ovector[2*i+1]; /* offset of first char after substring end*/ + + if (end > start && (unsigned int)end <= (s->len + 1)) + { + oldlen += (end - start); + newlen += rlen; + } + else /* inconsistency detected */ + { + return NULL; + } + } + else /* overlap detected */ + { + return NULL; + } + } + + diff = newlen - oldlen; + + if ((diff > 0) && ((s->len + 1 + diff) > s->siz)) + { + r = sh_string_new_from_lchar(sh_string_str(s), + sh_string_len(s)); + r = sh_string_grow(r, diff); + } + else + { + r = sh_string_new_from_lchar(sh_string_str(s), + sh_string_len(s)); + } + + + curr = -1; + last = -1; + + for (i = 0; i < ovecnum; ++i) + { + if (ovector[2*i] >= 0) + { + curr = i; + break; + } + } + + if (r && ovecnum > 0 && ovector[curr] >= 0) + { + r->len = 0; r->str[0] = '\0'; p = r->str; + + /* First part, until start of first replacement + */ + memcpy(p, s->str, (size_t)ovector[curr]); p += ovector[curr]; + memcpy(p, replacement, rlen); p += rlen; + *p = '\0'; r->len += (ovector[curr] + rlen); + + last = curr + 1; + + for (i = 1; i < ovecnum; ++i) + { + if (ovector[2*i] < 0) + continue; + + curr = 2*i; + + /* From end of last replacement to start of this */ + tlen = (long)(ovector[curr] - ovector[last]); + if (tlen >= 0) + { + len = (size_t) tlen; + + if (tlen > 0) + { + memcpy(p, &(s->str[ovector[last]]), (size_t)len); + p += len; + } + + /* The replacement */ + memcpy(p, replacement, rlen); + p += rlen; + + /* null terminate */ + *p = '\0'; r->len += (len + rlen); + + last = curr + 1; + } + } + + /* Last part, after last replacement; includes terminating null + */ + if (last > 0) + { + /* If not, nothing has been replaced, and r is still a copy of s + */ + tlen = (long)((s->len + 1) - ovector[last]); + if (tlen > 0) + { + len = (size_t)tlen; + memcpy(p, &(s->str[ovector[2*i -1]]), (size_t)len); + p += len; *p = '\0'; r->len += (len - 1); + } + } + + } + + return r; +} + + +#ifdef SH_CUTEST +#include +#include "CuTest.h" + +void Test_string (CuTest *tc) { + int status, i, max = 120; + FILE * fp; + sh_string * s = NULL; + sh_string * t; + static char template[] = "/tmp/xtest.XXXXXX"; + char ** array; + char test[128]; + size_t lengths[16]; + unsigned int iarr; + int ovector[16]; + int ovecnum; + + s = sh_string_new(0); + CuAssertPtrNotNull(tc, s); + sh_string_destroy(&s); + CuAssertTrue(tc, s == NULL); + + s = sh_string_new(0); + CuAssertPtrNotNull(tc, s); + + status = mkstemp(template); + CuAssertTrue(tc, status >= 0); + + fp = fdopen(status, "r+"); + CuAssertPtrNotNull(tc, fp); + + for (i = 0; i < 80; ++i) { fputc ('a', fp); } fputc ('\n', fp); // 0 + for (i = 0; i < 118; ++i) { fputc ('a', fp); } fputc ('\n', fp); // 1 + for (i = 0; i < 119; ++i) { fputc ('a', fp); } fputc ('\n', fp); // 2 + for (i = 0; i < 120; ++i) { fputc ('a', fp); } fputc ('\n', fp); // 3 + for (i = 0; i < 121; ++i) { fputc ('a', fp); } fputc ('\n', fp); // 4 + for (i = 0; i < 238; ++i) { fputc ('a', fp); } fputc ('\n', fp); + for (i = 0; i < 239; ++i) { fputc ('a', fp); } fputc ('\n', fp); + for (i = 0; i < 240; ++i) { fputc ('a', fp); } fputc ('\n', fp); + for (i = 0; i < 241; ++i) { fputc ('a', fp); } fputc ('\n', fp); + + rewind(fp); + + for (i = 0; i < 9; ++i) + { + status = sh_string_read(s, fp, max); + + switch (i) { + case 0: + CuAssertTrue(tc, s->len == 80); + CuAssertTrue(tc, s->siz == 120); + CuAssertTrue(tc, status == 81); + break; + case 1: + CuAssertTrue(tc, s->len == 118); + CuAssertTrue(tc, s->siz == 120); + CuAssertTrue(tc, status == 119); + break; + case 2: + CuAssertTrue(tc, s->len == 119); + CuAssertTrue(tc, s->siz == 120); + CuAssertTrue(tc, status == -2); /* no terminating '\n', truncated */ + break; + case 3: + CuAssertTrue(tc, s->len == 120); + CuAssertTrue(tc, s->siz == 240); + CuAssertTrue(tc, status == 121); + break; + case 4: + CuAssertTrue(tc, s->len == 121); + CuAssertTrue(tc, s->siz == 240); + CuAssertTrue(tc, status == 122); + break; + case 5: + CuAssertTrue(tc, s->len == 238); + CuAssertTrue(tc, s->siz == 240); + CuAssertTrue(tc, status == 239); + break; + case 6: + CuAssertTrue(tc, s->len == 239); + CuAssertTrue(tc, s->siz == 240); + CuAssertTrue(tc, status == -2); /* no terminating '\n', truncated */ + break; + default: + CuAssertTrue(tc, s->len == 239); + CuAssertTrue(tc, s->siz == 240); + CuAssertTrue(tc, status == -2); + } + if (status == -2) /* read in rest of string */ + { max = 240; sh_string_read(s, fp, max); } + } + + rewind(fp); + + sh_string_truncate(s, 0); + CuAssertTrue(tc, s->len == 0); + + for (i = 0; i < 9; ++i) + { + status = sh_string_read(s, fp, 240); + if (status == -2) + sh_string_read(s, fp, 240); + else + { + for (status = 0; status < (int)s->len; ++status) + { + if (s->str[status] != 'a') + { + CuFail(tc, "unexpected character"); + } + } + } + } + + status = fclose(fp); + CuAssertTrue(tc, status == 0); + status = remove(template); + CuAssertTrue(tc, status == 0); + + iarr = 10; strcpy(test, "|a1|| a2| |a3 |a4|a5|"); + array = split_array(test, &iarr, '|', lengths); + CuAssertIntEquals(tc,9,(int)iarr); + CuAssertStrEquals(tc,"", array[0]); + CuAssertStrEquals(tc,"a1", array[1]); + CuAssertStrEquals(tc,"", array[2]); + CuAssertStrEquals(tc,"a2", array[3]); + CuAssertStrEquals(tc,"", array[4]); + CuAssertStrEquals(tc,"a3", array[5]); + CuAssertStrEquals(tc,"a4", array[6]); + CuAssertStrEquals(tc,"a5", array[7]); + CuAssertStrEquals(tc,"", array[8]); + + CuAssertIntEquals(tc, 0, (int)lengths[0]); + CuAssertIntEquals(tc, 2, (int)lengths[1]); + CuAssertIntEquals(tc, 0, (int)lengths[2]); + CuAssertIntEquals(tc, 2, (int)lengths[3]); + CuAssertIntEquals(tc, 0, (int)lengths[4]); + CuAssertIntEquals(tc, 2, (int)lengths[5]); + CuAssertIntEquals(tc, 2, (int)lengths[6]); + CuAssertIntEquals(tc, 2, (int)lengths[7]); + CuAssertIntEquals(tc, 0, (int)lengths[8]); + + iarr = 10; strcpy(test, "a1|| a2| |a3 |a4|a5|"); + array = split_array(test, &iarr, '|', lengths); + CuAssertIntEquals(tc,8,(int)iarr); + CuAssertStrEquals(tc,"a1", array[0]); + CuAssertStrEquals(tc,"", array[1]); + CuAssertStrEquals(tc,"a2", array[2]); + CuAssertStrEquals(tc,"", array[3]); + CuAssertStrEquals(tc,"a3", array[4]); + CuAssertStrEquals(tc,"a4", array[5]); + CuAssertStrEquals(tc,"a5", array[6]); + CuAssertStrEquals(tc,"", array[7]); + + CuAssertIntEquals(tc, 2, (int)lengths[0]); + CuAssertIntEquals(tc, 0, (int)lengths[1]); + CuAssertIntEquals(tc, 2, (int)lengths[2]); + CuAssertIntEquals(tc, 0, (int)lengths[3]); + CuAssertIntEquals(tc, 2, (int)lengths[4]); + CuAssertIntEquals(tc, 2, (int)lengths[5]); + CuAssertIntEquals(tc, 2, (int)lengths[6]); + CuAssertIntEquals(tc, 0, (int)lengths[7]); + + iarr = 10; strcpy(test, " a1|| a2 | |a3 |a4|a5"); + array = split_array(test, &iarr, '|', lengths); + CuAssertIntEquals(tc,7,(int)iarr); + CuAssertStrEquals(tc,"a1", array[0]); + CuAssertStrEquals(tc,"", array[1]); + CuAssertStrEquals(tc,"a2", array[2]); + CuAssertStrEquals(tc,"", array[3]); + CuAssertStrEquals(tc,"a3", array[4]); + CuAssertStrEquals(tc,"a4", array[5]); + CuAssertStrEquals(tc,"a5", array[6]); + + CuAssertIntEquals(tc, 2, (int)lengths[0]); + CuAssertIntEquals(tc, 0, (int)lengths[1]); + CuAssertIntEquals(tc, 2, (int)lengths[2]); + CuAssertIntEquals(tc, 0, (int)lengths[3]); + CuAssertIntEquals(tc, 2, (int)lengths[4]); + CuAssertIntEquals(tc, 2, (int)lengths[5]); + CuAssertIntEquals(tc, 2, (int)lengths[6]); + + iarr = 10; strcpy(test, "a1|| a2 | |a3 |a4|a5 "); + array = split_array(test, &iarr, '|', lengths); + CuAssertIntEquals(tc,7,(int)iarr); + CuAssertStrEquals(tc,"a1", array[0]); + CuAssertStrEquals(tc,"", array[1]); + CuAssertStrEquals(tc,"a2", array[2]); + CuAssertStrEquals(tc,"", array[3]); + CuAssertStrEquals(tc,"a3", array[4]); + CuAssertStrEquals(tc,"a4", array[5]); + CuAssertStrEquals(tc,"a5", array[6]); + + CuAssertIntEquals(tc, 2, (int)lengths[0]); + CuAssertIntEquals(tc, 0, (int)lengths[1]); + CuAssertIntEquals(tc, 2, (int)lengths[2]); + CuAssertIntEquals(tc, 0, (int)lengths[3]); + CuAssertIntEquals(tc, 2, (int)lengths[4]); + CuAssertIntEquals(tc, 2, (int)lengths[5]); + CuAssertIntEquals(tc, 2, (int)lengths[6]); + + iarr = 10; strcpy(test, "|"); + array = split_array(test, &iarr, '|', lengths); + CuAssertIntEquals(tc,2,(int)iarr); + CuAssertStrEquals(tc,"", array[0]); + CuAssertStrEquals(tc,"", array[1]); + + CuAssertIntEquals(tc, 0, (int)lengths[0]); + CuAssertIntEquals(tc, 0, (int)lengths[1]); + + iarr = 10; strcpy(test, "|||"); + array = split_array(test, &iarr, '|', lengths); + CuAssertIntEquals(tc,4,(int)iarr); + CuAssertStrEquals(tc,"", array[0]); + CuAssertStrEquals(tc,"", array[1]); + CuAssertStrEquals(tc,"", array[2]); + CuAssertStrEquals(tc,"", array[3]); + + CuAssertIntEquals(tc, 0, (int)lengths[0]); + CuAssertIntEquals(tc, 0, (int)lengths[1]); + CuAssertIntEquals(tc, 0, (int)lengths[2]); + CuAssertIntEquals(tc, 0, (int)lengths[3]); + + iarr = 10; strcpy(test, " a1 "); + array = split_array(test, &iarr, '|', lengths); + CuAssertIntEquals(tc,1,(int)iarr); + CuAssertStrEquals(tc,"a1", array[0]); + + CuAssertIntEquals(tc, 2, (int)lengths[0]); + + iarr = 10; strcpy(test, ""); + array = split_array(test, &iarr, '|', lengths); + CuAssertIntEquals(tc,1,(int)iarr); + CuAssertStrEquals(tc,"", array[0]); + + CuAssertIntEquals(tc, 0, (int)lengths[0]); + + /* WS separated */ + + iarr = 10; strcpy(test, "a1"); + array = split_array_ws (test, &iarr, lengths); + CuAssertIntEquals(tc,1,(int)iarr); + CuAssertStrEquals(tc,"a1", array[0]); + + CuAssertIntEquals(tc, 2, (int)lengths[0]); + + iarr = 10; strcpy(test, " a1"); + array = split_array_ws (test, &iarr, lengths); + CuAssertIntEquals(tc,1,(int)iarr); + CuAssertStrEquals(tc,"a1", array[0]); + + CuAssertIntEquals(tc, 2, (int)lengths[0]); + + iarr = 10; strcpy(test, " a1 "); + array = split_array_ws (test, &iarr, lengths); + CuAssertIntEquals(tc,1,(int)iarr); + CuAssertStrEquals(tc,"a1", array[0]); + + CuAssertIntEquals(tc, 2, (int)lengths[0]); + + iarr = 10; strcpy(test, " "); + array = split_array_ws (test, &iarr, lengths); + CuAssertIntEquals(tc,0,(int)iarr); + CuAssertTrue(tc, array[0] == NULL); + + iarr = 10; strcpy(test, " a1 a2"); + array = split_array_ws (test, &iarr, lengths); + CuAssertIntEquals(tc,2,(int)iarr); + CuAssertStrEquals(tc,"a1", array[0]); + CuAssertStrEquals(tc,"a2", array[1]); + + CuAssertIntEquals(tc, 2, (int)lengths[0]); + CuAssertIntEquals(tc, 2, (int)lengths[1]); + + iarr = 10; strcpy(test, " a1 a2 "); + array = split_array_ws (test, &iarr, lengths); + CuAssertIntEquals(tc,2,(int)iarr); + CuAssertStrEquals(tc,"a1", array[0]); + CuAssertStrEquals(tc,"a2", array[1]); + + CuAssertIntEquals(tc, 2, (int)lengths[0]); + CuAssertIntEquals(tc, 2, (int)lengths[1]); + + iarr = 10; strcpy(test, ""); + array = split_array_ws (test, &iarr, lengths); + CuAssertIntEquals(tc,0,(int)iarr); + CuAssertTrue(tc, array[0] == NULL); + + iarr = 3; strcpy(test, " this is a test for remainder"); + array = split_array_ws (test, &iarr, lengths); + CuAssertIntEquals(tc,3,(int)iarr); + CuAssertStrEquals(tc,"this", array[0]); + CuAssertStrEquals(tc,"is", array[1]); + CuAssertStrEquals(tc,"a test for remainder", array[2]); + for (i = 0; i < 3; ++i) + { + CuAssertIntEquals(tc, (int)strlen(array[i]), lengths[i] ); + } + + /* string replace */ + s = sh_string_new_from_lchar3 ("abc ", 4, "def ", 4, "ghi ", 4); + ovecnum = 2; + ovector[0] = 0; ovector[1] = 2; + ovector[2] = 4; ovector[3] = 11; + + t = sh_string_replace(s, ovector, ovecnum, + "___", 3); + CuAssertPtrNotNull(tc, t); + CuAssertStrEquals(tc, "___c ___ ", t->str); + CuAssertIntEquals(tc, 9, (int)t->len); + + ovector[0] = 0; ovector[1] = 2; + ovector[2] = 4; ovector[3] = 12; + t = sh_string_replace(s, ovector, ovecnum, + "___", 3); + CuAssertPtrNotNull(tc, t); + CuAssertStrEquals(tc, "___c ___", t->str); + CuAssertIntEquals(tc, 8, (int)t->len); + + ovector[0] = 0; ovector[1] = 0; + ovector[2] = 0; ovector[3] = 0; + t = sh_string_replace(s, ovector, ovecnum, + "___", 3); + CuAssertTrue(tc, t == NULL); + + ovector[0] = 0; ovector[1] = 3; + ovector[2] = 3; ovector[3] = 6; + t = sh_string_replace(s, ovector, ovecnum, + "___", 3); + + CuAssertPtrNotNull(tc, t); + CuAssertStrEquals(tc, "______f ghi ", t->str); + CuAssertIntEquals(tc, 12, (int)t->len); + + ovector[0] = 4; ovector[1] = 5; + ovector[2] = 11; ovector[3] = 12; + t = sh_string_replace(s, ovector, ovecnum, + "___", 3); + CuAssertPtrNotNull(tc, t); + CuAssertStrEquals(tc, "abc ___ef ghi___", t->str); + CuAssertIntEquals(tc, 16, (int)t->len); + + t = sh_string_replace(s, ovector, 0, + "___", 3); + CuAssertPtrNotNull(tc, t); + CuAssertStrEquals(tc, s->str, t->str); + CuAssertIntEquals(tc, (int)s->len, (int)t->len); + +} + +#endif Index: /tags/2.5.0/src/sh_suidchk.c =================================================================== --- /tags/2.5.0/src/sh_suidchk.c (revision 189) +++ /tags/2.5.0/src/sh_suidchk.c (revision 189) @@ -0,0 +1,2181 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 2001 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef HAVE_SCHED_H +#include +#endif + +#ifdef SH_USE_SUIDCHK + +#undef FIL__ +#define FIL__ _("sh_suidchk.c") + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + +#if TIME_WITH_SYS_TIME +#include +#include +#else +#if HAVE_SYS_TIME_H +#include +#else +#include +#endif +#endif + +#ifdef HAVE_DIRENT_H +#include +#define NAMLEN(dirent) sl_strlen((dirent)->d_name) +#else +#define dirent direct +#define NAMLEN(dirent) (dirent)->d_namlen +#ifdef HAVE_SYS_NDIR_H +#include +#endif +#ifdef HAVE_SYS_DIR_H +#include +#endif +#ifdef HAVE_NDIR_H +#include +#endif +#endif +#define NEED_ADD_DIRENT + +#include "samhain.h" +#include "sh_pthread.h" +#include "sh_utils.h" +#include "sh_error.h" +#include "sh_modules.h" +#include "sh_suidchk.h" +#include "sh_hash.h" +#include "sh_unix.h" +#include "sh_files.h" +#include "sh_schedule.h" +#include "sh_calls.h" + + +sh_rconf sh_suidchk_table[] = { + { + N_("severitysuidcheck"), + sh_suidchk_set_severity + }, + { + N_("suidcheckactive"), + sh_suidchk_set_activate + }, + { + N_("suidcheckinterval"), + sh_suidchk_set_timer + }, + { + N_("suidcheckschedule"), + sh_suidchk_set_schedule + }, + { + N_("suidcheckexclude"), + sh_suidchk_set_exclude + }, + { + N_("suidcheckfps"), + sh_suidchk_set_fps + }, + { + N_("suidcheckyield"), + sh_suidchk_set_yield + }, + { + N_("suidchecknosuid"), + sh_suidchk_set_nosuid + }, + { + N_("suidcheckquarantinefiles"), + sh_suidchk_set_quarantine + }, + { + N_("suidcheckquarantinemethod"), + sh_suidchk_set_qmethod + }, + { + N_("suidcheckquarantinedelete"), + sh_suidchk_set_qdelete + }, + { + NULL, + NULL + }, +}; + + +static time_t lastcheck = (time_t) 0; +static int ShSuidchkActive = S_TRUE; +static time_t ShSuidchkInterval = 7200; +static long ShSuidchkFps = 0; +static int ShSuidchkNosuid = S_FALSE; +static int ShSuidchkYield = S_FALSE; +static int ShSuidchkQEnable = S_FALSE; +static int ShSuidchkQMethod = SH_Q_CHANGEPERM; +static int ShSuidchkQDelete = S_FALSE; +static int ShSuidchkSeverity = SH_ERR_SEVERE; +static char * ShSuidchkExclude = NULL; +static size_t ExcludeLen = 0; + +static time_t FileLimNow = 0; +static time_t FileLimStart = 0; +static long FileLimNum = 0; +static long FileLimTotal = 0; + +static sh_schedule_t * ShSuidchkSched = NULL; + +static char * +filesystem_type (char * path, char * relpath, struct stat * statp); + +#ifndef PATH_MAX +#define PATH_MAX 1024 +#endif + +extern unsigned long sh_files_maskof (int class); + +static void set_defaults (void) +{ + ShSuidchkActive = S_TRUE; + ShSuidchkInterval = 7200; + ShSuidchkFps = 0; + ShSuidchkNosuid = S_FALSE; + ShSuidchkYield = S_FALSE; + ShSuidchkQEnable = S_FALSE; + ShSuidchkQMethod = SH_Q_CHANGEPERM; + ShSuidchkQDelete = S_FALSE; + ShSuidchkSeverity = SH_ERR_SEVERE; + if (ShSuidchkExclude != NULL) + SH_FREE(ShSuidchkExclude); + ShSuidchkExclude = NULL; + ExcludeLen = 0; + + FileLimNow = 0; + FileLimStart = 0; + FileLimNum = 0; + FileLimTotal = 0; + + return; +} + +/* Recursively descend into the directory to make sure that + * there is no symlink in the path. + */ +static int do_truncate_int (char * path, int depth) +{ + char * q; + struct stat one; + struct stat two; + int fd; + char errbuf[SH_ERRBUF_SIZE]; + + if (depth > 99) + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, + MSG_SUID_ERROR, + _("do_truncate: max depth 99 exceeded")); + return -1; + } + ++depth; + if (path[0] != '/') + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, + MSG_SUID_ERROR, + _("do_truncate: not an absolute path")); + return -1; + } + ++path; + q = strchr(path, '/'); + if (q) + { + *q = '\0'; + if (0 != retry_lstat(FIL__, __LINE__, path, &one)) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + sh_error_message(errno, errbuf, sizeof(errbuf))); + *q = '/'; + return -1; + } + if (/*@-usedef@*/!S_ISDIR(one.st_mode)/*@+usedef@*/) + + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, + MSG_SUID_ERROR, + _("Possible race: not a directory")); + *q = '/'; + return -1; + } + + + if (0 != chdir(path)) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + sh_error_message(errno, errbuf, sizeof(errbuf))); + *q = '/'; + return -1; + } + *q = '/'; + if (0 != retry_lstat(FIL__, __LINE__, ".", &two)) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + sh_error_message(errno, errbuf, sizeof(errbuf))); + return -1; + } + if (/*@-usedef@*/(one.st_dev != two.st_dev) || + (one.st_ino != two.st_ino) || + (!S_ISDIR(two.st_mode))/*@+usedef@*/) + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, + MSG_SUID_ERROR, + _("Possible race: lstat(dir) != lstat(.)")); + return -1; + } + + + return (do_truncate_int(q, depth)); + } + else + { + /* no more '/', so this is the file + */ + if (*path == '\0') + return -1; + if (0 != retry_lstat(FIL__, __LINE__, path, &one)) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + sh_error_message(errno, errbuf, sizeof(errbuf))); + return -1; + } + fd = open(path, O_RDWR); + if (-1 == fd) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + sh_error_message(errno, errbuf, sizeof(errbuf))); + return -1; + } + if (0 != retry_fstat(FIL__, __LINE__, fd, &two)) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + sh_error_message(errno, errbuf, sizeof(errbuf))); + (void) close(fd); + return -1; + } + if (/*@-usedef@*/(one.st_dev != two.st_dev) || + (one.st_ino != two.st_ino)/*@+usedef@*/) + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, + MSG_SUID_ERROR, + _("Possible race: lstat != fstat")); + (void) close(fd); + return -1; + } + if (!S_ISREG(two.st_mode)) + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, + MSG_SUID_ERROR, + _("Possible race: not a regular file")); + (void) close(fd); + return -1; + } + if ((0 == (two.st_mode & S_ISUID)) && (0 == (two.st_mode & S_ISGID))) + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, + MSG_SUID_ERROR, + _("Possible race: not a suid/sgid file")); + (void) close(fd); + return -1; + } + if (ShSuidchkQDelete == S_FALSE) + { + if ((two.st_mode & S_ISUID) > 0) + two.st_mode -= S_ISUID; + if ((two.st_mode & S_ISGID) > 0) + two.st_mode -= S_ISGID; +#ifdef HAVE_FCHMOD + if (-1 == /*@-unrecog@*/fchmod(fd, two.st_mode)/*@+unrecog@*/) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + sh_error_message(errno, errbuf, sizeof(errbuf))); + (void) close(fd); + return -1; + } +#else + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + _("The fchmod() function is not available")); + (void) close(fd); + return -1; +#endif + if (two.st_nlink > 1) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, + MSG_SUID_ERROR, + _("Not truncated because hardlink count gt 1")); + (void) close(fd); + return -1; + } + /* The man page says: 'POSIX has ftruncate' + */ + if (-1 == /*@-unrecog@*/ftruncate(fd, 0)/*@+unrecog@*/) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + sh_error_message(errno, errbuf, sizeof(errbuf))); + (void) close(fd); + return -1; + } + } + else + { + if (-1 == retry_aud_unlink(FIL__, __LINE__, path)) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + sh_error_message(errno, errbuf, sizeof(errbuf))); + (void) close(fd); + return -1; + } + } + (void) close (fd); + return (0); + } +} + +static int do_truncate (const char * path_in) +{ + int caperr; + int result; + char * path; + char errbuf[SH_ERRBUF_SIZE]; + + if (0 != chdir("/")) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + sh_error_message(errno, errbuf, sizeof(errbuf))); + } + + if (0 != (caperr = sl_get_cap_qdel())) + { + sh_error_handle((-1), FIL__, __LINE__, caperr, MSG_E_SUBGEN, + sh_error_message (caperr, errbuf, sizeof(errbuf)), + _("sl_get_cap_qdel")); + } + + path = sh_util_strdup (path_in); + result = do_truncate_int (path, 0); + SH_FREE(path); + + if (0 != (caperr = sl_drop_cap_qdel())) + { + sh_error_handle((-1), FIL__, __LINE__, caperr, MSG_E_SUBGEN, + sh_error_message (caperr, errbuf, sizeof(errbuf)), + _("sl_drop_cap_qdel")); + } + + if (0 != chdir("/")) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, + MSG_SUID_ERROR, + sh_error_message(errno, errbuf, sizeof(errbuf))); + } + return result; +} + +static void sh_q_delete(const char * fullpath) +{ + int status; + char * msg; + char * tmp; + + if (do_truncate (fullpath) == -1) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + tmp = sh_util_safe_name(fullpath); + + (void) sl_snprintf(msg, SH_BUFSIZE, + _("Problem quarantining file. File NOT quarantined. errno = %ld"), + status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + status, + MSG_SUID_QREPORT, msg, + tmp ); + SH_FREE(tmp); + SH_FREE(msg); + } + else + { + tmp = sh_util_safe_name(fullpath); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, 0, + MSG_SUID_QREPORT, + _("Quarantine method applied"), + tmp ); + SH_FREE(tmp); + } + return; +} + +static void sh_q_move(const char * fullpath, file_type * theFile, + const char * timestrc, const char * timestra, + const char * timestrm) +{ + int status; + int readFile = -1; + int writeFile = -1;; + struct stat fileInfo; + ssize_t count; + char * msg; + char * tmp; + char * basetmp; + char * filetmp; + char buffer[1024]; + char * dir = SH_ALLOC(PATH_MAX+1); + mode_t umask_old; + FILE * filePtr = NULL; + + (void) sl_strlcpy (dir, DEFAULT_QDIR, PATH_MAX+1); + + if (retry_stat (FIL__, __LINE__, dir, &fileInfo) != 0) + { + /* Quarantine directory does not exist, + */ + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + tmp = sh_util_safe_name(fullpath); + + (void) sl_snprintf(msg, SH_BUFSIZE, + _("Problem quarantining file. File NOT quarantined. errno = %ld (stat)"), + status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + status, + MSG_SUID_QREPORT, msg, + tmp ); + SH_FREE(tmp); + SH_FREE(msg); + } + else + { + if (retry_lstat (FIL__, __LINE__, + fullpath, &fileInfo) == -1) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + tmp = sh_util_safe_name(fullpath); + + (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld(stat)"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + status, + MSG_SUID_QREPORT, + msg, tmp ); + SH_FREE(tmp); + SH_FREE(msg); + } + else + { + basetmp = sh_util_strdup(fullpath); + filetmp = SH_ALLOC(PATH_MAX+1); + tmp = sh_util_basename(basetmp); + + (void) sl_snprintf(filetmp, PATH_MAX+1, "%s/%s", + DEFAULT_QDIR, tmp); + SH_FREE(tmp); + SH_FREE(basetmp); + + readFile = open (fullpath, O_RDONLY); + if (readFile != -1) + writeFile = open (filetmp, O_WRONLY|O_CREAT, S_IRUSR|S_IWUSR|S_IXUSR); + + if ((readFile == -1) || (writeFile == -1)) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + tmp = sh_util_safe_name(fullpath); + + (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld (open)"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, status, + MSG_SUID_QREPORT, + msg, tmp ); + SH_FREE(tmp); + SH_FREE(msg); + } + else + { + /* sizeof(buffer) is 1024 + */ + while ((count = (int) read (readFile, buffer, sizeof (buffer))) > 0) + { + if ((int) write (writeFile, buffer, (size_t) count) != count) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + tmp = sh_util_safe_name(fullpath); + + (void) sl_snprintf(msg, SH_BUFSIZE, + _("I/O error. errno = %ld (write)"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, + __LINE__, + status, + MSG_SUID_QREPORT, + msg, tmp ); + SH_FREE(tmp); + SH_FREE(msg); + } + } + } + + (void) close (readFile); + (void) fchmod(writeFile, S_IRUSR | S_IWUSR | S_IXUSR); + (void) close (writeFile); + + if (do_truncate (fullpath) == -1) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + tmp = sh_util_safe_name(fullpath); + + (void) sl_snprintf(msg, SH_BUFSIZE, + _("Problem quarantining file. File NOT quarantined. errno = %ld"), + status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, status, + MSG_SUID_QREPORT, + msg, tmp ); + SH_FREE(tmp); + SH_FREE(msg); + } + else + { + tmp = sh_util_basename(fullpath); + + (void) sl_snprintf(filetmp, PATH_MAX+1, "%s/%s.info", + DEFAULT_QDIR, + tmp); + + SH_FREE(tmp); + /* + * avoid chmod by setting umask + */ + umask_old = umask (0077); + filePtr = fopen (filetmp, "w+"); + + /*@-usedef@*/ + if (filePtr) + { + fprintf(filePtr, + _("File Info:\n filename=%s\n size=%lu\n owner=%s(%d)\n group=%s(%d)\n ctime=%s\n atime=%s\n mtime=%s\n"), + fullpath, + (unsigned long) theFile->size, + theFile->c_owner, (int) theFile->owner, + theFile->c_group, (int) theFile->group, + timestrc, timestra, timestrm); + (void) fclose (filePtr); + } + /*@+usedef@*/ + umask (umask_old); + + tmp = sh_util_safe_name(fullpath); + sh_error_handle (ShSuidchkSeverity, + FIL__,__LINE__, + 0, MSG_SUID_QREPORT, + _("Quarantine method applied"), + tmp ); + SH_FREE(tmp); + } + SH_FREE(filetmp); + } + } + SH_FREE(dir); + return; +} + +static void sh_q_changeperm(const char * fullpath) +{ + int caperr; + int status; + char * msg; + char * tmp; + struct stat fileInfo; + struct stat fileInfo_F; + int cperm_status = 0; + int file_d = -1; + char errbuf[SH_ERRBUF_SIZE]; + + if (retry_lstat(FIL__, __LINE__, fullpath, &fileInfo) == -1) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + tmp = sh_util_safe_name(fullpath); + + (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + status, + MSG_SUID_QREPORT, msg, + tmp ); + SH_FREE(tmp); + SH_FREE(msg); + cperm_status = -1; + } + + if (cperm_status == 0) + { + if (0 != (caperr = sl_get_cap_qdel())) + { + sh_error_handle((-1), FIL__, __LINE__, + caperr, MSG_E_SUBGEN, + sh_error_message (caperr, errbuf, sizeof(errbuf)), + _("sl_get_cap_qdel")); + cperm_status = -1; + } + } + + if (cperm_status == 0) + { + file_d = aud_open (FIL__, __LINE__, SL_YESPRIV, + fullpath, O_RDONLY, 0); + if (-1 == file_d) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + tmp = sh_util_safe_name(fullpath); + + (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + status, + MSG_SUID_QREPORT, msg, + tmp ); + SH_FREE(tmp); + SH_FREE(msg); + cperm_status = -1; + } + } + + if (cperm_status == 0) + { + if (retry_fstat(FIL__, __LINE__, file_d, &fileInfo_F) == -1) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + tmp = sh_util_safe_name(fullpath); + + (void) sl_snprintf(msg, SH_BUFSIZE, + _("I/O error. errno = %ld"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + status, + MSG_SUID_QREPORT, msg, + tmp ); + SH_FREE(tmp); + SH_FREE(msg); + cperm_status = -1; + } + } + + if (cperm_status == 0) + { + if (fileInfo_F.st_ino != fileInfo.st_ino || + fileInfo_F.st_dev != fileInfo.st_dev || + fileInfo_F.st_mode != fileInfo.st_mode) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + tmp = sh_util_safe_name(fullpath); + + (void) sl_snprintf(msg, SH_BUFSIZE, + _("Race detected. errno = %ld"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + status, + MSG_SUID_QREPORT, msg, + tmp ); + SH_FREE(tmp); + SH_FREE(msg); + cperm_status = -1; + } + } + + if ((fileInfo.st_mode & S_ISUID) > 0) + fileInfo.st_mode -= S_ISUID; + if ((fileInfo.st_mode & S_ISGID) > 0) + fileInfo.st_mode -= S_ISGID; + + if (cperm_status == 0) + { + if (fchmod(file_d, fileInfo.st_mode) == -1) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + tmp = sh_util_safe_name(fullpath); + + (void) sl_snprintf(msg, SH_BUFSIZE, + _("Problem quarantining file. File NOT quarantined. errno = %ld"), + status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + status, + MSG_SUID_QREPORT, + msg, tmp ); + SH_FREE(tmp); + SH_FREE(msg); + } + else + { + tmp = sh_util_safe_name(fullpath); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + 0, + MSG_SUID_QREPORT, + _("Quarantine method applied"), + tmp ); + SH_FREE(tmp); + } + } + + if (0 != (caperr = sl_drop_cap_qdel())) + { + sh_error_handle((-1), FIL__, __LINE__, + caperr, MSG_E_SUBGEN, + sh_error_message (caperr, errbuf, sizeof(errbuf)), + _("sl_drop_cap_qdel")); + } + + if (file_d != -1) + { + do { + status = close (file_d); + } while (status == -1 && errno == EINTR); + + if (-1 == status) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + tmp = sh_util_safe_name(fullpath); + + (void) sl_snprintf(msg, SH_BUFSIZE, + _("I/O error. errno = %ld"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + status, + MSG_SUID_QREPORT, msg, + tmp ); + SH_FREE(tmp); + SH_FREE(msg); + cperm_status = -1; + } + } + return; +} + +static void report_file (const char * tmpcat, file_type * theFile, + char * timestrc, char * timestra, char * timestrm) +{ + char * msg = SH_ALLOC(SH_BUFSIZE); + char * tmp = sh_util_safe_name(tmpcat); + + msg[0] = '\0'; + /*@-usedef@*/ + +#ifdef SH_USE_XML + (void) sl_snprintf(msg, SH_BUFSIZE, _("owner_new=\"%s\" iowner_new=\"%ld\" group_new=\"%s\" igroup_new=\"%ld\" size_new=\"%lu\" ctime_new=\"%s\" atime_new=\"%s\" mtime_new=\"%s\""), + theFile->c_owner, theFile->owner, + theFile->c_group, theFile->group, + (unsigned long) theFile->size, + timestrc, timestra, timestrm); +#else + (void) sl_snprintf(msg, SH_BUFSIZE, _("owner_new=<%s>, iowner_new=<%ld>, group_new=<%s>, igroup_new=<%ld>, filesize=<%lu>, ctime=<%s>, atime=<%s>, mtime=<%s>"), + theFile->c_owner, theFile->owner, + theFile->c_group, theFile->group, + (unsigned long) theFile->size, + timestrc, timestra, timestrm); +#endif + /*@+usedef@*/ + + sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, + 0, MSG_SUID_POLICY, + _("suid/sgid file not in database"), + tmp, msg ); + SH_FREE(tmp); + SH_FREE(msg); + return; +} + +static +int sh_suidchk_check_internal (char * iname) +{ + DIR * thisDir = NULL; + struct dirent * thisEntry; + char * tmpcat; + char * tmp; + char timestrc[32]; + char timestra[32]; + char timestrm[32]; + struct stat buf; + int status; + int fflags; + char * fs; + long sl_status; + file_type theFile; + char fileHash[2*(KEY_LEN + 1)]; + + struct sh_dirent * dirlist; + struct sh_dirent * dirlist_orig; + char errbuf[SH_ERRBUF_SIZE]; + + SL_ENTER(_("sh_suidchk_check_internal")); + + if (iname == NULL) + { + TPT((0, FIL__, __LINE__ , _("msg=\n"))); + SL_RETURN( (-1), _("sh_suidchk_check_internal")); + } + + if (sig_urgent > 0) { + SL_RETURN( (0), _("sh_suidchk_check_internal")); + } + + thisDir = opendir (iname); + + if (thisDir == NULL) + { + status = errno; + tmp = sh_util_safe_name(iname); + sh_error_handle (ShDFLevel[SH_ERR_T_DIR], FIL__, __LINE__, status, + MSG_E_OPENDIR, + sh_error_message (status, errbuf, sizeof(errbuf)), tmp); + SH_FREE(tmp); + SL_RETURN( (-1), _("sh_suidchk_check_internal")); + } + + /* Loop over directory entries + */ + SH_MUTEX_LOCK(mutex_readdir); + + dirlist = NULL; + dirlist_orig = NULL; + + do { + + thisEntry = readdir (thisDir); + + if (thisEntry != NULL) { + + if (sl_strcmp (thisEntry->d_name, ".") == 0) + continue; + + if (sl_strcmp (thisEntry->d_name, "..") == 0) + continue; + + dirlist = addto_sh_dirlist (thisEntry, dirlist); + } + + } while (thisEntry != NULL); + + SH_MUTEX_UNLOCK(mutex_readdir); + + closedir(thisDir); + + dirlist_orig = dirlist; + + sl_status = SL_ENONE; + + do { + + /* If the directory is empty, dirlist = NULL + */ + if (!dirlist) + break; + + if (sig_urgent > 0) { + SL_RETURN( (0), _("sh_suidchk_check_internal")); + } + + tmpcat = SH_ALLOC(PATH_MAX); + (void) sl_strlcpy(tmpcat, iname, PATH_MAX); + + if ((sl_strlen(tmpcat) != sl_strlen(iname)) || (tmpcat[0] == '\0')) + { + sl_status = SL_ETRUNC; + } + else + { + if (tmpcat[1] != '\0') + sl_status = sl_strlcat(tmpcat, "/", PATH_MAX); + } + + if (! SL_ISERROR(sl_status)) + sl_status = sl_strlcat(tmpcat, dirlist->sh_d_name, PATH_MAX); + + if (SL_ISERROR(sl_status)) + { + tmp = sh_util_safe_name(tmpcat); + sh_error_handle ((-1), FIL__, __LINE__, (int) sl_status, + MSG_E_SUBGPATH, + _("path too long"), + _("sh_suidchk_check_internal"), tmp ); + SH_FREE(tmp); + dirlist = dirlist->next; + continue; + } + + ++FileLimNum; + ++FileLimTotal; + + /* Rate limit (Fps == Files per second) + */ + if ((ShSuidchkFps > 0 && FileLimNum > ShSuidchkFps && FileLimTotal > 0)&& + (ShSuidchkYield == S_FALSE)) + { + FileLimNum = 0; + FileLimNow = time(NULL); + + if ( (FileLimNow - FileLimStart) > 0 && + FileLimTotal/(FileLimNow - FileLimStart) > ShSuidchkFps ) + (void) retry_msleep((int)((FileLimTotal/(FileLimNow-FileLimStart))/ + ShSuidchkFps) , 0); + } + + status = (int) retry_lstat(FIL__, __LINE__, tmpcat, &buf); + + if (status != 0) + { + status = errno; + tmp = sh_util_safe_name(tmpcat); + sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, status, MSG_ERR_LSTAT, + sh_error_message(status, errbuf, sizeof(errbuf)), + tmpcat ); + SH_FREE(tmp); + } + else + { + if (/*@-usedef@*/S_ISDIR(buf.st_mode)/*@+usedef@*/ && + (ShSuidchkExclude == NULL || + 0 != strcmp(tmpcat, ShSuidchkExclude))) + { + /* fs is a STATIC string or NULL + */ + fs = filesystem_type (tmpcat, tmpcat, &buf); + if (fs != NULL +#ifndef SH_SUIDTESTDIR + && + 0 != strncmp (_("afs"), fs, 3) && + 0 != strncmp (_("devfs"), fs, 5) && + 0 != strncmp (_("iso9660"), fs, 7) && + 0 != strncmp (_("lustre"), fs, 6) && + 0 != strncmp (_("mmfs"), fs, 4) && + 0 != strncmp (_("msdos"), fs, 5) && + 0 != strncmp (_("nfs"), fs, 3) && + 0 != strncmp (_("proc"), fs, 4) && + 0 != strncmp (_("vfat"), fs, 4) +#endif + ) + { + if ((ShSuidchkNosuid == S_TRUE) || + (0 != strncmp (_("nosuid"), fs, 6))) + /* fprintf(stderr, "%s: %s\n", fs, tmpcat); */ + (void) sh_suidchk_check_internal(tmpcat); + } + } + else if (S_ISREG(buf.st_mode) && + (0 !=(S_ISUID & buf.st_mode) || +#if defined(HOST_IS_LINUX) + (0 !=(S_ISGID & buf.st_mode) && + 0 !=(S_IXGRP & buf.st_mode)) +#else + 0 !=(S_ISGID & buf.st_mode) +#endif + ) + ) + { + + (void) sl_strlcpy (theFile.fullpath, tmpcat, PATH_MAX); + theFile.check_mask = sh_files_maskof(SH_LEVEL_READONLY); + CLEAR_SH_FFLAG_REPORTED(theFile.file_reported); + theFile.attr_string = NULL; + theFile.link_path = NULL; + + status = sh_unix_getinfo (ShDFLevel[SH_ERR_T_RO], + dirlist->sh_d_name, + &theFile, fileHash, 0); + + tmp = sh_util_safe_name(tmpcat); + + if (status != 0) + { + sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, + 0, MSG_E_SUBGPATH, + _("Could not check suid/sgid file"), + _("sh_suidchk_check_internal"), + tmp); + } + else + { + + if ( sh.flag.update == S_TRUE && + (sh.flag.checkSum == SH_CHECK_INIT || + sh.flag.checkSum == SH_CHECK_CHECK)) + { + /* Updating database. Report new files that + * are not in database already. Then compare + * to database and report changes. + */ + if (-1 == sh_hash_have_it (tmpcat)) + { + sh_error_handle ((-1), FIL__, __LINE__, + 0, MSG_SUID_FOUND, tmp ); + } + else + { + sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, + 0, MSG_SUID_FOUND, tmp ); + } + + if (0 == sh_hash_compdata (SH_LEVEL_READONLY, + &theFile, fileHash, + _("[SuidCheck]"), + ShSuidchkSeverity)) + { + sh_hash_pushdata_memory (&theFile, fileHash); + } + + sh_hash_addflag(tmpcat, SH_FFLAG_SUIDCHK); + + } + + else if (sh.flag.checkSum == SH_CHECK_INIT && + sh.flag.update == S_FALSE ) + { + /* Running init. Report on files detected. + */ + sh_hash_pushdata (&theFile, fileHash); + sh_error_handle ((-1), FIL__, __LINE__, + 0, MSG_SUID_FOUND, tmp ); + } + + else if (sh.flag.checkSum == SH_CHECK_CHECK ) + { + /* Running file check. Report on new files + * detected, and quarantine them. + */ + sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, + 0, MSG_SUID_FOUND, tmp ); + + fflags = sh_hash_getflags(tmpcat); + + if ( (-1 == fflags) || (!SH_FFLAG_SUIDCHK_SET(fflags))) + { + if (-1 == fflags) + { + (void) sh_unix_gmttime (theFile.ctime, timestrc, sizeof(timestrc)); + (void) sh_unix_gmttime (theFile.atime, timestra, sizeof(timestra)); + (void) sh_unix_gmttime (theFile.mtime, timestrm, sizeof(timestrm)); + + report_file(tmpcat, &theFile, timestrc, timestra, timestrm); + } + /* Quarantine file according to configured method + */ + if (ShSuidchkQEnable == S_TRUE) + { + switch (ShSuidchkQMethod) + { + case SH_Q_DELETE: + sh_q_delete(theFile.fullpath); + break; + case SH_Q_CHANGEPERM: + sh_q_changeperm(theFile.fullpath); + break; + case SH_Q_MOVE: + sh_q_move(theFile.fullpath, &theFile, timestrc, timestra, timestrm); + break; + default: + sh_error_handle (ShSuidchkSeverity, FIL__, + __LINE__, 0, MSG_SUID_QREPORT, + _("Bad quarantine method"), tmp); + break; + } + } + else + { + /* 1.8.1 push file to in-memory database + */ + (void) sh_hash_compdata (SH_LEVEL_READONLY, + &theFile, fileHash, + _("[SuidCheck]"), + ShSuidchkSeverity); + + sh_hash_addflag(tmpcat, SH_FFLAG_SUIDCHK); + + } + } + else + { + /* File exists. Check for modifications. + */ + (void) sh_hash_compdata (SH_LEVEL_READONLY, + &theFile, fileHash, + _("[SuidCheck]"), + ShSuidchkSeverity); + + sh_hash_addflag(tmpcat, SH_FFLAG_SUIDCHK); + + } + } + } + SH_FREE(tmp); + if (theFile.attr_string) SH_FREE(theFile.attr_string); + if (theFile.link_path) SH_FREE(theFile.link_path); + } + } + SH_FREE(tmpcat); + + +#ifdef HAVE_SCHED_YIELD + if (ShSuidchkYield == S_TRUE) + { + if (sched_yield() == -1) + { + status = errno; + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + _("Failed to release time slice"), + _("sh_suidchk_check_internal") ); + } + } +#endif + + dirlist = dirlist->next; + + } while (dirlist != NULL); + + + kill_sh_dirlist (dirlist_orig); + + SL_RETURN( (0), _("sh_suidchk_check_internal")); +} + +/************* + * + * module init + * + *************/ +int sh_suidchk_init (struct mod_type * arg) +{ + (void) arg; + if (ShSuidchkActive == S_FALSE) + return (-1); + + return (0); +} + + +/************* + * + * module cleanup + * + *************/ +int sh_suidchk_end () +{ + return (0); +} + + +/************* + * + * module timer + * + *************/ +int sh_suidchk_timer (time_t tcurrent) +{ + if (sh.flag.checkSum == SH_CHECK_INIT) + return -1; + + /* One-shot (not daemon and not loop forever) + */ + if (sh.flag.isdaemon != S_TRUE && sh.flag.loop == S_FALSE) + return -1; + + if (ShSuidchkSched != NULL) + { + return test_sched(ShSuidchkSched); + } + if ((time_t) (tcurrent - lastcheck) >= ShSuidchkInterval) + { + lastcheck = tcurrent; + return (-1); + } + return 0; +} + +/************* + * + * module check + * + *************/ + +int sh_suidchk_check () +{ + int status; + + SL_ENTER(_("sh_suidchk_check")); + + sh_error_handle (SH_ERR_NOTICE, FIL__, __LINE__, EINVAL, MSG_E_SUBGEN, + _("Checking for SUID programs"), + _("suidchk_check") ); + + FileLimNow = time(NULL); + FileLimStart = FileLimNow; + FileLimNum = 0; + FileLimTotal = 0; + +#ifdef SH_SUIDTESTDIR + status = sh_suidchk_check_internal (SH_SUIDTESTDIR); +#else + status = sh_suidchk_check_internal ("/"); +#endif + + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_SUID_SUMMARY, + FileLimTotal, + (long) (time(NULL) - FileLimStart) ); + + SL_RETURN(status, _("sh_suidchk_check")); +} + +/************* + * + * module setup + * + *************/ + +int sh_suidchk_set_severity (const char * c) +{ + int retval; + char tmp[32]; + + SL_ENTER(_("sh_suidchk_set_severity")); + tmp[0] = '='; tmp[1] = '\0'; + (void) sl_strlcat (tmp, c, 32); + retval = sh_error_set_level (tmp, &ShSuidchkSeverity); + SL_RETURN(retval, _("sh_suidchk_set_severity")); +} + +int sh_suidchk_set_exclude (const char * c) +{ + SL_ENTER(_("sh_suidchk_set_exclude")); + + if (c == NULL || c[0] == '\0') + { + SL_RETURN(-1, _("sh_suidchk_set_exclude")); + } + + if (0 == sl_strncmp(c, _("NULL"), 4)) + { + if (ShSuidchkExclude != NULL) + SH_FREE(ShSuidchkExclude); + ShSuidchkExclude = NULL; + SL_RETURN(0, _("sh_suidchk_set_exclude")); + } + + if (ShSuidchkExclude != NULL) + SH_FREE(ShSuidchkExclude); + + ShSuidchkExclude = sh_util_strdup (c); + ExcludeLen = sl_strlen (ShSuidchkExclude); + if (ShSuidchkExclude[ExcludeLen-1] == '/') + { + ShSuidchkExclude[ExcludeLen-1] = '\0'; + ExcludeLen--; + } + SL_RETURN(0, _("sh_suidchk_set_exclude")); +} + +int sh_suidchk_set_timer (const char * c) +{ + long val; + + SL_ENTER(_("sh_suidchk_set_timer")); + + val = strtol (c, (char **)NULL, 10); + if (val <= 0) + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("suidchk timer"), c); + + val = (val <= 0 ? 7200 : val); + + ShSuidchkInterval = (time_t) val; + SL_RETURN( 0, _("sh_suidchk_set_timer")); +} + + +static void sh_suidchk_free_schedule (void) +{ + sh_schedule_t * current = ShSuidchkSched; + sh_schedule_t * next = NULL; + + while (current != NULL) + { + next = current->next; + SH_FREE(current); + current = next; + } + ShSuidchkSched = NULL; + return; +} + +int sh_suidchk_reconf () +{ + sh_suidchk_free_schedule(); + set_defaults(); + return 0; +} + +int sh_suidchk_set_schedule (const char * str) +{ + int status; + sh_schedule_t * newSched = NULL; + + SL_ENTER(_("sh_suidchk_set_schedule")); + + /* + if (ShSuidchkSched != NULL) + { + SH_FREE(ShSuidchkSched); + ShSuidchkSched = NULL; + } + */ + + if (0 == sl_strncmp(str, _("NULL"), 4)) + { + (void) sh_suidchk_free_schedule (); + return 0; + } + + newSched = SH_ALLOC(sizeof(sh_schedule_t)); + status = create_sched(str, newSched); + if (status != 0) + { + SH_FREE(newSched); + newSched = NULL; + } + else + { + newSched->next = ShSuidchkSched; + ShSuidchkSched = newSched; + } + SL_RETURN( status, _("sh_suidchk_set_schedule")); +} + + + +int sh_suidchk_set_fps (const char * c) +{ + long val; + + SL_ENTER(_("sh_suidchk_set_fps")); + + val = strtol (c, (char **)NULL, 10); + if (val < 0) + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("suidchk fps"), c); + + val = (val < 0 ? 0 : val); + + ShSuidchkFps = val; + SL_RETURN( 0, _("sh_suidchk_set_fps")); +} + +int sh_suidchk_set_yield (const char * c) +{ + int i; + SL_ENTER(_("sh_suidchk_set_yield")); +#ifdef HAVE_SCHED_YIELD + i = sh_util_flagval(c, &ShSuidchkYield); +#else + (void) c; /* cast to void to avoid compiler warning */ + i = -1; +#endif + SL_RETURN(i, _("sh_suidchk_set_yield")); +} + +int sh_suidchk_set_activate (const char * c) +{ + int i; + SL_ENTER(_("sh_suidchk_set_activate")); + i = sh_util_flagval(c, &ShSuidchkActive); + SL_RETURN(i, _("sh_suidchk_set_activate")); +} + +int sh_suidchk_set_nosuid (const char * c) +{ + int i; + SL_ENTER(_("sh_suidchk_set_nosuid")); + i = sh_util_flagval(c, &ShSuidchkNosuid); + SL_RETURN(i, _("sh_suidchk_set_nosuid")); +} + +int sh_suidchk_set_quarantine (const char * c) +{ + int i; + SL_ENTER(_("sh_suidchk_set_quarantine")); + i = sh_util_flagval(c, &ShSuidchkQEnable); + SL_RETURN(i, _("sh_suidchk_set_quarantine")); +} + +int sh_suidchk_set_qdelete (const char * c) +{ + int i; + SL_ENTER(_("sh_suidchk_set_qdelete")); + i = sh_util_flagval(c, &ShSuidchkQDelete); + SL_RETURN(i, _("sh_suidchk_set_qdelete")); +} + +int sh_suidchk_set_qmethod (const char * c) +{ + long val; + int ret = 0; + struct stat buf; + + SL_ENTER(_("sh_suidchk_set_qmethod")); + + val = strtol (c, (char **)NULL, 10); + if (val < 0) + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("suidchk qmethod"), c); + ret = -1; + } + else + { + switch (val) + { + case SH_Q_DELETE: + ShSuidchkQMethod = SH_Q_DELETE; + break; + case SH_Q_CHANGEPERM: + ShSuidchkQMethod = SH_Q_CHANGEPERM; + break; + case SH_Q_MOVE: + if (retry_stat (FIL__, __LINE__, DEFAULT_QDIR, &buf) != 0) + { + if (mkdir (DEFAULT_QDIR, 0750) == -1) + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, + MSG_SUID_ERROR, + _("Unable to create quarantine directory")); + } + } + ShSuidchkQMethod = SH_Q_MOVE; + break; + default: + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("suidchk qmethod"), c); + ShSuidchkQMethod = -1; + ret = -1; + break; + } + } + + SL_RETURN( ret, _("sh_suidchk_set_qmethod")); +} + +#if defined(FSTYPE_STATFS) || defined(FSTYPE_AIX_STATFS) +/* dirname.c -- return all but the last element in a path + Copyright (C) 1990 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software Foundation, + Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ + +/* Return the leading directories part of PATH, + allocated with malloc. If out of memory, return 0. + Assumes that trailing slashes have already been + removed. */ + +char * sh_dirname (const char * path) +{ + char *newpath; + char *slash; + int length; /* Length of result, not including NUL. */ + + slash = strrchr (path, '/'); + if (slash == NULL) + { + /* File is in the current directory. */ + path = "."; + length = 1; + } + else + { + /* Remove any trailing slashes from the result. */ + while (slash > path && *slash == '/') + --slash; + + length = slash - path + 1; + } + newpath = (char *) SH_ALLOC (length + 1); + if (newpath == NULL) + return NULL; + strncpy (newpath, path, length); + newpath[length] = '\0'; + return newpath; +} +/* #ifdef FSTYPE_STATFS */ +#endif + +/* fstype.c -- determine type of filesystems that files are on + Copyright (C) 1990, 91, 92, 93, 94 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +/* Written by David MacKenzie . */ + +/* Modified by R. Wichmann: + - replaced error() by sh_error_handle() + - replaced xstrdup() by sl_strdup() + - replaced strstr() by sl_strstr() + - some additions to recognize nosuid fs +*/ + +/* modetype.h -- file type bits definitions for POSIX systems + Requires sys/types.h sys/stat.h. + Copyright (C) 1990 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +/* POSIX.1 doesn't mention the S_IFMT bits; instead, it uses S_IStype + test macros. To make storing file types more convenient, define + them; the values don't need to correspond to what the kernel uses, + because of the way we use them. */ +#ifndef S_IFMT /* Doesn't have traditional Unix macros. */ +#define S_IFBLK 1 +#define S_IFCHR 2 +#define S_IFDIR 4 +#define S_IFREG 8 +#ifdef S_ISLNK +#define S_IFLNK 16 +#endif +#ifdef S_ISFIFO +#define S_IFIFO 32 +#endif +#ifdef S_ISSOCK +#define S_IFSOCK 64 +#endif +#endif /* !S_IFMT */ + +#ifdef STAT_MACROS_BROKEN +#undef S_ISBLK +#undef S_ISCHR +#undef S_ISDIR +#undef S_ISREG +#undef S_ISFIFO +#undef S_ISLNK +#undef S_ISSOCK +#undef S_ISMPB +#undef S_ISMPC +#undef S_ISNWK +#endif + +/* Do the reverse: define the POSIX.1 macros for traditional Unix systems + that don't have them. */ +#if !defined(S_ISBLK) && defined(S_IFBLK) +#define S_ISBLK(m) (((m) & S_IFMT) == S_IFBLK) +#endif +#if !defined(S_ISCHR) && defined(S_IFCHR) +#define S_ISCHR(m) (((m) & S_IFMT) == S_IFCHR) +#endif +#if !defined(S_ISDIR) && defined(S_IFDIR) +#define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR) +#endif +#if !defined(S_ISREG) && defined(S_IFREG) +#define S_ISREG(m) (((m) & S_IFMT) == S_IFREG) +#endif +#if !defined(S_ISFIFO) && defined(S_IFIFO) +#define S_ISFIFO(m) (((m) & S_IFMT) == S_IFIFO) +#endif +#if !defined(S_ISLNK) && defined(S_IFLNK) +#define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK) +#endif +#if !defined(S_ISSOCK) && defined(S_IFSOCK) +#define S_ISSOCK(m) (((m) & S_IFMT) == S_IFSOCK) +#endif +#if !defined(S_ISMPB) && defined(S_IFMPB) /* V7 */ +#define S_ISMPB(m) (((m) & S_IFMT) == S_IFMPB) +#define S_ISMPC(m) (((m) & S_IFMT) == S_IFMPC) +#endif +#if !defined(S_ISNWK) && defined(S_IFNWK) /* HP/UX */ +#define S_ISNWK(m) (((m) & S_IFMT) == S_IFNWK) +#endif + + +static char *filesystem_type_uncached (char *path, char *relpath, + struct stat *statp); + +#ifdef FSTYPE_MNTENT /* 4.3BSD etc. */ +static int xatoi (char *cp); +#endif + +#ifdef FSTYPE_MNTENT /* 4.3BSD, SunOS, HP-UX, Dynix, Irix. */ +#include +#if !defined(MOUNTED) +# if defined(MNT_MNTTAB) /* HP-UX. */ +# define MOUNTED MNT_MNTTAB +# endif +# if defined(MNTTABNAME) /* Dynix. */ +# define MOUNTED MNTTABNAME +# endif +#endif +#endif + +#ifdef FSTYPE_GETMNT /* Ultrix. */ +#include +#include +#include +#endif + +#ifdef FSTYPE_USG_STATFS /* SVR3. */ +#include +#include +#endif + +#ifdef FSTYPE_STATVFS /* SVR4. */ +#include +#include +#endif + +#ifdef FSTYPE_STATFS /* 4.4BSD. */ +#include /* NetBSD needs this. */ +#include + +#ifndef MFSNAMELEN /* NetBSD defines this. */ +static char * +fstype_to_string (t) + short t; +{ +#ifdef INITMOUNTNAMES /* Defined in 4.4BSD, not in NET/2. */ + static char *mn[] = INITMOUNTNAMES; + if (t >= 0 && t <= MOUNT_MAXTYPE) + return mn[t]; + else + return "?"; +#else /* !INITMOUNTNAMES */ + switch (t) + { + case MOUNT_UFS: + return _("ufs"); + case MOUNT_NFS: + return _("nfs"); +#ifdef MOUNT_PC + case MOUNT_PC: + return _("pc"); +#endif +#ifdef MOUNT_MFS + case MOUNT_MFS: + return _("mfs"); +#endif +#ifdef MOUNT_LO + case MOUNT_LO: + return _("lofs"); +#endif +#ifdef MOUNT_TFS + case MOUNT_TFS: + return _("tfs"); +#endif +#ifdef MOUNT_TMP + case MOUNT_TMP: + return _("tmp"); +#endif +#ifdef MOUNT_MSDOS + case MOUNT_MSDOS: + return _("msdos"); +#endif +#ifdef MOUNT_ISO9660 + case MOUNT_ISO9660: + return _("iso9660fs"); +#endif + default: + return "?"; + } +#endif /* !INITMOUNTNAMES */ +} +#endif /* !MFSNAMELEN */ +#endif /* FSTYPE_STATFS */ + +#ifdef FSTYPE_AIX_STATFS /* AIX. */ +#include +#include + +#define FSTYPE_STATFS /* Otherwise like 4.4BSD. */ +#define f_type f_vfstype + +static char * +fstype_to_string (t) + short t; +{ + switch (t) + { + case MNT_AIX: + return _("aix"); /* AIX 4.3: NFS filesystems are actually MNT_AIX. */ +#ifdef MNT_NAMEFS + case MNT_NAMEFS: + return _("namefs"); +#endif + case MNT_NFS: + return _("nfs"); + case MNT_JFS: + return _("jfs"); + case MNT_CDROM: + return _("cdrom"); +#ifdef MNT_PROCFS + case MNT_PROCFS: + return _("procfs"); +#endif +#ifdef MNT_SFS + case MNT_SFS: + return _("sfs"); +#endif +#ifdef MNT_CACHEFS + case MNT_CACHEFS: + return _("cachefs"); +#endif +#ifdef MNT_NFS3 + case MNT_NFS3: + return _("nfs3"); +#endif +#ifdef MNT_AUTOFS + case MNT_AUTOFS: + return _("autofs"); +#endif +#ifdef MNT_VXFS + case MNT_VXFS: + return _("vxfs"); +#endif +#ifdef MNT_VXODM + case MNT_VXODM: + return _("veritasfs"); +#endif +#ifdef MNT_UDF + case MNT_UDF: + return _("udfs"); +#endif +#ifdef MNT_NFS4 + case MNT_NFS4: + return _("nfs4"); +#endif +#ifdef MNT_RFS4 + case MNT_RFS4: + return _("nfs4"); +#endif +#ifdef MNT_CIFS + case MNT_CIFS: + return _("cifs"); +#endif + default: + return "?"; + } +} +#endif /* FSTYPE_AIX_STATFS */ + +#ifdef AFS +#include +#include +#if __STDC__ +/* On SunOS 4, afs/vice.h defines this to rely on a pre-ANSI cpp. */ +#undef _VICEIOCTL +#define _VICEIOCTL(id) ((unsigned int ) _IOW('V', id, struct ViceIoctl)) +#endif +#ifndef _IOW +/* AFS on Solaris 2.3 doesn't get this definition. */ +#include +#endif + +static int +in_afs (path) + char *path; +{ + static char space[2048]; + struct ViceIoctl vi; + + vi.in_size = 0; + vi.out_size = sizeof (space); + vi.out = space; + + if (pioctl (path, VIOC_FILE_CELL_NAME, &vi, 1) + && (errno == EINVAL || errno == ENOENT)) + return 0; + return 1; +} +#endif /* AFS */ + +/* Nonzero if the current filesystem's type is known. */ +static int fstype_known = 0; + +/* Return a static string naming the type of filesystem that the file PATH, + described by STATP, is on. + RELPATH is the file name relative to the current directory. + Return "unknown" if its filesystem type is unknown. */ + +static char * +filesystem_type (char * path, char * relpath, struct stat * statp) +{ + static char *current_fstype = NULL; + static dev_t current_dev; + + if (current_fstype != NULL) + { + if ((0 != fstype_known) && statp->st_dev == current_dev) + return current_fstype; /* Cached value. */ + SH_FREE (current_fstype); + } + current_dev = statp->st_dev; + current_fstype = filesystem_type_uncached (path, relpath, statp); + return current_fstype; +} + +/* Return a newly allocated string naming the type of filesystem that the + file PATH, described by STATP, is on. + RELPATH is the file name relative to the current directory. + Return "unknown" if its filesystem type is unknown. */ + +static char * +filesystem_type_uncached (path, relpath, statp) + char *path; + char *relpath; + struct stat *statp; +{ + char * type = NULL; +#ifdef MFSNAMELEN /* NetBSD. */ + static char my_tmp_type[64]; +#endif + +#ifdef FSTYPE_MNTENT /* 4.3BSD, SunOS, HP-UX, Dynix, Irix. */ + char *table = MOUNTED; + FILE *mfp; + struct mntent *mnt; + + if (path == NULL || relpath == NULL) + return NULL; + + mfp = setmntent (table, "r"); + if (mfp == NULL) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("setmntent() failed"), + _("filesystem_type_uncached") ); + return NULL; + } + + /* Find the entry with the same device number as STATP, and return + that entry's fstype. */ + while (type == NULL && (mnt = getmntent (mfp)) != NULL) + { + char *devopt; + dev_t dev; + struct stat disk_stats; + +#ifdef MNTTYPE_IGNORE + if (0 == strcmp (mnt->mnt_type, MNTTYPE_IGNORE)) + continue; +#endif + + /* Newer systems like SunOS 4.1 keep the dev number in the mtab, + in the options string. For older systems, we need to stat the + directory that the filesystem is mounted on to get it. + + Unfortunately, the HPUX 9.x mnttab entries created by automountq + contain a dev= option but the option value does not match the + st_dev value of the file (maybe the lower 16 bits match?). */ + +#if !defined(hpux) && !defined(__hpux__) + devopt = sl_strstr (mnt->mnt_opts, "dev="); + if (devopt) + { + if (devopt[4] == '0' && (devopt[5] == 'x' || devopt[5] == 'X')) + dev = (dev_t) xatoi (devopt + 6); + else + dev = (dev_t) xatoi (devopt + 4); + } + else +#endif /* not hpux */ + { + if (stat (mnt->mnt_dir, &disk_stats) == -1) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("stat() failed"), + _("filesystem_type_uncached") ); + return NULL; + } + dev = disk_stats.st_dev; + } + + if (dev == statp->st_dev) + { + /* check for the "nosuid" option + */ +#ifdef HAVE_HASMNTOPT + if (NULL == hasmntopt(mnt, "nosuid") || (ShSuidchkNosuid == S_TRUE)) + type = mnt->mnt_type; + else + type = _("nosuid"); /* hasmntopt (nosuid) */ +#else + type = mnt->mnt_type; +#endif + } + } + + if (endmntent (mfp) == 0) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("endmntent() failed"), + _("filesystem_type_uncached") ); + } +#endif + +#ifdef FSTYPE_GETMNT /* Ultrix. */ + int offset = 0; + struct fs_data fsd; + + if (path == NULL || relpath == NULL) + return NULL; + + while (type == NULL + && getmnt (&offset, &fsd, sizeof (fsd), NOSTAT_MANY, 0) > 0) + { + if (fsd.fd_req.dev == statp->st_dev) + type = gt_names[fsd.fd_req.fstype]; + } +#endif + +#ifdef FSTYPE_USG_STATFS /* SVR3. */ + struct statfs fss; + char typebuf[FSTYPSZ]; + + if (path == NULL || relpath == NULL) + return NULL; + + if (statfs (relpath, &fss, sizeof (struct statfs), 0) == -1) + { + /* Don't die if a file was just removed. */ + if (errno != ENOENT) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + _("statfs() failed"), + _("filesystem_type_uncached") ); + return NULL; + } + } + else if (!sysfs (GETFSTYP, fss.f_fstyp, typebuf)) + type = typebuf; +#endif + +#ifdef FSTYPE_STATVFS /* SVR4. */ + struct statvfs fss; + + if (path == NULL || relpath == NULL) + return NULL; + + if (statvfs (relpath, &fss) == -1) + { + /* Don't die if a file was just removed. */ + if (errno != ENOENT) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + _("statvfs() failed"), + _("filesystem_type_uncached") ); + return NULL; + } + } + else + { + type = fss.f_basetype; + + /* patch by Konstantin Khrooschev + */ + if( (fss.f_flag & ST_NOSUID) && (ShSuidchkNosuid == S_FALSE)) + type = _("nosuid"); + } + (void) statp; /* fix compiler warning */ +#endif + +#ifdef FSTYPE_STATFS /* 4.4BSD. */ + struct statfs fss; + char *p; +#if defined(MNT_VISFLAGMASK) && defined(HAVE_STRUCT_STATFS_F_FLAGS) + int flags; +#endif + /* char * sh_dirname(const char *path); */ + + if (path == NULL || relpath == NULL) + return NULL; + + if (S_ISLNK (statp->st_mode)) + p = sh_dirname (relpath); + else + p = relpath; + + if (statfs (p, &fss) == -1) + { + /* Don't die if symlink to nonexisting file, or a file that was + just removed. */ + if (errno != ENOENT) + { + sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, + _("statfs() failed"), + _("filesystem_type_uncached") ); + return NULL; + } + } + else + { + +#ifdef MFSNAMELEN /* NetBSD. */ + /* MEMORY LEAK !!! + * type = sh_util_strdup (fss.f_fstypename); + */ + sl_strlcpy (my_tmp_type, fss.f_fstypename, 64); + type = my_tmp_type; +#else + type = fstype_to_string (fss.f_type); +#endif + +#ifdef HAVE_STRUCT_STATFS_F_FLAGS +#ifdef MNT_VISFLAGMASK + flags = fss.f_flags & MNT_VISFLAGMASK; + if ((flags & MNT_NOSUID) && (ShSuidchkNosuid == S_FALSE)) +#else + if ((fss.f_flags & MNT_NOSUID) && (ShSuidchkNosuid == S_FALSE)) +#endif + type = _("nosuid"); +#endif + } + if (p != relpath) + SH_FREE (p); +#endif + +#ifdef AFS + if ((!type || !strcmp (type, "xx")) && in_afs (relpath)) + type = "afs"; +#endif + + /* An unknown value can be caused by an ENOENT error condition. + Don't cache those values. */ + fstype_known = (int)(type != NULL); + + return sh_util_strdup (type ? type : "unknown"); +} + +#ifdef FSTYPE_MNTENT /* 4.3BSD etc. */ +/* Return the value of the hexadecimal number represented by CP. + No prefix (like '0x') or suffix (like 'h') is expected to be + part of CP. */ + +static int +xatoi (cp) + char *cp; +{ + int val; + + val = 0; + while (*cp != '\0') + { + /*@+charint@*/ + if (*cp >= 'a' && *cp <= 'f') + val = val * 16 + *cp - 'a' + 10; + else if (*cp >= 'A' && *cp <= 'F') + val = val * 16 + *cp - 'A' + 10; + else if (*cp >= '0' && *cp <= '9') + val = val * 16 + *cp - '0'; + else + break; + /*@-charint@*/ + cp++; + } + return val; +} +#endif + + + +#endif + + +/* #ifdef SH_USE_UTMP */ +#endif + + + Index: /tags/2.5.0/src/sh_tiger0.c =================================================================== --- /tags/2.5.0/src/sh_tiger0.c (revision 189) +++ /tags/2.5.0/src/sh_tiger0.c (revision 189) @@ -0,0 +1,1759 @@ +#include "config_xor.h" + +#define USE_MD5 +#define USE_SHA1 + +#include +#include + +#include +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_MEMORY_H +#include +#endif + +#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) +#include +#endif + +#include "sh_tiger.h" + +#include "sh_unix.h" +#include "sh_error.h" +#include "sh_utils.h" +#include "sh_pthread.h" +#include "sh_string.h" + +#define PRIV_MAX 32768 + +#if defined(TIGER_64_BIT) +#if defined(HAVE_LONG_64) +typedef unsigned long int word64; +#elif defined(HAVE_LONG_LONG_64) +typedef unsigned long long int word64; +#else +#error No 64 bit type found ! +#endif +#endif + +#if defined(HAVE_INT_32) +typedef unsigned int sh_word32; +#define MYFORMAT (_("%08X%08X%08X%08X%08X%08X")) +#define GPGFORMAT (_("%08X %08X %08X %08X %08X %08X")) +#elif defined(HAVE_LONG_32) +typedef unsigned long sh_word32; +#define MYFORMAT (_("%08lX%08lX%08lX%08lX%08lX%08lX")) +#define GPGFORMAT (_("%08lX %08lX %08lX %08lX %08lX %08lX")) +#elif defined(HAVE_SHORT_32) +typedef unsigned short sh_word32; +#define MYFORMAT (_("%08X%08X%08X%08X%08X%08X")) +#define GPGFORMAT (_("%08X %08X %08X %08X %08X %08X")) +#else +#error No 32 bit type found ! +#endif + +typedef unsigned char sh_byte; + +#define SH_KEY_NULL _("000000000000000000000000000000000000000000000000") + +#undef FIL__ +#define FIL__ _("sh_tiger0.c") + +#if defined(TIGER_64_BIT) + +void tiger_t(const word64 *str, word64 length, word64 * res); +void tiger(const word64 *str, word64 length, word64 * res); + +#ifdef TIGER_DBG +static void tiger_dbg(word64 res[3], int step, + unsigned long nblocks, unsigned long ncount) +{ + return; +} +#endif +#else +void tiger(const sh_word32 *str, sh_word32 length, sh_word32 * res); +void tiger_t(const sh_word32 *str, sh_word32 length, sh_word32 * res); + +#ifdef TIGER_DBG +static +void tiger_dbg(sh_word32 res[6], int step, + unsigned long nblocks, unsigned long ncount) +{ + fprintf(stderr, + _("ST %d BLK %2ld CT %2ld %08lX %08lX %08lX %08lX %08lX %08lX\n"), + step, + nblocks, + ncount, + (sh_word32)(res[1]), + (sh_word32)(res[0]), + (sh_word32)(res[3]), + (sh_word32)(res[2]), + (sh_word32)(res[5]), + (sh_word32)(res[4]) ); +} +#endif +#endif + +/* this is the wrapper function -- not part of the tiger reference + * implementation + */ + +/* static sh_byte buffer[PRIV_MAX + 72]; */ + +#if defined(TIGER_64_BIT) +static +word64 * sh_tiger_hash_val (const char * filename, TigerType what, + UINT64 * Length, int timeout, word64 * res) +#else +static +sh_word32 * sh_tiger_hash_val (const char * filename, TigerType what, + UINT64 * Length, int timeout, sh_word32 * res) +#endif +{ + SL_TICKET fd; + sh_string * content = NULL; + int i, j, tt; + int count = 0; + int blk; + char * tmp; + sh_byte * bptr; + sh_byte bbuf[64]; + UINT64 bcount = 0; + + sh_byte * buffer = SH_ALLOC(PRIV_MAX + 72); + + unsigned long pages_read; + uid_t euid; + + unsigned long ncount = 0, nblocks = 0; + unsigned long t, msb, lsb; + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + /*@-nestedextern@*/ + extern long IO_Limit; + /*@+nestedextern@*/ +#endif + +#if defined(TIGER_64_BIT) +#define TIGER_CAST (const word64*) + /* word64 res[3]; */ + res[0]= (word64) 0x0123456789ABCDEFLL; + res[1]= (word64) 0xFEDCBA9876543210LL; + res[2]= (word64) 0xF096A5B4C3B2E187LL; +#else +#define TIGER_CAST (const sh_word32*) + /* sh_word32 res[6]; */ + res[0]= (sh_word32) 0x89ABCDEF; + res[1]= (sh_word32) 0x01234567; + res[2]= (sh_word32) 0x76543210; + res[3]= (sh_word32) 0xFEDCBA98; + res[4]= (sh_word32) 0xC3B2E187; + res[5]= (sh_word32) 0xF096A5B4; +#endif + + SL_ENTER(_("sh_tiger_hash_val")); + + if (what >= TIGER_FILE) + { + if (what > TIGER_FILE) + { + fd = what; + content = sl_get_content(fd); + TPT((0,FIL__, __LINE__, _("msg=, fd=<%ld>\n"), fd)); + } + else + { + TPT((0,FIL__, __LINE__, _("msg=, path=<%s>\n"), + (filename == NULL ? _("(null)") : filename) )); + fd = sl_open_read (filename, SL_YESPRIV); + } + + if (SL_ISERROR (fd)) + { + TPT((0, FIL__, __LINE__, _("msg=\n"), fd)); + tmp = sh_util_safe_name (filename); + (void) sl_get_euid(&euid); + sh_error_handle (ShDFLevel[SH_ERR_T_FILE], FIL__, __LINE__, (int)fd, + MSG_E_ACCESS, (long) euid, tmp); + SH_FREE(tmp); + SH_FREE(buffer); + *Length = 0; + SL_RETURN( NULL, _("sh_tiger_hash_val")); + } + +#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) + if (skey->mlock_failed == SL_FALSE) + { + if ( (-1) == sh_unix_mlock(FIL__, __LINE__, + (char *)buffer, + (PRIV_MAX)*sizeof(sh_byte))) + { + SH_MUTEX_LOCK_UNSAFE(mutex_skey); + skey->mlock_failed = SL_TRUE; + SH_MUTEX_UNLOCK_UNSAFE(mutex_skey); + } + } +#else + if (skey->mlock_failed == SL_FALSE) + { + SH_MUTEX_LOCK_UNSAFE(mutex_skey); + skey->mlock_failed = SL_TRUE; + SH_MUTEX_UNLOCK_UNSAFE(mutex_skey); + } +#endif + +#ifdef TIGER_DBG + tiger_dbg (res, 0, nblocks, ncount); +#endif + + pages_read = 0; + + while (1) + { + if (timeout > 0) + count = sl_read_timeout (fd, buffer, PRIV_MAX, timeout, SL_TRUE); + else + count = sl_read (fd, buffer, PRIV_MAX); + + ++pages_read; + + if (SL_ISERROR (count)) + { + if (sig_termfast == 1) { + sh_unix_munlock((char *)buffer, (PRIV_MAX)*sizeof(sh_byte)); + SH_FREE(buffer); + *Length = 0; + SL_RETURN( NULL, _("sh_tiger_hash_val")); + } + TPT((0, FIL__ , __LINE__ , _("msg=\n"), count)); + tmp = sh_util_safe_name (filename); + if (count == SL_TIMEOUT) + { + if (timeout != 7) { + sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, count, + MSG_E_TIMEOUT, timeout, tmp); + } + } + else + sh_error_handle (ShDFLevel[SH_ERR_T_FILE], FIL__, __LINE__, + count, MSG_E_READ, tmp); + SH_FREE(tmp); + memset (bbuf, 0, 64); + memset (buffer, 0, PRIV_MAX); + + sh_unix_munlock((char *)buffer, (PRIV_MAX)*sizeof(sh_byte)); + SH_FREE(buffer); + *Length = 0; + SL_RETURN( NULL, _("sh_tiger_hash_val")); + } + + if (content) + sh_string_cat_lchar(content, (char*)buffer, count); + + bcount += count; + + if (*Length != TIGER_NOLIM) + { + if (bcount > *Length) + { + count = count - (bcount - (*Length)); + bcount = *Length; + count = (count < 0) ? 0 : count; + } + } + + blk = (count / 64); /* number of 64-byte words */ + + /* nblocks += blk; number of 64-byte words + * count cannot be negative here, see 'if (SL_ISERROR (count))' + */ + tt = blk*64; + + ncount = (unsigned long) (count - tt); + + nblocks += blk; + /* MAY_LOCK */ + sh.statistics.bytes_hashed += tt; + + bptr = buffer; tt = 0; + for (i = 0; i < blk; ++i) + { + bptr = &buffer[tt]; tt += 64; + + tiger_t(TIGER_CAST bptr, 64, res); + +#ifdef TIGER_DBG + tiger_dbg (res, 3, nblocks, ncount); +#endif + } + + if (blk < (PRIV_MAX / 64)) /* this must be (PRIV_MAX / 64) */ + break; + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + if (sig_termfast == 1) + { + memset (bbuf, 0, 64); + memset (buffer, 0, PRIV_MAX); + sh_unix_munlock((char *)buffer, (PRIV_MAX)*sizeof(sh_byte)); + SH_FREE(buffer); + *Length = 0; + SL_RETURN( NULL, _("sh_tiger_hash_val")); + } + if ((IO_Limit) > 0 && (pages_read == 32)) /* check for I/O limit */ + { + sh_unix_io_pause (); + pages_read = 0; + } +#endif + } + + TPT((0, FIL__, __LINE__ , _("msg=\n"))); + + /* copy incomplete block + */ + j = 0; + for (i = 0; i < 64; i += 4) + { + bbuf[i] = (sh_byte) '\0'; + bbuf[i+1] = (sh_byte) '\0'; + bbuf[i+2] = (sh_byte) '\0'; + bbuf[i+3] = (sh_byte) '\0'; + } + for (i = (count/64) * 64; i < count; ++i) + /*@-usedef@*/bbuf[j++] = buffer[i];/*@+usedef@*/ + +#ifdef TIGER_DBG + tiger_dbg (res, 5, nblocks, ncount); +#endif + + msb = 0; + t = nblocks; + if( (lsb = t << 6) < t ) + msb++; + msb += t >> 26; + t = lsb; + if( (lsb = t + ncount) < t ) + msb++; + t = lsb; + if( (lsb = t << 3) < t ) + msb++; + msb += t >> 29; + + if( j < 56 ) + { + bbuf[j++] = (sh_byte) 0x01; ++ncount; + while( j < 56 ) + { bbuf[j++] = (sh_byte) 0; ++ncount; } + } + else + { + bbuf[j++] = (sh_byte) 0x01; + while( j < 64 ) + bbuf[j++] = (sh_byte) 0; + tiger_t(TIGER_CAST bbuf, 64, res); + /* MAY_LOCK */ + sh.statistics.bytes_hashed += 64; + ++nblocks; ncount = 0; + sl_memset(bbuf, 0, 56 ); + } + +#ifdef TIGER_DBG + tiger_dbg (res, 6, nblocks, ncount); +#endif + + bbuf[56] = (sh_byte) (lsb ); + bbuf[57] = (sh_byte) (lsb >> 8); + bbuf[58] = (sh_byte) (lsb >> 16); + bbuf[59] = (sh_byte) (lsb >> 24); + bbuf[60] = (sh_byte) (msb ); + bbuf[61] = (sh_byte) (msb >> 8); + bbuf[62] = (sh_byte) (msb >> 16); + bbuf[63] = (sh_byte) (msb >> 24); + + tiger_t(TIGER_CAST bbuf, 64, res); + sh.statistics.bytes_hashed += 64; + +#ifdef TIGER_DBG + tiger_dbg (res, 7, nblocks, ncount); +#endif + + sl_memset (bbuf, '\0', sizeof(bbuf)); + sl_memset (buffer, '\0', sizeof(buffer)); + + if (what == TIGER_FILE) + (void) sl_close (fd); + sh_unix_munlock((char *)buffer, (PRIV_MAX)*sizeof(sh_byte)); + SH_FREE(buffer); + *Length = bcount; + SL_RETURN( res, _("sh_tiger_hash_val")); + } + + if (what == TIGER_DATA && filename != NULL) + { + tiger(TIGER_CAST filename, (sh_word32) *Length, res); + sh_unix_munlock((char *)buffer, (PRIV_MAX)*sizeof(sh_byte)); + SH_FREE(buffer); + SL_RETURN(res, _("sh_tiger_hash_val")); + } + sh_unix_munlock((char *)buffer, (PRIV_MAX)*sizeof(sh_byte)); + SH_FREE(buffer); + *Length = 0; + SL_RETURN( NULL, _("sh_tiger_hash_val")); +} + +/* Thu Oct 18 18:53:33 CEST 2001 + */ + +#ifdef USE_MD5 +/*@-type@*/ +/* md5.c - Functions to compute MD5 message digest of files or memory blocks + * according to the definition of MD5 in RFC 1321 from April 1992. + * Copyright (C) 1995, 1996 Free Software Foundation, Inc. + * + * NOTE: The canonical source of this file is maintained with the GNU C + * Library. Bugs can be reported to bug-glibc@prep.ai.mit.edu. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2, or (at your option) any + * later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +/* Written by Ulrich Drepper , 1995. */ + +/* Hacked to work with samhain by R. Wichmann */ + +typedef UINT32 md5_uint32; + + +/* Structure to save state of computation between the single steps. */ +typedef struct md5_ctx +{ + md5_uint32 A; + md5_uint32 B; + md5_uint32 C; + md5_uint32 D; + + md5_uint32 total[2]; + md5_uint32 buflen; + char buffer[128]; +} md5Param; + +/* + * The following three functions are build up the low level used in + * the functions `md5_stream' and `md5_buffer'. + */ + +/* Initialize structure containing state of computation. + (RFC 1321, 3.3: Step 3) */ +static void md5_init_ctx (struct md5_ctx *ctx); + +/* Starting with the result of former calls of this function (or the + initialization function update the context for the next LEN bytes + starting at BUFFER. + It is necessary that LEN is a multiple of 64!!! */ +static void md5_process_block (const void *buffer, size_t len, + struct md5_ctx *ctx); + +/* Starting with the result of former calls of this function (or the + initialization function update the context for the next LEN bytes + starting at BUFFER. + It is NOT required that LEN is a multiple of 64. */ +static void md5_process_bytes (const void *buffer, size_t len, + struct md5_ctx *ctx); + +/* Process the remaining bytes in the buffer and put result from CTX + in first 16 bytes following RESBUF. The result is always in little + endian byte order, so that a byte-wise output yields to the wanted + ASCII representation of the message digest. + + IMPORTANT: On some systems it is required that RESBUF is correctly + aligned for a 32 bits value. */ +static void *md5_finish_ctx (struct md5_ctx *ctx, void *resbuf); + + +/* Put result from CTX in first 16 bytes following RESBUF. The result is + always in little endian byte order, so that a byte-wise output yields + to the wanted ASCII representation of the message digest. + + IMPORTANT: On some systems it is required that RESBUF is correctly + aligned for a 32 bits value. */ +static void *md5_read_ctx (const struct md5_ctx *ctx, void *resbuf); + +#if WORDS_BIGENDIAN +static md5_uint32 swapu32(md5_uint32 n) +{ + return ( ((n & 0xffU) << 24) | + ((n & 0xff00U) << 8) | + ((n & 0xff0000U) >> 8) | + ((n & 0xff000000U) >> 24) ); +} +#define SWAP(n) swapu32(n) +#else +#define SWAP(n) (n) +#endif + +/* This array contains the bytes used to pad the buffer to the next + 64-byte boundary. (RFC 1321, 3.1: Step 1) */ +static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ }; + +/* Initialize structure containing state of computation. + (RFC 1321, 3.3: Step 3) */ +static void md5_init_ctx(struct md5_ctx *ctx) +{ + ctx->A = 0x67452301; + ctx->B = 0xefcdab89; + ctx->C = 0x98badcfe; + ctx->D = 0x10325476; + + ctx->total[0] = ctx->total[1] = 0; + ctx->buflen = 0; +} + +/* Put result from CTX in first 16 bytes following RESBUF. The result + must be in little endian byte order. + + IMPORTANT: On some systems it is required that RESBUF is correctly + aligned for a 32 bits value. */ +static void *md5_read_ctx(const struct md5_ctx *ctx, void *resbuf) +{ + ((md5_uint32 *) resbuf)[0] = SWAP(ctx->A); + ((md5_uint32 *) resbuf)[1] = SWAP(ctx->B); + ((md5_uint32 *) resbuf)[2] = SWAP(ctx->C); + ((md5_uint32 *) resbuf)[3] = SWAP(ctx->D); + + return resbuf; +} + +/* Process the remaining bytes in the internal buffer and the usual + prolog according to the standard and write the result to RESBUF. + + IMPORTANT: On some systems it is required that RESBUF is correctly + aligned for a 32 bits value. */ +static void *md5_finish_ctx(struct md5_ctx *ctx, void *resbuf) +{ + /* Take yet unprocessed bytes into account. */ + md5_uint32 bytes = ctx->buflen; + size_t pad; + + /* Now count remaining bytes. */ + ctx->total[0] += bytes; + if (ctx->total[0] < bytes) + ++ctx->total[1]; + + pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes; + memcpy(&ctx->buffer[bytes], fillbuf, pad); + + /* Put the 64-bit file length in *bits* at the end of the buffer. */ + *(md5_uint32 *) & ctx->buffer[bytes + pad] = SWAP(ctx->total[0] << 3); + *(md5_uint32 *) & ctx->buffer[bytes + pad + 4] = + SWAP((ctx->total[1] << 3) | (ctx->total[0] >> 29)); + + /* Process last bytes. */ + md5_process_block(ctx->buffer, bytes + pad + 8, ctx); + + return md5_read_ctx(ctx, resbuf); +} + +/* Compute MD5 message digest for LEN bytes beginning at BUFFER. The + result is always in little endian byte order, so that a byte-wise + output yields to the wanted ASCII representation of the message + digest. */ +void *md5_buffer(const char *buffer, size_t len, void *resblock) +{ + struct md5_ctx ctx; + + /* Initialize the computation context. */ + md5_init_ctx(&ctx); + + /* Process whole buffer but last len % 64 bytes. */ + md5_process_bytes(buffer, len, &ctx); + + /* Put result in desired memory area. */ + return md5_finish_ctx(&ctx, resblock); +} + +static void md5_process_bytes(const void *buffer, size_t len, struct md5_ctx *ctx) +{ + /* When we already have some bits in our internal buffer concatenate + both inputs first. */ + if (ctx->buflen != 0) { + size_t left_over = ctx->buflen; + size_t add = 128 - left_over > len ? len : 128 - left_over; + + memcpy(&ctx->buffer[left_over], buffer, add); + ctx->buflen += add; + + if (left_over + add > 64) { + md5_process_block(ctx->buffer, (left_over + add) & ~63, ctx); + /* The regions in the following copy operation cannot overlap. */ + memcpy(ctx->buffer, &ctx->buffer[(left_over + add) & ~63], + (left_over + add) & 63); + ctx->buflen = (left_over + add) & 63; + } + + buffer = (const char *) buffer + add; + len -= add; + } + + /* Process available complete blocks. */ + if (len > 64) { + md5_process_block(buffer, len & ~63, ctx); + buffer = (const char *) buffer + (len & ~63); + len &= 63; + } + + /* Move remaining bytes in internal buffer. */ + if (len > 0) { + memcpy(ctx->buffer, buffer, len); + ctx->buflen = len; + } +} + +/* These are the four functions used in the four steps of the MD5 algorithm + and defined in the RFC 1321. The first function is a little bit optimized + (as found in Colin Plumbs public domain implementation). */ +/* #define FF(b, c, d) ((b & c) | (~b & d)) */ +#define FF(b, c, d) (d ^ (b & (c ^ d))) +#define FG(b, c, d) FF (d, b, c) +#define FH(b, c, d) (b ^ c ^ d) +#define FI(b, c, d) (c ^ (b | ~d)) + +/* Process LEN bytes of BUFFER, accumulating context into CTX. + It is assumed that LEN % 64 == 0. */ +static void md5_process_block(const void *buffer, size_t len, struct md5_ctx *ctx) +{ + md5_uint32 correct_words[16]; + const md5_uint32 *words = buffer; + size_t nwords = len / sizeof(md5_uint32); + const md5_uint32 *endp = words + nwords; + md5_uint32 A = ctx->A; + md5_uint32 B = ctx->B; + md5_uint32 C = ctx->C; + md5_uint32 D = ctx->D; + + /* First increment the byte count. RFC 1321 specifies the possible + length of the file up to 2^64 bits. Here we only compute the + number of bytes. Do a double word increment. */ + ctx->total[0] += len; + if (ctx->total[0] < len) + ++ctx->total[1]; + + /* Process all bytes in the buffer with 64 bytes in each round of + the loop. */ + while (words < endp) { + md5_uint32 *cwp = correct_words; + md5_uint32 A_save = A; + md5_uint32 B_save = B; + md5_uint32 C_save = C; + md5_uint32 D_save = D; + + /* First round: using the given function, the context and a constant + the next context is computed. Because the algorithms processing + unit is a 32-bit word and it is determined to work on words in + little endian byte order we perhaps have to change the byte order + before the computation. To reduce the work for the next steps + we store the swapped words in the array CORRECT_WORDS. */ + +#define OP(a, b, c, d, s, T) \ + do \ + { \ + a += FF (b, c, d) + (*cwp++ = SWAP (*words)) + T; \ + ++words; \ + CYCLIC (a, s); \ + a += b; \ + } \ + while (0) + + /* It is unfortunate that C does not provide an operator for + cyclic rotation. Hope the C compiler is smart enough. */ +#define CYCLIC(w, s) (w = (w << s) | (w >> (32 - s))) + + /* Before we start, one word to the strange constants. + They are defined in RFC 1321 as + + T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64 + */ + + /* Round 1. */ + OP(A, B, C, D, 7, 0xd76aa478); + OP(D, A, B, C, 12, 0xe8c7b756); + OP(C, D, A, B, 17, 0x242070db); + OP(B, C, D, A, 22, 0xc1bdceee); + OP(A, B, C, D, 7, 0xf57c0faf); + OP(D, A, B, C, 12, 0x4787c62a); + OP(C, D, A, B, 17, 0xa8304613); + OP(B, C, D, A, 22, 0xfd469501); + OP(A, B, C, D, 7, 0x698098d8); + OP(D, A, B, C, 12, 0x8b44f7af); + OP(C, D, A, B, 17, 0xffff5bb1); + OP(B, C, D, A, 22, 0x895cd7be); + OP(A, B, C, D, 7, 0x6b901122); + OP(D, A, B, C, 12, 0xfd987193); + OP(C, D, A, B, 17, 0xa679438e); + OP(B, C, D, A, 22, 0x49b40821); + /* For the second to fourth round we have the possibly swapped words + in CORRECT_WORDS. Redefine the macro to take an additional first + argument specifying the function to use. */ +#undef OP +#define OP(f, a, b, c, d, k, s, T) \ + do \ + { \ + a += f (b, c, d) + correct_words[k] + T; \ + CYCLIC (a, s); \ + a += b; \ + } \ + while (0) + + /* Round 2. */ + OP(FG, A, B, C, D, 1, 5, 0xf61e2562); + OP(FG, D, A, B, C, 6, 9, 0xc040b340); + OP(FG, C, D, A, B, 11, 14, 0x265e5a51); + OP(FG, B, C, D, A, 0, 20, 0xe9b6c7aa); + OP(FG, A, B, C, D, 5, 5, 0xd62f105d); + OP(FG, D, A, B, C, 10, 9, 0x02441453); + OP(FG, C, D, A, B, 15, 14, 0xd8a1e681); + OP(FG, B, C, D, A, 4, 20, 0xe7d3fbc8); + OP(FG, A, B, C, D, 9, 5, 0x21e1cde6); + OP(FG, D, A, B, C, 14, 9, 0xc33707d6); + OP(FG, C, D, A, B, 3, 14, 0xf4d50d87); + OP(FG, B, C, D, A, 8, 20, 0x455a14ed); + OP(FG, A, B, C, D, 13, 5, 0xa9e3e905); + OP(FG, D, A, B, C, 2, 9, 0xfcefa3f8); + OP(FG, C, D, A, B, 7, 14, 0x676f02d9); + OP(FG, B, C, D, A, 12, 20, 0x8d2a4c8a); + + /* Round 3. */ + OP(FH, A, B, C, D, 5, 4, 0xfffa3942); + OP(FH, D, A, B, C, 8, 11, 0x8771f681); + OP(FH, C, D, A, B, 11, 16, 0x6d9d6122); + OP(FH, B, C, D, A, 14, 23, 0xfde5380c); + OP(FH, A, B, C, D, 1, 4, 0xa4beea44); + OP(FH, D, A, B, C, 4, 11, 0x4bdecfa9); + OP(FH, C, D, A, B, 7, 16, 0xf6bb4b60); + OP(FH, B, C, D, A, 10, 23, 0xbebfbc70); + OP(FH, A, B, C, D, 13, 4, 0x289b7ec6); + OP(FH, D, A, B, C, 0, 11, 0xeaa127fa); + OP(FH, C, D, A, B, 3, 16, 0xd4ef3085); + OP(FH, B, C, D, A, 6, 23, 0x04881d05); + OP(FH, A, B, C, D, 9, 4, 0xd9d4d039); + OP(FH, D, A, B, C, 12, 11, 0xe6db99e5); + OP(FH, C, D, A, B, 15, 16, 0x1fa27cf8); + OP(FH, B, C, D, A, 2, 23, 0xc4ac5665); + + /* Round 4. */ + OP(FI, A, B, C, D, 0, 6, 0xf4292244); + OP(FI, D, A, B, C, 7, 10, 0x432aff97); + OP(FI, C, D, A, B, 14, 15, 0xab9423a7); + OP(FI, B, C, D, A, 5, 21, 0xfc93a039); + OP(FI, A, B, C, D, 12, 6, 0x655b59c3); + OP(FI, D, A, B, C, 3, 10, 0x8f0ccc92); + OP(FI, C, D, A, B, 10, 15, 0xffeff47d); + OP(FI, B, C, D, A, 1, 21, 0x85845dd1); + OP(FI, A, B, C, D, 8, 6, 0x6fa87e4f); + OP(FI, D, A, B, C, 15, 10, 0xfe2ce6e0); + OP(FI, C, D, A, B, 6, 15, 0xa3014314); + OP(FI, B, C, D, A, 13, 21, 0x4e0811a1); + OP(FI, A, B, C, D, 4, 6, 0xf7537e82); + OP(FI, D, A, B, C, 11, 10, 0xbd3af235); + OP(FI, C, D, A, B, 2, 15, 0x2ad7d2bb); + OP(FI, B, C, D, A, 9, 21, 0xeb86d391); + + /* Add the starting values of the context. */ + A += A_save; + B += B_save; + C += C_save; + D += D_save; + } + + /* Put checksum in context given as argument. */ + ctx->A = A; + ctx->B = B; + ctx->C = C; + ctx->D = D; +} + + +/*---------------------------------------------------------------------------- + *--------end of md5.c + *----------------------------------------------------------------------------*/ + + +int md5Reset(register md5Param* p) +{ + unsigned int i; + + md5_init_ctx(p); + + for (i = 0; i < 16; i += 8) + { + p->buffer[i] = 0x00; + p->buffer[i+1] = 0x00; + p->buffer[i+2] = 0x00; + p->buffer[i+3] = 0x00; + p->buffer[i+4] = 0x00; + p->buffer[i+5] = 0x00; + p->buffer[i+6] = 0x00; + p->buffer[i+7] = 0x00; + } + + return 0; +} + +int md5Update(md5Param* p, const sh_byte* data, int size) +{ + md5_process_bytes(data, size, p); + return 0; +} + +static void md5Finish(md5Param* p, void *resblock) +{ + (void) md5_finish_ctx(p, resblock); +} + +int md5Digest(md5Param* p, md5_uint32* data) +{ + md5Finish(p, data); + (void) md5Reset(p); + return 0; +} +/*@+type@*/ + + +/* Compute MD5 message digest for bytes read from STREAM. The + resulting message digest number will be written into the 16 bytes + beginning at RESBLOCK. */ +static int md5_stream(char * filename, void *resblock, + UINT64 * Length, int timeout, SL_TICKET fd) +{ + /* Important: BLOCKSIZE must be a multiple of 64. */ + static const int BLOCKSIZE = 8192; + struct md5_ctx ctx; + char * buffer = SH_ALLOC(8264); /* BLOCKSIZE + 72 AIX compiler chokes */ + size_t sum; + + char * tmp; + uid_t euid; + UINT64 bcount = 0; + sh_string * content; + + unsigned long pages_read; +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + /*@-nestedextern@*/ + extern long IO_Limit; + /*@+nestedextern@*/ +#endif + + /* Initialize the computation context. */ + (void) md5Reset (&ctx); + + if (SL_ISERROR (fd)) + { + TPT((0, FIL__, __LINE__, _("msg=\n"), fd)); + tmp = sh_util_safe_name (filename); + (void) sl_get_euid(&euid); + sh_error_handle (ShDFLevel[SH_ERR_T_FILE], FIL__, __LINE__, fd, + MSG_E_ACCESS, (long) euid, tmp); + SH_FREE(tmp); + *Length = 0; + SH_FREE(buffer); + return -1; + } + + pages_read = 0; + + content = sl_get_content(fd); + + /* Iterate over full file contents. */ + while (1) { + /* We read the file in blocks of BLOCKSIZE bytes. One call of the + computation function processes the whole buffer so that with the + next round of the loop another block can be read. */ + off_t n; + sum = 0; + + /* Read block. Take care for partial reads. */ + do { + + n = (off_t) sl_read_timeout (fd, buffer + sum, + (size_t) BLOCKSIZE - sum, timeout, SL_FALSE); + + if (SL_ISERROR (n)) + { + if (sig_termfast == 1) + { + SH_FREE(buffer); + return -1; + } + TPT((0, FIL__ , __LINE__ , _("msg=\n"), n)); + tmp = sh_util_safe_name (filename); + if (n == SL_TIMEOUT) + { + if (timeout != 7) { + sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, n, MSG_E_TIMEOUT, + timeout, tmp); + } + } + else + sh_error_handle (ShDFLevel[SH_ERR_T_FILE], FIL__, __LINE__, n, + MSG_E_READ, tmp); + SH_FREE(tmp); + *Length = 0; + SH_FREE(buffer); + return -1; + } + + if (content) + sh_string_cat_lchar(content, buffer, n); + + bcount += n; + + if (*Length != TIGER_NOLIM) + { + if (bcount > *Length) + { + n = n - (bcount - (*Length)); + bcount = *Length; + n = (n < 0) ? 0 : n; + } + } + + sum += n; + } + while (sum < (size_t) BLOCKSIZE + && n != 0); + + ++pages_read; + + /* If end of file is reached, end the loop. */ + if (n == 0) + break; + + /* Process buffer with BLOCKSIZE bytes. Note that + BLOCKSIZE % 64 == 0 + */ + md5_process_block(buffer, BLOCKSIZE, &ctx); + sh.statistics.bytes_hashed += BLOCKSIZE; + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + if ((IO_Limit) > 0 && (pages_read == 32)) /* check for I/O limit */ + { + sh_unix_io_pause (); + pages_read = 0; + } + if (sig_termfast == 1) + { + *Length = 0; + SH_FREE(buffer); + return -1; + } +#endif + } + + /* Add the last bytes if necessary. */ + if (sum > 0) + { + md5_process_bytes(buffer, sum, &ctx); + sh.statistics.bytes_hashed += BLOCKSIZE; + } + + /* Construct result in desired memory. */ + (void) md5Digest(&ctx, resblock); + + *Length = bcount; + SH_FREE(buffer); + return 0; +} + +static +char * sh_tiger_md5_hash (char * filename, TigerType what, + UINT64 * Length, int timeout, char * out, size_t len) +{ + int cnt; + char outbuf[KEY_LEN+1]; + unsigned char md5buffer[16]; + + (void) md5_stream (filename, md5buffer, Length, timeout, what); + + /*@-bufferoverflowhigh -usedef@*/ + for (cnt = 0; cnt < 16; ++cnt) + sprintf (&outbuf[cnt*2], _("%02X"), /* known to fit */ + (unsigned int) md5buffer[cnt]); + /*@+bufferoverflowhigh +usedef@*/ + for (cnt = 32; cnt < KEY_LEN; ++cnt) + outbuf[cnt] = '0'; + outbuf[KEY_LEN] = '\0'; + + sl_strlcpy(out, outbuf, len); + return out; +} + +/* USE_MD5 */ +#endif + +/*************************************************************** + * + * SHA1 + * + ***************************************************************/ + +#ifdef USE_SHA1 +/*@-type@*/ + +typedef unsigned char sha_word8; +typedef sh_word32 sha_word32; + +/* The SHA block size and message digest sizes, in bytes */ + +#define SHA_DATASIZE 64 +#define SHA_DATALEN 16 +#define SHA_DIGESTSIZE 20 +#define SHA_DIGESTLEN 5 +/* The structure for storing SHA info */ + +typedef struct sha_ctx { + sha_word32 digest[SHA_DIGESTLEN]; /* Message digest */ + sha_word32 count_l, count_h; /* 64-bit block count */ + sha_word8 block[SHA_DATASIZE]; /* SHA data buffer */ + int index; /* index into buffer */ +} SHA_CTX; + +static void sha_init(struct sha_ctx *ctx); +static void sha_update(struct sha_ctx *ctx, sha_word8 *buffer,sha_word32 len); +static void sha_final(struct sha_ctx *ctx); +static void sha_digest(struct sha_ctx *ctx, sha_word8 *s); + + +/* The SHA f()-functions. The f1 and f3 functions can be optimized to + save one boolean operation each - thanks to Rich Schroeppel, + rcs@cs.arizona.edu for discovering this */ + +/*#define f1(x,y,z) ( ( x & y ) | ( ~x & z ) ) // Rounds 0-19 */ +#define f1(x,y,z) ( z ^ ( x & ( y ^ z ) ) ) /* Rounds 0-19 */ +#define f2(x,y,z) ( x ^ y ^ z ) /* Rounds 20-39 */ +/*#define f3(x,y,z) ( ( x & y ) | ( x & z ) | ( y & z ) ) // Rounds 40-59 */ +#define f3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) ) /* Rounds 40-59 */ +#define f4(x,y,z) ( x ^ y ^ z ) /* Rounds 60-79 */ + +/* The SHA Mysterious Constants */ + +#define K1 0x5A827999L /* Rounds 0-19 */ +#define K2 0x6ED9EBA1L /* Rounds 20-39 */ +#define K3 0x8F1BBCDCL /* Rounds 40-59 */ +#define K4 0xCA62C1D6L /* Rounds 60-79 */ + +/* SHA initial values */ + +#define h0init 0x67452301L +#define h1init 0xEFCDAB89L +#define h2init 0x98BADCFEL +#define h3init 0x10325476L +#define h4init 0xC3D2E1F0L + +/* 32-bit rotate left - kludged with shifts */ + +#define ROTL(n,X) ( ( (X) << (n) ) | ( (X) >> ( 32 - (n) ) ) ) + +/* The initial expanding function. The hash function is defined over an + 80-word expanded input array W, where the first 16 are copies of the input + data, and the remaining 64 are defined by + + W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ] + + This implementation generates these values on the fly in a circular + buffer - thanks to Colin Plumb, colin@nyx10.cs.du.edu for this + optimization. + + The updated SHA changes the expanding function by adding a rotate of 1 + bit. Thanks to Jim Gillogly, jim@rand.org, and an anonymous contributor + for this information */ + +#define expand(W,i) ( W[ i & 15 ] = \ + ROTL( 1, ( W[ i & 15 ] ^ W[ (i - 14) & 15 ] ^ \ + W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] ) ) ) + + +/* The prototype SHA sub-round. The fundamental sub-round is: + + a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data; + b' = a; + c' = ROTL( 30, b ); + d' = c; + e' = d; + + but this is implemented by unrolling the loop 5 times and renaming the + variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration. + This code is then replicated 20 times for each of the 4 functions, using + the next 20 values from the W[] array each time */ + +#define subRound(a, b, c, d, e, f, k, data) \ + ( e += ROTL( 5, a ) + f( b, c, d ) + k + data, b = ROTL( 30, b ) ) + +/* Initialize the SHA values */ + +static void sha_init(struct sha_ctx *ctx) +{ + /* Set the h-vars to their initial values */ + ctx->digest[ 0 ] = h0init; + ctx->digest[ 1 ] = h1init; + ctx->digest[ 2 ] = h2init; + ctx->digest[ 3 ] = h3init; + ctx->digest[ 4 ] = h4init; + + /* Initialize bit count */ + ctx->count_l = ctx->count_h = 0; + + /* Initialize buffer */ + ctx->index = 0; +} + +/* Perform the SHA transformation. Note that this code, like MD5, seems to + break some optimizing compilers due to the complexity of the expressions + and the size of the basic block. It may be necessary to split it into + sections, e.g. based on the four subrounds + + Note that this function destroys the data area */ + +static void sha_transform(struct sha_ctx *ctx, sha_word32 *data ) +{ + register sha_word32 A, B, C, D, E; /* Local vars */ + + /* Set up first buffer and local data buffer */ + A = ctx->digest[0]; + B = ctx->digest[1]; + C = ctx->digest[2]; + D = ctx->digest[3]; + E = ctx->digest[4]; + + /* Heavy mangling, in 4 sub-rounds of 20 interations each. */ + subRound( A, B, C, D, E, f1, K1, data[ 0] ); + subRound( E, A, B, C, D, f1, K1, data[ 1] ); + subRound( D, E, A, B, C, f1, K1, data[ 2] ); + subRound( C, D, E, A, B, f1, K1, data[ 3] ); + subRound( B, C, D, E, A, f1, K1, data[ 4] ); + subRound( A, B, C, D, E, f1, K1, data[ 5] ); + subRound( E, A, B, C, D, f1, K1, data[ 6] ); + subRound( D, E, A, B, C, f1, K1, data[ 7] ); + subRound( C, D, E, A, B, f1, K1, data[ 8] ); + subRound( B, C, D, E, A, f1, K1, data[ 9] ); + subRound( A, B, C, D, E, f1, K1, data[10] ); + subRound( E, A, B, C, D, f1, K1, data[11] ); + subRound( D, E, A, B, C, f1, K1, data[12] ); + subRound( C, D, E, A, B, f1, K1, data[13] ); + subRound( B, C, D, E, A, f1, K1, data[14] ); + subRound( A, B, C, D, E, f1, K1, data[15] ); + subRound( E, A, B, C, D, f1, K1, expand( data, 16 ) ); + subRound( D, E, A, B, C, f1, K1, expand( data, 17 ) ); + subRound( C, D, E, A, B, f1, K1, expand( data, 18 ) ); + subRound( B, C, D, E, A, f1, K1, expand( data, 19 ) ); + + subRound( A, B, C, D, E, f2, K2, expand( data, 20 ) ); + subRound( E, A, B, C, D, f2, K2, expand( data, 21 ) ); + subRound( D, E, A, B, C, f2, K2, expand( data, 22 ) ); + subRound( C, D, E, A, B, f2, K2, expand( data, 23 ) ); + subRound( B, C, D, E, A, f2, K2, expand( data, 24 ) ); + subRound( A, B, C, D, E, f2, K2, expand( data, 25 ) ); + subRound( E, A, B, C, D, f2, K2, expand( data, 26 ) ); + subRound( D, E, A, B, C, f2, K2, expand( data, 27 ) ); + subRound( C, D, E, A, B, f2, K2, expand( data, 28 ) ); + subRound( B, C, D, E, A, f2, K2, expand( data, 29 ) ); + subRound( A, B, C, D, E, f2, K2, expand( data, 30 ) ); + subRound( E, A, B, C, D, f2, K2, expand( data, 31 ) ); + subRound( D, E, A, B, C, f2, K2, expand( data, 32 ) ); + subRound( C, D, E, A, B, f2, K2, expand( data, 33 ) ); + subRound( B, C, D, E, A, f2, K2, expand( data, 34 ) ); + subRound( A, B, C, D, E, f2, K2, expand( data, 35 ) ); + subRound( E, A, B, C, D, f2, K2, expand( data, 36 ) ); + subRound( D, E, A, B, C, f2, K2, expand( data, 37 ) ); + subRound( C, D, E, A, B, f2, K2, expand( data, 38 ) ); + subRound( B, C, D, E, A, f2, K2, expand( data, 39 ) ); + + subRound( A, B, C, D, E, f3, K3, expand( data, 40 ) ); + subRound( E, A, B, C, D, f3, K3, expand( data, 41 ) ); + subRound( D, E, A, B, C, f3, K3, expand( data, 42 ) ); + subRound( C, D, E, A, B, f3, K3, expand( data, 43 ) ); + subRound( B, C, D, E, A, f3, K3, expand( data, 44 ) ); + subRound( A, B, C, D, E, f3, K3, expand( data, 45 ) ); + subRound( E, A, B, C, D, f3, K3, expand( data, 46 ) ); + subRound( D, E, A, B, C, f3, K3, expand( data, 47 ) ); + subRound( C, D, E, A, B, f3, K3, expand( data, 48 ) ); + subRound( B, C, D, E, A, f3, K3, expand( data, 49 ) ); + subRound( A, B, C, D, E, f3, K3, expand( data, 50 ) ); + subRound( E, A, B, C, D, f3, K3, expand( data, 51 ) ); + subRound( D, E, A, B, C, f3, K3, expand( data, 52 ) ); + subRound( C, D, E, A, B, f3, K3, expand( data, 53 ) ); + subRound( B, C, D, E, A, f3, K3, expand( data, 54 ) ); + subRound( A, B, C, D, E, f3, K3, expand( data, 55 ) ); + subRound( E, A, B, C, D, f3, K3, expand( data, 56 ) ); + subRound( D, E, A, B, C, f3, K3, expand( data, 57 ) ); + subRound( C, D, E, A, B, f3, K3, expand( data, 58 ) ); + subRound( B, C, D, E, A, f3, K3, expand( data, 59 ) ); + + subRound( A, B, C, D, E, f4, K4, expand( data, 60 ) ); + subRound( E, A, B, C, D, f4, K4, expand( data, 61 ) ); + subRound( D, E, A, B, C, f4, K4, expand( data, 62 ) ); + subRound( C, D, E, A, B, f4, K4, expand( data, 63 ) ); + subRound( B, C, D, E, A, f4, K4, expand( data, 64 ) ); + subRound( A, B, C, D, E, f4, K4, expand( data, 65 ) ); + subRound( E, A, B, C, D, f4, K4, expand( data, 66 ) ); + subRound( D, E, A, B, C, f4, K4, expand( data, 67 ) ); + subRound( C, D, E, A, B, f4, K4, expand( data, 68 ) ); + subRound( B, C, D, E, A, f4, K4, expand( data, 69 ) ); + subRound( A, B, C, D, E, f4, K4, expand( data, 70 ) ); + subRound( E, A, B, C, D, f4, K4, expand( data, 71 ) ); + subRound( D, E, A, B, C, f4, K4, expand( data, 72 ) ); + subRound( C, D, E, A, B, f4, K4, expand( data, 73 ) ); + subRound( B, C, D, E, A, f4, K4, expand( data, 74 ) ); + subRound( A, B, C, D, E, f4, K4, expand( data, 75 ) ); + subRound( E, A, B, C, D, f4, K4, expand( data, 76 ) ); + subRound( D, E, A, B, C, f4, K4, expand( data, 77 ) ); + subRound( C, D, E, A, B, f4, K4, expand( data, 78 ) ); + subRound( B, C, D, E, A, f4, K4, expand( data, 79 ) ); + + /* Build message digest */ + ctx->digest[0] += A; + ctx->digest[1] += B; + ctx->digest[2] += C; + ctx->digest[3] += D; + ctx->digest[4] += E; +} + +#if 1 + +#ifndef EXTRACT_UCHAR +#define EXTRACT_UCHAR(p) (*(unsigned char *)(p)) +#endif + +#define STRING2INT(s) ((((((EXTRACT_UCHAR(s) << 8) \ + | EXTRACT_UCHAR(s+1)) << 8) \ + | EXTRACT_UCHAR(s+2)) << 8) \ + | EXTRACT_UCHAR(s+3)) +#else +sha_word32 STRING2INT(word8 *s) +{ + sha_word32 r; + int i; + + for (i = 0, r = 0; i < 4; i++, s++) + r = (r << 8) | *s; + return r; +} +#endif + +static void sha_block(struct sha_ctx *ctx, sha_word8 *block) +{ + sha_word32 data[SHA_DATALEN]; + int i; + + /* Update block count */ + /*@-boolops@*/ + if (!++ctx->count_l) + ++ctx->count_h; + /*@+boolops@*/ + + /* Endian independent conversion */ + for (i = 0; iindex != 0) + { /* Try to fill partial block */ + unsigned left = SHA_DATASIZE - ctx->index; + if (len < left) + { + memmove(ctx->block + ctx->index, buffer, len); + ctx->index += len; + return; /* Finished */ + } + else + { + memmove(ctx->block + ctx->index, buffer, left); + sha_block(ctx, ctx->block); + buffer += left; + len -= left; + } + } + while (len >= SHA_DATASIZE) + { + sha_block(ctx, buffer); + buffer += SHA_DATASIZE; + len -= SHA_DATASIZE; + } + /*@-predboolint@*/ + if ((ctx->index = len)) /* This assignment is intended */ + /*@+predboolint@*/ + /* Buffer leftovers */ + memmove(ctx->block, buffer, len); +} + +/* Final wrapup - pad to SHA_DATASIZE-byte boundary with the bit pattern + 1 0* (64-bit count of bits processed, MSB-first) */ + +static void sha_final(struct sha_ctx *ctx) +{ + sha_word32 data[SHA_DATALEN]; + int i; + int words; + + i = ctx->index; + /* Set the first char of padding to 0x80. This is safe since there is + always at least one byte free */ + ctx->block[i++] = 0x80; + + /* Fill rest of word */ + /*@-predboolint@*/ + for( ; i & 3; i++) + ctx->block[i] = 0; + /*@+predboolint@*/ + + /* i is now a multiple of the word size 4 */ + /*@-shiftimplementation@*/ + words = i >> 2; + /*@+shiftimplementation@*/ + for (i = 0; i < words; i++) + data[i] = STRING2INT(ctx->block + 4*i); + + if (words > (SHA_DATALEN-2)) + { /* No room for length in this block. Process it and + * pad with another one */ + for (i = words ; i < SHA_DATALEN; i++) + data[i] = 0; + sha_transform(ctx, data); + for (i = 0; i < (SHA_DATALEN-2); i++) + data[i] = 0; + } + else + for (i = words ; i < SHA_DATALEN - 2; i++) + data[i] = 0; + /* Theres 512 = 2^9 bits in one block */ + /*@-shiftimplementation@*/ + data[SHA_DATALEN-2] = (ctx->count_h << 9) | (ctx->count_l >> 23); + data[SHA_DATALEN-1] = (ctx->count_l << 9) | (ctx->index << 3); + /*@+shiftimplementation@*/ + sha_transform(ctx, data); +} + +static void sha_digest(struct sha_ctx *ctx, sha_word8 *s) +{ + int i; + + for (i = 0; i < SHA_DIGESTLEN; i++) + { + *s++ = ctx->digest[i] >> 24; + *s++ = 0xff & (ctx->digest[i] >> 16); + *s++ = 0xff & (ctx->digest[i] >> 8); + *s++ = 0xff & ctx->digest[i]; + } +} +/*@+type@*/ + +/* Compute SHA1 message digest for bytes read from STREAM. The + resulting message digest number will be written into the 16 bytes + beginning at RESBLOCK. */ +static int sha1_stream(char * filename, void *resblock, + UINT64 * Length, int timeout, SL_TICKET fd) +{ + /* Important: BLOCKSIZE must be a multiple of 64. */ + static const int BLOCKSIZE = 4096; + struct sha_ctx ctx; + char * buffer = SH_ALLOC(4168); /* BLOCKSIZE + 72 AIX compiler chokes */ + off_t sum = 0; + char * tmp; + uid_t euid; + UINT64 bcount = 0; + sh_string * content; + + unsigned long pages_read; +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + /*@-nestedextern@*/ + extern long IO_Limit; + /*@+nestedextern@*/ +#endif + + /* Initialize the computation context. */ + (void) sha_init(&ctx); + + if (SL_ISERROR (fd)) + { + TPT((0, FIL__, __LINE__, _("msg=\n"), fd)); + tmp = sh_util_safe_name (filename); + (void) sl_get_euid(&euid); + sh_error_handle (ShDFLevel[SH_ERR_T_FILE], FIL__, __LINE__, fd, + MSG_E_ACCESS, (long) euid, tmp); + SH_FREE(tmp); + *Length = 0; + SH_FREE(buffer); + return -1; + } + + /* Iterate over full file contents. */ + + pages_read = 0; + + content = sl_get_content(fd); + + while (1 == 1) { + /* We read the file in blocks of BLOCKSIZE bytes. One call of the + computation function processes the whole buffer so that with the + next round of the loop another block can be read. */ + off_t n; + sum = 0; + + /* Read block. Take care for partial reads. */ + do { + n = (off_t) sl_read_timeout(fd, buffer + sum, + (size_t) BLOCKSIZE - sum, timeout, SL_FALSE); + + if (SL_ISERROR (n)) + { + if (sig_termfast == 1) + { + SH_FREE(buffer); + return -1; + } + + TPT((0, FIL__ , __LINE__ , _("msg=\n"), n)); + tmp = sh_util_safe_name (filename); + if (n == SL_TIMEOUT) + { + if (timeout != 7) { + sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, n, MSG_E_TIMEOUT, + timeout, tmp); + } + } + else + { + sh_error_handle (ShDFLevel[SH_ERR_T_FILE], FIL__, __LINE__, n, + MSG_E_READ, tmp); + } + SH_FREE(tmp); + *Length = 0; + SH_FREE(buffer); + return -1; + } + + if (content) + sh_string_cat_lchar(content, buffer, n); + + bcount += n; + + if (*Length != TIGER_NOLIM) + { + if (bcount > *Length) + { + n = n - (bcount - (*Length)); + bcount = *Length; + n = (n < 0) ? 0 : n; + } + } + + sum += n; + } + while (sum < (off_t)BLOCKSIZE + && n != 0); + + ++pages_read; + + /* If end of file is reached, end the loop. */ + if (n == 0) + break; + + /* Process buffer with BLOCKSIZE bytes. Note that + BLOCKSIZE % 64 == 0 + */ + sha_update(&ctx, (sha_word8*) buffer, (sha_word32) BLOCKSIZE); + sh.statistics.bytes_hashed += BLOCKSIZE; + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + if ((IO_Limit) > 0 && (pages_read == 32)) /* check for I/O limit */ + { + sh_unix_io_pause (); + pages_read = 0; + } + if (sig_termfast == 1) + { + *Length = 0; + SH_FREE(buffer); + return -1; + } +#endif + + } + + /* Add the last bytes if necessary. */ + if (sum > 0) + { + sha_update(&ctx, (sha_word8*) buffer, (sha_word32) sum); + sh.statistics.bytes_hashed += sum; + } + + sha_final (&ctx); + + /* Construct result in desired memory. */ + sha_digest (&ctx, resblock); + *Length = bcount; + SH_FREE(buffer); + return 0; +} + + +static char * sh_tiger_sha1_hash (char * filename, TigerType what, + UINT64 * Length, int timeout, + char * out, size_t len) +{ + int cnt; + char outbuf[KEY_LEN+1]; + unsigned char sha1buffer[20]; + + (void) sha1_stream (filename, sha1buffer, Length, timeout, what); + + /*@-bufferoverflowhigh -usedef@*/ + for (cnt = 0; cnt < 20; ++cnt) + sprintf (&outbuf[cnt*2], _("%02X"), /* known to fit */ + (unsigned int) sha1buffer[cnt]); + /*@+bufferoverflowhigh +usedef@*/ + for (cnt = 40; cnt < KEY_LEN; ++cnt) + outbuf[cnt] = '0'; + outbuf[KEY_LEN] = '\0'; + + sl_strlcpy(out, outbuf, len); + return out; +} + +/* ifdef USE_SHA1 */ +#endif + +static int hash_type = 0; + +int sh_tiger_get_hashtype () +{ + return hash_type; +} + +int sh_tiger_hashtype (const char * c) +{ + SL_ENTER( _("sh_tiger_hashtype")); + + if (!c) + { + SL_RETURN( -1, _("sh_tiger_hashtype")); + } + + if (0 == strcmp(c, _("TIGER192"))) + hash_type = 0; +#ifdef USE_MD5 + else if (0 == strcmp(c, _("SHA1"))) + hash_type = 1; +#endif +#ifdef USE_SHA1 + else if (0 == strcmp(c, _("MD5"))) + hash_type = 2; +#endif + else + { + SL_RETURN( -1, _("sh_tiger_hashtype")); + } + SL_RETURN( 0, _("sh_tiger_hashtype")); +} + +static char * sh_tiger_hash_internal (const char * filename, TigerType what, + UINT64 * Length, int timeout, + char * out, size_t len); + +char * sh_tiger_hash (const char * filename, TigerType what, + UINT64 Length, char * out, size_t len) +{ + UINT64 local_length = Length; + char * retval = sh_tiger_hash_internal (filename, what, &local_length, 0, out,len); + return retval; +} + +char * sh_tiger_generic_hash (char * filename, TigerType what, + UINT64 * Length, int timeout, + char * out, size_t len) +{ +#ifdef USE_SHA1 + if (hash_type == 1) + return sh_tiger_sha1_hash (filename, what, Length, timeout, out, len); +#endif +#ifdef USE_MD5 + if (hash_type == 2) + return sh_tiger_md5_hash (filename, what, Length, timeout, out, len); +#endif + return sh_tiger_hash_internal (filename, what, Length, timeout, out, len); +} + +/* + * ------- end new --------- */ + +static char * sh_tiger_hash_internal (const char * filename, TigerType what, + UINT64 * Length, int timeout, + char * out, size_t len) +{ +#if defined(TIGER_64_BIT) + word64 res[3]; +#else + sh_word32 res[6]; +#endif + + SL_ENTER( _("sh_tiger_hash_internal")); + + SH_VALIDATE_GE(len, (KEY_LEN+1)); + + if (NULL != sh_tiger_hash_val (filename, what, Length, timeout, res)) + { +#if defined(TIGER_64_BIT) + sl_snprintf(out, len, + MYFORMAT, + (sh_word32)(res[0]>>32), + (sh_word32)(res[0]), + (sh_word32)(res[1]>>32), + (sh_word32)(res[1]), + (sh_word32)(res[2]>>32), + (sh_word32)(res[2]) ); +#else + sl_snprintf(out, len, + MYFORMAT, + (sh_word32)(res[1]), + (sh_word32)(res[0]), + (sh_word32)(res[3]), + (sh_word32)(res[2]), + (sh_word32)(res[5]), + (sh_word32)(res[4]) ); +#endif + out[len-1] = '\0'; + SL_RETURN( out, _("sh_tiger_hash_internal")); + + } + + SL_RETURN( SH_KEY_NULL, _("sh_tiger_hash_internal")); +} + +char * sh_tiger_hash_gpg (const char * filename, TigerType what, + UINT64 Length) +{ + size_t len; + char * out; + char outhash[48+6+1]; +#if defined(TIGER_64_BIT) + word64 res[3]; +#else + sh_word32 res[6]; +#endif + UINT64 local_length = Length; + + SL_ENTER(_("sh_tiger_hash_gpg")); + + if (NULL != sh_tiger_hash_val (filename, what, &local_length, 0, res)) + { +#if defined(TIGER_64_BIT) + sl_snprintf(outhash, + sizeof(outhash), + GPGFORMAT, + (sh_word32)(res[0]>>32), + (sh_word32)(res[0]), + (sh_word32)(res[1]>>32), + (sh_word32)(res[1]), + (sh_word32)(res[2]>>32), + (sh_word32)(res[2]) ); +#else + sl_snprintf(outhash, + sizeof(outhash), + GPGFORMAT, + (sh_word32)(res[1]), + (sh_word32)(res[0]), + (sh_word32)(res[3]), + (sh_word32)(res[2]), + (sh_word32)(res[5]), + (sh_word32)(res[4]) ); +#endif + outhash[sizeof(outhash)-1] = '\0'; + } + else + { + sl_strlcpy(outhash, + _("00000000 00000000 00000000 00000000 00000000 00000000"), + sizeof(outhash)); + } + + if (what == TIGER_FILE && sl_ok_adds(sl_strlen (filename), (2 + 48 + 6))) + len = sl_strlen (filename) + 2 + 48 + 6; + else + len = 48 + 6; + + out = SH_ALLOC(len + 1); + + if (what == TIGER_FILE) + { + (void) sl_strlcpy (out, filename, len+1); + (void) sl_strlcat (out, _(": "), len+1); + (void) sl_strlcat (out, outhash, len+1); + } + else + { + (void) sl_strlcpy (out, outhash, len+1); + } + SL_RETURN( out, _("sh_tiger_hash_gpg")); +} + + +UINT32 * sh_tiger_hash_uint32 (char * filename, + TigerType what, + UINT64 Length, UINT32 * out, size_t len) +{ +#if defined(TIGER_64_BIT) + word64 res[3]; +#else + sh_word32 res[6]; +#endif + UINT64 local_length = Length; + + SL_ENTER(_("sh_tiger_hash_uint32")); + + SH_VALIDATE_GE(len, 6); + + out[0] = 0; out[1] = 0; out[2] = 0; + out[3] = 0; out[4] = 0; out[5] = 0; + + if (NULL != sh_tiger_hash_val (filename, what, &local_length, 0, res)) + { +#if defined(TIGER_64_BIT) + out[0] = (UINT32)(res[0]>>32); + out[1] = (UINT32)(res[0]); + out[2] = (UINT32)(res[1]>>32); + out[3] = (UINT32)(res[1]); + out[4] = (UINT32)(res[2]>>32); + out[5] = (UINT32)(res[2]); +#else + out[0] = (UINT32)(res[1]); + out[1] = (UINT32)(res[0]); + out[2] = (UINT32)(res[3]); + out[3] = (UINT32)(res[2]); + out[4] = (UINT32)(res[5]); + out[5] = (UINT32)(res[4]); +#endif + } + + SL_RETURN(out, _("sh_tiger_hash_uint32")); +} + + + + Index: /tags/2.5.0/src/sh_tiger1.c =================================================================== --- /tags/2.5.0/src/sh_tiger1.c (revision 189) +++ /tags/2.5.0/src/sh_tiger1.c (revision 189) @@ -0,0 +1,349 @@ +/* Do not include ANY system headers here. The implementation is */ +/* somehow flawed - maybe something gets overlayed by definitions */ +/* in the system headers. Results will become incorrect. */ + +#include "config_xor.h" + +/* we already inline in the function used for file checksums */ +/* #define UNROLL_COMPRESS */ +#undef UNROLL_COMPRESS + +#if !defined(TIGER_64_BIT) + +/* Tiger: A Fast New Hash Function + * + * Ross Anderson and Eli Biham + * + * From the homepage (http://www.cs.technion.ac.il/~biham/Reports/Tiger/): + * + * Tiger has no usage restrictions nor patents. It can be used freely, + * with the reference implementation, with other implementations or with + * a modification to the reference implementation (as long as it still + * implements Tiger). We only ask you to let us know about your + * implementation and to cite the origin of Tiger and of the reference + * implementation. + * + * + * The authors' home pages can be found both in + * http://www.cs.technion.ac.il/~biham/ and in + * http://www.cl.cam.ac.uk/users/rja14/. + * The authors' email addresses are biham@cs.technion.ac.il + * and rja14@cl.cam.ac.uk. + */ + + +#if defined(HAVE_INT_32) +typedef unsigned int sh_word32; +#elif defined(HAVE_LONG_32) +typedef unsigned long sh_word32; +#elif defined(HAVE_SHORT_32) +typedef unsigned short sh_word32; +#else +#error No 32 bit type found ! +#endif + +typedef unsigned char sh_byte; + +/* Big endian: */ +#ifdef WORDS_BIGENDIAN +#define BIG_ENDIAN +#endif + +/* The number of passes of the hash function. */ +/* Three passes are recommended. */ +/* Use four passes when you need extra security. */ +/* Must be at least three. */ +#define PASSES 3 + +extern sh_word32 tiger_table[4*256][2]; + +#define t1 (tiger_table) +#define t2 (tiger_table+256) +#define t3 (tiger_table+256*2) +#define t4 (tiger_table+256*3) + +#define sub64(s0, s1, p0, p1) \ + temps0 = (p0); \ + tcarry = s0 < temps0; \ + s0 -= temps0; \ + s1 -= (p1) + tcarry; + +#define add64(s0, s1, p0, p1) \ + temps0 = (p0); \ + s0 += temps0; \ + tcarry = s0 < temps0; \ + s1 += (p1) + tcarry; + +#define xor64(s0, s1, p0, p1) \ + s0 ^= (p0); \ + s1 ^= (p1); + +#define mul5(s0, s1) \ + tempt0 = s0<<2; \ + tempt1 = (s1<<2)|(s0>>30); \ + add64(s0, s1, tempt0, tempt1); + +#define mul7(s0, s1) \ + tempt0 = s0<<3; \ + tempt1 = (s1<<3)|(s0>>29); \ + sub64(tempt0, tempt1, s0, s1); \ + s0 = tempt0; \ + s1 = tempt1; + +#define mul9(s0, s1) \ + tempt0 = s0<<3; \ + tempt1 = (s1<<3)|(s0>>29); \ + add64(s0, s1, tempt0, tempt1); + +#define save_abc \ + aa0 = a0; \ + aa1 = a1; \ + bb0 = b0; \ + bb1 = b1; \ + cc0 = c0; \ + cc1 = c1; + +#define roundX(a0,a1,b0,b1,c0,c1,x0,x1) \ + xor64(c0, c1, x0, x1); \ + temp0 = t1[((c0)>>(0*8))&0xFF][0] ; \ + temp1 = t1[((c0)>>(0*8))&0xFF][1] ; \ + temp0 ^= t2[((c0)>>(2*8))&0xFF][0] ; \ + temp1 ^= t2[((c0)>>(2*8))&0xFF][1] ; \ + temp0 ^= t3[((c1)>>(0*8))&0xFF][0] ; \ + temp1 ^= t3[((c1)>>(0*8))&0xFF][1] ; \ + temp0 ^= t4[((c1)>>(2*8))&0xFF][0] ; \ + temp1 ^= t4[((c1)>>(2*8))&0xFF][1] ; \ + sub64(a0, a1, temp0, temp1); \ + temp0 = t4[((c0)>>(1*8))&0xFF][0] ; \ + temp1 = t4[((c0)>>(1*8))&0xFF][1] ; \ + temp0 ^= t3[((c0)>>(3*8))&0xFF][0] ; \ + temp1 ^= t3[((c0)>>(3*8))&0xFF][1] ; \ + temp0 ^= t2[((c1)>>(1*8))&0xFF][0] ; \ + temp1 ^= t2[((c1)>>(1*8))&0xFF][1] ; \ + temp0 ^= t1[((c1)>>(3*8))&0xFF][0] ; \ + temp1 ^= t1[((c1)>>(3*8))&0xFF][1] ; \ + add64(b0, b1, temp0, temp1); + + +#define round5(a0,a1,b0,b1,c0,c1,x0,x1) \ + roundX(a0,a1,b0,b1,c0,c1,x0,x1); \ + mul5(b0, b1); + +#define round7(a0,a1,b0,b1,c0,c1,x0,x1) \ + roundX(a0,a1,b0,b1,c0,c1,x0,x1); \ + mul7(b0, b1); + +#define round9(a0,a1,b0,b1,c0,c1,x0,x1) \ + roundX(a0,a1,b0,b1,c0,c1,x0,x1); \ + mul9(b0, b1); + + +/* mixed with key_schedule + */ +#define pass5(a0,a1,b0,b1,c0,c1) \ + round5(a0,a1,b0,b1,c0,c1,x00,x01); \ + sub64(x00, x01, x70^0xA5A5A5A5, x71^0xA5A5A5A5); \ + round5(b0,b1,c0,c1,a0,a1,x10,x11); \ + xor64(x10, x11, x00, x01); \ + round5(c0,c1,a0,a1,b0,b1,x20,x21); \ + add64(x20, x21, x10, x11); \ + round5(a0,a1,b0,b1,c0,c1,x30,x31); \ + sub64(x30, x31, x20^((~x10)<<19), ~x21^(((x11)<<19)|((x10)>>13))); \ + round5(b0,b1,c0,c1,a0,a1,x40,x41); \ + xor64(x40, x41, x30, x31); \ + round5(c0,c1,a0,a1,b0,b1,x50,x51); \ + add64(x50, x51, x40, x41); \ + round5(a0,a1,b0,b1,c0,c1,x60,x61); \ + sub64(x60, x61, ~x50^(((x40)>>23)|((x41)<<9)), x51^((~x41)>>23)); \ + round5(b0,b1,c0,c1,a0,a1,x70,x71); + +/* mixed with key_schedule + */ +#define pass7(a0,a1,b0,b1,c0,c1) \ + round7(a0,a1,b0,b1,c0,c1,x00,x01); \ + sub64(x00, x01, x70^0xA5A5A5A5, x71^0xA5A5A5A5); \ + round7(b0,b1,c0,c1,a0,a1,x10,x11); \ + xor64(x10, x11, x00, x01); \ + round7(c0,c1,a0,a1,b0,b1,x20,x21); \ + add64(x20, x21, x10, x11); \ + round7(a0,a1,b0,b1,c0,c1,x30,x31); \ + sub64(x30, x31, x20^((~x10)<<19), ~x21^(((x11)<<19)|((x10)>>13))); \ + round7(b0,b1,c0,c1,a0,a1,x40,x41); \ + xor64(x40, x41, x30, x31); \ + round7(c0,c1,a0,a1,b0,b1,x50,x51); \ + add64(x50, x51, x40, x41); \ + round7(a0,a1,b0,b1,c0,c1,x60,x61); \ + sub64(x60, x61, ~x50^(((x40)>>23)|((x41)<<9)), x51^((~x41)>>23)); \ + round7(b0,b1,c0,c1,a0,a1,x70,x71); + +/* mixed with key_schedule + */ +#define pass9(a0,a1,b0,b1,c0,c1) \ + round9(a0,a1,b0,b1,c0,c1,x00,x01); \ + sub64(x00, x01, x70^0xA5A5A5A5, x71^0xA5A5A5A5); \ + round9(b0,b1,c0,c1,a0,a1,x10,x11); \ + xor64(x10, x11, x00, x01); \ + round9(c0,c1,a0,a1,b0,b1,x20,x21); \ + add64(x20, x21, x10, x11); \ + round9(a0,a1,b0,b1,c0,c1,x30,x31); \ + sub64(x30, x31, x20^((~x10)<<19), ~x21^(((x11)<<19)|((x10)>>13))); \ + round9(b0,b1,c0,c1,a0,a1,x40,x41); \ + xor64(x40, x41, x30, x31); \ + round9(c0,c1,a0,a1,b0,b1,x50,x51); \ + add64(x50, x51, x40, x41); \ + round9(a0,a1,b0,b1,c0,c1,x60,x61); \ + sub64(x60, x61, ~x50^(((x40)>>23)|((x41)<<9)), x51^((~x41)>>23)); \ + round9(b0,b1,c0,c1,a0,a1,x70,x71); + +#define key_schedule \ + xor64(x70, x71, x60, x61); \ + add64(x00, x01, x70, x71); \ + sub64(x10, x11, x00^((~x70)<<19), ~x01^(((x71)<<19)|((x70)>>13))); \ + xor64(x20, x21, x10, x11); \ + add64(x30, x31, x20, x21); \ + sub64(x40, x41, ~x30^(((x20)>>23)|((x21)<<9)), x31^((~x21)>>23)); \ + xor64(x50, x51, x40, x41); \ + add64(x60, x61, x50, x51); \ + sub64(x70, x71, x60^0x89ABCDEF, x61^0x01234567); + +#define feedforward \ + xor64(a0, a1, aa0, aa1); \ + sub64(b0, b1, bb0, bb1); \ + add64(c0, c1, cc0, cc1); + +#define compress \ + pass5(a0,a1,b0,b1,c0,c1); \ + key_schedule; \ + pass7(c0,c1,a0,a1,b0,b1); \ + key_schedule; \ + pass9(b0,b1,c0,c1,a0,a1); \ + feedforward + +#define tiger_compress_macro(str, state) \ +{ \ + register sh_word32 a0, a1, b0, b1, c0, c1; \ + sh_word32 aa0, aa1, bb0, bb1, cc0, cc1; \ + sh_word32 x00, x01, x10, x11, x20, x21, x30, x31, \ + x40, x41, x50, x51, x60, x61, x70, x71; \ + sh_word32 temp0, temp1, tempt0, tempt1, temps0, tcarry; \ +\ + a0 = state[0]; \ + a1 = state[1]; \ + b0 = state[2]; \ + b1 = state[3]; \ + c0 = state[4]; \ + c1 = state[5]; \ +\ + save_abc \ +\ + x00=str[0*2]; x01=str[0*2+1]; x10=str[1*2]; x11=str[1*2+1]; \ + x20=str[2*2]; x21=str[2*2+1]; x30=str[3*2]; x31=str[3*2+1]; \ + x40=str[4*2]; x41=str[4*2+1]; x50=str[5*2]; x51=str[5*2+1]; \ + x60=str[6*2]; x61=str[6*2+1]; x70=str[7*2]; x71=str[7*2+1]; \ +\ + compress; \ +\ + state[0] = a0; \ + state[1] = a1; \ + state[2] = b0; \ + state[3] = b1; \ + state[4] = c0; \ + state[5] = c1; \ +} + +#if defined(UNROLL_COMPRESS) +/* The compress function is inlined */ +#define tiger_compress(str, state) \ + tiger_compress_macro(((sh_word32*)str), ((sh_word32*)state)) + +#else + +void +tiger_compress(sh_word32 *str, sh_word32 state[6]) +{ + tiger_compress_macro(((sh_word32*)str), ((sh_word32*)state)); +} +#endif + +void +tiger_t(const sh_word32 *str, sh_word32 length, sh_word32 res[6]) +{ + register sh_word32 i; +#ifdef BIG_ENDIAN + register sh_word32 j; + sh_byte temp[64]; +#endif + + for(i=length; i>=64; i-=64) + { +#ifdef BIG_ENDIAN + for(j=0; j<64; j++) + temp[j^3] = ((sh_byte*)str)[j]; + tiger_compress_macro(((sh_word32*)temp), res); +#else + tiger_compress_macro(str, res); +#endif + str += 16; + } +} + + +void tiger(sh_word32 *str, sh_word32 length, sh_word32 res[6]) +{ + register sh_word32 i, j; + sh_byte temp[64]; + + /* + * res[0]=0x89ABCDEF; + * res[1]=0x01234567; + * res[2]=0x76543210; + * res[3]=0xFEDCBA98; + * res[4]=0xC3B2E187; + * res[5]=0xF096A5B4; + */ + + for(i=length; i>=64; i-=64) + { +#ifdef BIG_ENDIAN + for(j=0; j<64; j++) + temp[j^3] = ((sh_byte*)str)[j]; + tiger_compress(((sh_word32*)temp), res); +#else + tiger_compress(str, res); +#endif + str += 16; + } + +#ifdef BIG_ENDIAN + for(j=0; j56) + { + for(; j<64; j++) + temp[j] = 0; + tiger_compress(((sh_word32*)temp), res); + j=0; + } + + for(; j<56; j++) + temp[j] = 0; + ((sh_word32*)(&(temp[56])))[0] = ((sh_word32)length)<<3; + ((sh_word32*)(&(temp[56])))[1] = 0; + tiger_compress(((sh_word32*)temp), res); +} + +#endif + Index: /tags/2.5.0/src/sh_tiger1.s =================================================================== --- /tags/2.5.0/src/sh_tiger1.s (revision 189) +++ /tags/2.5.0/src/sh_tiger1.s (revision 189) @@ -0,0 +1,4866 @@ + .file "sh_tiger1.c" + .text +.globl tiger_compress + .type tiger_compress, @function +tiger_compress: + pushl %ebp + pushl %edi + pushl %esi + pushl %ebx + subl $544, %esp + movl 568(%esp), %ebp + movl 568(%esp), %eax + movl 568(%esp), %ebx + movl (%ebp), %ecx + movl 564(%esp), %edi + movl %ecx, 12(%esp) + movl 4(%eax), %esi + movl %esi, 8(%esp) + movl 12(%ebx), %edx + movl 8(%ebx), %ecx + movl %edx, 4(%esp) + movl 16(%ebx), %eax + movl 20(%ebx), %ebp + movl %ecx, 540(%esp) + movl %eax, 536(%esp) + movl %ebp, (%esp) + movl (%edi), %esi + movl %esi, 532(%esp) + movl 4(%edi), %edx + movl %edx, 528(%esp) + movl 8(%edi), %ebx + movl %ebx, 524(%esp) + movl 12(%edi), %ebp + movl %ebp, 520(%esp) + movl 16(%edi), %eax + movl %eax, 516(%esp) + movl 20(%edi), %ecx + movl %ecx, 512(%esp) + movl 24(%edi), %esi + movl %esi, 508(%esp) + movl 28(%edi), %edx + movl %edx, 504(%esp) + movl 32(%edi), %ebx + movl %ebx, 500(%esp) + movl 36(%edi), %ebp + movl %ebp, 496(%esp) + movl 40(%edi), %eax + movl %eax, 492(%esp) + movl 44(%edi), %ecx + movl 532(%esp), %eax + movl %ecx, 488(%esp) + movl 48(%edi), %esi + movl 528(%esp), %ecx + movl %esi, 484(%esp) + movl 52(%edi), %edx + movl (%esp), %esi + movl %edx, 480(%esp) + movl 56(%edi), %ebx + xorl %ecx, %esi + movl %ebx, 476(%esp) + movl 60(%edi), %ebp + movl %esi, 468(%esp) + movl $tiger_table, %esi + movl %ebp, 472(%esp) + movl 536(%esp), %ebp + xorl %eax, %ebp + movl %ebp, %edi + movl %ebp, %ebx + shrl $16, %edi + andl $255, %ebx + andl $255, %edi + movl (%esi,%ebx,8), %edx + movl tiger_table+2048(,%edi,8), %ecx + movl 4(%esi,%ebx,8), %eax + xorl %edx, %ecx + movl tiger_table+2052(,%edi,8), %edx + xorl %eax, %edx + movzbl 468(%esp),%eax + movl tiger_table+4096(,%eax,8), %edi + movl tiger_table+4100(,%eax,8), %ebx + movl 468(%esp), %eax + xorl %edi, %ecx + xorl %ebx, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %edi + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %edi, %ecx + xorl %ebx, %edx + cmpl %ecx, 12(%esp) + movl 12(%esp), %edi + setb %al + subl %ecx, %edi + addl %eax, %edx + movl %edi, 464(%esp) + movl 8(%esp), %eax + subl %edx, %eax + movl %eax, 460(%esp) + movl %ebp, %edx + movzbl %dh, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + xorl %ebx, %eax + movl tiger_table+4100(,%edx,8), %ebx + movl tiger_table+6148(,%ecx,8), %edx + movl 468(%esp), %ecx + xorl %edx, %ebx + movzbl %ch, %edx + movl tiger_table+2048(,%edx,8), %edi + xorl %edi, %eax + movl tiger_table+2052(,%edx,8), %edi + movl %ecx, %edx + shrl $24, %edx + xorl %edi, %ebx + movl 4(%esi,%edx,8), %edi + movl (%esi,%edx,8), %ecx + xorl %edi, %ebx + movl 540(%esp), %edi + xorl %ecx, %eax + addl %eax, %edi + cmpl %eax, %edi + setb %al + movzbl %al, %ecx + leal (%ebx,%ecx), %edx + movl 4(%esp), %ebx + leal 0(,%edi,4), %ecx + movl %edi, %eax + addl %edx, %ebx + addl %ecx, %edi + shrl $30, %eax + leal 0(,%ebx,4), %edx + orl %eax, %edx + xorl %eax, %eax + cmpl %ecx, %edi + setb %al + addl %eax, %edx + xorl %ecx, %ecx + addl %edx, %ebx + movl %ebx, 444(%esp) + movl 476(%esp), %edx + movl 532(%esp), %ebx + movl 472(%esp), %eax + xorl $-1515870811, %edx + cmpl %edx, 532(%esp) + setb %cl + subl %edx, %ebx + movl %ebx, 456(%esp) + movl 524(%esp), %ebx + xorl $-1515870811, %eax + xorl %ebx, 464(%esp) + addl %ecx, %eax + movl 528(%esp), %edx + movl 520(%esp), %ecx + movzbl 464(%esp),%ebx + subl %eax, %edx + movl 464(%esp), %eax + xorl %ecx, 460(%esp) + movl %edx, 452(%esp) + shrl $16, %eax + andl $255, %eax + movl (%esi,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%esi,%ebx,8), %eax + xorl %eax, %edx + movzbl 460(%esp),%eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl 460(%esp), %eax + xorl %ebx, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %ebx, %edx + xorl %ebx, %ebx + cmpl %ecx, %edi + setb %bl + subl %ecx, %edi + addl %ebx, %edx + movl %edi, 448(%esp) + movl 464(%esp), %eax + subl %edx, 444(%esp) + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6148(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%ecx,8), %edi + xorl %ebx, %edx + movl 460(%esp), %ebx + xorl %edi, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %edi + xorl %edi, %eax + movl tiger_table+2052(,%ecx,8), %edi + movl %ebx, %ecx + shrl $24, %ecx + xorl %edi, %edx + movl (%esi,%ecx,8), %edi + movl 4(%esi,%ecx,8), %ebx + xorl %edi, %eax + xorl %ebx, %edx + leal (%ebp,%eax), %ebx + cmpl %eax, %ebx + setb %al + movl %ebx, %edi + movzbl %al, %ebp + addl %ebp, %edx + movl 468(%esp), %ebp + leal 0(,%ebx,4), %ecx + shrl $30, %edi + xorl %eax, %eax + addl %edx, %ebp + leal 0(,%ebp,4), %edx + orl %edi, %edx + leal (%ebx,%ecx), %edi + cmpl %ecx, %edi + setb %al + movl 456(%esp), %ecx + addl %eax, %edx + leal (%ebp,%edx), %ebx + movl 516(%esp), %ebp + xorl %ebp, 448(%esp) + movl 452(%esp), %eax + movl %ebx, 424(%esp) + movl 520(%esp), %ebx + movl 524(%esp), %edx + xorl %eax, %ebx + movl 448(%esp), %eax + movl %ebx, 432(%esp) + xorl %ecx, %edx + movl 512(%esp), %ecx + movzbl 448(%esp),%ebx + shrl $16, %eax + andl $255, %eax + xorl %ecx, 444(%esp) + movl tiger_table+2048(,%eax,8), %ecx + movl %edx, 440(%esp) + movl (%esi,%ebx,8), %edx + movl 4(%esi,%ebx,8), %ebp + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 444(%esp),%eax + xorl %ebp, %edx + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %ebp + movl 444(%esp), %eax + xorl %ebx, %ecx + xorl %ebp, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %ebp + xorl %ebx, %ecx + xorl %ebp, %edx + xorl %ebx, %ebx + cmpl %ecx, %edi + setb %bl + subl %ecx, %edi + addl %ebx, %edx + movl %edi, 428(%esp) + movl 448(%esp), %eax + subl %edx, 424(%esp) + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6148(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%ecx,8), %edi + xorl %ebx, %edx + movl 444(%esp), %ebx + xorl %edi, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebp + movl tiger_table+2052(,%ecx,8), %edi + movl %ebx, %ecx + shrl $24, %ecx + xorl %ebp, %eax + movl 4(%esi,%ecx,8), %ebx + movl (%esi,%ecx,8), %ebp + xorl %edi, %edx + xorl %ebx, %edx + movl 464(%esp), %ebx + xorl %ebp, %eax + addl %eax, %ebx + cmpl %eax, %ebx + movl %ebx, %ebp + setb %al + movzbl %al, %edi + leal 0(,%ebx,4), %ecx + addl %edi, %edx + movl 460(%esp), %edi + shrl $30, %ebp + xorl %eax, %eax + addl %edx, %edi + leal 0(,%edi,4), %edx + orl %ebp, %edx + leal (%ebx,%ecx), %ebp + cmpl %ecx, %ebp + movl 440(%esp), %ebx + setb %al + addl %eax, %edx + movl 516(%esp), %eax + leal (%edi,%edx), %edx + movl 440(%esp), %edi + addl %ebx, %eax + movl %edx, 412(%esp) + movl 432(%esp), %edx + cmpl %edi, %eax + movl %eax, 436(%esp) + setb %cl + movl 512(%esp), %ebx + movl 508(%esp), %edi + movzbl %cl, %eax + addl %edx, %eax + xorl %edi, 428(%esp) + addl %ebx, %eax + movl 504(%esp), %ecx + movl %eax, 420(%esp) + movl 428(%esp), %eax + movzbl 428(%esp),%ebx + xorl %ecx, 424(%esp) + shrl $16, %eax + andl $255, %eax + movl (%esi,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl 4(%esi,%ebx,8), %edi + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 424(%esp),%eax + xorl %edi, %edx + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %edi + movl 424(%esp), %eax + xorl %ebx, %ecx + xorl %edi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %edi + xorl %ebx, %ecx + xorl %edi, %edx + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + subl %ecx, %ebp + addl %ebx, %edx + movl %ebp, 416(%esp) + movl 428(%esp), %eax + subl %edx, 412(%esp) + movl %eax, %edx + movzbl %ah, %edi + shrl $24, %edx + movl tiger_table+6148(,%edi,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%edi,8), %ecx + xorl %ebx, %edx + movl 424(%esp), %ebx + xorl %ecx, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebp + movl tiger_table+2052(,%ecx,8), %edi + xorl %ebp, %eax + movl %ebx, %ebp + xorl %edi, %edx + shrl $24, %ebp + movl (%esi,%ebp,8), %ebx + movl 4(%esi,%ebp,8), %edi + xorl %ebx, %eax + movl 448(%esp), %ebx + xorl %edi, %edx + movl 444(%esp), %edi + addl %eax, %ebx + cmpl %eax, %ebx + movl %ebx, %ebp + setb %cl + movzbl %cl, %eax + shrl $30, %ebp + addl %eax, %edx + leal 0(,%ebx,4), %ecx + addl %edx, %edi + leal 0(,%edi,4), %edx + orl %ebp, %edx + leal (%ebx,%ecx), %ebp + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + addl %ebx, %edx + movl 436(%esp), %ebx + leal (%edi,%edx), %eax + movl %eax, 396(%esp) + movl 440(%esp), %edx + movl 508(%esp), %edi + movl 432(%esp), %eax + notl %edx + movl 440(%esp), %ecx + sall $19, %edx + xorl %ebx, %edx + xorl %ebx, %ebx + cmpl %edx, 508(%esp) + setb %bl + subl %edx, %edi + movl %edi, 408(%esp) + movl 420(%esp), %edx + shrl $13, %ecx + sall $19, %eax + movl 500(%esp), %edi + orl %ecx, %eax + xorl %edi, 416(%esp) + notl %edx + xorl %eax, %edx + addl %ebx, %edx + movl 504(%esp), %ebx + movl 416(%esp), %eax + movl 496(%esp), %ecx + subl %edx, %ebx + shrl $16, %eax + movl %ebx, 404(%esp) + movzbl 416(%esp),%ebx + andl $255, %eax + xorl %ecx, 412(%esp) + movl tiger_table+2048(,%eax,8), %ecx + movl (%esi,%ebx,8), %edx + movl 4(%esi,%ebx,8), %edi + movzbl 412(%esp),%ebx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl tiger_table+4096(,%ebx,8), %eax + xorl %edi, %edx + movl tiger_table+4100(,%ebx,8), %edi + movl 412(%esp), %ebx + xorl %eax, %ecx + xorl %edi, %edx + shrl $16, %ebx + andl $255, %ebx + movl tiger_table+6144(,%ebx,8), %eax + movl tiger_table+6148(,%ebx,8), %edi + xorl %eax, %ecx + xorl %edi, %edx + xorl %eax, %eax + cmpl %ecx, %ebp + setb %al + addl %eax, %edx + subl %ecx, %ebp + movl %ebp, 400(%esp) + subl %edx, 396(%esp) + movl 416(%esp), %edx + movzbl %dh, %ebp + shrl $24, %edx + movl tiger_table+6148(,%ebp,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%ebp,8), %ecx + xorl %ebx, %edx + movl 412(%esp), %ebx + xorl %ecx, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %edi + movl tiger_table+2052(,%ecx,8), %ebp + movl %ebx, %ecx + shrl $24, %ecx + xorl %edi, %eax + movl 4(%esi,%ecx,8), %ebx + movl (%esi,%ecx,8), %edi + xorl %ebp, %edx + xorl %ebx, %edx + movl 428(%esp), %ebx + xorl %edi, %eax + addl %eax, %ebx + cmpl %eax, %ebx + movl %ebx, %edi + setb %al + movzbl %al, %ebp + leal 0(,%ebx,4), %ecx + addl %ebp, %edx + movl 424(%esp), %ebp + shrl $30, %edi + xorl %eax, %eax + addl %edx, %ebp + leal 0(,%ebp,4), %edx + orl %edi, %edx + leal (%ebx,%ecx), %edi + cmpl %ecx, %edi + setb %al + addl %eax, %edx + movl 404(%esp), %eax + leal (%ebp,%edx), %ebx + movl %ebx, 376(%esp) + movl 492(%esp), %ebp + movl 496(%esp), %ebx + xorl %ebp, 400(%esp) + movl 408(%esp), %ecx + movl 500(%esp), %edx + xorl %eax, %ebx + movl 400(%esp), %eax + xorl %ecx, %edx + movl %ebx, 384(%esp) + movl 488(%esp), %ecx + shrl $16, %eax + movzbl 400(%esp),%ebx + movl %edx, 392(%esp) + andl $255, %eax + xorl %ecx, 396(%esp) + movl tiger_table+2048(,%eax,8), %ecx + movl (%esi,%ebx,8), %edx + movl 4(%esi,%ebx,8), %ebp + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 396(%esp),%eax + xorl %ebp, %edx + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %ebp + movl 396(%esp), %eax + xorl %ebx, %ecx + xorl %ebp, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %ebp + xorl %ebx, %ecx + xorl %ebp, %edx + xorl %ebx, %ebx + cmpl %ecx, %edi + setb %bl + subl %ecx, %edi + addl %ebx, %edx + movl %edi, 380(%esp) + movl 400(%esp), %eax + subl %edx, 376(%esp) + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6148(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%ecx,8), %edi + xorl %ebx, %edx + movl 396(%esp), %ebx + xorl %edi, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebp + movl tiger_table+2052(,%ecx,8), %edi + movl %ebx, %ecx + shrl $24, %ecx + xorl %ebp, %eax + movl 4(%esi,%ecx,8), %ebx + movl (%esi,%ecx,8), %ebp + xorl %edi, %edx + xorl %ebx, %edx + movl 416(%esp), %ebx + xorl %ebp, %eax + addl %eax, %ebx + cmpl %eax, %ebx + movl %ebx, %ebp + setb %al + movzbl %al, %edi + leal 0(,%ebx,4), %ecx + addl %edi, %edx + movl 412(%esp), %edi + shrl $30, %ebp + xorl %eax, %eax + addl %edx, %edi + leal 0(,%edi,4), %edx + orl %ebp, %edx + leal (%ebx,%ecx), %ebp + cmpl %ecx, %ebp + movl 392(%esp), %ebx + setb %al + addl %eax, %edx + movl 492(%esp), %eax + leal (%edi,%edx), %edx + movl 392(%esp), %edi + addl %ebx, %eax + movl %edx, 364(%esp) + movl 384(%esp), %edx + cmpl %edi, %eax + movl %eax, 388(%esp) + setb %cl + movl 488(%esp), %ebx + movl 484(%esp), %edi + movzbl %cl, %eax + addl %edx, %eax + xorl %edi, 380(%esp) + addl %ebx, %eax + movl 480(%esp), %ecx + movl %eax, 372(%esp) + movl 380(%esp), %eax + movzbl 380(%esp),%ebx + xorl %ecx, 376(%esp) + shrl $16, %eax + andl $255, %eax + movl (%esi,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl 4(%esi,%ebx,8), %edi + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 376(%esp),%eax + xorl %edi, %edx + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %edi + movl 376(%esp), %eax + xorl %ebx, %ecx + xorl %edi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %edi + xorl %ebx, %ecx + xorl %edi, %edx + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + subl %ecx, %ebp + addl %ebx, %edx + movl %ebp, 368(%esp) + movl 380(%esp), %eax + subl %edx, 364(%esp) + movl %eax, %edx + movzbl %ah, %edi + shrl $24, %edx + movl tiger_table+6148(,%edi,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%edi,8), %ecx + xorl %ebx, %edx + movl 376(%esp), %ebx + xorl %ecx, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebp + movl tiger_table+2052(,%ecx,8), %edi + xorl %ebp, %eax + movl %ebx, %ebp + xorl %edi, %edx + shrl $24, %ebp + movl (%esi,%ebp,8), %ebx + movl 4(%esi,%ebp,8), %edi + xorl %ebx, %eax + movl 400(%esp), %ebx + xorl %edi, %edx + movl 396(%esp), %edi + addl %eax, %ebx + cmpl %eax, %ebx + movl %ebx, %ebp + setb %cl + movzbl %cl, %eax + shrl $30, %ebp + addl %eax, %edx + leal 0(,%ebx,4), %ecx + addl %edx, %edi + leal 0(,%edi,4), %edx + movl 392(%esp), %eax + orl %ebp, %edx + leal (%ebx,%ecx), %ebp + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + addl %ebx, %edx + movl 388(%esp), %ebx + leal (%edi,%edx), %ecx + movl 384(%esp), %edx + shrl $23, %eax + movl %ecx, 288(%esp) + notl %ebx + movl 484(%esp), %edi + sall $9, %edx + movl 372(%esp), %ecx + orl %edx, %eax + xorl %eax, %ebx + xorl %edx, %edx + movl 384(%esp), %eax + cmpl %ebx, 484(%esp) + notl %eax + setb %dl + subl %ebx, %edi + shrl $23, %eax + movl 480(%esp), %ebx + movl %edi, 356(%esp) + movl 476(%esp), %edi + xorl %ecx, %eax + xorl %edi, 368(%esp) + addl %edx, %eax + subl %eax, %ebx + movl %ebx, 352(%esp) + movl 472(%esp), %ecx + movl 368(%esp), %eax + movzbl 368(%esp),%ebx + xorl %ecx, 364(%esp) + shrl $16, %eax + andl $255, %eax + movl (%esi,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl 4(%esi,%ebx,8), %edi + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 364(%esp),%eax + xorl %edi, %edx + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %edi + movl 364(%esp), %eax + xorl %ebx, %ecx + xorl %edi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %edi + xorl %ebx, %ecx + xorl %edi, %edx + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + subl %ecx, %ebp + addl %ebx, %edx + movl %ebp, 292(%esp) + movl 368(%esp), %eax + subl %edx, 288(%esp) + movl %eax, %edx + movzbl %ah, %edi + shrl $24, %edx + movl tiger_table+6148(,%edi,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%edi,8), %ecx + xorl %ebx, %edx + movl 364(%esp), %ebx + xorl %ecx, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebp + movl tiger_table+2052(,%ecx,8), %edi + movl %ebx, %ecx + shrl $24, %ecx + xorl %ebp, %eax + movl 4(%esi,%ecx,8), %ebx + movl (%esi,%ecx,8), %ebp + xorl %edi, %edx + xorl %ebx, %edx + movl 380(%esp), %ebx + xorl %ebp, %eax + addl %eax, %ebx + cmpl %eax, %ebx + leal 0(,%ebx,4), %ecx + setb %al + movzbl %al, %edi + movl %ebx, %ebp + addl %edi, %edx + movl 376(%esp), %edi + addl %ecx, %ebx + shrl $30, %ebp + movl %ebx, 360(%esp) + xorl %eax, %eax + addl %edx, %edi + leal 0(,%edi,4), %edx + orl %ebp, %edx + cmpl %ecx, %ebx + setb %al + movl 356(%esp), %ebp + addl %eax, %edx + leal (%edi,%edx), %eax + movl 476(%esp), %edi + movl 456(%esp), %edx + movl %eax, 268(%esp) + movl 352(%esp), %ecx + xorl %ebp, %edi + movl 472(%esp), %ebp + addl %edi, %edx + movl %edx, 348(%esp) + xorl %ecx, %ebp + cmpl %edi, %edx + setb %bl + movl 452(%esp), %ecx + movzbl %bl, %eax + leal (%ebp,%eax), %edx + movl 348(%esp), %ebx + movl %edi, %eax + notl %eax + addl %ecx, %edx + sall $19, %eax + movl %edx, 344(%esp) + xorl %ebx, %eax + xorl %ebx, %ebx + cmpl %eax, 440(%esp) + movl %edi, %ecx + movl 440(%esp), %edx + setb %bl + subl %eax, %edx + movl %ebp, %eax + movl %edx, 340(%esp) + movl 344(%esp), %edx + shrl $13, %ecx + sall $19, %eax + orl %ecx, %eax + notl %edx + xorl %eax, %edx + movl 432(%esp), %ecx + addl %ebx, %edx + movl 340(%esp), %eax + movl 436(%esp), %ebx + subl %edx, %ecx + movl %ecx, 336(%esp) + xorl %eax, %ebx + xorl %eax, %eax + movl %ebx, 332(%esp) + movl 420(%esp), %edx + xorl %ecx, %edx + movl %edx, 324(%esp) + movl 408(%esp), %edx + movl 324(%esp), %ecx + addl %ebx, %edx + cmpl %ebx, %edx + setb %al + movl %edx, 328(%esp) + addl %ecx, %eax + movl 404(%esp), %ecx + addl %ecx, %eax + movl %edx, %ecx + notl %ecx + movl %eax, 320(%esp) + movl %ebx, %eax + movl 324(%esp), %ebx + shrl $23, %eax + xorl %edx, %edx + sall $9, %ebx + orl %ebx, %eax + xorl %eax, %ecx + movl 392(%esp), %ebx + cmpl %ecx, 392(%esp) + movl 324(%esp), %eax + setb %dl + subl %ecx, %ebx + movl 320(%esp), %ecx + notl %eax + movl %ebx, 316(%esp) + shrl $23, %eax + xorl %ecx, %eax + addl %edx, %eax + movl 384(%esp), %edx + movl 388(%esp), %ecx + subl %eax, %edx + movl 356(%esp), %eax + xorl %ebx, %ecx + movl %edx, 312(%esp) + movl 372(%esp), %ebx + movl %ecx, 308(%esp) + addl %ecx, %eax + xorl %edx, %ebx + movl %eax, 304(%esp) + cmpl %ecx, %eax + setb %dl + movl %ebx, 300(%esp) + movl 352(%esp), %ecx + movzbl %dl, %eax + movl 304(%esp), %edx + addl %ebx, %eax + xorl %ebx, %ebx + addl %ecx, %eax + xorl $-1985229329, %edx + movl %eax, 296(%esp) + cmpl %edx, %edi + movl 296(%esp), %eax + setb %bl + subl %edx, %edi + movl 344(%esp), %ecx + movl %edi, 280(%esp) + movl 348(%esp), %edi + xorl $19088743, %eax + xorl %edi, 292(%esp) + addl %ebx, %eax + subl %eax, %ebp + movl %ebp, 276(%esp) + movl 292(%esp), %ebx + movzbl 292(%esp),%ebp + xorl %ecx, 288(%esp) + shrl $16, %ebx + andl $255, %ebx + movl (%esi,%ebp,8), %edx + movl tiger_table+2048(,%ebx,8), %ecx + movl 4(%esi,%ebp,8), %eax + xorl %edx, %ecx + movl tiger_table+2052(,%ebx,8), %edx + movzbl 288(%esp),%ebx + xorl %eax, %edx + movl tiger_table+4096(,%ebx,8), %edi + movl tiger_table+4100(,%ebx,8), %ebp + xorl %edi, %ecx + movl 288(%esp), %edi + xorl %ebp, %edx + movl 360(%esp), %ebp + shrl $16, %edi + andl $255, %edi + movl tiger_table+6144(,%edi,8), %eax + movl tiger_table+6148(,%edi,8), %ebx + xorl %eax, %ecx + xorl %ebx, %edx + xorl %eax, %eax + cmpl %ecx, 360(%esp) + setb %al + subl %ecx, %ebp + movl %ebp, 272(%esp) + addl %eax, %edx + movl 292(%esp), %eax + subl %edx, 268(%esp) + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6148(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%ecx,8), %edi + xorl %ebx, %edx + movl 288(%esp), %ebx + xorl %edi, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebp + movl tiger_table+2052(,%ecx,8), %edi + movl %ebx, %ecx + shrl $24, %ecx + xorl %ebp, %eax + movl (%esi,%ecx,8), %ebx + movl 4(%esi,%ecx,8), %ebp + xorl %edi, %edx + movl 368(%esp), %ecx + xorl %ebx, %eax + movl %esi, %edi + xorl %ebp, %edx + addl %eax, %ecx + movl 364(%esp), %ebp + cmpl %eax, %ecx + setb %al + movzbl %al, %ebx + addl %ebx, %edx + addl %ebp, %edx + movl %ecx, %eax + leal 0(,%ecx,8), %ebx + shrl $29, %eax + leal 0(,%edx,8), %ebp + orl %eax, %ebp + xorl %eax, %eax + cmpl %ecx, %ebx + setb %al + leal (%edx,%eax), %eax + movl 280(%esp), %edx + subl %ecx, %ebx + movl %ebx, 284(%esp) + subl %eax, %ebp + xorl %ecx, %ecx + xorl $-1515870811, %edx + movl 348(%esp), %ebx + movl 276(%esp), %eax + cmpl %edx, 348(%esp) + setb %cl + subl %edx, %ebx + movl %ebx, 260(%esp) + movl 340(%esp), %ebx + xorl $-1515870811, %eax + xorl %ebx, 272(%esp) + addl %ecx, %eax + movl 344(%esp), %edx + movl 336(%esp), %ecx + movzbl 272(%esp),%ebx + subl %eax, %edx + movl 272(%esp), %eax + xorl %ecx, 268(%esp) + movl %edx, 256(%esp) + shrl $16, %eax + andl $255, %eax + movl (%esi,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%esi,%ebx,8), %eax + xorl %eax, %edx + movzbl 268(%esp),%eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl 268(%esp), %eax + xorl %ebx, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %ebx, %edx + movl 284(%esp), %ebx + cmpl %ecx, 284(%esp) + setb %al + subl %ecx, %ebx + movl %ebx, 252(%esp) + addl %eax, %edx + movl 272(%esp), %eax + subl %edx, %ebp + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %ebx, %eax + movl tiger_table+6148(,%ecx,8), %ebx + xorl %ebx, %edx + movl 268(%esp), %ebx + movzbl %bh, %ecx + xorl tiger_table+2048(,%ecx,8), %eax + xorl tiger_table+2052(,%ecx,8), %edx + movl %ebx, %ecx + shrl $24, %ecx + movl (%esi,%ecx,8), %ebx + xorl %ebx, %eax + movl 4(%esi,%ecx,8), %ebx + movl 292(%esp), %ecx + xorl %ebx, %edx + addl %eax, %ecx + cmpl %eax, %ecx + setb %bl + movzbl %bl, %eax + movl 288(%esp), %ebx + addl %eax, %edx + addl %ebx, %edx + leal 0(,%edx,8), %eax + leal 0(,%ecx,8), %ebx + movl %eax, 228(%esp) + movl %ecx, %eax + shrl $29, %eax + orl %eax, 228(%esp) + xorl %eax, %eax + cmpl %ecx, %ebx + setb %al + subl %ecx, %ebx + movl 340(%esp), %ecx + movl %ebx, 264(%esp) + movl 260(%esp), %ebx + leal (%edx,%eax), %eax + subl %eax, 228(%esp) + xorl %ebx, %ecx + movl 256(%esp), %edx + movl %ecx, 244(%esp) + movl 332(%esp), %ebx + movl 336(%esp), %eax + xorl %ebx, 252(%esp) + movl 324(%esp), %ecx + xorl %edx, %eax + movl %eax, 236(%esp) + movl 252(%esp), %eax + xorl %ecx, %ebp + movzbl 252(%esp),%ebx + shrl $16, %eax + andl $255, %eax + movl (%esi,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%esi,%ebx,8), %eax + xorl %eax, %edx + movl %ebp, %eax + andl $255, %eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl %ebp, %eax + shrl $16, %eax + andl $255, %eax + xorl %ebx, %edx + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %ebx, %edx + movl 264(%esp), %ebx + cmpl %ecx, 264(%esp) + setb %al + subl %ecx, %ebx + movl %ebx, 232(%esp) + addl %eax, %edx + movl 252(%esp), %eax + subl %edx, 228(%esp) + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %ebx, %eax + movl tiger_table+6148(,%ecx,8), %ebx + xorl %ebx, %edx + movl %ebp, %ebx + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebx + xorl %ebx, %eax + movl tiger_table+2052(,%ecx,8), %ebx + movl %ebp, %ecx + shrl $24, %ecx + xorl %ebx, %edx + movl (%esi,%ecx,8), %ebx + xorl %ebx, %eax + movl 4(%esi,%ecx,8), %ebx + movl 272(%esp), %ecx + xorl %ebx, %edx + addl %eax, %ecx + cmpl %eax, %ecx + setb %bl + movzbl %bl, %eax + movl 268(%esp), %ebx + addl %eax, %edx + addl %ebx, %edx + leal 0(,%edx,8), %eax + leal 0(,%ecx,8), %ebx + movl %eax, 212(%esp) + movl %ecx, %eax + shrl $29, %eax + orl %eax, 212(%esp) + xorl %eax, %eax + cmpl %ecx, %ebx + setb %al + subl %ecx, %ebx + leal (%edx,%eax), %ecx + movl %ebx, 248(%esp) + movl 244(%esp), %eax + movl 332(%esp), %edx + subl %ecx, 212(%esp) + movl 244(%esp), %ebx + addl %eax, %edx + movl %edx, 240(%esp) + movl 236(%esp), %ecx + xorl %eax, %eax + cmpl %ebx, %edx + movl 324(%esp), %edx + setb %al + movl 328(%esp), %ebx + addl %ecx, %eax + movl 320(%esp), %ecx + xorl %ebx, 232(%esp) + addl %edx, %eax + movl %eax, 220(%esp) + xorl %ecx, 228(%esp) + movl 232(%esp), %eax + movzbl 232(%esp),%ebx + shrl $16, %eax + andl $255, %eax + movl (%esi,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%esi,%ebx,8), %eax + xorl %eax, %edx + movzbl 228(%esp),%eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl 228(%esp), %eax + xorl %ebx, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %ebx, %edx + movl 248(%esp), %ebx + cmpl %ecx, 248(%esp) + setb %al + subl %ecx, %ebx + movl %ebx, 216(%esp) + addl %eax, %edx + movl 232(%esp), %eax + subl %edx, 212(%esp) + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %ebx, %eax + movl tiger_table+6148(,%ecx,8), %ebx + xorl %ebx, %edx + movl 228(%esp), %ebx + movzbl %bh, %ecx + xorl tiger_table+2048(,%ecx,8), %eax + xorl tiger_table+2052(,%ecx,8), %edx + movl %ebx, %ecx + shrl $24, %ecx + movl (%esi,%ecx,8), %ebx + xorl %ebx, %eax + movl 4(%esi,%ecx,8), %ebx + movl 252(%esp), %ecx + xorl %ebx, %edx + addl %eax, %ecx + cmpl %eax, %ecx + setb %al + movzbl %al, %ebx + addl %ebx, %edx + movl %ecx, %eax + leal (%ebp,%edx), %ebx + shrl $29, %eax + leal 0(,%ecx,8), %edx + leal 0(,%ebx,8), %ebp + orl %eax, %ebp + xorl %eax, %eax + cmpl %ecx, %edx + setb %al + subl %ecx, %edx + leal (%ebx,%eax), %ecx + movl %edx, 224(%esp) + movl 244(%esp), %eax + subl %ecx, %ebp + movl 240(%esp), %ebx + movl 328(%esp), %edx + notl %eax + sall $19, %eax + movl 244(%esp), %ecx + xorl %ebx, %eax + xorl %ebx, %ebx + cmpl %eax, 328(%esp) + setb %bl + subl %eax, %edx + movl %edx, 204(%esp) + movl 236(%esp), %eax + shrl $13, %ecx + movl 220(%esp), %edx + sall $19, %eax + orl %ecx, %eax + notl %edx + movl 312(%esp), %ecx + xorl %eax, %edx + xorl %ecx, 212(%esp) + addl %ebx, %edx + movl 320(%esp), %eax + movl 316(%esp), %ebx + xorl %ebx, 216(%esp) + subl %edx, %eax + movl %eax, 200(%esp) + movl 216(%esp), %eax + movzbl 216(%esp),%ebx + shrl $16, %eax + andl $255, %eax + movl (%esi,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%esi,%ebx,8), %eax + xorl %eax, %edx + movzbl 212(%esp),%eax + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %esi + movl 212(%esp), %eax + xorl %ebx, %ecx + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %ebx, %ecx + xorl %esi, %edx + movl 224(%esp), %esi + cmpl %ecx, 224(%esp) + setb %al + addl %eax, %edx + subl %edx, %ebp + movl 216(%esp), %edx + subl %ecx, %esi + movzbl %dh, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %ebx, %eax + movl tiger_table+6148(,%ecx,8), %ebx + xorl %ebx, %edx + movl 212(%esp), %ebx + movzbl %bh, %ecx + xorl tiger_table+2048(,%ecx,8), %eax + xorl tiger_table+2052(,%ecx,8), %edx + movl %ebx, %ecx + shrl $24, %ecx + movl (%edi,%ecx,8), %ebx + xorl %ebx, %eax + movl 4(%edi,%ecx,8), %ebx + movl 232(%esp), %ecx + xorl %ebx, %edx + addl %eax, %ecx + cmpl %eax, %ecx + setb %al + movzbl %al, %ebx + addl %ebx, %edx + movl 228(%esp), %ebx + addl %edx, %ebx + leal 0(,%ebx,8), %eax + leal 0(,%ecx,8), %edx + movl %eax, 176(%esp) + movl %ecx, %eax + shrl $29, %eax + orl %eax, 176(%esp) + xorl %eax, %eax + cmpl %ecx, %edx + setb %al + subl %ecx, %edx + movl 316(%esp), %ecx + movl %edx, 208(%esp) + leal (%ebx,%eax), %edx + movl 204(%esp), %ebx + subl %edx, 176(%esp) + movl 200(%esp), %eax + xorl %ebx, %ecx + movl %ecx, 192(%esp) + movl 308(%esp), %ebx + movl 312(%esp), %edx + movl 300(%esp), %ecx + xorl %ebx, %esi + xorl %eax, %edx + movl %edx, 184(%esp) + movl %esi, %eax + movl %esi, %ebx + shrl $16, %eax + andl $255, %ebx + andl $255, %eax + xorl %ecx, %ebp + movl (%edi,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%edi,%ebx,8), %eax + xorl %eax, %edx + movl %ebp, %eax + andl $255, %eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl %ebp, %eax + shrl $16, %eax + andl $255, %eax + xorl %ebx, %edx + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %ebx, %edx + cmpl %ecx, 208(%esp) + movl 208(%esp), %ebx + setb %al + addl %eax, %edx + movl %esi, %eax + subl %ecx, %ebx + subl %edx, 176(%esp) + movl %esi, %edx + movzbl %ah, %ecx + movl %ebx, 180(%esp) + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %ebx, %eax + movl tiger_table+6148(,%ecx,8), %ebx + xorl %ebx, %edx + movl %ebp, %ebx + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebx + xorl %ebx, %eax + movl tiger_table+2052(,%ecx,8), %ebx + movl %ebp, %ecx + shrl $24, %ecx + xorl %ebx, %edx + movl (%edi,%ecx,8), %ebx + xorl %ebx, %eax + movl 4(%edi,%ecx,8), %ebx + movl 216(%esp), %ecx + xorl %ebx, %edx + addl %eax, %ecx + cmpl %eax, %ecx + setb %al + movzbl %al, %ebx + addl %ebx, %edx + movl 212(%esp), %ebx + addl %edx, %ebx + leal 0(,%ebx,8), %eax + leal 0(,%ecx,8), %edx + movl %eax, 164(%esp) + movl %ecx, %eax + shrl $29, %eax + orl %eax, 164(%esp) + xorl %eax, %eax + cmpl %ecx, %edx + setb %al + subl %ecx, %edx + leal (%ebx,%eax), %ecx + movl %edx, 196(%esp) + movl 192(%esp), %eax + movl 308(%esp), %edx + subl %ecx, 164(%esp) + movl 192(%esp), %ebx + addl %eax, %edx + movl %edx, 188(%esp) + movl 184(%esp), %ecx + xorl %eax, %eax + cmpl %ebx, %edx + movl 300(%esp), %edx + setb %al + movl 304(%esp), %ebx + addl %ecx, %eax + movl 296(%esp), %ecx + xorl %ebx, 180(%esp) + addl %edx, %eax + movl %eax, 172(%esp) + xorl %ecx, 176(%esp) + movl 180(%esp), %eax + movzbl 180(%esp),%ebx + shrl $16, %eax + andl $255, %eax + movl (%edi,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%edi,%ebx,8), %eax + xorl %eax, %edx + movzbl 176(%esp),%eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl 176(%esp), %eax + xorl %ebx, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %ebx, %edx + movl 196(%esp), %ebx + cmpl %ecx, 196(%esp) + setb %al + addl %eax, %edx + subl %ecx, %ebx + movl %ebx, 168(%esp) + subl %edx, 164(%esp) + movl 180(%esp), %eax + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %ebx, %eax + movl tiger_table+6148(,%ecx,8), %ebx + xorl %ebx, %edx + movl 176(%esp), %ebx + movzbl %bh, %ecx + xorl tiger_table+2048(,%ecx,8), %eax + xorl tiger_table+2052(,%ecx,8), %edx + movl %ebx, %ecx + shrl $24, %ecx + movl (%edi,%ecx,8), %ebx + xorl %ebx, %eax + movl 4(%edi,%ecx,8), %ebx + leal (%esi,%eax), %ecx + xorl %ebx, %edx + cmpl %eax, %ecx + setb %al + movzbl %al, %ebx + addl %ebx, %edx + leal (%ebp,%edx), %esi + movl %ecx, %ebp + leal 0(,%esi,8), %eax + movl %eax, 88(%esp) + leal 0(,%ecx,8), %ebx + xorl %eax, %eax + shrl $29, %ebp + movl 184(%esp), %edx + orl %ebp, 88(%esp) + cmpl %ecx, %ebx + movl 192(%esp), %ebp + setb %al + subl %ecx, %ebx + leal (%esi,%eax), %ecx + subl %ecx, 88(%esp) + sall $9, %edx + movl 188(%esp), %esi + shrl $23, %ebp + movl 304(%esp), %eax + orl %edx, %ebp + notl %esi + xorl %edx, %edx + movl 172(%esp), %ecx + xorl %ebp, %esi + movl 184(%esp), %ebp + cmpl %esi, 304(%esp) + notl %ebp + setb %dl + subl %esi, %eax + shrl $23, %ebp + movl 296(%esp), %esi + movl %eax, 156(%esp) + movl 280(%esp), %eax + xorl %ecx, %ebp + xorl %eax, 168(%esp) + addl %edx, %ebp + subl %ebp, %esi + movl %esi, 152(%esp) + movl 276(%esp), %ecx + movl 168(%esp), %ebp + movzbl 168(%esp),%esi + xorl %ecx, 164(%esp) + shrl $16, %ebp + andl $255, %ebp + movl (%edi,%esi,8), %edx + movl tiger_table+2048(,%ebp,8), %ecx + movl 4(%edi,%esi,8), %eax + xorl %edx, %ecx + movl tiger_table+2052(,%ebp,8), %edx + xorl %eax, %edx + movzbl 164(%esp),%eax + movl tiger_table+4096(,%eax,8), %ebp + movl tiger_table+4100(,%eax,8), %esi + movl 164(%esp), %eax + xorl %ebp, %ecx + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebp + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %ebp, %ecx + xorl %esi, %edx + cmpl %ecx, %ebx + setb %al + addl %eax, %edx + subl %ecx, %ebx + subl %edx, 88(%esp) + movl 168(%esp), %eax + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebp + movl tiger_table+6148(,%ecx,8), %esi + movl tiger_table+4096(,%edx,8), %eax + movl 164(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %ebp, %eax + xorl %esi, %edx + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %ebp + shrl $24, %ecx + xorl %ebp, %eax + movl tiger_table+2052(,%esi,8), %ebp + movl (%edi,%ecx,8), %esi + xorl %ebp, %edx + movl 4(%edi,%ecx,8), %ebp + xorl %esi, %eax + movl 180(%esp), %ecx + xorl %ebp, %edx + addl %eax, %ecx + cmpl %eax, %ecx + leal 0(,%ecx,8), %ebp + setb %al + movzbl %al, %esi + addl %esi, %edx + movl 176(%esp), %esi + addl %edx, %esi + leal 0(,%esi,8), %eax + movl %ecx, %edx + movl %eax, 76(%esp) + shrl $29, %edx + xorl %eax, %eax + orl %edx, 76(%esp) + cmpl %ecx, %ebp + setb %al + leal (%esi,%eax), %edx + subl %ecx, %ebp + movl 156(%esp), %ecx + subl %edx, 76(%esp) + xorl %eax, %eax + movl 280(%esp), %edx + movl %ebp, 160(%esp) + movl 152(%esp), %ebp + movl 256(%esp), %esi + xorl %ecx, %edx + movl 276(%esp), %ecx + movl %edx, 148(%esp) + xorl %ebp, %ecx + movl 260(%esp), %ebp + movl %ecx, 144(%esp) + addl %edx, %ebp + cmpl %edx, %ebp + setb %al + addl %ecx, %eax + addl %esi, %eax + movl %eax, 140(%esp) + movl %edx, %eax + notl %eax + sall $19, %eax + xorl %ebp, %eax + cmpl %eax, 244(%esp) + setb %dl + movzbl %dl, %esi + movl 244(%esp), %edx + subl %eax, %edx + movl %ecx, %eax + movl %edx, 136(%esp) + movl 148(%esp), %ecx + sall $19, %eax + movl 140(%esp), %edx + shrl $13, %ecx + orl %ecx, %eax + notl %edx + movl 236(%esp), %ecx + xorl %eax, %edx + addl %esi, %edx + subl %edx, %ecx + movl %ecx, 132(%esp) + movl 220(%esp), %edx + movl 136(%esp), %eax + movl 240(%esp), %esi + xorl %ecx, %edx + movl %edx, 120(%esp) + movl 204(%esp), %edx + xorl %eax, %esi + movl %esi, 128(%esp) + movl 120(%esp), %ecx + xorl %eax, %eax + addl %esi, %edx + cmpl %esi, %edx + setb %al + movl %edx, 124(%esp) + addl %ecx, %eax + movl 200(%esp), %ecx + addl %ecx, %eax + movl %edx, %ecx + notl %ecx + movl %eax, 116(%esp) + movl %esi, %eax + movl 120(%esp), %esi + shrl $23, %eax + xorl %edx, %edx + sall $9, %esi + orl %esi, %eax + xorl %eax, %ecx + movl 192(%esp), %esi + cmpl %ecx, 192(%esp) + movl 120(%esp), %eax + setb %dl + subl %ecx, %esi + movl 116(%esp), %ecx + notl %eax + movl %esi, 112(%esp) + shrl $23, %eax + xorl %ecx, %eax + addl %edx, %eax + movl 184(%esp), %edx + movl 188(%esp), %ecx + subl %eax, %edx + movl 156(%esp), %eax + xorl %esi, %ecx + movl %edx, 108(%esp) + movl 172(%esp), %esi + movl %ecx, 104(%esp) + addl %ecx, %eax + xorl %edx, %esi + movl %eax, 100(%esp) + cmpl %ecx, %eax + setb %dl + movl %esi, 96(%esp) + movl 152(%esp), %ecx + movzbl %dl, %eax + movl 100(%esp), %edx + addl %esi, %eax + addl %ecx, %eax + movl %eax, 92(%esp) + xorl $-1985229329, %edx + xorl %eax, %eax + cmpl %edx, 148(%esp) + movl 92(%esp), %esi + movl 140(%esp), %ecx + setb %al + xorl %ebp, %ebx + xorl $19088743, %esi + subl %edx, 148(%esp) + addl %eax, %esi + movl %ebx, %eax + subl %esi, 144(%esp) + shrl $16, %eax + movzbl %bl,%esi + xorl %ecx, 88(%esp) + andl $255, %eax + movl (%edi,%esi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl 4(%edi,%esi,8), %ebp + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 88(%esp),%eax + xorl %ebp, %edx + movl tiger_table+4096(,%eax,8), %esi + movl tiger_table+4100(,%eax,8), %ebp + movl 88(%esp), %eax + xorl %esi, %ecx + xorl %ebp, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + movl tiger_table+6148(,%eax,8), %ebp + xorl %eax, %eax + xorl %esi, %ecx + xorl %ebp, %edx + cmpl %ecx, 160(%esp) + movl 160(%esp), %esi + setb %al + addl %eax, %edx + subl %ecx, %esi + movzbl %bh, %ecx + subl %edx, 76(%esp) + movl %ebx, %edx + shrl $24, %edx + movl %esi, 80(%esp) + movl tiger_table+6144(,%ecx,8), %ebp + movl tiger_table+6148(,%ecx,8), %esi + movl tiger_table+4096(,%edx,8), %eax + movl 88(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %ebp, %eax + xorl %esi, %edx + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %ebp + shrl $24, %ecx + xorl %ebp, %eax + movl tiger_table+2052(,%esi,8), %ebp + movl 4(%edi,%ecx,8), %esi + xorl %ebp, %edx + movl (%edi,%ecx,8), %ebp + xorl %esi, %edx + movl 168(%esp), %esi + xorl %ebp, %eax + addl %eax, %esi + cmpl %eax, %esi + setb %al + movl %esi, %ebp + movzbl %al, %ecx + movl 164(%esp), %eax + addl %ecx, %edx + shrl $29, %ebp + leal 0(,%esi,8), %ecx + addl %eax, %edx + xorl %eax, %eax + movl %edx, 84(%esp) + sall $3, %edx + orl %ebp, %edx + leal (%esi,%ecx), %ebp + cmpl %ecx, %ebp + movl 136(%esp), %esi + setb %al + movl 132(%esp), %ecx + addl %eax, %edx + xorl %esi, 80(%esp) + movl 84(%esp), %eax + addl %eax, %edx + movl %edx, 68(%esp) + xorl %ecx, 76(%esp) + movl 80(%esp), %eax + movzbl 80(%esp),%esi + shrl $16, %eax + andl $255, %eax + movl (%edi,%esi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%edi,%esi,8), %eax + xorl %eax, %edx + movzbl 76(%esp),%eax + movl tiger_table+4096(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+4100(,%eax,8), %esi + movl 76(%esp), %eax + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %esi, %edx + cmpl %ecx, %ebp + setb %al + addl %eax, %edx + subl %ecx, %ebp + subl %edx, 68(%esp) + movl 80(%esp), %edx + movl %ebp, 72(%esp) + movzbl %dh, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebp + movl tiger_table+6148(,%ecx,8), %esi + movl tiger_table+4096(,%edx,8), %eax + movl 76(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %ebp, %eax + xorl %esi, %edx + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %ebp + shrl $24, %ecx + xorl %ebp, %eax + movl tiger_table+2052(,%esi,8), %ebp + movl (%edi,%ecx,8), %esi + xorl %ebp, %edx + movl 4(%edi,%ecx,8), %ebp + xorl %esi, %eax + addl %eax, %ebx + xorl %ebp, %edx + cmpl %eax, %ebx + leal 0(,%ebx,8), %ecx + setb %al + movzbl %al, %esi + movl %ebx, %ebp + addl %esi, %edx + movl 88(%esp), %esi + addl %ecx, %ebx + shrl $29, %ebp + xorl %eax, %eax + addl %edx, %esi + leal 0(,%esi,8), %edx + orl %ebp, %edx + cmpl %ecx, %ebx + setb %al + addl %eax, %edx + movl 128(%esp), %eax + leal (%esi,%edx), %ebp + xorl %eax, 72(%esp) + movl 120(%esp), %ecx + movl %ebp, 60(%esp) + movl 72(%esp), %ebp + movzbl 72(%esp),%esi + xorl %ecx, 68(%esp) + shrl $16, %ebp + andl $255, %ebp + movl (%edi,%esi,8), %edx + movl tiger_table+2048(,%ebp,8), %ecx + movl 4(%edi,%esi,8), %eax + xorl %edx, %ecx + movl tiger_table+2052(,%ebp,8), %edx + xorl %eax, %edx + movzbl 68(%esp),%eax + movl tiger_table+4096(,%eax,8), %ebp + movl tiger_table+4100(,%eax,8), %esi + movl 68(%esp), %eax + xorl %ebp, %ecx + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebp + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %ebp, %ecx + xorl %esi, %edx + cmpl %ecx, %ebx + setb %al + addl %eax, %edx + subl %ecx, %ebx + subl %edx, 60(%esp) + movl 72(%esp), %edx + movzbl %dh, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebp + movl tiger_table+6148(,%ecx,8), %esi + movl tiger_table+4096(,%edx,8), %eax + movl 68(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %ebp, %eax + xorl %esi, %edx + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %ebp + shrl $24, %ecx + xorl %ebp, %eax + movl tiger_table+2052(,%esi,8), %ebp + movl 4(%edi,%ecx,8), %esi + xorl %ebp, %edx + movl (%edi,%ecx,8), %ebp + xorl %esi, %edx + movl 80(%esp), %esi + xorl %ebp, %eax + addl %eax, %esi + cmpl %eax, %esi + setb %al + movl %esi, %ebp + movzbl %al, %ecx + movl 76(%esp), %eax + addl %ecx, %edx + shrl $29, %ebp + leal 0(,%esi,8), %ecx + addl %eax, %edx + xorl %eax, %eax + movl %edx, 64(%esp) + sall $3, %edx + orl %ebp, %edx + leal (%esi,%ecx), %ebp + cmpl %ecx, %ebp + movl 124(%esp), %esi + setb %al + movl 116(%esp), %ecx + addl %eax, %edx + xorl %ecx, 60(%esp) + xorl %esi, %ebx + movl 64(%esp), %eax + movzbl %bl,%esi + addl %eax, %edx + movl %ebx, %eax + movl %edx, 48(%esp) + shrl $16, %eax + andl $255, %eax + movl (%edi,%esi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%edi,%esi,8), %eax + xorl %eax, %edx + movzbl 60(%esp),%eax + movl tiger_table+4096(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+4100(,%eax,8), %esi + movl 60(%esp), %eax + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %esi, %edx + cmpl %ecx, %ebp + setb %al + addl %eax, %edx + subl %ecx, %ebp + movzbl %bh, %ecx + subl %edx, 48(%esp) + movl %ebx, %edx + shrl $24, %edx + movl %ebp, 52(%esp) + movl tiger_table+6148(,%ecx,8), %esi + movl tiger_table+6144(,%ecx,8), %ebp + movl tiger_table+4096(,%edx,8), %eax + movl 60(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %ebp, %eax + xorl %esi, %edx + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %ebp + shrl $24, %ecx + xorl %ebp, %eax + movl tiger_table+2052(,%esi,8), %ebp + movl 4(%edi,%ecx,8), %esi + xorl %ebp, %edx + movl (%edi,%ecx,8), %ebp + xorl %esi, %edx + movl 72(%esp), %esi + xorl %ebp, %eax + addl %eax, %esi + cmpl %eax, %esi + setb %al + movl %esi, %ebp + movzbl %al, %ecx + movl 68(%esp), %eax + addl %ecx, %edx + shrl $29, %ebp + leal 0(,%esi,8), %ecx + addl %eax, %edx + xorl %eax, %eax + movl %edx, 56(%esp) + sall $3, %edx + orl %ebp, %edx + leal (%esi,%ecx), %ebp + cmpl %ecx, %ebp + movl 112(%esp), %esi + setb %al + xorl %esi, 52(%esp) + addl %eax, %edx + movl 56(%esp), %eax + movl 108(%esp), %ecx + movzbl 52(%esp),%esi + addl %eax, %edx + movl 52(%esp), %eax + xorl %ecx, 48(%esp) + movl %edx, 40(%esp) + shrl $16, %eax + andl $255, %eax + movl (%edi,%esi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%edi,%esi,8), %eax + xorl %eax, %edx + movzbl 48(%esp),%eax + movl tiger_table+4096(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+4100(,%eax,8), %esi + movl 48(%esp), %eax + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %esi, %edx + cmpl %ecx, %ebp + setb %al + addl %eax, %edx + subl %ecx, %ebp + subl %edx, 40(%esp) + movl 52(%esp), %edx + movl %ebp, 44(%esp) + movzbl %dh, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebp + movl tiger_table+6148(,%ecx,8), %esi + movl tiger_table+4096(,%edx,8), %eax + movl 48(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %ebp, %eax + xorl %esi, %edx + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %ebp + shrl $24, %ecx + xorl %ebp, %eax + movl tiger_table+2052(,%esi,8), %ebp + movl (%edi,%ecx,8), %esi + xorl %ebp, %edx + movl 4(%edi,%ecx,8), %ebp + xorl %esi, %eax + addl %eax, %ebx + xorl %ebp, %edx + cmpl %eax, %ebx + leal 0(,%ebx,8), %ecx + setb %al + movzbl %al, %esi + movl %ebx, %ebp + addl %esi, %edx + movl 60(%esp), %esi + addl %ecx, %ebx + shrl $29, %ebp + xorl %eax, %eax + addl %edx, %esi + leal 0(,%esi,8), %edx + orl %ebp, %edx + cmpl %ecx, %ebx + setb %al + addl %eax, %edx + leal (%esi,%edx), %ebp + movl %ebp, 32(%esp) + movl 104(%esp), %eax + movl 96(%esp), %ecx + xorl %eax, 44(%esp) + xorl %ecx, 40(%esp) + movl 44(%esp), %ebp + movzbl 44(%esp),%esi + shrl $16, %ebp + andl $255, %ebp + movl (%edi,%esi,8), %edx + movl tiger_table+2048(,%ebp,8), %ecx + movl 4(%edi,%esi,8), %eax + xorl %edx, %ecx + movl tiger_table+2052(,%ebp,8), %edx + xorl %eax, %edx + movzbl 40(%esp),%eax + movl tiger_table+4096(,%eax,8), %ebp + movl tiger_table+4100(,%eax,8), %esi + movl 40(%esp), %eax + xorl %ebp, %ecx + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebp + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %ebp, %ecx + xorl %esi, %edx + cmpl %ecx, %ebx + setb %al + addl %eax, %edx + subl %ecx, %ebx + subl %edx, 32(%esp) + movl 44(%esp), %edx + movzbl %dh, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebp + movl tiger_table+6148(,%ecx,8), %esi + movl tiger_table+4096(,%edx,8), %eax + movl 40(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %ebp, %eax + xorl %esi, %edx + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %ebp + shrl $24, %ecx + xorl %ebp, %eax + movl tiger_table+2052(,%esi,8), %ebp + movl 4(%edi,%ecx,8), %esi + xorl %ebp, %edx + movl (%edi,%ecx,8), %ebp + xorl %esi, %edx + movl 52(%esp), %esi + xorl %ebp, %eax + addl %eax, %esi + cmpl %eax, %esi + setb %al + movl %esi, %ebp + movzbl %al, %ecx + movl 48(%esp), %eax + addl %ecx, %edx + shrl $29, %ebp + leal 0(,%esi,8), %ecx + addl %eax, %edx + xorl %eax, %eax + movl %edx, 36(%esp) + sall $3, %edx + orl %ebp, %edx + leal (%esi,%ecx), %ebp + cmpl %ecx, %ebp + setb %al + addl %eax, %edx + movl 36(%esp), %eax + addl %eax, %edx + movl %edx, 20(%esp) + movl 100(%esp), %esi + movl 92(%esp), %ecx + xorl %ecx, 32(%esp) + xorl %esi, %ebx + movl %ebx, %eax + shrl $16, %eax + movzbl %bl,%esi + andl $255, %eax + movl (%edi,%esi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%edi,%esi,8), %eax + xorl %eax, %edx + movzbl 32(%esp),%eax + movl tiger_table+4096(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+4100(,%eax,8), %esi + movl 32(%esp), %eax + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %esi, %edx + cmpl %ecx, %ebp + setb %al + addl %eax, %edx + subl %ecx, %ebp + movzbl %bh, %ecx + subl %edx, 20(%esp) + movl %ebx, %edx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %esi + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %esi, %eax + movl tiger_table+6148(,%ecx,8), %esi + movl 32(%esp), %ecx + xorl %esi, %edx + movzbl %ch, %esi + shrl $24, %ecx + xorl tiger_table+2048(,%esi,8), %eax + xorl tiger_table+2052(,%esi,8), %edx + movl (%edi,%ecx,8), %esi + xorl %esi, %eax + movl 4(%edi,%ecx,8), %esi + xorl %esi, %edx + movl 44(%esp), %esi + addl %eax, %esi + cmpl %eax, %esi + setb %cl + movzbl %cl, %eax + movl 40(%esp), %ecx + addl %eax, %edx + movl %esi, %eax + shrl $29, %eax + addl %ecx, %edx + movl %edx, 28(%esp) + leal 0(,%esi,8), %ecx + addl %ecx, %esi + movl %esi, 24(%esp) + sall $3, %edx + orl %eax, %edx + xorl %eax, %eax + cmpl %ecx, %esi + setb %al + movl 148(%esp), %esi + addl %eax, %edx + movl 28(%esp), %eax + movl 144(%esp), %ecx + xorl %esi, %ebp + addl %eax, %edx + movl %edx, 16(%esp) + movl %ebp, %eax + movl %ebp, %esi + xorl %ecx, 20(%esp) + shrl $16, %eax + andl $255, %esi + andl $255, %eax + movl (%edi,%esi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl 4(%edi,%esi,8), %eax + xorl %eax, %edx + movzbl 20(%esp),%eax + movl tiger_table+4096(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+4100(,%eax,8), %esi + movl 20(%esp), %eax + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %esi, %edx + cmpl %ecx, 24(%esp) + setb %al + addl %eax, %edx + subl %edx, 16(%esp) + movl %ebp, %eax + movl %ebp, %edx + subl %ecx, 24(%esp) + shrl $24, %edx + movzbl %ah, %ecx + movl tiger_table+6144(,%ecx,8), %esi + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %esi, %eax + movl tiger_table+6148(,%ecx,8), %esi + movl 20(%esp), %ecx + xorl %esi, %edx + movzbl %ch, %esi + shrl $24, %ecx + xorl tiger_table+2048(,%esi,8), %eax + xorl tiger_table+2052(,%esi,8), %edx + movl (%edi,%ecx,8), %esi + xorl %esi, %eax + movl 4(%edi,%ecx,8), %esi + addl %eax, %ebx + leal 0(,%ebx,8), %ecx + xorl %esi, %edx + cmpl %eax, %ebx + movl %ebx, %esi + setb %al + movzbl %al, %edi + shrl $29, %esi + addl %edi, %edx + movl 32(%esp), %edi + addl %ecx, %ebx + xorl %eax, %eax + addl %edx, %edi + leal 0(,%edi,8), %edx + orl %esi, %edx + cmpl %ecx, %ebx + movl 8(%esp), %esi + setb %al + movl 4(%esp), %ecx + addl %eax, %edx + movl 12(%esp), %eax + leal (%edi,%edx), %edx + xorl %esi, %edx + movl 540(%esp), %edi + xorl %eax, %ebx + xorl %eax, %eax + cmpl 540(%esp), %ebp + movl (%esp), %esi + setb %al + addl %ecx, %eax + movl 24(%esp), %ecx + subl %edi, %ebp + subl %eax, 20(%esp) + movl 536(%esp), %eax + movl 16(%esp), %edi + addl %eax, %ecx + xorl %eax, %eax + cmpl 536(%esp), %ecx + setb %al + addl %esi, %eax + movl 568(%esp), %esi + addl %edi, %eax + movl %ebx, (%esi) + movl %edx, 4(%esi) + movl %ebp, 8(%esi) + movl 20(%esp), %edx + movl %ecx, 16(%esi) + movl %eax, 20(%esi) + movl %edx, 12(%esi) + addl $544, %esp + popl %ebx + popl %esi + popl %edi + popl %ebp + ret + .size tiger_compress, .-tiger_compress +.globl tiger_t + .type tiger_t, @function +tiger_t: + pushl %ebp + pushl %edi + pushl %esi + pushl %ebx + subl $504, %esp + movl 528(%esp), %eax + movl %eax, 500(%esp) + cmpl $63, %eax + jbe .L8 +.L6: + movl 532(%esp), %edx + movl 532(%esp), %ebx + movl 532(%esp), %edi + movl (%edx), %esi + movl %esi, 72(%esp) + movl 4(%ebx), %ebp + movl 524(%esp), %ebx + movl %ebp, 68(%esp) + movl 12(%edi), %ecx + movl 8(%edi), %edx + movl %ecx, 64(%esp) + movl 16(%edi), %esi + movl 20(%edi), %eax + movl %edx, 496(%esp) + movl 524(%esp), %ecx + movl %esi, 492(%esp) + movl %eax, 60(%esp) + movl (%ebx), %ebp + movl %ebp, 56(%esp) + movl 4(%ecx), %edi + movl 524(%esp), %ebp + movl %edi, 52(%esp) + movl 12(%ebp), %eax + movl 8(%ebp), %edi + movl %eax, 48(%esp) + movl 16(%ebp), %edx + movl 524(%esp), %eax + movl %edx, 44(%esp) + movl 20(%ebp), %esi + movl %esi, 40(%esp) + movl 24(%ebp), %ebx + movl %ebx, 36(%esp) + movl 28(%ebp), %ecx + movl %ecx, 32(%esp) + movl 32(%eax), %edx + movl %edx, 28(%esp) + movl 524(%esp), %esi + movl 524(%esp), %ebx + movl 524(%esp), %eax + movl 36(%esi), %ebp + movl 524(%esp), %esi + movl %ebp, 24(%esp) + movl 40(%ebx), %ecx + movl 524(%esp), %ebx + movl %ecx, 20(%esp) + movl 44(%eax), %edx + movl 524(%esp), %eax + movl %edx, 16(%esp) + movl 48(%esi), %ebp + movl 524(%esp), %esi + movl %ebp, 12(%esp) + movl 52(%ebx), %ecx + movl 56(%esp), %ebx + movl %ecx, 8(%esp) + movl 56(%eax), %edx + movl 52(%esp), %ecx + movl 60(%esp), %eax + movl %edx, 4(%esp) + movl 60(%esi), %ebp + xorl %ecx, %eax + movl %eax, 488(%esp) + movl %ebp, (%esp) + movl 492(%esp), %ebp + xorl %ebx, %ebp + movl %ebp, %esi + movl %ebp, %ebx + shrl $16, %esi + andl $255, %ebx + andl $255, %esi + movl tiger_table(,%ebx,8), %edx + movl tiger_table+2048(,%esi,8), %ecx + movl tiger_table+4(,%ebx,8), %eax + xorl %edx, %ecx + movl tiger_table+2052(,%esi,8), %edx + xorl %eax, %edx + movzbl 488(%esp),%eax + movl tiger_table+4096(,%eax,8), %esi + movl tiger_table+4100(,%eax,8), %ebx + movl 488(%esp), %eax + xorl %esi, %ecx + xorl %ebx, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %esi, %ecx + xorl %ebx, %edx + cmpl %ecx, 72(%esp) + movl 72(%esp), %esi + setb %al + subl %ecx, %esi + addl %eax, %edx + movl %ebp, %eax + movl %esi, 484(%esp) + movl 68(%esp), %ecx + movl %ebp, %esi + shrl $24, %esi + subl %edx, %ecx + movl %ecx, 480(%esp) + movzbl %ah, %ecx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%esi,8), %eax + movl tiger_table+6148(,%ecx,8), %edx + movl 488(%esp), %ecx + xorl %ebx, %eax + movl tiger_table+4100(,%esi,8), %ebx + xorl %edx, %ebx + movzbl %ch, %edx + movl tiger_table+2048(,%edx,8), %esi + xorl %esi, %eax + movl tiger_table+2052(,%edx,8), %esi + movl %ecx, %edx + shrl $24, %edx + xorl %esi, %ebx + movl tiger_table+4(,%edx,8), %esi + movl tiger_table(,%edx,8), %ecx + xorl %esi, %ebx + movl 496(%esp), %esi + xorl %ecx, %eax + addl %eax, %esi + cmpl %eax, %esi + setb %al + movzbl %al, %ecx + leal (%ebx,%ecx), %edx + movl 64(%esp), %ebx + leal 0(,%esi,4), %ecx + movl %esi, %eax + shrl $30, %eax + addl %edx, %ebx + addl %ecx, %esi + leal 0(,%ebx,4), %edx + orl %eax, %edx + xorl %eax, %eax + cmpl %ecx, %esi + setb %al + addl %eax, %edx + xorl %ecx, %ecx + addl %edx, %ebx + movl 4(%esp), %edx + movl (%esp), %eax + movl %ebx, 464(%esp) + xorl $-1515870811, %edx + movl 56(%esp), %ebx + cmpl %edx, 56(%esp) + setb %cl + subl %edx, %ebx + xorl %edi, 484(%esp) + xorl $-1515870811, %eax + addl %ecx, %eax + movl %ebx, 476(%esp) + movl 52(%esp), %ebx + movl 48(%esp), %ecx + xorl %ecx, 480(%esp) + subl %eax, %ebx + movl 484(%esp), %eax + movl %ebx, 472(%esp) + movzbl 484(%esp),%ebx + shrl $16, %eax + andl $255, %eax + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table(,%ebx,8), %edx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl tiger_table+4(,%ebx,8), %eax + xorl %eax, %edx + movzbl 480(%esp),%eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl 480(%esp), %eax + xorl %ebx, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %ebx, %edx + xorl %ebx, %ebx + cmpl %ecx, %esi + setb %bl + subl %ecx, %esi + addl %ebx, %edx + movl %esi, 468(%esp) + movl 484(%esp), %eax + subl %edx, 464(%esp) + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6148(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%ecx,8), %esi + xorl %ebx, %edx + movl 480(%esp), %ebx + xorl %esi, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %esi + xorl %esi, %eax + movl tiger_table+2052(,%ecx,8), %esi + xorl %esi, %edx + movl %ebx, %esi + shrl $24, %esi + movl tiger_table(,%esi,8), %ecx + movl tiger_table+4(,%esi,8), %ebx + xorl %ecx, %eax + xorl %ebx, %edx + leal (%ebp,%eax), %ebx + cmpl %eax, %ebx + setb %cl + movl 488(%esp), %ebp + movl %ebx, %esi + movzbl %cl, %eax + shrl $30, %esi + addl %eax, %edx + addl %edx, %ebp + leal 0(,%ebx,4), %ecx + movl 472(%esp), %eax + leal 0(,%ebp,4), %edx + orl %esi, %edx + leal (%ebx,%ecx), %esi + xorl %ebx, %ebx + cmpl %ecx, %esi + setb %bl + addl %ebx, %edx + leal (%ebp,%edx), %ecx + movl 44(%esp), %ebp + xorl %ebp, 468(%esp) + movl 48(%esp), %ebx + movl %ecx, 448(%esp) + movl 476(%esp), %edx + movl 40(%esp), %ecx + xorl %ecx, 464(%esp) + xorl %eax, %ebx + movl 468(%esp), %eax + movl %ebx, 456(%esp) + movzbl 468(%esp),%ebx + xorl %edx, %edi + shrl $16, %eax + andl $255, %eax + movl tiger_table(,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table+4(,%ebx,8), %ebp + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 464(%esp),%eax + xorl %ebp, %edx + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %ebp + movl 464(%esp), %eax + xorl %ebx, %ecx + xorl %ebp, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %ebp + xorl %ebx, %ecx + xorl %ebp, %edx + xorl %ebx, %ebx + cmpl %ecx, %esi + setb %bl + subl %ecx, %esi + addl %ebx, %edx + movl %esi, 452(%esp) + movl 468(%esp), %eax + subl %edx, 448(%esp) + movl %eax, %edx + movzbl %ah, %ebp + shrl $24, %edx + movl tiger_table+6148(,%ebp,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%ebp,8), %esi + xorl %ebx, %edx + movl 464(%esp), %ebx + xorl %esi, %eax + movzbl %bh, %esi + movl tiger_table+2048(,%esi,8), %ecx + movl tiger_table+2052(,%esi,8), %ebp + xorl %ecx, %eax + movl %ebx, %ecx + xorl %ebp, %edx + shrl $24, %ecx + movl tiger_table(,%ecx,8), %ebx + movl tiger_table+4(,%ecx,8), %esi + xorl %ebx, %eax + movl 484(%esp), %ebx + xorl %esi, %edx + movl 480(%esp), %esi + addl %eax, %ebx + cmpl %eax, %ebx + movl %ebx, %ebp + setb %cl + movzbl %cl, %eax + shrl $30, %ebp + addl %eax, %edx + leal 0(,%ebx,4), %ecx + addl %edx, %esi + leal 0(,%esi,4), %edx + orl %ebp, %edx + leal (%ebx,%ecx), %ebp + xorl %ebx, %ebx + cmpl %ecx, %ebp + movl 44(%esp), %ecx + setb %bl + addl %ebx, %edx + leal (%esi,%edx), %eax + movl %eax, 436(%esp) + addl %edi, %ecx + movl 456(%esp), %edx + movl %ecx, 460(%esp) + movl 40(%esp), %ebx + xorl %eax, %eax + movl 36(%esp), %esi + cmpl %edi, %ecx + setb %al + xorl %esi, 452(%esp) + addl %edx, %eax + addl %ebx, %eax + movl %eax, 444(%esp) + movl 32(%esp), %ecx + movl 452(%esp), %eax + movzbl 452(%esp),%ebx + xorl %ecx, 448(%esp) + shrl $16, %eax + andl $255, %eax + movl tiger_table(,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table+4(,%ebx,8), %esi + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 448(%esp),%eax + xorl %esi, %edx + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %esi + movl 448(%esp), %eax + xorl %ebx, %ecx + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %esi + xorl %ebx, %ecx + xorl %esi, %edx + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + subl %ecx, %ebp + addl %ebx, %edx + movl %ebp, 440(%esp) + movl 452(%esp), %eax + subl %edx, 436(%esp) + movl %eax, %edx + movzbl %ah, %esi + shrl $24, %edx + movl tiger_table+6148(,%esi,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%esi,8), %ecx + xorl %ebx, %edx + movl 448(%esp), %ebx + xorl %ecx, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebp + movl tiger_table+2052(,%ecx,8), %esi + xorl %ebp, %eax + movl %ebx, %ebp + xorl %esi, %edx + shrl $24, %ebp + movl tiger_table(,%ebp,8), %ebx + movl tiger_table+4(,%ebp,8), %esi + xorl %ebx, %eax + movl 468(%esp), %ebx + xorl %esi, %edx + movl 464(%esp), %esi + addl %eax, %ebx + cmpl %eax, %ebx + movl %ebx, %ebp + setb %cl + movzbl %cl, %eax + shrl $30, %ebp + addl %eax, %edx + leal 0(,%ebx,4), %ecx + addl %edx, %esi + leal 0(,%esi,4), %edx + orl %ebp, %edx + leal (%ebx,%ecx), %ebp + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + addl %ebx, %edx + movl 460(%esp), %ebx + leal (%esi,%edx), %eax + movl %eax, 420(%esp) + movl %edi, %edx + movl 36(%esp), %esi + notl %edx + movl 456(%esp), %eax + movl %edi, %ecx + sall $19, %edx + xorl %ebx, %edx + xorl %ebx, %ebx + cmpl %edx, 36(%esp) + setb %bl + subl %edx, %esi + movl %esi, 432(%esp) + movl 444(%esp), %edx + shrl $13, %ecx + sall $19, %eax + movl 28(%esp), %esi + orl %ecx, %eax + xorl %esi, 440(%esp) + notl %edx + xorl %eax, %edx + addl %ebx, %edx + movl 32(%esp), %ebx + movl 440(%esp), %eax + movl 24(%esp), %ecx + subl %edx, %ebx + shrl $16, %eax + movl %ebx, 428(%esp) + movzbl 440(%esp),%ebx + andl $255, %eax + xorl %ecx, 436(%esp) + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table(,%ebx,8), %edx + movl tiger_table+4(,%ebx,8), %esi + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 436(%esp),%eax + xorl %esi, %edx + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %esi + movl 436(%esp), %eax + xorl %ebx, %ecx + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %esi + xorl %ebx, %ecx + xorl %esi, %edx + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + subl %ecx, %ebp + addl %ebx, %edx + movl %ebp, 424(%esp) + movl 440(%esp), %eax + subl %edx, 420(%esp) + movl %eax, %edx + movzbl %ah, %ebp + shrl $24, %edx + movl tiger_table+6148(,%ebp,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%ebp,8), %ecx + xorl %ebx, %edx + movl 436(%esp), %ebx + xorl %ecx, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %esi + movl tiger_table+2052(,%ecx,8), %ebp + movl %ebx, %ecx + shrl $24, %ecx + xorl %esi, %eax + movl tiger_table+4(,%ecx,8), %ebx + movl tiger_table(,%ecx,8), %esi + xorl %ebp, %edx + xorl %ebx, %edx + movl 452(%esp), %ebx + xorl %esi, %eax + addl %eax, %ebx + cmpl %eax, %ebx + movl %ebx, %esi + setb %al + movzbl %al, %ebp + leal 0(,%ebx,4), %ecx + addl %ebp, %edx + movl 448(%esp), %ebp + shrl $30, %esi + xorl %eax, %eax + addl %edx, %ebp + leal 0(,%ebp,4), %edx + orl %esi, %edx + leal (%ebx,%ecx), %esi + cmpl %ecx, %esi + setb %al + addl %eax, %edx + movl 428(%esp), %eax + leal (%ebp,%edx), %ebx + movl %ebx, 400(%esp) + movl 20(%esp), %ebp + movl 24(%esp), %ebx + xorl %ebp, 424(%esp) + movl 432(%esp), %ecx + xorl %eax, %ebx + movl %ebx, 408(%esp) + movl 424(%esp), %eax + movl 28(%esp), %edx + movzbl 424(%esp),%ebx + shrl $16, %eax + xorl %ecx, %edx + movl %edx, 416(%esp) + andl $255, %eax + movl 16(%esp), %ecx + xorl %ecx, 420(%esp) + movl tiger_table(,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table+4(,%ebx,8), %ebp + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 420(%esp),%eax + xorl %ebp, %edx + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %ebp + movl 420(%esp), %eax + xorl %ebx, %ecx + xorl %ebp, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %ebp + xorl %ebx, %ecx + xorl %ebp, %edx + xorl %ebx, %ebx + cmpl %ecx, %esi + setb %bl + subl %ecx, %esi + addl %ebx, %edx + movl %esi, 404(%esp) + movl 424(%esp), %eax + subl %edx, 400(%esp) + movl %eax, %edx + movzbl %ah, %esi + shrl $24, %edx + movl tiger_table+6148(,%esi,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%esi,8), %ecx + xorl %ebx, %edx + movl 420(%esp), %ebx + xorl %ecx, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebp + movl tiger_table+2052(,%ecx,8), %esi + movl %ebx, %ecx + shrl $24, %ecx + xorl %ebp, %eax + movl tiger_table+4(,%ecx,8), %ebx + movl tiger_table(,%ecx,8), %ebp + xorl %esi, %edx + xorl %ebx, %edx + movl 440(%esp), %ebx + xorl %ebp, %eax + addl %eax, %ebx + cmpl %eax, %ebx + movl %ebx, %ebp + setb %al + movzbl %al, %esi + leal 0(,%ebx,4), %ecx + addl %esi, %edx + movl 436(%esp), %esi + shrl $30, %ebp + xorl %eax, %eax + addl %edx, %esi + leal 0(,%esi,4), %edx + orl %ebp, %edx + leal (%ebx,%ecx), %ebp + cmpl %ecx, %ebp + movl 416(%esp), %ebx + setb %al + addl %eax, %edx + leal (%esi,%edx), %edx + movl %edx, 388(%esp) + movl 20(%esp), %esi + movl 416(%esp), %eax + movl 408(%esp), %edx + addl %ebx, %esi + cmpl %eax, %esi + movl %esi, 412(%esp) + setb %cl + movl 16(%esp), %ebx + movl 12(%esp), %esi + movzbl %cl, %eax + addl %edx, %eax + xorl %esi, 404(%esp) + addl %ebx, %eax + movl 8(%esp), %ecx + movl %eax, 396(%esp) + movl 404(%esp), %eax + movzbl 404(%esp),%ebx + xorl %ecx, 400(%esp) + shrl $16, %eax + andl $255, %eax + movl tiger_table(,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table+4(,%ebx,8), %esi + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 400(%esp),%eax + xorl %esi, %edx + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %esi + movl 400(%esp), %eax + xorl %ebx, %ecx + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %esi + xorl %ebx, %ecx + xorl %esi, %edx + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + subl %ecx, %ebp + addl %ebx, %edx + movl %ebp, 392(%esp) + movl 404(%esp), %eax + subl %edx, 388(%esp) + movl %eax, %edx + movzbl %ah, %esi + shrl $24, %edx + movl tiger_table+6148(,%esi,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%esi,8), %ecx + xorl %ebx, %edx + movl 400(%esp), %ebx + xorl %ecx, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebp + movl tiger_table+2052(,%ecx,8), %esi + xorl %ebp, %eax + movl %ebx, %ebp + xorl %esi, %edx + shrl $24, %ebp + movl tiger_table(,%ebp,8), %ebx + movl tiger_table+4(,%ebp,8), %esi + xorl %ebx, %eax + movl 424(%esp), %ebx + xorl %esi, %edx + movl 420(%esp), %esi + addl %eax, %ebx + cmpl %eax, %ebx + movl %ebx, %ebp + setb %cl + movzbl %cl, %eax + shrl $30, %ebp + addl %eax, %edx + leal 0(,%ebx,4), %ecx + addl %edx, %esi + leal 0(,%esi,4), %edx + movl 416(%esp), %eax + orl %ebp, %edx + leal (%ebx,%ecx), %ebp + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + addl %ebx, %edx + movl 412(%esp), %ebx + leal (%esi,%edx), %ecx + movl 408(%esp), %edx + shrl $23, %eax + movl %ecx, 316(%esp) + notl %ebx + movl 12(%esp), %esi + sall $9, %edx + movl 396(%esp), %ecx + orl %edx, %eax + xorl %eax, %ebx + xorl %edx, %edx + movl 408(%esp), %eax + cmpl %ebx, 12(%esp) + notl %eax + setb %dl + subl %ebx, %esi + shrl $23, %eax + movl 8(%esp), %ebx + movl %esi, 380(%esp) + movl 4(%esp), %esi + xorl %ecx, %eax + xorl %esi, 392(%esp) + addl %edx, %eax + subl %eax, %ebx + movl %ebx, 376(%esp) + movl (%esp), %ecx + movl 392(%esp), %eax + movzbl 392(%esp),%ebx + xorl %ecx, 388(%esp) + shrl $16, %eax + andl $255, %eax + movl tiger_table(,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table+4(,%ebx,8), %esi + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 388(%esp),%eax + xorl %esi, %edx + movl tiger_table+4096(,%eax,8), %ebx + movl tiger_table+4100(,%eax,8), %esi + movl 388(%esp), %eax + xorl %ebx, %ecx + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + movl tiger_table+6148(,%eax,8), %esi + xorl %ebx, %ecx + xorl %esi, %edx + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + subl %ecx, %ebp + addl %ebx, %edx + movl %ebp, 320(%esp) + movl 392(%esp), %eax + subl %edx, 316(%esp) + movl %eax, %edx + movzbl %ah, %ebp + shrl $24, %edx + movl tiger_table+6148(,%ebp,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%ebp,8), %esi + xorl %ebx, %edx + movl 388(%esp), %ebx + xorl %esi, %eax + movzbl %bh, %esi + movl tiger_table+2048(,%esi,8), %ecx + movl tiger_table+2052(,%esi,8), %ebp + xorl %ecx, %eax + movl %ebx, %ecx + xorl %ebp, %edx + shrl $24, %ecx + movl tiger_table(,%ecx,8), %ebx + movl tiger_table+4(,%ecx,8), %esi + xorl %ebx, %eax + movl 404(%esp), %ebx + xorl %esi, %edx + movl 400(%esp), %esi + addl %eax, %ebx + cmpl %eax, %ebx + leal 0(,%ebx,4), %ecx + setb %al + movzbl %al, %ebp + addl %ebp, %edx + addl %edx, %esi + movl %ebx, %edx + shrl $30, %edx + addl %ecx, %ebx + leal 0(,%esi,4), %ebp + orl %edx, %ebp + movl %ebx, 384(%esp) + xorl %eax, %eax + cmpl %ecx, %ebx + setb %al + movl 376(%esp), %ecx + addl %eax, %ebp + leal (%esi,%ebp), %edx + movl 380(%esp), %ebp + movl 4(%esp), %esi + movl %edx, 300(%esp) + movl 476(%esp), %eax + xorl %ebp, %esi + movl (%esp), %ebp + addl %esi, %eax + movl %eax, 372(%esp) + xorl %ecx, %ebp + cmpl %esi, %eax + setb %bl + movl 472(%esp), %ecx + movzbl %bl, %edx + leal (%ebp,%edx), %eax + movl 372(%esp), %ebx + movl %esi, %edx + notl %edx + addl %ecx, %eax + sall $19, %edx + movl %eax, 368(%esp) + xorl %ebx, %edx + xorl %ebx, %ebx + cmpl %edx, %edi + movl %ebp, %eax + setb %bl + subl %edx, %edi + movl 368(%esp), %edx + movl %esi, %ecx + shrl $13, %ecx + sall $19, %eax + orl %ecx, %eax + notl %edx + xorl %eax, %edx + movl 456(%esp), %eax + addl %ebx, %edx + movl 460(%esp), %ebx + subl %edx, %eax + movl %eax, 364(%esp) + movl 444(%esp), %edx + xorl %edi, %ebx + movl %ebx, 360(%esp) + xorl %eax, %edx + xorl %eax, %eax + movl %edx, 352(%esp) + movl 432(%esp), %edx + addl %ebx, %edx + movl %edx, 356(%esp) + movl 352(%esp), %ecx + cmpl %ebx, %edx + setb %al + addl %ecx, %eax + movl 428(%esp), %ecx + addl %ecx, %eax + movl %edx, %ecx + notl %ecx + movl %eax, 348(%esp) + movl %ebx, %eax + movl 352(%esp), %ebx + shrl $23, %eax + xorl %edx, %edx + sall $9, %ebx + orl %ebx, %eax + xorl %eax, %ecx + movl 416(%esp), %ebx + cmpl %ecx, 416(%esp) + movl 352(%esp), %eax + setb %dl + subl %ecx, %ebx + movl 348(%esp), %ecx + notl %eax + movl %ebx, 344(%esp) + shrl $23, %eax + xorl %ecx, %eax + addl %edx, %eax + movl 408(%esp), %edx + movl 412(%esp), %ecx + subl %eax, %edx + movl 380(%esp), %eax + xorl %ebx, %ecx + movl %edx, 340(%esp) + movl 396(%esp), %ebx + movl %ecx, 336(%esp) + addl %ecx, %eax + xorl %edx, %ebx + movl %eax, 332(%esp) + cmpl %ecx, %eax + setb %dl + movl %ebx, 328(%esp) + movl 376(%esp), %ecx + movzbl %dl, %eax + addl %ebx, %eax + movl 332(%esp), %edx + xorl %ebx, %ebx + addl %ecx, %eax + xorl $-1985229329, %edx + movl %eax, 324(%esp) + movl 324(%esp), %eax + cmpl %edx, %esi + setb %bl + subl %edx, %esi + movl 368(%esp), %ecx + movl %esi, 312(%esp) + xorl $19088743, %eax + addl %ebx, %eax + xorl %ecx, 316(%esp) + subl %eax, %ebp + movl %ebp, 308(%esp) + movl 372(%esp), %ebp + xorl %ebp, 320(%esp) + movl 320(%esp), %ebx + movzbl 320(%esp),%esi + shrl $16, %ebx + andl $255, %ebx + movl tiger_table(,%esi,8), %edx + movl tiger_table+2048(,%ebx,8), %ecx + movl tiger_table+4(,%esi,8), %eax + xorl %edx, %ecx + movl tiger_table+2052(,%ebx,8), %edx + movzbl 316(%esp),%ebx + xorl %eax, %edx + movl tiger_table+4096(,%ebx,8), %ebp + movl tiger_table+4100(,%ebx,8), %esi + xorl %ebp, %ecx + movl 316(%esp), %ebp + xorl %esi, %edx + movl 384(%esp), %esi + shrl $16, %ebp + andl $255, %ebp + movl tiger_table+6144(,%ebp,8), %eax + movl tiger_table+6148(,%ebp,8), %ebx + xorl %eax, %ecx + xorl %ebx, %edx + xorl %eax, %eax + cmpl %ecx, 384(%esp) + setb %al + subl %ecx, %esi + movl %esi, 304(%esp) + addl %eax, %edx + movl 320(%esp), %eax + subl %edx, 300(%esp) + movl %eax, %edx + movzbl %ah, %ebp + shrl $24, %edx + movl tiger_table+6148(,%ebp,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%ebp,8), %ecx + xorl %ebx, %edx + movl 316(%esp), %ebx + xorl %ecx, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %esi + movl tiger_table+2052(,%ecx,8), %ebp + movl %ebx, %ecx + shrl $24, %ecx + xorl %esi, %eax + movl tiger_table(,%ecx,8), %esi + xorl %ebp, %edx + movl tiger_table+4(,%ecx,8), %ebp + movl 392(%esp), %ecx + xorl %esi, %eax + xorl %ebp, %edx + movl 388(%esp), %esi + addl %eax, %ecx + cmpl %eax, %ecx + movl %ecx, %ebp + setb %bl + movzbl %bl, %eax + shrl $29, %ebp + addl %eax, %edx + leal 0(,%ecx,8), %ebx + addl %esi, %edx + leal 0(,%edx,8), %esi + xorl %eax, %eax + orl %ebp, %esi + cmpl %ecx, %ebx + movl %ebx, %ebp + setb %al + leal (%edx,%eax), %eax + movl 312(%esp), %edx + subl %ecx, %ebp + subl %eax, %esi + xorl %ecx, %ecx + movl 372(%esp), %ebx + movl 308(%esp), %eax + xorl $-1515870811, %edx + cmpl %edx, 372(%esp) + setb %cl + subl %edx, %ebx + xorl %edi, 304(%esp) + xorl $-1515870811, %eax + addl %ecx, %eax + movl %ebx, 292(%esp) + movl 368(%esp), %ebx + movl 364(%esp), %ecx + xorl %ecx, 300(%esp) + subl %eax, %ebx + movl 304(%esp), %eax + movl %ebx, 288(%esp) + movzbl 304(%esp),%ebx + shrl $16, %eax + andl $255, %eax + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table(,%ebx,8), %edx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl tiger_table+4(,%ebx,8), %eax + xorl %eax, %edx + movzbl 300(%esp),%eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl 300(%esp), %eax + xorl %ebx, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %ebx, %edx + xorl %ebx, %ebx + cmpl %ecx, %ebp + setb %bl + subl %ecx, %ebp + addl %ebx, %edx + subl %edx, %esi + movl %ebp, 284(%esp) + movl 304(%esp), %eax + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6148(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + movl tiger_table+6144(,%ecx,8), %ebp + xorl %ebx, %edx + movl 300(%esp), %ebx + xorl %ebp, %eax + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebp + xorl %ebp, %eax + movl tiger_table+2052(,%ecx,8), %ebp + movl %ebx, %ecx + shrl $24, %ecx + movl tiger_table(,%ecx,8), %ebx + xorl %ebp, %edx + movl tiger_table+4(,%ecx,8), %ebp + movl 320(%esp), %ecx + xorl %ebx, %eax + xorl %ebp, %edx + addl %eax, %ecx + movl 316(%esp), %ebp + cmpl %eax, %ecx + setb %al + movzbl %al, %ebx + addl %ebx, %edx + addl %ebp, %edx + movl %ecx, %eax + leal 0(,%ecx,8), %ebx + shrl $29, %eax + leal 0(,%edx,8), %ebp + orl %eax, %ebp + xorl %eax, %eax + cmpl %ecx, %ebx + setb %al + subl %ecx, %ebx + movl 292(%esp), %ecx + movl %ebx, 296(%esp) + leal (%edx,%eax), %ebx + subl %ebx, %ebp + movl 288(%esp), %edx + xorl %ecx, %edi + movl 360(%esp), %ebx + xorl %ebx, 284(%esp) + movl 364(%esp), %eax + movl 352(%esp), %ecx + movzbl 284(%esp),%ebx + xorl %edx, %eax + xorl %ecx, %esi + movl %eax, 272(%esp) + movl 284(%esp), %eax + movl tiger_table(,%ebx,8), %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl tiger_table+4(,%ebx,8), %eax + xorl %eax, %edx + movl %esi, %eax + andl $255, %eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl %esi, %eax + shrl $16, %eax + andl $255, %eax + xorl %ebx, %edx + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %ebx, %edx + cmpl %ecx, 296(%esp) + movl 296(%esp), %ebx + setb %al + subl %ecx, %ebx + addl %eax, %edx + subl %edx, %ebp + movl %ebx, 268(%esp) + movl 284(%esp), %eax + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %ebx, %eax + movl tiger_table+6148(,%ecx,8), %ebx + xorl %ebx, %edx + movl %esi, %ebx + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebx + xorl %ebx, %eax + movl tiger_table+2052(,%ecx,8), %ebx + movl %esi, %ecx + shrl $24, %ecx + xorl %ebx, %edx + movl tiger_table(,%ecx,8), %ebx + xorl %ebx, %eax + movl tiger_table+4(,%ecx,8), %ebx + movl 304(%esp), %ecx + xorl %ebx, %edx + addl %eax, %ecx + cmpl %eax, %ecx + setb %bl + movzbl %bl, %eax + movl 300(%esp), %ebx + addl %eax, %edx + addl %ebx, %edx + leal 0(,%edx,8), %eax + leal 0(,%ecx,8), %ebx + movl %eax, 252(%esp) + movl %ecx, %eax + shrl $29, %eax + orl %eax, 252(%esp) + xorl %eax, %eax + cmpl %ecx, %ebx + setb %al + subl %ecx, %ebx + leal (%edx,%eax), %eax + movl %ebx, 280(%esp) + movl 360(%esp), %ebx + movl 272(%esp), %ecx + subl %eax, 252(%esp) + xorl %eax, %eax + addl %edi, %ebx + movl %ebx, 276(%esp) + cmpl %edi, %ebx + movl 352(%esp), %edx + movl 356(%esp), %ebx + setb %al + addl %ecx, %eax + xorl %ebx, 268(%esp) + addl %edx, %eax + movl 348(%esp), %ecx + movl %eax, 260(%esp) + movl 268(%esp), %eax + xorl %ecx, %ebp + movzbl 268(%esp),%ebx + shrl $16, %eax + andl $255, %eax + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table(,%ebx,8), %edx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl tiger_table+4(,%ebx,8), %eax + xorl %eax, %edx + movl %ebp, %eax + andl $255, %eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl %ebp, %eax + shrl $16, %eax + andl $255, %eax + xorl %ebx, %edx + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %ebx, %edx + movl 280(%esp), %ebx + cmpl %ecx, 280(%esp) + setb %al + subl %ecx, %ebx + movl %ebx, 256(%esp) + addl %eax, %edx + movl 268(%esp), %eax + subl %edx, 252(%esp) + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %ebx, %eax + movl tiger_table+6148(,%ecx,8), %ebx + xorl %ebx, %edx + movl %ebp, %ebx + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebx + xorl %ebx, %eax + movl tiger_table+2052(,%ecx,8), %ebx + movl %ebp, %ecx + shrl $24, %ecx + xorl %ebx, %edx + movl tiger_table(,%ecx,8), %ebx + xorl %ebx, %eax + movl tiger_table+4(,%ecx,8), %ebx + movl 284(%esp), %ecx + xorl %ebx, %edx + addl %eax, %ecx + cmpl %eax, %ecx + setb %al + movzbl %al, %ebx + addl %ebx, %edx + movl %ecx, %eax + leal (%esi,%edx), %ebx + shrl $29, %eax + leal 0(,%ecx,8), %edx + leal 0(,%ebx,8), %esi + orl %eax, %esi + xorl %eax, %eax + cmpl %ecx, %edx + setb %al + subl %ecx, %edx + leal (%ebx,%eax), %ecx + movl %edx, 264(%esp) + movl 276(%esp), %ebx + movl %edi, %eax + notl %eax + subl %ecx, %esi + movl 356(%esp), %edx + sall $19, %eax + movl %edi, %ecx + xorl %ebx, %eax + xorl %ebx, %ebx + cmpl %eax, 356(%esp) + setb %bl + subl %eax, %edx + movl %edx, 244(%esp) + movl 272(%esp), %eax + shrl $13, %ecx + movl 260(%esp), %edx + sall $19, %eax + orl %ecx, %eax + notl %edx + movl 340(%esp), %ecx + xorl %eax, %edx + xorl %ecx, 252(%esp) + addl %ebx, %edx + movl 348(%esp), %eax + movl 344(%esp), %ebx + xorl %ebx, 256(%esp) + subl %edx, %eax + movl %eax, 240(%esp) + movl 256(%esp), %eax + movzbl 256(%esp),%ebx + shrl $16, %eax + andl $255, %eax + movl tiger_table(,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl tiger_table+4(,%ebx,8), %eax + xorl %eax, %edx + movzbl 252(%esp),%eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl 252(%esp), %eax + xorl %ebx, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %ebx, %edx + movl 264(%esp), %ebx + cmpl %ecx, 264(%esp) + setb %al + subl %ecx, %ebx + movl %ebx, 236(%esp) + addl %eax, %edx + movl 256(%esp), %eax + subl %edx, %esi + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %ebx, %eax + movl tiger_table+6148(,%ecx,8), %ebx + xorl %ebx, %edx + movl 252(%esp), %ebx + movzbl %bh, %ecx + xorl tiger_table+2048(,%ecx,8), %eax + xorl tiger_table+2052(,%ecx,8), %edx + movl %ebx, %ecx + shrl $24, %ecx + movl tiger_table(,%ecx,8), %ebx + xorl %ebx, %eax + movl tiger_table+4(,%ecx,8), %ebx + movl 268(%esp), %ecx + xorl %ebx, %edx + addl %eax, %ecx + cmpl %eax, %ecx + setb %al + movzbl %al, %ebx + addl %ebx, %edx + movl %ecx, %eax + leal (%ebp,%edx), %ebx + shrl $29, %eax + leal 0(,%ecx,8), %edx + leal 0(,%ebx,8), %ebp + orl %eax, %ebp + xorl %eax, %eax + cmpl %ecx, %edx + setb %al + leal (%ebx,%eax), %eax + subl %ecx, %edx + movl %edx, 248(%esp) + movl 244(%esp), %ebx + subl %eax, %ebp + movl 344(%esp), %ecx + movl 240(%esp), %edx + movl 340(%esp), %eax + xorl %ebx, %ecx + movl 336(%esp), %ebx + xorl %edx, %eax + xorl %ebx, 236(%esp) + movl %eax, 220(%esp) + movl %ecx, 228(%esp) + movl 236(%esp), %eax + movl 328(%esp), %ecx + movzbl 236(%esp),%ebx + shrl $16, %eax + andl $255, %eax + xorl %ecx, %esi + movl tiger_table(,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl tiger_table+4(,%ebx,8), %eax + xorl %eax, %edx + movl %esi, %eax + andl $255, %eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl %esi, %eax + shrl $16, %eax + andl $255, %eax + xorl %ebx, %edx + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %ebx, %edx + cmpl %ecx, 248(%esp) + movl 248(%esp), %ebx + setb %al + subl %ecx, %ebx + addl %eax, %edx + subl %edx, %ebp + movl %ebx, 216(%esp) + movl 236(%esp), %eax + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %ebx, %eax + movl tiger_table+6148(,%ecx,8), %ebx + xorl %ebx, %edx + movl %esi, %ebx + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebx + xorl %ebx, %eax + movl tiger_table+2052(,%ecx,8), %ebx + movl %esi, %ecx + shrl $24, %ecx + xorl %ebx, %edx + movl tiger_table(,%ecx,8), %ebx + xorl %ebx, %eax + movl tiger_table+4(,%ecx,8), %ebx + movl 256(%esp), %ecx + xorl %ebx, %edx + addl %eax, %ecx + cmpl %eax, %ecx + setb %al + movzbl %al, %ebx + addl %ebx, %edx + movl 252(%esp), %ebx + addl %edx, %ebx + leal 0(,%ebx,8), %eax + leal 0(,%ecx,8), %edx + movl %eax, 204(%esp) + movl %ecx, %eax + shrl $29, %eax + orl %eax, 204(%esp) + xorl %eax, %eax + cmpl %ecx, %edx + setb %al + subl %ecx, %edx + leal (%ebx,%eax), %ecx + movl %edx, 232(%esp) + movl 228(%esp), %eax + movl 336(%esp), %edx + subl %ecx, 204(%esp) + movl 228(%esp), %ebx + addl %eax, %edx + movl %edx, 224(%esp) + movl 220(%esp), %ecx + xorl %eax, %eax + cmpl %ebx, %edx + movl 328(%esp), %edx + setb %al + movl 332(%esp), %ebx + addl %ecx, %eax + movl 324(%esp), %ecx + xorl %ebx, 216(%esp) + addl %edx, %eax + movl %eax, 212(%esp) + xorl %ecx, %ebp + movl 216(%esp), %eax + movzbl 216(%esp),%ebx + shrl $16, %eax + andl $255, %eax + movl tiger_table(,%ebx,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl tiger_table+4(,%ebx,8), %eax + xorl %eax, %edx + movl %ebp, %eax + andl $255, %eax + movl tiger_table+4096(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+4100(,%eax,8), %ebx + movl %ebp, %eax + shrl $16, %eax + andl $255, %eax + xorl %ebx, %edx + movl tiger_table+6144(,%eax,8), %ebx + xorl %ebx, %ecx + movl tiger_table+6148(,%eax,8), %ebx + xorl %eax, %eax + xorl %ebx, %edx + movl 232(%esp), %ebx + cmpl %ecx, 232(%esp) + setb %al + subl %ecx, %ebx + movl %ebx, 208(%esp) + addl %eax, %edx + movl 216(%esp), %eax + subl %edx, 204(%esp) + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %ebx + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %ebx, %eax + movl tiger_table+6148(,%ecx,8), %ebx + xorl %ebx, %edx + movl %ebp, %ebx + movzbl %bh, %ecx + movl tiger_table+2048(,%ecx,8), %ebx + xorl %ebx, %eax + movl tiger_table+2052(,%ecx,8), %ebx + movl %ebp, %ecx + shrl $24, %ecx + xorl %ebx, %edx + movl tiger_table(,%ecx,8), %ebx + xorl %ebx, %eax + movl tiger_table+4(,%ecx,8), %ebx + movl 236(%esp), %ecx + xorl %ebx, %edx + addl %eax, %ecx + cmpl %eax, %ecx + setb %al + movzbl %al, %ebx + addl %ebx, %edx + leal (%esi,%edx), %edx + movl %ecx, %esi + leal 0(,%edx,8), %eax + leal 0(,%ecx,8), %ebx + movl %eax, 132(%esp) + shrl $29, %esi + xorl %eax, %eax + orl %esi, 132(%esp) + cmpl %ecx, %ebx + setb %al + leal (%edx,%eax), %esi + movl 228(%esp), %eax + movl 220(%esp), %edx + subl %esi, 132(%esp) + subl %ecx, %ebx + movl 224(%esp), %ecx + sall $9, %edx + movl 332(%esp), %esi + shrl $23, %eax + orl %edx, %eax + notl %ecx + xorl %eax, %ecx + xorl %edx, %edx + cmpl %ecx, 332(%esp) + movl 220(%esp), %eax + setb %dl + subl %ecx, %esi + movl 212(%esp), %ecx + notl %eax + movl %esi, 196(%esp) + shrl $23, %eax + xorl %ecx, %eax + movl 312(%esp), %esi + addl %edx, %eax + movl 324(%esp), %edx + xorl %esi, 208(%esp) + movl 308(%esp), %ecx + subl %eax, %edx + movzbl 208(%esp),%esi + movl %edx, 192(%esp) + movl 208(%esp), %eax + xorl %ecx, 204(%esp) + shrl $16, %eax + movl tiger_table(,%esi,8), %edx + andl $255, %eax + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl tiger_table+4(,%esi,8), %eax + xorl %eax, %edx + movzbl 204(%esp),%eax + movl tiger_table+4096(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+4100(,%eax,8), %esi + movl 204(%esp), %eax + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %esi, %edx + cmpl %ecx, %ebx + setb %al + addl %eax, %edx + subl %ecx, %ebx + subl %edx, 132(%esp) + movl 208(%esp), %eax + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %esi + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %esi, %eax + movl tiger_table+6148(,%ecx,8), %esi + movl 204(%esp), %ecx + xorl %esi, %edx + movzbl %ch, %esi + shrl $24, %ecx + xorl tiger_table+2048(,%esi,8), %eax + xorl tiger_table+2052(,%esi,8), %edx + movl tiger_table(,%ecx,8), %esi + xorl %esi, %eax + movl tiger_table+4(,%ecx,8), %esi + movl 216(%esp), %ecx + xorl %esi, %edx + addl %eax, %ecx + cmpl %eax, %ecx + setb %al + movzbl %al, %esi + addl %esi, %edx + leal (%ebp,%edx), %esi + leal 0(,%esi,8), %eax + movl %ecx, %edx + leal 0(,%ecx,8), %ebp + movl %eax, 120(%esp) + shrl $29, %edx + xorl %eax, %eax + orl %edx, 120(%esp) + cmpl %ecx, %ebp + setb %al + leal (%esi,%eax), %edx + subl %ecx, %ebp + movl 196(%esp), %ecx + subl %edx, 120(%esp) + xorl %eax, %eax + movl 312(%esp), %edx + movl %ebp, 200(%esp) + movl 192(%esp), %ebp + movl 288(%esp), %esi + xorl %ecx, %edx + movl 308(%esp), %ecx + movl %edx, 188(%esp) + xorl %ebp, %ecx + movl 292(%esp), %ebp + movl %ecx, 184(%esp) + addl %edx, %ebp + cmpl %edx, %ebp + setb %al + addl %ecx, %eax + addl %esi, %eax + movl %eax, 180(%esp) + movl %edx, %eax + notl %eax + sall $19, %eax + xorl %ebp, %eax + cmpl %eax, %edi + setb %dl + subl %eax, %edi + movl %ecx, %eax + movl 188(%esp), %ecx + movzbl %dl, %esi + sall $19, %eax + movl 180(%esp), %edx + shrl $13, %ecx + orl %ecx, %eax + notl %edx + movl 272(%esp), %ecx + xorl %eax, %edx + addl %esi, %edx + movl 276(%esp), %eax + subl %edx, %ecx + movl %ecx, 176(%esp) + movl 260(%esp), %edx + xorl %edi, %eax + movl %eax, 172(%esp) + xorl %ecx, %edx + movl %edx, 164(%esp) + movl 244(%esp), %ecx + movl 240(%esp), %esi + addl %eax, %ecx + cmpl %eax, %ecx + setb %al + movl %ecx, 168(%esp) + movzbl %al, %eax + addl %edx, %eax + addl %esi, %eax + movl 172(%esp), %esi + sall $9, %edx + movl %eax, 160(%esp) + notl %ecx + movl 164(%esp), %eax + shrl $23, %esi + orl %edx, %esi + xorl %esi, %ecx + xorl %edx, %edx + cmpl %ecx, 228(%esp) + movl 228(%esp), %esi + notl %eax + setb %dl + subl %ecx, %esi + movl 160(%esp), %ecx + movl %esi, 156(%esp) + shrl $23, %eax + xorl %ecx, %eax + addl %edx, %eax + movl 220(%esp), %edx + movl 224(%esp), %ecx + subl %eax, %edx + movl 196(%esp), %eax + xorl %esi, %ecx + movl %edx, 152(%esp) + movl 212(%esp), %esi + movl %ecx, 148(%esp) + addl %ecx, %eax + xorl %edx, %esi + movl %eax, 144(%esp) + cmpl %ecx, %eax + setb %dl + movl %esi, 140(%esp) + movl 192(%esp), %ecx + movzbl %dl, %eax + movl 144(%esp), %edx + addl %esi, %eax + addl %ecx, %eax + movl %eax, 136(%esp) + xorl $-1985229329, %edx + xorl %eax, %eax + cmpl %edx, 188(%esp) + movl 136(%esp), %esi + movl 180(%esp), %ecx + setb %al + xorl %ebp, %ebx + xorl $19088743, %esi + xorl %ecx, 132(%esp) + addl %eax, %esi + movl %ebx, %eax + subl %esi, 184(%esp) + shrl $16, %eax + movzbl %bl,%esi + subl %edx, 188(%esp) + andl $255, %eax + movl tiger_table(,%esi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table+4(,%esi,8), %ebp + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 132(%esp),%eax + xorl %ebp, %edx + movl tiger_table+4096(,%eax,8), %esi + movl tiger_table+4100(,%eax,8), %ebp + movl 132(%esp), %eax + xorl %esi, %ecx + xorl %ebp, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + movl tiger_table+6148(,%eax,8), %ebp + xorl %eax, %eax + xorl %esi, %ecx + xorl %ebp, %edx + cmpl %ecx, 200(%esp) + movl 200(%esp), %esi + setb %al + addl %eax, %edx + subl %ecx, %esi + movzbl %bh, %ecx + movl %esi, 124(%esp) + movl tiger_table+6144(,%ecx,8), %ebp + movl tiger_table+6148(,%ecx,8), %esi + subl %edx, 120(%esp) + movl %ebx, %edx + shrl $24, %edx + movl tiger_table+4096(,%edx,8), %eax + movl 132(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %ebp, %eax + xorl %esi, %edx + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %ebp + shrl $24, %ecx + xorl %ebp, %eax + movl tiger_table+2052(,%esi,8), %ebp + movl tiger_table+4(,%ecx,8), %esi + xorl %ebp, %edx + movl tiger_table(,%ecx,8), %ebp + xorl %esi, %edx + movl 208(%esp), %esi + xorl %ebp, %eax + addl %eax, %esi + cmpl %eax, %esi + setb %al + movl %esi, %ebp + movzbl %al, %ecx + movl 204(%esp), %eax + addl %ecx, %edx + shrl $29, %ebp + leal 0(,%esi,8), %ecx + addl %eax, %edx + xorl %eax, %eax + movl %edx, 128(%esp) + sall $3, %edx + orl %ebp, %edx + leal (%esi,%ecx), %ebp + cmpl %ecx, %ebp + movl 128(%esp), %esi + setb %al + xorl %edi, 124(%esp) + addl %eax, %edx + movl 176(%esp), %ecx + xorl %ecx, 120(%esp) + addl %esi, %edx + movl 124(%esp), %eax + movzbl 124(%esp),%esi + movl %edx, 112(%esp) + shrl $16, %eax + andl $255, %eax + movl tiger_table(,%esi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table+4(,%esi,8), %edi + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 120(%esp),%eax + xorl %edi, %edx + movl tiger_table+4096(,%eax,8), %esi + movl tiger_table+4100(,%eax,8), %edi + movl 120(%esp), %eax + xorl %esi, %ecx + xorl %edi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + movl tiger_table+6148(,%eax,8), %edi + xorl %eax, %eax + xorl %esi, %ecx + xorl %edi, %edx + cmpl %ecx, %ebp + setb %al + subl %ecx, %ebp + addl %eax, %edx + movl %ebp, 116(%esp) + movl 124(%esp), %eax + subl %edx, 112(%esp) + movl %eax, %edx + movzbl %ah, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %esi + movl tiger_table+6148(,%ecx,8), %ebp + movl tiger_table+4096(,%edx,8), %eax + movl 120(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %esi, %eax + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %edi + shrl $24, %ecx + xorl %ebp, %edx + movl tiger_table+2052(,%esi,8), %ebp + movl tiger_table(,%ecx,8), %esi + xorl %edi, %eax + movl tiger_table+4(,%ecx,8), %edi + xorl %ebp, %edx + xorl %esi, %eax + addl %eax, %ebx + xorl %edi, %edx + cmpl %eax, %ebx + movl 132(%esp), %esi + setb %al + movl %ebx, %ecx + movzbl %al, %ebp + addl %ebp, %edx + shrl $29, %ecx + addl %edx, %esi + leal 0(,%ebx,8), %edx + xorl %eax, %eax + addl %edx, %ebx + leal 0(,%esi,8), %edi + orl %ecx, %edi + cmpl %edx, %ebx + setb %al + movl 164(%esp), %ecx + addl %eax, %edi + xorl %ecx, 112(%esp) + leal (%esi,%edi), %ebp + movl 172(%esp), %esi + xorl %esi, 116(%esp) + movl %ebp, 108(%esp) + movl 116(%esp), %eax + movzbl 116(%esp),%edi + shrl $16, %eax + andl $255, %eax + movl tiger_table(,%edi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table+4(,%edi,8), %ebp + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 112(%esp),%eax + xorl %ebp, %edx + movl tiger_table+4096(,%eax,8), %esi + movl tiger_table+4100(,%eax,8), %edi + xorl %eax, %eax + xorl %esi, %ecx + movl 112(%esp), %esi + xorl %edi, %edx + shrl $16, %esi + andl $255, %esi + movl tiger_table+6144(,%esi,8), %ebp + movl tiger_table+6148(,%esi,8), %edi + xorl %ebp, %ecx + xorl %edi, %edx + cmpl %ecx, %ebx + setb %al + addl %eax, %edx + subl %ecx, %ebx + subl %edx, 108(%esp) + movl 116(%esp), %edx + movzbl %dh, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %esi + movl tiger_table+6148(,%ecx,8), %ebp + movl tiger_table+4096(,%edx,8), %eax + movl 112(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %esi, %eax + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %edi + shrl $24, %ecx + xorl %ebp, %edx + movl tiger_table+2052(,%esi,8), %ebp + movl tiger_table+4(,%ecx,8), %esi + xorl %edi, %eax + movl tiger_table(,%ecx,8), %edi + xorl %ebp, %edx + xorl %esi, %edx + movl 124(%esp), %esi + xorl %edi, %eax + addl %eax, %esi + cmpl %eax, %esi + setb %al + movl %esi, %edi + movzbl %al, %ebp + addl %ebp, %edx + movl 120(%esp), %ebp + leal 0(,%esi,8), %ecx + shrl $29, %edi + xorl %eax, %eax + addl %edx, %ebp + leal 0(,%ebp,8), %edx + orl %edi, %edx + leal (%esi,%ecx), %edi + cmpl %ecx, %edi + setb %al + addl %eax, %edx + leal (%ebp,%edx), %esi + movl %esi, 100(%esp) + movl 168(%esp), %ebp + movl 160(%esp), %ecx + xorl %ecx, 108(%esp) + xorl %ebp, %ebx + movl %ebx, %eax + shrl $16, %eax + movzbl %bl,%esi + andl $255, %eax + movl tiger_table(,%esi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table+4(,%esi,8), %ebp + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 108(%esp),%eax + xorl %ebp, %edx + movl tiger_table+4096(,%eax,8), %esi + movl tiger_table+4100(,%eax,8), %ebp + movl 108(%esp), %eax + xorl %esi, %ecx + xorl %ebp, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + movl tiger_table+6148(,%eax,8), %ebp + xorl %eax, %eax + xorl %esi, %ecx + xorl %ebp, %edx + cmpl %ecx, %edi + setb %al + addl %eax, %edx + subl %ecx, %edi + subl %edx, 100(%esp) + movl %ebx, %edx + movzbl %bh, %ecx + movl %edi, 104(%esp) + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %esi + movl tiger_table+6148(,%ecx,8), %ebp + movl tiger_table+4096(,%edx,8), %eax + movl 108(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %esi, %eax + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %edi + shrl $24, %ecx + xorl %ebp, %edx + movl tiger_table+2052(,%esi,8), %ebp + movl tiger_table+4(,%ecx,8), %esi + xorl %edi, %eax + xorl %ebp, %edx + movl tiger_table(,%ecx,8), %edi + xorl %esi, %edx + movl 116(%esp), %esi + xorl %edi, %eax + addl %eax, %esi + cmpl %eax, %esi + movl %esi, %edi + setb %al + movzbl %al, %ebp + leal 0(,%esi,8), %ecx + addl %ebp, %edx + movl 112(%esp), %ebp + shrl $29, %edi + xorl %eax, %eax + addl %edx, %ebp + leal 0(,%ebp,8), %edx + orl %edi, %edx + leal (%esi,%ecx), %edi + cmpl %ecx, %edi + setb %al + addl %eax, %edx + movl 152(%esp), %ecx + leal (%ebp,%edx), %esi + movl %esi, 92(%esp) + movl 156(%esp), %ebp + xorl %ebp, 104(%esp) + xorl %ecx, 100(%esp) + movl 104(%esp), %eax + movzbl 104(%esp),%esi + shrl $16, %eax + andl $255, %eax + movl tiger_table(,%esi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table+4(,%esi,8), %ebp + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 100(%esp),%eax + xorl %ebp, %edx + movl tiger_table+4096(,%eax,8), %esi + movl tiger_table+4100(,%eax,8), %ebp + movl 100(%esp), %eax + xorl %esi, %ecx + xorl %ebp, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + movl tiger_table+6148(,%eax,8), %ebp + xorl %eax, %eax + xorl %esi, %ecx + xorl %ebp, %edx + cmpl %ecx, %edi + setb %al + addl %eax, %edx + subl %ecx, %edi + subl %edx, 92(%esp) + movl 104(%esp), %edx + movl %edi, 96(%esp) + movzbl %dh, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %esi + movl tiger_table+6148(,%ecx,8), %ebp + movl tiger_table+4096(,%edx,8), %eax + movl 100(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %esi, %eax + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %edi + shrl $24, %ecx + xorl %ebp, %edx + movl tiger_table+2052(,%esi,8), %ebp + movl tiger_table(,%ecx,8), %esi + xorl %edi, %eax + movl tiger_table+4(,%ecx,8), %edi + xorl %ebp, %edx + xorl %esi, %eax + addl %eax, %ebx + movl 108(%esp), %esi + xorl %edi, %edx + cmpl %eax, %ebx + setb %al + movzbl %al, %ebp + movl %ebx, %ecx + addl %ebp, %edx + addl %edx, %esi + leal 0(,%ebx,8), %edx + addl %edx, %ebx + shrl $29, %ecx + xorl %eax, %eax + leal 0(,%esi,8), %edi + orl %ecx, %edi + cmpl %edx, %ebx + movl 140(%esp), %ecx + setb %al + addl %eax, %edi + leal (%esi,%edi), %ebp + xorl %ecx, 92(%esp) + movl 148(%esp), %esi + xorl %esi, 96(%esp) + movl %ebp, 88(%esp) + movl 96(%esp), %eax + movzbl 96(%esp),%edi + shrl $16, %eax + andl $255, %eax + movl tiger_table(,%edi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table+4(,%edi,8), %ebp + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movzbl 92(%esp),%eax + xorl %ebp, %edx + movl tiger_table+4096(,%eax,8), %esi + movl tiger_table+4100(,%eax,8), %edi + xorl %eax, %eax + xorl %esi, %ecx + movl 92(%esp), %esi + xorl %edi, %edx + shrl $16, %esi + andl $255, %esi + movl tiger_table+6144(,%esi,8), %ebp + movl tiger_table+6148(,%esi,8), %edi + xorl %ebp, %ecx + xorl %edi, %edx + cmpl %ecx, %ebx + setb %al + addl %eax, %edx + subl %ecx, %ebx + subl %edx, 88(%esp) + movl 96(%esp), %edx + movzbl %dh, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %esi + movl tiger_table+6148(,%ecx,8), %ebp + movl tiger_table+4096(,%edx,8), %eax + movl 92(%esp), %ecx + movl tiger_table+4100(,%edx,8), %edx + xorl %esi, %eax + movzbl %ch, %esi + movl tiger_table+2048(,%esi,8), %edi + shrl $24, %ecx + xorl %ebp, %edx + movl tiger_table+2052(,%esi,8), %ebp + movl tiger_table+4(,%ecx,8), %esi + xorl %edi, %eax + movl tiger_table(,%ecx,8), %edi + xorl %ebp, %edx + xorl %esi, %edx + movl 104(%esp), %esi + xorl %edi, %eax + addl %eax, %esi + cmpl %eax, %esi + setb %al + movl %esi, %edi + movzbl %al, %ebp + addl %ebp, %edx + movl 100(%esp), %ebp + leal 0(,%esi,8), %ecx + shrl $29, %edi + xorl %eax, %eax + addl %edx, %ebp + leal 0(,%ebp,8), %edx + orl %edi, %edx + leal (%esi,%ecx), %edi + movl 144(%esp), %esi + cmpl %ecx, %edi + setb %al + addl %eax, %edx + movl 136(%esp), %ecx + xorl %esi, %ebx + xorl %ecx, 88(%esp) + movl %ebx, %eax + shrl $16, %eax + movzbl %bl,%esi + andl $255, %eax + addl %edx, %ebp + movl tiger_table+2048(,%eax,8), %ecx + movl tiger_table(,%esi,8), %edx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl tiger_table+4(,%esi,8), %eax + xorl %eax, %edx + movzbl 88(%esp),%eax + movl tiger_table+4096(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+4100(,%eax,8), %esi + movl 88(%esp), %eax + xorl %esi, %edx + shrl $16, %eax + andl $255, %eax + movl tiger_table+6144(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %esi, %edx + cmpl %ecx, %edi + setb %al + addl %eax, %edx + subl %ecx, %edi + subl %edx, %ebp + movl %ebx, %edx + movzbl %bh, %ecx + shrl $24, %edx + movl tiger_table+6144(,%ecx,8), %esi + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %esi, %eax + movl tiger_table+6148(,%ecx,8), %esi + movl 88(%esp), %ecx + xorl %esi, %edx + movzbl %ch, %esi + shrl $24, %ecx + xorl tiger_table+2048(,%esi,8), %eax + xorl tiger_table+2052(,%esi,8), %edx + movl tiger_table(,%ecx,8), %esi + xorl %esi, %eax + movl tiger_table+4(,%ecx,8), %esi + xorl %esi, %edx + movl 96(%esp), %esi + addl %eax, %esi + cmpl %eax, %esi + setb %cl + movzbl %cl, %eax + movl 92(%esp), %ecx + addl %eax, %edx + movl %esi, %eax + shrl $29, %eax + addl %ecx, %edx + movl %edx, 84(%esp) + leal 0(,%esi,8), %ecx + addl %ecx, %esi + movl %esi, 80(%esp) + sall $3, %edx + orl %eax, %edx + xorl %eax, %eax + cmpl %ecx, %esi + setb %al + movl 188(%esp), %esi + addl %eax, %edx + movl 84(%esp), %eax + movl 184(%esp), %ecx + xorl %esi, %edi + addl %eax, %edx + movl %edx, 76(%esp) + movl %edi, %eax + movl %edi, %esi + shrl $16, %eax + andl $255, %esi + andl $255, %eax + xorl %ecx, %ebp + movl tiger_table(,%esi,8), %edx + movl tiger_table+2048(,%eax,8), %ecx + xorl %edx, %ecx + movl tiger_table+2052(,%eax,8), %edx + movl tiger_table+4(,%esi,8), %eax + xorl %eax, %edx + movl %ebp, %eax + andl $255, %eax + movl tiger_table+4096(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+4100(,%eax,8), %esi + movl %ebp, %eax + shrl $16, %eax + andl $255, %eax + xorl %esi, %edx + movl tiger_table+6144(,%eax,8), %esi + xorl %esi, %ecx + movl tiger_table+6148(,%eax,8), %esi + xorl %eax, %eax + xorl %esi, %edx + cmpl %ecx, 80(%esp) + setb %al + addl %eax, %edx + subl %edx, 76(%esp) + movl %edi, %eax + movl %edi, %edx + subl %ecx, 80(%esp) + shrl $24, %edx + movzbl %ah, %ecx + movl tiger_table+6144(,%ecx,8), %esi + movl tiger_table+4096(,%edx,8), %eax + movl tiger_table+4100(,%edx,8), %edx + xorl %esi, %eax + movl tiger_table+6148(,%ecx,8), %esi + movl %ebp, %ecx + xorl %esi, %edx + movzbl %ch, %esi + shrl $24, %ecx + xorl tiger_table+2048(,%esi,8), %eax + xorl tiger_table+2052(,%esi,8), %edx + movl tiger_table(,%ecx,8), %esi + xorl %esi, %eax + movl tiger_table+4(,%ecx,8), %esi + addl %eax, %ebx + xorl %esi, %edx + cmpl %eax, %ebx + setb %cl + movl %ebx, %eax + movzbl %cl, %esi + leal 0(,%ebx,8), %ecx + addl %esi, %edx + movl 88(%esp), %esi + shrl $29, %eax + addl %ecx, %ebx + addl %edx, %esi + leal 0(,%esi,8), %edx + orl %eax, %edx + xorl %eax, %eax + cmpl %ecx, %ebx + setb %al + addl %eax, %edx + movl 72(%esp), %ecx + movl 68(%esp), %eax + leal (%esi,%edx), %edx + xorl %ecx, %ebx + movl 64(%esp), %ecx + xorl %eax, %edx + xorl %eax, %eax + movl 496(%esp), %esi + cmpl 496(%esp), %edi + setb %al + addl %ecx, %eax + subl %eax, %ebp + movl 80(%esp), %ecx + subl %esi, %edi + movl 492(%esp), %eax + movl 60(%esp), %esi + addl %eax, %ecx + xorl %eax, %eax + cmpl 492(%esp), %ecx + setb %al + addl %esi, %eax + movl 76(%esp), %esi + addl %esi, %eax + movl 532(%esp), %esi + movl %ebx, (%esi) + movl %edx, 4(%esi) + movl %edi, 8(%esi) + movl %ebp, 12(%esi) + movl %ecx, 16(%esi) + movl %eax, 20(%esi) + subl $64, 500(%esp) + addl $64, 524(%esp) + cmpl $63, 500(%esp) + ja .L6 +.L8: + addl $504, %esp + popl %ebx + popl %esi + popl %edi + popl %ebp + ret + .size tiger_t, .-tiger_t +.globl tiger + .type tiger, @function +tiger: + pushl %ebp + movl %esp, %ebp + pushl %edi + pushl %esi + pushl %ebx + subl $84, %esp + movl 12(%ebp), %esi + movl 8(%ebp), %ebx + movl 16(%ebp), %edi + cmpl $63, %esi + jbe .L33 +.L42: + movl %ebx, (%esp) + subl $64, %esi + addl $64, %ebx + movl %edi, 4(%esp) + call tiger_compress + cmpl $63, %esi + ja .L42 +.L33: + xorl %ecx, %ecx + cmpl %esi, %ecx + jb .L126 +.L35: + movb $1, -88(%ecx,%ebp) + leal 1(%ecx), %eax + testb $7, %al + je .L37 +.L44: + movb $0, -88(%ebp,%eax) + incl %eax + testb $7, %al + jne .L44 +.L37: + cmpl $56, %eax + jbe .L23 + cmpl $63, %eax + jbe .L127 +.L39: + movl %edi, 4(%esp) + leal -88(%ebp), %eax + movl %eax, (%esp) + call tiger_compress + xorl %eax, %eax +.L23: + cmpl $55, %eax + ja .L41 + movb $0, -88(%ebp,%eax) + movl %eax, %ecx + leal 1(%eax), %edx + notl %ecx + andl $7, %ecx + cmpl $55, %edx + ja .L41 + testl %ecx, %ecx + je .L46 + cmpl $1, %ecx + je .L129 + cmpl $2, %ecx + je .L130 + cmpl $3, %ecx + je .L131 + cmpl $4, %ecx + je .L132 + cmpl $5, %ecx + je .L133 + cmpl $6, %ecx + je .L134 + movb $0, -88(%ebp,%edx) + leal 2(%eax), %edx +.L134: + movb $0, -88(%ebp,%edx) + incl %edx +.L133: + movb $0, -88(%ebp,%edx) + incl %edx +.L132: + movb $0, -88(%ebp,%edx) + incl %edx +.L131: + movb $0, -88(%ebp,%edx) + incl %edx +.L130: + movb $0, -88(%ebp,%edx) + incl %edx +.L129: + movb $0, -88(%ebp,%edx) + incl %edx + cmpl $55, %edx + ja .L41 +.L46: + movb $0, -88(%ebp,%edx) + movb $0, -87(%edx,%ebp) + movb $0, -86(%edx,%ebp) + movb $0, -85(%edx,%ebp) + movb $0, -84(%edx,%ebp) + movb $0, -83(%edx,%ebp) + movb $0, -82(%edx,%ebp) + movb $0, -81(%edx,%ebp) + addl $8, %edx + cmpl $55, %edx + ja .L41 + jmp .L46 +.L127: + movb $0, -88(%ebp,%eax) + movl %eax, %ecx + leal 1(%eax), %edx + notl %ecx + andl $7, %ecx + cmpl $63, %edx + ja .L39 + testl %ecx, %ecx + je .L45 + cmpl $1, %ecx + je .L135 + cmpl $2, %ecx + je .L136 + cmpl $3, %ecx + je .L137 + cmpl $4, %ecx + je .L138 + cmpl $5, %ecx + je .L139 + cmpl $6, %ecx + je .L140 + movb $0, -88(%ebp,%edx) + leal 2(%eax), %edx +.L140: + movb $0, -88(%ebp,%edx) + incl %edx +.L139: + movb $0, -88(%ebp,%edx) + incl %edx +.L138: + movb $0, -88(%ebp,%edx) + incl %edx +.L137: + movb $0, -88(%ebp,%edx) + incl %edx +.L136: + movb $0, -88(%ebp,%edx) + incl %edx +.L135: + movb $0, -88(%ebp,%edx) + incl %edx + cmpl $63, %edx + ja .L39 +.L45: + movb $0, -88(%ebp,%edx) + movb $0, -87(%edx,%ebp) + movb $0, -86(%edx,%ebp) + movb $0, -85(%edx,%ebp) + movb $0, -84(%edx,%ebp) + movb $0, -83(%edx,%ebp) + movb $0, -82(%edx,%ebp) + movb $0, -81(%edx,%ebp) + addl $8, %edx + cmpl $63, %edx + ja .L39 + jmp .L45 +.L126: + movl %ecx, %eax + notl %eax + leal (%eax,%esi), %edx + movzbl (%ebx,%ecx), %eax + andl $7, %edx + movb %al, -88(%ebp,%ecx) + incl %ecx + cmpl %esi, %ecx + jae .L35 + testl %edx, %edx + je .L43 + cmpl $1, %edx + je .L141 + cmpl $2, %edx + je .L142 + cmpl $3, %edx + je .L143 + cmpl $4, %edx + je .L144 + cmpl $5, %edx + je .L145 + cmpl $6, %edx + je .L146 + movzbl (%ebx,%ecx), %edx + movb %dl, -88(%ebp,%ecx) + incl %ecx +.L146: + movzbl (%ebx,%ecx), %eax + movb %al, -88(%ebp,%ecx) + incl %ecx +.L145: + movzbl (%ebx,%ecx), %edx + movb %dl, -88(%ebp,%ecx) + incl %ecx +.L144: + movzbl (%ebx,%ecx), %eax + movb %al, -88(%ebp,%ecx) + incl %ecx +.L143: + movzbl (%ebx,%ecx), %edx + movb %dl, -88(%ebp,%ecx) + incl %ecx +.L142: + movzbl (%ebx,%ecx), %eax + movb %al, -88(%ebp,%ecx) + incl %ecx +.L141: + movzbl (%ebx,%ecx), %edx + movb %dl, -88(%ebp,%ecx) + incl %ecx + cmpl %esi, %ecx + jae .L35 +.L43: + movzbl (%ebx,%ecx), %edx + movb %dl, -88(%ebp,%ecx) + leal 1(%ecx), %edx + movzbl (%ebx,%edx), %eax + movb %al, -88(%ebp,%edx) + leal 2(%ecx), %edx + movzbl (%ebx,%edx), %eax + movb %al, -88(%ebp,%edx) + leal 3(%ecx), %edx + movzbl (%ebx,%edx), %eax + movb %al, -88(%ebp,%edx) + leal 4(%ecx), %edx + movzbl (%ebx,%edx), %eax + movb %al, -88(%ebp,%edx) + leal 5(%ecx), %edx + movzbl (%ebx,%edx), %eax + movb %al, -88(%ebp,%edx) + leal 6(%ecx), %edx + movzbl (%ebx,%edx), %eax + movb %al, -88(%ebp,%edx) + leal 7(%ecx), %edx + addl $8, %ecx + movzbl (%ebx,%edx), %eax + cmpl %esi, %ecx + movb %al, -88(%ebp,%edx) + jae .L35 + jmp .L43 +.L41: + movl %edi, 4(%esp) + movl 12(%ebp), %ebx + leal -88(%ebp), %ecx + movl $0, -28(%ebp) + movl %ecx, (%esp) + sall $3, %ebx + movl %ebx, -32(%ebp) + call tiger_compress + addl $84, %esp + popl %ebx + popl %esi + popl %edi + popl %ebp + ret + .size tiger, .-tiger + .section .note.GNU-stack,"",@progbits + .ident "GCC: (GNU) 3.4.0" Index: /tags/2.5.0/src/sh_tiger1_64.c =================================================================== --- /tags/2.5.0/src/sh_tiger1_64.c (revision 189) +++ /tags/2.5.0/src/sh_tiger1_64.c (revision 189) @@ -0,0 +1,475 @@ +/* Do not include ANY system headers here. The implementation is */ +/* somehow flawed - maybe something gets overlayed by definitions */ +/* in the system headers. Results will become incorrect. */ + +#include "config_xor.h" + +#if defined(TIGER_64_BIT) + +/* #if defined(HAVE_LONG_64) || defined(HAVE_LONG_LONG_64) */ + +#undef USE_MEMSET + +/* Big endian: */ +#ifdef WORDS_BIGENDIAN +#define BIG_ENDIAN +#endif + +/* Tiger: A Fast New Hash Function + * + * Ross Anderson and Eli Biham + * + * From the homepage (http://www.cs.technion.ac.il/~biham/Reports/Tiger/): + * + * Tiger has no usage restrictions nor patents. It can be used freely, + * with the reference implementation, with other implementations or with + * a modification to the reference implementation (as long as it still + * implements Tiger). We only ask you to let us know about your + * implementation and to cite the origin of Tiger and of the reference + * implementation. + * + * + * The authors' home pages can be found both in + * http://www.cs.technion.ac.il/~biham/ and in + * http://www.cl.cam.ac.uk/users/rja14/. + * The authors' email addresses are biham@cs.technion.ac.il + * and rja14@cl.cam.ac.uk. + */ + +#if defined(HAVE_LONG_64) +typedef unsigned long int word64; +#elif defined(HAVE_LONG_LONG_64) +typedef unsigned long long int word64; +#else +#error No 64 bit type found ! +#endif + +#if defined(HAVE_INT_32) +typedef unsigned int sh_word32; +#elif defined(HAVE_LONG_32) +typedef unsigned long sh_word32; +#elif defined(HAVE_SHORT_32) +typedef unsigned short sh_word32; +#else +#error No 32 bit type found ! +#endif + +typedef unsigned char sh_byte; + +#if defined(TIGER_OPT_ASM) +#define TIGER_ASM64_2 1 +#else +#define TIGER_C 1 +#endif + +/* The number of passes of the hash function. */ +/* Three passes are recommended. */ +/* Use four passes when you need extra security. */ +/* Must be at least three. */ +#define PASSES 3 + +extern word64 tiger_table[4*256]; + +/* Volatile can help if compiler is smart enough to use memory operand */ +static /*volatile*/ const word64 XOR_CONST1=0xA5A5A5A5A5A5A5A5LL; +static /*volatile*/ const word64 XOR_CONST2=0x0123456789ABCDEFLL; + +#define t1 (tiger_table) +#define t2 (tiger_table+256) +#define t3 (tiger_table+256*2) +#define t4 (tiger_table+256*3) + +#define pass_start +#define pass_end + + + +#define save_abc \ + aa = a; \ + bb = b; \ + cc = c; + +#ifdef TIGER_C + +#define BN(x,n) (((x)>>((n)*8))&0xFF) + + +/* Depending on outer code one of these two can be better*/ +#define roundX(a,b,c,x) \ + c ^= x; \ + a -= t1[BN(c,0)] ^ t2[BN(c,2)] ^ \ + t3[BN(c,4)] ^ t4[BN(c,6)] ; \ + b += t4[BN(c,1)] ^ t3[BN(c,3)] ^ \ + t2[BN(c,5)] ^ t1[BN(c,7)] ; + +#define round5(a,b,c,x) roundX(a,b,c,x) b = b+b*4; +#define round7(a,b,c,x) roundX(a,b,c,x) b = b*8-b; +#define round9(a,b,c,x) roundX(a,b,c,x) b = b+b*8; + +#endif + + +#ifdef TIGER_OPT_ASM + +#define MASK0 0xFFL +#define MASK8 0xFF00L +#define MASK16 0xFF0000L +#define MASK32 0xFF00000000LL +#define MASK40 0xFF0000000000LL +#define MASK48 0xFF000000000000LL + +#define roundstart __asm__ ( + +/* a will be moved into different reg each round + * using register substitution feature of GCC asm + * b will be moved in 2-nd pass rounds only + */ + + +#define roundend(a,b,c,x) \ + : "+r" (a), "+r" (b), "+r" (c) \ + : "r" (a), "r" (b), "r" (c), "m" (x), "r" (&tiger_table),\ + "i" (MASK0), "i" (MASK8), "i" (MASK16), "r" (MASK32), "r" (MASK40), "r" (MASK48) \ + : "3", "%rax","%rbx","%rcx","%rdx","%rsi", "%edi", "%r8" ); + + +/* c ^= x; + a -= t1[BN(c,0)] ^ t2[BN(c,2)] ^ + t3[BN(c,4)] ^ t4[BN(c,6)] ; + b += t4[BN(c,1)] ^ t3[BN(c,3)] ^ + t2[BN(c,5)] ^ t1[BN(c,7)] ; */ + +#define roundX(a,b,c,x) \ +" movl %10, %%ebx \n"\ +" movq %11, %%rcx \n"\ +" movq %13, %%rdx \n"\ +" movq %6, %%r8 \n"\ +" xorq %%r8, %2 \n" \ +" andq %2, %%rbx \n"\ +" andq %2, %%rcx \n"\ +" andq %2, %%rdx \n"\ +" shrl $(16-3), %%ebx \n"\ +" shrq $(32-3), %%rcx \n"\ +" shrq $(48-3), %%rdx \n"\ +" movzbl %2b, %%eax \n"\ +" movzwl %2w, %%edi \n"\ +" movq (%7,%%rax,8), %%rsi \n"\ +" shrl $(8), %%edi \n" \ +" movq %2, %%rax \n" \ +" xorq (2048*1)(%7,%%rbx), %%rsi \n"\ +" movq %2, %%rbx \n"\ +" shrl $24, %%eax \n"\ +" andq %12, %%rbx \n"\ +" xorq (2048*2)(%7,%%rcx), %%rsi \n"\ +" shrq $(40-3), %%rbx \n"\ +" movq %2, %%rcx \n"\ +" xorq (2048*3)(%7,%%rdx), %%rsi \n"\ +" movq (2048*3)(%7,%%rdi,8), %%rdx \n"\ +" shrq $56, %%rcx \n"\ +" xorq (2048*2)(%7,%%rax,8), %%rdx \n"\ +" xorq (2048*1)(%7,%%rbx), %%rdx \n" \ +" subq %%rsi, %0 \n"\ +" xorq (%7,%%rcx,8), %%rdx \n"\ +" addq %%rdx, %1 \n" + +#define round5(a,b,c,x) \ + roundstart \ + roundX(a,b,c,x) \ + /* b*=5; */ \ + "leaq (%1,%1,4), %1\n" \ + roundend(a,b,c,x) + + +#define round7(a,b,c,x) \ + roundstart \ + roundX(a,b,c,x) \ + roundend(a,b,c,x) \ + /* b*=7; */ \ + __asm__ ( \ + "leaq (%1,%1,8), %0\n" \ + "addq %1, %1 \n" \ + "subq %1, %0 " \ + :"=&r" (b): "r"(b): "1" ); + +#define round9(a,b,c,x) \ + roundstart \ + roundX(a,b,c,x) \ + "leaq (%1,%1,8), %1\n" \ + roundend(a,b,c,x) + +#endif + + + + +/* ============== Common macros ================== */ + +#define key_schedule \ + x0 -= x7 ^ XOR_CONST1; \ + x1 ^= x0; \ + x2 += x1;\ + x3 -= x2 ^ ((~x1)<<19);\ + x4 ^= x3;\ + x5 += x4;\ + x6 -= x5 ^ ((~x4)>>23); \ + x7 ^= x6; \ + x0 += x7; \ + x1 -= x0 ^ ((~x7)<<19); \ + x2 ^= x1; \ + x3 += x2; \ + x4 -= x3 ^ ((~x2)>>23); \ + x5 ^= x4; \ + x6 += x5; \ + x7 -= x6 ^ XOR_CONST2; + +#define pass5n(a,b,c) \ + round5(a,b,c,x0) \ + x0 -= x7 ^ XOR_CONST1; \ + round5(b,c,a,x1) \ + x1 ^= x0; \ + round5(c,a,b,x2) \ + x2 += x1; \ + round5(a,b,c,x3) \ + x3 -= x2 ^ ((~x1)<<19); \ + round5(b,c,a,x4) \ + x4 ^= x3; \ + round5(c,a,b,x5) \ + x5 += x4; \ + round5(a,b,c,x6) \ + x6 -= x5 ^ ((~x4)>>23); \ + round5(b,c,a,x7) \ + x7 ^= x6; \ + x0 += x7; \ + x1 -= x0 ^ ((~x7)<<19); \ + x2 ^= x1; \ + x3 += x2; \ + x4 -= x3 ^ ((~x2)>>23); \ + x5 ^= x4; \ + x6 += x5; \ + x7 -= x6 ^ XOR_CONST2; + +#define pass7n(a,b,c) \ + round7(a,b,c,x0) \ + x0 -= x7 ^ XOR_CONST1; \ + round7(b,c,a,x1) \ + x1 ^= x0; \ + round7(c,a,b,x2) \ + x2 += x1; \ + round7(a,b,c,x3) \ + x3 -= x2 ^ ((~x1)<<19); \ + round7(b,c,a,x4) \ + x4 ^= x3; \ + round7(c,a,b,x5) \ + x5 += x4; \ + round7(a,b,c,x6) \ + x6 -= x5 ^ ((~x4)>>23); \ + round7(b,c,a,x7) \ + x7 ^= x6; \ + x0 += x7; \ + x1 -= x0 ^ ((~x7)<<19); \ + x2 ^= x1; \ + x3 += x2; \ + x4 -= x3 ^ ((~x2)>>23); \ + x5 ^= x4; \ + x6 += x5; \ + x7 -= x6 ^ XOR_CONST2; + +#define pass5(a,b,c) \ + pass_start \ + round5(a,b,c,x0) \ + round5(b,c,a,x1) \ + round5(c,a,b,x2) \ + round5(a,b,c,x3) \ + round5(b,c,a,x4) \ + round5(c,a,b,x5) \ + round5(a,b,c,x6) \ + round5(b,c,a,x7) \ + pass_end + +#define pass7(a,b,c) \ + pass_start \ + round7(a,b,c,x0) \ + round7(b,c,a,x1) \ + round7(c,a,b,x2) \ + round7(a,b,c,x3) \ + round7(b,c,a,x4) \ + round7(c,a,b,x5) \ + round7(a,b,c,x6) \ + round7(b,c,a,x7) \ + pass_end + + +#define pass9(a,b,c) \ + pass_start \ + round9(a,b,c,x0) \ + round9(b,c,a,x1) \ + round9(c,a,b,x2) \ + round9(a,b,c,x3) \ + round9(b,c,a,x4) \ + round9(c,a,b,x5) \ + round9(a,b,c,x6) \ + round9(b,c,a,x7) \ + pass_end + +#define feedforward \ + a ^= aa; \ + b -= bb; \ + c += cc; + + +/* This version works ok with C variant and also with new asm version + * that just wastes a register r8 + * reason? who knows, write forwarding is faster than keeping value + * in register? :) + */ +#define compress \ + save_abc \ + pass5n(a,b,c) \ + pass7n(c,a,b) \ + pass9(b,c,a) \ + for(pass_no=3; pass_no=64; i-=64) + { +#ifdef BIG_ENDIAN + for(j=0; j<64; j++) + temp[j^7] = ((sh_byte*)str)[j]; + tiger_compress(((word64*)temp), res); +#else + tiger_compress(str, res); +#endif + str += 8; + } +} + +void tiger(const word64 *str, word64 length, word64 res[3]) +{ + register word64 i; + register word64 j = 0; + unsigned char temp[64]; + + /* + * res[0]=0x0123456789ABCDEFLL; + * res[1]=0xFEDCBA9876543210LL; + * res[2]=0xF096A5B4C3B2E187LL; + */ + + for(i=length; i>=64; i-=64) + { +#ifdef BIG_ENDIAN + for(j=0; j<64; j++) + temp[j^7] = ((sh_byte*)str)[j]; + tiger_compress(((word64*)temp), res); +#else + tiger_compress(str, res); +#endif + str += 8; + } + +#ifdef BIG_ENDIAN + for(j=0; j56) + { +#ifndef USE_MEMSET + for(; j<64; j++) + temp[j] = 0; +#else + memset( temp+j, 0, 64-j); +#endif + tiger_compress(((word64*)temp), res); + j=0; + } + +#ifndef USE_MEMSET + for(; j<56; j++) + temp[j] = 0; +#else + memset( temp+j, 0, 56-j); +#endif + + ((word64*)(&(temp[56])))[0] = ((word64)length)<<3; + tiger_compress(((word64*)temp), res); +} + +#endif Index: /tags/2.5.0/src/sh_tiger2.c =================================================================== --- /tags/2.5.0/src/sh_tiger2.c (revision 189) +++ /tags/2.5.0/src/sh_tiger2.c (revision 189) @@ -0,0 +1,561 @@ +/* Tiger: A Fast New Hash Function + * + * Ross Anderson and Eli Biham + * + * From the homepage (http://www.cs.technion.ac.il/~biham/Reports/Tiger/): + * + * Tiger has no usage restrictions nor patents. It can be used freely, + * with the reference implementation, with other implementations or with + * a modification to the reference implementation (as long as it still + * implements Tiger). We only ask you to let us know about your + * implementation and to cite the origin of Tiger and of the reference + * implementation. + * + * + * The authors' home pages can be found both in + * http://www.cs.technion.ac.il/~biham/ and in + * http://www.cl.cam.ac.uk/users/rja14/. + * The authors' email addresses are biham@cs.technion.ac.il + * and rja14@cl.cam.ac.uk. + */ + +#include "config_xor.h" + + +#if !defined(TIGER_64_BIT) + +/* #if !defined(HAVE_LONG_64) && !defined(HAVE_LONG_LONG_64) */ + +/* sboxes32.c: Tiger S boxes for 32-bit-only compilers */ +#if defined(HAVE_INT_32) +typedef unsigned int sh_word32; +#elif defined(HAVE_LONG_32) +typedef unsigned long sh_word32; +#elif defined(HAVE_SHORT_32) +typedef unsigned short sh_word32; +#else +#error No 32 bit type found ! +#endif + +sh_word32 tiger_table[4*256][2] = { + { 0xF7E90C5E, 0x02AAB17C /* 0 */}, { 0xE243A8EC, 0xAC424B03 /* 1 */}, + { 0x0DD5FCD3, 0x72CD5BE3 /* 2 */}, { 0xF6F97F3A, 0x6D019B93 /* 3 */}, + { 0xD21F9193, 0xCD9978FF /* 4 */}, { 0x708029E2, 0x7573A1C9 /* 5 */}, + { 0x922A83C3, 0xB164326B /* 6 */}, { 0x04915870, 0x46883EEE /* 7 */}, + { 0x7103ECE6, 0xEAACE305 /* 8 */}, { 0x08A3535C, 0xC54169B8 /* 9 */}, + { 0x8DDEC47C, 0x4CE75491 /* 10 */}, { 0xDC0DF40C, 0x0AA2F4DF /* 11 */}, + { 0xA74DBEFA, 0x10B76F18 /* 12 */}, { 0x5AD1AB6A, 0xC6CCB623 /* 13 */}, + { 0x572FE2FF, 0x13726121 /* 14 */}, { 0x199D921E, 0x1A488C6F /* 15 */}, + { 0xDA0007CA, 0x4BC9F9F4 /* 16 */}, { 0xE85241C7, 0x26F5E6F6 /* 17 */}, + { 0xEA5947B6, 0x859079DB /* 18 */}, { 0xC99E8C92, 0x4F1885C5 /* 19 */}, + { 0xA96F864B, 0xD78E761E /* 20 */}, { 0x52B5C17D, 0x8E36428C /* 21 */}, + { 0x373063C1, 0x69CF6827 /* 22 */}, { 0x9BB4C56E, 0xB607C93D /* 23 */}, + { 0x0E76B5EA, 0x7D820E76 /* 24 */}, { 0xF07FDC42, 0x645C9CC6 /* 25 */}, + { 0x243342E0, 0xBF38A078 /* 26 */}, { 0x9D2E7D04, 0x5F6B343C /* 27 */}, + { 0x600B0EC6, 0xF2C28AEB /* 28 */}, { 0x7254BCAC, 0x6C0ED85F /* 29 */}, + { 0xA4DB4FE5, 0x71592281 /* 30 */}, { 0xCE0FED9F, 0x1967FA69 /* 31 */}, + { 0xB96545DB, 0xFD5293F8 /* 32 */}, { 0xF2A7600B, 0xC879E9D7 /* 33 */}, + { 0x0193194E, 0x86024892 /* 34 */}, { 0x2D9CC0B3, 0xA4F9533B /* 35 */}, + { 0x15957613, 0x9053836C /* 36 */}, { 0xFC357BF1, 0xDB6DCF8A /* 37 */}, + { 0x7A370F57, 0x18BEEA7A /* 38 */}, { 0x50B99066, 0x037117CA /* 39 */}, + { 0x74424A35, 0x6AB30A97 /* 40 */}, { 0xE325249B, 0xF4E92F02 /* 41 */}, + { 0x061CCAE1, 0x7739DB07 /* 42 */}, { 0xECA42A05, 0xD8F3B49C /* 43 */}, + { 0x51382F73, 0xBD56BE3F /* 44 */}, { 0x43B0BB28, 0x45FAED58 /* 45 */}, + { 0x11BF1F83, 0x1C813D5C /* 46 */}, { 0xD75FA169, 0x8AF0E4B6 /* 47 */}, + { 0x87AD9999, 0x33EE18A4 /* 48 */}, { 0xB1C94410, 0x3C26E8EA /* 49 */}, + { 0xC0A822F9, 0xB510102B /* 50 */}, { 0x0CE6123B, 0x141EEF31 /* 51 */}, + { 0x59DDB154, 0xFC65B900 /* 52 */}, { 0xC5E0E607, 0xE0158640 /* 53 */}, + { 0x26C3A3CF, 0x884E0798 /* 54 */}, { 0x23C535FD, 0x930D0D95 /* 55 */}, + { 0x4E9A2B00, 0x35638D75 /* 56 */}, { 0x40469DD5, 0x4085FCCF /* 57 */}, + { 0x8BE23A4C, 0xC4B17AD2 /* 58 */}, { 0x6A3E6A2E, 0xCAB2F0FC /* 59 */}, + { 0x6B943FCD, 0x2860971A /* 60 */}, { 0x12E30446, 0x3DDE6EE2 /* 61 */}, + { 0xE01765AE, 0x6222F32A /* 62 */}, { 0x478308FE, 0x5D550BB5 /* 63 */}, + { 0xA0EDA22A, 0xA9EFA98D /* 64 */}, { 0x86C40DA7, 0xC351A716 /* 65 */}, + { 0x9C867C84, 0x1105586D /* 66 */}, { 0xFDA22853, 0xDCFFEE85 /* 67 */}, + { 0x2C5EEF76, 0xCCFBD026 /* 68 */}, { 0x8990D201, 0xBAF294CB /* 69 */}, + { 0x2AFAD975, 0xE69464F5 /* 70 */}, { 0xDF133E14, 0x94B013AF /* 71 */}, + { 0x2823C958, 0x06A7D1A3 /* 72 */}, { 0x30F61119, 0x6F95FE51 /* 73 */}, + { 0x462C06C0, 0xD92AB34E /* 74 */}, { 0x887C71D2, 0xED7BDE33 /* 75 */}, + { 0x6518393E, 0x79746D6E /* 76 */}, { 0x5D713329, 0x5BA41938 /* 77 */}, + { 0x48A97564, 0x7C1BA6B9 /* 78 */}, { 0x7BFDAC67, 0x31987C19 /* 79 */}, + { 0x4B053D02, 0xDE6C23C4 /* 80 */}, { 0xD002D64D, 0x581C49FE /* 81 */}, + { 0x38261571, 0xDD474D63 /* 82 */}, { 0xE473D062, 0xAA4546C3 /* 83 */}, + { 0x9455F860, 0x928FCE34 /* 84 */}, { 0xCAAB94D9, 0x48161BBA /* 85 */}, + { 0x770E6F68, 0x63912430 /* 86 */}, { 0x02C6641C, 0x6EC8A5E6 /* 87 */}, + { 0x337DDD2B, 0x87282515 /* 88 */}, { 0x034B701B, 0x2CDA6B42 /* 89 */}, + { 0x81CB096D, 0xB03D37C1 /* 90 */}, { 0x66C71C6F, 0xE1084382 /* 91 */}, + { 0xEB51B255, 0x2B3180C7 /* 92 */}, { 0x96C08BBC, 0xDF92B82F /* 93 */}, + { 0xA632F3BA, 0x5C68C8C0 /* 94 */}, { 0x1C3D0556, 0x5504CC86 /* 95 */}, + { 0x5FB26B8F, 0xABBFA4E5 /* 96 */}, { 0xB3BACEB4, 0x41848B0A /* 97 */}, + { 0xAA445D32, 0xB334A273 /* 98 */}, { 0xA85AD881, 0xBCA696F0 /* 99 */}, + { 0xB528D56C, 0x24F6EC65 /* 100 */}, { 0x90F4524A, 0x0CE1512E /* 101 */}, + { 0x5506D35A, 0x4E9DD79D /* 102 */}, { 0xC6CE9779, 0x258905FA /* 103 */}, + { 0x3E109B33, 0x2019295B /* 104 */}, { 0x73A054CC, 0xF8A9478B /* 105 */}, + { 0x34417EB0, 0x2924F2F9 /* 106 */}, { 0x536D1BC4, 0x3993357D /* 107 */}, + { 0x1DB6FF8B, 0x38A81AC2 /* 108 */}, { 0x7D6016BF, 0x47C4FBF1 /* 109 */}, + { 0x7667E3F5, 0x1E0FAADD /* 110 */}, { 0x938BEB96, 0x7ABCFF62 /* 111 */}, + { 0x8FC179C9, 0xA78DAD94 /* 112 */}, { 0x2911E50D, 0x8F1F98B7 /* 113 */}, + { 0x27121A91, 0x61E48EAE /* 114 */}, { 0x31859808, 0x4D62F7AD /* 115 */}, + { 0xEF5CEAEB, 0xECEBA345 /* 116 */}, { 0xBC9684CE, 0xF5CEB25E /* 117 */}, + { 0xB7F76221, 0xF633E20C /* 118 */}, { 0xAB8293E4, 0xA32CDF06 /* 119 */}, + { 0xA5EE2CA4, 0x985A202C /* 120 */}, { 0xCC8A8FB1, 0xCF0B8447 /* 121 */}, + { 0x979859A3, 0x9F765244 /* 122 */}, { 0xA1240017, 0xA8D516B1 /* 123 */}, + { 0xBB5DC726, 0x0BD7BA3E /* 124 */}, { 0xB86ADB39, 0xE54BCA55 /* 125 */}, + { 0x6C478063, 0x1D7A3AFD /* 126 */}, { 0xE7669EDD, 0x519EC608 /* 127 */}, + { 0xD149AA23, 0x0E5715A2 /* 128 */}, { 0x848FF194, 0x177D4571 /* 129 */}, + { 0x41014C22, 0xEEB55F32 /* 130 */}, { 0x3A6E2EC2, 0x0F5E5CA1 /* 131 */}, + { 0x75F5C361, 0x8029927B /* 132 */}, { 0xC3D6E436, 0xAD139FAB /* 133 */}, + { 0x4CCF402F, 0x0D5DF1A9 /* 134 */}, { 0xBEA5DFC8, 0x3E8BD948 /* 135 */}, + { 0xBD3FF77E, 0xA5A0D357 /* 136 */}, { 0x1F74F645, 0xA2D12E25 /* 137 */}, + { 0x5E81A082, 0x66FD9E52 /* 138 */}, { 0x7F687A49, 0x2E0C90CE /* 139 */}, + { 0xBA973BC5, 0xC2E8BCBE /* 140 */}, { 0xE509745F, 0x000001BC /* 141 */}, + { 0xE6DAB3D6, 0x423777BB /* 142 */}, { 0xAEF06EB5, 0xD1661C7E /* 143 */}, + { 0x4DAACFD8, 0xA1781F35 /* 144 */}, { 0x2B16AFFC, 0x2D11284A /* 145 */}, + { 0xFA891D1F, 0xF1FC4F67 /* 146 */}, { 0xCB920ADA, 0x73ECC25D /* 147 */}, + { 0xC2A12651, 0xAE610C22 /* 148 */}, { 0xD356B78A, 0x96E0A810 /* 149 */}, + { 0x2FE7870F, 0x5A9A381F /* 150 */}, { 0xE94E5530, 0xD5AD62ED /* 151 */}, + { 0x368D1427, 0xD225E5E8 /* 152 */}, { 0xC7AF4631, 0x65977B70 /* 153 */}, + { 0xDE39D74F, 0x99F889B2 /* 154 */}, { 0x54E1D143, 0x233F30BF /* 155 */}, + { 0xD9A63C97, 0x9A9675D3 /* 156 */}, { 0xF334F9A8, 0x5470554F /* 157 */}, + { 0x4A4F5688, 0x166ACB74 /* 158 */}, { 0xB2E4AEAD, 0x70C74CAA /* 159 */}, + { 0x6F294D12, 0xF0D09164 /* 160 */}, { 0x684031D1, 0x57B82A89 /* 161 */}, + { 0x61BE0B6B, 0xEFD95A5A /* 162 */}, { 0x69F2F29A, 0x2FBD12E9 /* 163 */}, + { 0xFEFF9FE8, 0x9BD37013 /* 164 */}, { 0xD6085A06, 0x3F9B0404 /* 165 */}, + { 0x166CFE15, 0x4940C1F3 /* 166 */}, { 0xCDF3DEFB, 0x09542C4D /* 167 */}, + { 0x85CD5CE3, 0xB4C52183 /* 168 */}, { 0x4462A641, 0xC935B7DC /* 169 */}, + { 0x8ED3B63F, 0x3417F8A6 /* 170 */}, { 0x5B215B40, 0xB8095929 /* 171 */}, + { 0x3B8C8572, 0xF99CDAEF /* 172 */}, { 0xF8FCB95D, 0x018C0614 /* 173 */}, + { 0x1A3ACDF3, 0x1B14ACCD /* 174 */}, { 0x00BB732D, 0x84D471F2 /* 175 */}, + { 0x95E8DA16, 0xC1A3110E /* 176 */}, { 0xBF1A82B8, 0x430A7220 /* 177 */}, + { 0x39DF210E, 0xB77E090D /* 178 */}, { 0x3CD05E9D, 0x5EF4BD9F /* 179 */}, + { 0x7E57A444, 0x9D4FF6DA /* 180 */}, { 0x83D4A5F8, 0xDA1D60E1 /* 181 */}, + { 0x17998E47, 0xB287C384 /* 182 */}, { 0x1BB31886, 0xFE3EDC12 /* 183 */}, + { 0x980CCBEF, 0xC7FE3CCC /* 184 */}, { 0x189BFD03, 0xE46FB590 /* 185 */}, + { 0x9A4C57DC, 0x3732FD46 /* 186 */}, { 0x7CF1AD65, 0x7EF700A0 /* 187 */}, + { 0xA31D8859, 0x59C64468 /* 188 */}, { 0xD45B61F6, 0x762FB0B4 /* 189 */}, + { 0x99047718, 0x155BAED0 /* 190 */}, { 0x3D50BAA6, 0x68755E4C /* 191 */}, + { 0x22D8B4DF, 0xE9214E7F /* 192 */}, { 0x2EAC95F4, 0x2ADDBF53 /* 193 */}, + { 0xB4BD0109, 0x32AE3909 /* 194 */}, { 0xB08E3450, 0x834DF537 /* 195 */}, + { 0x4220728D, 0xFA209DA8 /* 196 */}, { 0x9EFE23F7, 0x9E691D9B /* 197 */}, + { 0xC4AE8D7F, 0x0446D288 /* 198 */}, { 0xE169785B, 0x7B4CC524 /* 199 */}, + { 0x35CA1385, 0x21D87F01 /* 200 */}, { 0x137B8AA5, 0xCEBB400F /* 201 */}, + { 0x580796BE, 0x272E2B66 /* 202 */}, { 0x25C2B0DE, 0x36122641 /* 203 */}, + { 0xAD1EFBB2, 0x057702BD /* 204 */}, { 0xACF84BE9, 0xD4BABB8E /* 205 */}, + { 0x641BC67B, 0x91583139 /* 206 */}, { 0x8036E024, 0x8BDC2DE0 /* 207 */}, + { 0xF49F68ED, 0x603C8156 /* 208 */}, { 0xDBEF5111, 0xF7D236F7 /* 209 */}, + { 0x8AD21E80, 0x9727C459 /* 210 */}, { 0x670A5FD7, 0xA08A0896 /* 211 */}, + { 0x09EBA9CB, 0xCB4A8F43 /* 212 */}, { 0x0F7036A1, 0x81AF564B /* 213 */}, + { 0x78199ABD, 0xC0B99AA7 /* 214 */}, { 0x3FC8E952, 0x959F1EC8 /* 215 */}, + { 0x794A81B9, 0x8C505077 /* 216 */}, { 0x056338F0, 0x3ACAAF8F /* 217 */}, + { 0x627A6778, 0x07B43F50 /* 218 */}, { 0xF5ECCC77, 0x4A44AB49 /* 219 */}, + { 0xB679EE98, 0x3BC3D6E4 /* 220 */}, { 0xCF14108C, 0x9CC0D4D1 /* 221 */}, + { 0x206BC8A0, 0x4406C00B /* 222 */}, { 0xC8D72D89, 0x82A18854 /* 223 */}, + { 0x5C3C432C, 0x67E366B3 /* 224 */}, { 0x102B37F2, 0xB923DD61 /* 225 */}, + { 0xD884271D, 0x56AB2779 /* 226 */}, { 0xFF1525AF, 0xBE83E1B0 /* 227 */}, + { 0x217E49A9, 0xFB7C65D4 /* 228 */}, { 0x6D48E7D4, 0x6BDBE0E7 /* 229 */}, + { 0x45D9179E, 0x08DF8287 /* 230 */}, { 0xDD53BD34, 0x22EA6A9A /* 231 */}, + { 0x5622200A, 0xE36E141C /* 232 */}, { 0x8CB750EE, 0x7F805D1B /* 233 */}, + { 0x9F58E837, 0xAFE5C7A5 /* 234 */}, { 0x4FB1C23C, 0xE27F996A /* 235 */}, + { 0x0775F0D0, 0xD3867DFB /* 236 */}, { 0x6E88891A, 0xD0E673DE /* 237 */}, + { 0xAFB86C25, 0x123AEB9E /* 238 */}, { 0xC145B895, 0x30F1D5D5 /* 239 */}, + { 0xEE7269E7, 0xBB434A2D /* 240 */}, { 0xF931FA38, 0x78CB67EC /* 241 */}, + { 0x323BBF9C, 0xF33B0372 /* 242 */}, { 0xFB279C74, 0x52D66336 /* 243 */}, + { 0x0AFB4EAA, 0x505F33AC /* 244 */}, { 0xA2CCE187, 0xE8A5CD99 /* 245 */}, + { 0x1E2D30BB, 0x53497480 /* 246 */}, { 0xD5876D90, 0x8D2D5711 /* 247 */}, + { 0x91BC038E, 0x1F1A4128 /* 248 */}, { 0x82E56648, 0xD6E2E71D /* 249 */}, + { 0x497732B7, 0x74036C3A /* 250 */}, { 0x6361F5AB, 0x89B67ED9 /* 251 */}, + { 0xF1EA02A2, 0xFFED95D8 /* 252 */}, { 0x1464D43D, 0xE72B3BD6 /* 253 */}, + { 0x0BDC4820, 0xA6300F17 /* 254 */}, { 0xED78A77A, 0xEBC18760 /* 255 */}, + { 0x05A12138, 0xE6A6BE5A /* 256 */}, { 0xB4F87C98, 0xB5A122A5 /* 257 */}, + { 0x140B6990, 0x563C6089 /* 258 */}, { 0x391F5DD5, 0x4C46CB2E /* 259 */}, + { 0xC9B79434, 0xD932ADDB /* 260 */}, { 0x2015AFF5, 0x08EA70E4 /* 261 */}, + { 0x3E478CF1, 0xD765A667 /* 262 */}, { 0xAB278D99, 0xC4FB757E /* 263 */}, + { 0x2D6E0692, 0xDF11C686 /* 264 */}, { 0x0D7F3B16, 0xDDEB84F1 /* 265 */}, + { 0xA665EA04, 0x6F2EF604 /* 266 */}, { 0xF0E0DFB3, 0x4A8E0F0F /* 267 */}, + { 0x3DBCBA51, 0xA5EDEEF8 /* 268 */}, { 0x0EA4371E, 0xFC4F0A2A /* 269 */}, + { 0x5CB38429, 0xE83E1DA8 /* 270 */}, { 0xBA1B1CE2, 0xDC8FF882 /* 271 */}, + { 0x8353E80D, 0xCD45505E /* 272 */}, { 0xD4DB0717, 0x18D19A00 /* 273 */}, + { 0xA5F38101, 0x34A0CFED /* 274 */}, { 0x8887CAF2, 0x0BE77E51 /* 275 */}, + { 0xB3C45136, 0x1E341438 /* 276 */}, { 0x9089CCF9, 0xE05797F4 /* 277 */}, + { 0xF2591D14, 0xFFD23F9D /* 278 */}, { 0x8595C5CD, 0x543DDA22 /* 279 */}, + { 0x99052A33, 0x661F81FD /* 280 */}, { 0xDB0F7B76, 0x8736E641 /* 281 */}, + { 0x418E5307, 0x15227725 /* 282 */}, { 0x162EB2FA, 0xE25F7F46 /* 283 */}, + { 0x6C13D9FE, 0x48A8B212 /* 284 */}, { 0x92E76EEA, 0xAFDC5417 /* 285 */}, + { 0xC6D1898F, 0x03D912BF /* 286 */}, { 0x1B83F51B, 0x31B1AAFA /* 287 */}, + { 0xE42AB7D9, 0xF1AC2796 /* 288 */}, { 0xFCD2EBAC, 0x40A3A7D7 /* 289 */}, + { 0x0AFBBCC5, 0x1056136D /* 290 */}, { 0x9A6D0C85, 0x7889E1DD /* 291 */}, + { 0x2A7974AA, 0xD3352578 /* 292 */}, { 0x078AC09B, 0xA7E25D09 /* 293 */}, + { 0xEAC6EDD0, 0xBD4138B3 /* 294 */}, { 0x71EB9E70, 0x920ABFBE /* 295 */}, + { 0x4FC2625C, 0xA2A5D0F5 /* 296 */}, { 0x0B1290A3, 0xC054E36B /* 297 */}, + { 0x62FE932B, 0xF6DD59FF /* 298 */}, { 0x11A8AC7D, 0x35373545 /* 299 */}, + { 0x72FADCD4, 0xCA845E91 /* 300 */}, { 0x329D20DC, 0x84F82B60 /* 301 */}, + { 0xCD672F18, 0x79C62CE1 /* 302 */}, { 0xD124642C, 0x8B09A2AD /* 303 */}, + { 0x19D9E726, 0xD0C1E96A /* 304 */}, { 0x4BA9500C, 0x5A786A9B /* 305 */}, + { 0x634C43F3, 0x0E020336 /* 306 */}, { 0xEB66D822, 0xC17B474A /* 307 */}, + { 0xEC9BAAC2, 0x6A731AE3 /* 308 */}, { 0xE0840258, 0x8226667A /* 309 */}, + { 0x91CAECA5, 0x67D45676 /* 310 */}, { 0x4875ADB5, 0x1D94155C /* 311 */}, + { 0x5B813FDF, 0x6D00FD98 /* 312 */}, { 0xB774CD06, 0x51286EFC /* 313 */}, + { 0x1FA744AF, 0x5E883447 /* 314 */}, { 0xE761AE2E, 0xF72CA0AE /* 315 */}, + { 0xAEE8E09A, 0xBE40E4CD /* 316 */}, { 0x5118F665, 0xE9970BBB /* 317 */}, + { 0x33DF1964, 0x726E4BEB /* 318 */}, { 0x29199762, 0x703B0007 /* 319 */}, + { 0xF5EF30A7, 0x4631D816 /* 320 */}, { 0x1504A6BE, 0xB880B5B5 /* 321 */}, + { 0x7ED84B6C, 0x641793C3 /* 322 */}, { 0xF6E97D96, 0x7B21ED77 /* 323 */}, + { 0x2EF96B73, 0x77630631 /* 324 */}, { 0xE86FF3F4, 0xAE528948 /* 325 */}, + { 0x86A3F8F8, 0x53DBD7F2 /* 326 */}, { 0x4CFC1063, 0x16CADCE7 /* 327 */}, + { 0xFA52C6DD, 0x005C19BD /* 328 */}, { 0x64D46AD3, 0x68868F5D /* 329 */}, + { 0xCF1E186A, 0x3A9D512C /* 330 */}, { 0x385660AE, 0x367E62C2 /* 331 */}, + { 0x77DCB1D7, 0xE359E7EA /* 332 */}, { 0x749ABE6E, 0x526C0773 /* 333 */}, + { 0xD09F734B, 0x735AE5F9 /* 334 */}, { 0x8A558BA8, 0x493FC7CC /* 335 */}, + { 0x3041AB45, 0xB0B9C153 /* 336 */}, { 0x470A59BD, 0x321958BA /* 337 */}, + { 0x5F46C393, 0x852DB00B /* 338 */}, { 0xD336B0E5, 0x91209B2B /* 339 */}, + { 0x659EF19F, 0x6E604F7D /* 340 */}, { 0x782CCB24, 0xB99A8AE2 /* 341 */}, + { 0xC814C4C7, 0xCCF52AB6 /* 342 */}, { 0xBE11727B, 0x4727D9AF /* 343 */}, + { 0x0121B34D, 0x7E950D0C /* 344 */}, { 0x70AD471F, 0x756F4356 /* 345 */}, + { 0x615A6849, 0xF5ADD442 /* 346 */}, { 0x80B9957A, 0x4E87E099 /* 347 */}, + { 0x50AEE355, 0x2ACFA1DF /* 348 */}, { 0xFD2FD556, 0xD898263A /* 349 */}, + { 0xD80C8FD6, 0xC8F4924D /* 350 */}, { 0x754A173A, 0xCF99CA3D /* 351 */}, + { 0xAF91BF3C, 0xFE477BAC /* 352 */}, { 0xD690C12D, 0xED5371F6 /* 353 */}, + { 0x5E687094, 0x831A5C28 /* 354 */}, { 0x3708A0A4, 0xC5D3C90A /* 355 */}, + { 0x17D06580, 0x0F7F9037 /* 356 */}, { 0xB8FDF27F, 0x19F9BB13 /* 357 */}, + { 0x4D502843, 0xB1BD6F1B /* 358 */}, { 0x8FFF4012, 0x1C761BA3 /* 359 */}, + { 0xE2E21F3B, 0x0D1530C4 /* 360 */}, { 0xA7372C8A, 0x8943CE69 /* 361 */}, + { 0xFEB5CE66, 0xE5184E11 /* 362 */}, { 0xBD736621, 0x618BDB80 /* 363 */}, + { 0x8B574D0B, 0x7D29BAD6 /* 364 */}, { 0x25E6FE5B, 0x81BB613E /* 365 */}, + { 0xBC07913F, 0x071C9C10 /* 366 */}, { 0x09AC2D97, 0xC7BEEB79 /* 367 */}, + { 0x3BC5D757, 0xC3E58D35 /* 368 */}, { 0xF38F61E8, 0xEB017892 /* 369 */}, + { 0x9B1CC21A, 0xD4EFFB9C /* 370 */}, { 0xF494F7AB, 0x99727D26 /* 371 */}, + { 0x956B3E03, 0xA3E063A2 /* 372 */}, { 0x4AA09C30, 0x9D4A8B9A /* 373 */}, + { 0x00090FB4, 0x3F6AB7D5 /* 374 */}, { 0x57268AC0, 0x9CC0F2A0 /* 375 */}, + { 0xEDBF42D1, 0x3DEE9D2D /* 376 */}, { 0x7960A972, 0x330F49C8 /* 377 */}, + { 0x87421B41, 0xC6B27202 /* 378 */}, { 0x7C00369C, 0x0AC59EC0 /* 379 */}, + { 0xCB353425, 0xEF4EAC49 /* 380 */}, { 0xEF0129D8, 0xF450244E /* 381 */}, + { 0xCAF4DEB6, 0x8ACC46E5 /* 382 */}, { 0x989263F7, 0x2FFEAB63 /* 383 */}, + { 0x5D7A4578, 0x8F7CB9FE /* 384 */}, { 0x4E634635, 0x5BD8F764 /* 385 */}, + { 0xBF2DC900, 0x427A7315 /* 386 */}, { 0x2125261C, 0x17D0C4AA /* 387 */}, + { 0x93518E50, 0x3992486C /* 388 */}, { 0xA2D7D4C3, 0xB4CBFEE0 /* 389 */}, + { 0x2C5DDD8D, 0x7C75D620 /* 390 */}, { 0xE35B6C61, 0xDBC295D8 /* 391 */}, + { 0x02032B19, 0x60B369D3 /* 392 */}, { 0xDCE44132, 0xCE42685F /* 393 */}, + { 0xDDF65610, 0x06F3DDB9 /* 394 */}, { 0xB5E148F0, 0x8EA4D21D /* 395 */}, + { 0x2FCD496F, 0x20B0FCE6 /* 396 */}, { 0x58B0EE31, 0x2C1B9123 /* 397 */}, + { 0x18F5A308, 0xB28317B8 /* 398 */}, { 0x9CA6D2CF, 0xA89C1E18 /* 399 */}, + { 0x6AAADBC8, 0x0C6B1857 /* 400 */}, { 0x1299FAE3, 0xB65DEAA9 /* 401 */}, + { 0x7F1027E7, 0xFB2B794B /* 402 */}, { 0x443B5BEB, 0x04E4317F /* 403 */}, + { 0x5939D0A6, 0x4B852D32 /* 404 */}, { 0xFB207FFC, 0xD5AE6BEE /* 405 */}, + { 0x81C7D374, 0x309682B2 /* 406 */}, { 0x94C3B475, 0xBAE309A1 /* 407 */}, + { 0x13B49F05, 0x8CC3F97B /* 408 */}, { 0xF8293967, 0x98A9422F /* 409 */}, + { 0x1076FF7C, 0x244B16B0 /* 410 */}, { 0x663D67EE, 0xF8BF571C /* 411 */}, + { 0xEEE30DA1, 0x1F0D6758 /* 412 */}, { 0x7ADEB9B7, 0xC9B611D9 /* 413 */}, + { 0x7B6C57A2, 0xB7AFD588 /* 414 */}, { 0x6B984FE1, 0x6290AE84 /* 415 */}, + { 0xACC1A5FD, 0x94DF4CDE /* 416 */}, { 0xC5483AFF, 0x058A5BD1 /* 417 */}, + { 0x42BA3C37, 0x63166CC1 /* 418 */}, { 0xB2F76F40, 0x8DB8526E /* 419 */}, + { 0x6F0D6D4E, 0xE1088003 /* 420 */}, { 0x971D311D, 0x9E0523C9 /* 421 */}, + { 0xCC7CD691, 0x45EC2824 /* 422 */}, { 0xE62382C9, 0x575B8359 /* 423 */}, + { 0xC4889995, 0xFA9E400D /* 424 */}, { 0x45721568, 0xD1823ECB /* 425 */}, + { 0x8206082F, 0xDAFD983B /* 426 */}, { 0x2386A8CB, 0xAA7D2908 /* 427 */}, + { 0x03B87588, 0x269FCD44 /* 428 */}, { 0x28BDD1E0, 0x1B91F5F7 /* 429 */}, + { 0x040201F6, 0xE4669F39 /* 430 */}, { 0x8CF04ADE, 0x7A1D7C21 /* 431 */}, + { 0xD79CE5CE, 0x65623C29 /* 432 */}, { 0x96C00BB1, 0x23684490 /* 433 */}, + { 0x9DA503BA, 0xAB9BF187 /* 434 */}, { 0xA458058E, 0xBC23ECB1 /* 435 */}, + { 0xBB401ECC, 0x9A58DF01 /* 436 */}, { 0xA85F143D, 0xA070E868 /* 437 */}, + { 0x7DF2239E, 0x4FF18830 /* 438 */}, { 0x1A641183, 0x14D565B4 /* 439 */}, + { 0x52701602, 0xEE133374 /* 440 */}, { 0x3F285E09, 0x950E3DCF /* 441 */}, + { 0xB9C80953, 0x59930254 /* 442 */}, { 0x8930DA6D, 0x3BF29940 /* 443 */}, + { 0x53691387, 0xA955943F /* 444 */}, { 0xA9CB8784, 0xA15EDECA /* 445 */}, + { 0x352BE9A0, 0x29142127 /* 446 */}, { 0xFF4E7AFB, 0x76F0371F /* 447 */}, + { 0x274F2228, 0x0239F450 /* 448 */}, { 0x1D5E868B, 0xBB073AF0 /* 449 */}, + { 0xC10E96C1, 0xBFC80571 /* 450 */}, { 0x68222E23, 0xD2670885 /* 451 */}, + { 0x8E80B5B0, 0x9671A3D4 /* 452 */}, { 0xE193BB81, 0x55B5D38A /* 453 */}, + { 0xA18B04B8, 0x693AE2D0 /* 454 */}, { 0xADD5335F, 0x5C48B4EC /* 455 */}, + { 0x4916A1CA, 0xFD743B19 /* 456 */}, { 0x34BE98C4, 0x25770181 /* 457 */}, + { 0x3C54A4AD, 0xE77987E8 /* 458 */}, { 0xDA33E1B9, 0x28E11014 /* 459 */}, + { 0x226AA213, 0x270CC59E /* 460 */}, { 0x6D1A5F60, 0x71495F75 /* 461 */}, + { 0x60AFEF77, 0x9BE853FB /* 462 */}, { 0xF7443DBF, 0xADC786A7 /* 463 */}, + { 0x73B29A82, 0x09044561 /* 464 */}, { 0xC232BD5E, 0x58BC7A66 /* 465 */}, + { 0x673AC8B2, 0xF306558C /* 466 */}, { 0xB6C9772A, 0x41F639C6 /* 467 */}, + { 0x9FDA35DA, 0x216DEFE9 /* 468 */}, { 0x1C7BE615, 0x11640CC7 /* 469 */}, + { 0x565C5527, 0x93C43694 /* 470 */}, { 0x46777839, 0xEA038E62 /* 471 */}, + { 0x5A3E2469, 0xF9ABF3CE /* 472 */}, { 0x0FD312D2, 0x741E768D /* 473 */}, + { 0xCED652C6, 0x0144B883 /* 474 */}, { 0xA33F8552, 0xC20B5A5B /* 475 */}, + { 0xC3435A9D, 0x1AE69633 /* 476 */}, { 0x088CFDEC, 0x97A28CA4 /* 477 */}, + { 0x1E96F420, 0x8824A43C /* 478 */}, { 0x6EEEA746, 0x37612FA6 /* 479 */}, + { 0xF9CF0E5A, 0x6B4CB165 /* 480 */}, { 0xA0ABFB4A, 0x43AA1C06 /* 481 */}, + { 0xF162796B, 0x7F4DC26F /* 482 */}, { 0x54ED9B0F, 0x6CBACC8E /* 483 */}, + { 0xD2BB253E, 0xA6B7FFEF /* 484 */}, { 0xB0A29D4F, 0x2E25BC95 /* 485 */}, + { 0xDEF1388C, 0x86D6A58B /* 486 */}, { 0x76B6F054, 0xDED74AC5 /* 487 */}, + { 0x2B45805D, 0x8030BDBC /* 488 */}, { 0xE94D9289, 0x3C81AF70 /* 489 */}, + { 0x9E3100DB, 0x3EFF6DDA /* 490 */}, { 0xDFCC8847, 0xB38DC39F /* 491 */}, + { 0x8D17B87E, 0x12388552 /* 492 */}, { 0x40B1B642, 0xF2DA0ED2 /* 493 */}, + { 0xD54BF9A9, 0x44CEFADC /* 494 */}, { 0x433C7EE6, 0x1312200E /* 495 */}, + { 0x3A78C748, 0x9FFCC84F /* 496 */}, { 0x248576BB, 0xF0CD1F72 /* 497 */}, + { 0x3638CFE4, 0xEC697405 /* 498 */}, { 0x0CEC4E4C, 0x2BA7B67C /* 499 */}, + { 0xE5CE32ED, 0xAC2F4DF3 /* 500 */}, { 0x26EA4C11, 0xCB33D143 /* 501 */}, + { 0xC77E58BC, 0xA4E9044C /* 502 */}, { 0xD934FCEF, 0x5F513293 /* 503 */}, + { 0x06E55444, 0x5DC96455 /* 504 */}, { 0x317DE40A, 0x50DE418F /* 505 */}, + { 0x69DDE259, 0x388CB31A /* 506 */}, { 0x55820A86, 0x2DB4A834 /* 507 */}, + { 0x84711AE9, 0x9010A91E /* 508 */}, { 0xB1498371, 0x4DF7F0B7 /* 509 */}, + { 0xC0977179, 0xD62A2EAB /* 510 */}, { 0xAA8D5C0E, 0x22FAC097 /* 511 */}, + { 0xF1DAF39B, 0xF49FCC2F /* 512 */}, { 0x6FF29281, 0x487FD5C6 /* 513 */}, + { 0xFCDCA83F, 0xE8A30667 /* 514 */}, { 0xD2FCCE63, 0x2C9B4BE3 /* 515 */}, + { 0x93FBBBC2, 0xDA3FF74B /* 516 */}, { 0xFE70BA66, 0x2FA165D2 /* 517 */}, + { 0x970E93D4, 0xA103E279 /* 518 */}, { 0xB0E45E71, 0xBECDEC77 /* 519 */}, + { 0x3985E497, 0xCFB41E72 /* 520 */}, { 0x5EF75017, 0xB70AAA02 /* 521 */}, + { 0x3840B8E0, 0xD42309F0 /* 522 */}, { 0x35898579, 0x8EFC1AD0 /* 523 */}, + { 0xE2B2ABC5, 0x96C6920B /* 524 */}, { 0x375A9172, 0x66AF4163 /* 525 */}, + { 0xCA7127FB, 0x2174ABDC /* 526 */}, { 0x4A72FF41, 0xB33CCEA6 /* 527 */}, + { 0x083066A5, 0xF04A4933 /* 528 */}, { 0xD7289AF5, 0x8D970ACD /* 529 */}, + { 0x31C8C25E, 0x8F96E8E0 /* 530 */}, { 0x76875D47, 0xF3FEC022 /* 531 */}, + { 0x056190DD, 0xEC7BF310 /* 532 */}, { 0xBB0F1491, 0xF5ADB0AE /* 533 */}, + { 0x0FD58892, 0x9B50F885 /* 534 */}, { 0x58B74DE8, 0x49754883 /* 535 */}, + { 0x91531C61, 0xA3354FF6 /* 536 */}, { 0x81D2C6EE, 0x0702BBE4 /* 537 */}, + { 0x7DEDED98, 0x89FB2405 /* 538 */}, { 0x8596E902, 0xAC307513 /* 539 */}, + { 0x172772ED, 0x1D2D3580 /* 540 */}, { 0x8E6BC30D, 0xEB738FC2 /* 541 */}, + { 0x63044326, 0x5854EF8F /* 542 */}, { 0x5ADD3BBE, 0x9E5C5232 /* 543 */}, + { 0x325C4623, 0x90AA53CF /* 544 */}, { 0x349DD067, 0xC1D24D51 /* 545 */}, + { 0xA69EA624, 0x2051CFEE /* 546 */}, { 0x862E7E4F, 0x13220F0A /* 547 */}, + { 0x04E04864, 0xCE393994 /* 548 */}, { 0x7086FCB7, 0xD9C42CA4 /* 549 */}, + { 0x8A03E7CC, 0x685AD223 /* 550 */}, { 0xAB2FF1DB, 0x066484B2 /* 551 */}, + { 0xEFBF79EC, 0xFE9D5D70 /* 552 */}, { 0x9C481854, 0x5B13B9DD /* 553 */}, + { 0xED1509AD, 0x15F0D475 /* 554 */}, { 0x0EC79851, 0x0BEBCD06 /* 555 */}, + { 0x183AB7F8, 0xD58C6791 /* 556 */}, { 0x52F3EEE4, 0xD1187C50 /* 557 */}, + { 0xE54E82FF, 0xC95D1192 /* 558 */}, { 0xB9AC6CA2, 0x86EEA14C /* 559 */}, + { 0x53677D5D, 0x3485BEB1 /* 560 */}, { 0x1F8C492A, 0xDD191D78 /* 561 */}, + { 0xA784EBF9, 0xF60866BA /* 562 */}, { 0xA2D08C74, 0x518F643B /* 563 */}, + { 0xE1087C22, 0x8852E956 /* 564 */}, { 0xC410AE8D, 0xA768CB8D /* 565 */}, + { 0xBFEC8E1A, 0x38047726 /* 566 */}, { 0xCD3B45AA, 0xA67738B4 /* 567 */}, + { 0xEC0DDE19, 0xAD16691C /* 568 */}, { 0x80462E07, 0xC6D43193 /* 569 */}, + { 0x0BA61938, 0xC5A5876D /* 570 */}, { 0xA58FD840, 0x16B9FA1F /* 571 */}, + { 0x3CA74F18, 0x188AB117 /* 572 */}, { 0xC99C021F, 0xABDA2F98 /* 573 */}, + { 0x134AE816, 0x3E0580AB /* 574 */}, { 0x73645ABB, 0x5F3B05B7 /* 575 */}, + { 0x5575F2F6, 0x2501A2BE /* 576 */}, { 0x4E7E8BA9, 0x1B2F7400 /* 577 */}, + { 0x71E8D953, 0x1CD75803 /* 578 */}, { 0x62764E30, 0x7F6ED895 /* 579 */}, + { 0x596F003D, 0xB15926FF /* 580 */}, { 0xA8C5D6B9, 0x9F65293D /* 581 */}, + { 0xD690F84C, 0x6ECEF04D /* 582 */}, { 0xFF33AF88, 0x4782275F /* 583 */}, + { 0x3F820801, 0xE4143308 /* 584 */}, { 0x9A1AF9B5, 0xFD0DFE40 /* 585 */}, + { 0x2CDB396B, 0x4325A334 /* 586 */}, { 0xB301B252, 0x8AE77E62 /* 587 */}, + { 0x6655615A, 0xC36F9E9F /* 588 */}, { 0x92D32C09, 0x85455A2D /* 589 */}, + { 0x49477485, 0xF2C7DEA9 /* 590 */}, { 0x33A39EBA, 0x63CFB4C1 /* 591 */}, + { 0x6EBC5462, 0x83B040CC /* 592 */}, { 0xFDB326B0, 0x3B9454C8 /* 593 */}, + { 0x87FFD78C, 0x56F56A9E /* 594 */}, { 0x99F42BC6, 0x2DC2940D /* 595 */}, + { 0x6B096E2D, 0x98F7DF09 /* 596 */}, { 0x3AD852BF, 0x19A6E01E /* 597 */}, + { 0xDBD4B40B, 0x42A99CCB /* 598 */}, { 0x45E9C559, 0xA59998AF /* 599 */}, + { 0x07D93186, 0x366295E8 /* 600 */}, { 0xFAA1F773, 0x6B48181B /* 601 */}, + { 0x157A0A1D, 0x1FEC57E2 /* 602 */}, { 0xF6201AD5, 0x4667446A /* 603 */}, + { 0xCFB0F075, 0xE615EBCA /* 604 */}, { 0x68290778, 0xB8F31F4F /* 605 */}, + { 0xCE22D11E, 0x22713ED6 /* 606 */}, { 0x2EC3C93B, 0x3057C1A7 /* 607 */}, + { 0x7C3F1F2F, 0xCB46ACC3 /* 608 */}, { 0x02AAF50E, 0xDBB893FD /* 609 */}, + { 0x600B9FCF, 0x331FD92E /* 610 */}, { 0x48EA3AD6, 0xA498F961 /* 611 */}, + { 0x8B6A83EA, 0xA8D8426E /* 612 */}, { 0xB7735CDC, 0xA089B274 /* 613 */}, + { 0x1E524A11, 0x87F6B373 /* 614 */}, { 0xCBC96749, 0x118808E5 /* 615 */}, + { 0xB19BD394, 0x9906E4C7 /* 616 */}, { 0x9B24A20C, 0xAFED7F7E /* 617 */}, + { 0xEB3644A7, 0x6509EADE /* 618 */}, { 0xE8EF0EDE, 0x6C1EF1D3 /* 619 */}, + { 0xE9798FB4, 0xB9C97D43 /* 620 */}, { 0x740C28A3, 0xA2F2D784 /* 621 */}, + { 0x6197566F, 0x7B849647 /* 622 */}, { 0xB65F069D, 0x7A5BE3E6 /* 623 */}, + { 0x78BE6F10, 0xF96330ED /* 624 */}, { 0x7A076A15, 0xEEE60DE7 /* 625 */}, + { 0xA08B9BD0, 0x2B4BEE4A /* 626 */}, { 0xC7B8894E, 0x6A56A63E /* 627 */}, + { 0xBA34FEF4, 0x02121359 /* 628 */}, { 0x283703FC, 0x4CBF99F8 /* 629 */}, + { 0x0CAF30C8, 0x39807135 /* 630 */}, { 0xF017687A, 0xD0A77A89 /* 631 */}, + { 0x9E423569, 0xF1C1A9EB /* 632 */}, { 0x2DEE8199, 0x8C797628 /* 633 */}, + { 0xDD1F7ABD, 0x5D1737A5 /* 634 */}, { 0x09A9FA80, 0x4F53433C /* 635 */}, + { 0xDF7CA1D9, 0xFA8B0C53 /* 636 */}, { 0x886CCB77, 0x3FD9DCBC /* 637 */}, + { 0xA91B4720, 0xC040917C /* 638 */}, { 0xF9D1DCDF, 0x7DD00142 /* 639 */}, + { 0x4F387B58, 0x8476FC1D /* 640 */}, { 0xF3316503, 0x23F8E7C5 /* 641 */}, + { 0xE7E37339, 0x032A2244 /* 642 */}, { 0x50F5A74B, 0x5C87A5D7 /* 643 */}, + { 0x3698992E, 0x082B4CC4 /* 644 */}, { 0xB858F63C, 0xDF917BEC /* 645 */}, + { 0x5BF86DDA, 0x3270B8FC /* 646 */}, { 0x29B5DD76, 0x10AE72BB /* 647 */}, + { 0x7700362B, 0x576AC94E /* 648 */}, { 0xC61EFB8F, 0x1AD112DA /* 649 */}, + { 0xC5FAA427, 0x691BC30E /* 650 */}, { 0xCC327143, 0xFF246311 /* 651 */}, + { 0x30E53206, 0x3142368E /* 652 */}, { 0xE02CA396, 0x71380E31 /* 653 */}, + { 0x0AAD76F1, 0x958D5C96 /* 654 */}, { 0xC16DA536, 0xF8D6F430 /* 655 */}, + { 0x1BE7E1D2, 0xC8FFD13F /* 656 */}, { 0x004DDBE1, 0x7578AE66 /* 657 */}, + { 0x067BE646, 0x05833F01 /* 658 */}, { 0x3BFE586D, 0xBB34B5AD /* 659 */}, + { 0xA12B97F0, 0x095F34C9 /* 660 */}, { 0x25D60CA8, 0x247AB645 /* 661 */}, + { 0x017477D1, 0xDCDBC6F3 /* 662 */}, { 0xDECAD24D, 0x4A2E14D4 /* 663 */}, + { 0xBE0A1EEB, 0xBDB5E6D9 /* 664 */}, { 0x794301AB, 0x2A7E70F7 /* 665 */}, + { 0x270540FD, 0xDEF42D8A /* 666 */}, { 0xA34C22C1, 0x01078EC0 /* 667 */}, + { 0xF4C16387, 0xE5DE511A /* 668 */}, { 0xBD9A330A, 0x7EBB3A52 /* 669 */}, + { 0xAA7D6435, 0x77697857 /* 670 */}, { 0x03AE4C32, 0x004E8316 /* 671 */}, + { 0xAD78E312, 0xE7A21020 /* 672 */}, { 0x6AB420F2, 0x9D41A70C /* 673 */}, + { 0xEA1141E6, 0x28E06C18 /* 674 */}, { 0x984F6B28, 0xD2B28CBD /* 675 */}, + { 0x446E9D83, 0x26B75F6C /* 676 */}, { 0x4D418D7F, 0xBA47568C /* 677 */}, + { 0xE6183D8E, 0xD80BADBF /* 678 */}, { 0x5F166044, 0x0E206D7F /* 679 */}, + { 0x11CBCA3E, 0xE258A439 /* 680 */}, { 0xB21DC0BC, 0x723A1746 /* 681 */}, + { 0xF5D7CDD3, 0xC7CAA854 /* 682 */}, { 0x3D261D9C, 0x7CAC3288 /* 683 */}, + { 0x23BA942C, 0x7690C264 /* 684 */}, { 0x478042B8, 0x17E55524 /* 685 */}, + { 0x56A2389F, 0xE0BE4776 /* 686 */}, { 0x67AB2DA0, 0x4D289B5E /* 687 */}, + { 0x8FBBFD31, 0x44862B9C /* 688 */}, { 0x9D141365, 0xB47CC804 /* 689 */}, + { 0x2B91C793, 0x822C1B36 /* 690 */}, { 0xFB13DFD8, 0x4EB14655 /* 691 */}, + { 0x14E2A97B, 0x1ECBBA07 /* 692 */}, { 0x5CDE5F14, 0x6143459D /* 693 */}, + { 0xD5F0AC89, 0x53A8FBF1 /* 694 */}, { 0x1C5E5B00, 0x97EA04D8 /* 695 */}, + { 0xD4FDB3F3, 0x622181A8 /* 696 */}, { 0x572A1208, 0xE9BCD341 /* 697 */}, + { 0x43CCE58A, 0x14112586 /* 698 */}, { 0xA4C6E0A4, 0x9144C5FE /* 699 */}, + { 0x65CF620F, 0x0D33D065 /* 700 */}, { 0x9F219CA1, 0x54A48D48 /* 701 */}, + { 0x6D63C821, 0xC43E5EAC /* 702 */}, { 0x72770DAF, 0xA9728B3A /* 703 */}, + { 0x20DF87EF, 0xD7934E7B /* 704 */}, { 0x1A3E86E5, 0xE35503B6 /* 705 */}, + { 0xC819D504, 0xCAE321FB /* 706 */}, { 0xAC60BFA6, 0x129A50B3 /* 707 */}, + { 0x7E9FB6C3, 0xCD5E68EA /* 708 */}, { 0x9483B1C7, 0xB01C9019 /* 709 */}, + { 0xC295376C, 0x3DE93CD5 /* 710 */}, { 0x2AB9AD13, 0xAED52EDF /* 711 */}, + { 0xC0A07884, 0x2E60F512 /* 712 */}, { 0xE36210C9, 0xBC3D86A3 /* 713 */}, + { 0x163951CE, 0x35269D9B /* 714 */}, { 0xD0CDB5FA, 0x0C7D6E2A /* 715 */}, + { 0xD87F5733, 0x59E86297 /* 716 */}, { 0x898DB0E7, 0x298EF221 /* 717 */}, + { 0xD1A5AA7E, 0x55000029 /* 718 */}, { 0xB5061B45, 0x8BC08AE1 /* 719 */}, + { 0x6C92703A, 0xC2C31C2B /* 720 */}, { 0xAF25EF42, 0x94CC596B /* 721 */}, + { 0x22540456, 0x0A1D73DB /* 722 */}, { 0xD9C4179A, 0x04B6A0F9 /* 723 */}, + { 0xAE3D3C60, 0xEFFDAFA2 /* 724 */}, { 0xB49496C4, 0xF7C8075B /* 725 */}, + { 0x1D1CD4E3, 0x9CC5C714 /* 726 */}, { 0x218E5534, 0x78BD1638 /* 727 */}, + { 0xF850246A, 0xB2F11568 /* 728 */}, { 0x9502BC29, 0xEDFABCFA /* 729 */}, + { 0xDA23051B, 0x796CE5F2 /* 730 */}, { 0xDC93537C, 0xAAE128B0 /* 731 */}, + { 0xEE4B29AE, 0x3A493DA0 /* 732 */}, { 0x416895D7, 0xB5DF6B2C /* 733 */}, + { 0x122D7F37, 0xFCABBD25 /* 734 */}, { 0x105DC4B1, 0x70810B58 /* 735 */}, + { 0xF7882A90, 0xE10FDD37 /* 736 */}, { 0x518A3F5C, 0x524DCAB5 /* 737 */}, + { 0x8451255B, 0x3C9E8587 /* 738 */}, { 0x19BD34E2, 0x40298281 /* 739 */}, + { 0x5D3CECCB, 0x74A05B6F /* 740 */}, { 0x42E13ECA, 0xB6100215 /* 741 */}, + { 0x2F59E2AC, 0x0FF979D1 /* 742 */}, { 0xE4F9CC50, 0x6037DA27 /* 743 */}, + { 0x0DF1847D, 0x5E92975A /* 744 */}, { 0xD3E623FE, 0xD66DE190 /* 745 */}, + { 0x7B568048, 0x5032D6B8 /* 746 */}, { 0x8235216E, 0x9A36B7CE /* 747 */}, + { 0x24F64B4A, 0x80272A7A /* 748 */}, { 0x8C6916F7, 0x93EFED8B /* 749 */}, + { 0x4CCE1555, 0x37DDBFF4 /* 750 */}, { 0x4B99BD25, 0x4B95DB5D /* 751 */}, + { 0x69812FC0, 0x92D3FDA1 /* 752 */}, { 0x90660BB6, 0xFB1A4A9A /* 753 */}, + { 0x46A4B9B2, 0x730C1969 /* 754 */}, { 0x7F49DA68, 0x81E289AA /* 755 */}, + { 0x83B1A05F, 0x64669A0F /* 756 */}, { 0x9644F48B, 0x27B3FF7D /* 757 */}, + { 0x8DB675B3, 0xCC6B615C /* 758 */}, { 0xBCEBBE95, 0x674F20B9 /* 759 */}, + { 0x75655982, 0x6F312382 /* 760 */}, { 0x3E45CF05, 0x5AE48871 /* 761 */}, + { 0x54C21157, 0xBF619F99 /* 762 */}, { 0x40A8EAE9, 0xEABAC460 /* 763 */}, + { 0xF2C0C1CD, 0x454C6FE9 /* 764 */}, { 0x6412691C, 0x419CF649 /* 765 */}, + { 0x265B0F70, 0xD3DC3BEF /* 766 */}, { 0xC3578A9E, 0x6D0E60F5 /* 767 */}, + { 0x26323C55, 0x5B0E6085 /* 768 */}, { 0xFA1B59F5, 0x1A46C1A9 /* 769 */}, + { 0x7C4C8FFA, 0xA9E245A1 /* 770 */}, { 0xDB2955D7, 0x65CA5159 /* 771 */}, + { 0xCE35AFC2, 0x05DB0A76 /* 772 */}, { 0xA9113D45, 0x81EAC77E /* 773 */}, + { 0xB6AC0A0D, 0x528EF88A /* 774 */}, { 0x597BE3FF, 0xA09EA253 /* 775 */}, + { 0xAC48CD56, 0x430DDFB3 /* 776 */}, { 0xF45CE46F, 0xC4B3A67A /* 777 */}, + { 0xFBE2D05E, 0x4ECECFD8 /* 778 */}, { 0xB39935F0, 0x3EF56F10 /* 779 */}, + { 0x9CD619C6, 0x0B22D682 /* 780 */}, { 0x74DF2069, 0x17FD460A /* 781 */}, + { 0x8510ED40, 0x6CF8CC8E /* 782 */}, { 0x3A6ECAA7, 0xD6C824BF /* 783 */}, + { 0x1A817049, 0x61243D58 /* 784 */}, { 0xBBC163A2, 0x048BACB6 /* 785 */}, + { 0x7D44CC32, 0xD9A38AC2 /* 786 */}, { 0xAAF410AB, 0x7FDDFF5B /* 787 */}, + { 0xA804824B, 0xAD6D495A /* 788 */}, { 0x2D8C9F94, 0xE1A6A74F /* 789 */}, + { 0x35DEE8E3, 0xD4F78512 /* 790 */}, { 0x6540D893, 0xFD4B7F88 /* 791 */}, + { 0x2AA4BFDA, 0x247C2004 /* 792 */}, { 0x17D1327C, 0x096EA1C5 /* 793 */}, + { 0x361A6685, 0xD56966B4 /* 794 */}, { 0x1221057D, 0x277DA5C3 /* 795 */}, + { 0xA43ACFF7, 0x94D59893 /* 796 */}, { 0xCDC02281, 0x64F0C51C /* 797 */}, + { 0xFF6189DB, 0x3D33BCC4 /* 798 */}, { 0x4CE66AF1, 0xE005CB18 /* 799 */}, + { 0x1DB99BEA, 0xFF5CCD1D /* 800 */}, { 0xFE42980F, 0xB0B854A7 /* 801 */}, + { 0x718D4B9F, 0x7BD46A6A /* 802 */}, { 0x22A5FD8C, 0xD10FA8CC /* 803 */}, + { 0x2BE4BD31, 0xD3148495 /* 804 */}, { 0xCB243847, 0xC7FA975F /* 805 */}, + { 0x5846C407, 0x4886ED1E /* 806 */}, { 0x1EB70B04, 0x28CDDB79 /* 807 */}, + { 0xF573417F, 0xC2B00BE2 /* 808 */}, { 0x2180F877, 0x5C959045 /* 809 */}, + { 0xF370EB00, 0x7A6BDDFF /* 810 */}, { 0xD6D9D6A4, 0xCE509E38 /* 811 */}, + { 0x647FA702, 0xEBEB0F00 /* 812 */}, { 0x76606F06, 0x1DCC06CF /* 813 */}, + { 0xA286FF0A, 0xE4D9F28B /* 814 */}, { 0xC918C262, 0xD85A305D /* 815 */}, + { 0x32225F54, 0x475B1D87 /* 816 */}, { 0x68CCB5FE, 0x2D4FB516 /* 817 */}, + { 0xD72BBA20, 0xA679B9D9 /* 818 */}, { 0x912D43A5, 0x53841C0D /* 819 */}, + { 0xBF12A4E8, 0x3B7EAA48 /* 820 */}, { 0xF22F1DDF, 0x781E0E47 /* 821 */}, + { 0x0AB50973, 0xEFF20CE6 /* 822 */}, { 0x9DFFB742, 0x20D261D1 /* 823 */}, + { 0x062A2E39, 0x16A12B03 /* 824 */}, { 0x39650495, 0x1960EB22 /* 825 */}, + { 0xD50EB8B8, 0x251C16FE /* 826 */}, { 0xF826016E, 0x9AC0C330 /* 827 */}, + { 0x953E7671, 0xED152665 /* 828 */}, { 0xA6369570, 0x02D63194 /* 829 */}, + { 0x94B1C987, 0x5074F083 /* 830 */}, { 0x90B25CE1, 0x70BA598C /* 831 */}, + { 0x0B9742F6, 0x794A1581 /* 832 */}, { 0xFCAF8C6C, 0x0D5925E9 /* 833 */}, + { 0xD868744E, 0x3067716C /* 834 */}, { 0xE8D7731B, 0x910AB077 /* 835 */}, + { 0x5AC42F61, 0x6A61BBDB /* 836 */}, { 0xF0851567, 0x93513EFB /* 837 */}, + { 0x9E83E9D5, 0xF494724B /* 838 */}, { 0x5C09648D, 0xE887E198 /* 839 */}, + { 0x75370CFD, 0x34B1D3C6 /* 840 */}, { 0xBC0D255D, 0xDC35E433 /* 841 */}, + { 0x34131BE0, 0xD0AAB842 /* 842 */}, { 0xB48B7EAF, 0x08042A50 /* 843 */}, + { 0x44A3AB35, 0x9997C4EE /* 844 */}, { 0x201799D0, 0x829A7B49 /* 845 */}, + { 0xB7C54441, 0x263B8307 /* 846 */}, { 0xFD6A6CA6, 0x752F95F4 /* 847 */}, + { 0x2C08C6E5, 0x92721740 /* 848 */}, { 0xA795D9EE, 0x2A8AB754 /* 849 */}, + { 0x2F72943D, 0xA442F755 /* 850 */}, { 0x19781208, 0x2C31334E /* 851 */}, + { 0xEAEE6291, 0x4FA98D7C /* 852 */}, { 0x665DB309, 0x55C3862F /* 853 */}, + { 0x5D53B1F3, 0xBD061017 /* 854 */}, { 0x40413F27, 0x46FE6CB8 /* 855 */}, + { 0xDF0CFA59, 0x3FE03792 /* 856 */}, { 0x2EB85E8F, 0xCFE70037 /* 857 */}, + { 0xADBCE118, 0xA7BE29E7 /* 858 */}, { 0xDE8431DD, 0xE544EE5C /* 859 */}, + { 0x41F1873E, 0x8A781B1B /* 860 */}, { 0xA0D2F0E7, 0xA5C94C78 /* 861 */}, + { 0x77B60728, 0x39412E28 /* 862 */}, { 0xAFC9A62C, 0xA1265EF3 /* 863 */}, + { 0x6A2506C5, 0xBCC2770C /* 864 */}, { 0xDCE1CE12, 0x3AB66DD5 /* 865 */}, + { 0x4A675B37, 0xE65499D0 /* 866 */}, { 0x81BFD216, 0x7D8F5234 /* 867 */}, + { 0xEC15F389, 0x0F6F64FC /* 868 */}, { 0x8B5B13C8, 0x74EFBE61 /* 869 */}, + { 0x14273E1D, 0xACDC82B7 /* 870 */}, { 0x03199D17, 0xDD40BFE0 /* 871 */}, + { 0xE7E061F8, 0x37E99257 /* 872 */}, { 0x04775AAA, 0xFA526269 /* 873 */}, + { 0x463D56F9, 0x8BBBF63A /* 874 */}, { 0x43A26E64, 0xF0013F15 /* 875 */}, + { 0x879EC898, 0xA8307E9F /* 876 */}, { 0x150177CC, 0xCC4C27A4 /* 877 */}, + { 0xCA1D3348, 0x1B432F2C /* 878 */}, { 0x9F6FA013, 0xDE1D1F8F /* 879 */}, + { 0x47A7DDD6, 0x606602A0 /* 880 */}, { 0xCC1CB2C7, 0xD237AB64 /* 881 */}, + { 0x25FCD1D3, 0x9B938E72 /* 882 */}, { 0x8E0FF476, 0xEC4E0370 /* 883 */}, + { 0x3D03C12D, 0xFEB2FBDA /* 884 */}, { 0xEE43889A, 0xAE0BCED2 /* 885 */}, + { 0xEBFB4F43, 0x22CB8923 /* 886 */}, { 0x3CF7396D, 0x69360D01 /* 887 */}, + { 0xD2D4E022, 0x855E3602 /* 888 */}, { 0xD01F784C, 0x073805BA /* 889 */}, + { 0x3852F546, 0x33E17A13 /* 890 */}, { 0x8AC7B638, 0xDF487405 /* 891 */}, + { 0x678AA14A, 0xBA92B29C /* 892 */}, { 0x6CFAADCD, 0x0CE89FC7 /* 893 */}, + { 0x08339E34, 0x5F9D4E09 /* 894 */}, { 0x1F5923B9, 0xF1AFE929 /* 895 */}, + { 0x0F4A265F, 0x6E3480F6 /* 896 */}, { 0xB29B841C, 0xEEBF3A2A /* 897 */}, + { 0x8F91B4AD, 0xE21938A8 /* 898 */}, { 0x45C6D3C3, 0x57DFEFF8 /* 899 */}, + { 0xF62CAAF2, 0x2F006B0B /* 900 */}, { 0x6F75EE78, 0x62F479EF /* 901 */}, + { 0x1C8916A9, 0x11A55AD4 /* 902 */}, { 0x84FED453, 0xF229D290 /* 903 */}, + { 0x16B000E6, 0x42F1C27B /* 904 */}, { 0x9823C074, 0x2B1F7674 /* 905 */}, + { 0xC2745360, 0x4B76ECA3 /* 906 */}, { 0xB91691BD, 0x8C98F463 /* 907 */}, + { 0xF1ADE66A, 0x14BCC93C /* 908 */}, { 0x6D458397, 0x8885213E /* 909 */}, + { 0x274D4711, 0x8E177DF0 /* 910 */}, { 0x503F2951, 0xB49B73B5 /* 911 */}, + { 0xC3F96B6B, 0x10168168 /* 912 */}, { 0x63CAB0AE, 0x0E3D963B /* 913 */}, + { 0x55A1DB14, 0x8DFC4B56 /* 914 */}, { 0x6E14DE5C, 0xF789F135 /* 915 */}, + { 0x4E51DAC1, 0x683E68AF /* 916 */}, { 0x8D4B0FD9, 0xC9A84F9D /* 917 */}, + { 0x52A0F9D1, 0x3691E03F /* 918 */}, { 0xE1878E80, 0x5ED86E46 /* 919 */}, + { 0x99D07150, 0x3C711A0E /* 920 */}, { 0x0C4E9310, 0x5A0865B2 /* 921 */}, + { 0xE4F0682E, 0x56FBFC1F /* 922 */}, { 0x105EDF9B, 0xEA8D5DE3 /* 923 */}, + { 0x2379187A, 0x71ABFDB1 /* 924 */}, { 0xBEE77B9C, 0x2EB99DE1 /* 925 */}, + { 0x33CF4523, 0x21ECC0EA /* 926 */}, { 0x1805C7A1, 0x59A4D752 /* 927 */}, + { 0x56AE7C72, 0x3896F5EB /* 928 */}, { 0xB18F75DC, 0xAA638F3D /* 929 */}, + { 0xABE9808E, 0x9F39358D /* 930 */}, { 0xC00B72AC, 0xB7DEFA91 /* 931 */}, + { 0x62492D92, 0x6B5541FD /* 932 */}, { 0xF92E4D5B, 0x6DC6DEE8 /* 933 */}, + { 0xC4BEEA7E, 0x353F57AB /* 934 */}, { 0xDA5690CE, 0x735769D6 /* 935 */}, + { 0x42391484, 0x0A234AA6 /* 936 */}, { 0x28F80D9D, 0xF6F95080 /* 937 */}, + { 0x7AB3F215, 0xB8E319A2 /* 938 */}, { 0x51341A4D, 0x31AD9C11 /* 939 */}, + { 0x7BEF5805, 0x773C22A5 /* 940 */}, { 0x07968633, 0x45C7561A /* 941 */}, + { 0x249DBE36, 0xF913DA9E /* 942 */}, { 0x78A64C68, 0xDA652D9B /* 943 */}, + { 0x3BC334EF, 0x4C27A97F /* 944 */}, { 0xE66B17F4, 0x76621220 /* 945 */}, + { 0x9ACD7D0B, 0x96774389 /* 946 */}, { 0xE0ED6782, 0xF3EE5BCA /* 947 */}, + { 0x00C879FC, 0x409F7536 /* 948 */}, { 0xB5926DB6, 0x06D09A39 /* 949 */}, + { 0x317AC588, 0x6F83AEB0 /* 950 */}, { 0x86381F21, 0x01E6CA4A /* 951 */}, + { 0xD19F3025, 0x66FF3462 /* 952 */}, { 0xDDFD3BFB, 0x72207C24 /* 953 */}, + { 0xE2ECE2EB, 0x4AF6B6D3 /* 954 */}, { 0xC7EA08DE, 0x9C994DBE /* 955 */}, + { 0xB09A8BC4, 0x49ACE597 /* 956 */}, { 0xCF0797BA, 0xB38C4766 /* 957 */}, + { 0xC57C2A75, 0x131B9373 /* 958 */}, { 0x61931E58, 0xB1822CCE /* 959 */}, + { 0x09BA1C0C, 0x9D7555B9 /* 960 */}, { 0x937D11D2, 0x127FAFDD /* 961 */}, + { 0xC66D92E4, 0x29DA3BAD /* 962 */}, { 0x54C2ECBC, 0xA2C1D571 /* 963 */}, + { 0x82F6FE24, 0x58C5134D /* 964 */}, { 0x5B62274F, 0x1C3AE351 /* 965 */}, + { 0x01CB8126, 0xE907C82E /* 966 */}, { 0x13E37FCB, 0xF8ED0919 /* 967 */}, + { 0xC80046C9, 0x3249D8F9 /* 968 */}, { 0xE388FB63, 0x80CF9BED /* 969 */}, + { 0x116CF19E, 0x1881539A /* 970 */}, { 0x6BD52457, 0x5103F3F7 /* 971 */}, + { 0xAE47F7A8, 0x15B7E6F5 /* 972 */}, { 0xD47E9CCF, 0xDBD7C6DE /* 973 */}, + { 0x0228BB1A, 0x44E55C41 /* 974 */}, { 0x5EDB4E99, 0xB647D425 /* 975 */}, + { 0xB8AAFC30, 0x5D11882B /* 976 */}, { 0x29D3212A, 0xF5098BBB /* 977 */}, + { 0xE90296B3, 0x8FB5EA14 /* 978 */}, { 0x57DD025A, 0x677B9421 /* 979 */}, + { 0xA390ACB5, 0xFB58E7C0 /* 980 */}, { 0x83BD4A01, 0x89D3674C /* 981 */}, + { 0x4BF3B93B, 0x9E2DA4DF /* 982 */}, { 0x8CAB4829, 0xFCC41E32 /* 983 */}, + { 0xBA582C52, 0x03F38C96 /* 984 */}, { 0x7FD85DB2, 0xCAD1BDBD /* 985 */}, + { 0x6082AE83, 0xBBB442C1 /* 986 */}, { 0xA5DA9AB0, 0xB95FE86B /* 987 */}, + { 0x3771A93F, 0xB22E0467 /* 988 */}, { 0x493152D8, 0x845358C9 /* 989 */}, + { 0x97B4541E, 0xBE2A4886 /* 990 */}, { 0xD38E6966, 0x95A2DC2D /* 991 */}, + { 0x923C852B, 0xC02C11AC /* 992 */}, { 0x0DF2A87B, 0x2388B199 /* 993 */}, + { 0x1B4F37BE, 0x7C8008FA /* 994 */}, { 0x4D54E503, 0x1F70D0C8 /* 995 */}, + { 0x7ECE57D4, 0x5490ADEC /* 996 */}, { 0xD9063A3A, 0x002B3C27 /* 997 */}, + { 0x8030A2BF, 0x7EAEA384 /* 998 */}, { 0xED2003C0, 0xC602326D /* 999 */}, + { 0x69A94086, 0x83A7287D /* 1000 */}, { 0x30F57A8A, 0xC57A5FCB /* 1001 */}, + { 0x79EBE779, 0xB56844E4 /* 1002 */}, { 0x05DCBCE9, 0xA373B40F /* 1003 */}, + { 0x88570EE2, 0xD71A786E /* 1004 */}, { 0xBDE8F6A0, 0x879CBACD /* 1005 */}, + { 0xC164A32F, 0x976AD1BC /* 1006 */}, { 0x9666D78B, 0xAB21E25E /* 1007 */}, + { 0xE5E5C33C, 0x901063AA /* 1008 */}, { 0x48698D90, 0x9818B344 /* 1009 */}, + { 0x3E1E8ABB, 0xE36487AE /* 1010 */}, { 0x893BDCB4, 0xAFBDF931 /* 1011 */}, + { 0x5FBBD519, 0x6345A0DC /* 1012 */}, { 0x9B9465CA, 0x8628FE26 /* 1013 */}, + { 0x3F9C51EC, 0x1E5D0160 /* 1014 */}, { 0xA15049B7, 0x4DE44006 /* 1015 */}, + { 0xF776CBB1, 0xBF6C70E5 /* 1016 */}, { 0xEF552BED, 0x411218F2 /* 1017 */}, + { 0x705A36A3, 0xCB0C0708 /* 1018 */}, { 0x4F986044, 0xE74D1475 /* 1019 */}, + { 0x0EA8280E, 0xCD56D943 /* 1020 */}, { 0x535F5065, 0xC12591D7 /* 1021 */}, + { 0x720AEF96, 0xC83223F1 /* 1022 */}, { 0x7363A51F, 0xC3A0396F /* 1023 */} + }; + +#else +void dummy_2 (int a) +{ + (void) a; + return; +} +#endif Index: /tags/2.5.0/src/sh_tiger2_64.c =================================================================== --- /tags/2.5.0/src/sh_tiger2_64.c (revision 189) +++ /tags/2.5.0/src/sh_tiger2_64.c (revision 189) @@ -0,0 +1,561 @@ +/* Tiger: A Fast New Hash Function + * + * Ross Anderson and Eli Biham + * + * From the homepage (http://www.cs.technion.ac.il/~biham/Reports/Tiger/): + * + * Tiger has no usage restrictions nor patents. It can be used freely, + * with the reference implementation, with other implementations or with + * a modification to the reference implementation (as long as it still + * implements Tiger). We only ask you to let us know about your + * implementation and to cite the origin of Tiger and of the reference + * implementation. + * + * + * The authors' home pages can be found both in + * http://www.cs.technion.ac.il/~biham/ and in + * http://www.cl.cam.ac.uk/users/rja14/. + * The authors' email addresses are biham@cs.technion.ac.il + * and rja14@cl.cam.ac.uk. + */ + +#include "config_xor.h" + +#if defined(TIGER_64_BIT) + +/* #if defined(HAVE_LONG_64) || defined(HAVE_LONG_LONG_64) */ + +/*@-type@*/ +/* sboxes.c: Tiger S boxes */ + +#if defined(HAVE_LONG_64) +typedef unsigned long int word64; +#elif defined(HAVE_LONG_LONG_64) +typedef unsigned long long int word64; +#else +#error No 64 bit type found ! +#endif + +word64 tiger_table[4*256] = { + 0x02AAB17CF7E90C5ELL /* 0 */, 0xAC424B03E243A8ECLL /* 1 */, + 0x72CD5BE30DD5FCD3LL /* 2 */, 0x6D019B93F6F97F3ALL /* 3 */, + 0xCD9978FFD21F9193LL /* 4 */, 0x7573A1C9708029E2LL /* 5 */, + 0xB164326B922A83C3LL /* 6 */, 0x46883EEE04915870LL /* 7 */, + 0xEAACE3057103ECE6LL /* 8 */, 0xC54169B808A3535CLL /* 9 */, + 0x4CE754918DDEC47CLL /* 10 */, 0x0AA2F4DFDC0DF40CLL /* 11 */, + 0x10B76F18A74DBEFALL /* 12 */, 0xC6CCB6235AD1AB6ALL /* 13 */, + 0x13726121572FE2FFLL /* 14 */, 0x1A488C6F199D921ELL /* 15 */, + 0x4BC9F9F4DA0007CALL /* 16 */, 0x26F5E6F6E85241C7LL /* 17 */, + 0x859079DBEA5947B6LL /* 18 */, 0x4F1885C5C99E8C92LL /* 19 */, + 0xD78E761EA96F864BLL /* 20 */, 0x8E36428C52B5C17DLL /* 21 */, + 0x69CF6827373063C1LL /* 22 */, 0xB607C93D9BB4C56ELL /* 23 */, + 0x7D820E760E76B5EALL /* 24 */, 0x645C9CC6F07FDC42LL /* 25 */, + 0xBF38A078243342E0LL /* 26 */, 0x5F6B343C9D2E7D04LL /* 27 */, + 0xF2C28AEB600B0EC6LL /* 28 */, 0x6C0ED85F7254BCACLL /* 29 */, + 0x71592281A4DB4FE5LL /* 30 */, 0x1967FA69CE0FED9FLL /* 31 */, + 0xFD5293F8B96545DBLL /* 32 */, 0xC879E9D7F2A7600BLL /* 33 */, + 0x860248920193194ELL /* 34 */, 0xA4F9533B2D9CC0B3LL /* 35 */, + 0x9053836C15957613LL /* 36 */, 0xDB6DCF8AFC357BF1LL /* 37 */, + 0x18BEEA7A7A370F57LL /* 38 */, 0x037117CA50B99066LL /* 39 */, + 0x6AB30A9774424A35LL /* 40 */, 0xF4E92F02E325249BLL /* 41 */, + 0x7739DB07061CCAE1LL /* 42 */, 0xD8F3B49CECA42A05LL /* 43 */, + 0xBD56BE3F51382F73LL /* 44 */, 0x45FAED5843B0BB28LL /* 45 */, + 0x1C813D5C11BF1F83LL /* 46 */, 0x8AF0E4B6D75FA169LL /* 47 */, + 0x33EE18A487AD9999LL /* 48 */, 0x3C26E8EAB1C94410LL /* 49 */, + 0xB510102BC0A822F9LL /* 50 */, 0x141EEF310CE6123BLL /* 51 */, + 0xFC65B90059DDB154LL /* 52 */, 0xE0158640C5E0E607LL /* 53 */, + 0x884E079826C3A3CFLL /* 54 */, 0x930D0D9523C535FDLL /* 55 */, + 0x35638D754E9A2B00LL /* 56 */, 0x4085FCCF40469DD5LL /* 57 */, + 0xC4B17AD28BE23A4CLL /* 58 */, 0xCAB2F0FC6A3E6A2ELL /* 59 */, + 0x2860971A6B943FCDLL /* 60 */, 0x3DDE6EE212E30446LL /* 61 */, + 0x6222F32AE01765AELL /* 62 */, 0x5D550BB5478308FELL /* 63 */, + 0xA9EFA98DA0EDA22ALL /* 64 */, 0xC351A71686C40DA7LL /* 65 */, + 0x1105586D9C867C84LL /* 66 */, 0xDCFFEE85FDA22853LL /* 67 */, + 0xCCFBD0262C5EEF76LL /* 68 */, 0xBAF294CB8990D201LL /* 69 */, + 0xE69464F52AFAD975LL /* 70 */, 0x94B013AFDF133E14LL /* 71 */, + 0x06A7D1A32823C958LL /* 72 */, 0x6F95FE5130F61119LL /* 73 */, + 0xD92AB34E462C06C0LL /* 74 */, 0xED7BDE33887C71D2LL /* 75 */, + 0x79746D6E6518393ELL /* 76 */, 0x5BA419385D713329LL /* 77 */, + 0x7C1BA6B948A97564LL /* 78 */, 0x31987C197BFDAC67LL /* 79 */, + 0xDE6C23C44B053D02LL /* 80 */, 0x581C49FED002D64DLL /* 81 */, + 0xDD474D6338261571LL /* 82 */, 0xAA4546C3E473D062LL /* 83 */, + 0x928FCE349455F860LL /* 84 */, 0x48161BBACAAB94D9LL /* 85 */, + 0x63912430770E6F68LL /* 86 */, 0x6EC8A5E602C6641CLL /* 87 */, + 0x87282515337DDD2BLL /* 88 */, 0x2CDA6B42034B701BLL /* 89 */, + 0xB03D37C181CB096DLL /* 90 */, 0xE108438266C71C6FLL /* 91 */, + 0x2B3180C7EB51B255LL /* 92 */, 0xDF92B82F96C08BBCLL /* 93 */, + 0x5C68C8C0A632F3BALL /* 94 */, 0x5504CC861C3D0556LL /* 95 */, + 0xABBFA4E55FB26B8FLL /* 96 */, 0x41848B0AB3BACEB4LL /* 97 */, + 0xB334A273AA445D32LL /* 98 */, 0xBCA696F0A85AD881LL /* 99 */, + 0x24F6EC65B528D56CLL /* 100 */, 0x0CE1512E90F4524ALL /* 101 */, + 0x4E9DD79D5506D35ALL /* 102 */, 0x258905FAC6CE9779LL /* 103 */, + 0x2019295B3E109B33LL /* 104 */, 0xF8A9478B73A054CCLL /* 105 */, + 0x2924F2F934417EB0LL /* 106 */, 0x3993357D536D1BC4LL /* 107 */, + 0x38A81AC21DB6FF8BLL /* 108 */, 0x47C4FBF17D6016BFLL /* 109 */, + 0x1E0FAADD7667E3F5LL /* 110 */, 0x7ABCFF62938BEB96LL /* 111 */, + 0xA78DAD948FC179C9LL /* 112 */, 0x8F1F98B72911E50DLL /* 113 */, + 0x61E48EAE27121A91LL /* 114 */, 0x4D62F7AD31859808LL /* 115 */, + 0xECEBA345EF5CEAEBLL /* 116 */, 0xF5CEB25EBC9684CELL /* 117 */, + 0xF633E20CB7F76221LL /* 118 */, 0xA32CDF06AB8293E4LL /* 119 */, + 0x985A202CA5EE2CA4LL /* 120 */, 0xCF0B8447CC8A8FB1LL /* 121 */, + 0x9F765244979859A3LL /* 122 */, 0xA8D516B1A1240017LL /* 123 */, + 0x0BD7BA3EBB5DC726LL /* 124 */, 0xE54BCA55B86ADB39LL /* 125 */, + 0x1D7A3AFD6C478063LL /* 126 */, 0x519EC608E7669EDDLL /* 127 */, + 0x0E5715A2D149AA23LL /* 128 */, 0x177D4571848FF194LL /* 129 */, + 0xEEB55F3241014C22LL /* 130 */, 0x0F5E5CA13A6E2EC2LL /* 131 */, + 0x8029927B75F5C361LL /* 132 */, 0xAD139FABC3D6E436LL /* 133 */, + 0x0D5DF1A94CCF402FLL /* 134 */, 0x3E8BD948BEA5DFC8LL /* 135 */, + 0xA5A0D357BD3FF77ELL /* 136 */, 0xA2D12E251F74F645LL /* 137 */, + 0x66FD9E525E81A082LL /* 138 */, 0x2E0C90CE7F687A49LL /* 139 */, + 0xC2E8BCBEBA973BC5LL /* 140 */, 0x000001BCE509745FLL /* 141 */, + 0x423777BBE6DAB3D6LL /* 142 */, 0xD1661C7EAEF06EB5LL /* 143 */, + 0xA1781F354DAACFD8LL /* 144 */, 0x2D11284A2B16AFFCLL /* 145 */, + 0xF1FC4F67FA891D1FLL /* 146 */, 0x73ECC25DCB920ADALL /* 147 */, + 0xAE610C22C2A12651LL /* 148 */, 0x96E0A810D356B78ALL /* 149 */, + 0x5A9A381F2FE7870FLL /* 150 */, 0xD5AD62EDE94E5530LL /* 151 */, + 0xD225E5E8368D1427LL /* 152 */, 0x65977B70C7AF4631LL /* 153 */, + 0x99F889B2DE39D74FLL /* 154 */, 0x233F30BF54E1D143LL /* 155 */, + 0x9A9675D3D9A63C97LL /* 156 */, 0x5470554FF334F9A8LL /* 157 */, + 0x166ACB744A4F5688LL /* 158 */, 0x70C74CAAB2E4AEADLL /* 159 */, + 0xF0D091646F294D12LL /* 160 */, 0x57B82A89684031D1LL /* 161 */, + 0xEFD95A5A61BE0B6BLL /* 162 */, 0x2FBD12E969F2F29ALL /* 163 */, + 0x9BD37013FEFF9FE8LL /* 164 */, 0x3F9B0404D6085A06LL /* 165 */, + 0x4940C1F3166CFE15LL /* 166 */, 0x09542C4DCDF3DEFBLL /* 167 */, + 0xB4C5218385CD5CE3LL /* 168 */, 0xC935B7DC4462A641LL /* 169 */, + 0x3417F8A68ED3B63FLL /* 170 */, 0xB80959295B215B40LL /* 171 */, + 0xF99CDAEF3B8C8572LL /* 172 */, 0x018C0614F8FCB95DLL /* 173 */, + 0x1B14ACCD1A3ACDF3LL /* 174 */, 0x84D471F200BB732DLL /* 175 */, + 0xC1A3110E95E8DA16LL /* 176 */, 0x430A7220BF1A82B8LL /* 177 */, + 0xB77E090D39DF210ELL /* 178 */, 0x5EF4BD9F3CD05E9DLL /* 179 */, + 0x9D4FF6DA7E57A444LL /* 180 */, 0xDA1D60E183D4A5F8LL /* 181 */, + 0xB287C38417998E47LL /* 182 */, 0xFE3EDC121BB31886LL /* 183 */, + 0xC7FE3CCC980CCBEFLL /* 184 */, 0xE46FB590189BFD03LL /* 185 */, + 0x3732FD469A4C57DCLL /* 186 */, 0x7EF700A07CF1AD65LL /* 187 */, + 0x59C64468A31D8859LL /* 188 */, 0x762FB0B4D45B61F6LL /* 189 */, + 0x155BAED099047718LL /* 190 */, 0x68755E4C3D50BAA6LL /* 191 */, + 0xE9214E7F22D8B4DFLL /* 192 */, 0x2ADDBF532EAC95F4LL /* 193 */, + 0x32AE3909B4BD0109LL /* 194 */, 0x834DF537B08E3450LL /* 195 */, + 0xFA209DA84220728DLL /* 196 */, 0x9E691D9B9EFE23F7LL /* 197 */, + 0x0446D288C4AE8D7FLL /* 198 */, 0x7B4CC524E169785BLL /* 199 */, + 0x21D87F0135CA1385LL /* 200 */, 0xCEBB400F137B8AA5LL /* 201 */, + 0x272E2B66580796BELL /* 202 */, 0x3612264125C2B0DELL /* 203 */, + 0x057702BDAD1EFBB2LL /* 204 */, 0xD4BABB8EACF84BE9LL /* 205 */, + 0x91583139641BC67BLL /* 206 */, 0x8BDC2DE08036E024LL /* 207 */, + 0x603C8156F49F68EDLL /* 208 */, 0xF7D236F7DBEF5111LL /* 209 */, + 0x9727C4598AD21E80LL /* 210 */, 0xA08A0896670A5FD7LL /* 211 */, + 0xCB4A8F4309EBA9CBLL /* 212 */, 0x81AF564B0F7036A1LL /* 213 */, + 0xC0B99AA778199ABDLL /* 214 */, 0x959F1EC83FC8E952LL /* 215 */, + 0x8C505077794A81B9LL /* 216 */, 0x3ACAAF8F056338F0LL /* 217 */, + 0x07B43F50627A6778LL /* 218 */, 0x4A44AB49F5ECCC77LL /* 219 */, + 0x3BC3D6E4B679EE98LL /* 220 */, 0x9CC0D4D1CF14108CLL /* 221 */, + 0x4406C00B206BC8A0LL /* 222 */, 0x82A18854C8D72D89LL /* 223 */, + 0x67E366B35C3C432CLL /* 224 */, 0xB923DD61102B37F2LL /* 225 */, + 0x56AB2779D884271DLL /* 226 */, 0xBE83E1B0FF1525AFLL /* 227 */, + 0xFB7C65D4217E49A9LL /* 228 */, 0x6BDBE0E76D48E7D4LL /* 229 */, + 0x08DF828745D9179ELL /* 230 */, 0x22EA6A9ADD53BD34LL /* 231 */, + 0xE36E141C5622200ALL /* 232 */, 0x7F805D1B8CB750EELL /* 233 */, + 0xAFE5C7A59F58E837LL /* 234 */, 0xE27F996A4FB1C23CLL /* 235 */, + 0xD3867DFB0775F0D0LL /* 236 */, 0xD0E673DE6E88891ALL /* 237 */, + 0x123AEB9EAFB86C25LL /* 238 */, 0x30F1D5D5C145B895LL /* 239 */, + 0xBB434A2DEE7269E7LL /* 240 */, 0x78CB67ECF931FA38LL /* 241 */, + 0xF33B0372323BBF9CLL /* 242 */, 0x52D66336FB279C74LL /* 243 */, + 0x505F33AC0AFB4EAALL /* 244 */, 0xE8A5CD99A2CCE187LL /* 245 */, + 0x534974801E2D30BBLL /* 246 */, 0x8D2D5711D5876D90LL /* 247 */, + 0x1F1A412891BC038ELL /* 248 */, 0xD6E2E71D82E56648LL /* 249 */, + 0x74036C3A497732B7LL /* 250 */, 0x89B67ED96361F5ABLL /* 251 */, + 0xFFED95D8F1EA02A2LL /* 252 */, 0xE72B3BD61464D43DLL /* 253 */, + 0xA6300F170BDC4820LL /* 254 */, 0xEBC18760ED78A77ALL /* 255 */, + 0xE6A6BE5A05A12138LL /* 256 */, 0xB5A122A5B4F87C98LL /* 257 */, + 0x563C6089140B6990LL /* 258 */, 0x4C46CB2E391F5DD5LL /* 259 */, + 0xD932ADDBC9B79434LL /* 260 */, 0x08EA70E42015AFF5LL /* 261 */, + 0xD765A6673E478CF1LL /* 262 */, 0xC4FB757EAB278D99LL /* 263 */, + 0xDF11C6862D6E0692LL /* 264 */, 0xDDEB84F10D7F3B16LL /* 265 */, + 0x6F2EF604A665EA04LL /* 266 */, 0x4A8E0F0FF0E0DFB3LL /* 267 */, + 0xA5EDEEF83DBCBA51LL /* 268 */, 0xFC4F0A2A0EA4371ELL /* 269 */, + 0xE83E1DA85CB38429LL /* 270 */, 0xDC8FF882BA1B1CE2LL /* 271 */, + 0xCD45505E8353E80DLL /* 272 */, 0x18D19A00D4DB0717LL /* 273 */, + 0x34A0CFEDA5F38101LL /* 274 */, 0x0BE77E518887CAF2LL /* 275 */, + 0x1E341438B3C45136LL /* 276 */, 0xE05797F49089CCF9LL /* 277 */, + 0xFFD23F9DF2591D14LL /* 278 */, 0x543DDA228595C5CDLL /* 279 */, + 0x661F81FD99052A33LL /* 280 */, 0x8736E641DB0F7B76LL /* 281 */, + 0x15227725418E5307LL /* 282 */, 0xE25F7F46162EB2FALL /* 283 */, + 0x48A8B2126C13D9FELL /* 284 */, 0xAFDC541792E76EEALL /* 285 */, + 0x03D912BFC6D1898FLL /* 286 */, 0x31B1AAFA1B83F51BLL /* 287 */, + 0xF1AC2796E42AB7D9LL /* 288 */, 0x40A3A7D7FCD2EBACLL /* 289 */, + 0x1056136D0AFBBCC5LL /* 290 */, 0x7889E1DD9A6D0C85LL /* 291 */, + 0xD33525782A7974AALL /* 292 */, 0xA7E25D09078AC09BLL /* 293 */, + 0xBD4138B3EAC6EDD0LL /* 294 */, 0x920ABFBE71EB9E70LL /* 295 */, + 0xA2A5D0F54FC2625CLL /* 296 */, 0xC054E36B0B1290A3LL /* 297 */, + 0xF6DD59FF62FE932BLL /* 298 */, 0x3537354511A8AC7DLL /* 299 */, + 0xCA845E9172FADCD4LL /* 300 */, 0x84F82B60329D20DCLL /* 301 */, + 0x79C62CE1CD672F18LL /* 302 */, 0x8B09A2ADD124642CLL /* 303 */, + 0xD0C1E96A19D9E726LL /* 304 */, 0x5A786A9B4BA9500CLL /* 305 */, + 0x0E020336634C43F3LL /* 306 */, 0xC17B474AEB66D822LL /* 307 */, + 0x6A731AE3EC9BAAC2LL /* 308 */, 0x8226667AE0840258LL /* 309 */, + 0x67D4567691CAECA5LL /* 310 */, 0x1D94155C4875ADB5LL /* 311 */, + 0x6D00FD985B813FDFLL /* 312 */, 0x51286EFCB774CD06LL /* 313 */, + 0x5E8834471FA744AFLL /* 314 */, 0xF72CA0AEE761AE2ELL /* 315 */, + 0xBE40E4CDAEE8E09ALL /* 316 */, 0xE9970BBB5118F665LL /* 317 */, + 0x726E4BEB33DF1964LL /* 318 */, 0x703B000729199762LL /* 319 */, + 0x4631D816F5EF30A7LL /* 320 */, 0xB880B5B51504A6BELL /* 321 */, + 0x641793C37ED84B6CLL /* 322 */, 0x7B21ED77F6E97D96LL /* 323 */, + 0x776306312EF96B73LL /* 324 */, 0xAE528948E86FF3F4LL /* 325 */, + 0x53DBD7F286A3F8F8LL /* 326 */, 0x16CADCE74CFC1063LL /* 327 */, + 0x005C19BDFA52C6DDLL /* 328 */, 0x68868F5D64D46AD3LL /* 329 */, + 0x3A9D512CCF1E186ALL /* 330 */, 0x367E62C2385660AELL /* 331 */, + 0xE359E7EA77DCB1D7LL /* 332 */, 0x526C0773749ABE6ELL /* 333 */, + 0x735AE5F9D09F734BLL /* 334 */, 0x493FC7CC8A558BA8LL /* 335 */, + 0xB0B9C1533041AB45LL /* 336 */, 0x321958BA470A59BDLL /* 337 */, + 0x852DB00B5F46C393LL /* 338 */, 0x91209B2BD336B0E5LL /* 339 */, + 0x6E604F7D659EF19FLL /* 340 */, 0xB99A8AE2782CCB24LL /* 341 */, + 0xCCF52AB6C814C4C7LL /* 342 */, 0x4727D9AFBE11727BLL /* 343 */, + 0x7E950D0C0121B34DLL /* 344 */, 0x756F435670AD471FLL /* 345 */, + 0xF5ADD442615A6849LL /* 346 */, 0x4E87E09980B9957ALL /* 347 */, + 0x2ACFA1DF50AEE355LL /* 348 */, 0xD898263AFD2FD556LL /* 349 */, + 0xC8F4924DD80C8FD6LL /* 350 */, 0xCF99CA3D754A173ALL /* 351 */, + 0xFE477BACAF91BF3CLL /* 352 */, 0xED5371F6D690C12DLL /* 353 */, + 0x831A5C285E687094LL /* 354 */, 0xC5D3C90A3708A0A4LL /* 355 */, + 0x0F7F903717D06580LL /* 356 */, 0x19F9BB13B8FDF27FLL /* 357 */, + 0xB1BD6F1B4D502843LL /* 358 */, 0x1C761BA38FFF4012LL /* 359 */, + 0x0D1530C4E2E21F3BLL /* 360 */, 0x8943CE69A7372C8ALL /* 361 */, + 0xE5184E11FEB5CE66LL /* 362 */, 0x618BDB80BD736621LL /* 363 */, + 0x7D29BAD68B574D0BLL /* 364 */, 0x81BB613E25E6FE5BLL /* 365 */, + 0x071C9C10BC07913FLL /* 366 */, 0xC7BEEB7909AC2D97LL /* 367 */, + 0xC3E58D353BC5D757LL /* 368 */, 0xEB017892F38F61E8LL /* 369 */, + 0xD4EFFB9C9B1CC21ALL /* 370 */, 0x99727D26F494F7ABLL /* 371 */, + 0xA3E063A2956B3E03LL /* 372 */, 0x9D4A8B9A4AA09C30LL /* 373 */, + 0x3F6AB7D500090FB4LL /* 374 */, 0x9CC0F2A057268AC0LL /* 375 */, + 0x3DEE9D2DEDBF42D1LL /* 376 */, 0x330F49C87960A972LL /* 377 */, + 0xC6B2720287421B41LL /* 378 */, 0x0AC59EC07C00369CLL /* 379 */, + 0xEF4EAC49CB353425LL /* 380 */, 0xF450244EEF0129D8LL /* 381 */, + 0x8ACC46E5CAF4DEB6LL /* 382 */, 0x2FFEAB63989263F7LL /* 383 */, + 0x8F7CB9FE5D7A4578LL /* 384 */, 0x5BD8F7644E634635LL /* 385 */, + 0x427A7315BF2DC900LL /* 386 */, 0x17D0C4AA2125261CLL /* 387 */, + 0x3992486C93518E50LL /* 388 */, 0xB4CBFEE0A2D7D4C3LL /* 389 */, + 0x7C75D6202C5DDD8DLL /* 390 */, 0xDBC295D8E35B6C61LL /* 391 */, + 0x60B369D302032B19LL /* 392 */, 0xCE42685FDCE44132LL /* 393 */, + 0x06F3DDB9DDF65610LL /* 394 */, 0x8EA4D21DB5E148F0LL /* 395 */, + 0x20B0FCE62FCD496FLL /* 396 */, 0x2C1B912358B0EE31LL /* 397 */, + 0xB28317B818F5A308LL /* 398 */, 0xA89C1E189CA6D2CFLL /* 399 */, + 0x0C6B18576AAADBC8LL /* 400 */, 0xB65DEAA91299FAE3LL /* 401 */, + 0xFB2B794B7F1027E7LL /* 402 */, 0x04E4317F443B5BEBLL /* 403 */, + 0x4B852D325939D0A6LL /* 404 */, 0xD5AE6BEEFB207FFCLL /* 405 */, + 0x309682B281C7D374LL /* 406 */, 0xBAE309A194C3B475LL /* 407 */, + 0x8CC3F97B13B49F05LL /* 408 */, 0x98A9422FF8293967LL /* 409 */, + 0x244B16B01076FF7CLL /* 410 */, 0xF8BF571C663D67EELL /* 411 */, + 0x1F0D6758EEE30DA1LL /* 412 */, 0xC9B611D97ADEB9B7LL /* 413 */, + 0xB7AFD5887B6C57A2LL /* 414 */, 0x6290AE846B984FE1LL /* 415 */, + 0x94DF4CDEACC1A5FDLL /* 416 */, 0x058A5BD1C5483AFFLL /* 417 */, + 0x63166CC142BA3C37LL /* 418 */, 0x8DB8526EB2F76F40LL /* 419 */, + 0xE10880036F0D6D4ELL /* 420 */, 0x9E0523C9971D311DLL /* 421 */, + 0x45EC2824CC7CD691LL /* 422 */, 0x575B8359E62382C9LL /* 423 */, + 0xFA9E400DC4889995LL /* 424 */, 0xD1823ECB45721568LL /* 425 */, + 0xDAFD983B8206082FLL /* 426 */, 0xAA7D29082386A8CBLL /* 427 */, + 0x269FCD4403B87588LL /* 428 */, 0x1B91F5F728BDD1E0LL /* 429 */, + 0xE4669F39040201F6LL /* 430 */, 0x7A1D7C218CF04ADELL /* 431 */, + 0x65623C29D79CE5CELL /* 432 */, 0x2368449096C00BB1LL /* 433 */, + 0xAB9BF1879DA503BALL /* 434 */, 0xBC23ECB1A458058ELL /* 435 */, + 0x9A58DF01BB401ECCLL /* 436 */, 0xA070E868A85F143DLL /* 437 */, + 0x4FF188307DF2239ELL /* 438 */, 0x14D565B41A641183LL /* 439 */, + 0xEE13337452701602LL /* 440 */, 0x950E3DCF3F285E09LL /* 441 */, + 0x59930254B9C80953LL /* 442 */, 0x3BF299408930DA6DLL /* 443 */, + 0xA955943F53691387LL /* 444 */, 0xA15EDECAA9CB8784LL /* 445 */, + 0x29142127352BE9A0LL /* 446 */, 0x76F0371FFF4E7AFBLL /* 447 */, + 0x0239F450274F2228LL /* 448 */, 0xBB073AF01D5E868BLL /* 449 */, + 0xBFC80571C10E96C1LL /* 450 */, 0xD267088568222E23LL /* 451 */, + 0x9671A3D48E80B5B0LL /* 452 */, 0x55B5D38AE193BB81LL /* 453 */, + 0x693AE2D0A18B04B8LL /* 454 */, 0x5C48B4ECADD5335FLL /* 455 */, + 0xFD743B194916A1CALL /* 456 */, 0x2577018134BE98C4LL /* 457 */, + 0xE77987E83C54A4ADLL /* 458 */, 0x28E11014DA33E1B9LL /* 459 */, + 0x270CC59E226AA213LL /* 460 */, 0x71495F756D1A5F60LL /* 461 */, + 0x9BE853FB60AFEF77LL /* 462 */, 0xADC786A7F7443DBFLL /* 463 */, + 0x0904456173B29A82LL /* 464 */, 0x58BC7A66C232BD5ELL /* 465 */, + 0xF306558C673AC8B2LL /* 466 */, 0x41F639C6B6C9772ALL /* 467 */, + 0x216DEFE99FDA35DALL /* 468 */, 0x11640CC71C7BE615LL /* 469 */, + 0x93C43694565C5527LL /* 470 */, 0xEA038E6246777839LL /* 471 */, + 0xF9ABF3CE5A3E2469LL /* 472 */, 0x741E768D0FD312D2LL /* 473 */, + 0x0144B883CED652C6LL /* 474 */, 0xC20B5A5BA33F8552LL /* 475 */, + 0x1AE69633C3435A9DLL /* 476 */, 0x97A28CA4088CFDECLL /* 477 */, + 0x8824A43C1E96F420LL /* 478 */, 0x37612FA66EEEA746LL /* 479 */, + 0x6B4CB165F9CF0E5ALL /* 480 */, 0x43AA1C06A0ABFB4ALL /* 481 */, + 0x7F4DC26FF162796BLL /* 482 */, 0x6CBACC8E54ED9B0FLL /* 483 */, + 0xA6B7FFEFD2BB253ELL /* 484 */, 0x2E25BC95B0A29D4FLL /* 485 */, + 0x86D6A58BDEF1388CLL /* 486 */, 0xDED74AC576B6F054LL /* 487 */, + 0x8030BDBC2B45805DLL /* 488 */, 0x3C81AF70E94D9289LL /* 489 */, + 0x3EFF6DDA9E3100DBLL /* 490 */, 0xB38DC39FDFCC8847LL /* 491 */, + 0x123885528D17B87ELL /* 492 */, 0xF2DA0ED240B1B642LL /* 493 */, + 0x44CEFADCD54BF9A9LL /* 494 */, 0x1312200E433C7EE6LL /* 495 */, + 0x9FFCC84F3A78C748LL /* 496 */, 0xF0CD1F72248576BBLL /* 497 */, + 0xEC6974053638CFE4LL /* 498 */, 0x2BA7B67C0CEC4E4CLL /* 499 */, + 0xAC2F4DF3E5CE32EDLL /* 500 */, 0xCB33D14326EA4C11LL /* 501 */, + 0xA4E9044CC77E58BCLL /* 502 */, 0x5F513293D934FCEFLL /* 503 */, + 0x5DC9645506E55444LL /* 504 */, 0x50DE418F317DE40ALL /* 505 */, + 0x388CB31A69DDE259LL /* 506 */, 0x2DB4A83455820A86LL /* 507 */, + 0x9010A91E84711AE9LL /* 508 */, 0x4DF7F0B7B1498371LL /* 509 */, + 0xD62A2EABC0977179LL /* 510 */, 0x22FAC097AA8D5C0ELL /* 511 */, + 0xF49FCC2FF1DAF39BLL /* 512 */, 0x487FD5C66FF29281LL /* 513 */, + 0xE8A30667FCDCA83FLL /* 514 */, 0x2C9B4BE3D2FCCE63LL /* 515 */, + 0xDA3FF74B93FBBBC2LL /* 516 */, 0x2FA165D2FE70BA66LL /* 517 */, + 0xA103E279970E93D4LL /* 518 */, 0xBECDEC77B0E45E71LL /* 519 */, + 0xCFB41E723985E497LL /* 520 */, 0xB70AAA025EF75017LL /* 521 */, + 0xD42309F03840B8E0LL /* 522 */, 0x8EFC1AD035898579LL /* 523 */, + 0x96C6920BE2B2ABC5LL /* 524 */, 0x66AF4163375A9172LL /* 525 */, + 0x2174ABDCCA7127FBLL /* 526 */, 0xB33CCEA64A72FF41LL /* 527 */, + 0xF04A4933083066A5LL /* 528 */, 0x8D970ACDD7289AF5LL /* 529 */, + 0x8F96E8E031C8C25ELL /* 530 */, 0xF3FEC02276875D47LL /* 531 */, + 0xEC7BF310056190DDLL /* 532 */, 0xF5ADB0AEBB0F1491LL /* 533 */, + 0x9B50F8850FD58892LL /* 534 */, 0x4975488358B74DE8LL /* 535 */, + 0xA3354FF691531C61LL /* 536 */, 0x0702BBE481D2C6EELL /* 537 */, + 0x89FB24057DEDED98LL /* 538 */, 0xAC3075138596E902LL /* 539 */, + 0x1D2D3580172772EDLL /* 540 */, 0xEB738FC28E6BC30DLL /* 541 */, + 0x5854EF8F63044326LL /* 542 */, 0x9E5C52325ADD3BBELL /* 543 */, + 0x90AA53CF325C4623LL /* 544 */, 0xC1D24D51349DD067LL /* 545 */, + 0x2051CFEEA69EA624LL /* 546 */, 0x13220F0A862E7E4FLL /* 547 */, + 0xCE39399404E04864LL /* 548 */, 0xD9C42CA47086FCB7LL /* 549 */, + 0x685AD2238A03E7CCLL /* 550 */, 0x066484B2AB2FF1DBLL /* 551 */, + 0xFE9D5D70EFBF79ECLL /* 552 */, 0x5B13B9DD9C481854LL /* 553 */, + 0x15F0D475ED1509ADLL /* 554 */, 0x0BEBCD060EC79851LL /* 555 */, + 0xD58C6791183AB7F8LL /* 556 */, 0xD1187C5052F3EEE4LL /* 557 */, + 0xC95D1192E54E82FFLL /* 558 */, 0x86EEA14CB9AC6CA2LL /* 559 */, + 0x3485BEB153677D5DLL /* 560 */, 0xDD191D781F8C492ALL /* 561 */, + 0xF60866BAA784EBF9LL /* 562 */, 0x518F643BA2D08C74LL /* 563 */, + 0x8852E956E1087C22LL /* 564 */, 0xA768CB8DC410AE8DLL /* 565 */, + 0x38047726BFEC8E1ALL /* 566 */, 0xA67738B4CD3B45AALL /* 567 */, + 0xAD16691CEC0DDE19LL /* 568 */, 0xC6D4319380462E07LL /* 569 */, + 0xC5A5876D0BA61938LL /* 570 */, 0x16B9FA1FA58FD840LL /* 571 */, + 0x188AB1173CA74F18LL /* 572 */, 0xABDA2F98C99C021FLL /* 573 */, + 0x3E0580AB134AE816LL /* 574 */, 0x5F3B05B773645ABBLL /* 575 */, + 0x2501A2BE5575F2F6LL /* 576 */, 0x1B2F74004E7E8BA9LL /* 577 */, + 0x1CD7580371E8D953LL /* 578 */, 0x7F6ED89562764E30LL /* 579 */, + 0xB15926FF596F003DLL /* 580 */, 0x9F65293DA8C5D6B9LL /* 581 */, + 0x6ECEF04DD690F84CLL /* 582 */, 0x4782275FFF33AF88LL /* 583 */, + 0xE41433083F820801LL /* 584 */, 0xFD0DFE409A1AF9B5LL /* 585 */, + 0x4325A3342CDB396BLL /* 586 */, 0x8AE77E62B301B252LL /* 587 */, + 0xC36F9E9F6655615ALL /* 588 */, 0x85455A2D92D32C09LL /* 589 */, + 0xF2C7DEA949477485LL /* 590 */, 0x63CFB4C133A39EBALL /* 591 */, + 0x83B040CC6EBC5462LL /* 592 */, 0x3B9454C8FDB326B0LL /* 593 */, + 0x56F56A9E87FFD78CLL /* 594 */, 0x2DC2940D99F42BC6LL /* 595 */, + 0x98F7DF096B096E2DLL /* 596 */, 0x19A6E01E3AD852BFLL /* 597 */, + 0x42A99CCBDBD4B40BLL /* 598 */, 0xA59998AF45E9C559LL /* 599 */, + 0x366295E807D93186LL /* 600 */, 0x6B48181BFAA1F773LL /* 601 */, + 0x1FEC57E2157A0A1DLL /* 602 */, 0x4667446AF6201AD5LL /* 603 */, + 0xE615EBCACFB0F075LL /* 604 */, 0xB8F31F4F68290778LL /* 605 */, + 0x22713ED6CE22D11ELL /* 606 */, 0x3057C1A72EC3C93BLL /* 607 */, + 0xCB46ACC37C3F1F2FLL /* 608 */, 0xDBB893FD02AAF50ELL /* 609 */, + 0x331FD92E600B9FCFLL /* 610 */, 0xA498F96148EA3AD6LL /* 611 */, + 0xA8D8426E8B6A83EALL /* 612 */, 0xA089B274B7735CDCLL /* 613 */, + 0x87F6B3731E524A11LL /* 614 */, 0x118808E5CBC96749LL /* 615 */, + 0x9906E4C7B19BD394LL /* 616 */, 0xAFED7F7E9B24A20CLL /* 617 */, + 0x6509EADEEB3644A7LL /* 618 */, 0x6C1EF1D3E8EF0EDELL /* 619 */, + 0xB9C97D43E9798FB4LL /* 620 */, 0xA2F2D784740C28A3LL /* 621 */, + 0x7B8496476197566FLL /* 622 */, 0x7A5BE3E6B65F069DLL /* 623 */, + 0xF96330ED78BE6F10LL /* 624 */, 0xEEE60DE77A076A15LL /* 625 */, + 0x2B4BEE4AA08B9BD0LL /* 626 */, 0x6A56A63EC7B8894ELL /* 627 */, + 0x02121359BA34FEF4LL /* 628 */, 0x4CBF99F8283703FCLL /* 629 */, + 0x398071350CAF30C8LL /* 630 */, 0xD0A77A89F017687ALL /* 631 */, + 0xF1C1A9EB9E423569LL /* 632 */, 0x8C7976282DEE8199LL /* 633 */, + 0x5D1737A5DD1F7ABDLL /* 634 */, 0x4F53433C09A9FA80LL /* 635 */, + 0xFA8B0C53DF7CA1D9LL /* 636 */, 0x3FD9DCBC886CCB77LL /* 637 */, + 0xC040917CA91B4720LL /* 638 */, 0x7DD00142F9D1DCDFLL /* 639 */, + 0x8476FC1D4F387B58LL /* 640 */, 0x23F8E7C5F3316503LL /* 641 */, + 0x032A2244E7E37339LL /* 642 */, 0x5C87A5D750F5A74BLL /* 643 */, + 0x082B4CC43698992ELL /* 644 */, 0xDF917BECB858F63CLL /* 645 */, + 0x3270B8FC5BF86DDALL /* 646 */, 0x10AE72BB29B5DD76LL /* 647 */, + 0x576AC94E7700362BLL /* 648 */, 0x1AD112DAC61EFB8FLL /* 649 */, + 0x691BC30EC5FAA427LL /* 650 */, 0xFF246311CC327143LL /* 651 */, + 0x3142368E30E53206LL /* 652 */, 0x71380E31E02CA396LL /* 653 */, + 0x958D5C960AAD76F1LL /* 654 */, 0xF8D6F430C16DA536LL /* 655 */, + 0xC8FFD13F1BE7E1D2LL /* 656 */, 0x7578AE66004DDBE1LL /* 657 */, + 0x05833F01067BE646LL /* 658 */, 0xBB34B5AD3BFE586DLL /* 659 */, + 0x095F34C9A12B97F0LL /* 660 */, 0x247AB64525D60CA8LL /* 661 */, + 0xDCDBC6F3017477D1LL /* 662 */, 0x4A2E14D4DECAD24DLL /* 663 */, + 0xBDB5E6D9BE0A1EEBLL /* 664 */, 0x2A7E70F7794301ABLL /* 665 */, + 0xDEF42D8A270540FDLL /* 666 */, 0x01078EC0A34C22C1LL /* 667 */, + 0xE5DE511AF4C16387LL /* 668 */, 0x7EBB3A52BD9A330ALL /* 669 */, + 0x77697857AA7D6435LL /* 670 */, 0x004E831603AE4C32LL /* 671 */, + 0xE7A21020AD78E312LL /* 672 */, 0x9D41A70C6AB420F2LL /* 673 */, + 0x28E06C18EA1141E6LL /* 674 */, 0xD2B28CBD984F6B28LL /* 675 */, + 0x26B75F6C446E9D83LL /* 676 */, 0xBA47568C4D418D7FLL /* 677 */, + 0xD80BADBFE6183D8ELL /* 678 */, 0x0E206D7F5F166044LL /* 679 */, + 0xE258A43911CBCA3ELL /* 680 */, 0x723A1746B21DC0BCLL /* 681 */, + 0xC7CAA854F5D7CDD3LL /* 682 */, 0x7CAC32883D261D9CLL /* 683 */, + 0x7690C26423BA942CLL /* 684 */, 0x17E55524478042B8LL /* 685 */, + 0xE0BE477656A2389FLL /* 686 */, 0x4D289B5E67AB2DA0LL /* 687 */, + 0x44862B9C8FBBFD31LL /* 688 */, 0xB47CC8049D141365LL /* 689 */, + 0x822C1B362B91C793LL /* 690 */, 0x4EB14655FB13DFD8LL /* 691 */, + 0x1ECBBA0714E2A97BLL /* 692 */, 0x6143459D5CDE5F14LL /* 693 */, + 0x53A8FBF1D5F0AC89LL /* 694 */, 0x97EA04D81C5E5B00LL /* 695 */, + 0x622181A8D4FDB3F3LL /* 696 */, 0xE9BCD341572A1208LL /* 697 */, + 0x1411258643CCE58ALL /* 698 */, 0x9144C5FEA4C6E0A4LL /* 699 */, + 0x0D33D06565CF620FLL /* 700 */, 0x54A48D489F219CA1LL /* 701 */, + 0xC43E5EAC6D63C821LL /* 702 */, 0xA9728B3A72770DAFLL /* 703 */, + 0xD7934E7B20DF87EFLL /* 704 */, 0xE35503B61A3E86E5LL /* 705 */, + 0xCAE321FBC819D504LL /* 706 */, 0x129A50B3AC60BFA6LL /* 707 */, + 0xCD5E68EA7E9FB6C3LL /* 708 */, 0xB01C90199483B1C7LL /* 709 */, + 0x3DE93CD5C295376CLL /* 710 */, 0xAED52EDF2AB9AD13LL /* 711 */, + 0x2E60F512C0A07884LL /* 712 */, 0xBC3D86A3E36210C9LL /* 713 */, + 0x35269D9B163951CELL /* 714 */, 0x0C7D6E2AD0CDB5FALL /* 715 */, + 0x59E86297D87F5733LL /* 716 */, 0x298EF221898DB0E7LL /* 717 */, + 0x55000029D1A5AA7ELL /* 718 */, 0x8BC08AE1B5061B45LL /* 719 */, + 0xC2C31C2B6C92703ALL /* 720 */, 0x94CC596BAF25EF42LL /* 721 */, + 0x0A1D73DB22540456LL /* 722 */, 0x04B6A0F9D9C4179ALL /* 723 */, + 0xEFFDAFA2AE3D3C60LL /* 724 */, 0xF7C8075BB49496C4LL /* 725 */, + 0x9CC5C7141D1CD4E3LL /* 726 */, 0x78BD1638218E5534LL /* 727 */, + 0xB2F11568F850246ALL /* 728 */, 0xEDFABCFA9502BC29LL /* 729 */, + 0x796CE5F2DA23051BLL /* 730 */, 0xAAE128B0DC93537CLL /* 731 */, + 0x3A493DA0EE4B29AELL /* 732 */, 0xB5DF6B2C416895D7LL /* 733 */, + 0xFCABBD25122D7F37LL /* 734 */, 0x70810B58105DC4B1LL /* 735 */, + 0xE10FDD37F7882A90LL /* 736 */, 0x524DCAB5518A3F5CLL /* 737 */, + 0x3C9E85878451255BLL /* 738 */, 0x4029828119BD34E2LL /* 739 */, + 0x74A05B6F5D3CECCBLL /* 740 */, 0xB610021542E13ECALL /* 741 */, + 0x0FF979D12F59E2ACLL /* 742 */, 0x6037DA27E4F9CC50LL /* 743 */, + 0x5E92975A0DF1847DLL /* 744 */, 0xD66DE190D3E623FELL /* 745 */, + 0x5032D6B87B568048LL /* 746 */, 0x9A36B7CE8235216ELL /* 747 */, + 0x80272A7A24F64B4ALL /* 748 */, 0x93EFED8B8C6916F7LL /* 749 */, + 0x37DDBFF44CCE1555LL /* 750 */, 0x4B95DB5D4B99BD25LL /* 751 */, + 0x92D3FDA169812FC0LL /* 752 */, 0xFB1A4A9A90660BB6LL /* 753 */, + 0x730C196946A4B9B2LL /* 754 */, 0x81E289AA7F49DA68LL /* 755 */, + 0x64669A0F83B1A05FLL /* 756 */, 0x27B3FF7D9644F48BLL /* 757 */, + 0xCC6B615C8DB675B3LL /* 758 */, 0x674F20B9BCEBBE95LL /* 759 */, + 0x6F31238275655982LL /* 760 */, 0x5AE488713E45CF05LL /* 761 */, + 0xBF619F9954C21157LL /* 762 */, 0xEABAC46040A8EAE9LL /* 763 */, + 0x454C6FE9F2C0C1CDLL /* 764 */, 0x419CF6496412691CLL /* 765 */, + 0xD3DC3BEF265B0F70LL /* 766 */, 0x6D0E60F5C3578A9ELL /* 767 */, + 0x5B0E608526323C55LL /* 768 */, 0x1A46C1A9FA1B59F5LL /* 769 */, + 0xA9E245A17C4C8FFALL /* 770 */, 0x65CA5159DB2955D7LL /* 771 */, + 0x05DB0A76CE35AFC2LL /* 772 */, 0x81EAC77EA9113D45LL /* 773 */, + 0x528EF88AB6AC0A0DLL /* 774 */, 0xA09EA253597BE3FFLL /* 775 */, + 0x430DDFB3AC48CD56LL /* 776 */, 0xC4B3A67AF45CE46FLL /* 777 */, + 0x4ECECFD8FBE2D05ELL /* 778 */, 0x3EF56F10B39935F0LL /* 779 */, + 0x0B22D6829CD619C6LL /* 780 */, 0x17FD460A74DF2069LL /* 781 */, + 0x6CF8CC8E8510ED40LL /* 782 */, 0xD6C824BF3A6ECAA7LL /* 783 */, + 0x61243D581A817049LL /* 784 */, 0x048BACB6BBC163A2LL /* 785 */, + 0xD9A38AC27D44CC32LL /* 786 */, 0x7FDDFF5BAAF410ABLL /* 787 */, + 0xAD6D495AA804824BLL /* 788 */, 0xE1A6A74F2D8C9F94LL /* 789 */, + 0xD4F7851235DEE8E3LL /* 790 */, 0xFD4B7F886540D893LL /* 791 */, + 0x247C20042AA4BFDALL /* 792 */, 0x096EA1C517D1327CLL /* 793 */, + 0xD56966B4361A6685LL /* 794 */, 0x277DA5C31221057DLL /* 795 */, + 0x94D59893A43ACFF7LL /* 796 */, 0x64F0C51CCDC02281LL /* 797 */, + 0x3D33BCC4FF6189DBLL /* 798 */, 0xE005CB184CE66AF1LL /* 799 */, + 0xFF5CCD1D1DB99BEALL /* 800 */, 0xB0B854A7FE42980FLL /* 801 */, + 0x7BD46A6A718D4B9FLL /* 802 */, 0xD10FA8CC22A5FD8CLL /* 803 */, + 0xD31484952BE4BD31LL /* 804 */, 0xC7FA975FCB243847LL /* 805 */, + 0x4886ED1E5846C407LL /* 806 */, 0x28CDDB791EB70B04LL /* 807 */, + 0xC2B00BE2F573417FLL /* 808 */, 0x5C9590452180F877LL /* 809 */, + 0x7A6BDDFFF370EB00LL /* 810 */, 0xCE509E38D6D9D6A4LL /* 811 */, + 0xEBEB0F00647FA702LL /* 812 */, 0x1DCC06CF76606F06LL /* 813 */, + 0xE4D9F28BA286FF0ALL /* 814 */, 0xD85A305DC918C262LL /* 815 */, + 0x475B1D8732225F54LL /* 816 */, 0x2D4FB51668CCB5FELL /* 817 */, + 0xA679B9D9D72BBA20LL /* 818 */, 0x53841C0D912D43A5LL /* 819 */, + 0x3B7EAA48BF12A4E8LL /* 820 */, 0x781E0E47F22F1DDFLL /* 821 */, + 0xEFF20CE60AB50973LL /* 822 */, 0x20D261D19DFFB742LL /* 823 */, + 0x16A12B03062A2E39LL /* 824 */, 0x1960EB2239650495LL /* 825 */, + 0x251C16FED50EB8B8LL /* 826 */, 0x9AC0C330F826016ELL /* 827 */, + 0xED152665953E7671LL /* 828 */, 0x02D63194A6369570LL /* 829 */, + 0x5074F08394B1C987LL /* 830 */, 0x70BA598C90B25CE1LL /* 831 */, + 0x794A15810B9742F6LL /* 832 */, 0x0D5925E9FCAF8C6CLL /* 833 */, + 0x3067716CD868744ELL /* 834 */, 0x910AB077E8D7731BLL /* 835 */, + 0x6A61BBDB5AC42F61LL /* 836 */, 0x93513EFBF0851567LL /* 837 */, + 0xF494724B9E83E9D5LL /* 838 */, 0xE887E1985C09648DLL /* 839 */, + 0x34B1D3C675370CFDLL /* 840 */, 0xDC35E433BC0D255DLL /* 841 */, + 0xD0AAB84234131BE0LL /* 842 */, 0x08042A50B48B7EAFLL /* 843 */, + 0x9997C4EE44A3AB35LL /* 844 */, 0x829A7B49201799D0LL /* 845 */, + 0x263B8307B7C54441LL /* 846 */, 0x752F95F4FD6A6CA6LL /* 847 */, + 0x927217402C08C6E5LL /* 848 */, 0x2A8AB754A795D9EELL /* 849 */, + 0xA442F7552F72943DLL /* 850 */, 0x2C31334E19781208LL /* 851 */, + 0x4FA98D7CEAEE6291LL /* 852 */, 0x55C3862F665DB309LL /* 853 */, + 0xBD0610175D53B1F3LL /* 854 */, 0x46FE6CB840413F27LL /* 855 */, + 0x3FE03792DF0CFA59LL /* 856 */, 0xCFE700372EB85E8FLL /* 857 */, + 0xA7BE29E7ADBCE118LL /* 858 */, 0xE544EE5CDE8431DDLL /* 859 */, + 0x8A781B1B41F1873ELL /* 860 */, 0xA5C94C78A0D2F0E7LL /* 861 */, + 0x39412E2877B60728LL /* 862 */, 0xA1265EF3AFC9A62CLL /* 863 */, + 0xBCC2770C6A2506C5LL /* 864 */, 0x3AB66DD5DCE1CE12LL /* 865 */, + 0xE65499D04A675B37LL /* 866 */, 0x7D8F523481BFD216LL /* 867 */, + 0x0F6F64FCEC15F389LL /* 868 */, 0x74EFBE618B5B13C8LL /* 869 */, + 0xACDC82B714273E1DLL /* 870 */, 0xDD40BFE003199D17LL /* 871 */, + 0x37E99257E7E061F8LL /* 872 */, 0xFA52626904775AAALL /* 873 */, + 0x8BBBF63A463D56F9LL /* 874 */, 0xF0013F1543A26E64LL /* 875 */, + 0xA8307E9F879EC898LL /* 876 */, 0xCC4C27A4150177CCLL /* 877 */, + 0x1B432F2CCA1D3348LL /* 878 */, 0xDE1D1F8F9F6FA013LL /* 879 */, + 0x606602A047A7DDD6LL /* 880 */, 0xD237AB64CC1CB2C7LL /* 881 */, + 0x9B938E7225FCD1D3LL /* 882 */, 0xEC4E03708E0FF476LL /* 883 */, + 0xFEB2FBDA3D03C12DLL /* 884 */, 0xAE0BCED2EE43889ALL /* 885 */, + 0x22CB8923EBFB4F43LL /* 886 */, 0x69360D013CF7396DLL /* 887 */, + 0x855E3602D2D4E022LL /* 888 */, 0x073805BAD01F784CLL /* 889 */, + 0x33E17A133852F546LL /* 890 */, 0xDF4874058AC7B638LL /* 891 */, + 0xBA92B29C678AA14ALL /* 892 */, 0x0CE89FC76CFAADCDLL /* 893 */, + 0x5F9D4E0908339E34LL /* 894 */, 0xF1AFE9291F5923B9LL /* 895 */, + 0x6E3480F60F4A265FLL /* 896 */, 0xEEBF3A2AB29B841CLL /* 897 */, + 0xE21938A88F91B4ADLL /* 898 */, 0x57DFEFF845C6D3C3LL /* 899 */, + 0x2F006B0BF62CAAF2LL /* 900 */, 0x62F479EF6F75EE78LL /* 901 */, + 0x11A55AD41C8916A9LL /* 902 */, 0xF229D29084FED453LL /* 903 */, + 0x42F1C27B16B000E6LL /* 904 */, 0x2B1F76749823C074LL /* 905 */, + 0x4B76ECA3C2745360LL /* 906 */, 0x8C98F463B91691BDLL /* 907 */, + 0x14BCC93CF1ADE66ALL /* 908 */, 0x8885213E6D458397LL /* 909 */, + 0x8E177DF0274D4711LL /* 910 */, 0xB49B73B5503F2951LL /* 911 */, + 0x10168168C3F96B6BLL /* 912 */, 0x0E3D963B63CAB0AELL /* 913 */, + 0x8DFC4B5655A1DB14LL /* 914 */, 0xF789F1356E14DE5CLL /* 915 */, + 0x683E68AF4E51DAC1LL /* 916 */, 0xC9A84F9D8D4B0FD9LL /* 917 */, + 0x3691E03F52A0F9D1LL /* 918 */, 0x5ED86E46E1878E80LL /* 919 */, + 0x3C711A0E99D07150LL /* 920 */, 0x5A0865B20C4E9310LL /* 921 */, + 0x56FBFC1FE4F0682ELL /* 922 */, 0xEA8D5DE3105EDF9BLL /* 923 */, + 0x71ABFDB12379187ALL /* 924 */, 0x2EB99DE1BEE77B9CLL /* 925 */, + 0x21ECC0EA33CF4523LL /* 926 */, 0x59A4D7521805C7A1LL /* 927 */, + 0x3896F5EB56AE7C72LL /* 928 */, 0xAA638F3DB18F75DCLL /* 929 */, + 0x9F39358DABE9808ELL /* 930 */, 0xB7DEFA91C00B72ACLL /* 931 */, + 0x6B5541FD62492D92LL /* 932 */, 0x6DC6DEE8F92E4D5BLL /* 933 */, + 0x353F57ABC4BEEA7ELL /* 934 */, 0x735769D6DA5690CELL /* 935 */, + 0x0A234AA642391484LL /* 936 */, 0xF6F9508028F80D9DLL /* 937 */, + 0xB8E319A27AB3F215LL /* 938 */, 0x31AD9C1151341A4DLL /* 939 */, + 0x773C22A57BEF5805LL /* 940 */, 0x45C7561A07968633LL /* 941 */, + 0xF913DA9E249DBE36LL /* 942 */, 0xDA652D9B78A64C68LL /* 943 */, + 0x4C27A97F3BC334EFLL /* 944 */, 0x76621220E66B17F4LL /* 945 */, + 0x967743899ACD7D0BLL /* 946 */, 0xF3EE5BCAE0ED6782LL /* 947 */, + 0x409F753600C879FCLL /* 948 */, 0x06D09A39B5926DB6LL /* 949 */, + 0x6F83AEB0317AC588LL /* 950 */, 0x01E6CA4A86381F21LL /* 951 */, + 0x66FF3462D19F3025LL /* 952 */, 0x72207C24DDFD3BFBLL /* 953 */, + 0x4AF6B6D3E2ECE2EBLL /* 954 */, 0x9C994DBEC7EA08DELL /* 955 */, + 0x49ACE597B09A8BC4LL /* 956 */, 0xB38C4766CF0797BALL /* 957 */, + 0x131B9373C57C2A75LL /* 958 */, 0xB1822CCE61931E58LL /* 959 */, + 0x9D7555B909BA1C0CLL /* 960 */, 0x127FAFDD937D11D2LL /* 961 */, + 0x29DA3BADC66D92E4LL /* 962 */, 0xA2C1D57154C2ECBCLL /* 963 */, + 0x58C5134D82F6FE24LL /* 964 */, 0x1C3AE3515B62274FLL /* 965 */, + 0xE907C82E01CB8126LL /* 966 */, 0xF8ED091913E37FCBLL /* 967 */, + 0x3249D8F9C80046C9LL /* 968 */, 0x80CF9BEDE388FB63LL /* 969 */, + 0x1881539A116CF19ELL /* 970 */, 0x5103F3F76BD52457LL /* 971 */, + 0x15B7E6F5AE47F7A8LL /* 972 */, 0xDBD7C6DED47E9CCFLL /* 973 */, + 0x44E55C410228BB1ALL /* 974 */, 0xB647D4255EDB4E99LL /* 975 */, + 0x5D11882BB8AAFC30LL /* 976 */, 0xF5098BBB29D3212ALL /* 977 */, + 0x8FB5EA14E90296B3LL /* 978 */, 0x677B942157DD025ALL /* 979 */, + 0xFB58E7C0A390ACB5LL /* 980 */, 0x89D3674C83BD4A01LL /* 981 */, + 0x9E2DA4DF4BF3B93BLL /* 982 */, 0xFCC41E328CAB4829LL /* 983 */, + 0x03F38C96BA582C52LL /* 984 */, 0xCAD1BDBD7FD85DB2LL /* 985 */, + 0xBBB442C16082AE83LL /* 986 */, 0xB95FE86BA5DA9AB0LL /* 987 */, + 0xB22E04673771A93FLL /* 988 */, 0x845358C9493152D8LL /* 989 */, + 0xBE2A488697B4541ELL /* 990 */, 0x95A2DC2DD38E6966LL /* 991 */, + 0xC02C11AC923C852BLL /* 992 */, 0x2388B1990DF2A87BLL /* 993 */, + 0x7C8008FA1B4F37BELL /* 994 */, 0x1F70D0C84D54E503LL /* 995 */, + 0x5490ADEC7ECE57D4LL /* 996 */, 0x002B3C27D9063A3ALL /* 997 */, + 0x7EAEA3848030A2BFLL /* 998 */, 0xC602326DED2003C0LL /* 999 */, + 0x83A7287D69A94086LL /* 1000 */, 0xC57A5FCB30F57A8ALL /* 1001 */, + 0xB56844E479EBE779LL /* 1002 */, 0xA373B40F05DCBCE9LL /* 1003 */, + 0xD71A786E88570EE2LL /* 1004 */, 0x879CBACDBDE8F6A0LL /* 1005 */, + 0x976AD1BCC164A32FLL /* 1006 */, 0xAB21E25E9666D78BLL /* 1007 */, + 0x901063AAE5E5C33CLL /* 1008 */, 0x9818B34448698D90LL /* 1009 */, + 0xE36487AE3E1E8ABBLL /* 1010 */, 0xAFBDF931893BDCB4LL /* 1011 */, + 0x6345A0DC5FBBD519LL /* 1012 */, 0x8628FE269B9465CALL /* 1013 */, + 0x1E5D01603F9C51ECLL /* 1014 */, 0x4DE44006A15049B7LL /* 1015 */, + 0xBF6C70E5F776CBB1LL /* 1016 */, 0x411218F2EF552BEDLL /* 1017 */, + 0xCB0C0708705A36A3LL /* 1018 */, 0xE74D14754F986044LL /* 1019 */, + 0xCD56D9430EA8280ELL /* 1020 */, 0xC12591D7535F5065LL /* 1021 */, + 0xC83223F1720AEF96LL /* 1022 */, 0xC3A0396F7363A51FLL /* 1023 */}; + +#else + +void dummy_2_64 (int a) +{ + (void) a; + return; +} + +#endif Index: /tags/2.5.0/src/sh_tools.c =================================================================== --- /tags/2.5.0/src/sh_tools.c (revision 189) +++ /tags/2.5.0/src/sh_tools.c (revision 189) @@ -0,0 +1,1742 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999, 2000 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + + +#include +#include +#include +#include + +/* Must be early on FreeBSD + */ +#include + +#ifdef HAVE_MEMORY_H +#include +#endif + +#ifdef HAVE_SYS_SELECT_H +#include +#endif + +#ifdef HAVE_UNISTD_H +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#endif + +#include + +#ifdef HOST_IS_HPUX +#define _XOPEN_SOURCE_EXTENDED +#endif +#include +#include +#include + +#ifndef FD_SET +#define NFDBITS 32 +#define FD_SET(n, p) ((p)->fds_bits[(n)/NFDBITS] |= (1 << ((n) % NFDBITS))) +#define FD_CLR(n, p) ((p)->fds_bits[(n)/NFDBITS] &= ~(1 << ((n) % NFDBITS))) +#define FD_ISSET(n, p) ((p)->fds_bits[(n)/NFDBITS] & (1 << ((n) % NFDBITS))) +#endif /* !FD_SET */ +#ifndef FD_SETSIZE +#define FD_SETSIZE 32 +#endif +#ifndef FD_ZERO +#define FD_ZERO(p) memset((char *)(p), '\0', sizeof(*(p))) +#endif + + +#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) +#include +#endif + +#define SH_REAL_SET + +#include "samhain.h" +#include "sh_mem.h" +#include "sh_error.h" +#include "sh_tools.h" +#include "sh_utils.h" +#include "sh_tiger.h" +#define SH_NEED_GETHOSTBYXXX +#include "sh_static.h" +#include "sh_pthread.h" + +#undef FIL__ +#define FIL__ _("sh_tools.c") + +#ifdef SH_ENCRYPT +#include "rijndael-api-fst.h" +char * errorExplain (int err_num, char * buffer, size_t len) +{ + char * p; + + if (err_num == BAD_KEY_DIR) + p = (_("Key direction is invalid")); + else if (err_num == BAD_KEY_MAT) + p = (_("Key material not of correct length")); + else if (err_num == BAD_KEY_INSTANCE) + p = (_("Key passed is not valid")); + else if (err_num == BAD_CIPHER_MODE) + p = (_("Params struct passed to cipherInit invalid")); + else if (err_num == BAD_CIPHER_STATE) + p = (_("Cipher in wrong state")); + else if (err_num == BAD_BLOCK_LENGTH) + p = (_("Bad block length")); + else if (err_num == BAD_CIPHER_INSTANCE) + p = (_("Bad cipher instance")); + else if (err_num == BAD_DATA) + p = (_("Data contents are invalid")); + else + p = (_("Unknown error")); + sl_strlcpy (buffer, p, len); + return buffer; +} + +#endif + +/* --- recode all \blah escapes to '=XX' format, and also code all + * remaining unprintable chars --- + */ +#define SH_PUT_4(p, a, b, c) (p)[0] = (a); (p)[1] = (b); (p)[2] = (c); + +char * sh_tools_safe_name (const char * instr, int flag) +{ + unsigned char c, d; + const char * p; + char tmp[4]; + char * outstr; + size_t len = 1; + int i = 0; + unsigned char val_octal = '\0'; + static char ctable[16] = { '0', '1', '2', '3', '4', '5', '6', '7', + '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; + + SL_ENTER(_("sh_tools_safe_name")); + + if (instr) + { + len = strlen(instr); + if (sl_ok_muls (3, len) && sl_ok_adds ((3*len), 4)) + { + len = (3 * len) + 4; + p = instr; + } + else + { + len = 1; + p = NULL; + } + } + else + { + p = NULL; + } + + outstr = SH_ALLOC(len); + + outstr[0] = '\0'; + tmp[3] = '\0'; + +#if !defined(SH_USE_XML) + (void) flag; /* fix compiler warning */ +#endif + + if (!p) + goto end; + + while (*p) + { + c = *p; + + if (*p == '\n') + { + outstr[i] = ' '; ++i; ++p; + continue; + } + +#ifdef SH_USE_XML + if (flag == 1) + { + if ((*p) == '"') + { + SH_PUT_4(&outstr[i], '=', '2', '2'); + i+=3; ++p; + continue; + } + else if ((*p) == '&') + { + SH_PUT_4(&outstr[i], '=', '2', '6'); + i+=3; ++p; + continue; + } + else if ((*p) == '<') + { /* left angle */ + SH_PUT_4(&outstr[i], '=', '3', 'c'); + i+=3; ++p; + continue; + } + else if ((*p) == '>') + { /* right angle */ + SH_PUT_4(&outstr[i], '=', '3', 'e'); + i+=3; ++p; + continue; + } + } +#endif + + if ( (*p) != '\\' && (*p) != '&' && (*p) != '=' && (*p) != '\'') + { + outstr[i] = *p; ++i; + ++p; + + if (c < 32 || c > 126) + { + --i; + d = c % 16; c = c / 16; + outstr[i] = '='; ++i; + outstr[i] = ctable[c]; ++i; + outstr[i] = ctable[d]; ++i; + } + + continue; + } + else if ((*p) == '\'') + { + SH_PUT_4(&outstr[i], '=', '2', '7'); + i+=3; ++p; + } + else if (*p == '=') + { + if (p[1] != '"' && p[1] != '<') + { + SH_PUT_4(&outstr[i], '=', '3', 'd'); + i+=3; ++p; + } + else + { outstr[i] = *p; ++i; ++p; } + } + else if (*p == '\\') + { + ++p; + if (!p) + break; + if (!(*p)) + break; + + c = *p; + + switch (*p) { + case '\\': + SH_PUT_4(&outstr[i], '=', '5', 'c'); + i+=3; ++p; + break; + case 'n': + SH_PUT_4(&outstr[i], '=', '0', 'a'); + i+=3; ++p; + break; + case 'b': + SH_PUT_4(&outstr[i], '=', '0', '8'); + i+=3; ++p; + break; + case 'r': + SH_PUT_4(&outstr[i], '=', '0', 'd'); + i+=3; ++p; + break; + case 't': + SH_PUT_4(&outstr[i], '=', '0', '9'); + i+=3; ++p; + break; + case 'v': + SH_PUT_4(&outstr[i], '=', '0', 'b'); + i+=3; ++p; + break; + case 'f': + SH_PUT_4(&outstr[i], '=', '0', 'c'); + i+=3; ++p; + break; + case '\'': + SH_PUT_4(&outstr[i], '=', '2', '7'); + i+=3; ++p; + break; + case '"': /* also encode quoted '"' */ + SH_PUT_4(&outstr[i], '=', '2', '2'); + i+=3; ++p; + break; + case ' ': + SH_PUT_4(&outstr[i], '=', '2', '0'); + i+=3; ++p; + break; + default: + if (strlen(p) < 3) /* certainly not an octal number, skip */ + { + p += strlen(p); + } + else + { + tmp[0] = p[0]; tmp[1] = p[1]; tmp[2] = p[2]; + val_octal = (unsigned char) strtoul(tmp, (char **)NULL, 8); + if (val_octal != '\0') { + c = val_octal; + d = c % 16; c = c / 16; + outstr[i] = '='; ++i; + outstr[i] = ctable[c]; ++i; + outstr[i] = ctable[d]; ++i; + } + p += 3; + } + } + } + else if (*p == '&') + { + ++p; + if (!p || !(*p)) + { + outstr[i] = '&'; ++i; + break; + } + + if (p[0] == 'a' && p[1] == 'm' && p[2] == 'p' && p[3] == ';') + { + SH_PUT_4(&outstr[i], '=', '2', '6'); + i+=3; p += 4; + } + else if (p[0] == 'q' && p[1] == 'u' && p[2] == 'o' && p[3] == 't' && + p[4] == ';') + { + SH_PUT_4(&outstr[i], '=', '2', '2'); + i+=3; p += 5; + } + else if (p[0] == 'l' && p[1] == 't' && p[2] == ';') + { + SH_PUT_4(&outstr[i], '=', '3', 'c'); + i+=3; p += 3; + } + else if (p[0] == 'g' && p[1] == 't' && p[2] == ';') + { + SH_PUT_4(&outstr[i], '=', '3', 'e'); + i+=3; p += 3; + } + else /* conserve the '&' */ + { + outstr[i] = '&'; ++i; + } + } + else + { + outstr[i] = *p; ++i; + ++p; + } + } /* while (p && *p) */ + + end: + + outstr[i] = '\0'; + SL_RETURN( outstr, _("sh_tools_safe_name")); +} + + +/* extern int h_errno; */ + +char * sh_tools_errmessage (int tellme, char * errbuf, size_t len) +{ + char * p = NULL; +#ifdef HOST_NOT_FOUND + if (tellme == HOST_NOT_FOUND) + p = _("The specified host is unknown: "); +#endif +#ifdef NO_ADDRESS + if (tellme == NO_ADDRESS) + p = _("The requested name is valid but does not have an IP address: "); +#endif +#ifdef NO_RECOVERY + if (tellme == NO_RECOVERY) + p = _("A non-recoverable name server error occurred: "); +#endif +#ifdef TRY_AGAIN + if (tellme == TRY_AGAIN) + p = _("A temporary error occurred on an authoritative name server. The specified host is unknown: "); +#endif + if (!p) p = _("Unknown error"); + sl_strlcpy(errbuf, p, len); + return errbuf; +} + +int is_numeric (const char * address) +{ + int j; + int len = sl_strlen(address); + + for (j = 0; j < len; ++j) + if ( (address[j] < '0' || address[j] > '9') && address[j] != '.') + return (1 == 0); + return (1 == 1); +} + +#if defined (SH_WITH_SERVER) + +int get_open_max () +{ + int value; + +#ifdef _SC_OPEN_MAX + value = sysconf (_SC_OPEN_MAX); +#else +#ifdef OPEN_MAX + value = OPEN_MAX; +#else + value = _POSIX_OPEN_MAX; +#endif +#endif + + if (value < 0) + value = 8; /* POSIX lower limit */ + + if (value > 4096) + value = 4096; + + return value; +} + +#endif + +typedef struct _sin_cache { + char * address; + struct sockaddr_in sin; + struct _sin_cache * next; +} sin_cache; + +static sin_cache * conn_cache = NULL; +static int cached_addr = 0; + +void delete_cache() +{ + sin_cache * check_cache = conn_cache; + sin_cache * old_entry = conn_cache; + + SL_ENTER(_("delete_cache")); + + while (check_cache != NULL) + { + old_entry = check_cache; + check_cache = check_cache->next; + SH_FREE(old_entry->address); + SH_FREE(old_entry); + } + + cached_addr = 0; + + conn_cache = NULL; + SL_RET0(_("delete_cache")); +} + +int DoReverseLookup = S_TRUE; + +int set_reverse_lookup (const char * c) +{ + return sh_util_flagval(c, &DoReverseLookup); +} + +int connect_port (char * address, int port, + char * ecall, int * errnum, char * errmsg, int errsiz) +{ + struct in_addr haddr; /* host address from numeric */ + /* host details returned by the DNS */ + struct hostent *host_entry = NULL; + struct sockaddr_in sinr; /* socket to the remote host */ + + char * host_name; + + volatile int fd = (-1); + int status; + volatile int fail = 0; + int cached = 0; + + int retval; + char errbuf[SH_ERRBUF_SIZE]; + + sin_cache * check_cache = conn_cache; + + SL_ENTER(_("connect_port")); + + /* paranoia -- should not happen + */ + if (cached_addr > 128) + delete_cache(); + + if (check_cache != NULL) + { + while (check_cache && check_cache->address) + { + if ( 0 == sl_strncmp(check_cache->address, + address, sl_strlen(address))) + { + memcpy (&sinr, &(check_cache->sin), sizeof(struct sockaddr_in)); + sinr.sin_family = AF_INET; + sinr.sin_port = htons (port); + cached = 1; + break; + } + if (check_cache->next) + check_cache = check_cache->next; + else + check_cache = NULL; + } + } + + /* only use gethostbyname() if neccessary + */ + if (cached == 0) + { +#ifdef HAVE_INET_ATON + if (0 == inet_aton(address, &haddr)) +#else + if ((unsigned long)-1 == (haddr.s_addr = inet_addr(address))) +#endif + { + SH_MUTEX_LOCK(mutex_resolv); + + host_name = NULL; + + host_entry = sh_gethostbyname(address); + + if (host_entry == NULL || host_entry->h_addr == NULL) + { + sl_strlcpy(ecall, _("gethostbyname"), SH_MINIBUF); +#ifndef NO_H_ERRNO + *errnum = h_errno; +#else + *errnum = 666; +#endif + (void) sh_tools_errmessage (*errnum, errmsg, errsiz); + sl_strlcat(errmsg, address, errsiz); + fail = (-1); + } + else + { + sinr.sin_family = AF_INET; + sinr.sin_port = htons (port); + sinr.sin_addr = *(struct in_addr *) host_entry->h_addr; + + + /* reverse DNS lookup + */ + if (DoReverseLookup == S_TRUE) + { + if (host_entry->h_name == NULL) + { + host_name = SH_ALLOC(1); + host_name[0] = '\0'; + } + else + { + host_name = sh_util_strdup(host_entry->h_name); + } + + host_entry = sh_gethostbyaddr ((char *) &sinr.sin_addr, + sizeof(struct in_addr), + AF_INET); + if (host_entry == NULL || host_entry->h_name == NULL) + { + sl_strlcpy(ecall, _("gethostbyaddr"), SH_MINIBUF); +#ifndef NO_H_ERRNO + *errnum = h_errno; +#else + *errnum = 666; +#endif + (void) sh_tools_errmessage (*errnum, errmsg, errsiz); + sl_strlcat(errmsg, + inet_ntoa (*(struct in_addr *) &(sinr.sin_addr)), + errsiz); + fail = (-1); + } + else + { + *errnum = 0; + if (sl_strlen(host_entry->h_name) == 0 || + (*errnum = sl_strcasecmp(host_name,host_entry->h_name)) != 0) + { + if (*errnum) + sl_strlcpy(ecall, _("strcmp"), SH_MINIBUF); + else + sl_strlcpy(ecall, _("strlen"), SH_MINIBUF); + sl_strlcpy(errmsg, _("Reverse lookup failed: "), + errsiz); + sl_strlcat(errmsg, address, errsiz); + sl_strlcat(errmsg, _(" vs "), errsiz); + sl_strlcat(errmsg, + inet_ntoa (*(struct in_addr *) &(sinr.sin_addr)), + errsiz); + fail = -1; + } + } + } + } + SH_MUTEX_UNLOCK(mutex_resolv); + if (host_name) SH_FREE(host_name); + } + + else /* address was numeric */ + { + sinr.sin_family = AF_INET; + sinr.sin_port = htons (port); + sinr.sin_addr = haddr; + } + + + if (fail != -1) + { + /* put it into the cache + */ + check_cache = SH_ALLOC(sizeof(sin_cache)); + check_cache->address = SH_ALLOC(sl_strlen(address) + 1); + sl_strlcpy (check_cache->address, address, sl_strlen(address) + 1); + memcpy(&(check_cache->sin), &sinr, sizeof(struct sockaddr_in)); + ++cached_addr; + + if (conn_cache) + { + if (conn_cache->next) + check_cache->next = conn_cache->next; + else + check_cache->next = NULL; + conn_cache->next = check_cache; + } + else + { + check_cache->next = NULL; + conn_cache = check_cache; + } + } + } + + + if (fail != (-1)) + { + fd = socket(AF_INET, SOCK_STREAM, 0); + if (fd < 0) { + fail = (-1); + status = errno; + sl_strlcpy(ecall, _("socket"), SH_MINIBUF); + *errnum = status; + sl_strlcpy(errmsg, sh_error_message (status, errbuf, sizeof(errbuf)), errsiz); + sl_strlcat(errmsg, _(", address "), errsiz); + sl_strlcat(errmsg, address, errsiz); + } + } + + if (fail != (-1)) { + + if ( retry_connect(FIL__, __LINE__, fd, + (struct sockaddr *) &sinr, sizeof(sinr)) < 0) + { + status = errno; + sl_strlcpy(ecall, _("connect"), SH_MINIBUF); + *errnum = status; + sl_strlcpy(errmsg, sh_error_message (status, errbuf, sizeof(errbuf)), errsiz); + sl_strlcat(errmsg, _(", address "), errsiz); + sl_strlcat(errmsg, address, errsiz); + close(fd); + fail = (-1); + } + } + + retval = (fail < 0) ? (-1) : fd; + SL_RETURN(retval, _("connect_port")); +} + +int connect_port_2 (char * address1, char * address2, int port, + char * ecall, int * errnum, char * errmsg, int errsiz) +{ + int retval = (-1); + + SL_ENTER(_("connect_port_2")); + + errmsg[0] = '\0'; + *errnum = 0; + + if (address1 != NULL && address1[0] != '\0') + retval = connect_port (address1, port, + ecall, errnum, + errmsg, errsiz); + + if (retval < 0 && address2 != NULL && address2[0] != '\0') + { + /* can't use sh_error_handle here, as this would cause an infinite + * loop if called from sh_unix_time + */ + TPT(( 0, FIL__, __LINE__, _("msg=\n"), + address2)); + retval = connect_port (address2, port, + ecall, errnum, + errmsg, errsiz); + } + + if ((retval < 0) && + (address1 == NULL || address1[0] == '\0') && + (address1 == NULL || address1[0] == '\0')) + { + sl_strlcpy(ecall, _("connect_port_2"), SH_MINIBUF); + sl_strlcpy(errmsg, _("No server address known"), errsiz); + } + SL_RETURN(retval, _("connect_port_2")); + /* return retval; */ +} + +#if defined(HAVE_NTIME) || defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) +static +int sh_write_select(int type, int sockfd, + char *buf, int nbytes, + int * w_error, int timeout) +{ + int countbytes, count; + fd_set fds; + struct timeval tv; + int select_now; + int num_sel; + + struct sigaction new_act; + struct sigaction old_act; + char errbuf[SH_ERRBUF_SIZE]; + + SL_ENTER(_("sh_write_select")); + + /* ignore SIGPIPE (instead get EPIPE if connection is closed) + */ + new_act.sa_handler = SIG_IGN; + sigemptyset( &new_act.sa_mask ); /* set an empty mask */ + new_act.sa_flags = 0; /* init sa_flags */ + sigaction (SIGPIPE, &new_act, &old_act); + + FD_ZERO(&fds); + FD_SET(sockfd, &fds); + + countbytes = 0; + tv.tv_sec = 1; + tv.tv_usec = 0; + select_now = 0; + + *w_error = 0; + + while ( countbytes < nbytes ) { + + FD_ZERO(&fds); + FD_SET(sockfd, &fds); + + if (type == SH_DO_WRITE) + { + if ( (num_sel = select (sockfd+1, NULL, &fds, NULL, &tv)) == -1) + { + if (sig_raised == 1) + { + sig_raised = 2; + continue; + } + if ( errno == EINTR || errno == EINPROGRESS ) /* try again */ + continue; + *w_error = errno; + sigaction (SIGPIPE, &old_act, NULL); + sh_error_message(*w_error, errbuf, sizeof(errbuf)); + sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, errno, MSG_E_SUBGEN, + errbuf, + _("sh_write_select (ws)") ); + TPT(( 0, FIL__, __LINE__, _("msg=\n"), errbuf )); + SL_RETURN( countbytes, _("sh_write_select")); + } + } + else + { + if ( (num_sel = select (sockfd+1, &fds, NULL, NULL, &tv)) == -1) + { + if (sig_raised == 1) + { + sig_raised = 2; + continue; + } + if ( errno == EINTR || errno == EINPROGRESS ) /* try again */ + continue; + *w_error = errno; + sigaction (SIGPIPE, &old_act, NULL); + sh_error_message(*w_error, errbuf, sizeof(errbuf)); + sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, errno, MSG_E_SUBGEN, + errbuf, + _("sh_write_select (rs)") ); + TPT(( 0, FIL__, __LINE__, _("msg=\n"), errbuf )); + SL_RETURN( countbytes, _("sh_write_select")); + } + } + + /* on Linux, timeout is modified to reflect the amount of + * time not slept + */ + tv.tv_sec = 1; + tv.tv_usec = 0; + + + /* let's not hang on forever + */ + if (num_sel == 0) + { + ++select_now; /* timeout */ + if ( select_now > timeout ) /* 5 minutes */ + { +#ifdef ETIMEDOUT + *w_error = ETIMEDOUT; +#else + *w_error = 0; +#endif + sigaction (SIGPIPE, &old_act, NULL); + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + SL_RETURN( countbytes, _("sh_write_select")); + } + } + + if ( FD_ISSET (sockfd, &fds) ) + { + if (type == SH_DO_WRITE) + count = write (sockfd, buf, nbytes-countbytes); + else + count = read (sockfd, buf, nbytes-countbytes); + + if (count > 0) + { + countbytes += count; + buf += count; /* move buffer pointer forward */ + if (countbytes < nbytes) FD_SET( sockfd, &fds ); + } + else if (count < 0 && errno == EINTR) + { + FD_SET( sockfd, &fds ); + } + else if (count < 0) + { + *w_error = errno; + sigaction (SIGPIPE, &old_act, NULL); + sh_error_message(*w_error, errbuf, sizeof(errbuf)); + sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, errno, MSG_E_SUBGEN, + errbuf, + (type == SH_DO_WRITE) ? + _("sh_write_select (w)") : _("sh_write_select (r)")); + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + SL_RETURN( countbytes, _("sh_write_select")); + } + else /* count == 0 */ + { + *w_error = errno; + sigaction (SIGPIPE, &old_act, NULL); + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + SL_RETURN( countbytes, _("sh_write_select")); + } + } + } + + + /* restore signal handler + */ + sigaction (SIGPIPE, &old_act, NULL); + + *w_error = 0; + + TPT(( 0, FIL__, __LINE__, _("msg=\n"), countbytes)); + SL_RETURN( countbytes, _("sh_write_select")); +} +#endif + +#if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER) +unsigned long write_port (int sockfd, char *buf, unsigned long nbytes, + int * w_error, int timeout) +{ + unsigned long bytes; + + SL_ENTER(_("write_port")); + + bytes = sh_write_select(SH_DO_WRITE, sockfd, buf, nbytes, w_error, timeout); + if (*w_error != 0) + { + char errbuf[SH_ERRBUF_SIZE]; + sh_error_handle((-1), FIL__, __LINE__, *w_error, MSG_TCP_NETRP, + sh_error_message (*w_error, errbuf, sizeof(errbuf)), + (long) sockfd, _("write_port")); + } + SL_RETURN( bytes, _("write_port")); +} +#endif + +#if defined(HAVE_NTIME) || defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) + +unsigned long read_port (int sockfd, char *buf, unsigned long nbytes, + int * w_error, int timeout) +{ + unsigned long bytes; + + SL_ENTER(_("read_port")); + + bytes = sh_write_select(SH_DO_READ, sockfd, buf, nbytes, w_error, timeout); + if (*w_error != 0) + { + char errbuf[SH_ERRBUF_SIZE]; + sh_error_handle((-1), FIL__, __LINE__, *w_error, MSG_TCP_NETRP, + sh_error_message (*w_error, errbuf, sizeof(errbuf)), + (long) sockfd, _("read_port")); + } + SL_RETURN( bytes, _("read_port")); +} +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) + +int check_request_nerr (char * have, char * need) +{ + SL_ENTER(_("check_request_nerr")); + ASSERT_RET((have != NULL && need != NULL), + _("have != NULL && need != NULL"), (-1)) + + if ( (have[0] == need[0]) && (have[1] == need[1]) && + (have[2] == need[2]) && (have[3] == need[3])) + SL_RETURN(0, _("check_request_nerr")); + SL_RETURN((-1), _("check_request_nerr")); +} +#endif + +#if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER) + +int check_request (char * have, char * need) +{ + char first[21], second[5]; + int i; + + SL_ENTER(_("check_request")); + i = check_request_nerr (have, need); + + if (i == 0) + SL_RETURN(0, _("check_request")); + + for (i = 0; i < 4; ++i) + { + second[i] = need[i]; + sprintf(&first[i*4], _("%c%03o"), /* known to fit */ + '\\', (unsigned char) have[i]); + } + + first[20] = '\0'; second[4] = '\0'; + + sh_error_handle((-1), FIL__, __LINE__, EINVAL, MSG_E_NETST, + second, first); + SL_RETURN((-1), _("check_request")); +} +#endif + +#if defined (SH_WITH_SERVER) + +int check_request_s (char * have, char * need, char * clt) +{ + char first[21], second[5]; + int i; + + SL_ENTER(_("check_request_s")); + i = check_request_nerr (have, need); + + if (i == 0) + SL_RETURN( (0), _("check_request_s")); + + for (i = 0; i < 4; ++i) + { + second[i] = need[i]; + sprintf(&first[i*4], _("%c%03o"), /* known to fit */ + '\\', (unsigned char) have[i]); + } + first[20] = '\0'; second[4] = '\0'; + sh_error_handle((-1), FIL__, __LINE__, EINVAL, MSG_E_NETST1, + second, first, clt); + SL_RETURN( (-1), _("check_request_s")); +} +#endif + +#if defined (SH_WITH_CLIENT) || defined (SH_WITH_SERVER) + +void get_header (unsigned char * head, unsigned long * bytes, char * u) +{ + SL_ENTER(_("get_header")); + + *bytes = + (256 * (unsigned int)head[1] + (unsigned int)head[2]); + + if (u != NULL) + { + u[0] = head[3]; + u[1] = head[4]; + u[2] = head[5]; + u[3] = head[6]; + u[4] = '\0'; + } + + SL_RET0(_("get_header")); +} +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) + +#ifdef SH_ENCRYPT_2 +#define TRANS_BYTES 65120 +#else +#define TRANS_BYTES 65280 +#endif + +void put_header (unsigned char * head, int protocol, + unsigned long * length, char * u) +{ + + /* static long transfer_limit = (8 * SH_BUFSIZE); V0.8 */ + static unsigned long transfer_limit = TRANS_BYTES + 6 + KEY_LEN; + + SL_ENTER(_("put_header")); + + head[0] = protocol; + + ASSERT((*length < transfer_limit), _("*length < transfer_limit")) + + if (*length > transfer_limit) + *length = transfer_limit; + + head[1] = (unsigned int)(*length/256); + head[2] = (unsigned int)(*length-256 * head[1]); + if (u == NULL) + { + head[3] = 0x01; + head[4] = 0x01; + head[5] = 0x01; + head[6] = 0x01; + } + else + { + head[3] = u[0]; + head[4] = u[1]; + head[5] = u[2]; + head[6] = u[3]; + } + + SL_RET0(_("put_header")); +} +#endif + +/* ------------------------------------------ + * + * version 2 client/server protocol + * + * ------------------------------------------ + * + * header : flag size[2] + * + * payload: random_pad[8] protocol[4] size[4] payload[payload_size] padding + * + * full_size <= 8192; payload_size <= 8176 (511*16); msg_size <= 8128 (508*16) + * (msg_size = payload_size - key_len = payload_size - 48) + */ + +/* + * only SH_V2_FULLSIZE is used, and only once + */ +#if 0 +#ifdef SH_WITH_SERVER +#define SH_V2_FULLSIZE 240 +#define SH_V2_PAYLOAD 224 +#define SH_V2_MESSAGE 176 +#else +#define SH_V2_FULLSIZE 1024 +#define SH_V2_PAYLOAD 1008 +#define SH_V2_MESSAGE 960 +#endif +#endif +#define SH_V2_FULLSIZE 1024 + +#ifdef SH_ENCRYPT +#include "rijndael-api-fst.h" +#endif + +void sh_tools_show_header (unsigned char * head, char sign) +{ +#define SH_IS_ASCII(c) (((c) & ~0x7f) == 0) + + + int msg_size = (256 * (unsigned int)head[1] + (unsigned int)head[2]); + char code[32]; + char * p = &code[0]; + + memset (code, ' ', 32); /* space */ + + if ((head[0] & SH_PROTO_SRP) != 0) { p[0]='S';p[1]='R';p[2]='P';} + p += 4; + if ((head[0] & SH_PROTO_MSG) != 0) { p[0]='M';p[1]='S';p[2]='G';} + p += 4; + if ((head[0] & SH_PROTO_BIG) != 0) { p[0]='B';p[1]='I';p[2]='G';} + p += 4; + if ((head[0] & SH_PROTO_END) != 0) { p[0]='E';p[1]='N';p[2]='D';} + p += 4; + if ((head[0] & SH_PROTO_ENC) != 0) { p[0]='E';p[1]='N';p[2]='C';} + p += 4; + if ((head[0] & SH_PROTO_EN2) != 0) { p[0]='E';p[1]='N';p[2]='2';} + code[23] = '\0'; + + if (SH_IS_ASCII(head[3]) && isalpha(head[3]) && + SH_IS_ASCII(head[4]) && isalpha(head[4]) && + SH_IS_ASCII(head[5]) && isalpha(head[5]) && + SH_IS_ASCII(head[6]) && isalpha(head[6])) { + fprintf(stderr, "%c %3o %s %5d %c %c %c %c\n", sign, + head[0], code, msg_size, head[3], head[4], head[5], head[6]); + } else { + fprintf(stderr, "%c %3o %s %5d %2X %2X %2X %2X\n", sign, + head[0], code, msg_size, head[3], head[4], head[5], head[6]); + } + return; +} + +#ifdef SH_ENCRYPT +/* + * #define DEBUG_EN2 + * + * ingest version 1 7-byte header and payload, return version2 header/payload + * last 4 bytes of outgoing header are set to dummy value + */ +char * sh_tools_makePack (unsigned char * header, + char * payload, unsigned long payload_size, + keyInstance * keyInstE) +{ + UINT32 rpad[3]; + unsigned char head[16]; + double epad; + unsigned long i_epad = 0; + unsigned long i_blk = payload_size / 16; + unsigned long i_blkmax = SH_V2_FULLSIZE / 16; + unsigned long pads = 0; + size_t full_size; + char * full_ret; + + char * p; + RIJ_BYTE inBlock[B_SIZ]; + RIJ_BYTE outBlock[B_SIZ]; + int j; + cipherInstance cipherInst; + int err_num; + int blkfac; + int oflow = 0; + + /* + SL_REQUIRE (i_blk*16 == payload_size, _("payload_size % 16 != 0")); + */ + if ((i_blk * 16) != payload_size) ++i_blk; +#ifdef DEBUG_EN2 + fprintf(stderr, "SEND <%d> blocks <%d>\n", payload_size, i_blk); +#endif + /* random_pad + */ + rpad[1] = taus_get (); + memcpy (head, &rpad[1], 4); + rpad[0] = taus_get (); + memcpy (&head[4], &rpad[0], 4); + rpad[2] = taus_get (); + memcpy (&head[8], &rpad[2], 4); + + /* protocol + */ + /* memcpy (&head[8], &header[3], 4); */ + + /* size (payload) + */ + head[12] = header[1]; + head[13] = header[2]; + head[14] = '\0'; + head[15] = '\0'; + + if (i_blk < i_blkmax) + { + pads = i_blkmax - i_blk; + /* memcpy((char *) &rpad[2], &head[12], 4); */ + epad = taus_get_double (&rpad); +#ifdef DEBUG_EN2 + fprintf(stderr, "PAD1 <%d> <%f>\n", pads, epad); +#endif + i_epad = (unsigned long) (pads * epad); +#ifdef DEBUG_EN2 + fprintf(stderr, "PAD2 <%d> <%d>\n", i_epad, (i_epad*16)); +#endif + } + + full_size = 16; /* head */ + if (sl_ok_muls(i_blk, 16) && sl_ok_adds(full_size, (i_blk*16))) + full_size = full_size + (i_blk*16); /* payload */ + else + oflow = 1; + if (sl_ok_adds(full_size, (i_epad*16))) + full_size = full_size + (i_epad*16); /* pad */ + else + i_epad = 0; + + if (oflow) + { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("integer overflow"), + _("sh_tools_makePack")); + } + + full_ret = SH_ALLOC(full_size); + memcpy(full_ret, head, 16); + if (payload != NULL && !oflow) + { + memcpy(&full_ret[16], payload, payload_size); + } + if ((i_blk*16) > payload_size && !oflow) + { +#ifdef DEBUG_EN2 + fprintf(stderr, "SEN2 <%d>\n", (i_blk*16) - payload_size); +#endif + memset(&full_ret[16+payload_size], '\0', (i_blk*16) - payload_size); + payload_size = i_blk * 16; + } + memset(&full_ret[16+payload_size], '\0', i_epad*16); +#ifdef DEBUG_EN2 + fprintf(stderr, "SEN3 <%d> <%d>\n", full_size, i_epad*16); +#endif + + /* rewrite header + */ + header[1] = (unsigned int)(full_size/256); + header[2] = (unsigned int)(full_size - (256 * header[1])); + /* don't erase protocol from header + memset(&header[3], '\0', 4); + */ + p = full_ret; blkfac = full_size / 16; + + err_num = cipherInit (&cipherInst, MODE_CBC, NULL); + + if (err_num < 0) + { + char expbuf[SH_ERRBUF_SIZE]; + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + errorExplain(err_num, expbuf, sizeof(expbuf)), + _("sh_tools_makePack: cipherInit")); + } + for (j = 0; j < blkfac; ++j) + { + memcpy(inBlock, p, B_SIZ); + err_num = blockEncrypt(&cipherInst, keyInstE, + inBlock, 128 * BNUM, outBlock); + if (err_num < 0) + { + char expbuf[SH_ERRBUF_SIZE]; + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + errorExplain(err_num, expbuf, sizeof(expbuf)), + _("sh_tools_makePack: blockEncrypt")); + } + memcpy(p, outBlock, B_SIZ); + p += B_SIZ; + } + + return full_ret; +} + +/* write a 7-byte header and return payload as expected by version 1 + * last 4 bytes of incoming header are dummy + */ +char * sh_tools_revertPack (unsigned char * header, char * message, + keyInstance * keyInstD, + unsigned long message_size) +{ + unsigned long msg_size; + char * msg_ret; + + char * p; + RIJ_BYTE inBlock[B_SIZ]; + RIJ_BYTE outBlock[B_SIZ]; + int j; + cipherInstance cipherInst; + int err_num; + int blkfac; + char expbuf[SH_ERRBUF_SIZE]; + + msg_size = (256 * (unsigned int)header[1] + (unsigned int)header[2]); +#ifdef DEBUG_EN2 + fprintf(stderr, "RECV <%lu>\n", msg_size); +#endif + if (msg_size > message_size) { + msg_size = message_size; +#ifdef DEBUG_EN2 + fprintf(stderr, "RECV TRUNC1 <%lu>\n", msg_size); +#endif + } + + p = message; blkfac = msg_size / 16; + + err_num = cipherInit (&cipherInst, MODE_CBC, NULL); + + if (err_num < 0) + { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + errorExplain(err_num, expbuf, sizeof(expbuf)), + _("sh_tools_revertPack: cipherInit")); + } + for (j = 0; j < blkfac; ++j) + { + memcpy(inBlock, p, B_SIZ); + err_num = blockDecrypt(&cipherInst, keyInstD, + inBlock, 128 * BNUM, outBlock); + if (err_num < 0) + { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + errorExplain(err_num, expbuf, sizeof(expbuf)), + _("sh_tools_revertPack: blockDecrypt")); + } + memcpy(p, outBlock, B_SIZ); + p += B_SIZ; + } + + /* rewrite size in header + */ + header[1] = message[12]; + header[2] = message[13]; + msg_size = (256 * (unsigned int)header[1] + (unsigned int)header[2]); + + if (msg_size > (message_size-16)) + { + msg_size = message_size-16; + header[1] = (unsigned int)(msg_size/256); + header[2] = (unsigned int)(msg_size - (256 * header[1])); +#ifdef DEBUG_EN2 + fprintf(stderr, "RECV TRUNC2 <%lu>\n", msg_size); +#endif + } +#ifdef DEBUG_EN2 + fprintf(stderr, "REC2 <%lu>\n", msg_size); +#endif + /* protocol + */ + /* memcpy(&header[3], &message[8], 4); */ + + /* payload + */ + msg_ret = SH_ALLOC(msg_size+1); + if (msg_size > 0) + { + memcpy(msg_ret, &message[16], msg_size); + } + msg_ret[msg_size] = '\0'; +#ifdef DEBUG_EN2 + fprintf(stderr, "REC3 <%lu>\n", msg_size); +#endif + SH_FREE(message); + + return msg_ret; +} +#endif + +int sh_tools_hash_add(char * key, char * buf, int buflen) +{ + char * theSig; + char sigbuf[KEYBUF_SIZE]; + + SL_ENTER(_("sh_tools_hash_add")); + + theSig = sh_util_siggen (key, buf, buflen, sigbuf, sizeof(sigbuf)); + sl_strlcat(buf, theSig, buflen + KEY_LEN + 1); + + SL_RETURN((0), _("sh_tools_hash_add")); +} + + +/* return 0 (== FALSE) if no match, else 1 (== TRUE) + */ +int sh_tools_hash_vfy(char * key, char * buf, int buflen) +{ + char hash[KEY_LEN+1]; + register int i; + char * theSig; + char sigbuf[KEYBUF_SIZE]; + + SL_ENTER(_("sh_tools_hash_vfy")); + + theSig = sh_util_siggen (key, buf, buflen, sigbuf, sizeof(sigbuf)); + sl_strlcpy(hash, theSig, KEY_LEN+1); + + for (i = 0; i < KEY_LEN; ++i) + { + if (buf[buflen + i] != hash[i]) + SL_RETURN((0), _("sh_tools_hash_vfy")); + } + + SL_RETURN((1), _("sh_tools_hash_vfy")); +} + +/* ------------------------------------------ */ + +#if defined (SH_WITH_SERVER) + +/* add a checksum to a buffer; put checksum in front + */ +char * hash_me (char * key, char * buf, int buflen) +{ + char hash[KEY_LEN+1]; + char * temp = NULL; + register int i; + int total = 0; + char * theSig; + char sigbuf[KEYBUF_SIZE]; + + + SL_ENTER(_("hash_me")); + +#ifdef DEBUG_EN2 + fprintf(stderr, "hash_me <%s> <%d>\n", + (key == NULL) ? "NULL" : key, buflen); +#endif + /* key = H(NSRV,NCLT,SK) + */ + ASSERT_RET((key != NULL), _("key != NULL"), (NULL)); + ASSERT_RET((buflen >= 0), _("buflen >= 0"), (NULL)); + + theSig = sh_util_siggen (key, buf, buflen, sigbuf, sizeof(sigbuf)); + sl_strlcpy(hash, theSig, KEY_LEN+1); + + if (sl_ok_adds(buflen, KEY_LEN)) + { + total = KEY_LEN + buflen; + temp = SH_ALLOC (total); + + for (i = 0; i < KEY_LEN; ++i) + temp[i] = hash[i]; + + for (i = 0; i < buflen; ++i) + temp[i+KEY_LEN] = buf[i]; + } + else + { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("integer overflow"), + _("hash_me")); + temp = sh_util_strdup(buf); + } + SL_RETURN(temp, _("hash_me")); +} +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) + +/* verify the checksum of a buffer; checksum comes first + */ +int hash_check(char * key, + char * buf, int buflen) +{ + char hash[KEY_LEN+1]; + register int i; + char * theSig; + char sigbuf[KEYBUF_SIZE]; + + SL_ENTER(_("hash_check")); + +#ifdef DEBUG_EN2 + fprintf(stderr, "hash_check <%s> <%d>\n", + (key == NULL) ? "NULL" : key, buflen); +#endif + theSig = sh_util_siggen (key, &buf[KEY_LEN], buflen-KEY_LEN, + sigbuf, sizeof(sigbuf)); + sl_strlcpy(hash, theSig, KEY_LEN+1); + + for (i = 0; i < KEY_LEN; ++i) + { + if (buf[i] != hash[i]) + SL_RETURN((-1), _("hash_check")); + } + SL_RETURN((0), _("hash_check")); +} + +#endif + +#if defined (SH_WITH_SERVER) + +char * get_client_conf_file (char * peer, unsigned long * length) +{ + char * ret; + int status; + struct stat buf; + char * base; + size_t size; + + SL_ENTER(_("get_client_conf_file")); + + base = sh_util_strdup(DEFAULT_DATAROOT); + + size = sl_strlen(base); + if (sl_ok_adds(size, sl_strlen(peer))) + size += sl_strlen(peer); + if (sl_ok_adds(size, 6)) + size += 6; + + ret = SH_ALLOC(size); + sl_strlcpy(ret, base, size); + sl_strlcat(ret, _("/rc."), size); + sl_strlcat(ret, peer, size); + + status = retry_stat (FIL__, __LINE__, ret, &buf); + + if (status == 0) + goto lab_end; + else + sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, status, MSG_E_ACCESS, + (long) sh.effective.uid, ret); + + sl_strlcpy(ret, base, size); + sl_strlcat(ret, "/rc", size); + + status = retry_stat (FIL__, __LINE__, ret, &buf); + + if (status == 0) + goto lab_end; + else + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_ACCESS, + (long) sh.effective.uid, ret); + + SH_FREE(base); + SH_FREE(ret); + *length=0; + SL_RETURN(NULL, _("get_client_conf_file")); + + lab_end: + if (buf.st_size > 0x7fffffff) + { + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_SUBGEN, + _("File too large"), _("get_client_conf_file")); + SH_FREE(base); + SL_RETURN(NULL, _("get_client_conf_file")); + } + *length = (unsigned long) buf.st_size; + SH_FREE(base); + SL_RETURN(ret, _("get_client_conf_file")); +} + +char * get_client_data_file (char * peer, unsigned long * length) +{ + char * ret; + int status; + struct stat buf; + + char * base; + size_t size; + + SL_ENTER(_("get_client_data_file")); + + base = sh_util_strdup(DEFAULT_DATAROOT); + + size = sl_strlen(base); + if (sl_ok_adds(size, sl_strlen(peer))) + size += sl_strlen(peer); + if (sl_ok_adds(size, 8)) + size += 8; + + ret = SH_ALLOC(size); + sl_strlcpy(ret, base, size); + sl_strlcat(ret, _("/file."), size); + sl_strlcat(ret, peer, size); + + status = retry_stat (FIL__, __LINE__, ret, &buf); + + if (status == 0) + goto lab1_end; + else + sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, status, MSG_E_ACCESS, + (long) sh.effective.uid, ret); + + + sl_strlcpy(ret, base, size); + sl_strlcat(ret, _("/file"), size); + + status = retry_stat (FIL__, __LINE__, ret, &buf); + + if (status == 0) + goto lab1_end; + else + sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, status, MSG_E_ACCESS, + (long) sh.effective.uid, ret); + + + *length = 0; + SH_FREE(base); + SH_FREE(ret); + SL_RETURN(NULL, _("get_client_data_file")); + + lab1_end: + if (buf.st_size > 0x7fffffff) + { + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_SUBGEN, + _("File too large"), _("get_client_data_file")); + SH_FREE(base); + SL_RETURN(NULL, _("get_client_data_file")); + } + *length = (unsigned long) buf.st_size; + SH_FREE(base); + SL_RETURN(ret, _("get_client_data_file")); + +} +#endif + +#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) || defined(SH_STEALTH) || defined(WITH_GPG) || defined(WITH_PGP) + +/* --------- secure temporary file ------------ */ + +SL_TICKET open_tmp () +{ + SL_TICKET fd; + UINT32 ticks; + char * file; + struct stat buf; + int error; + int status = BAD; + char * my_tmp_dir; + char hashbuf[KEYBUF_SIZE]; + + SL_ENTER(_("open_tmp")); + +#if defined(SH_TMPDIR) + my_tmp_dir = sh_util_strdup(SH_TMPDIR); +#else +#if defined(SH_WITH_SERVER) + my_tmp_dir = sh_util_strdup(DEFAULT_LOGDIR); +#else + my_tmp_dir = sh_util_strdup(sh.effective.home); +#endif +#endif + + if (0 != tf_trust_check (my_tmp_dir, SL_YESPRIV)) + { + dlog(1, FIL__, __LINE__, + _("The directory for temporary files: %s is untrusted, i.e. an\nuntrusted user owns or can write to some directory in the path.\n"), + my_tmp_dir); + sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_TRUST, + (long) sh.effective.uid, + my_tmp_dir); + SH_FREE(my_tmp_dir); + aud_exit (FIL__, __LINE__, EXIT_FAILURE); + } + + do { + + /* create random filename in effective users home directory + */ + ticks = taus_get (); + if (my_tmp_dir[0] == '/' && my_tmp_dir[1] == '\0') + file = sh_util_strconcat (my_tmp_dir, + sh_tiger_hash( (char *) &ticks, TIGER_DATA, 4, + hashbuf, sizeof(hashbuf)), + NULL); + else + file = sh_util_strconcat (my_tmp_dir, + "/", + sh_tiger_hash( (char *) &ticks, TIGER_DATA, 4, + hashbuf, sizeof(hashbuf)), + NULL); + + /* check whether it already exists (paranoia) + */ + errno = 0; + status = retry_lstat(FIL__, __LINE__, file, &buf); + error = errno; + + if ( (status < 0) && (error == ENOENT) ) /* file does not exist */ + status = GOOD; + else if (status < 0) /* unexpected error condition */ + { + SH_FREE (file); + SH_FREE(my_tmp_dir); + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN, + _("Error (lstat) while opening temporary file"), _("open_tmp")); + TPT(( 0, FIL__, __LINE__, _("msg=\n"), error)); + SL_RETURN((-1), _("open_tmp")); + } + else /* file exists */ + { + status = BAD; + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + } + + if (status == GOOD) + { + if (0 == tf_trust_check (file, SL_YESPRIV)) + status = GOOD; + else + { + status = BAD; + TPT(( 0, FIL__, __LINE__, _("msg=\n"))); + } + } + + if (status == BAD) + SH_FREE (file); + + } while (status == BAD); + + fd = sl_open_safe_rdwr (file, SL_YESPRIV); + if (SL_ISERROR(fd)) + { + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, fd, MSG_E_SUBGEN, + _("Error opening temporary file"), _("open_tmp")); + TPT(( 0, FIL__, __LINE__, _("msg=\n"), + fd, file)); + } + + + SH_FREE (file); + SH_FREE(my_tmp_dir); + + if (!SL_ISERROR(fd)) { + sl_unlink(fd); + } + + if (!SL_ISERROR(fd)) + SL_RETURN((fd), _("open_tmp")); + else + SL_RETURN((-1), _("open_tmp")); +} + + +int close_tmp (SL_TICKET fd) +{ + SL_ENTER(_("close_tmp")); + + if (SL_ISERROR(sl_close (fd))) + SL_RETURN((-1), _("close_tmp")); + SL_RETURN((0), _("close_tmp")); +} + +int rewind_tmp (SL_TICKET fd) +{ + SL_ENTER(_("rewind_tmp")); + + if (SL_ISERROR(sl_rewind (fd))) + SL_RETURN((-1), _("rewind_tmp")); + SL_RETURN((0), _("rewind_tmp")); +} +#endif Index: /tags/2.5.0/src/sh_unix.c =================================================================== --- /tags/2.5.0/src/sh_unix.c (revision 189) +++ /tags/2.5.0/src/sh_unix.c (revision 189) @@ -0,0 +1,4868 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + + +#include +#include +#include +#include +#ifdef HAVE_LINUX_FS_H +#include +#endif + +#ifdef HAVE_MEMORY_H +#include +#endif + +#ifdef HAVE_UNISTD_H +#include +#include +#include +#include +#include +#include +#include +#include +#include +/* need to undef these, since the #define's may be picked up from + * linux/wait.h, and will clash with a typedef in sys/wait.h + */ +#undef P_ALL +#undef P_PID +#undef P_PGID +#include + +/********************* +#ifdef HAVE_SYS_VFS_H +#include +#endif +**********************/ +#endif + +#if TIME_WITH_SYS_TIME +#include +#include +#else +#if HAVE_SYS_TIME_H +#include +#else +#include +#endif +#endif + +#ifdef HAVE_SYS_SELECT_H +#include +#endif + +#ifndef FD_SET +#define NFDBITS 32 +#define FD_SET(n, p) ((p)->fds_bits[(n)/NFDBITS] |= (1 << ((n) % NFDBITS))) +#define FD_CLR(n, p) ((p)->fds_bits[(n)/NFDBITS] &= ~(1 << ((n) % NFDBITS))) +#define FD_ISSET(n, p) ((p)->fds_bits[(n)/NFDBITS] & (1 << ((n) % NFDBITS))) +#endif /* !FD_SET */ +#ifndef FD_SETSIZE +#define FD_SETSIZE 32 +#endif +#ifndef FD_ZERO +#define FD_ZERO(p) memset((char *)(p), '\0', sizeof(*(p))) +#endif + + +#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) +#include +#endif + +#include "samhain.h" +#include "sh_error.h" +#include "sh_unix.h" +#include "sh_utils.h" +#include "sh_mem.h" +#include "sh_hash.h" +#include "sh_tools.h" +#include "sh_tiger.h" +#include "sh_prelink.h" +#include "sh_pthread.h" + +/* moved here from far below + */ +#include + +#define SH_NEED_PWD_GRP +#define SH_NEED_GETHOSTBYXXX +#include "sh_static.h" + +#ifndef HAVE_LSTAT +#define lstat stat +#endif + +#if defined(S_IFLNK) && !defined(S_ISLNK) +#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK) +#else +#if !defined(S_ISLNK) +#define S_ISLNK(mode) (0) +#endif +#endif + +#if defined(S_IFSOCK) && !defined(S_ISSOCK) +#define S_ISSOCK(mode) (((mode) & S_IFMT) == S_IFSOCK) +#else +#if !defined(S_ISSOCK) +#define S_ISSOCK(mode) (0) +#endif +#endif + +#if defined(S_IFDOOR) && !defined(S_ISDOOR) +#define S_ISDOOR(mode) (((mode) & S_IFMT) == S_IFDOOR) +#else +#if !defined(S_ISDOOR) +#define S_ISDOOR(mode) (0) +#endif +#endif + +#if defined(S_IFPORT) && !defined(S_ISPORT) +#define S_ISPORT(mode) (((mode) & S_IFMT) == S_IFPORT) +#else +#if !defined(S_ISPORT) +#define S_ISPORT(mode) (0) +#endif +#endif + +#define SH_KEY_NULL _("000000000000000000000000000000000000000000000000") + +#undef FIL__ +#define FIL__ _("sh_unix.c") + +unsigned long mask_PRELINK = MASK_PRELINK_; +unsigned long mask_USER0 = MASK_USER_; +unsigned long mask_USER1 = MASK_USER_; +unsigned long mask_USER2 = MASK_USER_; +unsigned long mask_USER3 = MASK_USER_; +unsigned long mask_USER4 = MASK_USER_; +unsigned long mask_ALLIGNORE = MASK_ALLIGNORE_; +unsigned long mask_ATTRIBUTES = MASK_ATTRIBUTES_; +unsigned long mask_LOGFILES = MASK_LOGFILES_; +unsigned long mask_LOGGROW = MASK_LOGGROW_; +unsigned long mask_READONLY = MASK_READONLY_; +unsigned long mask_NOIGNORE = MASK_NOIGNORE_; + + +extern char **environ; + +int sh_unix_maskreset() +{ + mask_PRELINK = MASK_PRELINK_; + mask_USER0 = MASK_USER_; + mask_USER1 = MASK_USER_; + mask_USER2 = MASK_USER_; + mask_USER3 = MASK_USER_; + mask_USER4 = MASK_USER_; + mask_ALLIGNORE = MASK_ALLIGNORE_; + mask_ATTRIBUTES = MASK_ATTRIBUTES_; + mask_LOGFILES = MASK_LOGFILES_; + mask_LOGGROW = MASK_LOGGROW_; + mask_READONLY = MASK_READONLY_; + mask_NOIGNORE = MASK_NOIGNORE_; + return 0; +} + + +#ifdef SYS_SIGLIST_DECLARED +/* extern const char * const sys_siglist[]; */ +#else +char * sh_unix_siglist (int signum) +{ + switch (signum) + { +#ifdef SIGHUP + case SIGHUP: + return _("Hangup"); +#endif +#ifdef SIGINT + case SIGINT: + return _("Interrupt"); +#endif +#ifdef SIGQUIT + case SIGQUIT: + return _("Quit"); +#endif +#ifdef SIGILL + case SIGILL: + return _("Illegal instruction"); +#endif +#ifdef SIGTRAP + case SIGTRAP: + return _("Trace/breakpoint trap"); +#endif +#ifdef SIGABRT + case SIGABRT: + return _("IOT trap/Abort"); +#endif +#ifdef SIGBUS + case SIGBUS: + return _("Bus error"); +#endif +#ifdef SIGFPE + case SIGFPE: + return _("Floating point exception"); +#endif +#ifdef SIGUSR1 + case SIGUSR1: + return _("User defined signal 1"); +#endif +#ifdef SIGSEGV + case SIGSEGV: + return _("Segmentation fault"); +#endif +#ifdef SIGUSR2 + case SIGUSR2: + return _("User defined signal 2"); +#endif +#ifdef SIGPIPE + case SIGPIPE: + return _("Broken pipe"); +#endif +#ifdef SIGALRM + case SIGALRM: + return _("Alarm clock"); +#endif +#ifdef SIGTERM + case SIGTERM: + return _("Terminated"); +#endif +#ifdef SIGSTKFLT + case SIGSTKFLT: + return _("Stack fault"); +#endif +#ifdef SIGCHLD + case SIGCHLD: + return _("Child exited"); +#endif +#ifdef SIGCONT + case SIGCONT: + return _("Continued"); +#endif +#ifdef SIGSTOP + case SIGSTOP: + return _("Stopped"); +#endif +#ifdef SIGTSTP + case SIGTSTP: + return _("Stop typed at tty"); +#endif +#ifdef SIGTTIN + case SIGTTIN: + return _("Stopped (tty input)"); +#endif +#ifdef SIGTTOU + case SIGTTOU: + return _("Stopped (tty output)"); +#endif +#ifdef SIGURG + case SIGURG: + return _("Urgent condition"); +#endif +#ifdef SIGXCPU + case SIGXCPU: + return _("CPU time limit exceeded"); +#endif +#ifdef SIGXFSZ + case SIGXFSZ: + return _("File size limit exceeded"); +#endif +#ifdef SIGVTALRM + case SIGVTALRM: + return _("Virtual time alarm"); +#endif +#ifdef SIGPROF + case SIGPROF: + return _("Profile signal"); +#endif +#ifdef SIGWINCH + case SIGWINCH: + return _("Window size changed"); +#endif +#ifdef SIGIO + case SIGIO: + return _("Possible I/O"); +#endif +#ifdef SIGPWR + case SIGPWR: + return _("Power failure"); +#endif +#ifdef SIGUNUSED + case SIGUNUSED: + return _("Unused signal"); +#endif + } + return _("Unknown"); +} +#endif + + +/* Log from within a signal handler without using any + * functions that are not async signal safe. + * + * This is the safe_itoa helper function. + */ +char * safe_itoa(int i, char * str, int size) +{ + unsigned int u; + int iisneg = 0; + char *p = &str[size-1]; + + *p = '\0'; + if (i < 0) { + iisneg = 1; + u = ((unsigned int)(-(1+i))) + 1; + } else { + u = i; + } + do { + --p; + *p = '0' + (u % 10); + u /= 10; + } while (u && (p != str)); + if ((iisneg == 1) && (p != str)) { + --p; + *p = '-'; + } + return p; +} + +/* Log from within a signal handler without using any + * functions that are not async signal safe. + * + * This is the safe_logger function. + * Arguments: signal (signal number), method (0=logger, 1=stderr), thepid (pid) + */ +extern int OnlyStderr; + +int safe_logger (int thesignal, int method, char * details) +{ + unsigned int i = 0; + int status = -1; + struct stat buf; + pid_t newpid; + char str[128]; + char * p; + + char l0[64], l1[64], l2[64], l3[64]; + char a0[32], a1[32], a2[32]; + char e0[128]; + char msg[128]; + + char * locations[] = { NULL, NULL, NULL, NULL, NULL }; + char * envp[] = { NULL, NULL }; + char * argp[] = { NULL, NULL, NULL, NULL, NULL }; + + pid_t thepid = getpid(); + + if ((sh.flag.isdaemon == S_FALSE) || (OnlyStderr == S_TRUE)) + method = 1; + + /* seems that solaris cc needs this way of initializing ... + */ + locations[0] = l0; + locations[1] = l1; + locations[2] = l2; + locations[3] = l3; + + envp[0] = e0; + + argp[0] = a0; + argp[1] = a1; + argp[2] = a2; + + sl_strlcpy(msg, _("samhain["), 128); + p = safe_itoa((int) thepid, str, 128); + if (p && *p) + sl_strlcat(msg, p, 128); + if (thesignal == 0) + { + if (details == NULL) { + sl_strlcat(msg, _("]: out of memory"), 128); + } else { + sl_strlcat(msg, _("]: "), 128); + sl_strlcat(msg, details, 128); + } + } + else + { + sl_strlcat(msg, _("]: exit on signal "), 128); + p = safe_itoa(thesignal, str, 128); + if (p && *p) + sl_strlcat(msg, p, 128); + } + + if (method == 1) { +#ifndef STDERR_FILENO +#define STDERR_FILENO 2 +#endif + int retval = 0; + do { + retval = write(STDERR_FILENO, msg, strlen(msg)); + } while (retval < 0 && errno == EINTR); + do { + retval = write(STDERR_FILENO, "\n", 1); + } while (retval < 0 && errno == EINTR); + return 0; + } + + sl_strlcpy (l0, _("/usr/bin/logger"), 64); + sl_strlcpy (l1, _("/usr/sbin/logger"), 64); + sl_strlcpy (l2, _("/usr/ucb/logger"), 64); + sl_strlcpy (l3, _("/bin/logger"), 64); + + sl_strlcpy (a0, _("logger"), 32); + sl_strlcpy (a1, _("-p"), 32); + sl_strlcpy (a2, _("daemon.alert"), 32); + + sl_strlcpy (e0, + _("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin"), + 128); + + while (locations[i] != NULL) { + status = stat(locations[i], &buf); + if (status == 0) + break; + ++i; + } + + if (locations[i] != NULL) { + argp[3] = msg; + newpid = fork(); + if (newpid == 0) { + execve(locations[i], argp, envp); + _exit(1); + } + else if (newpid > 0) { + waitpid(newpid, &status, WUNTRACED); + } + } + return 0; +} + +void safe_fatal (const char * details, + const char * file, int line) +{ + char msg[128]; + char str[128]; + char * p; + int thesignal = 0; + int method = 0; + + p = safe_itoa((int) line, str, 128); + sl_strlcpy(msg, _("FATAL: "), 128); + sl_strlcat(msg, file, 128); + sl_strlcat(msg, ": ", 128); + if (p && (*p)) { + sl_strlcat(msg, p , 128); + sl_strlcat(msg, ": ", 128); + } + sl_strlcat(msg, details, 128); + (void) safe_logger (thesignal, method, msg); + _exit(EXIT_FAILURE); +} + +extern char sh_sig_msg[64]; + +volatile int immediate_exit_normal = 0; + +#if defined(SA_SIGACTION_WORKS) +static +void sh_unix_sigexit (int mysignal, siginfo_t * signal_info, void * signal_add) +#else +static +void sh_unix_sigexit (int mysignal) +#endif +{ + +#if defined(SA_SIGACTION_WORKS) + if (signal_info != NULL && signal_info->si_code == SI_USER && + mysignal != SIGTERM && mysignal != SIGINT) + { + return; + } + + /* avoid compiler warning (unused var) + */ + (void) signal_add; +#endif + + /* + * Block re-entry + */ + if (immediate_exit_normal > 0) + { + ++immediate_exit_normal; + if ((skey != NULL) && (immediate_exit_normal == 2)) + memset (skey, '\0', sizeof(sh_key_t)); + if (immediate_exit_normal == 2) + { + int val_return; + + do { + val_return = chdir ("/"); + } while (val_return < 0 && errno == EINTR); + + safe_logger (mysignal, 0, NULL); + } + _exit(mysignal); + } + else + { + immediate_exit_normal = 1; + } + +#ifdef SYS_SIGLIST_DECLARED + strncpy (sh_sig_msg, sys_siglist[mysignal], 40); +#else + strncpy (sh_sig_msg, sh_unix_siglist(mysignal), 40); +#endif + sh_sig_msg[63] = '\0'; + + ++sig_raised; + ++sig_urgent; + sig_termfast = 1; + return; +} + +volatile int immediate_exit_fast = 0; + +#if defined(SA_SIGACTION_WORKS) +static +void sh_unix_sigexit_fast (int mysignal, siginfo_t * signal_info, + void * signal_add) +#else +static +void sh_unix_sigexit_fast (int mysignal) +#endif +{ +#if defined(SL_DEBUG) && (defined(USE_SYSTEM_MALLOC) || !defined(USE_MALLOC_LOCK)) + int retval; +#endif + +#if defined(SA_SIGACTION_WORKS) + if (signal_info != NULL && signal_info->si_code == SI_USER) + { + return; + } +#endif + + /* avoid compiler warning (unused var) + */ +#if defined(SA_SIGACTION_WORKS) + (void) signal_add; +#endif + + /* Check whether the heap is ok; otherwise _exit + */ +#if !defined(SL_DEBUG) || (!defined(USE_SYSTEM_MALLOC) && defined(USE_MALLOC_LOCK)) + ++immediate_exit_fast; + if (skey != NULL && immediate_exit_fast < 2) + memset (skey, '\0', sizeof(sh_key_t)); + if (immediate_exit_fast < 2) + safe_logger (mysignal, 0, NULL); + _exit(mysignal); +#else + + /* debug code + */ + if (immediate_exit_fast == 1) + { + ++immediate_exit_fast; + if (skey != NULL) + memset (skey, '\0', sizeof(sh_key_t)); +#ifdef WITH_MESSAGE_QUEUE + close_ipc (); +#endif + safe_logger (mysignal, 0, NULL); + do { + retval = chdir ("/"); + } while (retval < 0 && errno == EINTR); + raise(SIGFPE); + } + else if (immediate_exit_fast == 2) + { + do { + retval = chdir ("/"); + } while (retval < 0 && errno == EINTR); + raise(SIGFPE); + } + else if (immediate_exit_fast != 0) + { + _exit(mysignal); + } + + ++immediate_exit_fast; + + /* The FPE|BUS|SEGV|ILL signals leave the system in an undefined + * state, thus it is best to exit immediately. + */ +#ifdef SYS_SIGLIST_DECLARED + strncpy (sh_sig_msg, sys_siglist[mysignal], 40); +#else + strncpy (sh_sig_msg, sh_unix_siglist(mysignal), 40); +#endif + sh_sig_msg[63] = '\0'; + + sl_stack_print(); + + /* Try to push out an error message. + */ + sh_error_handle ((-1), FIL__, __LINE__, mysignal, MSG_EXIT_NORMAL, + sh.prg_name, sh_sig_msg); + + if (skey != NULL) + memset (skey, '\0', sizeof(sh_key_t)); +#ifdef WITH_MESSAGE_QUEUE + close_ipc (); +#endif + + do { + retval = chdir ("/"); + } while (retval < 0 && errno == EINTR); + + raise(SIGFPE); +#endif +} + + +static +void sh_unix_sigaction (int mysignal) +{ + ++sig_raised; +#ifdef SIGUSR1 + if (mysignal == SIGUSR1) + sig_debug_switch = 1; +#endif +#ifdef SIGUSR2 + if (mysignal == SIGUSR2) + { + ++sig_suspend_switch; + ++sig_urgent; + } +#endif +#ifdef SIGHUP + if (mysignal == SIGHUP) + sig_config_read_again = 1; +#endif +#ifdef SIGTTOU + if (mysignal == SIGTTOU) + sig_force_check = 1; +#endif +#ifdef SIGABRT + if (mysignal == SIGABRT) + sig_fresh_trail = 1; +#endif +#ifdef SIGQUIT + if (mysignal == SIGQUIT) + { + sig_terminate = 1; + ++sig_urgent; + } +#endif +#ifdef SIGTERM + if (mysignal == SIGTERM) + { + strncpy (sh_sig_msg, _("Terminated"), 40); + sig_termfast = 1; + ++sig_urgent; + } +#endif + + return; +} + +static +void sh_unix_siginstall (int goDaemon) +{ + struct sigaction act, act_fast, act2, oldact, ignact; +#if defined (SH_WITH_SERVER) + (void) goDaemon; +#endif + + SL_ENTER(_("sh_unix_siginstall")); + + ignact.sa_handler = SIG_IGN; /* signal action */ + sigemptyset( &ignact.sa_mask ); /* set an empty mask */ + ignact.sa_flags = 0; /* init sa_flags */ + +#if defined(SA_SIGACTION_WORKS) + act.sa_sigaction = &sh_unix_sigexit; /* signal action */ +#else + act.sa_handler = &sh_unix_sigexit; /* signal action */ +#endif + + sigfillset ( &act.sa_mask ); /* set a full mask */ + + + /* Block all but deadly signals. + */ +#ifdef SIGILL + sigdelset ( &act.sa_mask, SIGILL ); +#endif +#ifndef SL_DEBUG +#ifdef SIGFPE + sigdelset ( &act.sa_mask, SIGFPE ); +#endif +#endif +#ifdef SIGSEGV + sigdelset ( &act.sa_mask, SIGSEGV ); +#endif +#ifdef SIGBUS + sigdelset ( &act.sa_mask, SIGBUS ); +#endif + +#if defined(SA_SIGACTION_WORKS) + act_fast.sa_sigaction = &sh_unix_sigexit_fast; /* signal action */ +#else + act_fast.sa_handler = &sh_unix_sigexit_fast; /* signal action */ +#endif + + sigfillset ( &act_fast.sa_mask ); /* set a full mask */ + +#ifdef SIGILL + sigdelset ( &act_fast.sa_mask, SIGILL ); +#endif +#ifndef SL_DEBUG +#ifdef SIGFPE + sigdelset ( &act_fast.sa_mask, SIGFPE ); +#endif +#endif +#ifdef SIGSEGV + sigdelset ( &act_fast.sa_mask, SIGSEGV ); +#endif +#ifdef SIGBUS + sigdelset ( &act_fast.sa_mask, SIGBUS ); +#endif + + + /* Use siginfo to verify origin of signal, if possible. + */ +#if defined(SA_SIGACTION_WORKS) + act.sa_flags = SA_SIGINFO; + act_fast.sa_flags = SA_SIGINFO; +#else + act.sa_flags = 0; + act_fast.sa_flags = 0; +#endif + + /* Do not block the signal from being received in its handler ... + * (is this a good or a bad idea ??). + */ +#if defined(SA_NOMASK) + act_fast.sa_flags |= SA_NOMASK; +#elif defined(SA_NODEFER) + act_fast.sa_flags |= SA_NODEFER; +#endif + + + act2.sa_handler = &sh_unix_sigaction; /* signal action */ + sigemptyset( &act2.sa_mask ); /* set an empty mask */ + act2.sa_flags = 0; /* init sa_flags */ + + /* signals to control the daemon */ + +#ifdef SIGHUP + retry_sigaction(FIL__, __LINE__, SIGHUP, &act2, &oldact); +#endif +#ifdef SIGABRT + retry_sigaction(FIL__, __LINE__, SIGABRT, &act2, &oldact); +#endif +#ifdef SIGUSR1 + retry_sigaction(FIL__, __LINE__, SIGUSR1, &act2, &oldact); +#endif +#ifdef SIGUSR2 + retry_sigaction(FIL__, __LINE__, SIGUSR2, &act2, &oldact); +#endif +#ifdef SIGQUIT + retry_sigaction(FIL__, __LINE__, SIGQUIT, &act2, &oldact); +#endif +#ifdef SIGTERM + retry_sigaction(FIL__, __LINE__, SIGTERM, &act, &oldact); +#endif + + /* fatal signals that may cause termination */ + +#ifdef SIGILL + retry_sigaction(FIL__, __LINE__, SIGILL, &act_fast, &oldact); +#endif +#ifndef SL_DEBUG +#ifdef SIGFPE + retry_sigaction(FIL__, __LINE__, SIGFPE, &act_fast, &oldact); +#endif +#endif +#ifdef SIGSEGV + retry_sigaction(FIL__, __LINE__, SIGSEGV, &act_fast, &oldact); +#endif +#ifdef SIGBUS + retry_sigaction(FIL__, __LINE__, SIGBUS, &act_fast, &oldact); +#endif + + /* other signals */ + +#ifdef SIGINT + retry_sigaction(FIL__, __LINE__, SIGINT, &act, &oldact); +#endif +#ifdef SIGPIPE +#ifdef HAVE_PTHREAD + retry_sigaction(FIL__, __LINE__, SIGPIPE, &ignact, &oldact); +#else + retry_sigaction(FIL__, __LINE__, SIGPIPE, &act, &oldact); +#endif +#endif +#ifdef SIGALRM + retry_sigaction(FIL__, __LINE__, SIGALRM, &ignact, &oldact); +#endif +#ifdef SIGTSTP + retry_sigaction(FIL__, __LINE__, SIGTSTP, &ignact, &oldact); +#endif +#ifdef SIGTTIN + retry_sigaction(FIL__, __LINE__, SIGTTIN, &ignact, &oldact); +#endif +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) +#ifdef SIGTTOU + if (goDaemon == 1) + retry_sigaction(FIL__, __LINE__, SIGTTOU, &act2, &oldact); + else + retry_sigaction(FIL__, __LINE__, SIGTTOU, &ignact, &oldact); +#endif +#else +#ifdef SIGTTOU + retry_sigaction(FIL__, __LINE__, SIGTTOU, &ignact, &oldact); +#endif +#endif + +#ifdef SIGTRAP +#if !defined(SCREW_IT_UP) + retry_sigaction(FIL__, __LINE__, SIGTRAP, &act, &oldact); +#endif +#endif + +#ifdef SIGPOLL + retry_sigaction(FIL__, __LINE__, SIGPOLL, &ignact, &oldact); +#endif +#if defined(SIGPROF) && !defined(SH_PROFILE) + retry_sigaction(FIL__, __LINE__, SIGPROF, &ignact, &oldact); +#endif +#ifdef SIGSYS + retry_sigaction(FIL__, __LINE__, SIGSYS, &act, &oldact); +#endif +#ifdef SIGURG + retry_sigaction(FIL__, __LINE__, SIGURG, &ignact, &oldact); +#endif +#if defined(SIGVTALRM) && !defined(SH_PROFILE) + retry_sigaction(FIL__, __LINE__, SIGVTALRM, &ignact, &oldact); +#endif +#ifdef SIGXCPU + retry_sigaction(FIL__, __LINE__, SIGXCPU, &act, &oldact); +#endif +#ifdef SIGXFSZ + retry_sigaction(FIL__, __LINE__, SIGXFSZ, &act, &oldact); +#endif + +#ifdef SIGEMT + retry_sigaction(FIL__, __LINE__, SIGEMT, &ignact, &oldact); +#endif +#ifdef SIGSTKFLT + retry_sigaction(FIL__, __LINE__, SIGSTKFLT, &act, &oldact); +#endif +#ifdef SIGIO + retry_sigaction(FIL__, __LINE__, SIGIO, &ignact, &oldact); +#endif +#ifdef SIGPWR + retry_sigaction(FIL__, __LINE__, SIGPWR, &act, &oldact); +#endif + +#ifdef SIGLOST + retry_sigaction(FIL__, __LINE__, SIGLOST, &ignact, &oldact); +#endif +#ifdef SIGUNUSED + retry_sigaction(FIL__, __LINE__, SIGUNUSED, &ignact, &oldact); +#endif + + SL_RET0(_("sh_unix_siginstall")); +} + +/* ---------------------------------------------------------------- */ + +/* checksum the own binary + */ +int sh_unix_self_hash (const char * c) +{ + char message[512]; + char hashbuf[KEYBUF_SIZE]; + + SL_ENTER(_("sh_unix_self_hash")); + + if (c == NULL) + { + sh.exec.path[0] = '\0'; + SL_RETURN((0), _("sh_unix_self_hash")); + } + sl_strlcpy(sh.exec.path, c, SH_PATHBUF); + + sl_strlcpy(sh.exec.hash, + sh_tiger_hash (c, TIGER_FILE, TIGER_NOLIM, hashbuf, sizeof(hashbuf)), + KEY_LEN+1); + sl_snprintf(message, 512, _("%s has checksum: %s"), + sh.exec.path, sh.exec.hash); + message[511] = '\0'; + sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN, + message, _("sh_unix_self_hash")); + if (0 == sl_strcmp(sh.exec.hash, SH_KEY_NULL )) + { + dlog(1, FIL__, __LINE__, + _("Could not checksum my own executable because of the\nfollowing error: %s: %s\n\nPossible reasons include:\n Wrong path in configure file option SamhainPath=/path/to/executable\n No read permission for the effective UID: %d\n"), + sh.exec.path, sl_get_errmsg(), (int) sl_ret_euid()); + sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_NOACCESS, + (long) sh.real.uid, c); + aud_exit (FIL__, __LINE__, EXIT_FAILURE); + } + SL_RETURN((0), _("sh_unix_self_hash")); +} + +int sh_unix_self_check () +{ + char newhash[KEY_LEN+1]; + char message[512]; + char hashbuf[KEYBUF_SIZE]; + + SL_ENTER(_("sh_unix_self_check")); + if (sh.exec.path == NULL || sh.exec.path[0] == '\0') + SL_RETURN((0), _("sh_unix_self_check")); + + sl_strlcpy(newhash, + sh_tiger_hash (sh.exec.path, TIGER_FILE, TIGER_NOLIM, hashbuf, sizeof(hashbuf)), + KEY_LEN+1); + if (0 == sl_strncmp(sh.exec.hash, + newhash, + KEY_LEN)) + SL_RETURN((0), _("sh_unix_self_check")); + + + dlog(1, FIL__, __LINE__, + _("The checksum of the executable: %s has changed since startup (%s -> %s).\n"), + sh.exec.path, sh.exec.hash, newhash); + + sl_snprintf(message, 512, + _("The checksum of %s has changed since startup (%s -> %s)"), + sh.exec.path, sh.exec.hash, newhash); + message[511] = '\0'; + + sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN, + message, _("sh_unix_self_check")); + sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_E_AUTH, + sh.exec.path); + SL_RETURN((-1), _("sh_unix_self_check")); +} + + +/* ---------------------------------------------------------------- */ + + +/* added Tue Feb 22 10:36:44 NFT 2000 Rainer Wichmann */ +static int tf_add_trusted_user_int(const char * c) +{ + struct passwd * w; + int count; + uid_t pwid = (uid_t)-1; + +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + struct passwd pwd; + char buffer[SH_PWBUF_SIZE]; +#endif + + SL_ENTER(_("tf_add_trusted_user_int")); + + /* First check for a user name. + */ +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + sh_getpwnam_r(c, &pwd, buffer, sizeof(buffer), &w); +#else + w = sh_getpwnam(c); +#endif + + if ((w != NULL) && ((pwid = w->pw_uid) > 0)) + goto succe; + + /* Failed, so check for a numerical value. + */ + pwid = strtol(c, (char **)NULL, 10); + if (pwid > 0 && pwid < 65535) + goto succe; + + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("add trusted user"), c); + SL_RETURN((-1), _("tf_add_trusted_user_int")); + + succe: + count = sl_trust_add_user(pwid); + SL_RETURN((count), _("tf_add_trusted_user_int")); +} + +int tf_add_trusted_user(const char * c) +{ + int i; + char * q; + char * p = sh_util_strdup (c); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) + char * saveptr; +#endif + + SL_ENTER(_("tf_add_trusted_user")); + +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) + q = strtok_r(p, ", \t", &saveptr); +#else + q = strtok(p, ", \t"); +#endif + if (!q) + { + SH_FREE(p); + SL_RETURN((-1), _("tf_add_trusted_user")); + } + while (q) + { + i = tf_add_trusted_user_int(q); + if (SL_ISERROR(i)) + { + SH_FREE(p); + SL_RETURN((i), _("tf_add_trusted_user")); + } +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) + q = strtok_r(NULL, ", \t", &saveptr); +#else + q = strtok(NULL, ", \t"); +#endif + } + SH_FREE(p); + SL_RETURN((0), _("tf_add_trusted_user")); +} + +extern uid_t sl_trust_baduid(void); +extern gid_t sl_trust_badgid(void); + +#if defined(HOST_IS_CYGWIN) || defined(__cygwin__) || defined(__CYGWIN32__) || defined(__CYGWIN__) +int tf_trust_check (const char * file, int mode) +{ + (void) file; + (void) mode; + return 0; +} +#else +int tf_trust_check (const char * file, int mode) +{ + char * tmp; + char * tmp2; + char * p; + int status; + int level; + uid_t ff_euid; + + SL_ENTER(_("tf_trust_check")); + + if (mode == SL_YESPRIV) + sl_get_euid(&ff_euid); + else + sl_get_ruid(&ff_euid); + +#if defined(SH_WITH_SERVER) + if (0 == sl_ret_euid()) /* privileges not dropped yet */ + { +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + struct passwd pwd; + char buffer[SH_PWBUF_SIZE]; + struct passwd * tempres; + sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, sizeof(buffer), &tempres); +#else + struct passwd * tempres = sh_getpwnam(DEFAULT_IDENT); +#endif + + if (!tempres) + { + dlog(1, FIL__, __LINE__, + _("User %s does not exist. Please add the user to your system.\n"), + DEFAULT_IDENT); + aud_exit (FIL__, __LINE__, EXIT_FAILURE); + } + ff_euid = tempres->pw_uid; + } +#endif + + status = sl_trustfile_euid(file, ff_euid); + + if ( SL_ENONE != status) + { + if (status == SL_ESTAT) + level = SH_ERR_ALL; + else + level = SH_ERR_ERR; + + tmp = sh_util_safe_name (file); + p = sl_trust_errfile(); + if (p && *p != '\0') + { + tmp2 = sh_util_safe_name (sl_trust_errfile()); + sh_error_handle(level, FIL__, __LINE__, status, MSG_E_TRUST2, + sl_error_string(status), tmp, tmp2); + SH_FREE(tmp2); + } + else + { + sh_error_handle(level, FIL__, __LINE__, status, MSG_E_TRUST1, + sl_error_string(status), tmp); + } + SH_FREE(tmp); + + if (status == SL_EBADUID || status == SL_EBADGID || + status == SL_EBADOTH || status == SL_ETRUNC || + status == SL_EINTERNAL ) + { + switch (status) { + case SL_EINTERNAL: + dlog(1, FIL__, __LINE__, + _("An internal error occured in the trustfile function.\n")); + break; + case SL_ETRUNC: + tmp = sh_util_safe_name (file); + dlog(1, FIL__, __LINE__, + _("A filename truncation occured in the trustfile function.\nProbably the normalized filename for %s\nis too long. This may be due e.g. to deep or circular softlinks.\n"), + tmp); + SH_FREE(tmp); + break; + case SL_EBADOTH: + tmp = sh_util_safe_name (file); + p = sl_trust_errfile(); + dlog(1, FIL__, __LINE__, + _("The path element: %s\nin the filename: %s is world writeable.\n"), + p, tmp); + SH_FREE(tmp); + break; + case SL_EBADUID: + tmp = sh_util_safe_name (file); + p = sl_trust_errfile(); + dlog(1, FIL__, __LINE__, + _("The owner (UID = %ld) of the path element: %s\nin the filename: %s\nis not in the list of trusted users.\nTo fix the problem, you can:\n - run ./configure again with the option --with-trusted=0,...,UID\n where UID is the UID of the untrusted user, or\n - use the option TrustedUser=UID in the configuration file.\n"), + (UID_CAST)sl_trust_baduid(), p, tmp); + SH_FREE(tmp); + break; + case SL_EBADGID: + tmp = sh_util_safe_name (file); + p = sl_trust_errfile(); + dlog(1, FIL__, __LINE__, + _("The path element: %s\nin the filename: %s\nis group writeable (GID = %ld), and at least one of the group\nmembers (UID = %ld) is not in the list of trusted users.\nTo fix the problem, you can:\n - run ./configure again with the option --with-trusted=0,...,UID\n where UID is the UID of the untrusted user, or\n - use the option TrustedUser=UID in the configuration file.\n"), + p, tmp, (UID_CAST)sl_trust_badgid(), + (UID_CAST)sl_trust_baduid()); + SH_FREE(tmp); + break; + default: + break; + } + + SL_RETURN((-1), _("tf_trust_check")); + } + } + + SL_RETURN((0), _("tf_trust_check")); +} +#endif + +#ifdef HAVE_INITGROUPS +#ifdef HOST_IS_OSF +int sh_unix_initgroups ( char * in_user, gid_t in_gid) +#else +int sh_unix_initgroups (const char * in_user, gid_t in_gid) +#endif +{ + int status = -1; + status = sh_initgroups (in_user, in_gid); + if (status < 0) + { + if (errno == EPERM) + return 0; + if (errno == EINVAL) + return 0; + return -1; + } + return 0; +} +#else +int sh_unix_initgroups (const char * in_user, gid_t in_gid) +{ + (void) in_user; + (void) in_gid; + return 0; +} +#endif + +#ifdef HAVE_INITGROUPS +char * sh_unix_getUIDname (int level, uid_t uid, char * out, size_t len); +int sh_unix_initgroups2 (uid_t in_pid, gid_t in_gid) +{ + int status = -1; + char user[SH_MINIBUF]; + + SL_ENTER(_("sh_unix_initgroups2")); + + if (NULL == sh_unix_getUIDname (SH_ERR_ERR, in_pid, user, sizeof(user))) + SL_RETURN((-1), _("sh_unix_initgroups2")); + status = sh_initgroups (user, in_gid); + if (status < 0) + { + if (errno == EPERM) + status = 0; + if (errno == EINVAL) + status = 0; + } + SL_RETURN((status), _("sh_unix_initgroups2")); +} +#else +int sh_unix_initgroups2 (uid_t in_pid, gid_t in_gid) +{ + (void) in_pid; + (void) in_gid; + return 0; +} +#endif + +void sh_unix_closeall (int fd, int except, int inchild) +{ + int fdx = fd; +#ifdef _SC_OPEN_MAX + int fdlimit = sysconf (_SC_OPEN_MAX); +#else +#ifdef OPEN_MAX + int fdlimit = OPEN_MAX; +#else + int fdlimit = _POSIX_OPEN_MAX; +#endif +#endif + + SL_ENTER(_("sh_unix_closeall")); + + /* can't happen - so fix it :-( + */ + if (fdlimit < 0) + fdlimit = 20; /* POSIX lower limit */ + + if (fdlimit > 65536) + fdlimit = 65536; + + /* Close everything from fd (inclusive) up to fdlimit (exclusive). + */ + while (fd < fdlimit) + { + if (fd == except) + fd++; + else if (slib_do_trace != 0 && fd == slib_trace_fd) + fd++; + else + close(fd++); + } + + if (!inchild) + sl_dropall (fdx, except); + else + sl_dropall_dirty (fdx, except); + + SL_RET0(_("sh_unix_closeall")); +} + +static void sh_unix_setlimits(void) +{ + struct rlimit limits; + + SL_ENTER(_("sh_unix_setlimits")); + + limits.rlim_cur = RLIM_INFINITY; + limits.rlim_max = RLIM_INFINITY; + +#ifdef RLIMIT_CPU + setrlimit (RLIMIT_CPU, &limits); +#endif +#ifdef RLIMIT_FSIZE + setrlimit (RLIMIT_FSIZE, &limits); +#endif +#ifdef RLIMIT_DATA + setrlimit (RLIMIT_DATA, &limits); +#endif +#ifdef RLIMIT_STACK + setrlimit (RLIMIT_STACK, &limits); +#endif +#ifdef RLIMIT_RSS + setrlimit (RLIMIT_RSS, &limits); +#endif +#ifdef RLIMIT_NPROC + setrlimit (RLIMIT_NPROC, &limits); +#endif +#ifdef RLIMIT_MEMLOCK + setrlimit (RLIMIT_MEMLOCK, &limits); +#endif + +#if !defined(SL_DEBUG) + /* no core dumps + */ + limits.rlim_cur = 0; + limits.rlim_max = 0; +#ifdef RLIMIT_CORE + setrlimit (RLIMIT_CORE, &limits); +#endif +#else +#ifdef RLIMIT_CORE + setrlimit (RLIMIT_CORE, &limits); +#endif +#endif + + limits.rlim_cur = 1024; + limits.rlim_max = 1024; + +#if defined(RLIMIT_NOFILE) + setrlimit (RLIMIT_NOFILE, &limits); +#elif defined(RLIMIT_OFILE) + setrlimit (RLIMIT_OFILE, &limits); +#endif + + SL_RET0(_("sh_unix_setlimits")); +} + +static void sh_unix_copyenv(void) +{ + char ** env0 = environ; + char ** env1; + int envlen = 0; + size_t len; + + SL_ENTER(_("sh_unix_copyenv")); + + while (env0 != NULL && env0[envlen] != NULL) { + /* printf("%2d: %s\n", envlen, env0[envlen]); */ + ++envlen; + } + ++envlen; + + /* printf("-> %2d: slots allocated\n", envlen); */ + env1 = malloc (sizeof(char *) * envlen); /* only once */ + if (env1 == NULL) + { + fprintf(stderr, _("%s: %d: Out of memory\n"), FIL__, __LINE__); + SL_RET0(_("sh_unix_copyenv")); + } + env0 = environ; + envlen = 0; + + while (env0 != NULL && env0[envlen] != NULL) { + len = strlen(env0[envlen]) + 1; + env1[envlen] = malloc (len); /* only once */ + if (env1[envlen] == NULL) + { + fprintf(stderr, _("%s: %d: Out of memory\n"), FIL__, __LINE__); + SL_RET0(_("sh_unix_copyenv")); + } + sl_strlcpy(env1[envlen], env0[envlen], len); + ++envlen; + } + env1[envlen] = NULL; + + environ = env1; + SL_RET0(_("sh_unix_copyenv")); +} + +/* delete all environment variables + */ +static void sh_unix_zeroenv(void) +{ + char * c; + char ** env; + + SL_ENTER(_("sh_unix_zeroenv")); + + sh_unix_copyenv(); + env = environ; + + while (env != NULL && *env != NULL) { + c = strchr ((*env), '='); +#ifdef WITH_MYSQL + /* + * Skip the MYSQL_UNIX_PORT environment variable; MySQL may need it. + */ + if (0 == sl_strncmp((*env), _("MYSQL_UNIX_PORT="), 16)) + { + ++(env); + continue; + } + if (0 == sl_strncmp((*env), _("MYSQL_TCP_PORT="), 15)) + { + ++(env); + continue; + } + if (0 == sl_strncmp((*env), _("MYSQL_HOME="), 11)) + { + ++(env); + continue; + } +#endif +#ifdef WITH_ORACLE + /* + * Skip the ORACLE_HOME environment variable; Oracle may need it. + */ + if (0 == sl_strncmp((*env), _("ORACLE_HOME="), 12)) + { + ++(env); + continue; + } +#endif + /* + * Skip the TZ environment variable. + */ + if (0 == sl_strncmp((*env), _("TZ="), 3)) + { + ++(env); + continue; + } + ++(env); + if (c != NULL) + { + ++c; + while ((*c) != '\0') { + (*c) = '\0'; + ++c; + } + } + } + + SL_RET0(_("sh_unix_zeroenv")); +} + + +static void sh_unix_resettimer(void) +{ + struct itimerval this_timer; + + SL_ENTER(_("sh_unix_resettimer")); + + this_timer.it_value.tv_sec = 0; + this_timer.it_value.tv_usec = 0; + + this_timer.it_interval.tv_sec = 0; + this_timer.it_interval.tv_usec = 0; + + setitimer(ITIMER_REAL, &this_timer, NULL); +#if !defined(SH_PROFILE) + setitimer(ITIMER_VIRTUAL, &this_timer, NULL); + setitimer(ITIMER_PROF, &this_timer, NULL); +#endif + + SL_RET0(_("sh_unix_resettimer")); +} + +static void sh_unix_resetsignals(void) +{ + int sig_num; +#ifdef NSIG + int max_sig = NSIG; +#else + int max_sig = 255; +#endif + int test; + struct sigaction act, oldact; + int status; + + sigset_t set_proc; + + SL_ENTER(_("sh_unix_resetsignals")); + /* + * Reset the current signal mask (inherited from parent process). + */ + + sigfillset(&set_proc); + + do { + errno = 0; + test = sigprocmask(SIG_UNBLOCK, &set_proc, NULL); + } while (test < 0 && errno == EINTR); + + /* + * Reset signal handling. + */ + + act.sa_handler = SIG_DFL; /* signal action */ + sigemptyset( &act.sa_mask ); /* set an empty mask */ + act.sa_flags = 0; /* init sa_flags */ + + for (sig_num = 1; sig_num <= max_sig; ++sig_num) + { +#if !defined(SH_PROFILE) + test = retry_sigaction(FIL__, __LINE__, sig_num, &act, &oldact); +#else + test = 0; +#endif + if ((test == -1) && (errno != EINVAL)) + { + char errbuf[SH_ERRBUF_SIZE]; + status = errno; + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_W_SIG, + sh_error_message (status, errbuf, sizeof(errbuf)), sig_num); + } + } + + SL_RET0(_("sh_unix_resetsignals")); +} + +/* Get the local hostname (FQDN) + */ +#include + +/* Required for BSD + */ +#ifdef HAVE_NETINET_IN_H +#include +#endif + +#include + +char * sh_unix_h_name (struct hostent * host_entry) +{ + char ** p; + if (strchr(host_entry->h_name, '.')) { + return host_entry->h_name; + } else { + for (p = host_entry->h_aliases; *p; ++p) { + if (strchr(*p, '.')) + return *p; + } + } + return host_entry->h_name; +} + +/* uname() on FreeBSD is broken, because the 'nodename' buf is too small + * to hold a valid (leftmost) domain label. + */ +#if defined(HAVE_UNAME) && !defined(HOST_IS_FREEBSD) +#include +void sh_unix_localhost() +{ + struct utsname buf; + struct hostent * he1; + int i; + int ddot; + int len; + char * p; + char hostname[256]; + + + SL_ENTER(_("sh_unix_localhost")); + + (void) uname (&buf); + /* flawfinder: ignore */ /* ff bug, ff sees system() */ + sl_strlcpy (sh.host.system, buf.sysname, SH_MINIBUF); + sl_strlcpy (sh.host.release, buf.release, SH_MINIBUF); + sl_strlcpy (sh.host.machine, buf.machine, SH_MINIBUF); + + /* Workaround for cases where nodename could be + * a truncated FQDN. + */ + if (strlen(buf.nodename) == (sizeof(buf.nodename)-1)) + { + p = strchr(buf.nodename, '.'); + if (NULL != p) { + *p = '\0'; + sl_strlcpy(hostname, buf.nodename, 256); + } else { +#ifdef HAVE_GETHOSTNAME + if (0 != gethostname(hostname, 256)) + { + sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("nodename returned by uname may be truncated"), + _("sh_unix_localhost")); + sl_strlcpy (hostname, buf.nodename, 256); + } + else + { + hostname[255] = '\0'; + } +#else + sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("nodename returned by uname may be truncated"), + _("sh_unix_localhost")); + sl_strlcpy(hostname, buf.nodename, 256); +#endif + } + } + else + { + sl_strlcpy(hostname, buf.nodename, 256); + } + + SH_MUTEX_LOCK(mutex_resolv); + he1 = sh_gethostbyname(hostname); + + if (he1 != NULL) + { + sl_strlcpy (sh.host.name, sh_unix_h_name(he1), SH_PATHBUF); + } + SH_MUTEX_UNLOCK(mutex_resolv); + + if (he1 == NULL) + { + dlog(1, FIL__, __LINE__, + _("According to uname, your nodename is %s, but your resolver\nlibrary cannot resolve this nodename to a FQDN. For more information, see the entry about self-resolving under 'Most frequently' in the FAQ that you will find in the docs/ subdirectory.\n"), + hostname); + sl_strlcpy (sh.host.name, hostname, SH_PATHBUF); + } + + + /* check whether it looks like a FQDN + */ + len = sl_strlen(sh.host.name); + ddot = 0; + for (i = 0; i < len; ++i) + if (sh.host.name[i] == '.') ++ddot; + + if (ddot == 0 && he1 != NULL) + { + dlog(1, FIL__, __LINE__, + _("According to uname, your nodename is %s, but your resolver\nlibrary cannot resolve this nodename to a FQDN.\nRather, it resolves this to %s.\nFor more information, see the entry about self-resolving under\n'Most frequently' in the FAQ that you will find in the docs/ subdirectory.\n"), + hostname, sh.host.name); + sl_strlcpy (sh.host.name, + inet_ntoa (*(struct in_addr *) he1->h_addr), + SH_PATHBUF); + SL_RET0(_("sh_unix_localhost")); + } + + if (is_numeric(sh.host.name)) + { + dlog(1, FIL__, __LINE__, + _("According to uname, your nodename is %s, but your resolver\nlibrary cannot resolve this nodename to a FQDN.\nRather, it resolves this to %s.\nFor more information, see the entry about self-resolving under\n'Most frequently' in the FAQ that you will find in the docs/ subdirectory.\n"), + hostname, sh.host.name); + } + + SL_RET0(_("sh_unix_localhost")); +} +#else +void sh_unix_localhost() +{ + struct hostent * he1; + int i; + int ddot; + int len; + char hostname[1024]; + + + SL_ENTER(_("sh_unix_localhost")); + + (void) gethostname (hostname, 1024); + hostname[1023] = '\0'; + + SH_MUTEX_LOCK(mutex_resolv); + he1 = sh_gethostbyname(hostname); + + if (he1 != NULL) + { + sl_strlcpy (sh.host.name, sh_unix_h_name(he1), SH_PATHBUF); + } + SH_MUTEX_UNLOCK(mutex_resolv); + + if (he1 == NULL) + { + dlog(1, FIL__, __LINE__, + _("According to gethostname, your nodename is %s, but your resolver\nlibrary cannot resolve this nodename to a FQDN.\nFor more information, see the entry about self-resolving under\n'Most frequently' in the FAQ that you will find in the docs/ subdirectory.\n"), + hostname); + sl_strlcpy (sh.host.name, _("localhost"), SH_PATHBUF); + SL_RET0(_("sh_unix_localhost")); + } + + /* check whether it looks like a FQDN + */ + len = sl_strlen(sh.host.name); + ddot = 0; + for (i = 0; i < len; ++i) + if (sh.host.name[i] == '.') ++ddot; + if (ddot == 0) + { + dlog(1, FIL__, __LINE__, + _("According to uname, your nodename is %s, but your resolver\nlibrary cannot resolve this nodename to a FQDN.\nRather, it resolves this to %s.\nFor more information, see the entry about self-resolving under\n'Most frequently' in the FAQ that you will find in the docs/ subdirectory.\n"), + hostname, sh.host.name); + sl_strlcpy (sh.host.name, + inet_ntoa (*(struct in_addr *) he1->h_addr), + SH_PATHBUF); + SL_RET0(_("sh_unix_localhost")); + } + + if (is_numeric(sh.host.name)) + { + dlog(1, FIL__, __LINE__, + _("According to uname, your nodename is %s, but your resolver\nlibrary cannot resolve this nodename to a FQDN.\nRather, it resolves this to %s.\nFor more information, see the entry about self-resolving under\n'Most frequently' in the FAQ that you will find in the docs/ subdirectory.\n"), + hostname, sh.host.name); + } + + SL_RET0(_("sh_unix_localhost")); +} +#endif + + +void sh_unix_memlock() +{ + SL_ENTER(_("sh_unix_memlock")); + + /* do this before dropping privileges + */ +#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) + if (skey->mlock_failed == SL_FALSE) + { + if ( (-1) == sh_unix_mlock( FIL__, __LINE__, + (char *) skey, sizeof (sh_key_t)) ) + { + SH_MUTEX_LOCK_UNSAFE(mutex_skey); + skey->mlock_failed = SL_TRUE; + SH_MUTEX_UNLOCK_UNSAFE(mutex_skey); + } + } +#else + if (skey->mlock_failed == SL_FALSE) + { + SH_MUTEX_LOCK_UNSAFE(mutex_skey); + skey->mlock_failed = SL_TRUE; + SH_MUTEX_UNLOCK_UNSAFE(mutex_skey); + } +#endif + + SL_RET0(_("sh_unix_memlock")); +} + +#ifdef SH_WITH_SERVER +char * chroot_dir = NULL; + +int sh_unix_set_chroot(const char * str) +{ + size_t len; + static int block = 0; + + if (block == 1) + return 0; + + if (str && *str == '/') + { + len = strlen(str) + 1; + chroot_dir = malloc(strlen(str) + 1); /* only once */ + if (!chroot_dir) + { + fprintf(stderr, _("%s: %d: Out of memory\n"), FIL__, __LINE__); + return 1; + } + sl_strlcpy(chroot_dir, str, len); + block = 1; + return 0; + } + return 1; +} + +int sh_unix_chroot(void) +{ + int status; + + if (chroot_dir != NULL) + { + status = retry_aud_chdir(FIL__, __LINE__, chroot_dir); + if ( (-1) == status ) + { + char errbuf[SH_ERRBUF_SIZE]; + status = errno; + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_W_CHDIR, + sh_error_message (status, errbuf, sizeof(errbuf)), chroot_dir); + aud_exit(FIL__, __LINE__, EXIT_FAILURE); + } + /* flawfinder: ignore */ + return (chroot(chroot_dir)); + } + return 0; +} +/* #ifdef SH_WITH_SERVER */ +#else +int sh_unix_chroot(void) { return 0; } +#endif + +/* daemon mode + */ +static int block_setdeamon = 0; + +int sh_unix_setdeamon(const char * dummy) +{ + int res = 0; + + SL_ENTER(_("sh_unix_setdeamon")); + + if (block_setdeamon != 0) + SL_RETURN((0),_("sh_unix_setdeamon")); + + if (dummy == NULL) + sh.flag.isdaemon = ON; + else + res = sh_util_flagval (dummy, &sh.flag.isdaemon); + + if (sh.flag.opts == S_TRUE) + block_setdeamon = 1; + + SL_RETURN(res, _("sh_unix_setdeamon")); +} +#if defined(HAVE_LIBPRELUDE) +#include "sh_prelude.h" +#endif + +int sh_unix_setnodeamon(const char * dummy) +{ + int res = 0; + + SL_ENTER(_("sh_unix_setnodeamon")); + + if (block_setdeamon != 0) + SL_RETURN((0),_("sh_unix_setmodeamon")); + + if (dummy == NULL) + sh.flag.isdaemon = OFF; + else + res = sh_util_flagval (dummy, &sh.flag.isdaemon); + + if (sh.flag.opts == S_TRUE) + block_setdeamon = 1; + + SL_RETURN(res, _("sh_unix_setnodeamon")); +} + +int sh_unix_init(int goDaemon) +{ + int status; + uid_t uid; + pid_t oldpid = getpid(); +#if defined(SH_WITH_SERVER) + extern int sh_socket_open_int (void); +#endif + char errbuf[SH_ERRBUF_SIZE]; + + SL_ENTER(_("sh_unix_init")); + + /* fork twice, exit the parent process + */ + if (goDaemon == 1) { + + switch (aud_fork(FIL__, __LINE__)) { + case 0: break; /* child process continues */ + case -1: SL_RETURN((-1),_("sh_unix_init")); /* error */ + default: aud__exit(FIL__, __LINE__, 0); /* parent process exits */ + } + + /* Child processes do not inherit page locks across a fork. + * Error in next fork would return in this (?) thread of execution. + */ + sh_unix_memlock(); + + setsid(); /* should not fail */ + sh.pid = (UINT64) getpid(); + + switch (aud_fork(FIL__, __LINE__)) { + case 0: break; /* child process continues */ + case -1: SL_RETURN((-1),_("sh_unix_init")); /* error */ + default: aud__exit(FIL__, __LINE__, 0); /* parent process exits */ + } + + /* Child processes do not inherit page locks across a fork. + */ + sh_unix_memlock(); + sh.pid = (UINT64) getpid(); + + } else { + setsid(); /* should not fail */ + } + + /* set working directory + */ +#ifdef SH_PROFILE + status = 0; +#else + status = retry_aud_chdir(FIL__, __LINE__, "/"); +#endif + if ( (-1) == status ) + { + status = errno; + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_W_CHDIR, + sh_error_message (status, errbuf, sizeof(errbuf)), "/"); + aud_exit(FIL__, __LINE__, EXIT_FAILURE); + } + + /* reset timers + */ + sh_unix_resettimer(); + + /* signal handlers + */ + sh_unix_resetsignals(); +#if defined(SCREW_IT_UP) + sh_sigtrap_prepare(); +#endif + sh_unix_siginstall (goDaemon); + + /* set file creation mask + */ + (void) umask (0); /* should not fail */ + + /* set resource limits to maximum, and + * core dump size to zero + */ + sh_unix_setlimits(); + + /* zero out the environment (like PATH='\0') + */ + sh_unix_zeroenv(); + + if (goDaemon == 1) + { + /* Close first tree file descriptors + */ + close (0); /* if running as daemon */ + close (1); /* if running as daemon */ + close (2); /* if running as daemon */ + + /* Enable full error logging + */ + sh_error_only_stderr (S_FALSE); + + /* open first three streams to /dev/null + */ + status = aud_open(FIL__, __LINE__, SL_NOPRIV, _("/dev/null"), O_RDWR, 0); + if (status < 0) + { + status = errno; + sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + sh_error_message(status, errbuf, sizeof(errbuf)), _("open")); + aud_exit(FIL__, __LINE__, EXIT_FAILURE); + } + + status = retry_aud_dup(FIL__, __LINE__, 0); + if (status >= 0) + retry_aud_dup(FIL__, __LINE__, 0); + + if (status < 0) + { + status = errno; + sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + sh_error_message(status, errbuf, sizeof(errbuf)), _("dup")); + aud_exit(FIL__, __LINE__, EXIT_FAILURE); + } + + sh_error_enable_unsafe (S_TRUE); +#if defined(HAVE_LIBPRELUDE) + sh_prelude_reset (); +#endif + + /* --- wait until parent has exited --- + */ + while (1 == 1) + { + errno = 0; + if (0 > aud_kill (FIL__, __LINE__, oldpid, 0) && errno == ESRCH) + { + break; + } + retry_msleep(0, 1); + } + + /* write PID file + */ + status = sh_unix_write_pid_file(); + if (status < 0) + { + sl_get_euid(&uid); + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_PIDFILE, + (long) uid, sh.srvlog.alt); + aud_exit(FIL__, __LINE__, EXIT_FAILURE); + } +#if defined(SH_WITH_SERVER) + sh_socket_open_int (); +#endif + } + else + { + sh_error_enable_unsafe (S_TRUE); +#if defined(HAVE_LIBPRELUDE) + sh_prelude_reset (); +#endif +#if defined(SH_WITH_SERVER) + sh_socket_open_int (); +#endif + } + + /* chroot (this is a no-op if no chroot dir is specified + */ + status = sh_unix_chroot(); + if (status < 0) + { + status = errno; + sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, + sh_error_message(status, errbuf, sizeof(errbuf)), _("chroot")); + aud_exit(FIL__, __LINE__, EXIT_FAILURE); + } + + /* drop capabilities + */ + sl_drop_cap(); + + SL_RETURN((0),_("sh_unix_init")); +} + +/******************************************************** + * + * TIME + * + ********************************************************/ + +/* Figure out the time offset of the current timezone + * in a portable way. + */ +char * t_zone(const time_t * xx) +{ + struct tm aa; + struct tm bb; + struct tm * cc; + int sign = 0; + int diff = 0; + int hh, mm; + static char tz[64]; + + SL_ENTER(_("t_zone")); + +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GMTIME_R) + cc = gmtime_r (xx, &aa); +#else + cc = gmtime (xx); + memcpy (&aa, cc, sizeof(struct tm)); +#endif + +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) + cc = localtime_r (xx, &bb); +#else + cc = localtime (xx); + memcpy (&bb, cc, sizeof(struct tm)); +#endif + + /* Check for datum wrap-around. + */ + if (aa.tm_year < bb.tm_year) + sign = (-1); + else if (aa.tm_mon < bb.tm_mon) + sign = (-1); + else if (aa.tm_mday < bb.tm_mday) + sign = (-1); + else if (bb.tm_year < aa.tm_year) + sign = ( 1); + else if (bb.tm_mon < aa.tm_mon) + sign = ( 1); + else if (bb.tm_mday < aa.tm_mday) + sign = ( 1); + + diff = aa.tm_hour * 60 + aa.tm_min; + diff = (bb.tm_hour * 60 + bb.tm_min) - diff; + diff = diff - (sign * 24 * 60); /* datum wrap-around correction */ + hh = diff / 60; + mm = diff - (hh * 60); + sprintf (tz, _("%+03d%02d"), hh, mm); /* known to fit */ + + SL_RETURN(tz, _("t_zone")); +} + +unsigned long sh_unix_longtime () +{ + return ((unsigned long)time(NULL)); +} + +#ifdef HAVE_GETTIMEOFDAY +unsigned long sh_unix_notime () +{ + struct timeval tv; + + gettimeofday (&tv, NULL); + + return ((unsigned long)(tv.tv_sec + tv.tv_usec * 10835 + getpid() + getppid())); + +} +#endif + +static int count_dev_time = 0; + +void reset_count_dev_time(void) +{ + count_dev_time = 0; + return; +} + +int sh_unix_settimeserver (const char * address) +{ + + SL_ENTER(_("sh_unix_settimeserver")); + + if (address != NULL && count_dev_time < 2 + && sl_strlen(address) < SH_PATHBUF) + { + if (count_dev_time == 0) + sl_strlcpy (sh.srvtime.name, address, SH_PATHBUF); + else + sl_strlcpy (sh.srvtime.alt, address, SH_PATHBUF); + + ++count_dev_time; + SL_RETURN((0), _("sh_unix_settimeserver")); + } + SL_RETURN((-1), _("sh_unix_settimeserver")); +} + + +#ifdef HAVE_NTIME +#define UNIXEPOCH 2208988800UL /* difference between Unix time and net time + * The UNIX EPOCH starts in 1970. + */ +#include +#include +#include +#include +#include +#endif + +/* Timeserver service. */ +/* define is missing on HP-UX 10.20 */ +#ifndef IPPORT_TIMESERVER +#define IPPORT_TIMESERVER 37 +#endif + +char * sh_unix_time (time_t thetime, char * buffer, size_t len) +{ + + int status; + char AsciiTime[81]; /* local time */ + time_t time_now; + struct tm * time_ptr; +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) + struct tm time_tm; +#endif +#ifdef SH_USE_XML + static char deftime[] = N_("0000-00-00T00:00:00"); /* default time */ +#else + static char deftime[] = N_("[0000-00-00T00:00:00]"); /* default time */ +#endif + +#ifdef HAVE_NTIME + int fd; /* network file descriptor */ + u_char net_time[4]; /* remote time in network format */ + static int failerr = 0; /* no net time */ + int fail = 0; /* no net time */ + int errflag; + char errmsg[256]; + char error_call[SH_MINIBUF]; + int error_num; +#endif + + SL_ENTER(_("sh_unix_time")); + +#ifdef HAVE_NTIME + if (thetime == 0) + { + if (sh.srvtime.name[0] == '\0') + { + fail = 1; + (void) time (&time_now); + } + else /* have a timeserver address */ + { + fd = connect_port_2 (sh.srvtime.name, sh.srvtime.alt, + IPPORT_TIMESERVER, + error_call, &error_num, errmsg, sizeof(errmsg)); + if (fd >= 0) + { + if (4 != read_port (fd, (char *) net_time, 4, &errflag, 2)) + { + fail = 1; + sh_error_handle ((-1), FIL__, __LINE__, errflag, + MSG_E_NLOST, + _("time"), sh.srvtime.name); + } + close(fd); + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, error_num, + MSG_E_NET, errmsg, error_call, + _("time"), sh.srvtime.name); + fail = 1; + } + + if (fail == 0) + { + time_now = ntohl(* (long *) net_time) - UNIXEPOCH; + /* fprintf(stderr, "TIME IS %ld\n", time_now); */ + if (failerr == 1) { + failerr = 0; + sh_error_handle ((-1), FIL__, __LINE__, 0, + MSG_E_NEST, + _("time"), sh.srvtime.name); + } + } + else + { + (void) time (&time_now); + if (failerr == 0) + { + failerr = 1; + sh_error_handle ((-1), FIL__, __LINE__, errflag, + MSG_SRV_FAIL, + _("time"), sh.srvtime.name); + } + } + } + } + else + { + time_now = thetime; + } + + /* #ifdef HAVE_NTIME */ +#else + + if (thetime == 0) + { + (void) time (&time_now); + } + else + { + time_now = thetime; + } + + /* #ifdef HAVE_NTIME */ +#endif + + if (time_now == (-1) ) + { + sl_strlcpy(buffer, _(deftime), len); + SL_RETURN(buffer, _("sh_unix_time")); + } + else + { +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) + time_ptr = localtime_r (&time_now, &time_tm); +#else + time_ptr = localtime (&time_now); +#endif + } + if (time_ptr != NULL) + { + status = strftime (AsciiTime, sizeof(AsciiTime), +#ifdef SH_USE_XML + _("%Y-%m-%dT%H:%M:%S%%s"), +#else + _("[%Y-%m-%dT%H:%M:%S%%s]"), +#endif + time_ptr); + + sl_snprintf(buffer, len, AsciiTime, t_zone(&time_now)); + + if ( (status == 0) || (status == sizeof(AsciiTime)) ) + { + sl_strlcpy(buffer, _(deftime), len); + SL_RETURN( buffer, _("sh_unix_time")); + } + else + { + SL_RETURN(buffer, _("sh_unix_time")); + } + } + + /* last resort + */ + sl_strlcpy(buffer, _(deftime), len); + SL_RETURN( buffer, _("sh_unix_time")); +} + +static int sh_unix_use_localtime = S_FALSE; + +/* whether to use localtime for file timesatams in logs + */ +int sh_unix_uselocaltime (const char * c) +{ + int i; + SL_ENTER(_("sh_unix_uselocaltime")); + i = sh_util_flagval(c, &(sh_unix_use_localtime)); + + SL_RETURN(i, _("sh_unix_uselocaltime")); +} + +char * sh_unix_gmttime (time_t thetime, char * buffer, size_t len) +{ + + int status; + + struct tm * time_ptr; +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) + struct tm time_tm; +#endif + char AsciiTime[81]; /* GMT time */ +#ifdef SH_USE_XML + static char deftime[] = N_("0000-00-00T00:00:00"); /* default time */ +#else + static char deftime[] = N_("[0000-00-00T00:00:00]"); /* default time */ +#endif + + SL_ENTER(_("sh_unix_gmttime")); + + if (sh_unix_use_localtime == S_FALSE) + { +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GMTIME_R) + time_ptr = gmtime_r (&thetime, &time_tm); +#else + time_ptr = gmtime (&thetime); +#endif + } + else + { +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) + time_ptr = localtime_r (&thetime, &time_tm); +#else + time_ptr = localtime (&thetime); +#endif + } + if (time_ptr != NULL) + { + status = strftime (AsciiTime, 80, +#ifdef SH_USE_XML + _("%Y-%m-%dT%H:%M:%S"), +#else + _("[%Y-%m-%dT%H:%M:%S]"), +#endif + time_ptr); + + if ( (status == 0) || (status == 80) ) + sl_strlcpy(buffer, _(deftime), len); + else + sl_strlcpy(buffer, AsciiTime, len); + SL_RETURN( buffer, _("sh_unix_gmttime")); + } + + /* last resort + */ + sl_strlcpy(buffer, _(deftime), len); + SL_RETURN( buffer, _("sh_unix_gmttime")); +} + + +char * sh_unix_getUIDdir (int level, uid_t uid, char * out, size_t len) +{ + struct passwd * tempres; + int status = 0; +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R) + struct passwd pwd; + char buffer[SH_PWBUF_SIZE]; +#endif + char errbuf[SH_ERRBUF_SIZE]; + + SL_ENTER(_("sh_unix_getUIDdir")); + +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R) + sh_getpwuid_r(uid, &pwd, buffer, sizeof(buffer), &tempres); +#else + errno = 0; + tempres = sh_getpwuid(uid); + status = errno; +#endif + + if (tempres == NULL) { + sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_PWNULL, + sh_error_message(status, errbuf, sizeof(errbuf)), + _("getpwuid"), (long) uid, _("completely missing")); + SL_RETURN( NULL, _("sh_unix_getUIDdir")); + } + + if (tempres->pw_dir != NULL) { + sl_strlcpy(out, tempres->pw_dir, len); + SL_RETURN( out, _("sh_unix_getUIDdir")); + } else { + sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_PWNULL, + sh_error_message(status, errbuf, sizeof(errbuf)), + _("getpwuid"), (long) uid, _("pw_dir")); + SL_RETURN( NULL, _("sh_unix_getUIDdir")); + } +} + +SH_MUTEX_STATIC(mutex_getUIDname, PTHREAD_MUTEX_INITIALIZER); + +char * sh_unix_getUIDname (int level, uid_t uid, char * out, size_t len) +{ + struct passwd * tempres; +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R) + struct passwd pwd; + char buffer[SH_PWBUF_SIZE]; +#endif + int status = 0; + static uid_t old_uid; + static char name[32] = { '\0' }; + char errbuf[SH_ERRBUF_SIZE]; + + SL_ENTER(_("sh_unix_getUIDname")); + + if ((uid == old_uid) && (name[0] != '\0')) { + out[0] = '\0'; + SH_MUTEX_LOCK_UNSAFE(mutex_getUIDname); + if ((uid == old_uid) && (name[0] != '\0')) { + sl_strlcpy(out, name, len); + } + SH_MUTEX_UNLOCK_UNSAFE(mutex_getUIDname); + if (out[0] != '\0') + SL_RETURN( out, _("sh_unix_getUIDname")); + } + +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R) + sh_getpwuid_r(uid, &pwd, buffer, sizeof(buffer), &tempres); +#else + errno = 0; + tempres = sh_getpwuid(uid); + status = errno; +#endif + + if (tempres == NULL) { + sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_PWNULL, + sh_error_message(status, errbuf, sizeof(errbuf)), + _("getpwuid"), (long) uid, _("completely missing")); + SL_RETURN( NULL, _("sh_unix_getUIDname")); + } + + + if (tempres->pw_name != NULL) { + SH_MUTEX_LOCK_UNSAFE(mutex_getUIDname); + sl_strlcpy(name, tempres->pw_name, sizeof(name)); + old_uid = uid; + sl_strlcpy(out, name, len); + SH_MUTEX_UNLOCK_UNSAFE(mutex_getUIDname); + SL_RETURN( out, _("sh_unix_getUIDname")); + } else { + sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_PWNULL, + sh_error_message(status, errbuf, sizeof(errbuf)), + _("getpwuid"), (long) uid, _("pw_user")); + SL_RETURN( NULL, _("sh_unix_getUIDname")); + } +} + +SH_MUTEX_STATIC(mutex_getGIDname, PTHREAD_MUTEX_INITIALIZER); + +char * sh_unix_getGIDname (int level, gid_t gid, char * out, size_t len) +{ + struct group * tempres; + int status = 0; + static gid_t old_gid; + static char name[32] = { '\0' }; +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + struct group grp; + char buffer[SH_GRBUF_SIZE]; +#endif + char errbuf[SH_ERRBUF_SIZE]; + + + SL_ENTER(_("sh_unix_getGIDname")); + + if ((gid == old_gid) && (name[0] != '\0')) { + out[0] = '\0'; + SH_MUTEX_LOCK_UNSAFE(mutex_getGIDname); + if ((gid == old_gid) && (name[0] != '\0')) { + sl_strlcpy(out, name, len); + } + SH_MUTEX_UNLOCK_UNSAFE(mutex_getGIDname); + if (out[0] != '\0') + SL_RETURN( out, _("sh_unix_getGIDname")); + } + +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + status = sh_getgrgid_r(gid, &grp, buffer, sizeof(buffer), &tempres); +#else + errno = 0; + tempres = sh_getgrgid(gid); + status = errno; +#endif + + if (tempres == NULL) { + sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_GRNULL, + sh_error_message(status, errbuf, sizeof(errbuf)), + _("getgrgid"), (long) gid, _("completely missing")); + + SL_RETURN( NULL, _("sh_unix_getGIDname")); + } + + if (tempres->gr_name != NULL) { + SH_MUTEX_LOCK_UNSAFE(mutex_getGIDname); + sl_strlcpy(name, tempres->gr_name, sizeof(name)); + old_gid = gid; + sl_strlcpy(out, name, len); + SH_MUTEX_UNLOCK_UNSAFE(mutex_getGIDname); + SL_RETURN( out, _("sh_unix_getGIDname")); + } else { + sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_GRNULL, + sh_error_message(status, errbuf, sizeof(errbuf)), + _("getgrgid"), (long) gid, _("gr_name")); + SL_RETURN( NULL, _("sh_unix_getGIDname")); + } +} + +int sh_unix_getUser () +{ + char * p; + uid_t seuid, sruid; + char user[USER_MAX]; + char dir[SH_PATHBUF]; + + SL_ENTER(_("sh_unix_getUser")); + + seuid = geteuid(); + + sh.effective.uid = seuid; + + p = sh_unix_getUIDdir (SH_ERR_ERR, seuid, dir, sizeof(dir)); + + if (p == NULL) + SL_RETURN((-1), _("sh_unix_getUser")); + else + { + if (sl_strlen(p) >= SH_PATHBUF) { + sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, EINVAL, MSG_E_PWLONG, + _("getpwuid"), (long) seuid, _("pw_home")); + SL_RETURN((-1), _("sh_unix_getUser")); + } else { + sl_strlcpy ( sh.effective.home, p, SH_PATHBUF); + } + } + + sruid = getuid(); + + sh.real.uid = sruid; + + p = sh_unix_getUIDname (SH_ERR_ERR, sruid, user, sizeof(user)); + if (p == NULL) + SL_RETURN((-1), _("sh_unix_getUser")); + else + { + if (sl_strlen(p) >= USER_MAX) { + sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, EINVAL, MSG_E_PWLONG, + _("getpwuid"), (long) sruid, _("pw_user")); + SL_RETURN((-1), _("sh_unix_getUser")); + } else { + sl_strlcpy ( sh.real.user, p, USER_MAX); + } + } + + p = sh_unix_getUIDdir (SH_ERR_ERR, sruid, dir, sizeof(dir)); + + if (p == NULL) + SL_RETURN((-1), _("sh_unix_getUser")); + else + { + if (sl_strlen(p) >= SH_PATHBUF) { + sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, EINVAL, MSG_E_PWLONG, + _("getpwuid"), (long) sruid, _("pw_home")); + SL_RETURN((-1), _("sh_unix_getUser")); + } else { + sl_strlcpy ( sh.real.home, p, SH_PATHBUF); + } + } + + SL_RETURN((0), _("sh_unix_getUser")); + + /* notreached */ +} + + +int sh_unix_getline (SL_TICKET fd, char * line, int sizeofline) +{ + register int count; + register int n = 0; + char c; + + SL_ENTER(_("sh_unix_getline")); + + if (sizeofline < 2) { + line[0] = '\0'; + SL_RETURN((0), _("sh_unix_getline")); + } + + --sizeofline; + + while (n < sizeofline) { + + count = sl_read (fd, &c, 1); + + /* end of file + */ + if (count < 1) { + line[n] = '\0'; + n = -1; + break; + } + + if (/* c != '\0' && */ c != '\n') { + line[n] = c; + ++n; + } else if (c == '\n') { + if (n > 0) { + line[n] = '\0'; + break; + } else { + line[n] = '\n'; /* get newline only if only char on line */ + ++n; + line[n] = '\0'; + break; + } + } else { + line[n] = '\0'; + break; + } + + } + + + line[sizeofline] = '\0'; /* make sure line is terminated */ + SL_RETURN((n), _("sh_unix_getline")); +} + + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + +/************************************************************** + * + * --- FILE INFO --- + * + **************************************************************/ + +#if (defined(__linux__) && (defined(HAVE_LINUX_EXT2_FS_H) || defined(HAVE_EXT2FS_EXT2_FS_H))) || defined(HAVE_STAT_FLAGS) + +#if defined(__linux__) + +/* --- Determine ext2fs file attributes. --- + */ +#include +#if defined(HAVE_EXT2FS_EXT2_FS_H) +#include +#else +#include +#endif + +/* __linux__ includes */ +#endif + +static +int sh_unix_getinfo_attr (char * name, + unsigned long * flags, + char * c_attr, + int fd, struct stat * buf) +{ + +/* TAKEN FROM: + * + * lsattr.c - List file attributes on an ext2 file system + * + * Copyright (C) 1993, 1994 Remy Card + * Laboratoire MASI, Institut Blaise Pascal + * Universite Pierre et Marie Curie (Paris VI) + * + * This file can be redistributed under the terms of the GNU General + * Public License + */ + +#ifdef HAVE_STAT_FLAGS + + SL_ENTER(_("sh_unix_getinfo_attr")); + + *flags = 0; + + /* cast to void to avoid compiler warning about unused parameters */ + (void) fd; + (void) name; + +#ifdef UF_NODUMP + if (buf->st_flags & UF_NODUMP) { + *flags |= UF_NODUMP; + c_attr[0] = 'd'; + } +#endif +#ifdef UF_IMMUTABLE + if (buf->st_flags & UF_IMMUTABLE) { + *flags |= UF_IMMUTABLE; + c_attr[1] = 'i'; + } +#endif +#ifdef UF_APPEND + if (buf->st_flags & UF_APPEND) { + *flags |= UF_APPEND; + c_attr[2] = 'a'; + } +#endif +#ifdef UF_NOUNLINK + if (buf->st_flags & UF_NOUNLINK) { + *flags |= UF_NOUNLINK; + c_attr[3] = 'u'; + } +#endif +#ifdef UF_OPAQUE + if (buf->st_flags & UF_OPAQUE) { + *flags |= UF_OPAQUE; + c_attr[4] = 'o'; + } +#endif +#ifdef SF_ARCHIVED + if (buf->st_flags & SF_ARCHIVED) { + *flags |= SF_ARCHIVED; + c_attr[5] = 'R'; + } + +#endif +#ifdef SF_IMMUTABLE + if (buf->st_flags & SF_IMMUTABLE) { + *flags |= SF_IMMUTABLE; + c_attr[6] = 'I'; + } +#endif +#ifdef SF_APPEND + if (buf->st_flags & SF_APPEND) { + *flags |= SF_APPEND; + c_attr[7] = 'A'; + } +#endif +#ifdef SF_NOUNLINK + if (buf->st_flags & SF_NOUNLINK) { + *flags |= SF_NOUNLINK; + c_attr[8] = 'U'; + } +#endif + + /* ! HAVE_STAT_FLAGS */ +#else + +#ifdef HAVE_EXT2_IOCTLS + int /* fd, */ r, f; + + SL_ENTER(_("sh_unix_getinfo_attr")); + + *flags = 0; + (void) buf; + + /* open() -> aud_open() R.Wichmann + fd = aud_open (FIL__, __LINE__, SL_YESPRIV, name, O_RDONLY|O_NONBLOCK, 0); + */ + + if (fd == -1 || name == NULL) + SL_RETURN(-1, _("sh_unix_getinfo_attr")); + + + r = ioctl (fd, EXT2_IOC_GETFLAGS, &f); + /* close (fd); */ + + if (r == -1) + SL_RETURN(-1, _("sh_unix_getinfo_attr")); + + if (f == 0) + SL_RETURN(0, _("sh_unix_getinfo_attr")); + + *flags = f; + +/* ! HAVE_EXT2_IOCTLS */ +#else + + SL_ENTER(_("sh_unix_getinfo_attr")); + + *flags = 0; /* modified by R.Wichmann */ + +/* ! HAVE_EXT2_IOCTLS */ +#endif +/* + * END + * + * lsattr.c - List file attributes on an ext2 file system + */ + + if (*flags == 0) + goto theend; + +#ifdef EXT2_SECRM_FL + if ( (*flags & EXT2_SECRM_FL) != 0 ) c_attr[0] = 's'; +#endif +#ifdef EXT2_UNRM_FL + if ( (*flags & EXT2_UNRM_FL) != 0 ) c_attr[1] = 'u'; +#endif +#ifdef EXT2_SYNC_FL + if ( (*flags & EXT2_SYNC_FL) != 0 ) c_attr[2] = 'S'; +#endif +#ifdef EXT2_IMMUTABLE_FL + if ( (*flags & EXT2_IMMUTABLE_FL) != 0) c_attr[3] = 'i'; +#endif +#ifdef EXT2_APPEND_FL + if ( (*flags & EXT2_APPEND_FL) != 0 ) c_attr[4] = 'a'; +#endif +#ifdef EXT2_NODUMP_FL + if ( (*flags & EXT2_NODUMP_FL) != 0 ) c_attr[5] = 'd'; +#endif +#ifdef EXT2_NOATIME_FL + if ( (*flags & EXT2_NOATIME_FL) != 0) c_attr[6] = 'A'; +#endif +#ifdef EXT2_COMPR_FL + if ( (*flags & EXT2_COMPR_FL) != 0 ) c_attr[7] = 'c'; +#endif + +#ifdef EXT2_TOPDIR_FL + if ( (*flags & EXT2_TOPDIR_FL) != 0 ) c_attr[8] = 'T'; +#endif +#ifdef EXT2_DIRSYNC_FL + if ( (*flags & EXT2_DIRSYNC_FL) != 0 ) c_attr[9] = 'D'; +#endif +#ifdef EXT2_NOTAIL_FL + if ( (*flags & EXT2_NOTAIL_FL) != 0 ) c_attr[10] = 't'; +#endif +#ifdef EXT2_JOURNAL_DATA_FL + if ( (*flags & EXT2_JOURNAL_DATA_FL) != 0) c_attr[11] = 'j'; +#endif + + theend: + /* ext2 */ +#endif + + c_attr[12] = '\0'; + + SL_RETURN(0, _("sh_unix_getinfo_attr")); +} +#else +static +int sh_unix_getinfo_attr (char * name, + unsigned long * flags, + char * c_attr, + int fd, struct stat * buf) +{ + return 0; +} + +/* defined(__linux__) || defined(HAVE_STAT_FLAGS) */ +#endif + +/* determine file type + */ +static +int sh_unix_getinfo_type (struct stat * buf, + ShFileType * type, + char * c_mode) +{ + SL_ENTER(_("sh_unix_getinfo_type")); + + if ( S_ISREG(buf->st_mode) ) { + (*type) = SH_FILE_REGULAR; + c_mode[0] = '-'; + } + else if ( S_ISLNK(buf->st_mode) ) { + (*type) = SH_FILE_SYMLINK; + c_mode[0] = 'l'; + } + else if ( S_ISDIR(buf->st_mode) ) { + (*type) = SH_FILE_DIRECTORY; + c_mode[0] = 'd'; + } + else if ( S_ISCHR(buf->st_mode) ) { + (*type) = SH_FILE_CDEV; + c_mode[0] = 'c'; + } + else if ( S_ISBLK(buf->st_mode) ) { + (*type) = SH_FILE_BDEV; + c_mode[0] = 'b'; + } + else if ( S_ISFIFO(buf->st_mode) ) { + (*type) = SH_FILE_FIFO; + c_mode[0] = '|'; + } + else if ( S_ISSOCK(buf->st_mode) ) { + (*type) = SH_FILE_SOCKET; + c_mode[0] = 's'; + } + else if ( S_ISDOOR(buf->st_mode) ) { + (*type) = SH_FILE_DOOR; + c_mode[0] = 'D'; + } + else if ( S_ISPORT(buf->st_mode) ) { + (*type) = SH_FILE_PORT; + c_mode[0] = 'P'; + } + else { + (*type) = SH_FILE_UNKNOWN; + c_mode[0] = '?'; + } + + SL_RETURN(0, _("sh_unix_getinfo_type")); +} + +int sh_unix_get_ftype(char * fullpath) +{ + char c_mode[CMODE_SIZE]; + struct stat buf; + ShFileType type; + int res; + + SL_ENTER(_("sh_unix_get_ftype")); + + res = retry_lstat(FIL__, __LINE__, fullpath, &buf); + + if (res < 0) + SL_RETURN(SH_FILE_UNKNOWN, _("sh_unix_getinfo_type")); + + sh_unix_getinfo_type (&buf, &type, c_mode); + + SL_RETURN(type, _("sh_unix_get_ftype")); +} + + +static +int sh_unix_getinfo_mode (struct stat *buf, + unsigned int * mode, + char * c_mode) +{ + + SL_ENTER(_("sh_unix_getinfo_mode")); + + (*mode) = buf->st_mode; + + /* make 'ls'-like string */ + + if ( (buf->st_mode & S_IRUSR) != 0 ) c_mode[1] = 'r'; + if ( (buf->st_mode & S_IWUSR) != 0 ) c_mode[2] = 'w'; + if ( (buf->st_mode & S_IXUSR) != 0 ) { + if ((buf->st_mode & S_ISUID) != 0 ) c_mode[3] = 's'; + else c_mode[3] = 'x'; + } else { + if ((buf->st_mode & S_ISUID) != 0 ) c_mode[3] = 'S'; + } + + if ( (buf->st_mode & S_IRGRP) != 0 ) c_mode[4] = 'r'; + if ( (buf->st_mode & S_IWGRP) != 0 ) c_mode[5] = 'w'; + if ( (buf->st_mode & S_IXGRP) != 0 ) { + if ((buf->st_mode & S_ISGID) != 0 ) c_mode[6] = 's'; + else c_mode[6] = 'x'; + } else { + if ((buf->st_mode & S_ISGID) != 0 ) c_mode[6] = 'S'; + } + + if ( (buf->st_mode & S_IROTH) != 0 ) c_mode[7] = 'r'; + if ( (buf->st_mode & S_IWOTH) != 0 ) c_mode[8] = 'w'; +#ifdef S_ISVTX /* not POSIX */ + if ( (buf->st_mode & S_IXOTH) != 0 ) { + if ((buf->st_mode & S_ISVTX) != 0 ) c_mode[9] = 't'; + else c_mode[9] = 'x'; + } else { + if ((buf->st_mode & S_ISVTX) != 0 ) c_mode[9] = 'T'; + } +#else + if ( (buf->st_mode & S_IXOTH) != 0 ) c_mode[9] = 'x'; +#endif + + SL_RETURN(0, _("sh_unix_getinfo_mode")); +} + + +long IO_Limit = 0; + +void sh_unix_io_pause () +{ + long runtime; + float someval; + unsigned long sometime; + + if (IO_Limit == 0) + { + return; + } + else + { + runtime = (long) (time(NULL) - sh.statistics.time_start); + + if (runtime > 0 && (long)(sh.statistics.bytes_hashed/runtime) > IO_Limit) + { + someval = sh.statistics.bytes_hashed - (IO_Limit * runtime); + someval /= (float) IO_Limit; + if (someval < 1.0) + { + someval *= 1000; /* milliseconds in a second */ + sometime = (unsigned long) someval; + retry_msleep(0, sometime); + } + else + { + sometime = (unsigned long) someval; + retry_msleep (sometime, 0); + } + } + } + return; +} + +int sh_unix_set_io_limit (const char * c) +{ + long val; + + SL_ENTER(_("sh_unix_set_io_limit")); + + val = strtol (c, (char **)NULL, 10); + if (val < 0) + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("set I/O limit"), c); + + val = (val < 0 ? 0 : val); + + IO_Limit = val * 1024; + SL_RETURN( 0, _("sh_unix_set_io_limit")); +} + +/* obtain file info + */ +extern int flag_err_debug; + +#include "sh_ignore.h" + +int sh_unix_checksum_size (char * filename, struct stat * fbuf, + char * fileHash, int alert_timeout, SL_TICKET fd) +{ + file_type tmpFile; + int status; + + SL_ENTER(_("sh_unix_checksum_size")); + + tmpFile.link_path = NULL; + + if (sh.flag.checkSum != SH_CHECK_INIT) + { + /* lookup file in database */ + status = sh_hash_get_it (filename, &tmpFile); + if (status != 0) { + goto out; + } + } + else + { + tmpFile.size = fbuf->st_size; + } + + /* if last < current get checksum */ + if (tmpFile.size < fbuf->st_size) + { + char hashbuf[KEYBUF_SIZE]; + UINT64 local_length = (UINT64) (tmpFile.size < 0 ? 0 : tmpFile.size); + sl_strlcpy(fileHash, + sh_tiger_generic_hash (filename, fd, &(local_length), + alert_timeout, hashbuf, sizeof(hashbuf)), + KEY_LEN+1); + + /* return */ + if (tmpFile.link_path) SH_FREE(tmpFile.link_path); + SL_RETURN( 0, _("sh_unix_checksum_size")); + } + + out: + if (tmpFile.link_path) SH_FREE(tmpFile.link_path); + sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1); + SL_RETURN( -1, _("sh_unix_checksum_size")); +} + +int sh_unix_check_selinux = S_FALSE; +int sh_unix_check_acl = S_FALSE; + +#ifdef USE_ACL + +#include +static char * sh_unix_getinfo_acl (char * path, int fd, struct stat * buf) +{ + /* system.posix_acl_access, system.posix_acl_default + */ + char * out = NULL; + char * collect = NULL; + char * tmp; + char * out_compact; + ssize_t len; + acl_t result; + + SL_ENTER(_("sh_unix_getinfo_acl")); + + result = (fd == -1) ? + acl_get_file (path, ACL_TYPE_ACCESS) : + acl_get_fd (fd); + + if (result) + { + out = acl_to_text (result, &len); + if (out && (len > 0)) { + out_compact = sh_util_acl_compact (out, len); + acl_free(out); + if (out_compact) + { + collect = sh_util_strconcat (_("acl_access:"), out_compact, NULL); + SH_FREE(out_compact); + } + } + acl_free(result); + } + + + if ( S_ISDIR(buf->st_mode) ) + { + result = acl_get_file (path, ACL_TYPE_DEFAULT); + + if (result) + { + out = acl_to_text (result, &len); + if (out && (len > 0)) { + out_compact = sh_util_acl_compact (out, len); + acl_free(out); + if (out_compact) { + if (collect) { + tmp = sh_util_strconcat (_("acl_default:"), + out_compact, ":", collect, NULL); + SH_FREE(collect); + } + else { + tmp = sh_util_strconcat (_("acl_default:"), out_compact, NULL); + } + SH_FREE(out_compact); + collect = tmp; + } + } + acl_free(result); + } + } + + SL_RETURN((collect),_("sh_unix_getinfo_acl")); +} +#endif + +#ifdef USE_XATTR + +#include +static char * sh_unix_getinfo_xattr_int (char * path, int fd, char * name) +{ + char * out = NULL; + char * tmp = NULL; + size_t size = 256; + ssize_t result; + + SL_ENTER(_("sh_unix_getinfo_xattr_int")); + + out = SH_ALLOC(size); + + result = (fd == -1) ? + lgetxattr (path, name, out, size-1) : + fgetxattr (fd, name, out, size-1); + + if (result == -1 && errno == ERANGE) + { + SH_FREE(out); + result = (fd == -1) ? + lgetxattr (path, name, NULL, 0) : + fgetxattr (fd, name, NULL, 0); + size = result + 1; + out = SH_ALLOC(size); + result = (fd == -1) ? + lgetxattr (path, name, out, size-1) : + fgetxattr (fd, name, out, size-1); + } + + if ((result > 0) && ((size_t)result < size)) + { + out[size-1] = '\0'; + tmp = out; + } + else + { + SH_FREE(out); + } + + SL_RETURN((tmp),_("sh_unix_getinfo_xattr_int")); +} + + +static char * sh_unix_getinfo_xattr (char * path, int fd, struct stat * buf) +{ + /* system.posix_acl_access, system.posix_acl_default, security.selinux + */ + char * tmp; + char * out = NULL; + char * collect = NULL; + + SL_ENTER(_("sh_unix_getinfo_xattr")); + +#ifdef USE_ACL + /* + * we need the acl_get_fd/acl_get_file functions, getxattr will only + * yield the raw bytes + */ + if (sh_unix_check_acl == S_TRUE) + { + out = sh_unix_getinfo_acl(path, fd, buf); + + if (out) + { + collect = out; + } + } +#endif + + if (sh_unix_check_selinux == S_TRUE) + { + out = sh_unix_getinfo_xattr_int(path, fd, _("security.selinux")); + + if (out) + { + if (collect) { + tmp = sh_util_strconcat(_("selinux:"), out, ":", collect, NULL); + SH_FREE(collect); + } + else { + tmp = sh_util_strconcat(_("selinux:"), out, NULL); + } + SH_FREE(out); + collect = tmp; + } + } + + SL_RETURN((collect),_("sh_unix_getinfo_xattr")); +} +#endif + +#ifdef USE_XATTR +int sh_unix_setcheckselinux (const char * c) +{ + int i; + SL_ENTER(_("sh_unix_setcheckselinux")); + i = sh_util_flagval(c, &(sh_unix_check_selinux)); + + SL_RETURN(i, _("sh_unix_setcheckselinux")); +} +#endif + +#ifdef USE_ACL +int sh_unix_setcheckacl (const char * c) +{ + int i; + SL_ENTER(_("sh_unix_setcheckacl")); + i = sh_util_flagval(c, &(sh_unix_check_acl)); + + SL_RETURN(i, _("sh_unix_setcheckacl")); +} +#endif + +#ifdef HAVE_LIBZ +#include +#endif + +int sh_unix_getinfo (int level, char * filename, file_type * theFile, + char * fileHash, int policy) +{ + char timestr[81]; + long runtim; + struct stat buf; + struct stat lbuf; + struct stat fbuf; + int stat_return; + + ShFileType type; + unsigned int mode; + char * tmp; + char * tmp2; + + char * linknamebuf; + int linksize; + + extern int get_the_fd (SL_TICKET ticket); + + SL_TICKET rval_open; + int fd; + int fstat_return; + sh_string * content = NULL; + + time_t tend; + time_t tstart; + + + char * path = NULL; + + int alert_timeout = 120; + + path = theFile->fullpath; + + SL_ENTER(_("sh_unix_getinfo")); + + /* --- Stat the file, and get checksum. --- + */ + tstart = time(NULL); + + stat_return = retry_lstat (FIL__, __LINE__, + path /* theFile->fullpath */, &buf); + + fd = -1; + fstat_return = -1; + rval_open = -1; + + theFile->link_path = NULL; + + if (stat_return == 0 && S_ISREG(buf.st_mode)) + { + rval_open = sl_open_fastread (path /* theFile->fullpath */, SL_YESPRIV); + + alert_timeout = 120; /* this is per 8K block now ! */ + + if (path[1] == 'p' && path[5] == '/' && path[2] == 'r' && + path[3] == 'o' && path[4] == 'c' && path[0] == '/') + { + /* seven is magic */ + alert_timeout = 7; + } + + fd = get_the_fd(rval_open); + } + + tend = time(NULL); + + /* An unprivileged user may slow lstat/open to a crawl + * with clever path/symlink setup + */ + if ((tend - tstart) > (time_t) /* 60 */ 6) + { + tmp2 = sh_util_safe_name (theFile->fullpath); + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_FI_TOOLATE, + (long)(tend - tstart), tmp2); + SH_FREE(tmp2); + } + + if (fd >= 0) + fstat_return = retry_fstat (FIL__, __LINE__, fd, &fbuf); + else + fd = -1; + + + /* --- case 1: lstat failed --- + */ + if (stat_return != 0) + { + stat_return = errno; + if (!SL_ISERROR(rval_open)) + sl_close(rval_open); + if (sh.flag.checkSum == SH_CHECK_INIT || + (sh_hash_have_it (theFile->fullpath) >= 0 && + (!SH_FFLAG_REPORTED_SET(theFile->file_reported)))) + { + if (S_FALSE == sh_ignore_chk_del(theFile->fullpath)) { + char errbuf[SH_ERRBUF_SIZE]; + tmp2 = sh_util_safe_name (theFile->fullpath); + sh_error_handle (level, FIL__, __LINE__, stat_return, MSG_FI_LSTAT, + sh_error_message (stat_return, errbuf, sizeof(errbuf)), + tmp2); + SH_FREE(tmp2); + } + } + SL_RETURN((-1),_("sh_unix_getinfo")); + } + + /* --- case 2: not a regular file --- + */ + else if (! S_ISREG(buf.st_mode)) + { + if (fileHash != NULL) + sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1); + } + + /* --- case 3a: a regular file, fstat ok --- + */ + else if (fstat_return == 0 && + buf.st_mode == fbuf.st_mode && + buf.st_ino == fbuf.st_ino && + buf.st_uid == fbuf.st_uid && + buf.st_gid == fbuf.st_gid && + buf.st_dev == fbuf.st_dev ) + { + if (fileHash != NULL) + { + if ((theFile->check_mask & MODI_CHK) == 0) + { + sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1); + } + else if ((theFile->check_mask & MODI_PREL) != 0 && + S_TRUE == sh_prelink_iself(rval_open, fbuf.st_size, + alert_timeout, theFile->fullpath)) + { + if (0 != sh_prelink_run (theFile->fullpath, + fileHash, alert_timeout)) + sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1); + } + else + { + char hashbuf[KEYBUF_SIZE]; + UINT64 length_nolim = TIGER_NOLIM; + + if (MODI_TXT_ENABLED(theFile->check_mask) && fbuf.st_size < (10 * SH_TXT_MAX)) + { + sl_init_content (rval_open, fbuf.st_size); + } + + sl_strlcpy(fileHash, + sh_tiger_generic_hash (theFile->fullpath, + rval_open, &length_nolim, + alert_timeout, + hashbuf, sizeof(hashbuf)), + KEY_LEN+1); + + content = sl_get_content(rval_open); + content = sh_string_copy(content); + + if ((theFile->check_mask & MODI_SGROW) != 0) + { + fbuf.st_size = (off_t) length_nolim; + buf.st_size = fbuf.st_size; + sl_rewind(rval_open); + sh_unix_checksum_size (theFile->fullpath, &fbuf, + &fileHash[KEY_LEN + 1], + alert_timeout, rval_open); + } + } + } + } + + /* --- case 3b: a regular file, fstat ok, but different --- + */ + else if (fstat_return == 0 && S_ISREG(fbuf.st_mode)) + { + memcpy (&buf, &fbuf, sizeof( struct stat )); + + if (fileHash != NULL) + { + if ((theFile->check_mask & MODI_CHK) == 0) + { + sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1); + } + else if (policy == SH_LEVEL_PRELINK && + S_TRUE == sh_prelink_iself(rval_open, fbuf.st_size, + alert_timeout, theFile->fullpath)) + { + if (0 != sh_prelink_run (theFile->fullpath, + fileHash, alert_timeout)) + sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1); + } + else + { + char hashbuf[KEYBUF_SIZE]; + UINT64 length_nolim = TIGER_NOLIM; + + if (MODI_TXT_ENABLED(theFile->check_mask) && fbuf.st_size < (10 * SH_TXT_MAX)) + { + sl_init_content (rval_open, fbuf.st_size); + } + + sl_strlcpy(fileHash, + sh_tiger_generic_hash (theFile->fullpath, rval_open, + &length_nolim, + alert_timeout, + hashbuf, sizeof(hashbuf)), + KEY_LEN + 1); + + content = sl_get_content(rval_open); + content = sh_string_copy(content); + + if ((theFile->check_mask & MODI_SGROW) != 0) + { + fbuf.st_size = (off_t) length_nolim; + buf.st_size = fbuf.st_size; + sl_rewind(rval_open); + sh_unix_checksum_size (theFile->fullpath, &fbuf, + &fileHash[KEY_LEN + 1], + alert_timeout, rval_open); + } + } + } + } + + /* --- case 4: a regular file, fstat failed --- + */ + + else /* fstat_return != 0 or !S_ISREG(fbuf.st_mode) */ + { + uid_t euid; + int fstat_errval = errno; + if (fileHash != NULL) + sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1); + + if ((theFile->check_mask & MODI_CHK) != 0) + { + tmp2 = sh_util_safe_name (theFile->fullpath); + + if (fstat_return != 0) + { + (void) sl_get_euid(&euid); + sh_error_handle (level, FIL__, __LINE__, fstat_errval, + MSG_E_ACCESS, (long) euid, tmp2); + } + else if (!S_ISREG(fbuf.st_mode)) + { + sh_error_handle (level, FIL__, __LINE__, fstat_errval, + MSG_E_NOTREG, tmp2); + } + else + { + sh_error_handle (level, FIL__, __LINE__, fstat_errval, + MSG_E_READ, tmp2); + } + SH_FREE(tmp2); + } + } + + + /* --- Determine file type. --- + */ + memset (theFile->c_mode, '-', CMODE_SIZE-1); + theFile->c_mode[CMODE_SIZE-1] = '\0'; + + memset (theFile->link_c_mode, '-', CMODE_SIZE-1); + theFile->link_c_mode[CMODE_SIZE-1] = '\0'; + + sh_unix_getinfo_type (&buf, &type, theFile->c_mode); + theFile->type = type; + +#if defined(__linux__) || defined(HAVE_STAT_FLAGS) + + /* --- Determine file attributes. --- + */ + memset (theFile->c_attributes, '-', ATTRBUF_SIZE); + theFile->c_attributes[ATTRBUF_USED] = '\0'; + theFile->attributes = 0; + + if (theFile->c_mode[0] != 'c' && theFile->c_mode[0] != 'b' && + theFile->c_mode[0] != 'l' ) + sh_unix_getinfo_attr(theFile->fullpath, + &theFile->attributes, theFile->c_attributes, + fd, &buf); +#endif + +#if defined(USE_XATTR) && defined(USE_ACL) + if (sh_unix_check_selinux == S_TRUE || sh_unix_check_acl == S_TRUE) + theFile->attr_string = sh_unix_getinfo_xattr (theFile->fullpath, fd, &buf); +#elif defined(USE_XATTR) + if (sh_unix_check_selinux == S_TRUE) + theFile->attr_string = sh_unix_getinfo_xattr (theFile->fullpath, fd, &buf); +#elif defined(USE_ACL) + if (sh_unix_check_acl == S_TRUE) + theFile->attr_string = sh_unix_getinfo_acl (theFile->fullpath, fd, &buf); +#else + theFile->attr_string = NULL; +#endif + + if (!SL_ISERROR(rval_open)) + sl_close(rval_open); + + + /* --- I/O limit. --- + */ + if (IO_Limit > 0) + { + runtim = (long) (time(NULL) - sh.statistics.time_start); + + if (runtim > 0 && (long)(sh.statistics.bytes_hashed/runtim) > IO_Limit) + retry_msleep(1, 0); + } + + /* --- Determine permissions. --- + */ + sh_unix_getinfo_mode (&buf, &mode, theFile->c_mode); + + /* --- Trivia. --- + */ + theFile->dev = buf.st_dev; + theFile->ino = buf.st_ino; + theFile->mode = buf.st_mode; + theFile->hardlinks = buf.st_nlink; + theFile->owner = buf.st_uid; + theFile->group = buf.st_gid; + theFile->rdev = buf.st_rdev; + theFile->size = buf.st_size; + theFile->blksize = (unsigned long) buf.st_blksize; + theFile->blocks = (unsigned long) buf.st_blocks; + theFile->atime = buf.st_atime; + theFile->mtime = buf.st_mtime; + theFile->ctime = buf.st_ctime; + + + /* --- Owner and group. --- + */ + + if (NULL == sh_unix_getGIDname(SH_ERR_ALL, buf.st_gid, theFile->c_group, GROUP_MAX+1)) { + + tmp2 = sh_util_safe_name (theFile->fullpath); + + if (policy == SH_LEVEL_ALLIGNORE) + { + sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, ENOENT, + MSG_FI_NOGRP, + (long) buf.st_gid, tmp2); + } + else + { + sh_error_handle (ShDFLevel[SH_ERR_T_NAME], FIL__, __LINE__, ENOENT, + MSG_FI_NOGRP, + (long) buf.st_gid, tmp2); + } + SH_FREE(tmp2); + sl_snprintf(theFile->c_group, GROUP_MAX+1, "%d", (long) buf.st_gid); + } + + + if (NULL == sh_unix_getUIDname(SH_ERR_ALL, buf.st_uid, theFile->c_owner, USER_MAX+1)) { + + tmp2 = sh_util_safe_name (theFile->fullpath); + + if (policy == SH_LEVEL_ALLIGNORE) + { + sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, ENOENT, + MSG_FI_NOUSR, + (long) buf.st_uid, tmp2); + } + else + { + sh_error_handle (ShDFLevel[SH_ERR_T_NAME], FIL__, __LINE__, ENOENT, + MSG_FI_NOUSR, + (long) buf.st_uid, tmp2); + } + SH_FREE(tmp2); + sl_snprintf(theFile->c_owner, USER_MAX+1, "%d", (long) buf.st_uid); + } + + /* --- Output the file. --- + */ + if (flag_err_debug == SL_TRUE) + { + tmp2 = sh_util_safe_name ((filename == NULL) ? + theFile->fullpath : filename); + (void) sh_unix_time(theFile->mtime, timestr, sizeof(timestr)); + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_FI_LIST, + theFile->c_mode, + theFile->hardlinks, + theFile->c_owner, + theFile->c_group, + (unsigned long) theFile->size, + timestr, + tmp2); + SH_FREE(tmp2); + } + + /* --- Check for links. --- + */ + if (theFile->c_mode[0] == 'l') + { + linknamebuf = SH_ALLOC(PATH_MAX); + + /* flawfinder: ignore */ + linksize = readlink (theFile->fullpath, linknamebuf, PATH_MAX-1); + + if (linksize < (PATH_MAX-1) && linksize >= 0) + linknamebuf[linksize] = '\0'; + else + linknamebuf[PATH_MAX-1] = '\0'; + + if (linksize < 0) + { + char errbuf[SH_ERRBUF_SIZE]; + linksize = errno; + tmp2 = sh_util_safe_name (theFile->fullpath); + sh_error_handle (level, FIL__, __LINE__, linksize, MSG_FI_RDLNK, + sh_error_message (linksize, errbuf, sizeof(errbuf)), tmp2); + SH_FREE(tmp2); + SH_FREE(linknamebuf); + theFile->link_path = sh_util_strdup("-"); + SL_RETURN((-1),_("sh_unix_getinfo")); + } + + if (linknamebuf[0] == '/') + { + theFile->link_path = sh_util_strdup (linknamebuf); + } + else + { + tmp = sh_util_dirname(theFile->fullpath); + if (tmp) { + theFile->link_path = SH_ALLOC(PATH_MAX); + sl_strlcpy (theFile->link_path, tmp, PATH_MAX); + SH_FREE(tmp); + } else { + theFile->link_path = SH_ALLOC(PATH_MAX); + theFile->link_path[0] = '\0'; + } + /* + * Only attach '/' if not root directory. Handle "//", which + * according to POSIX is implementation-defined, and may be + * different from "/" (however, three or more '/' will collapse + * to one). + */ + tmp = theFile->link_path; while (*tmp == '/') ++tmp; + if (*tmp != '\0') + { + sl_strlcat (theFile->link_path, "/", PATH_MAX); + } + sl_strlcat (theFile->link_path, linknamebuf, PATH_MAX); + } + + /* stat the link + */ + stat_return = retry_lstat (FIL__, __LINE__, theFile->link_path, &lbuf); + + /* check for error + */ + if (stat_return != 0) + { + stat_return = errno; + tmp = sh_util_safe_name (theFile->fullpath); + tmp2 = sh_util_safe_name (theFile->link_path); + if (stat_return != ENOENT) + { + char errbuf[SH_ERRBUF_SIZE]; + sh_error_handle (level, FIL__, __LINE__, stat_return, + MSG_FI_LSTAT, + sh_error_message (stat_return,errbuf, sizeof(errbuf)), + tmp2); + } + else + { + /* a dangling link -- everybody seems to have plenty of them + */ + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_FI_DLNK, + tmp, tmp2); + } + theFile->linkisok = BAD; + SH_FREE(tmp); + SH_FREE(tmp2); + SH_FREE(linknamebuf); + /* + * changed Tue Feb 10 16:16:13 CET 2004: + * add dangling symlinks into database + * SL_RETURN((-1),_("sh_unix_getinfo")); + */ + theFile->linkmode = 0; + SL_RETURN((0),_("sh_unix_getinfo")); + } + + theFile->linkisok = GOOD; + + + /* --- Determine file type. --- + */ + sh_unix_getinfo_type (&lbuf, &type, theFile->link_c_mode); + theFile->type = type; + + /* --- Determine permissions. --- + */ + sh_unix_getinfo_mode (&lbuf, &mode, theFile->link_c_mode); + theFile->linkmode = lbuf.st_mode; + + /* --- Output the link. --- + */ + if (theFile->linkisok == GOOD) + { + tmp2 = sh_util_safe_name (linknamebuf); + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_FI_LLNK, + theFile->link_c_mode, tmp2); + SH_FREE(tmp2); + } + SH_FREE(linknamebuf); + } + else /* not a link */ + { + if (content) + { +#ifdef HAVE_LIBZ + unsigned long clen; + unsigned char * compressed; +#ifdef HAVE_COMPRESSBOUND + clen = compressBound(sh_string_len(content)); +#else + if (sh_string_len(content) > 10*SH_TXT_MAX) + clen = SH_TXT_MAX; + else + clen = 13 + (int)(1.0001*sh_string_len(content)); +#endif + compressed = SH_ALLOC(clen); + if (Z_OK == compress(compressed, &clen, + (unsigned char *) sh_string_str(content), + sh_string_len(content))) + { + if (clen < SH_TXT_MAX) + { + sh_util_base64_enc_alloc (&(theFile->link_path), + (char *) compressed, clen); + } + else + { + char tmsg[128]; + char * tpath = sh_util_safe_name (theFile->fullpath); + sl_snprintf(tmsg, sizeof(tmsg), + _("compressed file too large (%lu bytes)"), + clen); + sh_error_handle (SH_ERR_WARN, FIL__, __LINE__, -1, + MSG_E_SUBGPATH, tmsg, + _("sh_unix_getinfo"), tpath); + SH_FREE(tpath); + } + } + SH_FREE(compressed); +#endif + sh_string_destroy(&content); + } + } + SL_RETURN((0),_("sh_unix_getinfo")); +} + +/* #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) */ +#endif + +int sh_unix_unlock(char * lockfile, char * flag) +{ + int error = 0; + + SL_ENTER(_("sh_unix_unlock")); + + if (sh.flag.isdaemon == S_FALSE && flag == NULL) + SL_RETURN((0),_("sh_unix_unlock")); + + /* --- Logfile is not locked to us. --- + */ + if (sh.flag.islocked == BAD && flag != NULL) + SL_RETURN((-1),_("sh_unix_unlock")); + + /* --- Check whether the directory is secure. --- + */ + if (0 != tf_trust_check (lockfile, SL_YESPRIV)) + SL_RETURN((-1),_("sh_unix_unlock")); + + /* --- Delete the lock file. --- + */ + error = retry_aud_unlink (FIL__, __LINE__, lockfile); + + if (error == 0) + { + if (flag != NULL) + sh.flag.islocked = BAD; /* not locked anymore */ + } + else if (flag != NULL) + { + char errbuf[SH_ERRBUF_SIZE]; + error = errno; + sh_error_handle ((-1), FIL__, __LINE__, error, MSG_E_UNLNK, + sh_error_message(error, errbuf, sizeof(errbuf)), + lockfile); + SL_RETURN((-1),_("sh_unix_unlock")); + } + SL_RETURN((0),_("sh_unix_unlock")); +} + +int sh_unix_lock (char * lockfile, char * flag) +{ + int filed; + int errnum; + char myPid[64]; + SL_TICKET fd; + extern int get_the_fd (SL_TICKET ticket); + + SL_ENTER(_("sh_unix_lock")); + + sprintf (myPid, "%ld\n", (long) sh.pid); /* known to fit */ + + fd = sl_open_safe_rdwr (lockfile, SL_YESPRIV); /* fails if file exists */ + + if (!SL_ISERROR(fd)) + { + errnum = sl_write (fd, myPid, sl_strlen(myPid)); + filed = get_the_fd(fd); + fchmod (filed, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); + sl_close (fd); + + if (!SL_ISERROR(errnum)) + { + if (flag != NULL) + sh.flag.islocked = GOOD; + SL_RETURN((0),_("sh_unix_lock")); + } + } + + TPT((0, FIL__, __LINE__, _("msg=\n"))); + if (flag != NULL) + sh.flag.islocked = BAD; + SL_RETURN((-1),_("sh_unix_lock")); + + /* notreached */ +} + + +/* check whether file is locked + */ +int sh_unix_test_and_lock (char * filename, char * lockfile) +{ + static struct stat buf; + int status = 0; + + + SL_TICKET fd; + char line_in[128]; + + SL_ENTER(_("sh_unix_test_and_lock")); + + status = retry_lstat (FIL__, __LINE__, lockfile, &buf); + + /* --- No lock file found, try to lock. --- + */ + + if (status < 0 && errno == ENOENT) + { + if (0 == sh_unix_lock (lockfile, filename)) + { + if (filename != NULL) + sh.flag.islocked = GOOD; + SL_RETURN((0),_("sh_unix_test_and_lock")); + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, status, + MSG_E_SUBGEN, + (filename == NULL) ? _("Cannot create PID file") : _("Cannot create lock file"), + _("sh_unix_test_and_lock")); + SL_RETURN((-1),_("sh_unix_test_and_lock")); + } + } + else if (status == 0 && buf.st_size == 0) + { + if (filename != NULL) + sh.flag.islocked = GOOD; + sh_unix_unlock (lockfile, filename); + if (filename != NULL) + sh.flag.islocked = BAD; + if (0 == sh_unix_lock (lockfile, filename)) + { + if (filename != NULL) + sh.flag.islocked = GOOD; + SL_RETURN((0),_("sh_unix_test_and_lock")); + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, status, + MSG_E_SUBGEN, + (filename == NULL) ? _("Cannot create PID file") : _("Cannot create lock file"), + _("sh_unix_test_and_lock")); + SL_RETURN((-1),_("sh_unix_test_and_lock")); + } + } + + /* --- Check on lock. --- + */ + + if (status >= 0) + { + fd = sl_open_read (lockfile, SL_YESPRIV); + if (SL_ISERROR(fd)) + sh_error_handle ((-1), FIL__, __LINE__, fd, + MSG_E_SUBGEN, + (filename == NULL) ? _("Cannot open PID file for read") : _("Cannot open lock file for read"), + _("sh_unix_test_and_lock")); + } + else + fd = -1; + + if (!SL_ISERROR(fd)) + { + /* read the PID in the lock file + */ + status = sl_read (fd, line_in, sizeof(line_in)); + line_in[sizeof(line_in)-1] = '\0'; + + /* convert to numeric + */ + if (status > 0) + { + errno = 0; + status = strtol(line_in, (char **)NULL, 10); + if (errno == ERANGE || status <= 0) + { + sh_error_handle ((-1), FIL__, __LINE__, status, + MSG_E_SUBGEN, + (filename == NULL) ? _("Bad PID in PID file") : _("Bad PID in lock file"), + _("sh_unix_test_and_lock")); + + status = -1; + } + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, status, + MSG_E_SUBGEN, + (filename == NULL) ? _("Cannot read PID file") : _("Cannot read lock file"), + _("sh_unix_test_and_lock")); + } + sl_close(fd); + + if (status > 0 && (unsigned int) status == sh.pid) + { + if (filename != NULL) + sh.flag.islocked = GOOD; + SL_RETURN((0),_("sh_unix_test_and_lock")); + } + + + /* --- Check whether the process exists. --- + */ + if (status > 0) + { + errno = 0; + status = aud_kill (FIL__, __LINE__, status, 0); + + /* Does not exist, so remove the stale lock + * and create a new one. + */ + if (status < 0 && errno == ESRCH) + { + if (filename != NULL) + sh.flag.islocked = GOOD; + if (0 != sh_unix_unlock(lockfile, filename) && (filename !=NULL)) + sh.flag.islocked = BAD; + else + { + if (0 == sh_unix_lock (lockfile, filename)) + { + if (filename != NULL) + sh.flag.islocked = GOOD; + SL_RETURN((0),_("sh_unix_test_and_lock")); + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, status, + MSG_E_SUBGEN, + (filename == NULL) ? _("Cannot create PID file") : _("Cannot create lock file"), + _("sh_unix_test_and_lock")); + } + if (filename != NULL) + sh.flag.islocked = BAD; + } + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, status, + MSG_E_SUBGEN, + (filename == NULL) ? _("Cannot remove stale PID file, PID may be a running process") : _("Cannot remove stale lock file, PID may be a running process"), + _("sh_unix_test_and_lock")); + if (filename != NULL) + sh.flag.islocked = BAD; + } + } + } + SL_RETURN((-1),_("sh_unix_testlock")); +} + +/* write the PID file + */ +int sh_unix_write_pid_file() +{ + return sh_unix_test_and_lock(NULL, sh.srvlog.alt); +} + +/* write lock for filename + */ +int sh_unix_write_lock_file(char * filename) +{ + size_t len; + int res; + char * lockfile; + + if (filename == NULL) + return (-1); + + len = sl_strlen(filename); + if (sl_ok_adds(len, 6)) + len += 6; + lockfile = SH_ALLOC(len); + sl_strlcpy(lockfile, filename, len); + sl_strlcat(lockfile, _(".lock"), len); + res = sh_unix_test_and_lock(filename, lockfile); + SH_FREE(lockfile); + return res; +} + +/* rm lock for filename + */ +int sh_unix_rm_lock_file(char * filename) +{ + size_t len; + int res; + char * lockfile; + + if (filename == NULL) + return (-1); + + len = sl_strlen(filename); + if (sl_ok_adds(len, 6)) + len += 6; + lockfile = SH_ALLOC(len); + sl_strlcpy(lockfile, filename, len); + sl_strlcat(lockfile, _(".lock"), len); + + res = sh_unix_unlock(lockfile, filename); + SH_FREE(lockfile); + return res; +} + +/* rm lock for filename + */ +int sh_unix_rm_pid_file() +{ + return sh_unix_unlock(sh.srvlog.alt, NULL); +} + +/* Test whether file exists + */ +int sh_unix_file_exists(char * path) +{ + struct stat buf; + + SL_ENTER(_("sh_unix_file_exists")); + + if (-1 == retry_stat(FIL__, __LINE__, path, &buf)) + SL_RETURN( S_FALSE, _("sh_unix_file_exists")); + else + SL_RETURN( S_TRUE, _("sh_unix_file_exists")); +} + + +/* Test whether file exists, is a character device, and allows read + * access. + */ +int sh_unix_device_readable(int fd) +{ + struct stat buf; + + SL_ENTER(_("sh_unix_device_readable")); + + if (retry_fstat(FIL__, __LINE__, fd, &buf) == -1) + SL_RETURN( (-1), _("sh_unix_device_readable")); + else if ( S_ISCHR(buf.st_mode) && 0 != (S_IROTH & buf.st_mode) ) + SL_RETURN( (0), _("sh_unix_device_readable")); + else + SL_RETURN( (-1), _("sh_unix_device_readable")); +} + +static char preq[16]; + +/* return true if database is remote + */ +int file_is_remote () +{ + static int init = 0; + struct stat buf; + + SL_ENTER(_("file_is_remote")); + + if (init == 0) + { + sl_strlcpy(preq, _("REQ_FROM_SERVER"), 16); + ++init; + } + if (0 == sl_strncmp (sh.data.path, preq, 15)) + { + if (sh.data.path[15] != '\0') /* should be start of path */ + { + if (0 == stat(&(sh.data.path[15]), &buf)) + { + SL_RETURN( S_FALSE, _("file_is_remote")); + } + } + SL_RETURN( S_TRUE, _("file_is_remote")); + } + SL_RETURN( S_FALSE, _("file_is_remote")); +} + +/* Return the path to the configuration/database file. + */ +char * file_path(char what, char flag) +{ + static int init = 0; + + SL_ENTER(_("file_path")); + + if (init == 0) + { + sl_strlcpy(preq, _("REQ_FROM_SERVER"), 16); + ++init; + } + + switch (what) + { + + case 'C': + if (0 == sl_strncmp (sh.conf.path, preq, 15)) + { +#if defined(SH_WITH_SERVER) + if (sh.flag.isserver == S_TRUE && sl_strlen(sh.conf.path) == 15) + SL_RETURN( NULL, _("file_path")); + if (sh.flag.isserver == S_TRUE) + SL_RETURN( &(sh.conf.path[15]), _("file_path")); +#endif + if (flag == 'R') + SL_RETURN( preq, _("file_path")); + if (flag == 'I') + { + if (sl_strlen(sh.conf.path) == 15) + SL_RETURN( NULL, _("file_path")); + else + SL_RETURN( &(sh.conf.path[15]), _("file_path")); + } + SL_RETURN ( preq, _("file_path")); + } + else + SL_RETURN( sh.conf.path, _("file_path")); + /* break; *//* unreachable */ + + case 'D': + if (0 == sl_strncmp (sh.data.path, preq, 15)) + { + if (flag == 'R') + SL_RETURN( preq, _("file_path")); + if (flag == 'W' && sl_strlen(sh.data.path) == 15) + SL_RETURN (NULL, _("file_path")); + if (flag == 'W') + SL_RETURN( &(sh.data.path[15]), _("file_path")); + } + else + SL_RETURN( sh.data.path, _("file_path")); + break; + + default: + SL_RETURN( NULL, _("file_path")); + } + + return NULL; /* notreached */ +} +/************************************************/ +/**** Mlock Utilities ****/ +/************************************************/ + +#include + +int sh_unix_pagesize() +{ + int pagesize = 4096; +#if defined(_SC_PAGESIZE) + pagesize = sysconf(_SC_PAGESIZE); +#elif defined(_SC_PAGE_SIZE) + pagesize = sysconf(_SC_PAGE_SIZE); +#elif defined(HAVE_GETPAGESIZE) + pagesize = getpagesize(); +#elif defined(PAGESIZE) + pagesize = PAGESIZE; +#endif + + return ((pagesize > 0) ? pagesize : 4096); +} + +typedef struct sh_page_lt { + unsigned long page_start; + int page_refcount; + char file[64]; + int line; + struct sh_page_lt * next; +} sh_page_l; + +sh_page_l * sh_page_locked = NULL; +volatile int page_locking = 0; + +unsigned long sh_unix_lookup_page (void * in_addr, size_t len, int * num_pages) +{ + int pagesize = sh_unix_pagesize(); + unsigned long addr = (unsigned long) in_addr; + + unsigned long pagebase; + unsigned long pagediff; + unsigned long pagenum = addr / pagesize; + + SL_ENTER(_("sh_unix_lookup_page")); +#if 0 + fprintf(stderr, "mlock: --> base %ld, pagenum: %ld\n", + addr, pagenum); +#endif + + /* address of first page + */ + pagebase = pagenum * pagesize; + + /* number of pages + */ + pagediff = (addr + len) - pagebase; + pagenum = pagediff / pagesize; + if (pagenum * pagesize < pagediff) + ++pagenum; + +#if 0 + fprintf(stderr, "mlock: --> pagebase %ld, pagediff %ld, (addr + len) %ld\n", + pagebase, pagediff, (addr + len)); +#endif + + *num_pages = pagenum; + SL_RETURN((pagebase), _("sh_unix_lookup_page")); +} + + +#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) + +SH_MUTEX_STATIC(mutex_mlock,PTHREAD_MUTEX_INITIALIZER); + +int sh_unix_mlock (const char * file, int line, void * in_addr, size_t len) +{ + int num_pages; + int status = 0; + int pagesize; + sh_page_l * page_list = sh_page_locked; + unsigned long addr; +#ifdef TEST_MLOCK + int i = 0; +#endif + + SL_ENTER(_("sh_unix_mlock")); + + /* There's no cancellation point here, except if tracing is on + */ + SH_MUTEX_LOCK_UNSAFE(mutex_mlock); + + if (0 != page_locking) + { + status = -1; + goto exit_mlock; + } + + page_locking = 1; + + pagesize = sh_unix_pagesize(); + addr = sh_unix_lookup_page (in_addr, len, &num_pages); + +#ifdef TEST_MLOCK + fprintf(stderr, "mlock: addr %ld, base %ld, pages: %d, length %d\n", + (unsigned long) in_addr, addr, num_pages, len); +#endif + + /* increase refcount of locked pages + * addr is first page; num_pages is #(consecutive pages) to lock + */ + + while ((page_list != NULL) && (num_pages > 0)) + { +#ifdef TEST_MLOCK + fprintf(stderr, "mlock: check page %d: %ld [%d]\n", + i, page_list->page_start, page_list->page_refcount); +#endif + if (page_list->page_start == addr) + { + page_list->page_refcount += 1; + num_pages -= 1; + addr += pagesize; +#ifdef TEST_MLOCK + fprintf(stderr, "mlock: found page %d: %ld [%d], next page %ld\n", + i, page_list->page_start, page_list->page_refcount, addr); +#endif + } +#ifdef TEST_MLOCK + ++i; +#endif + page_list = page_list->next; + } + + /* mlock some more pages, if needed + */ + while (num_pages > 0) + { +#ifdef TEST_MLOCK + fprintf(stderr, "mlock: lock page %d: mlock %ld [num_pages %d]\n", + i, addr, num_pages); + ++i; +#endif + page_list = SH_ALLOC(sizeof(sh_page_l)); + page_list->page_start = addr; + page_list->page_refcount = 1; + sl_strlcpy(page_list->file, file, 64); + page_list->line = line; + status = mlock( (void *) addr, pagesize); + if (status != 0) + { +#ifdef TEST_MLOCK + char errbuf[SH_ERRBUF_SIZE]; + fprintf(stderr, "mlock: error: %s\n", + sh_error_message(errno, errbuf, sizeof(errbuf))); +#endif + SH_FREE(page_list); + page_locking = 0; + goto exit_mlock; + } + page_list->next = sh_page_locked; + sh_page_locked = page_list; + num_pages -= 1; + addr += pagesize; + } + page_locking = 0; + + exit_mlock: + SH_MUTEX_UNLOCK_UNSAFE(mutex_mlock); + + SL_RETURN((status), _("sh_unix_mlock")); +} +#else +int sh_unix_mlock (const char * file, int line, void * in_addr, size_t len) +{ + (void) file; (void) line; + (void) in_addr; (void) len; + return -1; +} +#endif + +#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) +int sh_unix_munlock (void * in_addr, size_t len) +{ + int num_pages; + int unlocked = 0; + int status = 0; + int pagesize; + sh_page_l * page_list = sh_page_locked; + sh_page_l * page_last; + unsigned long addr; + + int test_count; + int test_status; + int test_pages; + +#ifdef TEST_MLOCK + int i = 0; +#endif + + SL_ENTER(_("sh_unix_munlock")); + + /* There's no cancellation point here, except if tracing is on + */ + SH_MUTEX_LOCK_UNSAFE(mutex_mlock); + + if (0 != page_locking) + { + status = -1; + goto exit_munlock; + } + page_locking = 1; + + pagesize = sh_unix_pagesize(); + addr = sh_unix_lookup_page (in_addr, len, &num_pages); + +#ifdef TEST_MLOCK + fprintf(stderr, "munlock: in_addr %ld, addr %ld, pages: %d, length %d\n", + (unsigned long) in_addr, addr, num_pages, len); +#endif + + test_pages = num_pages; + + /* reduce refcount of locked pages + * addr is first page; num_pages is #(consecutive pages) to lock + */ + while ((page_list != NULL) && (num_pages > 0)) + { +#ifdef TEST_MLOCK + fprintf(stderr, "munlock: page %d: %ld [%d]\n", + i, page_list->page_start, page_list->page_refcount); +#endif + + test_status = 0; + for (test_count = 0; test_count < test_pages; ++test_count) + { + if (page_list->page_start == (addr + (test_count * pagesize))) + { + test_status = 1; + break; + } + } + + if (test_status == 1) + { + page_list->page_refcount -= 1; + if (page_list->page_refcount == 0) + { + status = munlock ( (void *) addr, pagesize); + ++unlocked; + } + num_pages -= 1; +#ifdef TEST_MLOCK + fprintf(stderr, + "munlock: page %d: %ld [refcount %d], refcount reduced\n", + i, page_list->page_start, page_list->page_refcount); +#endif + } +#ifdef TEST_MLOCK + ++i; +#endif + page_list = page_list->next; + } + +#ifdef TEST_MLOCK + i = 0; +#endif + + if (unlocked > 0) + { + page_list = sh_page_locked; + page_last = sh_page_locked; + + while ((page_list != NULL) && (unlocked > 0)) + { + if (page_list->page_refcount == 0) + { +#ifdef TEST_MLOCK + fprintf(stderr, "munlock: remove page %d: %ld [refcount %d]\n", + i, page_list->page_start, page_list->page_refcount); +#endif + if (page_last != page_list) + { + page_last->next = page_list->next; + SH_FREE(page_list); + page_list = page_last->next; + } + else + { + page_last = page_list->next; + if (page_list == sh_page_locked) + sh_page_locked = page_list->next; + SH_FREE(page_list); + page_list = page_last; + } + --unlocked; + } + else + { +#ifdef TEST_MLOCK + fprintf(stderr, "munlock: skip page %d: %ld [refcount %d]\n", + i, page_list->page_start, page_list->page_refcount); +#endif + + page_last = page_list; + page_list = page_list->next; + } +#ifdef TEST_MLOCK + ++i; +#endif + } + } + + page_locking = 0; + + exit_munlock: + SH_MUTEX_UNLOCK_UNSAFE(mutex_mlock); + SL_RETURN((status), _("sh_unix_munlock")); +} +#else +int sh_unix_munlock (void * in_addr, size_t len) +{ + (void) in_addr; (void) len; + return -1; +} +#endif + +int sh_unix_count_mlock() +{ + int i = 0; + char str[128]; + sh_page_l * page_list = sh_page_locked; + + SL_ENTER(_("sh_unix_count_mlock")); + while (page_list != NULL) + { +#ifdef WITH_TPT + sl_snprintf(str, sizeof(str), _("file: %s line: %d page: %d"), + page_list->file, page_list->line, i+1); + sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, i, MSG_E_SUBGEN, + str, _("sh_unix_count_mlock")); +#endif + page_list = page_list->next; + ++i; + } + sl_snprintf(str, sizeof(str), _("%d pages locked"), i); + sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, i, MSG_E_SUBGEN, + str, _("sh_unix_count_mlock")); + SL_RETURN((i), _("sh_unix_count_mlock")); +} + +/************************************************/ +/************************************************/ +/**** Stealth Utilities ****/ +/************************************************/ +/************************************************/ +#ifdef SH_STEALTH + +void sh_unix_xor_code (char * str, int len) +{ + register int i; + + for (i = 0; i < len; ++i) str[i] ^= (char) XOR_CODE; + return; +} + +#if !defined(SH_STEALTH_MICRO) + + +int hideout_hex_block(SL_TICKET fd, unsigned char * str, int len, + unsigned long * bytes_read); +unsigned long first_hex_block(SL_TICKET fd, unsigned long * max); + +/* + * --- Get hidden data from a block of hex data. --- + */ +int sh_unix_getline_stealth (SL_TICKET fd, char * str, int len) +{ + int add_off = 0, llen; + static unsigned long off_data = 0; + static unsigned long max_data = 0; + static unsigned long bytes_read = 0; + static int stealth_init = BAD; + + SL_ENTER(_("sh_unix_getline_stealth")); + + + /* --- Initialize. --- + */ + if (stealth_init == BAD) + { + off_data = first_hex_block(fd, &max_data); + if (off_data == 0) + { + dlog(1, FIL__, __LINE__, + _("The stealth config file does not contain any steganographically\nhidden data. This file must be an image file in _uncompressed_\npostscript format.\nTo hide data in it, use:\n samhain_stealth -s postscript_file orig_config_file\n mv postscript_file /path/to/config/file\n")); + sh_error_handle ((-1), FIL__, __LINE__, EIO, MSG_P_NODATA, + _("Stealth config file.")); + aud_exit (FIL__, __LINE__, EXIT_FAILURE); + } + stealth_init = GOOD; + max_data += off_data; + } + + /* --- Seek to proper position. --- + */ + if (bytes_read >= max_data || add_off < 0) + { + dlog(1, FIL__, __LINE__, + _("The capacity of the container image file for the stealth config file seems to be too small. Your config file is likely truncated.\n")); + sh_error_handle ((-1), FIL__, __LINE__, EIO, MSG_P_NODATA, + _("Stealth config file.")); + aud_exit (FIL__, __LINE__, EXIT_FAILURE); + } + sl_seek(fd, off_data); + + /* --- Read one line. --- + */ + add_off = hideout_hex_block(fd, (unsigned char *) str, len, &bytes_read); + off_data += add_off; + + llen = sl_strlen(str); + SL_RETURN(llen, _("sh_unix_getline_stealth")); +} + +int hideout_hex_block(SL_TICKET fd, unsigned char * str, int len, + unsigned long * bytes_read) +{ + + register int i, j, k; + unsigned char c, e; + register int num; + unsigned char mask[9] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; + unsigned long here = 0; + unsigned long retval = 0; + unsigned long bread = 0; + + SL_ENTER(_("hideout_hex_block")); + + ASSERT_RET((len > 1), _("len > 1"), (0)); + + --len; + + i = 0; + while (i < len) + { + for (j = 0; j < 8; ++j) + { + + /* --- Get a low byte, modify, read back. --- + */ + for (k = 0; k < 2; ++k) + { + /* -- Skip whitespace. --- + */ + c = ' '; + do { + do { + num = sl_read (fd, &c, 1); + } while (num == 0 && errno == EINTR); + if (num > 0) + ++here; + else if (num == 0) + SL_RETURN((0), _("hideout_hex_block")); + else + SL_RETURN((-1), _("hideout_hex_block")); + } while (c == '\n' || c == '\t' || c == '\r' || + c == ' '); + } + + + /* --- e is the value of the low byte. --- + */ + e = (unsigned char) sh_util_hexchar( c ); + if ((e & mask[7]) != 0) /* bit is set */ + str[i] |= mask[j]; + else /* bit is not set */ + str[i] &= ~mask[j]; + + bread += 1; + } + if (str[i] == '\n') break; + ++i; + } + + if (i != 0) + str[i] = '\0'; + else + str[i+1] = '\0'; /* keep newline and terminate */ + retval += here; + *bytes_read += (bread/8); + + SL_RETURN(retval, _("hideout_hex_block")); +} + +/* --- Get offset of first data block. --- + */ +unsigned long first_hex_block(SL_TICKET fd, unsigned long * max) +{ + unsigned int i; + long num = 1; + unsigned long lnum; + char c; + int nothex = 0; + unsigned long retval = 0; + unsigned int this_line = 0; + char theline[SH_BUFSIZE]; + + SL_ENTER(_("first_hex_block")); + + *max = 0; + + while (1) + { + theline[0] = '\0'; + this_line = 0; + c = '\0'; + while (c != '\n' && num > 0 && this_line < (sizeof(theline)-1)) + { + do { + num = sl_read (fd, &c, 1); + } while (num == 0 && errno == EINTR); + if (num > 0) + theline[this_line] = c; + else + SL_RETURN((0), _("first_hex_block")); + ++this_line; + } + theline[this_line] = '\0'; + + /* not only 'newline' */ + if (this_line > 60) + { + nothex = 0; + i = 0; + while (nothex == 0 && i < (this_line-1)) + { + if (! isxdigit((int)theline[i])) nothex = 1; + ++i; + } + if (nothex == 1) retval += this_line; + } + else + { + nothex = 1; + retval += this_line; + } + + if (nothex == 0) + { + *max = 0; + do { + do { + num = sl_read (fd, theline, SH_BUFSIZE); + } while (num == 0 && errno == EINTR); + if (num > 0) + { + lnum = (unsigned long) num; + for (i = 0; i < lnum; ++i) + { + c = theline[i]; + if (c == '\n' || c == '\t' || c == '\r' || c == ' ') + ; + else if (!isxdigit((int)c)) + break; + else + *max += 1; + } + } + } while (num > 0); + + *max /= 16; + SL_RETURN((retval), _("first_hex_block")); + } + + } + /* SL_RETURN((0), _("first_hex_block")); *//* unreachable */ +} + + /* if !defined(SH_STEALTH_MICRO) */ +#endif + + /* ifdef SH_STEALTH */ +#endif + +/* + * anti-debugger code + */ +#if defined(SCREW_IT_UP) +volatile int sh_not_traced = 0; + +#ifdef HAVE_GETTIMEOFDAY +struct timeval save_tv; +#endif + +void sh_sigtrap_handler (int signum) +{ +#ifdef HAVE_GETTIMEOFDAY + struct timeval tv; + long difftv; + + gettimeofday(&tv, NULL); + difftv = (tv.tv_sec - save_tv.tv_sec) * 1000000 + + (tv.tv_usec - save_tv.tv_usec); + if (difftv > 500000) + _exit(6); +#endif + sh_not_traced += signum; + return; +} +#endif Index: /tags/2.5.0/src/sh_userfiles.c =================================================================== --- /tags/2.5.0/src/sh_userfiles.c (revision 189) +++ /tags/2.5.0/src/sh_userfiles.c (revision 189) @@ -0,0 +1,433 @@ +/* + * File: sh_userfiles.c + * Desc: A module for Samhain; adds files in user directories to the check list + * Auth: Jerry Connolly + */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +#include +#include +#include +#include +#include +#include +#include + +#include "samhain.h" +#include "sh_modules.h" +#include "sh_userfiles.h" +#include "sh_utils.h" +#include "sh_schedule.h" +#include "sh_error.h" +#include "sh_hash.h" +#include "sh_files.h" +#define SH_NEED_PWD_GRP 1 +#include "sh_static.h" +#include "sh_pthread.h" + +#ifdef SH_USE_USERFILES + +#define FIL__ _("sh_userfiles.c") + +/* We won't want to build this into yule */ +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + +static int ShUserfilesActive = S_TRUE; + +struct userfileslist { + char filename[PATH_MAX]; + int level; + + struct userfileslist *next; +}; + +struct userhomeslist { + char *pw_dir; + + struct userhomeslist *next; +}; + +struct useruidlist { + unsigned long lower; + unsigned long upper; + struct useruidlist *next; +}; + +static struct userfileslist *userFiles = NULL; +static struct userhomeslist *userHomes = NULL; +static struct useruidlist *userUids = NULL; + +static void sh_userfiles_free_fileslist(struct userfileslist *head); +static void sh_userfiles_free_homeslist(struct userhomeslist *head); +static void sh_userfiles_free_uidslist (struct useruidlist *head); + +sh_rconf sh_userfiles_table[] = { + { + N_("userfilesname"), + sh_userfiles_add_file, + }, + { + N_("userfilesactive"), + sh_userfiles_set_active, + }, + { + N_("userfilescheckuids"), + sh_userfiles_set_uid, + }, + { + NULL, + NULL + } +}; + +static int sh_userfiles_check_uid (unsigned long uid) +{ + struct useruidlist * uids = userUids; + + /* default is to include all + */ + if (userUids == NULL) + return 1; + + while (uids) + { + if ((uids->upper != 0) && (uid >= uids->lower) && (uid <= uids->upper)) + return 1; + if ((uids->upper == 0) && (uid == uids->lower)) + return 1; + uids = uids->next; + } + return 0; +} + +int sh_userfiles_set_uid (const char * str) +{ + char * end; + const char * p = str; + unsigned long lower; + unsigned long upper = 0; + struct useruidlist * uids; + + while ((p != NULL) && (*p != '\0')) + { + lower = strtoul(p, &end, 10); + if ( (lower == ULONG_MAX) || (end == p)) + return -1; + p = end; + if (*p == '-') + { + ++p; + if (*p == '\0') + { + upper = ULONG_MAX; + p = NULL; + } + else + { + upper = strtoul(p, &end, 10); + if ( (upper == ULONG_MAX) || (end == p)) + return -1; + p = end; + if ( (*p != ',') && (*p != '\0')) + return -1; + if (*p != '\0') + ++p; + } + } + else if (*p == '\0') + { + upper = 0; + p = NULL; + } + else if ((*p == ',') || (*p == ' ') || (*p == '\t')) + { + upper = 0; + ++p; + } + else + { + upper = strtoul(p, &end, 10); + if ( (upper == ULONG_MAX) || (end == p)) + return -1; + p = end; + if ( (*p != ',') && (*p != ' ') && (*p != '\t') && (*p != '\0') ) + return -1; + if (*p != '\0') + ++p; + } + uids = SH_ALLOC(sizeof(struct useruidlist)); + uids->lower = lower; + uids->upper = upper; + uids->next = userUids; + userUids = uids; + /* fprintf(stderr, "range %lu %lu\n", lower, upper); */ + } + return 0; +} + +/* Add 'c' to the list of files (userFiles) relative to any given HOME + * directory that should be checked. */ + +int sh_userfiles_add_file(const char *c) { + struct userfileslist *new; + char *s, *orig; + char *user_filename; + + int default_level = SH_LEVEL_NOIGNORE; + char *separator = " "; + + SL_ENTER(_("sh_userfiles_add_file")); + + if( c == NULL ) + SL_RETURN(-1, _("sh_userfiles_add_file") ); + + s = sh_util_strdup(c); /* Maybe c is needed elsewhere */ + orig = s; + + user_filename = sh_util_strsep(&s, separator); + + if( user_filename == NULL || strlen(user_filename) > PATH_MAX ) + SL_RETURN(-1, _("sh_userfiles_add_file") ); + + new = SH_ALLOC(sizeof(struct userfileslist)); + + (void) sl_strlcpy(new->filename, user_filename, PATH_MAX); + new->next = userFiles; + userFiles = new; + + /* order is important here, since 'log' would match on 'glog' + * So, compare longest strings first */ + if( s == NULL ) /* The default */ new->level = default_level; + else if ( strstr(s, "attributes")!= NULL ) new->level = SH_LEVEL_ATTRIBUTES; + else if ( strstr(s, "allignore") != NULL ) new->level = SH_LEVEL_ALLIGNORE; + else if ( strstr(s, "noignore") != NULL ) new->level = SH_LEVEL_NOIGNORE; + else if ( strstr(s, "logfiles") != NULL ) new->level = SH_LEVEL_LOGFILES; + else if ( strstr(s, "readonly") != NULL ) new->level = SH_LEVEL_READONLY; + else if ( strstr(s, "loggrow") != NULL ) new->level = SH_LEVEL_LOGGROW; + else if ( strstr(s, "user0") != NULL ) new->level = SH_LEVEL_USER0; + else if ( strstr(s, "user1") != NULL ) new->level = SH_LEVEL_USER1; + else if ( strstr(s, "user2") != NULL ) new->level = SH_LEVEL_USER2; + else if ( strstr(s, "user3") != NULL ) new->level = SH_LEVEL_USER3; + else if ( strstr(s, "user4") != NULL ) new->level = SH_LEVEL_USER4; + else if ( strstr(s, "prelink") != NULL ) new->level = SH_LEVEL_PRELINK; + else /* The default */ new->level = default_level; + + SH_FREE(orig); + + SL_RETURN(0, _("sh_userfiles_add_file") ); +} + +/* Decide if we're active. + */ +int sh_userfiles_set_active(const char *c) { + int value; + + SL_ENTER(_("sh_userfiles_set_active")); + value = sh_util_flagval(c, &ShUserfilesActive); + SL_RETURN((value), _("sh_userfiles_set_active")); +} + +/* Build the list of users, then use this to construct the filenames to + * be checked. */ +int sh_userfiles_init(struct mod_type * arg) { + struct passwd *cur_user; + struct userhomeslist *end; + struct userhomeslist *new; + struct userhomeslist *homes; + (void) arg; + + SL_ENTER(_("sh_userfiles_init")); + + /* We need to free anything allocated by the configuration functions if + * we find that the module is to be left inactive - otherwise _reconf() + * won't quite work. */ + if( ShUserfilesActive == S_FALSE ) { + sh_userfiles_free_homeslist(userHomes); + sh_userfiles_free_fileslist(userFiles); + userHomes = NULL; + userFiles = NULL; + SL_RETURN(-1, _("sh_userfiles_init")); + } + + /* We build a list in here because the samhain internals want to use + * getpwent() too */ + SH_MUTEX_LOCK(mutex_pwent); + /*@-unrecog@*/ + sh_setpwent(); + /*@+unrecog@*/ + while( ( cur_user = /*@-unrecog@*/sh_getpwent()/*@+unrecog@*/ ) != NULL ) { + int found = 0; + + if (0 == sh_userfiles_check_uid( (unsigned long) cur_user->pw_uid)) + continue; + + for( end = userHomes; end != NULL; end = end->next ) { + if( sl_strcmp( end->pw_dir, cur_user->pw_dir) == 0 ) { + found = 1; /* Found a match, so flag it and stop searching */ + break; + } + } + + if( found == 0 ) { + /* Didn't find it, so add to the front of the list */ + new = SH_ALLOC(sizeof(struct userhomeslist) ); + new->next = userHomes; + new->pw_dir = sh_util_strdup(cur_user->pw_dir); + + userHomes = new; + } + } + sh_endpwent(); + SH_MUTEX_UNLOCK(mutex_pwent); + + for (homes = userHomes; homes != NULL; homes = homes->next ) { + struct userfileslist *file_ptr; + char filepath[PATH_MAX]; + + for (file_ptr = userFiles; file_ptr != NULL; file_ptr = file_ptr->next) { + (void) sl_strncpy(filepath, homes->pw_dir, PATH_MAX); + (void) sl_strncat(filepath, "/", PATH_MAX); + (void) sl_strncat(filepath, file_ptr->filename, PATH_MAX); + + switch(file_ptr->level) { + case SH_LEVEL_READONLY: + (void) sh_files_pushfile_ro(filepath); + break; + case SH_LEVEL_LOGFILES: + (void) sh_files_pushfile_log(filepath); + break; + case SH_LEVEL_LOGGROW: + (void) sh_files_pushfile_glog(filepath); + break; + case SH_LEVEL_NOIGNORE: + (void) sh_files_pushfile_noig(filepath); + break; + case SH_LEVEL_ALLIGNORE: + (void) sh_files_pushfile_allig(filepath); + break; + case SH_LEVEL_ATTRIBUTES: + (void) sh_files_pushfile_attr(filepath); + break; + case SH_LEVEL_USER0: + (void) sh_files_pushfile_user0(filepath); + break; + case SH_LEVEL_USER1: + (void) sh_files_pushfile_user1(filepath); + break; + case SH_LEVEL_USER2: + (void) sh_files_pushfile_user2(filepath); + break; + case SH_LEVEL_USER3: + (void) sh_files_pushfile_user3(filepath); + break; + case SH_LEVEL_USER4: + (void) sh_files_pushfile_user4(filepath); + break; + case SH_LEVEL_PRELINK: + (void) sh_files_pushfile_prelink(filepath); + break; + default: /* Should not reach here */ + break; + } + } + } + + SL_RETURN(0, _("sh_userfiles_init")); +} + +/* This is pretty much NULL; we don't do anything in our checking routine, + * so we never need to run it. Just use tcurrent to avoid compiler warnings. */ +int sh_userfiles_timer(time_t tcurrent) { + SL_ENTER(_("sh_userfiles_timer")); + tcurrent = 0; + SL_RETURN((int)tcurrent, _("sh_userfiles_timer")); +} + +int sh_userfiles_check(void) { + SL_ENTER(_("sh_userfiles_check")); + SL_RETURN(0, _("sh_userfiles_check")); +} + +/* Free our lists and the associated memory */ + +int sh_userfiles_cleanup(void) { + SL_ENTER(_("sh_userfiles_cleanup")); + + sh_userfiles_free_homeslist(userHomes); + sh_userfiles_free_fileslist(userFiles); + sh_userfiles_free_uidslist (userUids); + + SL_RETURN(0, _("sh_userfiles_cleanup")); +} + +/* As with sh_userfiles_cleanup, but in preparation for re-reading the + * configuration files */ + +int sh_userfiles_reconf(void) { + SL_ENTER(_("sh_userfiles_reconf")); + + sh_userfiles_free_homeslist(userHomes); + sh_userfiles_free_fileslist(userFiles); + sh_userfiles_free_uidslist (userUids); + + userHomes = NULL; + userFiles = NULL; + + ShUserfilesActive = S_TRUE; + + SL_RETURN(0, _("sh_userfiles_reconf")); +} + +/* Recurse to the end of the list and then free the data as we return + * back up towards the start, making sure to free any strdupped strings + */ + +static void sh_userfiles_free_homeslist(struct userhomeslist *head) { + if( head != NULL ) { + sh_userfiles_free_homeslist(head->next); + SH_FREE(head->pw_dir); + SH_FREE(head); + } +} + +/* Recurse to the end of the list and then free the data as we return + * back up towards the start */ + +static void sh_userfiles_free_fileslist(struct userfileslist *head) { + if( head != NULL ) { + sh_userfiles_free_fileslist(head->next); + SH_FREE(head); + } +} + +/* Recurse to the end of the list and then free the data as we return + * back up towards the start */ + +static void sh_userfiles_free_uidslist(struct useruidlist *head) { + if( head != NULL ) { + sh_userfiles_free_uidslist(head->next); + SH_FREE(head); + } +} + +/* #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) */ +#endif + +/* #ifdef SH_USE_USERFILES */ +#endif Index: /tags/2.5.0/src/sh_utils.c =================================================================== --- /tags/2.5.0/src/sh_utils.c (revision 189) +++ /tags/2.5.0/src/sh_utils.c (revision 189) @@ -0,0 +1,2318 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999, 2000 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + + +#include +#include +#include +#include +#include + +#if TIME_WITH_SYS_TIME +#include +#include +#else +#if HAVE_SYS_TIME_H +#include +#else +#include +#endif +#endif + + +#include "samhain.h" +#include "sh_error.h" +#include "sh_utils.h" +#include "sh_unix.h" +#include "sh_tiger.h" +#include "sh_entropy.h" +#include "sh_pthread.h" + +#undef FIL__ +#define FIL__ _("sh_utils.c") + +UINT32 ErrFlag[2]; + +int sh_util_flagval(const char * c, int * fval) +{ + SL_ENTER(_("sh_util_flagval")); + if (c == NULL) + SL_RETURN( (-1), _("sh_util_flagval")); + if ( c[0] == '1' || c[0] == 'y' || c[0] == 'Y' || + c[0] == 't' || c[0] == 'T') + { + *fval = S_TRUE; + SL_RETURN( (0), _("sh_util_flagval")); + } + if ( c[0] == '0' || c[0] == 'n' || c[0] == 'N' || + c[0] == 'f' || c[0] == 'F') + { + *fval = S_FALSE; + SL_RETURN( (0), _("sh_util_flagval")); + } + SL_RETURN( (-1), _("sh_util_flagval")); +} + +int sh_util_timeout_check (SH_TIMEOUT * sh_timer) +{ + UINT64 now = (UINT64) time(NULL); + UINT64 dif; + + if (sh_timer->flag_ok == S_FALSE) + { + /* first time + */ + if (sh_timer->time_last == 0) + { + sh_timer->time_last = now; + return S_TRUE; + } + /* later on + */ + dif = now - sh_timer->time_last; + if (dif < sh_timer->time_dist) + { + return S_FALSE; + } + sh_timer->time_last = now; + return S_TRUE; + } + sh_timer->time_last = now; + return S_FALSE; +} + +static int sh_ask_update = S_FALSE; + +int sh_util_set_interactive(const char * str) +{ + (void) str; + + sh_ask_update = S_TRUE; + + sh_unix_setnodeamon(NULL); + + return 0; +} + +#if !defined(STDIN_FILENO) +#define STDIN_FILENO 0 +#endif +#if !defined(STDERR_FILENO) +#define STDERR_FILENO 0 +#endif + +int sh_util_ask_update(char * path) +{ + int inchar, c; + int i = S_TRUE; + char * tmp = NULL; + + SL_ENTER(_("sh_util_ask_update")); + + if (sh_ask_update != S_TRUE) + { + SL_RETURN(i, _("sh_util_ask_update")); + } + +#ifdef HAVE_TTYNAME + if (!ttyname(STDIN_FILENO)) + { + if (NULL != ttyname(STDERR_FILENO)) + { + if (NULL == freopen(ttyname(STDERR_FILENO), "r", stdin)) + { + sh_error_handle ((-1), FIL__, __LINE__, 0, + MSG_E_SUBGEN, + _("Cannot continue: stdin is not a terminal"), + _("sh_util_ask_update")); + exit(EXIT_FAILURE); + } + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, 0, + MSG_E_SUBGEN, + _("Cannot continue: stdin is not a terminal"), + _("sh_util_ask_update")); + exit(EXIT_FAILURE); + } + } +#endif + + if (sh_ask_update == S_TRUE) + { + tmp = sh_util_safe_name (path); + fprintf (stderr, _("Update %s [Y/n] ? "), tmp); + SH_FREE(tmp); + while (1 == 1) + { + c = fgetc(stdin); inchar = c; + /*@+charintliteral@*/ + while (c != '\n' && c != EOF) + c = fgetc(stdin); + /* fprintf(stderr, "CHAR (1): %c\n", inchar); */ + if (inchar == 'Y' || inchar == 'y' || inchar == '\n') + { + break; + } + else if (inchar == 'n' || inchar == 'N') + { + i = S_FALSE; + break; + } + else + { + fprintf(stderr, _("Please answer y(es) or n(o)\n")); + } + /*@-charintliteral@*/ + } + } + + SL_RETURN(i, _("sh_util_ask_update")); +} + +int sh_util_hidesetup(const char * c) +{ + int i; + SL_ENTER(_("sh_util_hidesetup")); + i = sh_util_flagval(c, &(sh.flag.hidefile)); + + SL_RETURN(i, _("sh_util_hidesetup")); +} + +char * sh_util_acl_compact(char * buf, ssize_t len) +{ + unsigned char * p = (unsigned char *) buf; + int state = 0; + ssize_t rem = 0; + char * out; + + SH_VALIDATE_NE(buf, NULL); + SH_VALIDATE_GE(len, 0); + + out = SH_ALLOC(len + 1); + + while (*p != '\0') { + + /* -- not at start or after newline + */ + if (state == 1) { + if (*p == '\n' || *p == ' ' || *p == '\t' || *p == '#') { + while (*p != '\n') { + ++p; + if (*p == '\0') { + goto exit_it; + } + } + out[rem] = ','; ++rem; + while (p[1] == '\n') ++p; /* scan over consecutive newlines */ + state = 0; + if (p[1] == '\0') { + if (rem > 0) out[rem-1] = '\0'; + break; + } + } + else { + if (*p <= 0x7F && isgraph((int) *p)) { + out[rem] = (char) *p; ++rem; + } + } + } + + /* -- at start or after newline + */ + else /* if (state == 0) */ { + if (0 == strncmp((char *) p, "user", 4)) { + out[rem] = 'u'; ++rem; + p += 3; state = 1; + } else if (0 == strncmp((char *) p, "group", 5)) { + out[rem] = 'g'; ++rem; + p += 4; state = 1; + } else if (0 == strncmp((char *) p, "mask", 4)) { + out[rem] = 'm'; ++rem; + p += 3; state = 1; + } else if (0 == strncmp((char *) p, "other", 5)) { + out[rem] = 'o'; + p += 4; state = 1; ++rem; + } else if (*p == '\0') { + if (rem > 0) { out[rem-1] = '\0'; } + break; + } else { + if (*p <= 0x7F && isprint((int) *p)) { + out[rem] = (char) *p; ++rem; + } + } + state = 1; + } + ++p; + } + exit_it: + out[rem] = '\0'; + return out; +} + + +char * sh_util_strdup_l (const char * str, size_t len) +{ + char * p = NULL; + + SL_ENTER(_("sh_util_strdup_l")); + + SH_VALIDATE_NE(str, NULL); + SH_VALIDATE_NE(len, 0); + + if (sl_ok_adds (len, 1)) + { + p = SH_ALLOC (len + 1); + (void) memcpy (p, str, len+1); + } + else + { + safe_fatal(_("integer overflow in sh_util_strdup_l"), FIL__, __LINE__); + } + SL_RETURN( p, _("sh_util_strdup_l")); +} + +char * sh_util_strdup (const char * str) +{ + char * p = NULL; + size_t len; + + SL_ENTER(_("sh_util_strdup")); + + SH_VALIDATE_NE(str, NULL); + + len = sl_strlen(str); + p = SH_ALLOC (len + 1); + (void) memcpy (p, str, len+1); + + SL_RETURN( p, _("sh_util_strdup")); +} + +/* by the eircom.net computer incident + * response team + */ +char * sh_util_strsep (char **str, const char *delim) +{ + char *ret, *c; + const char *d; + + SL_ENTER(_("sh_util_strsep")); + ret = *str; + + SH_VALIDATE_NE(ret, NULL); + + for (c = *str; *c != '\0'; c++) { + for (d = delim; *d != '\0'; d++) { + if (*c == *d) { + *c = '\0'; + *str = c + 1; + SL_RETURN(ret, _("sh_util_strsep")); + } + } + } + + /* If we get to here, there's no delimiters in the string */ + *str = NULL; + SL_RETURN(ret, _("sh_util_strsep")); +} + + +/* returned string must be free'd by caller. + */ +char * sh_util_formatted (const char * formatt, st_format * ftab) +{ + struct tm * time_ptr; + size_t size; + size_t isiz; + char * fmt = NULL; + char * p; + char * q; + char * outstr; + int i; + int j; + time_t inpp; + + char * clist[16] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; + int nn = 0; + + SL_ENTER(_("sh_util_formatted")); + + if (formatt == NULL || ftab == NULL || *formatt == '\0') + SL_RETURN(NULL, _("sh_util_formatted")); + + /* -- save the format (we overwrite it !!) -- + */ + size = sl_strlen(formatt); + + if (!sl_ok_adds(size, 1)) + SL_RETURN(NULL, _("sh_util_formatted")); + + ++size; + fmt = SH_ALLOC(size); + (void) sl_strlcpy(fmt, formatt, size); + + p = fmt; + + j = 0; + while (ftab[j].fchar != '\0') { + if (ftab[j].type != S_FMT_STRING) + ftab[j].data_str = NULL; + ++j; + } + + while (p != NULL && *p != '\0' && NULL != (q = strchr(p, '%'))) + { + ++q; + + /* fprintf(stderr, "p == %s q == %s\n", p, q); */ + + /* -- end of string is a '%' -- + */ + if (*q == '\0') + { + --q; + *q = '\0'; + break; + } + + i = 0; + j = 0; + + /* -- search the format char in input table -- + * put (nn < 16) here -> all remaining %foo will be + * converted to %% + */ + while (ftab[j].fchar != '\0' && nn < 16) + { + if (ftab[j].fchar == *q) + { + /* -- Convert it to a string format (%s). -- + */ + *q = 's' +; + i = 1; + + switch(ftab[j].type) { + + case S_FMT_STRING: + { + isiz = sl_strlen(ftab[j].data_str); + if (isiz > 0 && sl_ok_adds(size, isiz)) + { + size += isiz; + clist[nn] = ftab[j].data_str; + ++nn; + } + else + *q = '%'; + goto endsrch; + } + break; + + case S_FMT_ULONG: + { + ftab[j].data_str = (char *) SH_ALLOC(64); + /*@-bufferoverflowhigh@*/ + sprintf (ftab[j].data_str, "%lu", /* known to fit */ + ftab[j].data_ulong); + /*@+bufferoverflowhigh@*/ + isiz = sl_strlen(ftab[j].data_str); + if (isiz > 0 && sl_ok_adds(size, isiz)) + { + size += isiz; + clist[nn] = ftab[j].data_str; + ++nn; + } + else + *q = '%'; + goto endsrch; + } + break; + + case S_FMT_LONG: + { + ftab[j].data_str = (char *) SH_ALLOC(64); + /*@-bufferoverflowhigh@*/ + sprintf (ftab[j].data_str, "%ld", /* known to fit */ + ftab[j].data_long); + /*@+bufferoverflowhigh@*/ + isiz = sl_strlen(ftab[j].data_str); + if (isiz > 0 && sl_ok_adds(size, isiz)) + { + size += isiz; + clist[nn] = ftab[j].data_str; + ++nn; + } + else + *q = '%'; + goto endsrch; + } + break; + + case S_FMT_TIME: + { + ftab[j].data_str = (char *) SH_ALLOC(64); + inpp = (time_t)ftab[j].data_ulong; + if (inpp != 0) + { + time_ptr = localtime (&(inpp)); + if (time_ptr != NULL) + (void) strftime(ftab[j].data_str, 64, + _("%d-%m-%Y %H:%M:%S"), time_ptr); + else + (void) sl_strlcpy(ftab[j].data_str, + _("00-00-0000 00:00:00"), 64); + } + else + { + (void) sl_strlcpy(ftab[j].data_str, + _("(None)"), 64); + } + isiz = sl_strlen(ftab[j].data_str); + if (isiz > 0 && sl_ok_adds(size, isiz)) + { + size += isiz; + clist[nn] = ftab[j].data_str; + ++nn; + } + else + *q = '%'; + goto endsrch; + } + break; + + default: + /* do nothing */; + } + + } + ++j; + } + + endsrch: + + p = q; + + /* -- not found -- */ + if (i == 0) + { + *q = '%'; + ++p; + } + + } + + /* -- Format string evaluated. + clist[] List of strings + size Total size of format string + clist[] strings + -- */ + + /* -- closing '\0' -- + */ + if (sl_ok_adds(size, 1)) + size++; + outstr = (char *) SH_ALLOC(size); + + /* -- print it -- + */ + (void) sl_snprintf( outstr, size, fmt, + clist[0], clist[1], clist[2], clist[3], + clist[4], clist[5], clist[6], clist[7], + clist[8], clist[9], clist[10], clist[11], + clist[12], clist[13], clist[14], clist[15]); + outstr[size-1] = '\0'; + + /* -- cleanup -- + */ + j = 0; + while (ftab[j].fchar != '\0') { + if (ftab[j].type != S_FMT_STRING && ftab[j].data_str != NULL) + SH_FREE(ftab[j].data_str); + ++j; + } + SH_FREE(fmt); + + SL_RETURN(outstr, _("sh_util_formatted")); +} + +/* read a hexchar, return int value (0-15) + * can't inline (AIX) + */ +int sh_util_hexchar( const char c ) +{ + /*@+charint@*/ + if ( c >= '0' && c <= '9' ) + return c - '0'; + else if ( c >= 'a' && c <= 'f' ) + return c - 'a' + 10; + else if ( c >= 'A' && c <= 'F' ) + return c - 'A' + 10; + else return -1; + /*@-charint@*/ +} + +char * sh_util_charhex( unsigned char i , char * i2h) +{ + int j, k; + + j = i / 16; + k = i - (j*16); + + if (j < 10) i2h[0] = '0'+j; + else i2h[0] = 'A'+(j-10); + + if (k < 10) i2h[1] = '0'+k; + else i2h[1] = 'A'+(k-10); + + return i2h; +} + +/* read a hexadecimal key, convert to binary + */ +int sh_util_hextobinary (char * binary, const char * hex, int bytes) +{ + int i = 0, j, k, l = 0; + char c; + +#define SH_HEXCHAR(x, y) \ + c = (x); \ + if ( c >= '0' && c <= '9' ) \ + y = c - '0'; \ + else if ( c >= 'a' && c <= 'f' ) \ + y = c - 'a' + 10; \ + else if ( c >= 'A' && c <= 'F' ) \ + y = c - 'A' + 10; \ + else \ + SL_RETURN((-1), _("sh_util_hextobinary")) + + + SL_ENTER(_("sh_util_hextobinary")); + + if (bytes < 2) + SL_RETURN((-1), _("sh_util_hextobinary")); + + while (i < (bytes-1)) + { + SH_HEXCHAR(hex[i], k); + SH_HEXCHAR(hex[i+1], j); + + binary[l] = (char)(k * 16 + j); + ++l; i+= 2; + } + + SL_RETURN((0), _("sh_util_hextobinary")); +} + +static void copy_four (unsigned char * dest, UINT32 in) +{ + UINT32 i, j; + int count; + + SL_ENTER(_("copy_four")); + for (count = 0; count < 4; ++count) + { + i = in / 256; + j = in - (i*256); + dest[count] = (unsigned char) j; + in = i; + } + SL_RET0(_("copy_four")); +} + +/* compute HMAC-TIGER + */ +static char * sh_util_hmac_tiger (char * hexkey, + char * text, size_t textlen, + char * res, size_t len) +{ + static char opad[KEY_BLOCK] = { + (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C, + (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C, + (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C, + (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C, (char)0x5C + }; + static char ipad[KEY_BLOCK] = { + (char)0x36, (char)0x36, (char)0x36, (char)0x36, (char)0x36, (char)0x36, + (char)0x36, (char)0x36, (char)0x36, (char)0x36, (char)0x36, (char)0x36, + (char)0x36, (char)0x36, (char)0x36, (char)0x36, (char)0x36, (char)0x36, + (char)0x36, (char)0x36, (char)0x36, (char)0x36, (char)0x36, (char)0x36 + }; + static char zap[KEY_BLOCK] = { + (char)0x00, (char)0x00, (char)0x00, (char)0x00, (char)0x00, (char)0x00, + (char)0x00, (char)0x00, (char)0x00, (char)0x00, (char)0x00, (char)0x00, + (char)0x00, (char)0x00, (char)0x00, (char)0x00, (char)0x00, (char)0x00, + (char)0x00, (char)0x00, (char)0x00, (char)0x00, (char)0x00, (char)0x00 + }; + char K[KEY_BLOCK]; + char outer[KEY_BLOCK]; + char * inner; + UINT32 * h1; + UINT32 * h2; + UINT32 cc[KEY_LEN/4]; + UINT32 kbuf[KEY_BYT/sizeof(UINT32)]; + char hashbuf[KEYBUF_SIZE]; + + + size_t i; + + SL_ENTER(_("sh_util_hmac_tiger")); + ASSERT((KEY_BLOCK <= (KEY_LEN/2)), _("KEY_BLOCK <= (KEY_LEN/2)")) + + if (KEY_BLOCK > (KEY_LEN/2)) + { + (void) sh_tiger_hash (NULL, TIGER_DATA, 0, hashbuf, sizeof(hashbuf)); + sl_strlcpy(res, hashbuf, len); + SL_RETURN(res, _("sh_util_hmac_tiger")); + } + + memcpy (K, zap, KEY_BLOCK); + + if (sh_util_hextobinary (K, hexkey, KEY_LEN) < 0) + { + (void) sh_tiger_hash (NULL, TIGER_DATA, 0, hashbuf, sizeof(hashbuf)); + sl_strlcpy(res, hashbuf, len); + SL_RETURN(res, _("sh_util_hmac_tiger")); + } + + if (sl_ok_adds(textlen, KEY_BLOCK)) + { + inner = (char *) SH_ALLOC (textlen + KEY_BLOCK); + + for (i = 0; i < KEY_BLOCK; ++i) + { + outer[i] = K[i] ^ opad[i]; + inner[i] = K[i] ^ ipad[i]; + } + for (i = KEY_BLOCK; i < (KEY_BLOCK+textlen); ++i) + { + inner[i] = text[i - KEY_BLOCK]; + } + } + else + { + sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, + _("integer overflow"), + _("sh_util_hmac_tiger")); + (void) sh_tiger_hash (NULL, TIGER_DATA, 0, hashbuf, sizeof(hashbuf)); + sl_strlcpy(res, hashbuf, len); + SL_RETURN(res, _("sh_util_hmac_tiger")); + } + + /* now compute the hash + */ + h1 = sh_tiger_hash_uint32 ( outer, + TIGER_DATA, + KEY_BLOCK, + kbuf, KEY_BYT/sizeof(UINT32)); + for (i = 0; i < (KEY_LEN/8); ++i) + { + /* cc[i] = h1[i]; */ + copy_four ( (unsigned char *) &(cc[i]), h1[i]); + } + + h2 = sh_tiger_hash_uint32 ( inner, + TIGER_DATA, + (unsigned long) KEY_BLOCK+textlen, + kbuf, KEY_BYT/sizeof(UINT32)); + for (i = KEY_LEN/8; i < (KEY_LEN/4); ++i) + { + copy_four ( (unsigned char *) &(cc[i]), h2[i - (KEY_LEN/8)]); + /* cc[i] = h2[i - (KEY_LEN/8)]; */ + } + SH_FREE(inner); + + (void) sh_tiger_hash ((char *) &cc[0], + TIGER_DATA, + (unsigned long) (KEY_LEN/4 * sizeof(UINT32)), + hashbuf, sizeof(hashbuf)); + + sl_strlcpy(res, hashbuf, len); + SL_RETURN(res, _("sh_util_hmac_tiger")); +} + +static char * sh_util_hash_tiger ( char * hexkey, + char * text, size_t textlen, + char * res, size_t len) +{ + char h2[2*KEY_LEN+1]; + char hashbuf[KEYBUF_SIZE]; + + SL_ENTER(_("sh_util_hash_tiger")); + + (void) sl_strlcpy(h2, hexkey, KEY_LEN+1); + (void) sl_strlcat(h2, + sh_tiger_hash(text, TIGER_DATA, + (unsigned long) textlen, + hashbuf, sizeof(hashbuf)), + 2*KEY_LEN+1 + ); + + (void) sh_tiger_hash(h2, TIGER_DATA, 2*KEY_LEN, hashbuf, sizeof(hashbuf)); + + sl_strlcpy(res, hashbuf, len); + SL_RETURN(res, _("sh_util_hash_tiger")); +} + +/* --- compute signature on data --- + */ +#define TYPE_HMAC 0 +#define TYPE_HASH 1 + +static int sigtype = TYPE_HMAC; + +int sh_util_sigtype (const char * c) +{ + SL_ENTER(_("sh_util_sigtype")); + if (c == NULL) + SL_RETURN( -1, _("sh_util_sigtype")); + + if (0 == strcmp(_("HMAC-TIGER"), c)) + sigtype = TYPE_HMAC; + else if (0 == strcmp(_("HASH-TIGER"), c)) + sigtype = TYPE_HASH; + else + SL_RETURN( -1, _("sh_util_sigtype")); + + SL_RETURN( 0, _("sh_util_sigtype")); +} + +char * sh_util_siggen (char * hexkey, + char * text, size_t textlen, + char * res, size_t len) +{ + char * p; + + SL_ENTER(_("sh_util_siggen")); + if (sigtype == TYPE_HMAC) + p = sh_util_hmac_tiger (hexkey, + text, textlen, res, len); + else + p = sh_util_hash_tiger (hexkey, + text, textlen, res, len); + SL_RETURN(p, _("sh_util_siggen")); +} + + +/* a simple compressor + */ +long sh_util_compress (char * dest, char * src, size_t dest_size) +{ + char * add; + char * get; + size_t count = 0; + size_t dest_end; + + SL_ENTER(_("sh_util_compress")); + + if (dest_size == 0) + SL_RETURN((0), _("sh_util_compress")); + + if ((dest == NULL) || (src == NULL)) + SL_RETURN((0), _("sh_util_compress")); + + dest_end = sl_strlen(dest); + + if (dest_end > dest_size) + SL_RETURN((0), _("sh_util_compress")); + + add = &dest[dest_end]; + get = src; + + while (count < (dest_size-dest_end)) + { + if (isalnum((int) *get)) + { + *add = *get; + ++add; + ++count; + } + ++get; + if (*get == '\0' && (count < (dest_size-dest_end))) + /* end of src reached */ + { + *add = *get; /* copy the '\0' */ + break; /* and stop copying */ + } + } + + dest[dest_size-1] = '\0'; /* paranoia */ + SL_RETURN(((long)count), _("sh_util_compress")); /* no of chars copied */ +} + + +/* copy the four least significant bytes + */ +void sh_util_cpylong (char * dest, const char * src, int len ) +{ + int i, j; + union + { + long l; + char c[sizeof(long)]; + } u; + + SL_ENTER(_("sh_util_cpylong")); + + u.l = 1; + + /* MSB is first + */ + if (sizeof(long)>4 &&/*@+charint@*/(u.c[sizeof(long)-1] == 1)/*@-charint@*/) + { + j = (int) (sizeof(long)-4); + for (i = 0; i < j; ++i) ++src; + } + + i = 0; + + while (i < 4) + { + *dest = (*src); + ++dest; ++src; + if (i == (len-1)) break; + ++i; + } + SL_RET0(_("sh_util_cpylong")); +} + +/* This is a maximally equidistributed combined Tausworthe + * generator. The sequence is, + * + * x_n = (s1_n ^ s2_n ^ s3_n) + * + * s1_{n+1} = (((s1_n & 4294967294) <<12) ^ (((s1_n <<13) ^ s1_n) >>19)) + * s2_{n+1} = (((s2_n & 4294967288) << 4) ^ (((s2_n << 2) ^ s2_n) >>25)) + * s3_{n+1} = (((s3_n & 4294967280) <<17) ^ (((s3_n << 3) ^ s3_n) >>11)) + * + * computed modulo 2^32. In the three formulas above '^' means + * exclusive-or (C-notation), not exponentiation. Note that the + * algorithm relies on the properties of 32-bit unsigned integers (it + * is formally defined on bit-vectors of length 32). + * + * Stolen from GSL (GNU scientific library) and modified somewhat. + * I am using UINT32, which is guaranteed to be 32 bits. Also made + * sure that the initialization vector is valid. + */ + + +/* interval [0, 4294967296] + */ +static UINT32 taus_get_long (void *vstate) +{ + UINT32 * state = (UINT32 *) vstate; + + /* + if (skey->rngI == BAD) + (void)taus_seed(); + */ + +#define TAUSWORTHE(s,a,b,c,d) ((s &c) <>b) + /*@+ignorequals@*/ + state[0] = TAUSWORTHE (state[0], 13, 19, 4294967294UL, 12); + state[1] = TAUSWORTHE (state[1], 2, 25, 4294967288UL, 4); + state[2] = TAUSWORTHE (state[2], 3, 11, 4294967280UL, 17); + /*@-ignorequals@*/ + return (state[0] ^ state[1] ^ state[2]); +} + +/* Hide the internal state of the PRNG by using its output as + * input for a one-way hash function. + */ + +UINT32 taus_get () +{ +#define TAUS_SAMPLE 12 + + UINT32 taus_svec[TAUS_SAMPLE]; + UINT32 retval; + UINT32 * res; + UINT32 * res_vec = &(skey->res_vec[0]); + static int res_num = 0; + register int i; + UINT32 kbuf[KEY_BYT/sizeof(UINT32)]; + + SH_MUTEX_LOCK_UNSAFE(mutex_skey); + if (res_num > 0) + { + retval = res_vec[res_num]; + res_num = (res_num == 5) ? 0 : (res_num + 1); + SH_MUTEX_UNLOCK_UNSAFE(mutex_skey); /* alternative path */ + return retval; + } + SH_MUTEX_UNLOCK_UNSAFE(mutex_skey); + + (void)taus_seed(); + + SH_MUTEX_LOCK_UNSAFE(mutex_skey); + for (i = 0; i < (TAUS_SAMPLE/3); ++i) + { + taus_svec[i*3] = taus_get_long (&(skey->rng0[0])); + taus_svec[i*3+1] = taus_get_long (&(skey->rng1[0])); + taus_svec[i*3+2] = taus_get_long (&(skey->rng2[0])); + } + SH_MUTEX_UNLOCK_UNSAFE(mutex_skey); + + res = sh_tiger_hash_uint32 ( (char *) &taus_svec[0], + TIGER_DATA, + (unsigned long)(TAUS_SAMPLE * sizeof(UINT32)), + kbuf, KEY_BYT/sizeof(UINT32)); + + SH_MUTEX_LOCK_UNSAFE(mutex_skey); + for (i = 1; i < 6; ++i) + { + res_vec[i] = res[i]; + } + retval = res[0]; + res_num = 1; + SH_MUTEX_UNLOCK_UNSAFE(mutex_skey); + + memset(taus_svec, '\0', TAUS_SAMPLE * sizeof(UINT32)); + + return retval; +} + +/* interval [0,1) + */ +double taus_get_double (void *vstate) +{ + return taus_get_long (vstate) / (4294967296.0 + 1.0) ; +} + +#define LCG(n) ((69069 * n) & 0xffffffffUL) + +/* TAKE CARE: state[0], state[1], state[2] must be > 2,8,16, respectively + */ +static void taus_set_from_ulong (void *vstate, unsigned long int s) +{ + UINT32 *state = (UINT32 *) vstate; + + if (s == 0) + s = 1; /* default seed is 1 */ + + state[0] = (UINT32)(LCG (s) | (UINT32) 0x03); + state[1] = (UINT32)(LCG (state[0]) | (UINT32) 0x09); + state[2] = (UINT32)(LCG (state[1]) | (UINT32) 0x17); + + /* 'warm up' + */ + (void) taus_get_long (state); + (void) taus_get_long (state); + (void) taus_get_long (state); + (void) taus_get_long (state); + (void) taus_get_long (state); + (void) taus_get_long (state); + + return; +} + +static void taus_set_from_state (void *vstate, void *init_state) +{ + UINT32 *state = (UINT32 *) vstate; + UINT32 *state0 = (UINT32 *) init_state; + + state[0] = state0[0] | (UINT32) 0x03; + state[1] = state0[1] | (UINT32) 0x09; + state[2] = state0[2] | (UINT32) 0x17; + + return; +} + + +int taus_seed () +{ + char bufx[9 * sizeof(UINT32) + 1]; + int status; + static unsigned long seed_time = 0; + unsigned long gtime; + + SL_ENTER(_("taus_seed")); + + if (skey->rngI == GOOD) + { + if ( (sh_unix_longtime () - seed_time) < 7200) + SL_RETURN( (0), _("taus_seed")); + } + + seed_time = sh_unix_longtime (); + + status = sh_entropy (24, bufx); + + if (!SL_ISERROR(status)) + { + SH_MUTEX_LOCK_UNSAFE(mutex_skey); + memcpy (&skey->rng0[0], &bufx[0], 2*sizeof(UINT32)); + memcpy (&skey->rng1[0], &bufx[2*sizeof(UINT32)], 2*sizeof(UINT32)); + memcpy (&skey->rng2[0], &bufx[4*sizeof(UINT32)], 2*sizeof(UINT32)); + memset (bufx, 0, 9 * sizeof(UINT32) + 1); + + skey->rng0[2] = 0; + skey->rng1[2] = 0; + skey->rng2[2] = 0; + + taus_set_from_state( &(skey->rng0[0]), &(skey->rng0[0])); + taus_set_from_state( &(skey->rng1[0]), &(skey->rng1[0])); + taus_set_from_state( &(skey->rng2[0]), &(skey->rng2[0])); + + skey->rngI = GOOD; + SH_MUTEX_UNLOCK_UNSAFE(mutex_skey); + SL_RETURN( (0), _("taus_seed")); + } + + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_ES_ENT, + _("sh_entropy")); + + /* emergency backup - unsafe ! + */ +#ifdef HAVE_GETTIMEOFDAY + gtime = sh_unix_notime(); +#else + gtime = seed_time; +#endif + + SH_MUTEX_LOCK_UNSAFE(mutex_skey); + taus_set_from_ulong ( &(skey->rng0[0]), LCG (gtime) ); + taus_set_from_ulong ( &(skey->rng1[0]), LCG (skey->rng0[0]) ); + taus_set_from_ulong ( &(skey->rng2[0]), LCG (skey->rng1[0]) ); + skey->rngI = BAD; + SH_MUTEX_UNLOCK_UNSAFE(mutex_skey); + + SL_RETURN( (-1), _("taus_seed")); +} + +/*@+charint@*/ +static unsigned char new_key[] = { 0xA7,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xA7 }; +/*@-charint@*/ +static void copy_four (unsigned char * dest, UINT32 in); + +int sh_util_set_newkey (const char * new_in) +{ + size_t i, j = 0; + size_t len; + SL_TICKET fp; + SL_TICKET fout; + char * key; + char * path; + char * outpath = NULL; + unsigned char * image = NULL; + long s = 0; + long ilen = 0; + long ii, k = 0; + UINT32 * h1; + char * new = NULL; + + if (0 != sl_is_suid()) + { + fprintf(stderr, _("ERROR: insufficient privilege\n")); + _exit (EXIT_FAILURE); + /*@notreached@*/ + return -1; /* braindead MAC OSX compiler needs this */ + } + + if (new_in == NULL || new_in[0] == '\0') + { + fprintf(stderr, + _("ERROR: no key given\n Argument must be 'key@path'\n")); + _exit (EXIT_FAILURE); + /*@notreached@*/ + return -1; + } + + if (NULL == (new = malloc(strlen(new_in) + 1))) + goto bail_mem; + sl_strncpy(new, new_in, strlen(new_in) + 1); + + key = new; + len = strlen(new); + for (i = 1; i < (len-2); ++i) + { + if (new[i] == '@' && new[i+1] == '/') + { + j = i+1; new[i] = '\0'; break; + } + } + if (j == 0) + { + fprintf(stderr, + _("ERROR: no path to executable given\n Argument must be 'key@path'\n")); + free(new); + _exit (EXIT_FAILURE); + /*@notreached@*/ + return -1; + } + else + path = &new[j]; + + len = strlen(path) + 1 + 4; + /*@-usedef@*/ + if (NULL == (outpath = malloc(len))) + goto bail_mem; + /*@-usedef@*/ + sl_snprintf (outpath, len, _("%s.out"), path); + + fp = sl_open_read(path, SL_NOPRIV); + if (SL_ISERROR(fp)) + { + fprintf(stderr, + _("ERROR: cannot open %s for read (errnum = %ld)\n"), path, fp); + free(new); free (outpath); + _exit (EXIT_FAILURE); + /*@notreached@*/ + return -1; + } + + fout = sl_open_write(outpath, SL_NOPRIV); + if (SL_ISERROR(fout)) + { + fprintf(stderr, + _("ERROR: cannot open %s (errnum = %ld)\n"), outpath, fout); + free(new); free (outpath); + _exit (EXIT_FAILURE); + /*@notreached@*/ + return -1; + } + + + image = malloc (4096); + if (!image) + goto bail_mem; + while (0 < (ii = sl_read (fp, &image[s], 4096))) + { + ilen += ii; + s += 4096; + image = realloc (image, (size_t) (4096 + s)); + if (!image) + goto bail_mem; + } + + printf(_("%ld bytes read\n"), ilen); + + + for (k = 0; k < (ilen - 8); ++k) + { + if (image[k] == new_key[0] && + image[k+1] == new_key[1] && + image[k+2] == new_key[2] && + image[k+3] == new_key[3] && + image[k+4] == new_key[4] && + image[k+5] == new_key[5] && + image[k+6] == new_key[6] && + image[k+7] == new_key[7]) + { + UINT32 kbuf[KEY_BYT/sizeof(UINT32)]; + + printf(_("old key found\n")); + h1 = sh_tiger_hash_uint32 (key, TIGER_DATA, + (unsigned long)strlen(key), + kbuf, KEY_BYT/sizeof(UINT32)); + copy_four( (unsigned char *) &(image[k]), h1[0]); + copy_four( (unsigned char *) &(image[k+4]), h1[1]); + (void) sl_write (fout, image, ilen); + (void) sl_close (fout); + printf(_("new file %s written\n"), outpath); + free(new); free (outpath); free(image); + _exit (EXIT_SUCCESS); + /*@notreached@*/ + return 0; + } + } + + fprintf(stderr, + _("ERROR: old key not found\n")); + free(new); free (outpath); free(image); + _exit (EXIT_FAILURE); + /*@notreached@*/ + return -1; + + + bail_mem: + fprintf(stderr, + _("ERROR: out of memory\n")); + if (new) free(new); + if (outpath) free (outpath); + if (image) free (image); + _exit (EXIT_FAILURE); + /*@notreached@*/ + return -1; +} + + + + +/* A simple en-/decoder, based on Vernam cipher. We use the + * message as salt to hide the key by obtaining a different one-time + * pad each time. + * Should be safe against a listener on the network, but not against someone + * with read access to the binary. + */ +void sh_util_encode (char * data, char * salt, int mode, char fill) +{ + static char cc1[17] = N_("0123456789ABCDEF"); + char cc[17] = "\0"; + register int i, j, j1 = 0, j2 = 0, j3; + char * dez; + char hashbuf[KEYBUF_SIZE]; + + SL_ENTER(_("sh_util_encode")); + + /* init + */ + (void) sl_strlcpy( cc, _(cc1), sizeof(cc)); + + /* max 128 bits keyspace + */ + memset (skey->vernam, (int)fill, KEY_LEN+1); + + dez = (char *) &(skey->ErrFlag[0]); + sh_util_cpylong (skey->vernam, dez, 4); + dez = (char *) &(skey->ErrFlag[1]); + sh_util_cpylong (&skey->vernam[4], dez, 4); + + skey->vernam[KEY_LEN] = '\0'; + + (void) sl_strlcpy(skey->vernam, + sh_tiger_hash(skey->vernam, TIGER_DATA, KEY_LEN, + hashbuf, sizeof(hashbuf)), + KEY_LEN+1); + + (void) sl_strlcpy(skey->vernam, + sh_util_hmac_tiger (skey->vernam, salt, strlen(salt), + hashbuf, sizeof(hashbuf)), + KEY_LEN+1); + + (void) sl_strlcpy(skey->vernam, + sh_util_hmac_tiger (skey->vernam, (char*) new_key, 8, + hashbuf, sizeof(hashbuf)), + KEY_LEN+1); + + /* The following routine adds/subtracts data[j] and vernam[j] mod 16. + */ + j = 0; + while (j < KEY_LEN) + { + for (i = 0; i < 16; ++i) + { + if (cc[i] == data[j]) j1 = i; + if (cc[i] == skey->vernam[j]) j2 = i; + } + if (mode == 0) + { + j3 = j1 + j2; + if (j3 > 15) j3 -= 16; + data[j] = cc[j3]; + } + else + { + j3 = j1 - j2; + if (j3 < 0) j3 += 16; + data[j] = cc[j3]; + } + ++j; + } + SL_RET0(_("sh_util_encode")); +} + +/* server mode + */ +int sh_util_setserver (const char * dummy) +{ + SL_ENTER(_("sh_util_setserver")); + + (void) dummy; + sh.flag.isserver = GOOD; + SL_RETURN((0),_("sh_util_setserver")); +} + + +int sh_util_setlooptime (const char * str) +{ + int i = atoi (str); + + SL_ENTER(_("sh_util_setlooptime")); + + if (i >= 0 && i < INT_MAX) { + sh.looptime = i; + SL_RETURN((0),_("sh_util_setlooptime")); + } else { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("loop time"), str); + SL_RETURN((-1),_("sh_util_setlooptime")); + } +} + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) +int sh_util_setchecksum (const char * str) +{ + static int reject = 0; + + SL_ENTER(_("sh_util_setchecksum")); + + if (reject == 1) + SL_RETURN((0), _("sh_util_setchecksum")); + reject = 1; + + if (sl_strncmp (str, _("init"), sizeof("init")-1) == 0) + { + sh.flag.checkSum = SH_CHECK_INIT; + } + else if (sl_strncmp (str, _("update"), sizeof("update")-1) == 0) + { + if (S_TRUE == file_is_remote()) + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("checksum testing"), str); + SL_RETURN((-1), _("sh_util_setchecksum")); + } + else + { + sh.flag.checkSum = SH_CHECK_CHECK; + sh.flag.update = S_TRUE; + } + } + else if (sl_strncmp (str, _("check"), sizeof("check")-1) == 0) + { + sh.flag.checkSum = SH_CHECK_CHECK; + } + /* + else if (sl_strncmp (str, _("update"), sizeof("update")-1) == 0) + { + sh.flag.checkSum = SH_CHECK_INIT; + sh.flag.update = S_TRUE; + } + */ + else if (sl_strncmp (str, _("none"), sizeof("none")-1) == 0) + { + sh.flag.checkSum = SH_CHECK_NONE; + } + else + { + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("checksum testing"), str); + SL_RETURN((-1), _("sh_util_setchecksum")); + } + SL_RETURN((0), _("sh_util_setchecksum")); +} +#endif + +/*@+charint@*/ +unsigned char TcpFlag[8][PW_LEN+1] = { +#if (POS_TF == 1) + { 0xF7,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xF7,0x00 }, +#endif + { 0xFF,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xFF,0x00 }, +#if (POS_TF == 2) + { 0xF7,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xF7,0x00 }, +#endif + { 0xFF,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xFF,0x00 }, +#if (POS_TF == 3) + { 0xF7,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xF7,0x00 }, +#endif + { 0xFF,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xFF,0x00 }, +#if (POS_TF == 4) + { 0xF7,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xF7,0x00 }, +#endif + { 0xFF,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xFF,0x00 }, +#if (POS_TF == 5) + { 0xF7,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xF7,0x00 }, +#endif + { 0xFF,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xFF,0x00 }, +#if (POS_TF == 6) + { 0xF7,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xF7,0x00 }, +#endif + { 0xFF,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xFF,0x00 }, +#if (POS_TF == 7) + { 0xF7,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xF7,0x00 }, +#endif + { 0xFF,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xFF,0x00 }, +#if (POS_TF == 8) + { 0xF7,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xF7,0x00 }, +#endif +}; +/*@-charint@*/ + +/* initialize a key to a random value + * rev 0.8 + */ +int sh_util_keyinit (char * buf, long size) +{ + UINT32 bufy[6]; + int i; + int status = 0; + char * p; + char hashbuf[KEYBUF_SIZE]; + + SL_ENTER(_("sh_util_keyinit")); + + ASSERT((size <= KEY_LEN+1), _("size <= KEY_LEN+1")) + + if (size > KEY_LEN+1) + size = KEY_LEN+1; + + /* seed / re-seed the PRNG if required + */ + status = taus_seed (); + + if (status == -1) + sh_error_handle ((-1), FIL__, __LINE__, -1, MSG_ES_KEY1, + _("taus_seed")); + + for (i = 0; i < 6; ++i) + bufy[i] = taus_get(); + + p = sh_tiger_hash ((char *) bufy, TIGER_DATA, + (unsigned long)(6*sizeof(UINT32)), + hashbuf, sizeof(hashbuf)); + + i = sl_strlcpy(buf, p, (size_t)size); + + memset (bufy, 0, 6*sizeof(UINT32)); + + if ((status == 0) && (!SL_ISERROR(i)) ) + SL_RETURN((0),_("sh_util_keyinit")); + + if (SL_ISERROR(i)) + sh_error_handle ((-1), FIL__, __LINE__, i, MSG_ES_KEY2, + _("sl_strlcpy")); + + SL_RETURN((-1),_("sh_util_keyinit")); +} + +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) + +static unsigned char sh_obscure_index[256]; +static int sh_obscure_no_check = S_FALSE; + +int sh_util_valid_utf8 (const unsigned char * str) +{ + const int sh_val_utf8_1 = 1; + const int sh_val_utf8_2 = 2; + const int sh_val_utf8_3 = 3; + const int sh_val_utf8_4 = 4; + + size_t len = strlen((const char *)str); + size_t l = 0; + int typ = 0; + unsigned char c = '\0'; + unsigned char c2[2] = { 0x00, 0x00 }; + unsigned char c3[3] = { 0x00, 0x00, 0x00 }; + + +#define SH_VAL_UTF8_1 ((c != '\0') && ((c & 0x80) == 0x00)) +#define SH_VAL_UTF8_2 ((c != '\0') && ((c & 0xE0) == 0xC0)) /* 110x xxxx */ +#define SH_VAL_UTF8_3 ((c != '\0') && ((c & 0xF0) == 0xE0)) /* 1110 xxxx */ +#define SH_VAL_UTF8_4 ((c != '\0') && ((c & 0xF8) == 0xF0)) /* 1111 0xxx */ +#define SH_VAL_UTF8_N ((c != '\0') && ((c & 0xC0) == 0x80)) /* 10xx xxxx */ +#define SH_VAL_BAD ((c == '"') || (c == '\t') || (c == '\b') || \ + (c == '\f') || (c == '\n') || \ + (c == '\r') || (c == '\v') || iscntrl((int) c) || \ + (c != ' ' && !isgraph ((int) c))) + + while(l < len) + { + c = str[l]; + + if (SH_VAL_UTF8_1) + { + if (!(SH_VAL_BAD && (sh_obscure_index[c] != 1))) + { + typ = sh_val_utf8_1; + ++l; continue; + } + else + { + return S_FALSE; + } + } + else if (SH_VAL_UTF8_2) + { + typ = sh_val_utf8_2; + c2[0] = c; + if ((c & 0x3e) != 0x00) /* !(overlong 2-byte seq.) */ + { + ++l; + if (l != len) { + c = str[l]; + if(SH_VAL_UTF8_N) { + c2[1] = c; + ++l; continue; + } + else { + return S_FALSE; + } + } + else { + return S_FALSE; + } + } + else + { + return S_FALSE; /* overlong 2-byte seq. */ + } + } + else if (SH_VAL_UTF8_3) + { + typ = sh_val_utf8_3; + c3[0] = c; + ++l; if (l == len) return S_FALSE; c = str[l]; + if(!SH_VAL_UTF8_N) return S_FALSE; + if (((str[l-1] & 0x1F) == 0x00) && ((c & 0x60) == 0x00)) + return S_FALSE; /* overlong 3-byte seq. */ + c3[1] = c; + ++l; if (l == len) return S_FALSE; c = str[l]; + if(!SH_VAL_UTF8_N) return S_FALSE; + c3[2] = c; + ++l; continue; + } + else if (SH_VAL_UTF8_4) + { + typ = sh_val_utf8_4; + ++l; if (l == len) return S_FALSE; c = str[l]; + if(!SH_VAL_UTF8_N) return S_FALSE; + if (((str[l-1] & 0x0F) == 0x00) && ((c & 0x70) == 0x00)) + return S_FALSE; /* overlong 4-byte seq. */ + ++l; if (l == len) return S_FALSE; c = str[l]; + if(!SH_VAL_UTF8_N) return S_FALSE; + ++l; if (l == len) return S_FALSE; c = str[l]; + if(!SH_VAL_UTF8_N) return S_FALSE; + ++l; continue; + } + return S_FALSE; + } + + /* last character is invisible (space or else) + */ + if (typ == sh_val_utf8_1) + { + if (c != ' ') + return S_TRUE; + else + return S_FALSE; + } + else if (typ == sh_val_utf8_2) + { + if (c2[0] == 0xC2 && c2[1] == 0xA0) /* nbsp */ + return S_FALSE; + else + return S_TRUE; + } + else if (typ == sh_val_utf8_3) + { + if (c3[0] == 0xE2) + { + if (c3[1] == 0x80 && c3[2] >= 0x80 && c3[2] <= 0x8F) + return S_FALSE; /* various spaces, left-to-right, right-to-left */ + else if (c3[1] == 0x80 && (c3[2] == 0xA8 || c3[2] == 0xA9 || + c3[2] == 0xAD || c3[2] == 0xAF)) + return S_FALSE; /* line sep, para sep, zw word joiner, nnbsp */ + else if (c3[1] == 0x81 && (c3[2] == 0xA0 || c3[2] == 0xA1 || + c3[2] == 0x9F)) + return S_FALSE; /* word joiner, function app, math space */ + else + return S_TRUE; + } + else if (c3[0] == 0xE3 && c3[1] == 0x80 && c3[2] == 0x80) + { + return S_FALSE; /* ideographic space */ + } + else if (c3[0] == 0xEF && c3[1] == 0xBB && c3[2] == 0xBF) + { + return S_FALSE; /* zwnbsp */ + } + else + { + return S_TRUE; + } + } + else + { + return S_TRUE; + } +} + + +int sh_util_obscure_ok (const char * str) +{ + unsigned long i; + char * endptr = NULL; + + SL_ENTER(_("sh_util_obscure_ok")); + + if (0 == sl_strncmp("all", str, 3)) + { + for (i = 0; i < 255; ++i) + { + sh_obscure_index[i] = (unsigned char)1; + } + sh_obscure_no_check = S_TRUE; + SL_RETURN(0, _("sh_util_obscure_ok")); + } + + sh_obscure_no_check = S_FALSE; + + for (i = 0; i < 255; ++i) + { + sh_obscure_index[i] = (unsigned char)0; + } + + i = strtoul (str, &endptr, 0); + if (i > 255) + { + SL_RETURN(-1, _("sh_util_obscure_ok")); + } + sh_obscure_index[i] = (unsigned char)1; + if (*endptr == ',') + ++endptr; + + while (*endptr != '\0') + { + i = strtoul (endptr, &endptr, 0); + if (i > 255) + { + SL_RETURN(-1, _("sh_util_obscure_ok")); + } + sh_obscure_index[i] = (unsigned char)1; + if (*endptr == ',') + ++endptr; + } + SL_RETURN(0, _("sh_util_obscure_ok")); +} + +static int sh_obscure_check_utf8 = S_FALSE; + +int sh_util_obscure_utf8 (const char * c) +{ + int i; + SL_ENTER(_("sh_util_obscure_utf8")); + i = sh_util_flagval(c, &(sh_obscure_check_utf8)); + if (sh_obscure_check_utf8 == S_TRUE) + sh_obscure_no_check = S_FALSE; + SL_RETURN(i, _("sh_util_obscure_utf8")); +} + + +int sh_util_obscurename (ShErrLevel level, char * name_orig, int flag) +{ + unsigned char * name = (unsigned char *) name_orig; + char * safe; + unsigned int i; + size_t len = 0; + + SL_ENTER(_("sh_util_obscurename")); + + ASSERT_RET((name != NULL), _("name != NULL"), (0)) + + if (sh_obscure_no_check == S_FALSE) + { + if (sh_obscure_check_utf8 != S_TRUE) + { + /* -- Check name. -- + */ + while (*name != '\0') + { + if ( (*name) > 0x7F || (*name) == '"' || (*name) == '\t' || + (*name) == '\b' || (*name) == '\f' || + (*name) == '\n' || (*name) == '\r' || + (*name) == '\v' || iscntrl((int) *name) || + ((*name) != ' ' && !isgraph ((int) *name)) ) + { + i = (unsigned char) *name; + if (sh_obscure_index[i] != (unsigned char)1) + { + goto err; + } + } + name++; ++len; + } + + /* Check for blank at end of name + */ + if ((len > 0) && (name_orig[len-1] == ' ')) + { + goto err; + } + } + else + { + if (S_FALSE == sh_util_valid_utf8(name)) + { + goto err; + } + SL_RETURN((0),_("sh_util_obscurename")); + } + } + + SL_RETURN((0),_("sh_util_obscurename")); + + err: + + if (flag == S_TRUE) + { + safe = sh_util_safe_name (name_orig); + sh_error_handle (level, FIL__, __LINE__, 0, MSG_FI_OBSC, + safe); + SH_FREE(safe); + } + SL_RETURN((-1),_("sh_util_obscurename")); +} + +#endif + +/* returns freshly allocated memory, return value should be free'd + */ +char * sh_util_dirname(const char * fullpath) +{ + char * retval; + size_t len; + char * tmp; + + SL_ENTER(_("sh_util_dirname")); + + ASSERT_RET ((fullpath != NULL), _("fullpath != NULL"), (NULL)) + ASSERT_RET ((*fullpath == '/'), _("*fullpath == '/'"), (NULL)) + + retval = sh_util_strdup(fullpath); + + tmp = retval; + while (*tmp == '/') ++tmp; + + /* (1) only leading slashes -- return exact copy + */ + if (*tmp == '\0') + { + SL_RETURN(retval, _("sh_util_dirname")); + } + + /* (2) there are non-slash characters, so delete trailing slashes + */ + len = sl_strlen (retval); /* retval[len] is terminating '\0' */ + + while (len > 1 && retval[len-1] == '/') /* delete trailing slash */ + { + retval[len-1] = '\0'; + --len; + } + + /* (3) now delete all non-slash characters up to the preceding slash + */ + while (len > 1 && retval[len-1] != '/') { + retval[len-1] = '\0'; + --len; + } + + /* (4a) only leading slashes left, so return this + */ + if (&(retval[len]) == tmp) + { + SL_RETURN(retval, _("sh_util_dirname")); + } + + /* (4b) strip trailing slash(es) of parent directory + */ + while (len > 1 && retval[len-1] == '/') { + retval[len-1] = '\0'; + --len; + } + SL_RETURN(retval, _("sh_util_dirname")); + +} + +/* returns freshly allocated memory, return value should be free'd + */ +char * sh_util_basename(const char * fullpath) +{ + char * retval = NULL; + const char * tmp; + char * tmp2; + char * c; + size_t len; + + SL_ENTER(_("sh_util_basename")); + + ASSERT_RET ((fullpath != NULL), _("fullpath != NULL"), (NULL)) + + tmp = fullpath; while (*tmp == '/') ++tmp; + if (*tmp == '\0') + { + retval = sh_util_strdup(fullpath); + } + else + { + tmp2 = sh_util_strdup(tmp); + len = sl_strlen (tmp2); + + while (len > 1 && tmp2[len-1] == '/') + { + tmp2[len-1] = '\0'; + --len; + } + + c = strrchr(tmp2, '/'); + if (c) + { + retval = sh_util_strdup(++c); + SH_FREE(tmp2); + } + else + { + retval = tmp2; + } + } + + SL_RETURN(retval, _("sh_util_basename")); +} + +#define SH_ESCAPE_SPACE 1 +#define SH_DONT_ESCAPE_SPACE 0 +char * sh_util_safe_name_int (const char * name, int escape_space); + +char * sh_util_safe_name (const char * name) +{ + return sh_util_safe_name_int (name, SH_ESCAPE_SPACE); +} + +char * sh_util_safe_name_keepspace (const char * name) +{ + return sh_util_safe_name_int (name, SH_DONT_ESCAPE_SPACE); +} + +/* returns freshly allocated memory, return value should be free'd + */ +char * sh_util_safe_name_int (const char * name, int escape_space) +{ + register int i = 0; + const char * p; + char * retval; + char oct[32]; + char format[16]; + size_t len; + + SL_ENTER(_("sh_util_safe_name")); + + if (name == NULL) + { + /* return an allocated array + */ + retval = SH_ALLOC(7); + (void) sl_strlcpy(retval, _("(null)"), 7); + SL_RETURN(retval, _("sh_util_safe_name")); + } + + /* + ASSERT_RET ((name != NULL), _("name != NULL"), _("NULL")) + */ + + len = sl_strlen(name); + p = name; + +#ifdef SH_USE_XML + if (sl_ok_muls (6, len) && sl_ok_adds ((6*len), 2)) + { retval = SH_ALLOC(6 * len + 2); } + else + { + /* return an allocated array + */ + retval = SH_ALLOC(11); + (void) sl_strlcpy(retval, _("(overflow)"), 11); + SL_RETURN(retval, _("sh_util_safe_name")); + } +#else + if (sl_ok_muls (4, len) && sl_ok_adds ((4*len), 2)) + { retval = SH_ALLOC(4 * len + 2); } + else + { + /* return an allocated array + */ + retval = SH_ALLOC(11); + (void) sl_strlcpy(retval, _("(overflow)"), 11); + SL_RETURN(retval, _("sh_util_safe_name")); + } +#endif + + (void) sl_strncpy(format, _("%c%03o"), 16); + + while (*p != '\0') { + /* Most frequent cases first + */ + if ( ((*p) >= 'a' && (*p) <= 'z') || ((*p) == '/') || ((*p) == '.') || + ((*p) >= '0' && (*p) <= '9') || + ((*p) >= 'A' && (*p) <= 'Z')) { + retval[i] = *p; + } else if ( (*p) == '\\') { /* backslash */ + retval[i] = '\\'; ++i; + retval[i] = '\\'; + } else if ( (*p) == '\n') { /* newline */ + retval[i] = '\\'; ++i; + retval[i] = 'n'; + } else if ( (*p) == '\b') { /* backspace */ + retval[i] = '\\'; ++i; + retval[i] = 'b'; + } else if ( (*p) == '\r') { /* carriage return */ + retval[i] = '\\'; ++i; + retval[i] = 'r'; + } else if ( (*p) == '\t') { /* horizontal tab */ + retval[i] = '\\'; ++i; + retval[i] = 't'; + } else if ( (*p) == '\v') { /* vertical tab */ + retval[i] = '\\'; ++i; + retval[i] = 'v'; + } else if ( (*p) == '\f') { /* form-feed */ + retval[i] = '\\'; ++i; + retval[i] = 'f'; +#ifdef WITH_DATABASE + } else if ( (*p) == '\'') { /* single quote */ + retval[i] = '\\'; ++i; + retval[i] = '\''; +#endif + } else if ( (*p) == ' ') { /* space */ + if (escape_space) { + retval[i] = '\\'; ++i; + retval[i] = ' '; + } + else { + retval[i] = *p; + } +#ifdef SH_USE_XML + } else if ( (*p) == '"') { /* double quote */ + retval[i] = '&'; ++i; + retval[i] = 'q'; ++i; + retval[i] = 'u'; ++i; + retval[i] = 'o'; ++i; + retval[i] = 't'; ++i; + retval[i] = ';'; + } else if ( (*p) == '&') { /* ampersand */ + retval[i] = '&'; ++i; + retval[i] = 'a'; ++i; + retval[i] = 'm'; ++i; + retval[i] = 'p'; ++i; + retval[i] = ';'; + } else if ( (*p) == '<') { /* left angle */ + retval[i] = '&'; ++i; + retval[i] = 'l'; ++i; + retval[i] = 't'; ++i; + retval[i] = ';'; + } else if ( (*p) == '>') { /* right angle */ + retval[i] = '&'; ++i; + retval[i] = 'g'; ++i; + retval[i] = 't'; ++i; + retval[i] = ';'; +#else + } else if ( (*p) == '"') { /* double quote */ + retval[i] = '\\'; ++i; + retval[i] = '\"'; +#endif + } else if (!isgraph ((int) *p)) { /* not printable */ + /*@-bufferoverflowhigh -formatconst@*/ + /* flawfinder: ignore */ + sprintf(oct, format, '\\', /* known to fit */ + (unsigned char) *p); + /*@+bufferoverflowhigh +formatconst@*/ + retval[i] = oct[0]; ++i; + retval[i] = oct[1]; ++i; + retval[i] = oct[2]; ++i; + retval[i] = oct[3]; + } else { + retval[i] = *p; + } + ++p; + ++i; + } + retval[i] = '\0'; + SL_RETURN(retval, _("sh_util_safe_name")); +} + +int sh_util_isnum (const char *str) +{ + const char *p = str; + + SL_ENTER(_("sh_util_isnum")); + + ASSERT_RET ((str != NULL), _("str != NULL"), (-1)) + + while (p) { + if (!isdigit((int) *p) ) + SL_RETURN((-1), _("sh_util_isnum")); + ++p; + } + SL_RETURN((0), _("sh_util_isnum")); +} + +char * sh_util_strconcat (const char * arg1, ...) +{ + size_t length, l2; + char * s; + char * strnew; + va_list vl; + + SL_ENTER(_("sh_util_strconcat")); + + ASSERT_RET ((arg1 != NULL), _("arg1 != NULL"), (NULL)) + + length = sl_strlen (arg1) + 1; + + va_start (vl, arg1); + s = va_arg (vl, char * ); + while (s != NULL) + { + l2 = sl_strlen (s); + if (sl_ok_adds(length, l2)) + length += l2; + else + SL_RETURN(NULL, _("sh_util_strconcat")); + s = va_arg (vl, char * ); + } + va_end (vl); + + if (sl_ok_adds(length, 2)) + strnew = SH_ALLOC( length + 2 ); + else + SL_RETURN(NULL, _("sh_util_strconcat")); + + strnew[0] = '\0'; + + (void) sl_strlcpy (strnew, arg1, length + 2); + + va_start (vl, arg1); + s = va_arg (vl, char * ); + while (s) + { + (void) sl_strlcat (strnew, s, length + 2); + s = va_arg (vl, char * ); + } + va_end (vl); + + SL_RETURN(strnew, _("sh_util_strconcat")); +} + +static const char bto64_0[] = N_("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789()"); +static char bto64[65] = { '\0' }; + + +size_t sh_util_base64_enc (unsigned char * out, const unsigned char * instr, + size_t lin) +{ + int ll; + unsigned char a, b, c; + size_t len = 0; + size_t j = 0; + + start: + if (bto64[0] != '\0') + { + if (instr && *instr) + { + if (lin == 0) + lin = strlen((const char *)instr); + + do { + ll = 0; + + if (len < lin) + { a = *instr; ++instr; ++len; ++ll; } + else + { a = 0; } + if (len < lin) + { b = *instr; ++instr; ++len; ++ll; } + else + { b = 0; } + if (len < lin) + { c = *instr; ++instr; ++len; ++ll; } + else + { c = 0; } + + *out = bto64[ a >> 2 ]; + ++j; ++out; + *out = bto64[ ((a & 0x03) << 4) | ((b & 0xf0) >> 4) ]; + ++j; ++out; + *out = (unsigned char) (ll > 1 ? bto64[ ((b & 0x0f) << 2) | ((c & 0xc0) >> 6) ] : '?'); + ++j; ++out; + *out = (unsigned char) (ll > 2 ? bto64[ c & 0x3f ] : '?'); + ++j; ++out; + } while (len < lin); + } + *out = '\0'; + return j; + } + + memcpy(bto64, _(bto64_0), 65); + goto start; +} + +size_t sh_util_base64_enc_alloc (char **out, const char *in, size_t inlen) +{ + size_t outlen = SH_B64_SIZ(inlen); + + if (inlen > outlen) /* overflow */ + { + *out = NULL; + return 0; + } + + *out = SH_ALLOC(outlen); + return sh_util_base64_enc((unsigned char *)*out, (const unsigned char *)in, inlen); +} + +size_t sh_util_base64_dec (unsigned char *out, const unsigned char *in, + size_t lin) +{ + size_t i; + unsigned char c; + unsigned char b; + size_t lout = 0; + int w = 0; + + if (out && in) + { + if (lin == 0) + lin = strlen((const char *)in); + + for (i = 0; i < lin; i++) + { + c = *in; ++in; + b = 0; + + if ((c >= 'A') && (c <= 'Z')) + { + b = (c - 'A'); + } + else if ((c >= 'a') && (c <= 'z')) + { + b = (c - 'a' + 26); + } + else if ((c >= '0') && (c <= '9')) + { + b = (c - '0' + 52); + } + else if (c == '(' || c == '+') + { + b = 62; + } + else if (c == ')' || c == '/') + { + b = 63; + } + else if (c == '?' || c == '=') + { + /* last byte was written to, but will now get + * truncated + */ + if (lout > 0) --lout; + break; + } + + if (w == 0) + { + *out = (b << 2) & 0xfc; + ++lout; + } + else if (w == 1) + { + *out |= (b >> 4) & 0x03; + ++out; + *out = (b << 4) & 0xf0; + ++lout; + } + else if (w == 2) + { + *out |= (b >> 2) & 0x0f; + ++out; + *out = (b << 6) & 0xc0; + ++lout; + } + else if (w == 3) + { + *out |= b & 0x3f; + ++out; + } + + ++w; + + if (w == 4) + { + w = 0; + } + } + *out = '\0'; + } + return lout; +} + +size_t sh_util_base64_dec_alloc (unsigned char **out, const unsigned char *in, + size_t lin) +{ + size_t lout = 3 * (lin / 4) + 2; + + *out = SH_ALLOC(lout); + + return sh_util_base64_dec (*out, in, lin); +} + + +#ifdef HAVE_REGEX_H + +#include + +int sh_util_regcmp (char * regex_str, char * in_str) +{ +#if defined(REG_ESPACE) + int status = REG_ESPACE; +#else + int status = -1; +#endif + regex_t preg; + char * errbuf; + + SL_ENTER(_("sh_util_regcmp")); + + status = regcomp(&preg, regex_str, REG_NOSUB|REG_EXTENDED); + + if (status == 0) + { + if ((status = regexec(&preg, in_str, 0, NULL, 0)) == 0) + { + regfree (&preg); + SL_RETURN((0), _("sh_util_regcmp")); + } + } + + if (status != 0 && status != REG_NOMATCH) + { + errbuf = SH_ALLOC(BUFSIZ); + (void) regerror(status, &preg, errbuf, BUFSIZ); + errbuf[BUFSIZ-1] = '\0'; + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_REGEX, + errbuf, regex_str); + SH_FREE(errbuf); + } + + regfree (&preg); + SL_RETURN((-1), _("sh_util_regcmp")); +} + +#endif + + + + + + + + Index: /tags/2.5.0/src/sh_utmp.c =================================================================== --- /tags/2.5.0/src/sh_utmp.c (revision 189) +++ /tags/2.5.0/src/sh_utmp.c (revision 189) @@ -0,0 +1,1185 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +#include +#include +#include +#include +#include +#include +#include + +#ifdef HAVE_UTADDR +#include +#include +#ifndef S_SPLINT_S +#include +#else +#define AF_INET 2 +#endif +#endif + +#ifdef SH_USE_UTMP + +#ifdef HAVE_UTMPX_H + +#ifdef S_SPLINT_S +typedef pid_t __pid_t; +#endif + +#include +#define SH_UTMP_S utmpx +#undef ut_name +#define ut_name ut_user +#ifdef HAVE_UTXTIME +#undef ut_time +#define ut_time ut_xtime +#else +#undef ut_time +#define ut_time ut_tv.tv_sec +#endif + +#else +#include +#define SH_UTMP_S utmp +#endif + + +#ifdef HAVE_PATHS_H +#include +#endif + +#undef FIL__ +#define FIL__ _("sh_utmp.c") + +#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) + + +#include "samhain.h" +#include "sh_utils.h" +#include "sh_error.h" +#include "sh_modules.h" +#include "sh_utmp.h" +#include "sh_pthread.h" + +SH_MUTEX_EXTERN(mutex_thread_nolog); + +#ifdef TM_IN_SYS_TIME +#include +#else +#include +#endif + +#ifdef HAVE_UNISTD_H +#include +#endif + +#ifdef HAVE_DIRENT_H +#include +#define NAMLEN(dirent) sl_strlen((dirent)->d_name) +#else +#define dirent direct +#define NAMLEN(dirent) (dirent)->d_namlen +#ifdef HAVE_SYS_NDIR_H +#include +#endif +#ifdef HAVE_SYS_DIR_H +#include +#endif +#ifdef HAVE_NDIR_H +#include +#endif +#endif + +#ifndef HAVE_LSTAT +#define lstat stat +#endif + +#ifndef UT_LINESIZE +#ifndef __UT_LINESIZE +#define UT_LINESIZE 12 +#else +#define UT_LINESIZE __UT_LINESIZE +#endif +#endif + +#ifndef UT_NAMESIZE +#ifndef __UT_NAMESIZE +#define UT_NAMESIZE 8 +#else +#define UT_NAMESIZE __UT_NAMESIZE +#endif +#endif + +#ifndef UT_HOSTSIZE +#ifndef __UT_HOSTSIZE +#define UT_HOSTSIZE 16 +#else +#define UT_HOSTSIZE __UT_HOSTSIZE +#endif +#endif + +#ifdef HAVE_UTMPX_H + +#ifndef _PATH_UTMP +#ifdef UTMPX_FILE +#define _PATH_UTMP UTMPX_FILE +#else +#error You must define UTMPX_FILE in the file config.h +#endif +#endif +#ifndef _PATH_WTMP +#ifdef WTMPX_FILE +#define _PATH_WTMP WTMPX_FILE +#else +#error You must define WTMPX_FILE in the file config.h +#endif +#endif + +#else + +#ifndef _PATH_UTMP +#ifdef UTMP_FILE +#define _PATH_UTMP UTMP_FILE +#else +#error You must define UTMP_FILE in the file config.h +#endif +#endif +#ifndef _PATH_WTMP +#ifdef WTMP_FILE +#define _PATH_WTMP WTMP_FILE +#else +#error You must define WTMP_FILE in the file config.h +#endif +#endif + +#endif + +typedef struct log_user { + char ut_tty[UT_LINESIZE+1]; + char name[UT_NAMESIZE+1]; + char ut_host[UT_HOSTSIZE+1]; + char ut_ship[16]; /* IP address */ + time_t time; + struct log_user * next; +} blah_utmp; + +#ifdef HAVE_UTTYPE +static char terminated_line[UT_HOSTSIZE]; +#endif + +static struct SH_UTMP_S save_utmp; + +static void sh_utmp_logout_morechecks(struct log_user * user); +static void sh_utmp_login_morechecks(struct SH_UTMP_S * ut); +static void sh_utmp_addlogin (struct SH_UTMP_S * ut); +static void sh_utmp_check_internal(int mode); + +static int ShUtmpLoginSolo = SH_ERR_INFO; +static int ShUtmpLoginMulti = SH_ERR_WARN; +static int ShUtmpLogout = SH_ERR_INFO; +static int ShUtmpActive = S_TRUE; +static time_t ShUtmpInterval = 300; + +sh_rconf sh_utmp_table[] = { + { + N_("severityloginmulti"), + sh_utmp_set_login_multi + }, + { + N_("severitylogin"), + sh_utmp_set_login_solo + }, + { + N_("severitylogout"), + sh_utmp_set_logout_good + }, + { + N_("logincheckactive"), + sh_utmp_set_login_activate + }, + { + N_("logincheckinterval"), + sh_utmp_set_login_timer + }, + { + NULL, + NULL + }, +}; + +static void set_defaults(void) +{ + ShUtmpLoginSolo = SH_ERR_INFO; + ShUtmpLoginMulti = SH_ERR_WARN; + ShUtmpLogout = SH_ERR_INFO; + ShUtmpActive = S_TRUE; + ShUtmpInterval = 300; + return; +} + + +#if defined (HAVE_SETUTENT) && defined (USE_SETUTENT) + +#ifdef HAVE_UTMPX_H + +#define sh_utmp_utmpname utmpxname +#define sh_utmp_setutent setutxent +#define sh_utmp_endutent endutxent +#define sh_utmp_getutent getutxent +#define sh_utmp_getutid getutxid +#define sh_utmp_getutline getutxline + +#else + +#define sh_utmp_utmpname utmpname +#define sh_utmp_setutent setutent +#define sh_utmp_endutent endutent +#define sh_utmp_getutent getutent +#define sh_utmp_getutid getutid +#define sh_utmp_getutline getutline + +#endif + +#else + +/* BSD lacks getutent() etc. + * utmpname(), setutent(), and endutent() return void, + * so we do not perform much error handling. + * Errors must be recognized by getutent() returning NULL. + * Apparently, the application cannot check whether wtmp is empty, + * or whether there was an fopen() error. + */ + +static FILE * sh_utmpfile = NULL; +static char sh_utmppath[80] = _PATH_UTMP; + +/* sh_utmp_feed_forward is for optimizing + * (fseek instead of getutent loop) + */ +static long sh_utmp_feed_forward = 0; + +static void sh_utmp_utmpname(const char * str) +{ + SL_ENTER(_("sh_utmp_utmpname")); + if (sh_utmpfile != NULL) + { + (void) fclose (sh_utmpfile); + sh_utmpfile = NULL; + } + + (void) sl_strlcpy (sh_utmppath, str, 80); + SL_RET0(_("sh_utmp_utmpname")); +} + +static void sh_utmp_setutent(void) +{ + int error; + int fd; + + SL_ENTER(_("sh_utmp_setutent")); + + ASSERT((sh_utmppath != NULL), _("sh_utmppath != NULL")); + + if (sh_utmppath == NULL) + SL_RET0(_("sh_utmp_setutent")); + + if (sh_utmpfile == NULL) + { + SH_MUTEX_LOCK(mutex_thread_nolog); + fd = (int) aud_open (FIL__, __LINE__, SL_NOPRIV, + sh_utmppath, O_RDONLY, 0); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + if (fd >= 0) + { + sh_utmpfile = fdopen(fd, "r"); + } + + /* -- If (sh_utmpfile == NULL) then either the open() or the fdopen() + * has failed. + */ + if (sh_utmpfile == NULL) + { + error = errno; + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle ((-1), FIL__, __LINE__, error, MSG_E_ACCESS, + (long) sh.real.uid, sh_utmppath); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SL_RET0(_("sh_utmp_setutent")); + } + } + (void) fseek (sh_utmpfile, 0L, SEEK_SET); + if (-1 == fseek (sh_utmpfile, sh_utmp_feed_forward, SEEK_CUR)) + { + sh_utmp_feed_forward = 0; /* modified Apr 4, 2004 */ + (void) fseek (sh_utmpfile, 0L, SEEK_SET); + } + clearerr (sh_utmpfile); + SL_RET0(_("sh_utmp_setutent")); +} + +static void sh_utmp_endutent(void) +{ + SL_ENTER(_("sh_utmp_endutent")); + if (NULL != sh_utmpfile) + (void) fclose(sh_utmpfile); + sh_utmpfile = NULL; + SL_RET0(_("sh_utmp_endutent")); +} + +static struct SH_UTMP_S * sh_utmp_getutent(void) +{ + size_t in; + static struct SH_UTMP_S out; + + SL_ENTER(_("sh_utmp_getutent")); + + ASSERT_RET((sh_utmpfile != NULL), _("sh_utmpfile != NULL"), (NULL)) + + in = fread (&out, sizeof(struct SH_UTMP_S), 1, sh_utmpfile); + + if (in != 1) + { + if (ferror (sh_utmpfile) != 0) + { + clearerr (sh_utmpfile); + SL_RETURN(NULL, _("sh_utmp_getutent")); + } + else + { + SL_RETURN(NULL, _("sh_utmp_getutent")); + } + } + SL_RETURN(&out, _("sh_utmp_getutent")); +} + +#ifdef USE_UNUSED + +static struct SH_UTMP_S * sh_utmp_getutline(struct SH_UTMP_S * ut) +{ + struct SH_UTMP_S * out; + + while (1) { + if ((out = sh_utmp_getutent()) == NULL) { + return NULL; + } +#ifdef HAVE_UTTYPE + if (out->ut_type == USER_PROCESS || out->ut_type == LOGIN_PROCESS) + if (sl_strcmp(ut->ut_line, out->ut_line) == 0) + return out; +#else + if ( 0 != sl_strncmp (out->ut_name, "reboot", 6) && + 0 != sl_strncmp (out->ut_name, "shutdown", 8) && + 0 != sl_strncmp (out->ut_name, "date", 4) ) + return out; +#endif + } + return NULL; +} + +static struct SH_UTMP_S * sh_utmp_getutid(struct SH_UTMP_S * ut) +{ +#ifdef HAVE_UTTYPE + struct SH_UTMP_S * out; + + if (ut->ut_type == RUN_LVL || ut->ut_type == BOOT_TIME || + ut->ut_type == NEW_TIME || ut->ut_type == OLD_TIME) + { + while (1) { + if ((out = sh_utmp_getutent()) == NULL) { + return NULL; + } + if (out->ut_type == ut->ut_type) + return out; + } + } + else if (ut->ut_type == INIT_PROCESS || ut->ut_type == LOGIN_PROCESS || + ut->ut_type == USER_PROCESS || ut->ut_type == DEAD_PROCESS ) + { + while (1) { + if ((out = sh_utmp_getutent()) == NULL) { + return NULL; + } + if (sl_strcmp(ut->ut_id, out->ut_id) == 0) + return out; + } + } +#endif + return NULL; +} +/* #ifdef USE_UNUSED */ +#endif + +/* #ifdef HAVE_SETUTENT */ +#endif + +#ifdef HAVE_UTADDR +#ifdef HAVE_INET_ATON +static char * my_inet_ntoa(struct in_addr in) +{ + return /*@-unrecog@*/inet_ntoa(in)/*@+unrecog@*/; +} +#else +static char * my_inet_ntoa(struct in_addr in) +{ + unsigned char a, b, c, d; + static char foo[16]; + char bar[4]; + memcpy (bar, &(in.s_addr), 4); /* memory alignment (?) */ + memcpy (&a, &bar[0], 1); + memcpy (&b, &bar[1], 1); + memcpy (&c, &bar[2], 1); + memcpy (&d, &bar[3], 1); + sprintf(foo, _("%d.%d.%d.%d"), /* known to fit */ + (int) a, (int) b, (int) c, (int) d); + return foo; +} +#endif +/* #ifdef HAVE_UTADDR */ +#endif + +#if defined(__linux__) && !defined(ut_addr) +#define ut_addr ut_addr_v6[0] +#endif + + +static struct log_user * userlist = NULL; +static time_t lastcheck; +static int init_done = 0; + +/************* + * + * module init + * + *************/ + +static int sh_utmp_init_internal (void) +{ + + SL_ENTER(_("sh_utmp_init")); + if (ShUtmpActive == BAD) + SL_RETURN( (-1), _("sh_utmp_init")); + + /* do not re-initialize after a re-configuration + */ + if (init_done == 1) { + SL_RETURN( (0), _("sh_utmp_init")); + } + lastcheck = time (NULL); + userlist = NULL; + memset (&save_utmp, 0, sizeof(struct SH_UTMP_S)); + sh_utmp_check_internal (2); /* current logins */ + sh_utmp_check_internal (0); + init_done = 1; + SL_RETURN( (0), _("sh_utmp_init")); +} + +int sh_utmp_init (struct mod_type * arg) +{ + if (ShUtmpActive == BAD) + return SH_MOD_FAILED; +#ifdef HAVE_PTHREAD + if (arg != NULL && arg->initval < 0 && + (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE)) + { + if (0 == sh_pthread_create(sh_threaded_module_run, (void *)arg)) + return SH_MOD_THREAD; + else + return SH_MOD_FAILED; + } +#endif + return sh_utmp_init_internal(); +} + +/************* + * + * module cleanup + * + *************/ +#ifdef HAVE_UTTYPE +static int sh_utmp_login_clean(void); +#endif + +int sh_utmp_end () +{ + struct log_user * user = userlist; + struct log_user * userold; + + SL_ENTER(_("sh_utmp_end")); + while (user) + { + userold = user; + user = user->next; + SH_FREE(userold); + } + userlist = NULL; +#ifdef HAVE_UTTYPE + (void) sh_utmp_login_clean(); +#endif + /* Reset the flag, such that the module + * can be re-enabled. + */ + set_defaults(); + init_done = 0; + SL_RETURN( (0), _("sh_utmp_end")); +} + +int sh_utmp_reconf() +{ + set_defaults(); + return 0; +} + + +/************* + * + * module timer + * + *************/ +int sh_utmp_timer (time_t tcurrent) +{ + if ((time_t) (tcurrent - lastcheck) >= ShUtmpInterval) + { + lastcheck = tcurrent; + return (-1); + } + return 0; +} + +/************* + * + * module check + * + *************/ +int sh_utmp_check () +{ + SL_ENTER(_("sh_utmp_check")); + if (ShUtmpActive == BAD) + SL_RETURN( (-1), _("sh_utmp_check")); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_UT_CHECK); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + sh_utmp_check_internal (1); + + SL_RETURN(0, _("sh_utmp_check")); +} + +/************* + * + * module setup + * + *************/ + +int sh_utmp_set_login_solo (const char * c) +{ + int retval; + char tmp[32]; + + SL_ENTER(_("sh_utmp_set_login_solo")); + tmp[0] = '='; tmp[1] = '\0'; + (void) sl_strlcat (tmp, c, 32); + SH_MUTEX_LOCK(mutex_thread_nolog); + retval = sh_error_set_level (tmp, &ShUtmpLoginSolo); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SL_RETURN(retval, _("sh_utmp_set_login_solo")); +} + +int sh_utmp_set_login_multi (const char * c) +{ + int retval; + char tmp[32]; + + SL_ENTER(_("sh_utmp_set_login_multi")); + tmp[0] = '='; tmp[1] = '\0'; + (void) sl_strlcat (tmp, c, 32); + SH_MUTEX_LOCK(mutex_thread_nolog); + retval = sh_error_set_level (tmp, &ShUtmpLoginMulti); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SL_RETURN(retval, _("sh_utmp_set_login_multi")); +} + +int sh_utmp_set_logout_good (const char * c) +{ + int retval; + char tmp[32]; + + SL_ENTER(_("sh_utmp_set_logout_good")); + tmp[0] = '='; tmp[1] = '\0'; + (void) sl_strlcat (tmp, c, 32); + SH_MUTEX_LOCK(mutex_thread_nolog); + retval = sh_error_set_level (tmp, &ShUtmpLogout); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SL_RETURN(retval, _("sh_utmp_set_logout_good")); +} + +int sh_utmp_set_login_timer (const char * c) +{ + long val; + + SL_ENTER(_("sh_utmp_set_login_timer")); + val = strtol (c, (char **)NULL, 10); + if (val <= 0) + { + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, + _("utmp timer"), c); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SL_RETURN((-1), _("sh_utmp_set_login_timer")); + } + + ShUtmpInterval = (time_t) val; + SL_RETURN(0, _("sh_utmp_set_login_timer")); +} + +int sh_utmp_set_login_activate (const char * c) +{ + int i; + SL_ENTER(_("sh_utmp_set_login_activate")); + i = sh_util_flagval(c, &ShUtmpActive); + SL_RETURN(i, _("sh_utmp_set_login_activate")); +} + +#ifdef HAVE_UTTYPE +struct login_ct { + char name[UT_NAMESIZE+1]; + int nlogin; + struct login_ct * next; +}; + +static struct login_ct * login_ct_list = NULL; + +static int sh_utmp_login_clean(void) +{ + struct login_ct * list = login_ct_list; + struct login_ct * old; + + login_ct_list = NULL; + + while (list) + { + old = list; + list = list->next; + SH_FREE(old); + } + return 0; +} + +/* add a username to the list of logged-in users + */ +static int sh_utmp_login_a(char * str) +{ + struct login_ct * list = login_ct_list; + + while (list) + { + if (0 == sl_strcmp(list->name, str)) + { + ++(list->nlogin); + return list->nlogin; + } + list = list->next; + } + list = SH_ALLOC(sizeof(struct login_ct)); + (void) sl_strlcpy(list->name, str, UT_NAMESIZE+1); + list->nlogin = 1; + list->next = login_ct_list; + login_ct_list = list; + return 1; +} + +static int sh_utmp_login_r(char * str) +{ + struct login_ct * list = login_ct_list; + struct login_ct * old = login_ct_list; + + while (list) + { + if (0 == sl_strcmp(list->name, str)) + { + list->nlogin -= 1; + if (list->nlogin > 0) + { + return list->nlogin; + } + if (login_ct_list == list) /* modified Apr 4, 2004 */ + { + login_ct_list = list->next; + SH_FREE(list); + } + else + { + old->next = list->next; + SH_FREE(list); + } + return 0; + } + old = list; + list = list->next; + } + return 0; +} + +#endif + + +/* for each login: + * - allocate a log record + * - link device.ut_record -> log_record + * - link user.ut_record -> log_record + */ +#ifdef HAVE_UTTYPE +static int sh_utmp_is_virtual (char * in_utline, char * in_uthost) +{ + if (in_utline != NULL) + { + if (0 == sl_strncmp(in_utline, _("ttyp"), 4)) + { return 0; } + else if (0 == sl_strncmp(in_utline, _("ttyq"), 4)) + { return 0; } + } + if (in_uthost != NULL && + in_uthost[0] == ':' && + in_uthost[1] == '0' && + in_uthost[2] == '\0') + { + /* return 0; */ + return 1; /* actually does not seem portable, not even among linuxes */ + } + return 1; +} +#endif + +/* These variables are not used anywhere. They only exist + * to assign &userold, &user to them, which keeps gcc from + * putting them into a register, and avoids the 'clobbered + * by longjmp' warning. And no, 'volatile' proved insufficient. + */ +static void * sh_dummy_userold = NULL; +static void * sh_dummy_user = NULL; + + +static void sh_utmp_addlogin (struct SH_UTMP_S * ut) +{ + struct log_user * user = userlist; + struct log_user * userold = userlist; +#ifdef HAVE_UTTYPE + struct log_user * username = userlist; +#endif + + char ttt[TIM_MAX]; +#ifdef HAVE_UTTYPE + volatile int status; +#endif + + SL_ENTER(_("sh_utmp_addlogin")); + + /* Take the address to keep gcc from putting them into registers. + * Avoids the 'clobbered by longjmp' warning. + */ + sh_dummy_userold = (void*) &userold; + sh_dummy_user = (void*) &user; + + if (ut->ut_line[0] == '\0') + SL_RET0(_("sh_utmp_addlogin")); + + /* for some stupid reason, AIX repeats the wtmp entry for logouts + * with ssh + */ + if (memcmp (&save_utmp, ut, sizeof(struct SH_UTMP_S)) == 0) + { + memset(&save_utmp, (int) '\0', sizeof(struct SH_UTMP_S)); + SL_RET0(_("sh_utmp_addlogin")); + } + memcpy (&save_utmp, ut, sizeof(struct SH_UTMP_S)); + + + /* ------- find user -------- + */ + while (user != NULL) + { + if (0 == sl_strncmp((char*)(user->ut_tty), ut->ut_line, UT_LINESIZE) ) + break; + userold = user; + user = user->next; + } + +#ifdef HAVE_UTTYPE + while (username != NULL) + { + if (0 == sl_strncmp(username->name, ut->ut_name, UT_NAMESIZE) ) + break; + username = username->next; + } +#endif + +#ifdef HAVE_UTTYPE + /* ---------- LOGIN -------------- */ + if (ut->ut_type == USER_PROCESS) + { + if (user == NULL) + { + user = SH_ALLOC(sizeof(struct log_user)); + user->next = userlist; + userlist = (struct log_user *) user; + } + (void) sl_strlcpy((char*)(user->ut_tty), ut->ut_line, UT_LINESIZE+1); + (void) sl_strlcpy((char*)(user->name), ut->ut_name, UT_NAMESIZE+1); +#ifdef HAVE_UTHOST + (void) sl_strlcpy((char*)(user->ut_host), ut->ut_host, UT_HOSTSIZE+1); +#else + user->ut_host[0] = '\0'; +#endif +#ifdef HAVE_UTADDR + /*@-type@*//* ut_addr does exist !!! */ + (void) sl_strlcpy((char*)(user->ut_ship), + my_inet_ntoa(*(struct in_addr*)&(ut->ut_addr)), 16); + /*@+type@*/ +#endif + user->time = ut->ut_time; + + if (username == NULL /* not yet logged in */ + || 0 == sl_strncmp(ut->ut_line, _("ttyp"), 4) /* in virt. console */ + || 0 == sl_strncmp(ut->ut_line, _("ttyq"), 4) /* in virt. console */ + ) { + status = sh_utmp_login_a((char*)user->name); + SH_MUTEX_LOCK(mutex_thread_nolog); + (void) sh_unix_time (user->time, ttt, TIM_MAX); + sh_error_handle( ShUtmpLoginSolo, FIL__, __LINE__, 0, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + MSG_UT_LG1X, +#elif defined(HAVE_UTHOST) + MSG_UT_LG1A, +#else + MSG_UT_LG1B, +#endif + user->name, + user->ut_tty, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + user->ut_host, + user->ut_ship, +#elif defined(HAVE_UTHOST) + user->ut_host, +#endif + ttt, + status + ); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + } else + if (0 != sh_utmp_is_virtual(ut->ut_line, (char*)user->ut_host)) + { + status = sh_utmp_login_a((char*)user->name); + SH_MUTEX_LOCK(mutex_thread_nolog); + (void) sh_unix_time (user->time, ttt, TIM_MAX); + sh_error_handle( ShUtmpLoginMulti, FIL__, __LINE__, 0, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + MSG_UT_LG2X, +#elif defined(HAVE_UTHOST) + MSG_UT_LG2A, +#else + MSG_UT_LG2B, +#endif + user->name, + user->ut_tty, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + user->ut_host, + user->ut_ship, +#elif defined(HAVE_UTHOST) + user->ut_host, +#endif + ttt, + status + ); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + } + + sh_utmp_login_morechecks(ut); + SL_RET0(_("sh_utmp_addlogin")); + } + + + /* --------- LOGOUT ---------------- */ + else if (ut->ut_name[0] == '\0' + || ut->ut_type == DEAD_PROCESS /* solaris does not clear ut_name */ + ) + { + if (user != NULL) + { + status = sh_utmp_login_r((char*)user->name); + SH_MUTEX_LOCK(mutex_thread_nolog); + (void) sh_unix_time (ut->ut_time, ttt, TIM_MAX); + sh_error_handle( ShUtmpLogout, FIL__, __LINE__, 0, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + MSG_UT_LG3X, +#elif defined(HAVE_UTHOST) + MSG_UT_LG3A, +#else + MSG_UT_LG3B, +#endif + user->name, + user->ut_tty, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + user->ut_host, + user->ut_ship, +#elif defined(HAVE_UTHOST) + user->ut_host, +#endif + ttt, + status + ); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + userold->next = user->next; + if (user == userlist) + userlist = user->next; + sh_utmp_logout_morechecks((struct log_user *)user); + SH_FREE((struct log_user *)user); + user = NULL; + } + else + { + (void) sl_strlcpy(terminated_line, ut->ut_line, UT_HOSTSIZE); + SH_MUTEX_LOCK(mutex_thread_nolog); + (void) sh_unix_time (ut->ut_time, ttt, TIM_MAX); + sh_error_handle( ShUtmpLogout, FIL__, __LINE__, 0, + MSG_UT_LG3C, + terminated_line, + ttt, 0 + ); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + } + SL_RET0(_("sh_utmp_addlogin")); + } + + /* default */ + SL_RET0(_("sh_utmp_addlogin")); + + /* #ifdef HAVE_UTTYPE */ +#else + + if (user == NULL) /* probably a login */ + { + user = SH_ALLOC(sizeof(struct log_user)); + sl_strlcpy(user->ut_tty, ut->ut_line, UT_LINESIZE+1); + sl_strlcpy(user->name, ut->ut_name, UT_NAMESIZE+1); +#ifdef HAVE_UTHOST + sl_strlcpy(user->ut_host, ut->ut_host, UT_HOSTSIZE+1); +#endif +#ifdef HAVE_UTADDR + sl_strlcpy(user->ut_ship,my_inet_ntoa((struct in_addr)ut->ut_addr),16); +#endif + user->time = ut->ut_time; + user->next = userlist; + userlist = user; + + SH_MUTEX_LOCK(mutex_thread_nolog); + (void) sh_unix_time (user->time, ttt, TIM_MAX); + sh_error_handle( ShUtmpLoginSolo, FIL__, __LINE__, 0, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + MSG_UT_LG1X, +#elif defined(HAVE_UTHOST) + MSG_UT_LG1A, +#else + MSG_UT_LG1B, +#endif + user->name, + user->ut_tty, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + user->ut_host, + user->ut_ship, +#elif defined(HAVE_UTHOST) + user->ut_host, +#endif + ttt, + 1 + ); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + sh_utmp_login_morechecks(ut); + } + else /* probably a logout */ + { + SH_MUTEX_LOCK(mutex_thread_nolog); + (void) sh_unix_time (ut->ut_time, ttt, TIM_MAX); + sh_error_handle( ShUtmpLogout, FIL__, __LINE__, 0, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + MSG_UT_LG2X, +#elif defined(HAVE_UTHOST) + MSG_UT_LG2A, +#else + MSG_UT_LG2B, +#endif + user->name, + user->ut_tty, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + user->ut_host, + user->ut_ship, +#elif defined(HAVE_UTHOST) + user->ut_host, +#endif + ttt, + 1 + ); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + sh_utmp_logout_morechecks(user); + userold->next = user->next; + if (user == userlist) /* inserted Apr 4, 2004 */ + userlist = user->next; + SH_FREE(user); + user = NULL; + } + + SL_RET0(_("sh_utmp_addlogin")); +#endif +} + +static time_t lastmod = 0; +static off_t lastsize = 0; +static unsigned long lastread = 0; + +static char * mode_path[] = { _PATH_WTMP, _PATH_WTMP, _PATH_UTMP }; + +static void sh_utmp_check_internal (int mode) +{ + struct stat buf; + int error; + struct SH_UTMP_S * ut; + unsigned long this_read; + int val_retry; + + SL_ENTER(_("sh_utmp_check_internal")); + + /* error if no access + */ + do { + val_retry = /*@-unrecog@*/lstat ( mode_path[mode], &buf)/*@+unrecog@*/; + } while (val_retry < 0 && errno == EINTR); + + if (0 != val_retry) + { + error = errno; + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle((-1), FIL__, __LINE__, error, MSG_E_ACCESS, + (long) sh.real.uid, mode_path[mode]); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SL_RET0(_("sh_utmp_check_internal")); + } + + /* modification time + */ + if (mode < 2) + { + if (/*@-usedef@*/buf.st_mtime <= lastmod/*@+usedef@*/) + { + SL_RET0(_("sh_utmp_check_internal")); + } + else + lastmod = buf.st_mtime; + } + + /* file size + */ + if (/*@-usedef@*/buf.st_size < lastsize/*@+usedef@*/ && mode < 2) + { + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_UT_ROT, + mode_path[mode]); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + lastread = 0; +#ifndef USE_SETUTENT + sh_utmp_feed_forward = 0L; +#endif + } + + if (mode < 2) + lastsize = buf.st_size; + + if (buf.st_size == 0) + SL_RET0(_("sh_utmp_check_internal")); + + sh_utmp_utmpname(mode_path[mode]); + sh_utmp_setutent(); + + /* + * feed forward if initializing + * we need to do this here + */ + this_read = 0; + + if (mode < 2) + { + while (this_read < lastread) { + ut = sh_utmp_getutent(); + ++this_read; + } + } + + /* start reading + */ + this_read = 0; + while (1 == 1) { + ut = sh_utmp_getutent(); + if (ut == NULL) + break; + /* modified: ut_user --> ut_name */ + if (mode == 1 || (mode == 2 && ut->ut_name[0] != '\0' +#ifdef HAVE_UTTYPE + && ut->ut_type != DEAD_PROCESS +#endif + )) + sh_utmp_addlogin (ut); + ++this_read; + } + + sh_utmp_endutent(); + + if (mode < 2) + { + lastread += this_read; +#ifndef USE_SETUTENT + sh_utmp_feed_forward += (long) (this_read * sizeof(struct SH_UTMP_S)); + lastread = 0; +#endif + } + + SL_RET0(_("sh_utmp_check_internal")); +} + + +static void sh_utmp_login_morechecks(struct SH_UTMP_S * ut) +{ + if (ut) + return; + return; +} + +static void sh_utmp_logout_morechecks(struct log_user * user) +{ + if (user) + return; + return; +} + +#endif + + +/* #ifdef SH_USE_UTMP */ +#endif + + + Index: /tags/2.5.0/src/slib.c =================================================================== --- /tags/2.5.0/src/slib.c (revision 189) +++ /tags/2.5.0/src/slib.c (revision 189) @@ -0,0 +1,2803 @@ +#include "config_xor.h" + + +#include +#include +#include +#include +#include +#ifdef HAVE_STDINT_H +/* for SIZE_MAX */ +#include +#endif + +#include +#include +#include +#include +#include + +#if TIME_WITH_SYS_TIME +#include +#include +#else +#if HAVE_SYS_TIME_H +#include +#else +#include +#endif +#endif + +#ifdef HAVE_MEMORY_H +#include +#endif +#ifdef HAVE_SYS_SELECT_H +#include +#endif + +#ifndef FD_SET +#define NFDBITS 32 +#define FD_SET(n, p) ((p)->fds_bits[(n)/NFDBITS] |= (1 << ((n) % NFDBITS))) +#define FD_CLR(n, p) ((p)->fds_bits[(n)/NFDBITS] &= ~(1 << ((n) % NFDBITS))) +#define FD_ISSET(n, p) ((p)->fds_bits[(n)/NFDBITS] & (1 << ((n) % NFDBITS))) +#endif /* !FD_SET */ +#ifndef FD_SETSIZE +#define FD_SETSIZE 32 +#endif +#ifndef FD_ZERO +#define FD_ZERO(p) memset((char *)(p), '\0', sizeof(*(p))) +#endif + +#define SH_REAL_SET + +#include "slib.h" +#include "sh_calls.h" +#define SH_NEED_PWD_GRP 1 +#include "sh_static.h" +#include "sh_pthread.h" +#include "sh_string.h" + +#undef FIL__ +#define FIL__ _("slib.c") + +const uid_t sh_uid_neg = ((uid_t) -1); +const gid_t sh_gid_neg = ((gid_t) -1); + +#undef BREAKEXIT +#if defined(SCREW_IT_UP) && defined(__linux__) && defined(__i386__) + +#ifdef SH_DEBUG +#define BREAKEXIT(expr) \ + do { \ + int ixi; \ + for (ixi = 0; ixi < 8; ++ixi) { \ + if ((*(volatile unsigned *)((unsigned) expr + ixi) & 0xff) == 0xcc) \ + { dlog(0, FIL__, __LINE__, _("BREAKEXIT")); _exit(EXIT_FAILURE); } \ + } \ + } \ + while (1 == 0) +#else +#define BREAKEXIT(expr) \ + do { \ + int ixi; \ + for (ixi = 0; ixi < 8; ++ixi) { \ + if ((*(volatile unsigned *)((unsigned) expr + ixi) & 0xff) == 0xcc) \ + _exit(EXIT_FAILURE); \ + } \ + } \ + while (1 == 0) +#endif + +#else +#define BREAKEXIT(expr) +#endif + +/**************************************************************** + * + * The debug/trace subsystem + * + ****************************************************************/ + +int slib_do_trace = 0; +int slib_trace_fd = -1; + +static char trace_log[256] = { '\0' }; +static int trace_level = 0; +static FILE * trace_fp = NULL; + +int sl_trace_use (const char * dummy) +{ + (void) dummy; + slib_do_trace = 1; + return 0; +} + +int sl_trace_file (const char * str) +{ + if (!str) + return -1; + if (str[0] != '/') + return -1; + sl_strlcpy(trace_log, str, 256); + return 0; +} + +FILE * sl_tracefile_open(const char * file, const char * mode) +{ + FILE * xp = NULL; + slib_trace_fd = open(file, O_WRONLY|O_CREAT|O_APPEND, 0600); + if (slib_trace_fd >= 0) + xp = fdopen(slib_trace_fd, mode); + return xp; +} + +void sl_trace_in(const char * str, const char * file, int line) +{ + int i; + if (trace_log[0] == '\0') + { + fprintf(stderr, "++ "); + for (i = 0; i < trace_level; ++i) + fprintf(stderr, ". "); + fprintf(stderr, "[%2d] %s \t - File %c%s%c at line %d\n", + trace_level, str, 0x22, file, 0x22, line); + } + else if (!sl_is_suid()) + { + if (!trace_fp) + trace_fp = sl_tracefile_open(trace_log, "a"); + if (trace_fp) + { + fprintf(trace_fp, "++ "); + for (i = 0; i < trace_level; ++i) + fprintf(trace_fp, ". "); + fprintf(trace_fp, "[%2d] %s \t - File %c%s%c at line %d\n", + trace_level, str, 0x22, file, 0x22, line); + fflush(trace_fp); + } + else + { + perror(_("sl_trace_in: fopen")); + _exit(1); + } + } + ++trace_level; +} + +void sl_trace_out(const char * str, const char * file, int line) +{ + int i; + + --trace_level; if (trace_level < 0) trace_level = 0; + + if (trace_log[0] == '\0') + { + fprintf(stderr, "-- "); + for (i = 0; i < trace_level; ++i) + fprintf(stderr, ". "); + fprintf(stderr, _("[%2d] %s \t - File %c%s%c at line %d\n"), + trace_level, str, 0x22, file, 0x22, line); + } + else if (!sl_is_suid()) + { + if (!trace_fp) + trace_fp = sl_tracefile_open(trace_log, "a"); + if (trace_fp) + { + fprintf(trace_fp, "-- "); + for (i = 0; i < trace_level; ++i) + fprintf(trace_fp, ". "); + fprintf(trace_fp, _("[%2d] %s \t - File %c%s%c at line %d\n"), + trace_level, str, 0x22, file, 0x22, line); + fflush(trace_fp); + } + else + { + perror(_("sl_trace_out: fopen")); + _exit(1); + } + } +} + +extern int sh_log_console (const char * msg); + +static int dlogActive = 0; + +/* this is called from sh_error_setprint() + */ +void dlog_set_active(int flag) +{ + dlogActive = flag; +} + +/* flag = 0 debug messages + * = 1 descriptive error messages + * = 3 backtrace + */ +int dlog (int flag, const char * file, int line, const char *fmt, ...) +{ + va_list ap; + char val[81]; + char msg[512]; + char tmp[512]; + int retval = 0; + int i; + +#ifdef SH_STEALTH + /* + * do not even print descriptive failure messages in stealth mode + */ + if (dlogActive == 0) + return 0; + if (dlogActive == 1 && flag == 0) /* debug requires debug level */ + return 0; +#else + if (dlogActive <= 1 && flag == 0) /* debug requires debug level */ + return 0; +#endif + + if (flag == 1) + { + sl_snprintf (val, 81, _("\n--------- %10s "), file); + sl_strlcpy (msg, val, 80); + sl_snprintf (val, 81, _(" --- %6d ---------\n"), line); + sl_strlcat (msg, val, 80); + sh_log_console (msg); + } + + va_start (ap, fmt); + if (flag == 1) + sl_strlcpy(tmp, fmt, 512); + else + sl_strlcpy(tmp, fmt, 256); + retval = sl_strlen(tmp); + if (retval > 0 && tmp[retval-1] == '\n') + tmp[retval-1] = '\0'; + retval = 0; + if (flag == 1) + { + sl_vsnprintf (msg, 511, tmp, ap); + } + else + { + sl_strlcpy (msg, "## ", 256); + for (i = 0; i < trace_level; ++i) + sl_strlcat (msg, ". ", 256); + sprintf (val, _("[%2d] "), trace_level); + sl_strlcat (msg, val, 256); + sl_vsnprintf (&msg[sl_strlen(msg)], 255, tmp, ap); + sl_snprintf (tmp, 255, _(" \t - File %c%s%c at line %d"), + 0x22, file, 0x22, line); + sl_strlcat (msg, tmp, 512); + } + va_end (ap); + if (flag != 0 || sl_is_suid()) + retval = sh_log_console (msg); + else + { + if (trace_log[0] == '\0') + { + /* sh_log_console (msg); */ + fprintf(stderr, "%s\n", msg); + } + else + { + if (!trace_fp) + trace_fp = sl_tracefile_open(trace_log, "a"); + if (trace_fp) + { + fprintf(trace_fp, "%s\n", msg); + } + else + { + perror(_("dlog: fopen")); + _exit(1); + } + } + } + if (flag == 1) + sh_log_console (_("\n----------------------------------------------\n")); + return retval; +} + +extern char aud_err_message[64]; +static char alt_err_message[64]; +char * sl_get_errmsg() +{ + if (aud_err_message[0] == '\0') + { + sl_strlcpy(alt_err_message, sl_error_string(sl_errno), 64); + return &alt_err_message[0]; + } + return &aud_err_message[0]; +} + + +#if defined(SL_DEBUG) +#define SL_MAX_MYSTACK 128 + +static char sl_mystack[SL_MAX_MYSTACK][32]; +static int sl_mystack_count = 0; + +void sl_stack_push(char * c, char * file, int line ) +{ + if (slib_do_trace) + sl_trace_in(c, file, line); + if (c && sl_mystack_count < SL_MAX_MYSTACK) + { + strncpy(sl_mystack[sl_mystack_count], c, 31); + sl_mystack[sl_mystack_count][31] = '\0'; + ++sl_mystack_count; + /* + fprintf(stderr, "#%03d %s\n", sl_mystack_count, + sl_mystack[sl_mystack_count-1]); + */ + } + return; +} + +void sl_stack_pop(char * c, char * file, int line) +{ + if (slib_do_trace) + sl_trace_out(c, file, line); + if (sl_mystack_count > 0) + { + /* + fprintf(stderr, " <- #%03d %s\n", sl_mystack_count, + sl_mystack[sl_mystack_count-1]); + */ + --sl_mystack_count; + } + return; +} + +void sl_stack_print() +{ + int i; + /* FILE * dfile; */ + + if (sl_mystack_count > 0) + { + sh_log_console(_("\nBacktrace:\n")); + /* dlog(3, FIL__, __LINE__, _("\nBacktrace:\n")); */ + for (i = 0; i < sl_mystack_count; ++i) + sh_log_console(sl_mystack[i]); + /* dlog(3, FIL__, __LINE__, _("#%03d %s\n"), i, sl_mystack[i]); */ + } + return; +} + +#endif + + +/* + * The global errno. + * On error, this is set to the return value of the function. + */ +long int sl_errno; + + +/* ---------------------------------------------------------------- + * + * Capability routines + * + * ---------------------------------------------------------------- */ + +int sl_useCaps = 0; + +#ifdef FANCY_LIBCAP +#include + +/* + * While these routines are tested and work, we don't use POSIX + * capabilities, as they don't seem to be useful (root can write + * to root-owned files anyway). Things would be more interesting + * if we could switch to a non-root UID with just a few capabilities + * enabled. + */ +int sl_drop_cap () +{ + int error; + cap_t caps; + cap_flag_t capflag; + cap_flag_value_t capfval = CAP_CLEAR; + cap_value_t capvals_e[] = + { + CAP_CHOWN, CAP_FOWNER, CAP_FSETID, + CAP_LINUX_IMMUTABLE, CAP_MKNOD, CAP_NET_ADMIN, + CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW, + CAP_SYS_ADMIN, CAP_SYS_BOOT, CAP_SYS_CHROOT, + CAP_SYS_PACCT, CAP_SYS_PTRACE, CAP_SYS_RAWIO, + CAP_SYS_RESOURCE, CAP_SYS_TIME, CAP_SYS_TTY_CONFIG, + CAP_SETGID, CAP_SETUID, CAP_KILL, + CAP_DAC_OVERRIDE, +#if !defined(WITH_MESSAGE_QUEUE) + CAP_IPC_OWNER, +#endif + CAP_SYS_MODULE, CAP_LEASE + }; + cap_value_t capvals_p[] = + { + CAP_CHOWN, CAP_LEASE, CAP_FSETID, + CAP_LINUX_IMMUTABLE, CAP_MKNOD, CAP_NET_ADMIN, + CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW, + CAP_SYS_ADMIN, CAP_SYS_BOOT, CAP_SYS_CHROOT, + CAP_SYS_PACCT, CAP_SYS_PTRACE, CAP_SYS_RAWIO, + CAP_SYS_RESOURCE, CAP_SYS_TIME, CAP_SYS_TTY_CONFIG, +#if !defined(WITH_EXTERNAL) && !defined(HAVE_UNIX_RANDOM) + CAP_SETGID, CAP_SETUID, CAP_KILL, +#endif +#if !defined(SH_USE_SUIDCHK) + CAP_DAC_OVERRIDE, CAP_FOWNER, +#endif +#if !defined(WITH_MESSAGE_QUEUE) + CAP_IPC_OWNER, +#endif + CAP_SYS_MODULE + }; + + if (0 == sl_useCaps) /* 0 = S_FALSE */ + { + return 0; + } + + if(NULL == (caps = cap_get_proc())) + { + return errno; + } + + capflag = CAP_EFFECTIVE; + if (0 != cap_set_flag(caps, capflag, sizeof(capvals_e)/sizeof(cap_value_t), + capvals_e, capfval)) + { + error = errno; + cap_free(caps); + return error; + } + if (0 != cap_set_proc(caps)) + { + error = errno; + cap_free(caps); + return error; + } + + capflag = CAP_PERMITTED; + if (0 != cap_set_flag(caps, capflag, sizeof(capvals_p)/sizeof(cap_value_t), + capvals_p, capfval)) + { + error = errno; + cap_free(caps); + return error; + } + if (0 != cap_set_proc(caps)) + { + error = errno; + cap_free(caps); + return error; + } + cap_free(caps); + return 0; +} + +int sl_drop_cap_int(int what) +{ +#if defined(SL_DEBUG) + char * captext; +#endif + cap_flag_t capflag = CAP_EFFECTIVE; + cap_flag_value_t capfval = CAP_CLEAR; + cap_value_t capvals_a[] = { CAP_SETGID, CAP_SETUID, CAP_KILL }; + cap_value_t capvals_b[] = { CAP_DAC_OVERRIDE, CAP_FOWNER }; + cap_value_t * capvals; + int nvals; + int error = 0; + cap_t caps = cap_get_proc(); + + if (0 == sl_useCaps) /* 0 = S_FALSE */ + { + return 0; + } + + if (caps == NULL) + { + return errno; + } + + switch (what) { + case 1: + capvals = capvals_a; + nvals = 3; + capfval = CAP_CLEAR; + break; + case 2: + capvals = capvals_a; + nvals = 3; + capfval = CAP_SET; + break; + case 3: + capvals = capvals_b; + nvals = 2; + capfval = CAP_CLEAR; + break; + case 4: + capvals = capvals_b; + nvals = 2; + capfval = CAP_SET; + break; + default: + return (0); + } + + if (0 != cap_set_flag(caps, capflag, nvals, capvals, capfval)) + { + error = errno; + cap_free(caps); + return error; + } + if (0 != cap_set_proc(caps)) + { + error = errno; + cap_free(caps); + return error; + } +#if defined(SL_DEBUG) + captext = cap_to_text(caps, NULL); + TPT(( 0, FIL__, __LINE__, _("msg=\n"), what, captext)); + cap_free(captext); +#endif + cap_free(caps); + return 0; +} + +int sl_drop_cap_sub() { return sl_drop_cap_int(1); } +int sl_get_cap_sub() { return sl_drop_cap_int(2); } +int sl_drop_cap_qdel() { return sl_drop_cap_int(3); } +int sl_get_cap_qdel() { return sl_drop_cap_int(4); } + +#else +int sl_drop_cap () { return 0; } +int sl_drop_cap_sub() { return 0; } +int sl_get_cap_sub() { return 0; } +int sl_drop_cap_qdel() { return 0; } +int sl_get_cap_qdel() { return 0; } +#endif + +/* ---------------------------------------------------------------- + * + * String handling routines + * + * ---------------------------------------------------------------- */ + +/* + * Have memset in a different translation unit (i.e. this) to prevent + * it to get optimized away + */ +void *sl_memset(void *s, int c, size_t n) +{ + return memset(s, c,n); +} + + +#if !defined (VA_COPY) +#if defined (__GNUC__) && defined (__PPC__) && (defined (_CALL_SYSV) || defined (_WIN32)) +#define VA_COPY(ap1, ap2) (*(ap1) = *(ap2)) +#elif defined (VA_COPY_AS_ARRAY) +#define VA_COPY(ap1, ap2) memmove ((ap1), (ap2), sizeof (va_list)) +#else /* va_list is a pointer */ +#define VA_COPY(ap1, ap2) ((ap1) = (ap2)) +#endif +#endif + +#if !defined(HAVE_VSNPRINTF) || defined(HAVE_BROKEN_VSNPRINTF) +static +size_t sl_printf_count (const char * fmt, va_list vl) +{ + size_t length = 1; + int fini = 0; + int islong = 0; + int islonglong = 0; + int islongdouble = 0; + char * string_arg; + + SL_ENTER(_("sl_printf_count")); + + if (fmt == NULL) + SL_IRETURN(SL_ENULL, _("sl_printf_count")); + + while (*fmt) { + + if ( (*fmt) == '%' ) { /* a format specifier */ + + fmt++; /* point to first char after '%' */ + + fini = 0; + islong = 0; + islongdouble = 0; + + while (*fmt && (fini == 0) ) { + + switch (*fmt) { + + case '*': /* field width supplied by an integer */ + length = length + va_arg (vl, int); + ++fmt; + break; + case '1': + case '2': + case '3': + case '4': + case '5': + case '6': + case '7': + case '8': + case '9': + length = length + strtol (fmt, (char**) &fmt, 10); + /* strtol makes FastForward to first invalid char */ + break; + + case 'l': /* 'long' modifier */ + if (islong == 0) + islong = 1; + else + { + islonglong = 1; + islong = 0; + } + ++fmt; + break; + + case 'L': /* 'long double' modifier */ +#ifdef HAVE_LONG_DOUBLE + islongdouble = 1; +#else + islong = 1; +#endif + ++fmt; + break; + + case 'd': + case 'i': + case 'o': + case 'u': + case 'x': + case 'X': + if (islonglong == 1) +#ifdef HAVE_LONG_LONG + (void) va_arg (vl, long long); +#else + (void) va_arg (vl, long); +#endif + else if (islong == 1) + (void) va_arg (vl, long); + else + (void) va_arg (vl, int); + islong = 0; + islonglong = 0; + length = length + 24; + ++fmt; + fini = 1; + break; + + case 'D': + case 'O': + case 'U': + (void) va_arg (vl, long); + length = length + 24; + fmt++; + fini = 1; + break; + + case 'e': + case 'E': + case 'f': + case 'g': +#ifdef HAVE_LONG_DOUBLE + if (islongdouble == 1) { + (void) va_arg (vl, long double); + islongdouble = 0; + length = length + 20; + } + else +#endif + (void) va_arg (vl, double); + length = length + 20; + fini = 1; + ++fmt; + break; + + case 's': + string_arg = va_arg (vl, char *); + if (string_arg != NULL) + length = length + sl_strlen (string_arg); + else + length = length + 16; + fini = 1; + ++fmt; + break; + + case 'c': + (void) va_arg (vl, int); + length = length + 1; + fini = 1; + ++fmt; + break; + + case 'p': + case 'n': + (void) va_arg (vl, void * ); + length = length + 32; + fini = 1; + ++fmt; + break; + + case '%': /* %% will print '%' */ + length = length + 1; + fini = 1; + ++fmt; + break; + + default: + length = length + 1; + ++fmt; + break; + + } /* end switch */ + } + /* end parsing a single format specifier */ + } else { + length = length + 1; + fmt++; + } + } + SL_IRETURN(length, _("sl_printf_count")); +} +#endif /* #ifndef HAVE_VSNPRINTF */ + +/* + * An implementation of vsnprintf. va_start/va_end are in the caller + * function. + * Returns C99 (#bytes that would heve been written) on success. + */ +int sl_vsnprintf(char *str, size_t n, + const char *format, va_list vl ) +{ + int len = 0; +#if !defined(HAVE_VSNPRINTF) || defined(HAVE_BROKEN_VSNPRINTF) + size_t total; + va_list vl2; +#endif + + SL_ENTER(_("sl_vsnprintf")); + if (str == NULL || format == NULL) + SL_IRETURN(0, _("sl_vsnprintf")); + +#if defined(HAVE_VSNPRINTF) && !defined(HAVE_BROKEN_VSNPRINTF) + len = vsnprintf (str, n, format, vl); /* flawfinder: ignore */ + str[n-1] = '\0'; +#else + VA_COPY (vl2, vl); /* save the argument list */ + total = sl_printf_count (format, vl); + len = (int) total; + if (total < n) + { + /* flawfinder: ignore */ + vsprintf (str, format, vl2); /* program has checked that it fits */ + str[n-1] = '\0'; + } + else + { + sl_strlcpy (str, format, n); + va_end(vl2); + SL_IRETURN(len, _("sl_vsnprintf")); + } + va_end(vl2); +#endif + SL_IRETURN(len, _("sl_vsnprintf")); +} + +/* + * An implementation of snprintf. + * Returns SL_ENONE on success. + * ENULL: src || format == NULL + * ERANGE: n out of range + * ETRUNC: truncated (unimplemented) + */ +int sl_snprintf(char *str, size_t n, + const char *format, ... ) +{ + va_list vl; +#if !defined(HAVE_VSNPRINTF) || defined(HAVE_BROKEN_VSNPRINTF) + size_t total = 0; + va_list vl2; +#endif + + SL_ENTER(_("sl_snprintf")); + if (str == NULL || format == NULL) + SL_IRETURN(SL_ENULL, _("sl_snprintf")); + + va_start (vl, format); +#if defined(HAVE_VSNPRINTF) && !defined(HAVE_BROKEN_VSNPRINTF) + /* flawfinder: ignore */ + vsnprintf (str, n, format, vl); + str[n-1] = '\0'; +#else + VA_COPY (vl2, vl); /* save the argument list */ + total = sl_printf_count (format, vl); + if (total < n) + { + /* flawfinder: ignore */ + vsprintf (str, format, vl2); /* program has checked that it fits */ + str[n-1] = '\0'; + } + else + { + sl_strlcpy (str, format, n); + va_end(vl2); + va_end(vl); + SL_IRETURN(SL_ETRUNC, _("sl_snprintf")); + } + va_end(vl2); +#endif + va_end(vl); + SL_IRETURN(SL_ENONE, _("sl_snprintf")); +} + +/* + * Appends src to string dst of size siz (unlike strncat, siz is the + * full size of dst, not space left). At most siz-1 characters + * will be copied. Always NUL terminates (unless siz == 0). + * Returns SL_NONE on success, errcode on failure. + * + * ENULL: dst == NULL + * ERANGE: siz out of range + * ETRUNC: src truncated + */ +int sl_strlcat(char * dst, /*@null@*/const char *src, size_t siz) +{ + register size_t dst_end; + register size_t dst_free; + + register char * p; + register const char * q; + + if (!(dst == NULL || src == NULL || *src == '\0')) + { + if (siz > 0) + { + + /* How much free space do we have ? + */ + dst_end = strlen(dst); + dst_free = siz - dst_end - 1; + + p = &dst[dst_end]; + q = src; + + while (dst_free > 0 && *q != '\0') + { + *p++ = *q++; + --dst_free; + } + + /* NULL terminate dst. + */ + *p = '\0'; + + if (*q == '\0') + return SL_ENONE; + else + return SL_ETRUNC; + } + } + return SL_ENONE; +} + +/* + * An alternative implementation of the OpenBSD strlcpy() function. + * + * Copy src to string dst of size siz. At most siz-1 characters + * will be copied. Always NUL terminates (unless siz == 0). + * Returns SL_NONE on success, errcode on failure. + * + * ENULL: dst == NULL + * ERANGE: siz out of range + * ETRUNC: src truncated + */ +int sl_strlcpy(char * dst, /*@null@*/const char * src, size_t siz) +{ + /* SL_ENTER(_("sl_strlcpy")); */ + + if (!((dst == NULL) || (src == NULL))) + { + if (siz > 0) { + /* copy siz-1 characters + */ + (void) strncpy(dst, src, siz-1); + + /* NULL terminate + */ + dst[siz-1] = '\0'; + } + return SL_ENONE; + } + else if (src == NULL) + { + if (siz > 0) + dst[0] = '\0'; + return SL_ENONE; + } + else + { + return SL_ENULL; + } +} + +/* + * A robust drop-in replacement of strncpy. strlcpy is preferable. + */ +char * sl_strncpy(char *dst, const char *src, size_t size) +{ + +#ifdef SL_FAIL_ON_ERROR + SL_REQUIRE(dst != NULL, _("dst != NULL")); + SL_REQUIRE(src != NULL, _("src != NULL")); + SL_REQUIRE(size > 0, _("size > 0")); +#endif + + if (dst == NULL) + { + sl_errno = SL_ENULL; + return (NULL); + } + if (size < 1) + { + sl_errno = SL_ERANGE; + return (dst); + } + if (!src) + { + sl_errno = SL_ENULL; + dst[0] = '\0'; + } + else if (src[0] == '\0') + dst[0] = '\0'; + else + strncpy(dst, src, size); + + if (sl_strlen(src) >= size) + { + errno = ENOSPC; + dst[size-1] = '\0'; + } + return (dst); +} + +/* + * A robust drop-in replacement of strncat. strlcat is preferable. + */ +char * sl_strncat(char *dst, const char *src, size_t n) +{ +#ifdef SL_FAIL_ON_ERROR + SL_REQUIRE(dst != NULL, _("dst != NULL")); + SL_REQUIRE(src != NULL, _("src != NULL")); + SL_REQUIRE(n > 0, _("n > 0")); +#endif + + if (dst == NULL) + { + sl_errno = SL_ENULL; + return (NULL); + } + if (n < 1) + { + sl_errno = SL_ERANGE; + return (dst); + } + if (!src) + { + sl_errno = SL_ENULL; + return (dst); + } + else if (src[0] == '\0') + dst[0] = '\0'; + else + strncat(dst, src, n); + + return (dst); +} + +#include +int sl_strcasecmp(const char * one, const char * two) +{ +#ifdef SL_FAIL_ON_ERROR + SL_REQUIRE (one != NULL, _("one != NULL")); + SL_REQUIRE (two != NULL, _("two != NULL")); +#endif + + if (one && two) + { + do { + if (*one && *two) + { + if (tolower(*one) == tolower(*two)) + { + ++one; ++two; + } + else if (tolower(*one) < tolower(*two)) + return -1; + else + return 1; + } + else if (*one == '\0' && *two == '\0') + return 0; + else if (*one == '\0') + return -1; + else + return 1; + } while (1 == 1); + } + else if (one == NULL && two != NULL) + return -1; + else if (one != NULL && two == NULL) + return 1; + else + return -7; /* default to not equal */ +} + +int sl_strcmp(const char * a, const char * b) +{ +#ifdef SL_FAIL_ON_ERROR + SL_REQUIRE (a != NULL, _("a != NULL")); + SL_REQUIRE (b != NULL, _("b != NULL")); +#endif + + if (a != NULL && b != NULL) + return (strcmp(a, b)); + else if (a == NULL && b != NULL) + return (-1); + else if (a != NULL && b == NULL) + return (1); + else + return (-7); /* default to not equal */ +} + +int sl_strncmp(const char * a, const char * b, size_t n) +{ +#ifdef SL_FAIL_ON_ERROR + SL_REQUIRE (a != NULL, _("a != NULL")); + SL_REQUIRE (b != NULL, _("b != NULL")); + SL_REQUIRE (n > 0, _("n > 0")); +#endif + + if (a != NULL && b != NULL) + return (strncmp(a, b, n)); + else if (a == NULL && b != NULL) + return (-1); + else if (a != NULL && b == NULL) + return (1); + else + return (-7); /* default to not equal */ +} + +/* string searching + */ + +char * sl_strstr (const char * haystack, const char * needle) +{ +#ifndef HAVE_STRSTR + int i; + size_t needle_len; + size_t haystack_len; +#endif + + if (haystack == NULL || needle == NULL) + return NULL; + if (*needle == '\0' || *haystack == '\0') + return NULL; + +#if defined(HAVE_STRSTR) + return (strstr(haystack, needle)); +#else + needle_len = strlen(needle); + haystack_len = strlen(haystack); + + for (i = 0; i <= (haystack_len-needle_len); ++i) + if (0 == sl_strncmp(&haystack[i], needle, needle_len)) + return (needle); + return NULL; +#endif +} + + +/* ---------------------------------------------------------------- + * + * Privilege handling routines + * + * ---------------------------------------------------------------- */ + + + +static uid_t euid; +static uid_t ruid; +static uid_t ruid_orig; +static gid_t egid; +static gid_t rgid; +static gid_t rgid_orig; + +static int uids_are_stored = SL_FALSE; +static int suid_is_set = SL_TRUE; + +#ifdef HAVE_SETRESUID +extern int setresuid (uid_t truid, uid_t teuid, uid_t tsuid); +extern int setresgid (gid_t trgid, gid_t tegid, gid_t tsgid); +#endif + + +/* + * This function returns true if the program is SUID. + * It calls abort() if the uid's are not saved already. + */ +int sl_is_suid() +{ + if (uids_are_stored == SL_FALSE) + { + if (getuid() == geteuid() && getgid() == getegid()) + return (0); /* FALSE */ + else + return (1); /* TRUE */ + } + else + { + if (euid == ruid && egid == rgid) + return (0); /* FALSE */ + else + return (1); /* TRUE */ + } +} + +/* + * This function returns the saved euid. + * It calls abort() if the uid's are not saved already. + */ +int sl_get_euid(uid_t * ret) +{ + SL_ENTER(_("sl_get_euid")); + /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/ + if (uids_are_stored == SL_TRUE) + *ret = euid; + else + *ret = geteuid(); + SL_IRETURN (SL_ENONE, _("sl_get_euid")); +} + +uid_t sl_ret_euid() +{ + /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/ + if (uids_are_stored == SL_TRUE) + return (euid); + else + return (geteuid()); +} + +/* + * This function returns the saved egid. + * It calls abort() if the uid's are not saved already. + */ +int sl_get_egid(gid_t * ret) +{ + SL_ENTER(_("sl_get_egid")); + /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/ + if (uids_are_stored == SL_TRUE) + *ret = egid; + else + *ret = getegid(); + SL_IRETURN (SL_ENONE, _("sl_get_egid")); +} + +/* + * This function returns the saved ruid. + * It calls abort() if the uid's are not saved already. + */ +int sl_get_ruid(uid_t * ret) +{ + SL_ENTER(_("sl_get_ruid")); + /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/ + if (uids_are_stored == SL_TRUE) + *ret = ruid; + else + *ret = getuid(); + SL_IRETURN (SL_ENONE, _("sl_get_ruid")); +} + +/* + * This function returns the saved rgid. + * It calls abort() if the uid's are not saved already. + */ +int sl_get_rgid(gid_t * ret) +{ + SL_ENTER(_("sl_get_rgid")); + /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/ + if (uids_are_stored == SL_TRUE) + *ret = rgid; + else + *ret = getgid(); + SL_IRETURN (SL_ENONE, _("sl_get_rgid")); +} + +/* + * This function returns the saved original ruid. + * It calls abort() if the uid's are not saved already. + */ +int sl_get_ruid_orig(uid_t * ret) +{ + SL_ENTER(_("sl_get_ruid_orig")); + /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/ + if (uids_are_stored == SL_TRUE) + *ret = ruid_orig; + else + *ret = getuid(); + SL_IRETURN (SL_ENONE, _("sl_get_ruid_orig")); +} + +/* + * This function returns the saved original rgid. + * It calls abort() if the uid's are not saved already. + */ +int sl_get_rgid_orig(gid_t * ret) +{ + SL_ENTER(_("sl_get_rgid_orig")); + /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/ + if (uids_are_stored == SL_TRUE) + *ret = rgid_orig; + else + *ret = getgid(); + SL_IRETURN (SL_ENONE, _("sl_get_rgid_orig")); +} + +static int suid_warn_flag = 1; +static void suid_warn(int a) +{ + fprintf(stderr, _("ERROR: open set/unset suid !!! %d\n"), a); + return; +} + +/* + * This function sets the effective uid + * to the saved effective uid. + * It will abort on failure. + */ +int sl_set_suid () +{ + int retval; + + SL_ENTER(_("sl_set_suid")); + + if (uids_are_stored == SL_FALSE) + { + SL_IRETURN(SL_ENONE, _("sl_set_suid")); + } + + SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE")); + + if (ruid == euid && rgid == egid) + { + suid_is_set = SL_TRUE; + SL_IRETURN(SL_ENONE, _("sl_set_suid")); + } + SL_REQUIRE(suid_is_set == SL_FALSE, _("suid_is_set == SL_FALSE")); + +#if defined(HAVE_SETRESUID) + retval = setresuid (sh_uid_neg, euid, sh_uid_neg); + if (retval == 0) + retval = setresgid (sh_gid_neg, egid, sh_gid_neg); + +#elif defined(HAVE_SETEUID) + retval = seteuid (egid); + if (retval == 0) + retval = setegid (euid); + + /* on AIX, setreuid does not behave well for non-root users. + */ +#elif defined(HAVE_SETREUID) + retval = setreuid (ruid, euid); + if (retval == 0) + retval = setregid (rgid, egid); + +#else + retval = setuid (euid); + if (retval == 0) + retval = setgid (egid); +#endif + if (suid_warn_flag == 1) + suid_warn(1); + suid_warn_flag = 1; + + SL_REQUIRE(retval == 0, _("retval == 0")); + suid_is_set = SL_TRUE; + SL_IRETURN(SL_ENONE, _("sl_set_suid")); +} + +/* + * This function sets the effective uid to the real uid. + * It will abort on failure. + */ +int sl_unset_suid () +{ + register int retval; + + SL_ENTER(_("sl_unset_suid")); + + if (uids_are_stored == SL_FALSE) + { + SL_IRETURN(SL_ENONE, _("sl_unset_suid")); + } + + SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE")); + + if (ruid == euid && rgid == egid) + { + suid_is_set = SL_FALSE; + SL_IRETURN(SL_ENONE, _("sl_unset_suid")); + } + SL_REQUIRE(suid_is_set == SL_TRUE, _("suid_is_set == SL_TRUE")); + +#if defined(HAVE_SETRESUID) + retval = setresgid (sh_gid_neg, rgid, sh_gid_neg); + if (retval == 0) + retval = setresuid (sh_uid_neg, ruid, sh_uid_neg); + +#elif defined(HAVE_SETEUID) + retval = setegid (rgid); + if (retval == 0) + retval = seteuid (ruid); + +#elif defined(HAVE_SETREUID) + retval = setregid (egid, rgid); + if (retval == 0) + retval = setreuid (euid, ruid); + +#else + retval = setgid (rgid); + if (retval == 0) + retval = setuid (ruid); +#endif + + if (suid_warn_flag == 0) + suid_warn(0); + suid_warn_flag = 0; + + SL_REQUIRE(retval == 0, _("retval == 0")); + suid_is_set = SL_FALSE; + SL_IRETURN(SL_ENONE, _("sl_unset_suid")); +} + + +/* + * This function saves the uid's. + */ +int sl_save_uids() +{ + SL_ENTER(_("sl_save_uids")); + if (uids_are_stored == SL_TRUE) + SL_IRETURN(SL_EREPEAT, _("sl_save_uids")); + + ruid_orig = getuid(); + rgid_orig = getgid(); + egid = getegid(); + euid = geteuid(); + ruid = ruid_orig; + rgid = rgid_orig; + uids_are_stored = SL_TRUE; + + SL_IRETURN(SL_ENONE, _("sl_save_uids")); +} + +/* + * This function drops SUID privileges irrevocably. + * It set the effective uid to the original real uid. + */ +extern int sh_unix_initgroups2 (uid_t in_pid, gid_t in_gid); +int sl_drop_privileges() +{ + SL_ENTER(_("sl_drop_privileges")); + SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE")); + + SL_REQUIRE(setgid(rgid_orig) == 0, _("setgid(rgid_orig) == 0")); + SL_REQUIRE(sh_unix_initgroups2(ruid_orig, rgid_orig) == 0, _("sh_unix_initgroups2(ruid_orig,rgid_orig) == 0")); + SL_REQUIRE(setuid(ruid_orig) == 0, _("setuid(ruid_orig) == 0")); + + /* make sure that setuid(0) fails + */ + SL_REQUIRE(setuid(0) < 0, _("setuid(0) < 0")); + + euid = ruid_orig; + egid = rgid_orig; + ruid = ruid_orig; + rgid = rgid_orig; + + SL_IRETURN(SL_ENONE, _("sl_drop_privileges")); +} + +/* + * Define a policy: Stay root. + * Do nothing if not SUID. + */ +int sl_policy_get_root() +{ + SL_ENTER(_("sl_policy_get_root")); + SL_REQUIRE(uids_are_stored == SL_FALSE, _("uids_are_stored == SL_FALSE")); + + SL_REQUIRE (sl_save_uids() == SL_ENONE, _("sl_save_uids() == SL_ENONE")); + + if (euid != ruid || egid != rgid) + { + SL_REQUIRE(setgid(egid) == 0, _("setgid(egid) == 0")); + SL_REQUIRE(setuid(euid) == 0, _("setuid(euid) == 0")); + SL_REQUIRE(ruid == getuid() && rgid == getgid(), + _("ruid == getuid() && rgid == getgid()")); + ruid = euid; + rgid = egid; + } + suid_is_set = SL_TRUE; + if (euid == 0) + { + SL_REQUIRE(sh_unix_initgroups2(euid, egid) == 0, _("sh_unix_initgroups2(euid,egid) == 0")); + } + SL_IRETURN(SL_ENONE, _("sl_policy_get_root")); +} + +#include + +/* + * Define a policy: Get real (irrevocably). + * This function drops SUID privileges irrevocably. + * Do nothing if not SUID (? not true - drops if root). + */ + +int sl_policy_get_real(char * user) +{ + SL_ENTER(_("sl_policy_get_real")); + SL_REQUIRE(uids_are_stored == SL_FALSE, _("uids_are_stored == SL_FALSE")); + SL_REQUIRE (sl_save_uids() == SL_ENONE, _("sl_save_uids() == SL_ENONE")); + + if (euid == 0 || ruid == 0) + { +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + struct passwd pwd; + char buffer[SH_PWBUF_SIZE]; + struct passwd * tempres; + sh_getpwnam_r(user, &pwd, buffer, sizeof(buffer), &tempres); +#else + struct passwd * tempres = sh_getpwnam(user); +#endif + + SL_REQUIRE (NULL != tempres, _("tempres != NULL")); + + rgid_orig = tempres->pw_gid; + ruid_orig = tempres->pw_uid; + } + else + { + rgid_orig = rgid; + ruid_orig = ruid; + } + + SL_REQUIRE (sl_drop_privileges() == SL_ENONE, + _("sl_drop_privileges() == SL_ENONE")); + + suid_is_set = SL_TRUE; + SL_IRETURN(SL_ENONE, _("sl_policy_get_real")); +} + + +/* + * Define a policy: Get user. + * Drops privileges. + * Do nothing if not SUID. + */ +int sl_policy_get_user(const char * user) +{ + SL_ENTER(_("sl_policy_get_user")); + + SL_REQUIRE(user != NULL, _("user != NULL")); + SL_REQUIRE(uids_are_stored == SL_FALSE, _("uids_are_stored == SL_FALSE")); + SL_REQUIRE (sl_save_uids() == SL_ENONE, _("sl_save_uids() == SL_ENONE")); + + if (euid != ruid || egid != rgid) + { +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + struct passwd pwd; + char buffer[SH_PWBUF_SIZE]; + struct passwd * tempres; + sh_getpwnam_r(user, &pwd, buffer, sizeof(buffer), &tempres); +#else + struct passwd * tempres = sh_getpwnam(user); +#endif + + SL_REQUIRE (NULL != tempres, _("tempres != NULL")); + + SL_REQUIRE (sl_drop_privileges() == SL_ENONE, + _("sl_drop_privileges() == SL_ENONE")); + } + SL_IRETURN(SL_ENONE, _("sl_policy_get_user")); +} + + + +/* ---------------------------------------------------------------- + * + * File access routines + * + * ---------------------------------------------------------------- */ + +#define TOFFSET 0x1234 + +/* this would prevent opening files if the first 16 fds are open :( */ +/* #define MAXFD FOPEN_MAX */ + +#define MAXFD 1024 + +typedef struct openfiles { + SL_TICKET ticket; /* The unique ID. */ + int fd; /* The file descriptor. */ + char * path; /* The file path. */ + sh_string * content; /* The file content */ +} SL_OFILE; + +static SL_OFILE * ofiles[MAXFD]; + +SH_MUTEX_STATIC(mutex_ticket, PTHREAD_MUTEX_INITIALIZER); + +static unsigned int nonce_counter = TOFFSET; + +static +SL_TICKET sl_create_ticket (unsigned int myindex) +{ + unsigned int high; /* index */ + unsigned int low; /* nonce */ + SL_TICKET retval = SL_EINTERNAL; + + SL_ENTER(_("sl_create_ticket")); + + if (myindex >= MAXFD) + goto out_ticket; + + /* mask out the high bit and check that it is not used + * -> verify that it fits into 16 bits as positive + */ + high = (myindex + TOFFSET) & 0x7fff; + + if (high != myindex + TOFFSET) + goto out_ticket; + + SH_MUTEX_LOCK_UNSAFE(mutex_ticket); + + low = nonce_counter & 0xffff; + + /* Overflow -> nonce too big. + */ + if ((low != nonce_counter++) || low == 0) + goto out_ticket; + + /* Wrap around the nonce counter. + * This is a dirty trick. + */ + if (nonce_counter > 0x7fff) + nonce_counter = TOFFSET; + + retval = (SL_TICKET) ((high << 16) | low); + + out_ticket: + ; + + SH_MUTEX_UNLOCK_UNSAFE(mutex_ticket); + SL_RETURN (retval, _("sl_create_ticket")); +} + +static +int sl_read_ticket (SL_TICKET fno) +{ + register unsigned myindex; + register SL_OFILE *of; + + myindex = ((fno >> 16) & 0xffff) - TOFFSET; + if (myindex >= MAXFD) + return (SL_ETICKET); + + if (ofiles[myindex] == NULL) + return (SL_ETICKET); + + if (ofiles[myindex]->ticket != fno) + return (SL_ETICKET); + + if ((of = ofiles[myindex])->fd < 0 || of->fd >= MAXFD ) + return (SL_EINTERNAL); + + if (((of->ticket) & 0xffff) == 0) + return (SL_EINTERNAL); + + return (myindex); +} + +SL_TICKET sl_make_ticket (int fd, const char * filename) +{ + size_t len; + SL_TICKET ticket; + SL_ENTER(_("sl_make_ticket")); + /* Make entry. + */ + if (fd >= MAXFD || fd < 0) + { + SL_IRETURN(SL_TOOMANY, _("sl_make_ticket")); + } + + if (ofiles[fd] != NULL) + { + SL_IRETURN(SL_EINTERNAL, _("sl_make_ticket")); + } + + if ( (ofiles[fd] = (SL_OFILE *) malloc(sizeof(SL_OFILE))) == NULL) + { + SL_IRETURN(SL_EMEM, _("sl_make_ticket")); + } + + len = sl_strlen(filename)+1; + + if ( (ofiles[fd]->path = (char *) malloc(len) ) == NULL) + { + free(ofiles[fd]); + ofiles[fd] = NULL; + SL_IRETURN(SL_EMEM, _("sl_make_ticket")); + } + + /* Get a ticket. + */ + ticket = sl_create_ticket((unsigned int)fd); + + if (SL_ISERROR(ticket)) + { + (void) free (ofiles[fd]->path); + (void) free (ofiles[fd]); + SL_IRETURN(ticket, _("sl_make_ticket")); + } + + sl_strlcpy (ofiles[fd]->path, filename, len); + ofiles[fd]->ticket = ticket; + ofiles[fd]->fd = fd; + ofiles[fd]->content = NULL; + + SL_IRETURN(ticket, _("sl_make_ticket")); +} + +#define SL_OPEN_MIN 113 +#define SL_OPEN_FOR_READ 113 +#define SL_OPEN_FOR_WRITE 114 +#define SL_OPEN_FOR_RDWR 115 +#define SL_OPEN_FOR_WTRUNC 116 +#define SL_OPEN_FOR_RWTRUNC 117 +#define SL_OPEN_SAFE_RDWR 118 +#define SL_OPEN_FOR_FASTREAD 119 +#define SL_OPEN_MAX 119 + +#if !defined(O_NOATIME) +#if defined(__linux__) && (defined(__i386__) || defined(__PPC__)) +#define O_NOATIME 01000000 +#else + /* + * bitwise 'or' with zero does not modify any bit + */ +#define O_NOATIME 0 +#endif +#endif + +static int o_noatime = O_NOATIME; +static mode_t open_mode = (S_IWUSR|S_IRUSR|S_IRGRP); + + +static +int sl_open_file (const char *filename, int mode, int priv) +{ + struct stat lbuf; + struct stat buf; + int lstat_return; + int stat_return; + int fd; + int sflags; + size_t len; + SL_TICKET ticket; + +#if !defined(O_NONBLOCK) +#if defined(O_NDELAY) +#define O_NONBLOCK O_NDELAY +#else +#define O_NONBLOCK 0 +#endif +#endif + + SL_ENTER(_("sl_open_file")); + + if (filename == NULL) + SL_IRETURN(SL_ENULL, _("sl_open_file")); + if (mode < SL_OPEN_MIN || mode > SL_OPEN_MAX) + SL_IRETURN(SL_EINTERNAL, _("sl_open_file")); + + /* "This system call always succeeds and the previous value of + * the mask is returned." + */ + (void) umask (0); + + if (mode == SL_OPEN_FOR_FASTREAD) + { + fd = aud_open_noatime (FIL__, __LINE__, priv, filename, + O_RDONLY|O_NONBLOCK, 0, &o_noatime); + /* + if (fd >= 0) { + sflags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0); + retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags & ~O_NONBLOCK); + } + */ + if (fd < 0) + SL_IRETURN(SL_EBADFILE, _("sl_open_file")); + goto createTicket; + } + +#ifdef USE_SUID + if (priv == SL_YESPRIV) + sl_set_suid(); +#endif + if (mode == SL_OPEN_FOR_READ) + lstat_return = retry_stat (FIL__, __LINE__, filename, &lbuf); + else + lstat_return = retry_lstat(FIL__, __LINE__, filename, &lbuf); +#ifdef USE_SUID + if (priv == SL_YESPRIV) + sl_unset_suid(); +#endif + + if (lstat_return == -1) + { + lstat_return = ENOENT; + if ( (mode == SL_OPEN_FOR_READ && lstat_return == ENOENT) || + (errno != ENOENT)) + { + TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>\n"), + filename, errno)); + SL_IRETURN(SL_EBADFILE, _("sl_open_file")); + } + } + + if ( (mode != SL_OPEN_FOR_READ) && (lstat_return != ENOENT) && + ( S_ISDIR(lbuf.st_mode) || (S_IWOTH & lbuf.st_mode) ) + ) + SL_IRETURN(SL_EBADFILE, _("sl_open_file")); + + + /* O_NOATIME has an effect for read(). But write() ?. + */ + switch (mode) + { + case SL_OPEN_FOR_READ: + fd = aud_open_noatime (FIL__, __LINE__, priv, filename, + O_RDONLY|O_NONBLOCK, 0, &o_noatime); + if (fd >= 0) { + sflags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0); + retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags & ~O_NONBLOCK); + } + break; + case SL_OPEN_FOR_WRITE: + if (lstat_return == ENOENT) + fd = aud_open (FIL__, __LINE__, priv, filename, + O_WRONLY|O_CREAT|O_EXCL, open_mode); + else + fd = aud_open (FIL__, __LINE__, priv, filename, + O_WRONLY, open_mode); + break; + case SL_OPEN_SAFE_RDWR: + if (lstat_return == ENOENT) + fd = aud_open (FIL__, __LINE__, priv, filename, + O_RDWR|O_CREAT|O_EXCL, open_mode); + else + SL_IRETURN(SL_EBADFILE, _("sl_open_file")); + break; + case SL_OPEN_FOR_RDWR: + if (lstat_return == ENOENT) + fd = aud_open (FIL__, __LINE__, priv, filename, + O_RDWR|O_CREAT|O_EXCL, open_mode); + else + fd = aud_open (FIL__, __LINE__, priv, filename, + O_RDWR, open_mode); + break; + case SL_OPEN_FOR_WTRUNC: + if (lstat_return == ENOENT) + fd = aud_open (FIL__, __LINE__, priv, filename, + O_WRONLY|O_CREAT|O_EXCL, open_mode); + else + fd = aud_open (FIL__, __LINE__, priv, filename, + O_WRONLY|O_TRUNC, open_mode); + break; + case SL_OPEN_FOR_RWTRUNC: + if (lstat_return == ENOENT) + fd = aud_open (FIL__, __LINE__, priv, filename, + O_RDWR|O_CREAT|O_EXCL, open_mode); + else + fd = aud_open (FIL__, __LINE__, priv, filename, + O_RDWR|O_TRUNC, open_mode); + break; + default: + SL_IRETURN(SL_EINTERNAL, _("sl_open_file")); + } + + if (fd < 0) + { + TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>\n"), + filename, errno)); + SL_IRETURN(SL_EBADFILE, _("sl_open_file")); + } + +#ifdef USE_SUID + if (priv == SL_YESPRIV) + sl_set_suid(); +#endif + stat_return = retry_fstat(FIL__, __LINE__, fd, &buf); +#ifdef USE_SUID + if (priv == SL_YESPRIV) + sl_unset_suid(); +#endif + + if (stat_return < 0) + { + close (fd); + SL_IRETURN(SL_EBADFILE, _("sl_open_file")); + } + + if (lstat_return != ENOENT && buf.st_ino != lbuf.st_ino) + { + close (fd); + SL_IRETURN(SL_EBOGUS, _("sl_open_file")); + } + + createTicket: + + /* Make entry. + */ + if (fd >= MAXFD) + { + close(fd); + SL_IRETURN(SL_TOOMANY, _("sl_open_file")); + } + + if (ofiles[fd] != NULL) + { + close(fd); + SL_IRETURN(SL_EINTERNAL, _("sl_open_file")); + } + + if ( (ofiles[fd] = (SL_OFILE *) malloc(sizeof(SL_OFILE))) == NULL) + { + close(fd); + SL_IRETURN(SL_EMEM, _("sl_open_file")); + } + + len = sl_strlen(filename)+1; + + if ( (ofiles[fd]->path = (char *) malloc(len) ) == NULL) + { + free(ofiles[fd]); + ofiles[fd] = NULL; + close(fd); + SL_IRETURN(SL_EMEM, _("sl_open_file")); + } + + /* Get a ticket. + */ + ticket = sl_create_ticket(fd); + + if (SL_ISERROR(ticket)) + { + (void) free (ofiles[fd]->path); + (void) free (ofiles[fd]); + close(fd); + SL_IRETURN(ticket, _("sl_open_file")); + } + + sl_strlcpy (ofiles[fd]->path, filename, len); + ofiles[fd]->ticket = ticket; + ofiles[fd]->fd = fd; + ofiles[fd]->content = NULL; + + SL_IRETURN(ticket, _("sl_open_file")); +} + +static +int check_fname_priv (const char * fname, int priv) +{ + SL_ENTER(_("check_fname_priv")); + if (fname == NULL) + SL_IRETURN(SL_ENULL, _("check_fname_priv")); + if (priv != SL_YESPRIV && priv != SL_NOPRIV) + SL_IRETURN(SL_EINTERNAL, _("check_fname_priv")); + SL_IRETURN(SL_ENONE, _("check_fname_priv")); +} + +SL_TICKET sl_open_write (const char * fname, int priv) +{ + long status; + SL_ENTER(_("sl_open_write")); + + if (SL_ENONE != (status = check_fname_priv (fname, priv))) + SL_IRETURN(status, _("sl_open_write")); + + status = sl_open_file(fname, SL_OPEN_FOR_WRITE, priv); + SL_IRETURN(status, _("sl_open_write")); +} + +SL_TICKET sl_open_read (const char * fname, int priv) +{ + long status; + SL_ENTER(_("sl_open_read")); + + if (SL_ENONE != (status = check_fname_priv (fname, priv))) + { + TPT(( 0, FIL__, __LINE__, + _("msg= status=<%ld>\n"), + status)); + SL_IRETURN(status, _("sl_open_read")); + } + + status = sl_open_file(fname, SL_OPEN_FOR_READ, priv); + SL_IRETURN(status, _("sl_open_read")); +} + +SL_TICKET sl_open_fastread (const char * fname, int priv) +{ + long status; + SL_ENTER(_("sl_open_fastread")); + + if (SL_ENONE != (status = check_fname_priv (fname, priv))) + SL_IRETURN(status, _("sl_open_read")); + + status = sl_open_file(fname, SL_OPEN_FOR_FASTREAD, priv); + SL_IRETURN(status, _("sl_open_fastread")); +} + +SL_TICKET sl_open_rdwr (const char * fname, int priv) +{ + long status; + SL_ENTER(_("sl_open_rdwr")); + + if (SL_ENONE != (status = check_fname_priv (fname, priv))) + SL_IRETURN(status, _("sl_open_rdwr")); + + status = sl_open_file(fname, SL_OPEN_FOR_RDWR, priv); + SL_IRETURN(status, _("sl_open_rdwr")); +} + +SL_TICKET sl_open_safe_rdwr (const char * fname, int priv) +{ + long status; + SL_ENTER(_("sl_open_safe_rdwr")); + + if (SL_ENONE != (status = check_fname_priv (fname, priv))) + SL_IRETURN(status, _("sl_open_safe_rdwr")); + + status = sl_open_file(fname, SL_OPEN_SAFE_RDWR, priv); + SL_IRETURN(status, _("sl_open_safe_rdwr")); +} + +SL_TICKET sl_open_write_trunc (const char * fname, int priv) +{ + long status; + SL_ENTER(_("sl_open_write_trunc")); + + if (SL_ENONE != (status = check_fname_priv (fname, priv))) + SL_IRETURN(status, _("sl_open_write_trunc")); + + status = sl_open_file(fname, SL_OPEN_FOR_WTRUNC, priv); + SL_IRETURN(status, _("sl_open_write_trunc")); +} + +SL_TICKET sl_open_rdwr_trunc (const char * fname, int priv) +{ + long status; + SL_ENTER(_("sl_open_rdwr_trunc")); + + if (SL_ENONE != (status = check_fname_priv (fname, priv))) + SL_IRETURN(status, _("sl_open_rdwr_trunc")); + + status = sl_open_file(fname, SL_OPEN_FOR_RWTRUNC, priv); + SL_IRETURN(status, _("sl_open_rdwr_trunc")); +} + + +int get_the_fd (SL_TICKET ticket) +{ + int fd; + + if (SL_ISERROR(fd = sl_read_ticket(ticket))) + return (fd); + + if (ofiles[fd] == NULL || fd != ofiles[fd]->fd || fd < 0) + return (SL_EINTERNAL); + return (fd); +} + +int sl_init_content (SL_TICKET ticket, size_t size) +{ + int fd; + + if (SL_ISERROR(fd = sl_read_ticket(ticket))) + return (fd); + + if (ofiles[fd] == NULL || fd != ofiles[fd]->fd || fd < 0) + return (SL_EINTERNAL); + + if (ofiles[fd]->content) + sh_string_destroy(&(ofiles[fd]->content)); + ofiles[fd]->content = sh_string_new(size); + + return SL_ENONE; +} + +sh_string * sl_get_content (SL_TICKET ticket) +{ + int fd; + + if (SL_ISERROR(fd = sl_read_ticket(ticket))) + return (NULL); + + if (ofiles[fd] == NULL || fd != ofiles[fd]->fd || fd < 0) + return (NULL); + + return (ofiles[fd]->content); +} + +int sl_close (SL_TICKET ticket) +{ + register int fd; + + SL_ENTER(_("sl_close")); + + if (SL_ISERROR(fd = get_the_fd (ticket))) + SL_IRETURN(fd, _("sl_close")); + + /* This may fail, but what to do then ? + */ + if (0 != close(fd) && ofiles[fd] != NULL) + { + TPT((0, FIL__, __LINE__, + _("msg=, path=<%s>, fd=<%d>, err=<%s>\n"), + ofiles[fd]->path, fd, strerror(errno))); + } + + if (ofiles[fd] != NULL) + { + if (ofiles[fd]->content) + sh_string_destroy(&(ofiles[fd]->content)); + (void) free(ofiles[fd]->path); + (void) free(ofiles[fd]); + ofiles[fd] = NULL; + } + + SL_IRETURN(SL_ENONE, _("sl_close")); +} + +int sl_dropall(int fd, int except) +{ + while (fd < MAXFD) + { + if (ofiles[fd] != NULL && fd != except) + { + if (ofiles[fd]->content) + sh_string_destroy(&(ofiles[fd]->content)); + if (ofiles[fd]->path != NULL) + (void) free(ofiles[fd]->path); + (void) free(ofiles[fd]); + ofiles[fd] = NULL; + } + ++fd; + } + return 0; +} + +int sl_dropall_dirty(int fd, int except) +{ + while (fd < MAXFD) + { + if (ofiles[fd] != NULL && fd != except) + { + ofiles[fd] = NULL; + } + ++fd; + } + return 0; +} + + +int sl_unlink (SL_TICKET ticket) +{ + register int fd; + + SL_ENTER(_("sl_unlink")); + + if (SL_ISERROR(fd = get_the_fd(ticket))) + SL_IRETURN(fd, _("sl_unlink")); + + if (retry_aud_unlink(FIL__, __LINE__, ofiles[fd]->path) < 0) + SL_IRETURN(SL_EUNLINK, _("sl_unlink")); + + SL_IRETURN(SL_ENONE, _("sl_unlink")); +} + + +int sl_seek (SL_TICKET ticket, off_t off_data) +{ + register int fd; + + SL_ENTER(_("sl_seek")); + + if (SL_ISERROR(fd = get_the_fd(ticket))) + SL_IRETURN(fd, _("sl_seek")); + + if (lseek(fd, off_data, SEEK_SET) == (off_t)-1) + SL_IRETURN(SL_EREWIND, _("sl_seek")); + + SL_IRETURN(SL_ENONE, _("sl_seek")); +} + +int sl_rewind (SL_TICKET ticket) +{ + register int fd; + + SL_ENTER(_("sl_rewind")); + + if (SL_ISERROR(fd = get_the_fd(ticket))) + SL_IRETURN(fd, _("sl_rewind")); + + if (lseek (fd, 0L, SEEK_SET) == (off_t)-1) + SL_IRETURN(SL_EREWIND, _("sl_rewind")); + + SL_IRETURN(SL_ENONE, _("sl_rewind")); +} + +int sl_forward (SL_TICKET ticket) +{ + register int fd; + + SL_ENTER(_("sl_forward")); + + if (SL_ISERROR(fd = get_the_fd(ticket))) + SL_IRETURN(fd, _("sl_forward")); + + if (lseek (fd, 0L, SEEK_END) == (off_t)-1) + SL_IRETURN(SL_EFORWARD, _("sl_forward")); + + SL_IRETURN(SL_ENONE, _("sl_forward")); +} + + +int sl_sync (SL_TICKET ticket) +{ + register int fd; + + SL_ENTER(_("sl_sync")); + + if (SL_ISERROR(fd = get_the_fd(ticket))) + SL_IRETURN(fd, _("sl_sync")); + + if (fsync (fd) == -1) + SL_IRETURN(SL_ESYNC, _("sl_sync")); + + SL_IRETURN(SL_ENONE, _("sl_sync")); +} + +int sl_read_timeout_prep (SL_TICKET ticket) +{ + int fd; + int sflags; + + SL_ENTER(_("sl_read_timeout_prep")); + + if (SL_ISERROR(fd = get_the_fd(ticket))) + { + TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>"), fd)); + SL_IRETURN(fd, _("sl_read_timeout_prep")); + } + + /* set to non-blocking mode + */ + sflags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0); + retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags | O_NONBLOCK); + + SL_IRETURN(SL_ENONE, _("sl_read_timeout_prep")); +} + + +int sl_read_timeout_fd (int fd, void * buf_in, size_t count, + int timeout, int is_nonblocking) +{ + int sflags = 0; + fd_set readfds; + struct timeval tv; + /* int sflags; */ + int retval; + + int byteread = 0; + int bytes = 0; + char * buf; + + time_t tnow; + time_t tstart; + time_t tdiff; + extern volatile int sig_termfast; + + if (is_nonblocking == SL_FALSE) + { + /* set to non-blocking mode + */ + sflags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0); + retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags | O_NONBLOCK); + } + + buf = (char *) buf_in; + + tstart = time(NULL); + tdiff = 0; + + while (count > 0) + { + FD_ZERO(&readfds); + FD_SET(fd, &readfds); + + tv.tv_sec = timeout - tdiff; + tv.tv_usec = 0; + + retval = select (fd+1, &readfds, NULL, NULL, &tv); + + if (retval > 0) + { + byteread = read (fd, buf, count); + + if (byteread > 0) + { + bytes += byteread; count -= byteread; + buf += byteread; + if (count == 0) + break; + } + else if (byteread == 0) + { + break; + } + else + { + if (errno == EINTR || errno == EAGAIN) + { + retry_msleep(1, 0); + tnow = time(NULL); + tdiff = tnow - tstart; + continue; + } + else + { + if (is_nonblocking == SL_FALSE) + retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags); + TPT(( 0, FIL__, __LINE__, _("msg="))); + return (SL_EREAD); + } + } + } + else if ((retval == -1) && (errno == EINTR || errno == EAGAIN)) + { + retry_msleep(1, 0); + tnow = time(NULL); + tdiff = tnow - tstart; + continue; + } + else if (retval == 0) + { + if (is_nonblocking == SL_FALSE) + retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags); + TPT(( 0, FIL__, __LINE__, _("msg="))); + return (SL_TIMEOUT); + } + else + { + if (is_nonblocking == SL_FALSE) + retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags); + TPT(( 0, FIL__, __LINE__, _("msg="))); + return (SL_EREAD); + } + + if (sig_termfast == 1) + { + if (is_nonblocking == SL_FALSE) + retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags); + TPT(( 0, FIL__, __LINE__, _("msg="))); + return (SL_EREAD); + } + + tnow = time(NULL); + tdiff = tnow - tstart; + + if (tdiff > timeout) + { + if (is_nonblocking == SL_FALSE) + retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags); + TPT(( 0, FIL__, __LINE__, _("msg="))); + return (SL_TIMEOUT); + } + } + + if (is_nonblocking == SL_FALSE) + retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags); + return ((int) bytes); +} + +int sl_read_timeout (SL_TICKET ticket, void * buf_in, size_t count, + int timeout, int is_nonblocking) +{ + int fd, retval; + + SL_ENTER(_("sl_read_timeout")); + + if (buf_in == NULL || SL_ISERROR(fd = get_the_fd(ticket))) + { + if (buf_in == NULL) + { + TPT(( 0, FIL__, __LINE__, _("msg="))); + SL_IRETURN((SL_ENULL), _("sl_read_timeout")); + } + if (SL_ISERROR(fd = get_the_fd(ticket))) + { + TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>"), fd)); + SL_IRETURN((fd), _("sl_read_timeout")); + } + } + + retval = sl_read_timeout_fd (fd, buf_in, count, timeout, is_nonblocking); + SL_IRETURN((retval), _("sl_read_timeout")); +} + + +int sl_read (SL_TICKET ticket, void * buf_in, size_t count) +{ + int fd; + int byteread = 0; + int bytes = 0; + + char * buf; + + SL_ENTER(_("sl_read")); + + if (count < 1) + { + TPT(( 0, FIL__, __LINE__, _("msg="))); + SL_IRETURN((SL_ERANGE), _("sl_read")); + } + if (buf_in == NULL) + { + TPT(( 0, FIL__, __LINE__, _("msg="))); + SL_IRETURN((SL_ENULL), _("sl_read")); + } + + if (SL_ISERROR(fd = get_the_fd(ticket))) + { + TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>"), fd)); + SL_IRETURN((fd), _("sl_read")); + } + + buf = (char *) buf_in; + + do + { + byteread = read (fd, buf, count); + if (byteread > 0) + { + bytes += byteread; count -= byteread; + buf += byteread; + } + } while ( byteread > 0 || + ( byteread == -1 && (errno == EINTR || errno == EAGAIN)) + ); + + + if (byteread == (-1)) + { + TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>\n"), errno)); + SL_IRETURN((SL_EREAD), _("sl_read")); + } + SL_IRETURN((bytes), _("sl_read")); +} + +int sl_read_fast (SL_TICKET ticket, void * buf_in, size_t count) +{ + int fd; + int byteread = 0; + + char * buf; + + SL_ENTER(_("sl_read_fast")); + + if (count < 1) + { + TPT(( 0, FIL__, __LINE__, _("msg="))); + SL_IRETURN((SL_ERANGE), _("sl_read_fast")); + } + if (buf_in == NULL) + { + TPT(( 0, FIL__, __LINE__, _("msg="))); + SL_IRETURN((SL_ENULL), _("sl_read_fast")); + } + + if (SL_ISERROR(fd = get_the_fd(ticket))) + { + TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>"), fd)); + SL_IRETURN((fd), _("sl_read_fast")); + } + + buf = (char *) buf_in; + + do + { + byteread = read (fd, buf, count); + if (byteread >= 0) + { + SL_IRETURN((byteread), _("sl_read_fast")); + } + } while ( byteread == -1 && (errno == EINTR || errno == EAGAIN)); + + + if (byteread == (-1)) + { + TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>\n"), errno)); + SL_IRETURN((SL_EREAD), _("sl_read_fast")); + } + SL_IRETURN((0), _("sl_read_fast")); +} + + +int sl_write (SL_TICKET ticket, const void * msg_in, long nbytes) +{ + long bytewritten; + long bytecount; + int fd; + + const char * msg; + + SL_ENTER(_("sl_write")); + + if (nbytes < 1) + SL_IRETURN(SL_ERANGE, _("sl_write")); + if (msg_in == NULL) + SL_IRETURN(SL_ENULL, _("sl_write")); + if (SL_ISERROR(fd = get_the_fd(ticket))) + SL_IRETURN(fd, _("sl_write")); + + msg = (const char *) msg_in; + + /* write + */ + bytecount = 0; + bytewritten = 0; + while (bytecount < nbytes) + { + if ((bytewritten = write (fd, msg, nbytes-bytecount)) > 0) + { + bytecount += bytewritten; + msg += bytewritten; /* move buffer pointer forward */ + } + else if (bytewritten <= 0) + { + if ( errno == EINTR || errno == EAGAIN) /* try again */ + continue; + else + SL_IRETURN(SL_EWRITE, _("sl_write")); + } + } + SL_IRETURN(SL_ENONE, _("sl_write")); +} + +int sl_write_line (SL_TICKET ticket, const void * msg, long nbytes) +{ + int status; + + SL_ENTER(_("sl_write_line")); + + status = sl_write(ticket, msg, nbytes); + if (!SL_ISERROR(status)) + status = sl_write(ticket, "\n", 1); + + SL_IRETURN(status, _("sl_write_line")); +} + +int sl_write_line_fast (SL_TICKET ticket, void * msg, long nbytes) +{ + int status; + char * p = (char *) msg; + + SL_ENTER(_("sl_write_line_fast")); + + /* Here nbytes is strlen(msg), so p[nbytes] is the terminating '\0' + * Overwrite the terminator, write out, then write back the terminator. + */ + p[nbytes] = '\n'; + status = sl_write(ticket, msg, nbytes+1); + p[nbytes] = '\0'; + + SL_IRETURN(status, _("sl_write_line_fast")); +} + + +/* ---------------------------------------------------------------- + * + * Trustfile interface + * + * ---------------------------------------------------------------- */ + +extern uid_t rootonly[]; +extern int EUIDSLOT; +extern int ORIG_EUIDSLOT; + +extern char tf_path[MAXFILENAME]; /* Error path for trust function. */ +extern uid_t tf_euid; /* Space for EUID of process. */ + +char * sl_error_string(int errorcode) +{ + switch (errorcode) + { + case SL_EBOGUS: + return _("Bogus file. Modified during access."); + case SL_EWRITE: + return _("Write error."); + case SL_EREAD: + return _("Read error."); + case SL_ESYNC: + return _("Error in fsync()."); + case SL_EFORWARD: + return _("Error in lseek()."); + case SL_EREWIND: + return _("Error in lseek()."); + case SL_EUNLINK: + return _("Error in unlink()."); + case SL_EMEM: + return _("Out of memory."); + case SL_EINTERNAL: + return _("Internal error."); + case SL_ETICKET: + return _("Bad ticket."); + case SL_EREPEAT: + return _("Illegal repeated use of function."); + case SL_ERANGE: + return _("Argument out of range."); + case SL_ENULL: + return _("Dereferenced NULL pointer."); + + case SL_EBADUID: + return _("Owner not trustworthy."); + case SL_EBADGID: + return _("Group writeable and member not trustworthy."); + case SL_EBADOTH: + return _("World writeable."); + case SL_EBADFILE: + return _("File access error."); + case SL_EBADNAME: + return _("Invalid filename (prob. too long or null)."); + + case SL_ETRUNC: + return _("Truncation occured."); + case SL_ESTAT: + return _("stat() failed."); + default: + return _("Unknown error."); + } +} + + + +char * sl_trust_errfile(void) +{ + return &tf_path[0]; +} + +extern uid_t tf_baduid; +uid_t sl_trust_baduid(void) +{ + return tf_baduid; +} + +extern gid_t tf_badgid; +gid_t sl_trust_badgid(void) +{ + return tf_badgid; +} + + +static int trust_count = 0; + +int sl_trust_purge_user (void) +{ + int i; + + EUIDSLOT = ORIG_EUIDSLOT; + trust_count = 0; + + for (i = EUIDSLOT; i < (EUIDSLOT + 15); ++i) + rootonly[i] = sh_uid_neg; + return 0; +} + +int sl_trust_add_user (uid_t pwid) +{ + SL_ENTER(_("sl_trust_add_user")); + + if (trust_count == 15) + SL_IRETURN(SL_ERANGE, _("sl_trust_add_user")); + + rootonly[EUIDSLOT] = pwid; + ++EUIDSLOT; + ++trust_count; + + SL_IRETURN(SL_ENONE, _("sl_trust_add_user")); +} + +#include "sh_mem.h" +extern char * sh_util_strdup (const char * str); + +struct sl_trustfile_store { + char * filename; + uid_t teuid; + struct sl_trustfile_store * next; +}; + +static struct sl_trustfile_store * sl_trusted_files = NULL; + +static void sl_add_trusted_file(const char * filename, uid_t teuid) +{ + struct sl_trustfile_store *new = SH_ALLOC(sizeof(struct sl_trustfile_store)); + + new->filename = sh_util_strdup (filename); + new->teuid = teuid; + new->next = sl_trusted_files; + + sl_trusted_files = new; + return; +} + +static const char * sl_check_trusted_file(const char * filename, uid_t teuid) +{ + struct sl_trustfile_store *new = sl_trusted_files; + + while (new) + { + if ((new->teuid == teuid) && (0 == strcmp(new->filename, filename))) + return filename; + new = new->next; + } + + return NULL; +} + +static void sl_clear_trusted_file(struct sl_trustfile_store * file) +{ + if (file) + { + if (file->next != NULL) + sl_clear_trusted_file(file->next); + SH_FREE(file->filename); + SH_FREE(file); + } + return; +} + +int sl_trustfile_euid(const char * filename, uid_t teuid) +{ + long status; + static time_t old = 0; + static time_t now; + + SL_ENTER(_("sl_trustfile_euid")); + + tf_path[0] = '\0'; + if (filename == NULL || filename[0] == '\0') + SL_IRETURN(SL_EBADNAME, _("sl_trustfile_euid")); + + now = time(NULL); + if (now < (old + 300)) + { + if (NULL != sl_check_trusted_file(filename, teuid)) + { + sl_strlcpy(tf_path, filename, sizeof(tf_path)); + SL_IRETURN(SL_ENONE, _("sl_trustfile_euid")); + } + } + else + { + sl_clear_trusted_file(sl_trusted_files); + sl_trusted_files = NULL; + old = now; + } + + tf_euid = teuid; + status = sl_trustfile(filename, NULL, NULL); + if (status == SL_ENONE) + sl_add_trusted_file(filename, teuid); + SL_IRETURN(status, _("sl_trustfile_euid")); +} + +/* ---------------------------------------------------------------- + * + * Overflow tests + * + * ---------------------------------------------------------------- */ + +#ifndef SIZE_MAX +#define SIZE_MAX (4294967295U) +#endif + +int sl_ok_muli (int a, int b) /* a*b */ +{ + if ((b == 0) || (a >= (INT_MIN / b) && a <= (INT_MAX / b))) + return SL_TRUE; /* no overflow */ + return SL_FALSE; +} + +int sl_ok_muls (size_t a, size_t b) /* a*b */ +{ + if ((b == 0) || (a <= (SIZE_MAX / b))) + return SL_TRUE; /* no overflow */ + return SL_FALSE; +} + +int sl_ok_divi (int a, int b) /* a/b */ +{ + (void) a; + if (b != 0) + return SL_TRUE; /* no overflow */ + return SL_FALSE; +} + +int sl_ok_addi (int a, int b) /* a+b */ +{ + if (a >= 0 && b >= 0) + { + if (a <= (INT_MAX - b)) + return SL_TRUE; /* no overflow */ + else + return SL_FALSE; + } + else if (a < 0 && b < 0) + { + if (a >= (INT_MIN - b)) + return SL_TRUE; /* no overflow */ + else + return SL_FALSE; + } + return SL_TRUE; +} + +int sl_ok_adds (size_t a, size_t b) /* a+b */ +{ + if (a <= (SIZE_MAX - b)) + return SL_TRUE; /* no overflow */ + else + return SL_FALSE; +} + +int sl_ok_subi (int a, int b) /* a-b */ +{ + if (a >= 0 && b < 0) + { + if (a <= (INT_MAX + b)) + return SL_TRUE; /* no overflow */ + else + return SL_FALSE; + } + else if (a < 0 && b >= 0) + { + if (a >= (INT_MIN + b)) + return SL_TRUE; /* no overflow */ + else + return SL_FALSE; + } + return SL_TRUE; +} Index: /tags/2.5.0/src/sstrip.c =================================================================== --- /tags/2.5.0/src/sstrip.c (revision 189) +++ /tags/2.5.0/src/sstrip.c (revision 189) @@ -0,0 +1,538 @@ +/* sstrip, version 2.0: Copyright (C) 1999-2001 by Brian Raiter, under the + * GNU General Public License. No warranty. See LICENSE for details. + */ + +/* Modified for portability and 64bit/32bit elf executables, Rainer Wichmann */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include + +#if !defined(__ia64) && !defined(__ia64__) && !defined(__itanium__) && \ + !defined(__alpha) && !defined(__alpha__) && \ + (defined(HAVE_ELF_H) || defined(HAVE_LINUX_ELF_H)) && \ + (defined(__linux__) || defined(__FreeBSD__)) && \ + (defined(__i386__) || defined(__i386) || defined(i386)) + +/* || defined(__sun) || defined(__sun__) || defined(sun) */ + + +#if defined(HAVE_ELF_H) +#include +#else +#include +#endif + +#ifndef TRUE +#define TRUE 1 +#define FALSE 0 +#endif + +#ifndef ELFCLASS32 +#define ELFCLASS32 1 /* 32-bit objects */ +#endif +#ifndef ELFCLASS64 +#define ELFCLASS64 2 /* 64-bit objects */ +#endif + + + +/* The name of the program. + */ +static char const *progname; + +/* The name of the current file. + */ +static char const *filename; + + +/* A simple error-handling function. FALSE is always returned for the + * convenience of the caller. + */ +static int err(char const *errmsg) +{ + fprintf(stderr, "%s: %s: %s\n", progname, filename, errmsg); + return FALSE; +} + +/* A macro for I/O errors: The given error message is used only when + * errno is not set. + */ +#define ferr(msg) (err(errno ? strerror(errno) : (msg))) + +/* readelfheader() reads the ELF header into our global variable, and + * checks to make sure that this is in fact a file that we should be + * munging. + */ +static int readelfheader_32(int fd, Elf32_Ehdr *ehdr) +{ + errno = 0; + if (read(fd, ehdr, sizeof *ehdr) != sizeof *ehdr) + return ferr("missing or incomplete ELF header."); + + /* Check the ELF signature. + */ + if (!(ehdr->e_ident[EI_MAG0] == ELFMAG0 && + ehdr->e_ident[EI_MAG1] == ELFMAG1 && + ehdr->e_ident[EI_MAG2] == ELFMAG2 && + ehdr->e_ident[EI_MAG3] == ELFMAG3)) + return err("missing ELF signature."); + + /* Compare the file's class and endianness with the program's. + */ +#ifdef ELF_DATA + if (ehdr->e_ident[EI_DATA] != ELF_DATA) + return err("ELF file has different endianness."); +#endif + + if (ehdr->e_ident[EI_CLASS] != ELFCLASS32) + return FALSE; + + /* Check the target architecture. + */ +#ifdef ELF_ARCH + if (ehdr->e_machine != ELF_ARCH) + return err("ELF file created for different architecture."); +#endif + + /* Verify the sizes of the ELF header and the program segment + * header table entries. + */ + if (ehdr->e_ehsize != sizeof(Elf32_Ehdr)) + return err("unrecognized ELF header size."); + if (ehdr->e_phentsize != sizeof(Elf32_Phdr)) + return err("unrecognized program segment header size."); + + /* Finally, check the file type. + */ + if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) + return err("not an executable or shared-object library."); + + return TRUE; +} + +static int readelfheader_64(int fd, Elf64_Ehdr *ehdr) +{ + errno = 0; + + if (lseek(fd, 0, SEEK_SET)) + return ferr("could not rewind file"); + + if (read(fd, ehdr, sizeof *ehdr) != sizeof *ehdr) + return ferr("missing or incomplete ELF header."); + + /* Check the ELF signature. + */ + if (!(ehdr->e_ident[EI_MAG0] == ELFMAG0 && + ehdr->e_ident[EI_MAG1] == ELFMAG1 && + ehdr->e_ident[EI_MAG2] == ELFMAG2 && + ehdr->e_ident[EI_MAG3] == ELFMAG3)) + return err("missing ELF signature."); + + /* Compare the file's class and endianness with the program's. + */ +#ifdef ELF_DATA + if (ehdr->e_ident[EI_DATA] != ELF_DATA) + return err("ELF file has different endianness."); +#endif + + if (ehdr->e_ident[EI_CLASS] != ELFCLASS64) + return err("ELF file has different word size."); + + /* Check the target architecture. + */ +#ifdef ELF_ARCH + if (ehdr->e_machine != ELF_ARCH) + return err("ELF file created for different architecture."); +#endif + + /* Verify the sizes of the ELF header and the program segment + * header table entries. + */ + if (ehdr->e_ehsize != sizeof(Elf64_Ehdr)) + return err("unrecognized ELF header size."); + if (ehdr->e_phentsize != sizeof(Elf64_Phdr)) + return err("unrecognized program segment header size."); + + /* Finally, check the file type. + */ + if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) + return err("not an executable or shared-object library."); + + return TRUE; +} + +/* readphdrtable() loads the program segment header table into memory. + */ +static int readphdrtable_32(int fd, Elf32_Ehdr const *ehdr, Elf32_Phdr **phdrs) +{ + size_t size; + + if (!ehdr->e_phoff || !ehdr->e_phnum) + return err("ELF file has no program header table."); + + size = ehdr->e_phnum * sizeof **phdrs; + if (!(*phdrs = malloc(size))) + return err("Out of memory!"); + + errno = 0; + if (read(fd, *phdrs, size) != (ssize_t)size) + return ferr("missing or incomplete program segment header table."); + + return TRUE; +} + +static int readphdrtable_64(int fd, Elf64_Ehdr const *ehdr, Elf64_Phdr **phdrs) +{ + size_t size; + + if (!ehdr->e_phoff || !ehdr->e_phnum) + return err("ELF file has no program header table."); + + size = ehdr->e_phnum * sizeof **phdrs; + if (!(*phdrs = malloc(size))) + return err("Out of memory!"); + + errno = 0; + if (read(fd, *phdrs, size) != (ssize_t)size) + return ferr("missing or incomplete program segment header table."); + + return TRUE; +} + +/* getmemorysize() determines the offset of the last byte of the file + * that is referenced by an entry in the program segment header table. + * (Anything in the file after that point is not used when the program + * is executing, and thus can be safely discarded.) + */ +static int getmemorysize_32(Elf32_Ehdr const *ehdr, Elf32_Phdr const *phdrs, + unsigned long *newsize) +{ + Elf32_Phdr const *phdr; + unsigned long size, n; + int i; + + /* Start by setting the size to include the ELF header and the + * complete program segment header table. + */ + size = ehdr->e_phoff + ehdr->e_phnum * sizeof *phdrs; + if (size < sizeof *ehdr) + size = sizeof *ehdr; + + /* Then keep extending the size to include whatever data the + * program segment header table references. + */ + for (i = 0, phdr = phdrs ; i < ehdr->e_phnum ; ++i, ++phdr) { + if (phdr->p_type != PT_NULL) { + n = phdr->p_offset + phdr->p_filesz; + if (n > size) + size = n; + } + } + + *newsize = size; + return TRUE; +} + +static int getmemorysize_64(Elf64_Ehdr const *ehdr, Elf64_Phdr const *phdrs, + unsigned long *newsize) +{ + Elf64_Phdr const *phdr; + unsigned long size, n; + int i; + + /* Start by setting the size to include the ELF header and the + * complete program segment header table. + */ + size = ehdr->e_phoff + ehdr->e_phnum * sizeof *phdrs; + if (size < sizeof *ehdr) + size = sizeof *ehdr; + + /* Then keep extending the size to include whatever data the + * program segment header table references. + */ + for (i = 0, phdr = phdrs ; i < ehdr->e_phnum ; ++i, ++phdr) { + if (phdr->p_type != PT_NULL) { + n = phdr->p_offset + phdr->p_filesz; + if (n > size) + size = n; + } + } + + *newsize = size; + return TRUE; +} + +/* truncatezeros() examines the bytes at the end of the file's + * size-to-be, and reduces the size to exclude any trailing zero + * bytes. + */ +static int truncatezeros(int fd, unsigned long *newsize) +{ + unsigned char contents[1024]; + unsigned long size, n; + + size = *newsize; + do { + n = sizeof contents; + if (n > size) + n = size; + if (lseek(fd, size - n, SEEK_SET) == (off_t)-1) + return ferr("cannot seek in file."); + if (read(fd, contents, n) != (ssize_t)n) + return ferr("cannot read file contents"); + while (n && !contents[--n]) + --size; + } while (size && !n); + + /* Sanity check. + */ + if (!size) + return err("ELF file is completely blank!"); + + *newsize = size; + return TRUE; +} + +/* modifyheaders() removes references to the section header table if + * it was stripped, and reduces program header table entries that + * included truncated bytes at the end of the file. + */ +static int modifyheaders_32(Elf32_Ehdr *ehdr, Elf32_Phdr *phdrs, + unsigned long newsize) +{ + Elf32_Phdr *phdr; + int i; + + /* If the section header table is gone, then remove all references + * to it in the ELF header. + */ + if (ehdr->e_shoff >= newsize) { + ehdr->e_shoff = 0; + ehdr->e_shnum = 0; + ehdr->e_shentsize = 0; + ehdr->e_shstrndx = 0; + } + + /* The program adjusts the file size of any segment that was + * truncated. The case of a segment being completely stripped out + * is handled separately. + */ + for (i = 0, phdr = phdrs ; i < ehdr->e_phnum ; ++i, ++phdr) { + if (phdr->p_offset >= newsize) { + phdr->p_offset = newsize; + phdr->p_filesz = 0; + } else if (phdr->p_offset + phdr->p_filesz > newsize) { + phdr->p_filesz = newsize - phdr->p_offset; + } + } + + return TRUE; +} + +static int modifyheaders_64(Elf64_Ehdr *ehdr, Elf64_Phdr *phdrs, + unsigned long newsize) +{ + Elf64_Phdr *phdr; + int i; + + /* If the section header table is gone, then remove all references + * to it in the ELF header. + */ + if (ehdr->e_shoff >= newsize) { + ehdr->e_shoff = 0; + ehdr->e_shnum = 0; + ehdr->e_shentsize = 0; + ehdr->e_shstrndx = 0; + } + + /* The program adjusts the file size of any segment that was + * truncated. The case of a segment being completely stripped out + * is handled separately. + */ + for (i = 0, phdr = phdrs ; i < ehdr->e_phnum ; ++i, ++phdr) { + if (phdr->p_offset >= newsize) { + phdr->p_offset = newsize; + phdr->p_filesz = 0; + } else if (phdr->p_offset + phdr->p_filesz > newsize) { + phdr->p_filesz = newsize - phdr->p_offset; + } + } + + return TRUE; +} + +/* commitchanges() writes the new headers back to the original file + * and sets the file to its new size. + */ +static int commitchanges_32(int fd, Elf32_Ehdr const *ehdr, Elf32_Phdr *phdrs, + unsigned long newsize) +{ + size_t n; + + /* Save the changes to the ELF header, if any. + */ + if (lseek(fd, 0, SEEK_SET)) + return ferr("could not rewind file"); + errno = 0; + if (write(fd, ehdr, sizeof *ehdr) != sizeof *ehdr) + return err("could not modify file"); + + /* Save the changes to the program segment header table, if any. + */ + if (lseek(fd, ehdr->e_phoff, SEEK_SET) == (off_t)-1) { + err("could not seek in file."); + goto warning; + } + n = ehdr->e_phnum * sizeof *phdrs; + if (write(fd, phdrs, n) != (ssize_t)n) { + err("could not write to file"); + goto warning; + } + + /* Eleventh-hour sanity check: don't truncate before the end of + * the program segment header table. + */ + if (newsize < ehdr->e_phoff + n) + newsize = ehdr->e_phoff + n; + + /* Chop off the end of the file. + */ + if (ftruncate(fd, newsize)) { + err("could not resize file"); + goto warning; + } + + return TRUE; + + warning: + return err("ELF file may have been corrupted!"); +} + +static int commitchanges_64(int fd, Elf64_Ehdr const *ehdr, Elf64_Phdr *phdrs, + unsigned long newsize) +{ + size_t n; + + /* Save the changes to the ELF header, if any. + */ + if (lseek(fd, 0, SEEK_SET)) + return ferr("could not rewind file"); + errno = 0; + if (write(fd, ehdr, sizeof *ehdr) != sizeof *ehdr) + return err("could not modify file"); + + /* Save the changes to the program segment header table, if any. + */ + if (lseek(fd, ehdr->e_phoff, SEEK_SET) == (off_t)-1) { + err("could not seek in file."); + goto warning; + } + n = ehdr->e_phnum * sizeof *phdrs; + if (write(fd, phdrs, n) != (ssize_t)n) { + err("could not write to file"); + goto warning; + } + + /* Eleventh-hour sanity check: don't truncate before the end of + * the program segment header table. + */ + if (newsize < ehdr->e_phoff + n) + newsize = ehdr->e_phoff + n; + + /* Chop off the end of the file. + */ + if (ftruncate(fd, newsize)) { + err("could not resize file"); + goto warning; + } + + return TRUE; + + warning: + return err("ELF file may have been corrupted!"); +} + +/* main() loops over the cmdline arguments, leaving all the real work + * to the other functions. + */ +int main(int argc, char *argv[]) +{ + int fd; + int is_32bit_elf; + Elf32_Ehdr ehdr32; + Elf32_Phdr *phdrs32 = NULL; + Elf64_Ehdr ehdr64; + Elf64_Phdr *phdrs64 = NULL; + unsigned long newsize; + char **arg; + int failures = 0; + + if (argc < 2 || argv[1][0] == '-') { + printf("Usage: sstrip FILE...\n" + "sstrip discards all nonessential bytes from an executable.\n\n" + "Version 2.0 Copyright (C) 2000,2001 Brian Raiter.\n" + "This program is free software, licensed under the GNU\n" + "General Public License. There is absolutely no warranty.\n"); + return EXIT_SUCCESS; + } + + progname = argv[0]; + + for (arg = argv + 1 ; *arg != NULL ; ++arg) { + filename = *arg; + + fd = open(*arg, O_RDWR); + if (fd < 0) { + ferr("can't open"); + ++failures; + continue; + } + + if (readelfheader_32(fd, &ehdr32)) { + is_32bit_elf = TRUE; + } + else if (readelfheader_64(fd, &ehdr64)) { + is_32bit_elf = FALSE; + } + else { + close(fd); + return EXIT_FAILURE; + } + + if (is_32bit_elf) { + if (!(readphdrtable_32(fd, &ehdr32, &phdrs32) && + getmemorysize_32(&ehdr32, phdrs32, &newsize) && + truncatezeros(fd, &newsize) && + modifyheaders_32(&ehdr32, phdrs32, newsize) && + commitchanges_32(fd, &ehdr32, phdrs32, newsize))) + ++failures; + } + else { + if (!(readphdrtable_64(fd, &ehdr64, &phdrs64) && + getmemorysize_64(&ehdr64, phdrs64, &newsize) && + truncatezeros(fd, &newsize) && + modifyheaders_64(&ehdr64, phdrs64, newsize) && + commitchanges_64(fd, &ehdr64, phdrs64, newsize))) + ++failures; + } + + close(fd); + } + + return failures ? EXIT_FAILURE : EXIT_SUCCESS; +} + +#else + +int main() +{ + return (EXIT_SUCCESS); +} + +#endif Index: /tags/2.5.0/src/trustfile.c =================================================================== --- /tags/2.5.0/src/trustfile.c (revision 189) +++ /tags/2.5.0/src/trustfile.c (revision 189) @@ -0,0 +1,1049 @@ +/* debug problems */ +/* #define TRUST_DEBUG */ + +/* switch off full check */ +/* #define TEST_ONLY */ + +/* standalone */ +/* #define TRUST_MAIN */ +/* $(CC) -DTRUST_MAIN -DSL_ALWAYS_TRUSTED=... */ + +/* LINTLIBRARY */ +/* + * This is the file with all the library routines in it + * + * Author information: + * Matt Bishop + * Department of Computer Science + * University of California at Davis + * Davis, CA 95616-8562 + * phone (916) 752-8060 + * email bishop@cs.ucdavis.edu + * + * This code is placed in the public domain. I do ask that + * you keep my name associated with it, that you not represent + * it as written by you, and that you preserve these comments. + * This software is provided "as is" and without any guarantees + * of any sort. + * + * Compilation notes: + * * this does NOT use malloc(3), but fixed storage. this means we + * do lots of bounds checking, but it still is faster, and smaller, + * than forcing inclusion of malloc. All buffers etc. are of size + * MAXFILENAME (defined in trustfile.h); to get more room, recompile + * with this set larger. + * * if you support the following directory semantics, define STICKY; + * otherwise, undefine it + * "if a directory is both world-writeable AND has the sticky bit + * set, then ONLY the owner of an existing file may delete it" + * On some systems (eg, IRIX), you can delete the file under these + * conditions if the file is world writeable. Foor our purposes, + * this is irrelevant since if the file is world-writeable it is + * untrustworthy; either it can be replaced with another file (the + * IRIX version) or it can be altered (all versions). + * if this is true and STICKY is not set, the sticky bit is ignored + * and the directory will be flagged as untrustworthy, even when only + * a trusted user could delete the file + * * this uses a library call to get the name of the current working + * directory. Define the following to get the various versions: + * GETCWD for Solaris 2.x, SunOS 4.1.x, IRIX 5.x + * char *getcwd(char *buf, int bufsz); + * where buf is a buffer for the path name, and bufsz is + * the size of the buffer; if the size if too small, you + * get an error return (NULL) + * GETWD for Ultrix 4.4 + * char *getwd(char *buf) + * where buf is a buffer for the path name, and it is + * assumed to be at lease as big as MAXPATHLEN. + * *** IMPORTANT NOTE *** + * Ultrix supports getcwd as well, but it uses popen to + * run the command "pwd" (according to the manual). This + * means it's vulnerable to a number of attacks if used + * in a privileged program. YOU DON'T WANT THIS. + * * the debugging flag DEBUG prints out each step of the file name + * checking, as well as info on symbolic links (if S_IFLNK defined), + * file name canonicalization, and user, group, and permission for + * each file or directory; this is useful if you want to be sure + * you're checking the right file + * + * Version information: + * 1.0 December 28, 1995 Matt Bishop + * + * 2.0 March 26, 2000 Rainer Wichmann -- adapted for slib. + */ + +/* --- Why strcpy is safe here: ---- */ + +/* The input path is checked once, and then either shortened [in dirz()], + * or safely expanded (symlinks) with bound checking. + * I.e., the path length can never exceed (MAXFILENAME-1), while the path + * is always copied between buffers of length MAXFILENAME. + */ + +#ifndef TRUST_MAIN +#include "config_xor.h" +#include "sh_calls.h" +#else +#define UID_CAST long +#endif + +#include +#include +#include +#include +#include +#include +#include +#include + + +#ifndef TRUST_MAIN + +#include "slib.h" +#define SH_NEED_PWD_GRP 1 +#include "sh_static.h" +#include "sh_pthread.h" + +#else + +#define sh_getgrgid getgrgid +#define sh_getgrgid_r getgrgid_r +#define sh_getpwnam getpwnam +#define sh_getpwnam_r getpwnam_r +#define sh_getpwuid getpwuid +#define sh_getpwuid_r getpwuid_r +#define sh_getpwent getpwent +#define sh_endpwent endpwent + +#define TRUST_DEBUG +#define SL_FALSE 0 +#define SL_TRUE 1 +#define SL_ENTER(string) +#define SL_IRETURN(a, b) return a +#define retry_lstat(a,b,c,d) lstat(c,d) +#define _(string) string +#define N_(string) string +#define MAXFILENAME 4096 +static int sl_errno = 0; +#define SL_ENONE 0 +#define SL_ENULL -1024 /* Invalid use of NULL pointer. */ +#define SL_ERANGE -1025 /* Argument out of range. */ +#define SL_ETRUNC -1026 /* Result truncated. */ +#define SL_EINTERNAL -1028 /* Internal error. */ +#define SL_EBADFILE -1030 /* File access error. Check errno. */ +#define SL_EBADNAME -1040 /* Invalid name. */ +#define SL_ESTAT -1041 /* stat of file failed. Check errno. */ +#define SL_EBADUID -1050 /* Owner not trustworthy. */ +#define SL_EBADGID -1051 /* Group writeable and not trustworthy.*/ +#define SL_EBADOTH -1052 /* World writeable. */ + +#endif + + +#if defined(__linux__) || defined(__FreeBSD__) +#define STICKY +#endif + +#undef FIL__ +#define FIL__ _("trustfile.c") + +/* + * the get current working directory function + * every version of UNIX seems to have its own + * idea of how to do this, so we group them by + * arguments ... + * all must return a pointer to the right name + */ + + +#ifndef TRUST_MAIN + +#if defined(HAVE_GETCWD) && !defined(HAVE_BROKEN_GETCWD) +#define CURDIR(buf,nbuf) getcwd((buf), (nbuf)) +#elif defined(HAVE_GETWD) +#define CURDIR(buf,nbuf) getwd((buf)) +#endif + +#else + +#define CURDIR(buf,nbuf) getcwd((buf), (nbuf)) + +#endif + + + +/* + * this checks to see if there are symbolic links + * assumes the link bit in the protection mask is called S_IFLNK + * (seems to be true on all UNIXes with them) + */ +#ifndef S_IFLNK +#define lstat stat +#endif + + +/* + * these are useful global variables + * + * first set: who you gonna trust, by default? + * if the user does not specify a trusted or untrusted set of users, + * all users are considered untrusted EXCEPT: + * UID 0 -- root as root can do anything on most UNIX systems, this + * seems reasonable + * tf_euid -- programmer-selectable UID + * if the caller specifies a specific UID by putting + * it in this variable, it will be trusted; this is + * typically used to trust the effective UID of the + * process (note: NOT the real UID, which will cause all + * sorts of problems!) By default, this is set to -1, + * so if it's not set, root is the only trusted user + */ + +/* modified Tue Feb 22 10:36:44 NFT 2000 Rainer Wichmann */ + + +#ifndef SL_ALWAYS_TRUSTED +#define SL_ALWAYS_TRUSTED 0 +#endif +static uid_t test_rootonly[] = { SL_ALWAYS_TRUSTED }; + +#define tf_uid_neg ((uid_t)-1) + +uid_t rootonly[] = { SL_ALWAYS_TRUSTED, + tf_uid_neg, tf_uid_neg, tf_uid_neg, tf_uid_neg, + tf_uid_neg, tf_uid_neg, tf_uid_neg, tf_uid_neg, + tf_uid_neg, tf_uid_neg, tf_uid_neg, tf_uid_neg, + tf_uid_neg, tf_uid_neg, tf_uid_neg, tf_uid_neg }; + +uid_t tf_euid = tf_uid_neg; +int EUIDSLOT = sizeof(test_rootonly)/sizeof(uid_t); +int ORIG_EUIDSLOT = sizeof(test_rootonly)/sizeof(uid_t); + +char tf_path[MAXFILENAME]; /* error path for trust function */ +uid_t tf_baduid; +gid_t tf_badgid; + +static +int dirz(char *path) +{ + register char *p = path;/* points to rest of path to clean up */ + register char *q; /* temp pointer for skipping over stuff */ + + static char swp[MAXFILENAME]; + + SL_ENTER(_("dirz")); + /* + * standard error checking + */ + if (path == NULL) + SL_IRETURN(SL_ENULL, _("dirz")); + if (path[0] == '.') + SL_IRETURN(SL_EINTERNAL, _("dirz")); + + + /* + * loop over the path name until everything is checked + */ + while(*p) + { + /* skip + */ + if (*p != '/') + { + p++; + continue; + } + + /* "/./" or "/." + */ + if (p[1] == '.' && (p[2] == '/' || p[2] == '\0')) + { + /* yes -- delete "/." + */ + (void) strcpy(swp, &p[2]); /* known to fit */ + (void) strcpy(p, swp); /* known to fit */ + + /* special case "/." as full path name + */ + if (p == path && *p == '\0') + { + *p++ = '/'; + *p = '\0'; + } + } + + /* "//" + */ + else if (p[1] == '/') + { + /* yes -- skip + */ + for(q = &p[2]; *q == '/'; q++) + ; + (void) strcpy(swp, q); /* known to fit */ + (void) strcpy(&p[1], swp); /* known to fit */ + } + + /* "/../" or "/.." + */ + else if (p[1] == '.' && p[2] == '.' && (p[3] == '/' || p[3] == '\0')) + { + /* yes -- if it's root, delete .. only + */ + if (p == path) + { + (void) strcpy(swp, &p[3]); /* known to fit */ + (void) strcpy(p, swp); /* known to fit */ + } + else + { + /* back up over previous component + */ + q = p - 1; + while(q != path && *q != '/') + q--; + /* now wipe it out + */ + (void) strcpy(swp, &p[3]); /* known to fit */ + (void) strcpy(q, swp); /* known to fit */ + p = q; + } + } + else + p++; + } + SL_IRETURN(SL_ENONE, _("dirz")); +} + + + +/* not static to circumvent stupid gcc 4 bug */ +int getfname(const char *fname, char *rbuf, int rsz) +{ +#ifndef TRUST_MAIN + register int status; +#endif + + SL_ENTER(_("getfname")); + /* + * do the initial checking + * NULL pointer + */ + if (fname == NULL || rbuf == NULL) + SL_IRETURN(SL_ENULL, _("getfname")); + if (rsz <= 0) + SL_IRETURN(SL_ERANGE, _("getfname")); + + + /* already a full path name */ + if (*fname == '/') + rbuf[0] = '\0'; + else + { + if (CURDIR(rbuf, rsz) == NULL) + { +#ifdef TRUST_DEBUG + fprintf(stderr, "trustfile: getcwd failed\n"); +#endif + SL_IRETURN(SL_EBADNAME, _("getfname")); + } + } + + /* + * append the file name and reduce + */ + if (fname != NULL && *fname != '\0') + { +#ifndef TRUST_MAIN + status = sl_strlcat(rbuf, "/", rsz); + if (status == SL_ENONE) + status = sl_strlcat(rbuf, fname, rsz); + if (status != SL_ENONE) + SL_IRETURN(status, _("getfname")); +#else + strncat(rbuf, "/", rsz-strlen(rbuf)); + strncat(rbuf, fname, rsz-strlen(rbuf)); +#endif + } + SL_IRETURN(dirz(rbuf), _("getfname")); +} + +static +int isin(uid_t n, uid_t *list) +{ + SL_ENTER(_("isin")); + if (list == NULL) + SL_IRETURN(SL_FALSE, _("isin")); + + while(*list != tf_uid_neg && *list != n) + { +#ifdef TRUST_DEBUG + fprintf (stderr, + "trustfile: owner_uid=%ld, trusted uid=%ld, no match\n", + (UID_CAST) n, (UID_CAST) *list); +#endif + list++; + } + + if (*list == tf_uid_neg) + { +#ifdef TRUST_DEBUG + fprintf (stderr, + "trustfile: owner_uid=%ld, no match with any trusted user --> ERROR\n", + (UID_CAST) n); +#endif + SL_IRETURN(SL_FALSE, _("isin")); + } + +#ifdef TRUST_DEBUG + fprintf (stderr, + "trustfile: owner_uid=%ld, trusted_uid=%ld, match found --> OK\n", + (UID_CAST)n, (UID_CAST)*list); +#endif + SL_IRETURN(SL_TRUE, _("isin")); +} + +/* comment added by R. Wichmann + * RETURN TRUE if ANYONE in ulist is group member + */ +/* not static to circumvent stupid gcc 4 bug */ +int isingrp(gid_t grp, uid_t *ulist) +{ + struct passwd *w; /* info about group member */ + register uid_t *u; /* points to current ulist member */ + register char **p; /* points to current group member */ + struct group *g; /* pointer to group information */ + +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + struct group gr; + char buffer[SH_GRBUF_SIZE]; + struct passwd pwd; + char pbuffer[SH_PWBUF_SIZE]; +#endif + + SL_ENTER(_("isingrp")); + +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + sh_getgrgid_r(grp, &gr, buffer, sizeof(buffer), &g); +#else + g = sh_getgrgid(grp); +#endif + + if (g == NULL) + { + SL_IRETURN(SL_FALSE, _("isingrp") ); + } + /* + if(g->gr_mem == NULL || g->gr_mem[0] == NULL ) + SL_IRETURN(SL_FALSE, _("isingrp") ); + */ + + /* this will return at the first match + */ + for(p = g->gr_mem; *p != NULL; p++) + { + for(u = ulist; *u != tf_uid_neg; u++) + { + /* map user name to UID and compare */ +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + sh_getpwnam_r(*p, &pwd, pbuffer, sizeof(pbuffer), &w); +#else + w = sh_getpwnam(*p); +#endif + +#ifdef TRUST_MAIN + if (w != NULL && *u == (uid_t)(w->pw_uid) ) + SL_IRETURN(SL_TRUE, _("isingrp")); +#else + if (w != NULL && *u == (uid_t)(w->pw_uid) ) + { + SL_IRETURN(SL_TRUE, _("isingrp")); + } +#endif + } + } + /* added by R. Wichmann Fri Mar 30 08:16:14 CEST 2001: + * a user can have a GID but no entry in /etc/group + */ + for(u = ulist; *u != tf_uid_neg; u++) + { +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R) + sh_getpwuid_r(*u, &pwd, pbuffer, sizeof(pbuffer), &w); +#else + w = sh_getpwuid(*u); +#endif +#ifdef TRUST_MAIN + if (w != NULL && grp == (gid_t)(w->pw_gid) ) + SL_IRETURN(SL_TRUE, _("isingrp")); +#else + if (w != NULL && grp == (gid_t)(w->pw_gid) ) + { + SL_IRETURN(SL_TRUE, _("isingrp")); + } +#endif + } + + SL_IRETURN(SL_FALSE, _("isingrp")); +} + +/* added by R. Wichmann Fri Mar 30 08:16:14 CEST 2001 + * RETURN TRUE only if ALL group members are trusted + */ +/* not static to circumvent stupid gcc 4 bug */ +int onlytrustedingrp(gid_t grp, uid_t *ulist) +{ + struct passwd *w; /* info about group member */ + register uid_t *u; /* points to current ulist member */ + register char **p; /* points to current group member */ + struct group *g; /* pointer to group information */ + register int flag = -1; /* group member found */ + +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + struct group gr; + char buffer[SH_GRBUF_SIZE]; + struct passwd pw; + char pbuffer[SH_PWBUF_SIZE]; +#endif + + int retval = SL_FALSE; + + SL_ENTER(_("onlytrustedingrp")); + +#ifdef TRUST_DEBUG + fprintf(stderr, "trustfile: group writeable, group_gid: %ld\n", + (UID_CAST)grp); +#endif + +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + sh_getgrgid_r(grp, &gr, buffer, sizeof(buffer), &g); +#else + g = sh_getgrgid(grp); +#endif + + if (g == NULL) + { +#ifdef TRUST_DEBUG + fprintf(stderr, + "trustfile: group_gid: %ld, no such group --> ERROR\n", + (UID_CAST)grp); +#endif + SL_IRETURN(SL_FALSE, _("onlytrustedingrp") ); + } + + /* empty group -> no problem + + if(g->gr_mem == NULL || g->gr_mem[0] == NULL ) + SL_IRETURN(SL_TRUE, _("onlytrustedingrp") ); + */ + + /* check for untrusted members of the group + */ + for(p = g->gr_mem; *p != NULL; p++) + { + flag = -1; +#ifdef TRUST_DEBUG + fprintf(stderr, "trustfile: group_member: %s\n", *p); +#endif + /* map user name to UID and compare + */ +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + sh_getpwnam_r(*p, &pw, pbuffer, sizeof(pbuffer), &w); +#else + w = sh_getpwnam(*p); +#endif + + if (w == NULL) /* not a valid user, ignore */ + { + flag = 0; + } + else /* check list of trusted users */ + { +#ifdef TRUST_DEBUG + fprintf (stderr, + "trustfile: uid=%ld, checking whether it is trusted\n", + (UID_CAST)(w->pw_uid)); +#endif + for(u = ulist; *u != tf_uid_neg; u++) + { + if (*u == (w->pw_uid) ) + { +#ifdef TRUST_DEBUG + fprintf (stderr, + "trustfile: uid=%ld, trusted_uid=%ld, match found --> OK\n", + (UID_CAST)(w->pw_uid), (UID_CAST)*u); +#endif + flag = 0; + break; + } + else + { +#ifdef TRUST_DEBUG + fprintf (stderr, + "trustfile: uid=%ld, trusted_uid=%ld, no match\n", + (UID_CAST)(w->pw_uid), (UID_CAST)*u); +#endif + ; + } + } + } + /* not found + */ + if (flag == -1) + { +#ifdef TRUST_DEBUG + fprintf (stderr, + "trustfile: user=%s (gid %ld), not a trusted user --> ERROR\n", *p, (UID_CAST)grp); +#endif + tf_baduid = w->pw_uid; + SL_IRETURN(SL_FALSE, _("onlytrustedingrp")); + } + } + +#ifndef TEST_ONLY +#ifdef HAVE_GETPWENT + /* now check ALL users for their GID !!! + */ + SH_MUTEX_LOCK(mutex_pwent); + + while (NULL != (w = sh_getpwent())) + { + if (grp == (gid_t)(w->pw_gid)) + { +#ifdef TRUST_DEBUG + fprintf(stderr, "trustfile: checking group member %s, uid %ld\n", + w->pw_name, (UID_CAST)w->pw_uid); +#endif + /* is it a trusted user ? + */ + flag = -1; + for(u = ulist; *u != tf_uid_neg; u++) + { + if (*u == (uid_t)(w->pw_uid)) + { +#ifdef TRUST_DEBUG + fprintf (stderr, + "trustfile: uid=%ld, trusted_uid=%ld, match found --> OK\n", + (UID_CAST)(w->pw_uid), *u); +#endif + flag = 0; + break; + } + else + { +#ifdef TRUST_DEBUG + fprintf (stderr, + "trustfile: uid=%ld, trusted_uid=%ld, no match\n", + (UID_CAST)(w->pw_uid), (UID_CAST)*u); +#endif + ; + } + } + /* not found */ + if (flag == -1) + { +#ifdef TRUST_DEBUG + fprintf(stderr,"trustfile: group member %s not found in trusted users --> ERROR\n", w->pw_name); +#endif + tf_baduid = w->pw_uid; + retval = SL_FALSE; + goto out; + /* SL_IRETURN(SL_FALSE, _("onlytrustedingrp")); */ + } + } + } + retval = SL_TRUE; + + out: + +#ifdef HAVE_ENDPWENT + sh_endpwent(); +#endif + + SH_MUTEX_UNLOCK(mutex_pwent); + + /* TEST_ONLY */ +#endif + /* #ifdef HAVE_GETPWENT */ +#endif + +#ifdef TRUST_DEBUG + if (retval == SL_TRUE) + fprintf(stderr, + "trustfile: group %ld: all members are trusted users --> OK\n", + (UID_CAST)grp); +#endif + /* all found + */ + SL_IRETURN(retval, _("onlytrustedingrp")); +} + +int sl_trustfile(const char *fname, uid_t *okusers, uid_t *badusers) +{ + char fexp[MAXFILENAME]; /* file name fully expanded */ + register char *p = fexp; /* used to hold name to be checked */ + struct stat stbuf; /* used to check file permissions */ + char c; /* used to hold temp char */ + + SL_ENTER(_("sl_trustfile")); + if (fname == NULL) + SL_IRETURN(SL_EBADFILE, _("sl_trustfile")); + + /* + * next expand to the full file name + * getfname sets sl_errno as appropriate + */ +#ifdef TRUST_MAIN + sl_errno = getfname(fname, fexp, MAXFILENAME); + if (sl_errno != 0) + return sl_errno; +#else + if (SL_ISERROR(getfname(fname, fexp, MAXFILENAME))) + SL_IRETURN(sl_errno, _("sl_trustfile")); +#endif + + if (okusers == NULL && badusers == NULL) + { + okusers = rootonly; + rootonly[EUIDSLOT] = tf_euid; + } + + /* + * now loop through the path a component at a time + * note we have to special-case root + */ + while(*p) + { + /* + * get next component + */ + while(*p && *p != '/') + p++; + + /* save where you are + */ + if (p == fexp) + { + /* keep the / if it's the root dir + */ + c = p[1]; + p[1] = '\0'; + } + else + { + /* clobber the / if it isn't the root dir + */ + c = *p; + *p = '\0'; + } + + /* + * now get the information + */ + if (retry_lstat(FIL__, __LINE__, fexp, &stbuf) < 0) + { + (void) strncpy(tf_path, fexp, sizeof(tf_path)); + tf_path[sizeof(tf_path)-1] = '\0'; +#ifdef TRUST_MAIN + fprintf(stderr, "---------------------------------------------\n"); + fprintf(stderr, "trustfile: ESTAT: stat(%s) failed,\n", fexp); + fprintf(stderr, "maybe the file does not exist\n"); + fprintf(stderr, "---------------------------------------------\n"); +#endif + SL_IRETURN(SL_ESTAT, _("sl_trustfile")); + } + +#ifdef S_IFLNK + /* + * if it's a symbolic link, recurse + */ + if ((stbuf.st_mode & S_IFLNK) == S_IFLNK) + { + /* + * this is tricky + * if the symlink is to an absolute path + * name, just call trustfile on it; but + * if it's a relative path name, it's + * interpreted WRT the current working + * directory AND NOT THE FILE NAME!!!!! + * so, we simply put /../ at the end of + * the file name, then append the symlink + * contents; trustfile will canonicalize + * this, and the /../ we added "undoes" + * the name of the symlink to put us in + * the current working directory, at + * which point the symlink contents (appended + * to the CWD) are interpreted correctly. + * got it? + */ + char csym[MAXFILENAME]; /* contents of symlink file */ + char full[MAXFILENAME]; /* "full" name of symlink */ + register char *b, *t; /* used to copy stuff around */ + register int lsym; /* num chars in symlink ref */ + register int i; /* trustworthy or not? */ + const char * t_const; + char *end; + + /* + * get what the symbolic link points to + * + * The original code does not check the return code of readlink(), + * and has an off-by-one error + * (MAXFILENAME instead of MAXFILENAME-1) + * R.W. Tue May 29 22:05:16 CEST 2001 + */ + lsym = readlink(fexp, csym, MAXFILENAME-1); + if (lsym >= 0) + csym[lsym] = '\0'; + else + { +#ifdef TRUST_MAIN + fprintf(stderr, "---------------------------------------------\n"); + fprintf(stderr, "trustfile: EBADNAME: readlink(%s) failed\n", + fexp); + fprintf(stderr, "---------------------------------------------\n"); +#endif + SL_IRETURN(SL_EBADNAME, _("sl_trustfile")); + } + + /* + * relative or absolute referent? + */ + if (csym[0] != '/') + { + /* pointer to one above last element + */ + end = &full[MAXFILENAME-1]; ++end; + + /* initialize pointers + */ + b = full; + + /* copy in base path + */ + t = fexp; + while(*t && b < end) + *b++ = *t++; + + /* smack on the /../ + */ + t_const = "/../"; + while(*t && b < end) + *b++ = *t_const++; + + /* append the symlink referent + */ + t = csym; + while(*t && b < end) + *b++ = *t++; + + /* see if we're too big + */ + if (*t || b == end) + { + /* yes -- error + */ + (void) strncpy(tf_path, fexp, sizeof(tf_path)); + tf_path[sizeof(tf_path)-1] = '\0'; +#ifdef TRUST_MAIN + fprintf(stderr, "---------------------------------------------\n"); + fprintf(stderr, + "trustfile: ETRUNC: normalized path too long (%s)\n", + fexp); + fprintf(stderr, "---------------------------------------------\n"); +#endif + SL_IRETURN(SL_ETRUNC, _("sl_trustfile")); + } + *b = '\0'; + } + else + { + /* absolute -- just copy */ + /* overflow can't occur as the arrays */ + /* are the same size */ + (void) strcpy(full, csym); /* known to fit */ + } + /* + * now check out this file and its ancestors + */ + if ((i = sl_trustfile(full, okusers, badusers)) != SL_ENONE) + SL_IRETURN(i, _("sl_trustfile")); + + /* + * okay, this part is valid ... let's check the rest + * put the / back + */ + if (p == fexp) + { + /* special case for root */ + p[1] = c; + p++; + } + else + { + /* ordinary case for everything else */ + *p = c; + if (*p) + p++; + } + continue; + } +#endif + + +#ifdef TRUST_DEBUG + fprintf(stderr, "\ntrustfile: checking path=%s\n", fexp); +#endif + /* + * if the owner is not trusted then -- as the owner can + * change protection modes -- he/she can write to the + * file regardless of permissions, so bomb + */ + if (((okusers != NULL && SL_FALSE == isin((uid_t)stbuf.st_uid,okusers))|| + (badusers != NULL && SL_TRUE == isin((uid_t)stbuf.st_uid,badusers)))) + { +#ifdef TRUST_DEBUG + fprintf(stderr, "---------------------------------------------\n"); + fprintf(stderr, "trustfile: EBADUID %s (owner not trusted)\n", + fexp); + fprintf(stderr, "The owner of this file/directory is not in samhains\n"); + fprintf(stderr, "list of trusted users.\n"); + fprintf(stderr, "Please run ./configure again with the option\n"); + fprintf(stderr, " ./configure [more options] --with-trusted=0,...,UID\n"); + fprintf(stderr, "where UID is the UID of the (yet) untrusted user.\n"); + fprintf(stderr, "---------------------------------------------\n"); +#endif + (void) strncpy(tf_path, fexp, sizeof(tf_path)); + tf_path[sizeof(tf_path)-1] = '\0'; + + tf_baduid = (uid_t) stbuf.st_uid; + SL_IRETURN(SL_EBADUID, _("sl_trustfile")); + } + + /* + * if a group member can write but the + * member is not trusted, bomb; but if + * sticky bit semantics are honored, it's + * okay + */ + /* Thu Mar 29 21:10:28 CEST 2001 Rainer Wichmann + * replace !isingrp() with onlytrustedingrp(), as isingrp() + * will return at the first trusted user, even if there are additional + * (untrusted) users in the group + */ + if (((stbuf.st_mode & S_IWGRP) == S_IWGRP) && + ((okusers != NULL && !onlytrustedingrp((gid_t)stbuf.st_gid,okusers))|| + (badusers != NULL && isingrp((gid_t)stbuf.st_gid, badusers))) +#ifdef STICKY + && ((stbuf.st_mode&S_IFDIR) != S_IFDIR || + (stbuf.st_mode&S_ISVTX) != S_ISVTX) +#endif + ) + { +#ifdef TRUST_DEBUG + fprintf(stderr, "---------------------------------------------\n"); + fprintf(stderr, + "trustfile: EBADGID %ld %s (group member not trusted)\n", + (UID_CAST)stbuf.st_gid, fexp); + fprintf(stderr, "This file/directory is group writeable, and one of the group members\n"); + fprintf(stderr, "is not in samhains list of trusted users.\n"); + fprintf(stderr, "Please run ./configure again with the option\n"); + fprintf(stderr, " ./configure [more options] --with-trusted=0,...,UID\n"); + fprintf(stderr, "where UID is the UID of the (yet) untrusted user.\n"); + fprintf(stderr, "---------------------------------------------\n"); +#endif + (void) strncpy(tf_path, fexp, sizeof(tf_path)); + tf_path[sizeof(tf_path)-1] = '\0'; + + tf_badgid = (gid_t) stbuf.st_gid; + SL_IRETURN(SL_EBADGID, _("sl_trustfile")); + } + /* + * if other can write, bomb; but if the sticky + * bit semantics are honored, it's okay + */ + if (((stbuf.st_mode & S_IWOTH) == S_IWOTH) +#ifdef STICKY + && ((stbuf.st_mode&S_IFDIR) != S_IFDIR || + (stbuf.st_mode&S_ISVTX) != S_ISVTX) +#endif + ) + { +#ifdef TRUST_DEBUG + fprintf(stderr, "---------------------------------------------\n"); + fprintf(stderr, "trustfile: EBADOTH (world writeable): %s\n", + fexp); + fprintf(stderr, "This file/directory is world writeable.\n"); + fprintf(stderr, "---------------------------------------------\n"); +#endif + (void) strncpy(tf_path, fexp, sizeof(tf_path)); + tf_path[sizeof(tf_path)-1] = '\0'; + + SL_IRETURN(SL_EBADOTH, _("sl_trustfile")); + } + /* + * put the / back + */ + if (p == fexp) + { + /* special case for root */ + p[1] = c; + p++; + } + else + { + /* ordinary case for everything else */ + *p = c; + if (*p) + p++; + } + } + /* + * yes, it can be trusted + */ + (void) strncpy(tf_path, fexp, sizeof(tf_path)); + tf_path[sizeof(tf_path)-1] = '\0'; + + SL_IRETURN(SL_ENONE, _("sl_trustfile")); +} + +#ifdef TRUST_MAIN +int main (int argc, char * argv[]) +{ + int status; +#if defined(SH_WITH_SERVER) + struct passwd * pass; +#endif + + if (argc < 2) { + fprintf(stderr, "%s: Usage: %s \n", argv[0], argv[0]); + return 1; + } + + tf_path[0] = '\0'; +#if defined(SH_WITH_SERVER) + pass = sh_getpwnam(SH_IDENT); /* TESTONLY */ + if (pass != NULL) + tf_euid = pass->pw_uid; + else + { + fprintf(stderr, "trustfile: ERROR: getpwnam(%s) failed\n", + SH_IDENT); + return 1; + } +#else + tf_euid = geteuid(); +#endif + + status = sl_trustfile(argv[1], NULL, NULL); + if (status != SL_ENONE) + { + fprintf(stderr, "trustfile: ERROR: not a trusted path: %s\n", + argv[1]); + return 1; + } + return 0; +} +#endif + + + Index: /tags/2.5.0/src/yulectl.c =================================================================== --- /tags/2.5.0/src/yulectl.c (revision 189) +++ /tags/2.5.0/src/yulectl.c (revision 189) @@ -0,0 +1,646 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 2003 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +#include +#include +#include +#include +#include + +#include +#include + +#include +#include + +#include +#include + +#if !defined(AF_FILE) +#define AF_FILE AF_UNIX +#endif + +#define SH_MAXMSG 209 + +static int sock = -1; +static char * sockname = NULL; + +static char password[15] = ""; + +static int verbose = 0; + +#ifdef SH_STEALTH +char * globber(const char * string); +#define _(string) globber(string) +#define N_(string) string +#else +#define _(string) string +#define N_(string) string +#endif + +#ifdef SH_STEALTH +#ifndef SH_MAX_GLOBS +#define SH_MAX_GLOBS 32 +#endif +char * globber(const char * str) +{ + register int i, j; + static int count = -1; + static char glob[SH_MAX_GLOBS][128]; + + ++count; if (count > (SH_MAX_GLOBS-1) ) count = 0; + j = strlen(str); + if (j > 127) j = 127; + + for (i = 0; i < j; ++i) + { + if (str[i] != '\n' && str[i] != '\t') + glob[count][i] = str[i] ^ XOR_CODE; + else + glob[count][i] = str[i]; + } + glob[count][j] = '\0'; + return glob[count]; +} +#endif + +#define CLIENT _("yulectl") + + +int +make_named_socket (char * sockname) +{ + int sock; + +#if 0 + struct sockaddr_un name; + size_t size; +#else + (void) sockname; +#endif + + /* Create the socket. */ + + sock = socket (PF_UNIX, SOCK_STREAM, 0); + if (sock < 0) + { + perror (_("ERROR: socket")); + return -1; + } + +#if 0 + /* Bind a name to the socket. */ + name.sun_family = AF_FILE; + strcpy (name.sun_path, sockname); + + /* The size of the address is + the offset of the start of the filename, + plus its length, + plus one for the terminating null byte. */ + size = (offsetof (struct sockaddr_un, sun_path) + + strlen (name.sun_path) + 1); + + if (bind (sock, (struct sockaddr *) &name, size) < 0) + { + perror (_("ERROR: bind")); + return -1; + } +#endif + + return sock; +} + +void +termination_handler (int signum) +{ + /* Clean up. */ + if (signum != 0) + { + if (verbose) + fprintf(stdout, _("# Terminated on signal %d\n"), signum); + } +#if 0 + if (sockname != NULL) unlink (sockname); +#endif + if (sock >= 0 ) close (sock); + + return; +} + + +int send_to_server (char * serversock, char * message) +{ + struct sockaddr_un name; + /* size_t size; */ + int size; + int nbytes; + + /* Initialize the server socket address. + */ + name.sun_family = AF_UNIX; + strncpy (name.sun_path, serversock, sizeof(name.sun_path) - 1); + size = (offsetof (struct sockaddr_un, sun_path) + + strlen (name.sun_path) + 1); + + nbytes = connect(sock, (struct sockaddr *) & name, size); + if (nbytes < 0) + { + perror (_("ERROR: connect")); + return -1; + } + + /* Send the datagram. + nbytes = sendto (sock, message, strlen (message) + 1, 0, + (struct sockaddr *) & name, size); + */ + nbytes = send (sock, message, strlen (message) + 1, 0); + + if (nbytes < 0) + { + perror (_("ERROR: send")); + return -1; + } + return 0; +} + +static int getline_from_server (int sock, char * buf, int size) +{ + int nbytes = 0; + int status = 0; + char * p = buf; + + do { + status = read (sock, p, 1); + if (status <= 0) + { + buf[nbytes] = '\0'; + return ((status == 0) ? nbytes : status); + } + else if (*p == '\0') + { + return nbytes; + } + ++nbytes; ++p; + } while (nbytes < size); + buf[size-1] = '\0'; + return 0; +} + +int recv_from_server (char * message) +{ + int nbytes = 0; + char recvmsg[SH_MAXMSG]; + int num = 0; + int good = -1; + int islist = 0; + char * p; + + if (password[0] == '\0') + { + if (message[0] == 'L' && message[1] == 'I' && + message[2] == 'S' && message[3] == 'T') + { + islist = 1; + } + if (message[0] == 'P' && message[1] == 'R' && + message[2] == 'O' && message[3] == 'B' && message[4] == 'E' ) + { + islist = 1; + } + } + else + { + p = &message[strlen(password)+1]; + if (p[0] == 'L' && p[1] == 'I' && + p[2] == 'S' && p[3] == 'T') + { + islist = 1; + } + if (p[0] == 'P' && p[1] == 'R' && + p[2] == 'O' && p[3] == 'B' && p[4] == 'E' ) + { + islist = 1; + } + } + + if (islist == 1) + { + do { + /* + nbytes = recvfrom (sock, recvmsg, SH_MAXMSG, 0, NULL, 0); + */ + nbytes = getline_from_server (sock, recvmsg, SH_MAXMSG); + if (nbytes < 0) + { + if (errno == EAGAIN) + { + return 0; + } + else + { + perror (_("ERROR: recv")); + return -1; + } + } + else if (nbytes == 0) + { + return 0; + } + if (recvmsg[0] == 'E' && recvmsg[1] == 'N' && recvmsg[2] == 'D') + { + if (verbose && (num == 0)) + fprintf (stdout, _("# There are no pending commands.\n")); + return 0; + } + ++num; + fprintf (stdout, _("%03d: %s\n"), num, recvmsg); + } while (nbytes >= 0); + } + else + { + /* + nbytes = recvfrom (sock, recvmsg, SH_MAXMSG, 0, NULL, 0); + */ + nbytes = recv (sock, recvmsg, SH_MAXMSG, 0); + if (nbytes < 0) + { + perror (_("ERROR: recv")); + return -1; + } + } + + /* Print a diagnostic message. */ + if (password[0] == '\0') + { + good = strcmp (message, recvmsg); + } + else + { + good = strcmp (&message[strlen(password)+1], recvmsg); + } + + if (0 != good) + { + fprintf (stderr, _("ERROR: Bounced message != original message (possible reason: superfluous password).\n")); + return -1; + } + else + { + if (verbose) + fprintf (stdout, _("# Message received by server.\n")); + } + + return 0; +} + +void usage(char * name) +{ + printf(_("\nUsage : %s [-v][-s server_socket] -c command \n\n"), + name); + + printf(_("Purpose : send commands to the server via a socket,\n")); + printf(_(" in particular commands that the server would\n")); + printf(_(" transfer to the client when\n")); + printf(_(" this client connects to deliver a message.\n\n")); + printf(_(" If password is required, it is read from\n")); + printf(_(" $HOME/.yulectl_cred or taken from the environment\n")); + printf(_(" variable YULECTL_PASSWORD (not recommended).\n\n")); + + printf(_("Commands: RELOAD \n")); + printf(_(" STOP \n")); + printf(_(" CANCEL \n")); + printf(_(" LIST \n")); + printf(_(" LISTALL \n")); + printf(_(" PROBE \n")); + return; +} + +char * rtrim(char * str) +{ + size_t len; + + if (!str) + return str; + + len = strlen(str); + while (len > 0) + { + --len; + if (str[len] == '\n' || str[len] == '\r') + str[len] = '\0'; + else + break; + } + + return str; +} + +void fixup_message (char * message) +{ + char message2[SH_MAXMSG]; + char home[4096]; + FILE * fp; + struct passwd * pwent; + char * pw; + + pw = getenv(_("YULECTL_PASSWORD")); + if (pw && strlen(pw) < 15) + { + strcpy(password, pw); + strcpy(message2, password); + goto do_msg; + } + + pwent = getpwuid(geteuid()); + if ((pwent == 0) || (pwent->pw_dir == NULL)) + { + if (verbose) + fprintf (stderr, _("WARNING: no home directory for euid %ld\n"), + (long) geteuid()); + if (NULL != getenv(_("HOME"))) + { + strncpy(home, getenv(_("HOME")), 4096); + home[4095] = '\0'; + } + else + { + fprintf (stderr, _("ERROR: no home directory for euid %ld (tried $HOME and password database).\n"), (long) geteuid()); + exit(EXIT_FAILURE); + } + } + else + { + strncpy(home, pwent->pw_dir, 4096); + home[4095] = '\0'; + } + + if ( (strlen(home) + strlen(_("/.yulectl_cred")) + 1) > 4096) + { + fprintf (stderr, _("ERROR: path for $HOME is too long.\n")); + exit(EXIT_FAILURE); + } + strcat(home, _("/.yulectl_cred")); + fp = fopen(home, "r"); + if (fp == NULL) + { + if (verbose && (errno == ENOENT)) + fprintf (stdout, + _("# No password file (%s) exists\n"), + home); + else if (verbose) + fprintf (stdout, + _("# Password file (%s) not accessible for euid %ld uid %ld\n"), + home, (long)geteuid(), (long)getuid()); + return; + } + if (NULL == fgets(message2, sizeof(message2), fp)) + { + fprintf (stderr, + _("ERROR: empty or unreadable password file (%s).\n"), + home); + exit(EXIT_FAILURE); + } + + (void) rtrim(message2); + + if (strlen(message2) > 14) + { + fprintf (stderr, + _("ERROR: Password too long (max. 14 characters).\n")); + exit(EXIT_FAILURE); + } + + strcpy(password, message2); + fclose(fp); + + do_msg: + strcat(message2, "@"); + + strncat(message2, message, SH_MAXMSG - strlen(message2) -1); + message2[SH_MAXMSG-1] = '\0'; + strcpy(message, message2); + return; +} + + +int +main (int argc, char * argv[]) +{ + + char message[SH_MAXMSG] = ""; + char clientcd[1024]; + char serversock[256]; + int status, size; + int num = 1; + int flag = 0; + +#ifdef HAVE_VSNPRINTF + status = snprintf(serversock, 256, _("%s/%s.sock"), + DEFAULT_PIDDIR, SH_INSTALL_NAME); +#else + if ((strlen(DEFAULT_PIDDIR) + strlen(SH_INSTALL_NAME) + 1 + 6) > 256) + { + status = -1; + } + else + { + status = sprintf (serversock, _("%s/%s.sock"), + DEFAULT_PIDDIR, SH_INSTALL_NAME); + } +#endif + + if ((status < 0) || (status > 255)) + { + fprintf(stderr, _("ERROR: Path too long (maximum 255): %s/%s.sock\n"), + DEFAULT_PIDDIR, SH_INSTALL_NAME); + return (EXIT_FAILURE); + } + + while (argc > 1 && argv[num][0] == '-') + { + switch (argv[num][1]) + { + case 'h': + usage(argv[0]); + return (EXIT_SUCCESS); + + case 'v': + ++verbose; + break; + + case 's': + --argc; ++num; + if (argv[num] == NULL || argv[num][0] == '\0') { + usage(argv[0]); + fprintf(stderr, _("ERROR: -s: argument missing\n")); + return (EXIT_FAILURE); + } else { + if (strlen(argv[num]) > 255) + { + fprintf(stderr, _("ERROR: Path too long: %s\n"), argv[num]); + return (EXIT_FAILURE); + } + strncpy (serversock, argv[num], 256); + serversock[255] = '\0'; + } + break; + + case 'c': + --argc; ++num; + if (argv[num] == NULL || argv[num][0] == '\0') { + usage(argv[0]); + fprintf(stderr, _("ERROR: -c: argument missing\n")); + return (EXIT_FAILURE); + } else { + if (strlen(argv[num]) >= SH_MAXMSG) + { + fprintf(stderr, _("ERROR: Command too long: %s\n"), + argv[num]); + return (EXIT_FAILURE); + } + strncpy (message, argv[num], SH_MAXMSG); + message[SH_MAXMSG-1] = '\0'; + strncat(message, ":", SH_MAXMSG-strlen(message)-1); + message[SH_MAXMSG-1] = '\0'; + flag = 1; + } + break; + + default: + usage(argv[0]); + fprintf(stderr, _("ERROR: unknown option -%c\n"), argv[num][1]); + return (EXIT_FAILURE); + } + --argc; ++num; + } + + if (flag == 0) /* no command given */ + { + usage(argv[0]); + return (EXIT_FAILURE); + } + + if (argc > 1) + { + if (strlen(argv[num]) > (SH_MAXMSG - strlen(message) -1)) + { + fprintf(stderr, _("ERROR: Hostname too long: %s\n"), argv[num]); + return (EXIT_FAILURE); + } + strncat (message, argv[num], SH_MAXMSG -strlen(message) - 1); + message[SH_MAXMSG-1] = '\0'; + } + else + { + if (message[0] == 'P' && message[1] == 'R' && + message[2] == 'O' && message[3] == 'B' && message[4] == 'E' ) + { + strncat (message, _("dummy"), SH_MAXMSG -strlen(message) - 1); + message[SH_MAXMSG-1] = '\0'; + } + else if (message[0] == 'L' && message[1] == 'I' && + message[2] == 'S' && message[3] == 'T') + { + strncat (message, _("dummy"), SH_MAXMSG -strlen(message) - 1); + message[SH_MAXMSG-1] = '\0'; + } + else + { + fprintf(stderr, _("ERROR: this command requires a hostname\n")); + usage(argv[0]); + return (EXIT_FAILURE); + } + } + + fixup_message(message); + + /* OpenBSD wants >= 1024 + */ + if (NULL == getcwd(clientcd, 1024)) + { + perror(_("ERROR: getcwd")); + return (EXIT_FAILURE); + } + size = strlen(clientcd) + 1 + strlen(CLIENT) + 6; + sockname = malloc (size); + if (!sockname) + { + perror(_("ERROR: main: malloc")); + return (EXIT_FAILURE); + } +#ifdef HAVE_VSNPRINTF + snprintf(sockname, size, _("%s/%s.sock"), clientcd, CLIENT); +#else + sprintf(sockname, _("%s/%s.sock"), clientcd, CLIENT); +#endif + + /* Make the socket. + */ + sock = make_named_socket (sockname); + if (sock < 0) + { + return (EXIT_FAILURE); + } + + /* Set up termination handler. + */ + signal (SIGINT, termination_handler); + signal (SIGHUP, termination_handler); + signal (SIGTERM, termination_handler); + signal (SIGQUIT, termination_handler); + + /* Send the datagram. + */ + status = send_to_server (serversock, message); + if (status < 0) + { + fprintf(stderr, _("ERROR: sending command to server failed\n")); + (void) termination_handler(0); + return (EXIT_FAILURE); + } + + /* Wait for a reply. + */ + if (message[0] == 'L' && message[1] == 'I' && + message[2] == 'S' && message[3] == 'T') + { + if (verbose) + fprintf(stdout, _("# Waiting for listing.\n")); + } + else + { + if (verbose) + fprintf(stdout, _("# Waiting for confirmation.\n")); + } + status = recv_from_server (message); + + if (status < 0) + { + fprintf(stderr, _("ERROR: receiving data from server failed.\n")); + (void) termination_handler(0); + return (EXIT_FAILURE); + } + + /* Clean up. */ + (void) termination_handler(0); + return (EXIT_SUCCESS); +} + Index: /tags/2.5.0/src/zAVLTree.c =================================================================== --- /tags/2.5.0/src/zAVLTree.c (revision 189) +++ /tags/2.5.0/src/zAVLTree.c (revision 189) @@ -0,0 +1,495 @@ +/* + * zAVLTree.c: Source code for zAVLTrees. + * Copyright (C) 1998,2001 Michael H. Buselli + * This is version 0.1.3 (alpha). + * Generated from $Id: xAVLTree.c.sh,v 1.5 2001/06/07 06:58:28 cosine Exp $ + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with this library; if not, write to the Free + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * The author of this library can be reached at the following address: + * Michael H. Buselli + * 30051 N. Waukegan Rd. Apt. 103 + * Lake Bluff, IL 60044-5412 + * + * Or you can send email to . + * The official web page for this product is: + * http://www.cosine.org/project/AVLTree/ + */ + +#include +#include +#include "zAVLTree.h" + +/* Wed Nov 23 17:57:42 CET 2005 rw: introduce third argument in + * zAVLCloseSearchNode() to avoid redundant strcmp + */ +static zAVLNode *zAVLCloseSearchNode (zAVLTree const *avltree, zAVLKey key, + int * ok); +static void zAVLRebalanceNode (zAVLTree *avltree, zAVLNode *avlnode); +static void zAVLFreeBranch (zAVLNode *avlnode, void (freeitem)(void *item)); +static void zAVLFillVacancy (zAVLTree *avltree, + zAVLNode *origparent, zAVLNode **superparent, + zAVLNode *left, zAVLNode *right); + +#define MAX(x, y) ((x) > (y) ? (x) : (y)) +#define MIN(x, y) ((x) < (y) ? (x) : (y)) +#define L_DEPTH(n) ((n)->left ? (n)->left->depth : 0) +#define R_DEPTH(n) ((n)->right ? (n)->right->depth : 0) +#define CALC_DEPTH(n) (MAX(L_DEPTH(n), R_DEPTH(n)) + 1) + +#define ZAVL_OK 1 +#define ZAVL_NO 0 + + +/* + * AVLAllocTree: + * Allocate memory for a new AVL tree and set the getkey function for + * that tree. The getkey function should take an item and return an + * AVLKey that is to be used for indexing this object in the AVL tree. + * On success, a pointer to the malloced AVLTree is returned. If there + * was a malloc failure, then NULL is returned. + */ +zAVLTree *zAVLAllocTree (zAVLKey (*getkey)(void const *item)) +{ + zAVLTree *rc; + + rc = malloc(sizeof(zAVLTree)); + if (rc == NULL) + return NULL; + + rc->top = NULL; + rc->count = 0; + rc->getkey = getkey; + return rc; +} + + +/* + * AVLFreeTree: + * Free all memory used by this AVL tree. If freeitem is not NULL, then + * it is assumed to be a destructor for the items reference in the AVL + * tree, and they are deleted as well. + */ +void zAVLFreeTree (zAVLTree *avltree, void (freeitem)(void *item)) +{ + if (NULL == avltree) /* R.W. Mon Nov 19 21:15:44 CET 2001 */ + return; + if (avltree->top) + zAVLFreeBranch(avltree->top, freeitem); + free(avltree); +} + + +/* + * AVLInsert: + * Create a new node and insert an item there. + * + * Returns 0 on success, + * -1 on malloc failure, + * 3 if duplicate key. + */ +int zAVLInsert (zAVLTree *avltree, void *item) +{ + zAVLNode *newnode; + zAVLNode *node; + zAVLNode *balnode; + zAVLNode *nextbalnode; + int ok; + + newnode = malloc(sizeof(zAVLNode)); + if (newnode == NULL) + return -1; + + newnode->key = avltree->getkey(item); + newnode->item = item; + newnode->depth = 1; + newnode->left = NULL; + newnode->right = NULL; + newnode->parent = NULL; + + if (avltree->top != NULL) { + node = zAVLCloseSearchNode(avltree, newnode->key, &ok); + + if (ok == ZAVL_OK) { /* exists already */ + free(newnode); + return 3; + } + + newnode->parent = node; + + if (zAVLKey_cmp(avltree, newnode->key, node->key) < 0) { + node->left = newnode; + node->depth = CALC_DEPTH(node); + } + + else { + node->right = newnode; + node->depth = CALC_DEPTH(node); + } + + for (balnode = node->parent; balnode; balnode = nextbalnode) { + nextbalnode = balnode->parent; + zAVLRebalanceNode(avltree, balnode); + } + } + + else { + avltree->top = newnode; + } + + avltree->count++; + return 0; +} + + +/* + * zAVLSearch: + * Return a pointer to the item with the given key in the AVL tree. If + * no such item is in the tree, then NULL is returned. + */ +void *zAVLSearch (zAVLTree const *avltree, zAVLKey key) +{ + zAVLNode *node; + int ok; + + if (NULL == avltree) /* R.W. Mon Nov 19 21:15:44 CET 2001 */ + return NULL; + + node = zAVLCloseSearchNode(avltree, key, &ok); + + if (node && ok == ZAVL_OK) + return node->item; + + return NULL; +} + + +/* + * zAVLDelete: + * Deletes the node with the given key. Does not delete the item at + * that key. Returns 0 on success and -1 if a node with the given key + * does not exist. + */ +int zAVLDelete (zAVLTree *avltree, zAVLKey key) +{ + zAVLNode *avlnode; + zAVLNode *origparent; + zAVLNode **superparent; + int ok; + + avlnode = zAVLCloseSearchNode(avltree, key, &ok); + if (avlnode == NULL || ok == ZAVL_NO) /* does not exist */ + return -1; + + origparent = avlnode->parent; + + if (origparent) { + if (zAVLKey_cmp(avltree, avlnode->key, avlnode->parent->key) < 0) + superparent = &(avlnode->parent->left); + else + superparent = &(avlnode->parent->right); + } + else + superparent = &(avltree->top); + + zAVLFillVacancy(avltree, origparent, superparent, + avlnode->left, avlnode->right); + free(avlnode); + avltree->count--; + return 0; +} + + +/* + * zAVLFirst: + * Initializes an zAVLCursor object and returns the item with the lowest + * key in the zAVLTree. + */ +void *zAVLFirst (zAVLCursor *avlcursor, zAVLTree const *avltree) +{ + const zAVLNode *avlnode; + + if (NULL == avltree) /* R.W. Mon Nov 19 21:15:44 CET 2001 */ + return NULL; + + avlcursor->avltree = avltree; + + if (avltree->top == NULL) { + avlcursor->curnode = NULL; + return NULL; + } + + for (avlnode = avltree->top; + avlnode->left != NULL; + avlnode = avlnode->left); + avlcursor->curnode = avlnode; + return avlnode->item; +} + + +/* + * zAVLNext: + * Called after an zAVLFirst() call, this returns the item with the least + * key that is greater than the last item returned either by zAVLFirst() + * or a previous invokation of this function. + */ +void *zAVLNext (zAVLCursor *avlcursor) +{ + const zAVLNode *avlnode; + + avlnode = avlcursor->curnode; + + if (avlnode->right != NULL) { + for (avlnode = avlnode->right; + avlnode->left != NULL; + avlnode = avlnode->left); + avlcursor->curnode = avlnode; + return avlnode->item; + } + + while (avlnode->parent && avlnode->parent->left != avlnode) { + avlnode = avlnode->parent; + } + + if (avlnode->parent == NULL) { + avlcursor->curnode = NULL; + return NULL; + } + + avlcursor->curnode = avlnode->parent; + return avlnode->parent->item; +} + + +/* + * zAVLCloseSearchNode: + * Return a pointer to the node closest to the given key. + * Returns NULL if the AVL tree is empty. + */ +static zAVLNode *zAVLCloseSearchNode (zAVLTree const *avltree, zAVLKey key, + int * ok) +{ + zAVLNode *node; + + *ok = ZAVL_NO; + + node = avltree->top; + + if (!node) + return NULL; + + for (;;) { + if (!zAVLKey_cmp(avltree, node->key, key)) + { + *ok = ZAVL_OK; + return node; + } + + if (zAVLKey_cmp(avltree, node->key, key) < 0) { + if (node->right) + node = node->right; + else + return node; + } + + else { + if (node->left) + node = node->left; + else + return node; + } + } +} + + +/* + * zAVLRebalanceNode: + * Rebalances the AVL tree if one side becomes too heavy. This function + * assumes that both subtrees are AVL trees with consistant data. This + * function has the additional side effect of recalculating the depth of + * the tree at this node. It should be noted that at the return of this + * function, if a rebalance takes place, the top of this subtree is no + * longer going to be the same node. + */ +static void zAVLRebalanceNode (zAVLTree *avltree, zAVLNode *avlnode) +{ + long depthdiff; + zAVLNode *child; + zAVLNode *gchild; + zAVLNode *origparent; + zAVLNode **superparent; + + origparent = avlnode->parent; + + if (origparent) { + if (zAVLKey_cmp(avltree, avlnode->key, avlnode->parent->key) < 0) + superparent = &(avlnode->parent->left); + else + superparent = &(avlnode->parent->right); + } + else + superparent = &(avltree->top); + + depthdiff = R_DEPTH(avlnode) - L_DEPTH(avlnode); + + if (depthdiff <= -2) { + child = avlnode->left; + + if (L_DEPTH(child) >= R_DEPTH(child)) { + avlnode->left = child->right; + if (avlnode->left != NULL) + avlnode->left->parent = avlnode; + avlnode->depth = CALC_DEPTH(avlnode); + child->right = avlnode; + if (child->right != NULL) + child->right->parent = child; + child->depth = CALC_DEPTH(child); + *superparent = child; + child->parent = origparent; + } + + else { + gchild = child->right; + avlnode->left = gchild->right; + if (avlnode->left != NULL) + avlnode->left->parent = avlnode; + avlnode->depth = CALC_DEPTH(avlnode); + child->right = gchild->left; + if (child->right != NULL) + child->right->parent = child; + child->depth = CALC_DEPTH(child); + gchild->right = avlnode; + if (gchild->right != NULL) + gchild->right->parent = gchild; + gchild->left = child; + if (gchild->left != NULL) + gchild->left->parent = gchild; + gchild->depth = CALC_DEPTH(gchild); + *superparent = gchild; + gchild->parent = origparent; + } + } + + else if (depthdiff >= 2) { + child = avlnode->right; + + if (R_DEPTH(child) >= L_DEPTH(child)) { + avlnode->right = child->left; + if (avlnode->right != NULL) + avlnode->right->parent = avlnode; + avlnode->depth = CALC_DEPTH(avlnode); + child->left = avlnode; + if (child->left != NULL) + child->left->parent = child; + child->depth = CALC_DEPTH(child); + *superparent = child; + child->parent = origparent; + } + + else { + gchild = child->left; + avlnode->right = gchild->left; + if (avlnode->right != NULL) + avlnode->right->parent = avlnode; + avlnode->depth = CALC_DEPTH(avlnode); + child->left = gchild->right; + if (child->left != NULL) + child->left->parent = child; + child->depth = CALC_DEPTH(child); + gchild->left = avlnode; + if (gchild->left != NULL) + gchild->left->parent = gchild; + gchild->right = child; + if (gchild->right != NULL) + gchild->right->parent = gchild; + gchild->depth = CALC_DEPTH(gchild); + *superparent = gchild; + gchild->parent = origparent; + } + } + + else { + avlnode->depth = CALC_DEPTH(avlnode); + } +} + + +/* + * zAVLFreeBranch: + * Free memory used by this node and its item. If the freeitem argument + * is not NULL, then that function is called on the items to free their + * memory as well. In other words, the freeitem function is a + * destructor for the items in the tree. + */ +static void zAVLFreeBranch (zAVLNode *avlnode, void (freeitem)(void *item)) +{ + if (avlnode->left) + zAVLFreeBranch(avlnode->left, freeitem); + if (avlnode->right) + zAVLFreeBranch(avlnode->right, freeitem); + if (freeitem) + freeitem(avlnode->item); + free(avlnode); +} + + +/* + * zAVLFillVacancy: + * Given a vacancy in the AVL tree by it's parent, children, and parent + * component pointer, fill that vacancy. + */ +static void zAVLFillVacancy (zAVLTree *avltree, + zAVLNode *origparent, zAVLNode **superparent, + zAVLNode *left, zAVLNode *right) +{ + zAVLNode *avlnode; + zAVLNode *balnode; + zAVLNode *nextbalnode; + + if (left == NULL) { + if (right) + right->parent = origparent; + + *superparent = right; + balnode = origparent; + } + + else { + for (avlnode = left; avlnode->right != NULL; avlnode = avlnode->right); + + if (avlnode == left) { + balnode = avlnode; + } + else { + balnode = avlnode->parent; + balnode->right = avlnode->left; + if (balnode->right != NULL) + balnode->right->parent = balnode; + avlnode->left = left; + left->parent = avlnode; + } + + avlnode->right = right; + if (right != NULL) + right->parent = avlnode; + *superparent = avlnode; + avlnode->parent = origparent; + } + + for (; balnode; balnode = nextbalnode) { + nextbalnode = balnode->parent; + zAVLRebalanceNode(avltree, balnode); + } +} Index: /tags/2.5.0/test/test.sh =================================================================== --- /tags/2.5.0/test/test.sh (revision 189) +++ /tags/2.5.0/test/test.sh (revision 189) @@ -0,0 +1,799 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +# ----------------------------------------------------------------------- +# Be Bourne compatible +# ----------------------------------------------------------------------- + +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi + +# ----------------------------------------------------------------------- +# Make sure we support functions (from the autoconf manual) +# ----------------------------------------------------------------------- + +TSHELL="${TSHELL-/bin/sh}" +if test x"$1" = "x--re-executed" +then + shift +elif "$TSHELL" -c 'foo () { (exit 0); exit 0; }; foo' >/dev/null 2>&1 +then + : +else + for cmd in sh bash ash bsh ksh zsh sh5; do + X="$PATH:/bin:/usr/bin:/usr/afsws/bin:/usr/ucb:/usr/xpg4/bin"; + OLD_IFS=${IFS} + IFS=':'; export IFS + for dir in $X; do + shell="$dir/$cmd" + if (test -f "$shell" || test -f "$shell.exe") + then + if "$shell" -c 'foo () { (exit 0); exit 0; }; foo' >/dev/null 2>&1 + then + TSHELL="$shell"; export TSHELL + IFS=${OLD_IFS}; export IFS + exec "$shell" "$0" --re-executed ${1+"$@"} + fi + fi + done + IFS=${OLD_IFS}; export IFS + done + echo "-----------------------------------------------------------------" + echo "ERROR: Unable to locate a shell interpreter with function support" >&2 + echo "-----------------------------------------------------------------" + { (exit 1); exit 1; } +fi + +# ----------------------------------------------------------------------- +# Make sure we support 'let' (from the autoconf manual) +# ----------------------------------------------------------------------- + +TSHELL="${TSHELL-/bin/sh}" +if test x"$1" = "x--re-run" +then + shift +elif "$TSHELL" -c 'a=5; let "a = a + 5"' >/dev/null 2>&1 +then + : +else + for cmd in sh bash ash bsh ksh zsh sh5; do + X="$PATH:/bin:/usr/bin:/usr/afsws/bin:/usr/ucb:/usr/xpg4/bin"; + OLD_IFS=${IFS} + IFS=':'; export IFS + for dir in $X; do + shell="$dir/$cmd" + if (test -f "$shell" || test -f "$shell.exe") + then + if "$shell" -c 'foo () { (exit 0); exit 0; }; foo' >/dev/null 2>&1 + then + if "$shell" -c 'a=5; let "a = a + 5"' >/dev/null 2>&1 + then + TSHELL="$shell"; export TSHELL + IFS=${OLD_IFS}; export IFS + exec "$shell" "$0" --re-run ${1+"$@"} + fi + fi + fi + done + IFS=${OLD_IFS}; export IFS + done + echo "-----------------------------------------------------------------" + echo "ERROR: Unable to locate a shell interpreter with support for 'let'" >&2 + echo "-----------------------------------------------------------------" + { (exit 1); exit 1; } +fi + + +umask 0022 + +isok=`test -t 1 2>&1 | wc -c` +if [ "$isok" -eq 0 ]; then + test -t 1 + isok=$? +fi + +# The following two are the ANSI sequences for start and end embolden +if [ x"$isok" = x0 ]; then + case $TERM in + vt*|ansi*|con*|xterm*|linux*|screen*|rxvt*) + S='' + R= + G= + B= + E= + ;; + *) + S= + R= + G= + B= + E= + ;; + esac +fi + + +usage() { + echo "test.sh [options] [hostname]" + echo " [-q|--quiet|-v|--verbose] [-s|--stoponerr] [-n|--no-cleanup]" + echo " [--srcdir=top_srcdir] [--color=always|never|auto]" + echo + echo " ${S}test.sh 1${E} -- Compile with many different options" + echo " ${S}test.sh 2${E} -- Hash function (testrc_1)" + echo " ${S}test.sh 3${E} -- Standalone init/check" + echo " ${S}test.sh 4${E} -- Microstealth init/check" + echo " ${S}test.sh 5${E} -- External program call (testrc_1ext.in)" + echo " ${S}test.sh 6${E} -- Controlling the daemon" + echo " ${S}test.sh 7${E} -- GnuPG signed files / prelude log" + echo " ${S}test.sh 8${E} -- Suidcheck" + echo " ${S}test.sh 9${E} -- Process check" + echo " ${S}test.sh 10${E} -- Port check" + + echo " ${S}test.sh 20${E} -- Test c/s init/check (testrc_2.in)" + echo " ${S}test.sh 21${E} -- Test full c/s init/check (testrc_2.in)" + echo " ${S}test.sh 22${E} -- Test full c/s w/gpg (testrc_2.in)" + echo " ${S}test.sh 23${E} -- Test full c/s w/mysql (testrc_2.in)" + echo " ${S}test.sh 24${E} -- Test full c/s w/postgres (testrc_2.in)" + echo " ${S}test.sh all${E} -- All tests" +} +scripts () { + echo + echo "Scripts used by tests:" + echo " (1) testcompile.sh (2) testhash.sh (3) testrun_1.sh (4) testrun_1a.sh" + echo " (5) testext.sh (6) testtimesrv.sh (7) testrun_1b.sh (8) testrun_1c.sh" + echo " (9) testrun_1d.sh (10) testrun_1e.sh" + echo " (20) testrun_2.sh (21) testrun_2a.sh (22) testrun_2b.sh (23) testrun_2c.sh" + echo " (24) testrun_2d.sh" +} + +# +# Option parsing +# +verbose= +quiet= +stoponerr= +color=auto +cleanup=on +doall= +usevalgrind= + +while [ $# -gt 0 ] +do + case "$1" in + -h|--help) usage; exit 0;; + --scripts) usage; scripts; exit 0;; + -v|--verbose) verbose=on; quiet= ;; + -q|--quiet) quiet=on; verbose= ;; + -s|--stoponerr) stoponerr=on;; + -n|--no-cleanup) cleanup= ;; + --really-all) doall=on;; + --valgrind) usevalgrind=on;; + --srcdir=*) TOP_SRCDIR=`echo $1 | sed s,--srcdir=,,`; export TOP_SRCDIR;; + --color=*) + arg=`echo $1 | sed s,--color=,,` + case $arg in + auto) ;; + never|none|no) + S= + R= + G= + B= + E= + ;; + always|yes) + S='' + R= + G= + G= + E= + ;; + *) echo "Invalid argument $1"; exit 1;; + esac + ;; + -*) echo "Invalid argument $1"; exit 1;; + *) break;; + esac + shift +done + +export verbose +export quiet +export stoponerr +export cleanup +export doall +export S; export R; export G; export B; export E; + +SCRIPTDIR=. + +# +# 'make test' will copy the 'test' subdirectory and replace TEST_SRCDIR +# +TEST_SRCDIR="XXXSRCXXX"; +if test "x${TOP_SRCDIR}" = x; then + # not within source tree, and not called with 'make testN' + if test -f "${TEST_SRCDIR}/src/samhain.c"; then + TOP_SRCDIR="${TEST_SRCDIR}"; export TOP_SRCDIR + if test -f test/testcompile.sh; then + SCRIPTDIR=test + fi + # not within source tree, not called by 'make', and in 'test' subdir + elif test -f "../${TEST_SRCDIR}/src/samhain.c"; then + cd .. + SCRIPTDIR=test + TOP_SRCDIR="${TEST_SRCDIR}"; export TOP_SRCDIR + # within source tree, and not called with 'make testN' + else + if test -f ../src/samhain.c; then + cd .. + SCRIPTDIR=test + TOP_SRCDIR=. + export TOP_SRCDIR + elif test -f ./src/samhain.c; then + SCRIPTDIR=test + TOP_SRCDIR=. + export TOP_SRCDIR + else + echo "Please use --srcdir=DIR, where DIR should be the" + echo "top directory in the samhain source tree." + exit 1 + fi + fi +else + # called by make, or with --srcdir=TOP_SRCDIR + if test -f "${TOP_SRCDIR}/src/samhain.c"; then + SCRIPTDIR="${TOP_SRCDIR}/test" + elif test -f "../${TOP_SRCDIR}/src/samhain.c"; then + cd ..; SCRIPTDIR="${TOP_SRCDIR}/test" + else + echo "Please use --srcdir=DIR, where DIR should be the" + echo "top directory in the samhain source tree." + exit 1 + fi +fi + +export SCRIPTDIR + +PW_DIR=`pwd`; export PW_DIR + +# +# group/world writeable will cause problems +# +chmod go-w . +# +# +# +if test x$UID != x -a x$UID != x0; then + TRUST="--with-trusted=0,2,$UID" +else + TRUST="--with-trusted=0,2,1000" +fi +export TRUST +# +# find a good 'make' +# +MAKE=`which gmake` +if test "x$?" = x1 ; then + MAKE="make -s -j 3" +else + MAKE=`which gmake | sed -e "s%\([a-z:]\) .*%\1%g"` + if test "x$MAKE" = x; then + MAKE="make -s" + elif test "x$MAKE" = xno; then + MAKE="make -s" + else + if test "x$MAKE" = "xwhich:"; then + MAKE="make -s" + else + MAKE="gmake -s" + gmake -v >/dev/null 2>&1 || MAKE="make -s" + fi + fi +fi +export MAKE + +failcount=0 +okcount=0 +skipcount=0 +global_count=0 +last_count=0 + +# args: #test, #total, status, optional msg +log_msg () +{ + if [ x"$COLUMNS" != x ]; then + TERMWIDTH=$COLUMNS + elif [ x"$COLS" != x ]; then + TERMWIDTH=$COLS + else + TERMWIDTH=80 + fi + cols=66; + # + if [ $1 -eq 0 ]; then + msg=" ${4}" + else + if [ ${1} -eq 1 ]; then + global_count=${last_count} + fi + let "v = $1 + global_count" >/dev/null + last_count=${v} + dd=''; if [ $v -lt 10 ]; then dd=" "; fi + dt=''; if [ $2 -lt 10 ]; then dt=" "; fi + if [ -z "$4" ]; then + msg=" test ${dd}${v}/${dt}${2}" + else + msg=" test ${dd}${v}/${dt}${2} ${4}" + fi + fi + # + if [ x"$3" = xfailure ]; then + ccode=$R + elif [ x"$3" = xsuccess ]; then + ccode=$G + else + ccode=$B + fi + if [ -z "${R}" ]; then + echo " [${3}] ${msg}" + else + # len=${#...} is not bourne shell + # also, need to account for terminal control sequences + len=`echo "$msg" | awk '/1;30m/ { print length()-10; }; !/1;30m/ { print length();}'` + let "cols = cols - len" >/dev/null + if [ $cols -ge 0 ]; then + moveto='['$cols'C' + echo "${msg}${moveto}${ccode}[${3}]${E}" + else + echo "${msg}${ccode}[${3}]${E}" + fi + fi +} + +log_fail () { + [ -z "$quiet" ] && log_msg "$1" "$2" failure "$3"; + let "failcount = failcount + 1" >/dev/null; + test -z "$stoponerr" || exit 1; +} +log_ok () { + [ -z "$quiet" ] && log_msg "$1" "$2" success "$3"; + let "okcount = okcount + 1" >/dev/null; +} +log_skip () { + [ -z "$quiet" ] && log_msg "$1" "$2" skipped "$3"; + let "skipcount = skipcount + 1" >/dev/null; +} + +log_msg_fail () { log_msg 0 0 failure "$1"; } +log_msg_ok () { log_msg 0 0 success "$1"; } +log_msg_skip () { log_msg 0 0 skipped "$1"; } + +log_start () { + if [ -z "$quiet" ]; then + echo; + echo "${S}__ START TEST ${1} __${E}"; + echo; + fi +} +log_end () { + if [ -n "$verbose" ]; then + echo; + echo "${S}__ END TEST ${1} __${E}"; + echo; + fi +} + +# This looks silly, but with solaris10/i386 on vmware, +# 'sleep' occasionally does not sleep... + +one_sec_sleep () { + onesdate=`date` + onestest=0 + while [ $onestest -eq 0 ]; do + sleep 1 + twosdate=`date` + if [ "x$twosdate" = "x$onesdate" ]; then + onestest=0 + else + onestest=1 + fi + done +} + +five_sec_sleep () { + for f in 1 2 3 4 5; do + one_sec_sleep + done +} + +do_cleanup () { + rm -f testrc_1.dyn + rm -f testrc_2 + rm -f testrc_22 + rm -f ./.samhain_file + rm -f ./.samhain_log* + rm -f ./.samhain_lock* + test -d testrun_testdata && chmod -f -R 0700 testrun_testdata + test -d .quarantine && rm -rf .quarantine + rm -rf testrun_testdata + rm -f test_log_db + rm -f test_log_prelude + rm -f test_log_valgrind* + rm -f test_log_yulectl + rm -f yule.html + rm -f yule.html2 + rm -f test_dnmalloc +} + +print_summary () +{ + # let "gcount = okcount + skipcount + failcount" >/dev/null; + gcount=$MAXTEST; + let "failcount = gcount - okcount - skipcount" >/dev/null; + + [ -z "$quiet" ] && { + echo + echo "__ ${S}Tests: ${gcount} Ok: ${okcount} Skipped: ${skipcount} Failed: ${failcount}${E}" + } + if [ $failcount -eq 0 ]; then + [ -z "$quiet" ] && { echo "__ ${G}All tests passed successfully.${E}"; echo; } + elif [ $failcount -eq 1 ]; then + [ -z "$quiet" ] && { echo "__ ${R}There was 1 failure.${E}"; echo; } + else + [ -z "$quiet" ] && { echo "__ ${R}There were $failcount failures.${E}"; echo; } + fi + [ -z "$cleanup" ] || do_cleanup; +} + +find_path () { ( + save_IFS=$IFS; IFS=: + + for dir in $PATH; do + IFS=$as_save_IFS + test -z "$dir" && dir=. + if test -f "$dir/$1"; then + echo "$dir/$1"; + break; + fi + done + IFS=${save_IFS}; +); } + +find_hostname () { + + uname -a | grep Linux >/dev/null + if [ $? -eq 0 ]; then + tmp=`hostname -f 2>/dev/null` + if [ $? -ne 0 ]; then + tmp=`hostname 2>/dev/null` + fi + else + tmp=`hostname 2>/dev/null` + fi + if [ -z "$tmp" ]; then + tmp="localhost" + fi + # + # first one is hostname, others are aliases + # + tmp2=`cat /etc/hosts | egrep "^ *[0123456789].* $tmp" | awk '{ print $2 }'` + if [ -z "$tmp2" ]; then + echo "$tmp" + else + echo "$tmp2" + fi +} + +rm -f ./test_log + +# first one is hostname, others are aliases +# +hostname=`cat /etc/hosts | egrep "^ *127.0.0.1" | awk '{ print $2 }'` +if [ x"$hostname" = xlocalhost ]; then + hostname="127.0.0.1" +fi + +# Seems that 'valgrind' causes random hangs :-( +# +if [ -z "$usevalgrind" ]; then + VALGRIND= +else + VALGRIND=`find_path valgrind`; +fi +[ -z "$VALGRIND" ] || { + VALGRIND="$VALGRIND --quiet --tool=memcheck --suppressions=.test.supp"; + export VALGRIND; + [ -z "$verbose" ] || log_msg_ok "using valgrind" +cat > ".test.supp" </dev/null + . ${SCRIPTDIR}/testhash.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_1.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_1a.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testext.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testtimesrv.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_1b.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_1c.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_1d.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_1e.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_2.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_2a.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_2b.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_2c.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_2d.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + # + # ${SCRIPTDIR}/testtimesrv.sh + # ${SCRIPTDIR}/testrun_1b.sh + # ${SCRIPTDIR}/testrun_2.sh $2 + # ${SCRIPTDIR}/testrun_2a.sh $2 + # + MAXTEST=${TEST_MAX}; export MAXTEST + testcompile + testhash + # + . ${SCRIPTDIR}/testrun_1.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun1 + # + . ${SCRIPTDIR}/testrun_1a.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun1a + # + testext0 + # + . ${SCRIPTDIR}/testtimesrv.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testtime0 + # + . ${SCRIPTDIR}/testrun_1b.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun1b + # + . ${SCRIPTDIR}/testrun_1.sh + . ${SCRIPTDIR}/testrun_1c.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun1c + # + . ${SCRIPTDIR}/testrun_1.sh + . ${SCRIPTDIR}/testrun_1d.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun1d + # + . ${SCRIPTDIR}/testrun_1.sh + . ${SCRIPTDIR}/testrun_1e.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun1e + # + . ${SCRIPTDIR}/testrun_2.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun2 $hostname + # + . ${SCRIPTDIR}/testrun_2a.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun2a $hostname + # + . ${SCRIPTDIR}/testrun_2b.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun2b $hostname + # + . ${SCRIPTDIR}/testrun_2c.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun2c $hostname + # + . ${SCRIPTDIR}/testrun_2d.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun2d $hostname + # + print_summary + exit 0 +fi + +usage; + +exit 1; + +# gpg -a --clearsign --not-dash-escaped testrc.gpg +# gpg -a --clearsign --not-dash-escaped .samhain_file +# tar czvf foo.tgz testrc.gpg.asc .samhain_file.asc +# cat foo.tgz >>test/test.sh + +__ARCHIVE_FOLLOWS__ +‹£ÉúDí•ÏoãDÇœ UbN\'€‘8*Û:IӔJ‘pãÔ-›ŠùєBU!o2M +þ‘z&éf/ˆ‚#§šgGâßa%7U$ĉHš‡U{àÚš +ã$M¶Ûª‚.¬4Ù +ϛ™÷Þ×3ž!39•Î€§dœänž2;3ã”.Ÿ—ïÕ]ýzïÕëóq.~Æ7ëqû\³ +môž< +äo'q²˜È&„œ)+:2¯ê‡L| +Ÿ˜aù’p×a!(-‡aDŠÀø²Šp% +R°×–dŒ3ãK‚ +„ +"ÒZ'å +JÍÃOŒ,ÔJAIÏF$H +˜CŠ²‡dGÁPCËiØ1•ûY‚ðØVTäŸF$ ÀÛP74‘¬ªyši§ ¿iG(«š LgeS։ƒzGLÀŠd{ŠžéEgÀˆËi:K9%‰ðˆi‡ú­kIє‚9€“8r&ù-pþ–  +x’ŸŽ™\㊒S«ºš·ž'4nœÈöo +ËiÝ0QØÐÑžýâc]Ö_PUÿžlêCs?$ýT÷Ð(*&ö+ú¶1Ž„e:ý‘`“&³VdE=o¥ãušyhèÇÈcuÄÖë1•‹׏6WœÜ¢Œ4C§ÝhTâä•ÜAÉ/Ö +ù]nÞ1ÆP2kbÅÐCԁêwõŒ!ÃÈô:Íò †2†I³ª*"B„~ºF@Àñƒ³ÚÝ®ü=§Î +®.npÉ +Ö±Áâ]GœhóƒšsM¹§Œð])œ˜)zöÁ{(✾] +NâUi—×òÂKùÔ'|ÄÇp4çÑøûá{Þ¹ð¯GCº›V–}ÑtE4w¬ðáXÄ÷0ê‘Ð +ˆŠ)Xöÿ¶DU÷ †ÅËÒû¯n +ËÚÝú>sþ[:®ÙÿÝ^Þ{ŸÿÏxœ^gÿ÷¹ÙþÿBx1ûÿO¿üÐùœý˜¯œ:žÃ +œ_y>¬‰^ýËïOE§,>/G)ŒÀÑö7žîÑÑÙ³ú.µ>>é>ý£[p.®|Cèðýã³'à.(|u¹œ;ô.§&žý;ýú[?öÓÿî›øXù\9Žýfr +ݧ +nÁ¹žN­Z­•ÊõÃÃfѶËõR§]Žª¥b»Ø²Ú +ë°T¬5:õF±TkÚ­Ž]ÈÙÿíèôìôQÉ79î끚ǭŸ(øhŒ|®šÏÑš(»\Ž¬b«}xPjV«õZµa7êµJŲJ•r»b[Tfë VªÖ+TߏÎN®Ñ$Ñu‡?ì×OšÊߟ³à”’Œp¥&ÚïhjØ +«ÒŽ«õN˲[Z³U/µ*õš]?,µ*öA£ZîXV¥n7;É:=îþùë“cg®žúrR ZþÅS\%c§ž7„{¢äâI`nÝ+ +ž‡©D@ÌMûB‰˜gÝéœEa-’^ú|7¢EgƒædFü8(íFdLOñɄ +ûŸâ +ƒÁ`0 +ƒÁ`0 +ƒÁ`0 +FŸ¿ès(( Index: /tags/2.5.0/test/test_ext.c.in =================================================================== --- /tags/2.5.0/test/test_ext.c.in (revision 189) +++ /tags/2.5.0/test/test_ext.c.in (revision 189) @@ -0,0 +1,33 @@ +#include +#include +#include +#include +#include +#include + +int main () +{ + char line[256]; + int flags; + FILE * foo = fopen ("MYPWDIR", "a"); + + flags = fcntl(STDIN_FILENO, F_GETFL); + fcntl(STDIN_FILENO, F_SETFL, flags|O_NONBLOCK); + + xagain: + errno = 0; + while (NULL != fgets(line, 255, stdin)) + { + fprintf (foo, "RECV: %s", line); + fflush (foo); + } + if (ferror(stdin) && errno == EAGAIN) + { + clearerr(stdin); + goto xagain; + } + fclose(foo); + return 0; +} + + Index: /tags/2.5.0/test/testcompile.sh =================================================================== --- /tags/2.5.0/test/testcompile.sh (revision 189) +++ /tags/2.5.0/test/testcompile.sh (revision 189) @@ -0,0 +1,895 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +# dnmalloc + flawfinder + (35 * 3) +MAXTEST=107; export MAXTEST + +run_dnmalloc () +{ + fail=0 + if test x$1 = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE clean > /dev/null 2>> test_log + $MAKE test_dnmalloc > /dev/null 2>> test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make test_dnmalloc..."; + else + [ -z "$quiet" ] && log_msg_fail "make test_dnmalloc..."; + fail=1 + fi + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + if [ x"$3" = xskip ]; then + [ -z "$quiet" ] && log_skip $2 ${MAXTEST} "test dnmalloc"; + fi + fail=1 + fi + if [ $fail -eq 1 ]; then + [ -z "$quiet" ] && log_fail $2 ${MAXTEST} "test dnmalloc"; + return 1 + fi + # + fail=0 + ./test_dnmalloc >/dev/null + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "run 1 completed..."; + ./test_dnmalloc 300 12 3000 150000 400 >/dev/null + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "run 2 completed..."; + ./test_dnmalloc 1 1 4000 10000000 1000 >/dev/null + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "run 3 completed..."; + ./test_dnmalloc 1 1 4000 10000000 1000 >/dev/null + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "run 4 completed..."; + else + fail=1 + fi + else + fail=1 + fi + else + fail=1 + fi + else + fail=1 + fi + # + if test x$fail = x0; then + [ -z "$quiet" ] && log_ok $2 ${MAXTEST} "test dnmalloc"; + return 0 + else + [ -z "$quiet" ] && log_fail $2 ${MAXTEST} "test dnmalloc"; + return 1 + fi +} + +run_uno () +{ + if [ -z "$doall" ]; then + [ -z "$quiet" ] && log_skip $2 ${MAXTEST} "$TEST (uno)"; + return 0 + fi + # + UNO=`find_path uno` + # + if [ -z "$UNO" ]; then + log_skip $num $MAXTEST 'check w/uno (not in PATH)' + return 0 + fi + # + cd src/ + stat=`uno -DHAVE_MMAP=1 -DUSE_UNO=1 -t -I. -I.. -I../include sh_*.c samhain.c slib.c dnmalloc.c zAVLTree.c trustfile.c rijndael-*.c bignum.c 2>&1 | wc -l` + if [ $stat -ne 1 ]; then + uno -DSH_WITH_CLIENT -DSH_WITH_SERVER -DHAVE_MMAP=1 -DUSE_UNO=1 -t -I. -I.. -I../include sh_*.c samhain.c slib.c dnmalloc.c zAVLTree.c trustfile.c rijndael-*.c bignum.c >>../test_log 2>&1 + retval=1 + [ -z "$quiet" ] && log_fail $2 ${MAXTEST} "$TEST (uno)"; + else + retval=0 + [ -z "$quiet" ] && log_ok $2 ${MAXTEST} "$TEST (uno)"; + fi + cd .. + return $retval +} + +run_flawfinder () +{ + flawfinder --minlevel=3 --quiet src/s*.c | \ + egrep '^No hits found.' >/dev/null 2>&1 + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok $2 ${MAXTEST} "$TEST"; + else + flawfinder --minlevel=3 --quiet src/s*.c >test_log 2>&1 + [ -z "$quiet" ] && log_fail $2 ${MAXTEST} "$TEST"; + return 1 + fi +} + +run_smatch () +{ + export CDIR=`pwd`; + + if [ -z "$doall" ]; then + [ -z "$quiet" ] && log_skip $2 ${MAXTEST} "$TEST (smatch)"; + return 0 + fi + + if [ ! -f "./x_samhain.c.sm" ]; then + [ -z "$quiet" ] && log_skip $2 ${MAXTEST} "$TEST (skip sm)"; + return 0 + fi + + if [ "x$3" = "xdebug" ]; then memcheck=debug; else memcheck=simple; fi + if [ -f ../../static/sm_scripts/smatch.pm ]; then + ( + cd ../../static/sm_scripts; + + for i in ${CDIR}/*.c.sm ; do + # echo $i; + cat $i | ./unreached_code.pl | grep -v sh_threaded_module_run; + cat $i | ./ampersand_missing.sh; + cat $i | ./eqeq.pl; + cat $i | ./for_bounds.pl; # doesn't work? + cat $i | ./unchecked_returns.pl; + cat $i | ./uninitialized.pl; # doesn't work? + + # from http://people.redhat.com/mstefani/wine/smatch/ + if [ -f ./while_for_check.pl ]; then + cat $i | ./while_for_check.pl; # works + fi + # --> end wine <-- + + # samhain specific modifications (list of free/malloc funcs) + # doesn't seem to find anything useful + if [ $memcheck = xsimple ]; then + if [ -f ./samhain_unfree.pl ]; then + cat $i | ./samhain_unfree.pl | \ + egrep -v 'x_cutest_.*Test_' | \ + egrep -v 'x_sh_unix.c .... .... sh_unix_copyenv'; + fi + fi + if [ $memcheck = xdebug ]; then + if [ -f ./samhain_unfree_debug.pl ]; then + cat $i | ./samhain_unfree_debug.pl | \ + egrep -v 'x_cutest_.*Test_' | \ + egrep -v 'x_sh_unix.c .... .... sh_unix_copyenv'; + fi + fi + # --> end samhain specific <-- + + echo malloc > list_null_funcs_uniq; + echo getenv >> list_null_funcs_uniq; + cat $i | ./deference_check.pl; + rm -f list_null_funcs_uniq; + rm -f $i + done + ) >test_log_smatch 2>&1 + if [ -f test_log_smatch ]; then + lines=`cat test_log_smatch | wc -l` + if [ $lines -ne 0 ]; then + cat test_log_smatch + rm -f test_log_smatch + [ -z "$quiet" ] && log_fail $2 ${MAXTEST} "$TEST (smatch)"; + return 1 + fi + fi + [ -z "$quiet" ] && log_ok $2 ${MAXTEST} "$TEST (smatch)"; + return 0 + fi + [ -z "$quiet" ] && log_skip $2 ${MAXTEST} "$TEST (smatch)"; + return 0 +} + +testmake () +{ + fail=0 + if test x$1 = x0; then + [ -z "$verbose" ] || log_msg_ok "configure... $TEST"; + $MAKE clean > /dev/null 2>> test_log + $MAKE ${SMATCH} cutest > /dev/null 2>> test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make cutest... $TEST"; + else + [ -z "$quiet" ] && log_msg_fail "make cutest... $TEST"; + fail=1 + fi + else + [ -z "$quiet" ] && log_msg_fail "configure... $TEST"; + if [ x"$3" = xskip ]; then + [ -z "$quiet" ] && log_skip $2 ${MAXTEST} "$TEST"; + fi + fail=1 + fi + if [ $fail -eq 1 ]; then + [ -z "$quiet" ] && log_fail $2 ${MAXTEST} "$TEST"; + return 1 + fi + [ -z "$quiet" ] && log_ok $2 ${MAXTEST} "$TEST"; + return 0 +} + +testcompile () +{ + log_start "COMPILE" + + if [ "x$doall" = xon ]; then + uname -a | grep x86_64 >/dev/null + if [ $? -ne 0 ]; then + if [ -f /usr/local/gcc-smatch/bin/gcc ]; then # FIXME + SAVE_CC="${CC}" + SMATCH="DBGDEF=--smatch"; export SMATCH + SAVE_SMATCH="${SMATCH}"; export SAVE_SMATCH + CC="/usr/local/gcc-smatch/bin/gcc"; export CC + SMATCH_CC="${CC}" + fi + fi + fi + + num=0 + numfail=0 + + # + # test dnmalloc + # + TEST="${S}check dnmalloc${E}" + # + ${TOP_SRCDIR}/configure --quiet > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + # + run_dnmalloc 0 $num || let "numfail = numfail + 1" >/dev/null + # + + # + # test flawfinder + # + TEST="${S}check w/flawfinder${E}" + # + # + let "num = num + 1" >/dev/null + FLAWFINDER=`find_path flawfinder` + # + if [ -z "$FLAWFINDER" ]; then + log_skip $num $MAXTEST 'check w/flawfinder (not in PATH)' + else + run_flawfinder 0 $num || let "numfail = numfail + 1" >/dev/null + fi + # + + # + # test standalone compilation + # + TEST="${S}standalone w/suidcheck w/procchk${E}" + # + if test -r "Makefile"; then + $MAKE distclean + fi + # + ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-suidcheck --enable-process-check > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation + # + TEST="${S}standalone static w/suidcheck w/procchk${E}" + # + if test -r "Makefile"; then + $MAKE distclean + fi + # + [ -z "${SMATCH}" ] || { CC="${SAVE_CC}"; export CC; SMATCH=""; export SMATCH; } + # + ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-static --enable-suidcheck --enable-process-check --enable-logfile-monitor > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + # + [ -z "${SMATCH_CC}" ] || { CC="${SMATCH_CC}"; export CC; SMATCH="${SAVE_SMATCH}"; export SMATCH; } + # + # test standalone compilation + # + TEST="${S}standalone w/procchk w/portchk${E}" + # + if test -r "Makefile"; then + $MAKE distclean + fi + # + ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-process-check --enable-port-check > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation + # + TEST="${S}standalone w/procchk w/portchk w/stealth${E}" + # + if test -r "Makefile"; then + $MAKE distclean + fi + # + ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-stealth=164 --enable-process-check --enable-port-check > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation + # + TEST="${S}standalone w/mounts-check w/userfiles${E}" + # + if test -r "Makefile"; then + $MAKE distclean + fi + # + ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-mounts-check --enable-userfiles > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + + # + # test standalone compilation + # + TEST="${S}standalone w/timeserver and w/msgqueue${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-message-queue --with-timeserver=127.0.0.1 > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation with --with-nocl=PW + # + TEST="${S}standalone w/nocl w/logmon${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --enable-nocl="owl" --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-logfile-monitor > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation w/ debug + # + TEST="${S}standalone w/debug${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-debug --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation w/ gpg + # + TEST="${S}standalone w/gpg${E}" + # + GPG=`find_path gpg` + let "num = num + 1" >/dev/null + # + if [ -z "$GPG" ]; then + log_skip $num $MAXTEST 'gpg not in PATH' + let "num = num + 1" >/dev/null + log_skip $num $MAXTEST 'gpg not in PATH' + else + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --with-gpg=$GPG --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + fi + + # + # test standalone compilation w/stealth + # + TEST="${S}standalone w/stealth${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-stealth=128 --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation w/loginwatch + # + TEST="${S}standalone w/login-watch${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation w/mysql + # + TEST="${S}standalone w/mysql${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-xml-log --with-database=mysql --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num "skip" || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation w/mysql and stealth + # + TEST="${S}standalone w/mysql+stealth${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-xml-log --enable-stealth=128 --with-database=mysql --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num "skip" || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation w/postgresql + # + TEST="${S}standalone w/postgresql${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-xml-log --with-database=postgresql --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num "skip" || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation w/postgresql+stealth + # + TEST="${S}standalone w/postgresql+stealth${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-xml-log --enable-stealth=128 --with-database=postgresql --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num "skip" || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation + # + TEST="${S}standalone w/o mail w/unix_rnd${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --disable-mail --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --with-rnd=unix > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test standalone compilation + # + TEST="${S}standalone w/o external${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --disable-external-scripts --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + # echo; echo "${S}__ TEST CLIENT/SERVER __${E}"; echo; + + # + # test client/server compilation + # + TEST="${S}client/server application w/timeserver${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=client --enable-srp --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --with-timeserver=127.0.0.1 > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=server --enable-srp --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --with-timeserver=127.0.0.1 > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test client/server compilation + # + TEST="${S}client/server application static w/timeserver${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + [ -z "${SMATCH}" ] || { CC="${SAVE_CC}"; export CC; SMATCH=""; export SMATCH; } + # + ${TOP_SRCDIR}/configure --quiet --enable-network=client --enable-static --enable-srp --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --with-timeserver=127.0.0.1 --enable-logfile-monitor > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=server --enable-static --enable-srp --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --with-timeserver=127.0.0.1 > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + # + [ -z "${SMATCH_CC}" ] || { CC="${SMATCH_CC}"; export CC; SMATCH="${SAVE_SMATCH}"; export SMATCH; } + # + # test c/s compilation w/ gpg + # + TEST="${S}client/server application w/gpg${E}" + # + GPG=`find_path gpg` + let "num = num + 1" >/dev/null + # + if [ -z "$GPG" ]; then + log_skip $num $MAXTEST 'gpg not in PATH' + let "num = num + 1" >/dev/null + log_skip $num $MAXTEST 'gpg not in PATH' + let "num = num + 1" >/dev/null + log_skip $num $MAXTEST 'gpg not in PATH' + let "num = num + 1" >/dev/null + log_skip $num $MAXTEST 'gpg not in PATH' + else + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=server --enable-srp --with-gpg=$GPG --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=client --enable-srp --with-gpg=$GPG --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-logfile-monitor > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + fi + + + # + # test client/server compilation + # + TEST="${S}client/server application w/o srp${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=server --disable-srp --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=client --disable-srp --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test client/server compilation w/ debug + # + TEST="${S}client/server application w/debug${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=server --enable-debug --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=client --enable-debug --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-logfile-monitor > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test client/server compilation w/stealth + # + TEST="${S}client/server application w/stealth${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=server --enable-srp --enable-stealth=128 --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=client --enable-srp --enable-stealth=128 --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test client/server compilation w/logwatch + # + TEST="${S}client/server application w/login-watch${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=server --enable-srp --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=client --enable-srp --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test client/server compilation + # + TEST="${S}client/server application w/o mail${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=server --disable-mail --enable-srp --enable-stealth=128 --enable-debug --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=client --disable-mail --enable-srp --enable-stealth=128 --enable-debug --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + # + # test client/server compilation + # + TEST="${S}client/server application w/o external${E}" + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=server --disable-srp --disable-external-scripts --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + # + if test -r "Makefile"; then + $MAKE clean + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-network=client --disable-srp --disable-external-scripts --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log + # + let "num = num + 1" >/dev/null + testmake $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_smatch $? $num || let "numfail = numfail + 1" >/dev/null + let "num = num + 1" >/dev/null + run_uno $? $num || let "numfail = numfail + 1" >/dev/null + + [ -z "${SMATCH}" ] || { CC="${SAVE_CC}"; export CC; } + + log_end "COMPILE" +} Index: /tags/2.5.0/test/testext.sh =================================================================== --- /tags/2.5.0/test/testext.sh (revision 189) +++ /tags/2.5.0/test/testext.sh (revision 189) @@ -0,0 +1,140 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +MAXTEST=1; export MAXTEST + +testext0 () +{ + COMP=`which gcc` + if test "x$?" = x1 ; then + COMP="cc" + else + COMP=`which gcc | sed -e "s%\([a-z:]\) .*%\1%g"` + if test "x$COMP" = x; then + COMP="cc" + elif test "x$COMP" = xno; then + COMP="cc" + else + if test "x$COMP" = "xwhich:"; then + COMP="cc" + else + COMP="gcc" + gcc -v >/dev/null 2>&1 || COMP="gcc" + fi + fi + fi + log_start "EXTERNAL PROGRAM" + [ -z "$verbose" ] || echo MAKE is $MAKE + [ -z "$verbose" ] || { echo COMP is $COMP; echo; } + # + # standalone compilation + # + [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } + # + if test -r "Makefile"; then + ${MAKE} distclean >/dev/null + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-debug --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/testrc_1ext --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE >/dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + # + # prepare the program + # + cat test/test_ext.c.in | sed -e "s%MYPWDIR%$PW_DIR/test_ext.res%g" > test_ext.c + + ${COMP} -o test_ext test_ext.c + if test "x$?" != x0; then + log_msg_fail "${COMP} -o test_ext test_ext.c" + return 1 + fi + chmod +rx test_ext + if test "x$?" != x0; then + log_msg_fail "chmod +rx test_ext" + return 1 + fi + + # compute checksum and fix config file + # + cp test/testrc_1ext.in testrc_1ext + CHKSUM=`./samhain -H $PW_DIR/test_ext | awk '{ print $2$3$4$5$6$7}'` + echo "OpenCommand=$PW_DIR/test_ext" >> testrc_1ext + echo "SetType=log" >> testrc_1ext + echo "SetChecksum=$CHKSUM" >> testrc_1ext + echo "SetFilterOr=ALERT" >> testrc_1ext + echo "CloseCommand" >> testrc_1ext + echo "OpenCommand=$PW_DIR/test_ext" >> testrc_1ext + echo "SetType=log" >> testrc_1ext + echo "SetChecksum=$CHKSUM" >> testrc_1ext + echo "SetFilterOr=ALERT" >> testrc_1ext + + rm -f $PW_DIR/test_ext.res + rm -f $PW_DIR/pdbg.child + rm -f $PW_DIR/pdbg.main + ./samhain -p none + + # The shell is too fast ... + one_sec_sleep + [ -z "$verbose" ] || { + echo; + echo "${S}Logged by external C program test_ext (filtered: ALERT only):${E}"; + echo; + cat $PW_DIR/test_ext.res + echo + } + + tmp=`cat $PW_DIR/test_ext.res | wc -l` + if [ $tmp -eq 8 ]; then + tmp=`egrep 'RECV: \[EOF\]' $PW_DIR/test_ext.res | wc -l` + if [ $tmp -eq 4 ]; then + tmp=`egrep 'RECV: ALERT' $PW_DIR/test_ext.res | wc -l` + if [ $tmp -eq 4 ]; then + log_ok 1 ${MAXTEST}; + else + log_fail 1 ${MAXTEST}; + fi + else + log_fail 1 ${MAXTEST}; + fi + else + log_fail 1 ${MAXTEST}; + fi + + rm -f $PW_DIR/.samhain_file + rm -f $LOGFILE + rm -f $PW_DIR/.samhain_lock + + log_end "EXTERNAL PROGRAM" +} + Index: /tags/2.5.0/test/testhash.sh =================================================================== --- /tags/2.5.0/test/testhash.sh (revision 189) +++ /tags/2.5.0/test/testhash.sh (revision 189) @@ -0,0 +1,109 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE +LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE + +MAXTEST=2; export MAXTEST + +testhash () +{ + log_start "HASH FUNCTION" + # + # test standalone compilation + # + TEST="${S}standalone agent${E}" + # + if test -r "Makefile"; then + $MAKE distclean + fi + # + ${TOP_SRCDIR}/configure --quiet $TRUST --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file --enable-debug --enable-logfile-monitor --disable-dnmalloc + # + fail=0 + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>> test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + fail=1 + fi + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + fail=1 + fi + # + if [ $fail -eq 1 ]; then + [ -z "$quiet" ] && log_fail 1 ${MAXTEST}; + return 1 + fi + # + echo "Test results of the TIGER hash algorithm" > testhash.tmp + echo >> testhash.tmp + echo "(use samhain -H string to test)" >> testhash.tmp + echo >> testhash.tmp + ./samhain -H "" >> testhash.tmp + ./samhain -H "abc" >> testhash.tmp + ./samhain -H "Tiger" >> testhash.tmp + ./samhain -H "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-" >> testhash.tmp + ./samhain -H "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdefghijklmnopqrstuvwxyz+0123456789" >> testhash.tmp + ./samhain -H "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham" >> testhash.tmp + ./samhain -H "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proceedings of Fast Software Encryption 3, Cambridge." >> testhash.tmp + ./samhain -H "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proceedings of Fast Software Encryption 3, Cambridge, 1996." >> testhash.tmp + ./samhain -H "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-" >> testhash.tmp + # + RESU=`diff testhash.tmp ${SCRIPTDIR}/testtiger.txt 2>/dev/null` + if test "x${RESU}" = "x"; then + [ -z "$quiet" ] && log_ok 1 ${MAXTEST}; + else + [ -z "$quiet" ] && log_fail 1 ${MAXTEST}; + return 1 + fi + # + # + # + TEST="${S}files${E}" + # + case $SCRIPTDIR in + /*) + testpath="${SCRIPTDIR}/testtiger.txt";; + *) + testpath="`pwd`/${SCRIPTDIR}/testtiger.txt";; + esac + # + RESU=`./samhain -H ${testpath}` + # + if test x"$RESU" = x"${testpath}: 8125E439 4E7E20F9 24FD8E37 BC4D90C7 FC67F40C 1681F05D"; then + [ -z "$quiet" ] && log_ok 2 ${MAXTEST}; + else + [ -z "$quiet" ] && log_fail 2 ${MAXTEST}; + return 1 + fi + # + log_end "HASH FUNCTION" + return 0 +} + + + Index: /tags/2.5.0/test/testrc_1 =================================================================== --- /tags/2.5.0/test/testrc_1 (revision 189) +++ /tags/2.5.0/test/testrc_1 (revision 189) @@ -0,0 +1,273 @@ +##################################################################### +# +# Configuration file template for samhain. +# +##################################################################### +# +# -- empty lines and lines starting with '#' are ignored +# -- you can PGP clearsign this file -- samhain will check (if compiled +# with support) or otherwise ignore the signature +# -- CHECK mail address +# +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +# +##################################################################### +# +# SETUP for file system checking: +# +# (i) There are several policies, each has its own section. Put files +# into the section for the appropriate policy (see below). +# (ii) To each policy, you can assign a severity (further below). +# (iii) To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +# +##################################################################### + + +[Misc] +RedefUser0=-ATM + +[Attributes] +# +# for these files, only changes in permissions and ownership are checked +# +#file=/etc/mtab +#file=/etc/ssh_random_seed +#file=/etc/asound.conf +#file=/etc/resolv.conf +#file=/etc/localtime +#file=/etc/ioctl.save +#file=/etc/passwd.backup +#file=/etc/shadow.backup + + +# +# There are files in /etc that might change (see above), +# thus changing the timestamps on the directory special file. +# Put it here as 'file', and in the ReadOnly section as 'dir'. +# +file=/etc + +[GrowingLogFiles] +# +# for these files, changes in signature, timestamps, and increase in size +# are ignored +# +# Example for shell-style wildcard pattern +# +#file=/var/log/n* + +[IgnoreAll] +#dir=-1/etc + +[IgnoreNone] +#dir=-1/etc + +[Attributes] +# dir=/opt/gnome/bin/ +# file=/usr/bin/ssh + + +[ReadOnly] +# +# for these files, only access time is ignored +# +#dir=/dev +# dir=/usr/bin + +#dir=/usr/bin +#dir=/lib +#dir=/usr/lib + +#dir=/lib +#dir=3/etc +#dir=/tmp +# file=/usr/bin/ssh +# dir=1/home/rainer + +#[SuidCheck] +#SuidCheckActive=T +#SuidCheckExclude=/home + +[EventSeverity] +# +# Here you can assign severities to policy violations. +# If this severity exceeds the treshold of a log facility (see below), +# a policy violation will be logged to that facility. +# +# Severity for verification failures. +# +SeverityUser0=crit +SeverityUser1=crit +SeverityReadOnly=crit +SeverityLogFiles=crit +SeverityGrowingLogs=crit +SeverityIgnoreNone=crit +SeverityAttributes=crit +# +# We have a file in IgnoreAll that might or might not be present. +# Setting the severity to 'info' prevents messages about deleted/new file. +# +SeverityIgnoreAll=warn + +# +# Files : file access problems +# Dirs : directory access problems +# Names : suspect (non-printable) characters in a pathname +# +SeverityFiles=notice +SeverityDirs=info +SeverityNames=warn + +[Log] +# +# Set threshold severity for log facilities +# Values: debug, info, notice, warn, mark, err, crit, alert, none. +# 'mark' is used for timestamps. +# +# By default, everything equal to and above the threshold is logged. +# The specifiers '*', '!', and '=' are interpreted as +# 'all', 'all but', and 'only', respectively (like syslogd(8) does, +# at least on Linux). +# +# MailSeverity=* +# MailSeverity=!warn +# MailSeverity==crit +# +MailSeverity=none +LogSeverity=warn +SyslogSeverity=none +#ExportSeverity=none +PrintSeverity=info +# Restrict to certain classes of messages +# MailClass = RUN +#PreludeSeverity = err + +# Which system calls to log (execve, utime, unlink, dup, chdir, open, kill, +# exit, fork, setuid, setgid, pipe) +# +# LogCalls = open + + +#[Kernel] +# +# Setings this to 1/true/yes will activate the check for loadable +# kernel module rootkits (Linux only) +# +#KernelCheckActive=1 +#KernelCheckInterval = 20 + +#[Utmp] +# +# 0 to switch off, 1 to activate +# +#LoginCheckActive=1 + +# Severity for logins, multiple logins, logouts +# +#SeverityLogin=info +#SeverityLoginMulti=warn +#SeverityLogout=info + +# interval for login/logout checks +# +#LoginCheckInterval=60 + +[Misc] +# +# whether to become a daemon process +Daemon=no + +# Custom format for message header +# +# %S severity +# %T timestamp +# %C class +# +# %F source file +# %L source line +# +# MessageHeader="%S %T - %F - %L " +# MessageHeader="|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; + return 1 + fi + tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)"; + fi + # + done + for ff in $NDIRS; do + # + egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; + return 1 + fi + done +} + + +TESTPOLICY_15=" +[Misc] +DigestAlgo=SHA1 +RedefReadOnly = +TXT +[ReadOnly] +dir=${BASE} +" +mod_testdata_15 () { + mod_testdata_1 +} +chk_testdata_15 () { + chk_testdata_1 +} + +TESTPOLICY_14=" +[Misc] +DigestAlgo=MD5 +RedefReadOnly = +TXT +[ReadOnly] +dir=${BASE} +" +mod_testdata_14 () { + mod_testdata_1 +} +chk_testdata_14 () { + chk_testdata_1 +} + +# +# combine file check schedule with one-shot mode +# +TESTPOLICY_13=" +[ReadOnly] +dir=99${BASE} +" + +mod_testdata_13 () { + one_sec_sleep + echo "foobar" >"${BASE}/c/x"; # bad + chmod 0555 "${BASE}/a/y"; # bad + ORIGINAL='SetFilecheckTime=60' + REPLACEMENT='FileCheckScheduleOne = 6 12 * * *' + ex -s $RCFILE </dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y"; + return 1 + fi + CDIRS="a a/a a/b a/c c b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; + NDIRS=""; + test_dirs; + return $? +} + +TESTPOLICY_12=" +[ReadOnly] +dir=99${BASE} +[IgnoreAll] +dir=-1${BASE}/b +[Attributes] +dir=1${BASE}/a +" + +mod_testdata_12 () { + one_sec_sleep + echo "foobar" >"${BASE}/b/x"; # ok + echo "foobar" >"${BASE}/c/x"; # bad + echo "foobar" >"${BASE}/a/x"; # ok + chmod 0555 "${BASE}/a/a/x"; # bad + chmod 0555 "${BASE}/a/a/a/x";# ok + chmod 0555 "${BASE}/a/y"; # bad +} + +chk_testdata_12 () { + # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne 3 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x"; + return 1 + fi + egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/x"; + return 1 + fi + egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y"; + return 1 + fi + CDIRS="a a/a a/b a/c c"; + NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; + test_dirs; + return $? +} + +# +# --- ACL/SELinux test case +# +TESTPOLICY_11=" +[ReadOnly] +dir=99${BASE} +[IgnoreAll] +dir=-1${BASE}/b +[Attributes] +dir=1${BASE}/a +[Misc] +UseSelinuxCheck = no +UseAclCheck = no +" + +mod_testdata_11 () { + one_sec_sleep + setfacl -m 'user:nobody:r--' "${BASE}/b/x"; # ok (ign) + setfacl -m 'user:nobody:r--' "${BASE}/c/x"; # bad + setfacl -m 'user:nobody:r--' "${BASE}/a/x"; # bad + setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/b/y"; # ok (ign) + setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/a/a/x";# ok (depth) + setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/x"; # bad + setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/y"; # bad +} + +chk_testdata_11 () { + # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] --------T-.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x"; + return 1 + fi + CDIRS="a a/a a/b a/c c"; + NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; + test_dirs; + return $? +} + +TESTPOLICY_10=" +[ReadOnly] +dir=99${BASE} +[IgnoreAll] +dir=-1${BASE}/b +[Attributes] +dir=1${BASE}/a +" + +mod_testdata_10 () { + one_sec_sleep + setfacl -m 'user:nobody:r--' "${BASE}/b/x"; # ok (ign) + setfacl -m 'user:nobody:r--' "${BASE}/c/x"; # bad + setfacl -m 'user:nobody:r--' "${BASE}/a/x"; # bad + setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/b/y"; # ok (ign) + setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/a/a/x";# ok (depth) + setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/x"; # bad + setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/y"; # bad +} + +chk_testdata_10 () { + # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne 3 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x"; + return 1 + fi + egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/x"; + return 1 + fi + egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y"; + return 1 + fi + CDIRS="a a/a a/b a/c c"; + NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; + test_dirs; + return $? +} + +TESTPOLICY_9=" +[ReadOnly] +dir=0${BASE}/b +[Attributes] +dir=2${BASE}/a/a +" + +mod_testdata_9 () { + echo "foobar" >"${BASE}/b/x"; + echo "foobar" >"${BASE}/a/x"; + echo "foobar" >"${BASE}/x"; +} + +chk_testdata_9 () { + # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi + CDIRS="b a/a a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; + NDIRS="a c a/b a/c"; + test_dirs; + return $? +} + +TESTPOLICY_8=" +[ReadOnly] +dir=1${BASE} +[Attributes] +dir=1${BASE}/a/a +" + +mod_testdata_8 () { + echo "foobar" >"${BASE}/a/x"; + chmod 0555 "${BASE}/a/a/a/b/x"; +} + +chk_testdata_8 () { + # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi + CDIRS="a b c a/a a/a/a a/a/b a/a/c"; + NDIRS="a/b a/c a/a/a/a a/a/a/b a/a/a/c"; + test_dirs; + return $? +} + + +TESTPOLICY_7=" +[ReadOnly] +dir=${BASE} +[Attributes] +dir=${BASE}/a/a +[GrowingLogFiles] +dir=${BASE}/a/a/a +[IgnoreAll] +file=${BASE}/a/a/a/z +dir=${BASE}/b +[Misc] +IgnoreMissing=${BASE}/a/[[:alnum:]]+/[[:alnum:]]+\$ +IgnoreAdded=${BASE}/a/(b|c)/[[:alnum:]]+\$ +" + +mod_testdata_7 () { + one_sec_sleep + echo "foobar" >"${BASE}/a/a/a/z" # ok + echo "foobar" >"${BASE}/a/a/a/x" # bad + echo "foobar" >"${BASE}/a/a/x" # ok + echo "foobar" >"${BASE}/a/x" # bad + chmod 0555 "${BASE}/a" # bad + chmod 0555 "${BASE}/b" # ok + + rm "${BASE}/a/c/z" + touch "${BASE}/a/c/zz2" +} + + +chk_testdata_7 () { + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne 4 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi + egrep "ERROR.*POLICY MISSING.*${BASE}/a/c/z" $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/c/z"; + return 1 + fi + egrep "CRIT.*POLICY ADDED.*${BASE}/a/c/zz2" $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/c/zz2"; + return 1 + fi + egrep "CRIT.*POLICY \[GrowingLogs\] C--------S.*${BASE}/a/a/a/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/a/x"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/x"; + return 1 + fi +} + + +TESTPOLICY_6=" +[ReadOnly] +dir=${BASE} +[Attributes] +file=${BASE}/a/y +file=${BASE}/b/y +file=${BASE}/c/y +file=${BASE}/a/a/y +file=${BASE}/a/b/y +file=${BASE}/a/c/y +file=${BASE}/a/a/a/y +file=${BASE}/a/a/b/y +file=${BASE}/a/a/c/y +file=${BASE}/a/a/a/a/y +file=${BASE}/a/a/a/b/y +file=${BASE}/a/a/a/c/y +" + +mod_testdata_6 () { + one_sec_sleep + for ff in $TDIRS; do + echo "foobar" >"${BASE}/${ff}/x" + chmod 0555 "${BASE}/${ff}/y" + echo "foobar" >"${BASE}/${ff}/z" + done +} + +chk_testdata_6 () { + count6=0 + for ff in $TDIRS; do + # + egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; + return 1 + fi + tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)"; + fi + # + for gg in $TFILES; do + egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)"; + fi + tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)"; + fi + done + egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/${ff}/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/x"; + return 1 + fi + let "count6 = count6 + 1" >/dev/null + egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/${ff}/z" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/z"; + return 1 + fi + let "count6 = count6 + 1" >/dev/null + egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/${ff}/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/y"; + return 1 + fi + let "count6 = count6 + 1" >/dev/null + done + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne $count6 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi +} + +TESTPOLICY_5=" +[Attributes] +dir=${BASE} +file=${BASE}/a/a/c/x +[ReadOnly] +file=${BASE}/a/a/c/y +[GrowingLogFiles] +dir=${BASE}/a/a/c +dir=${BASE}/a/a/b +dir=${BASE}/a/b +" + +mod_testdata_5 () { + mod_testdata_4 + echo "1 This is a xxxx file" > "${BASE}/a/a/b/x" # GrowingLogFiles + echo "1 This is a test file" > "${BASE}/a/a/b/y" # GrowingLogFiles + echo "2 This is a test file" >> "${BASE}/a/a/b/y" # GrowingLogFiles + echo "1 This is a xxxx file bad" > "${BASE}/a/a/b/z" # GrowingLogFiles + echo "2 This is a xxxx file bad" >>"${BASE}/a/a/b/z" # GrowingLogFiles + echo "3 This is a xxxx file bad" >>"${BASE}/a/a/b/z" # GrowingLogFiles +} + +chk_testdata_5 () { + for ff in $TDIRS; do + # + egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; + return 1 + fi + tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)"; + fi + # + for gg in $TFILES; do + egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)"; + fi + tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)"; + fi + done + done + egrep "CRIT.*POLICY \[GrowingLogs\] C---------.*${BASE}/a/a/b/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/b/x"; + return 1 + fi + egrep "CRIT.*POLICY \[GrowingLogs\] C---------.*${BASE}/a/a/b/z" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/b/z"; + return 1 + fi + egrep "CRIT.*POLICY \[GrowingLogs\] -----M----.*${BASE}/a/b/z" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/z"; + return 1 + fi + egrep "CRIT.*POLICY \[GrowingLogs\] -----M----.*${BASE}/a/a/c/z" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/z"; + return 1 + fi + egrep "CRIT.*POLICY \[GrowingLogs\] C--------S.*${BASE}/a/b/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/y"; + return 1 + fi + egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x"; + return 1 + fi + egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo"; + return 1 + fi + egrep "CRIT.*POLICY ADDED.*033\[1;30m" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m"; + return 1 + fi + egrep "WARN.*Weird filename.*033\[1;30m" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y"; + return 1 + fi + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne 9 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi +} + + +TESTPOLICY_4=" +[Attributes] +dir=${BASE} +file=${BASE}/a/a/c/x +[ReadOnly] +file=${BASE}/a/a/c/y +[LogFiles] +dir=${BASE}/a/a/c +dir=${BASE}/a/b +" + +mod_testdata_4 () { + one_sec_sleep + echo "foobar" >> "${BASE}/a/a/x" # Attributes + echo "foobar" > "${BASE}/a/a/c/foo" # new within LogFiles + echo "foobar" >> "${BASE}/a/a/c/y" # ReadOnly + echo "foobar" >> "${BASE}/a/a/c/x" # Attributes + chmod 0555 "${BASE}/a/a/c/x" # Attributes + chmod 0555 "${BASE}/a/a/c/z" # LogFiles + echo "foobar" >> "${BASE}/a/b/x" # LogFiles + echo "" > "${BASE}/a/b/y" # LogFiles + chmod 0555 "${BASE}/a/b/z" # LogFiles + touch "${BASE}/a/a/" # non-printable character in filename +} + +chk_testdata_4 () { + for ff in $TDIRS; do + # + egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; + return 1 + fi + tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)"; + fi + # + for gg in $TFILES; do + egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)"; + fi + tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)"; + fi + done + done + egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x"; + return 1 + fi + egrep "CRIT.*POLICY \[LogFiles\] -----M----.*${BASE}/a/b/z" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/z"; + return 1 + fi + egrep "CRIT.*POLICY \[LogFiles\] -----M----.*${BASE}/a/a/c/z" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/z"; + return 1 + fi + egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo"; + return 1 + fi + egrep "CRIT.*POLICY ADDED.*033\[1;30m" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m"; + return 1 + fi + egrep "WARN.*Weird filename.*033\[1;30m" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y"; + return 1 + fi + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne 6 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi +} + +TESTPOLICY_3=" +[Attributes] +dir=${BASE} +file=${BASE}/a/a/c/x +[ReadOnly] +file=${BASE}/a/a/c/y +[IgnoreAll] +dir=${BASE}/a/a/c +" +mod_testdata_3 () { + one_sec_sleep + echo "foobar" > "${BASE}/a/b/foo" # new within Attributes + chmod 0555 "${BASE}/a/b" + echo "foobar" > "${BASE}/a/a/c/foo" # new within IgnoreAll + echo "foobar" > "${BASE}/a/a/c/y" # ReadOnly + chmod 0555 "${BASE}/a/a/c/x" # Attributes + chmod 0555 "${BASE}/a/a/c/z" # IgnoreAll +} + +chk_testdata_3 () { + for ff in $TDIRS; do + # + egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; + return 1 + fi + tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)"; + fi + # + for gg in $TFILES; do + egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)"; + fi + tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)"; + fi + done + done + egrep "CRIT.*POLICY ADDED.*${BASE}/a/b/foo" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/foo"; + return 1 + fi + egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo"; + return 1 + fi + egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/b" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b"; + return 1 + fi + egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y"; + return 1 + fi + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne 5 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi +} + +TESTPOLICY_2=" +[ReadOnly] +dir=${BASE} +file=${BASE}/a/a/c/x +[IgnoreAll] +dir=${BASE}/a/a/c +" +mod_testdata_2 () { + # mod_testdata_1; + one_sec_sleep + touch "${BASE}/a/a/x" + chmod 0555 "${BASE}/a/a/y" + mv "${BASE}/a/b/y" "${BASE}/a/b/yy"; + echo "1 This is a test file" > "${BASE}/a/b/y"; + echo "2 This is a test file" >> "${BASE}/a/b/y"; + echo "4 This is a test file" >> "${BASE}/a/b/z"; + rm "${BASE}/a/b/yy"; # mv/rm to force new inode + rm "${BASE}/a/b/l_y"; + ln -s "${BASE}/a/b/x" "${BASE}/a/b/l_y"; + echo "foobar" > "${BASE}/a/c/y" + rm "${BASE}/a/a/c/y" + echo "foobar" > "${BASE}/a/a/c/foo" + chmod 0555 "${BASE}/a/a/c/x" + chmod 0555 "${BASE}/a/a/c/z" +} + +chk_testdata_2 () { + for ff in $TDIRS; do + # + egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; + return 1 + fi + tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)"; + fi + # + for gg in $TFILES; do + egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + if [ x"${ff}/${gg}" = x"a/a/c/y" ]; then :; else + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)"; + return 1 + fi + fi + done + done + egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo"; + return 1 + fi + egrep "CRIT.*POLICY MISSING.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x"; + return 1 + fi + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne 10 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi +} + +TESTPOLICY_1=" +[Misc] +RedefReadOnly = +TXT +[ReadOnly] +dir=${BASE} +" + +mod_testdata_1 () { + one_sec_sleep + touch "${BASE}/a/a/x" + chmod 0555 "${BASE}/a/a/y" + mv "${BASE}/a/b/y" "${BASE}/a/b/yy"; + echo "1 This is a test file" > "${BASE}/a/b/y"; + echo "2 This is a test file" >> "${BASE}/a/b/y"; + echo "4 This is a test file" >> "${BASE}/a/b/z"; + rm "${BASE}/a/b/yy"; # mv/rm to force new inode + rm "${BASE}/a/b/l_y"; + ln -s "${BASE}/a/b/x" "${BASE}/a/b/l_y"; + echo "foobar" > "${BASE}/a/c/y" + # + mv "${BASE}/b/x" "${BASE}/b/xx"; # mv/rm to force new inode + mkdir "${BASE}/b/x" + rm "${BASE}/b/xx"; + # + mv "${BASE}/b/y" "${BASE}/b/yy"; # mv/rm to force new inode + ln -s "${BASE}/b/z" "${BASE}/b/y" + rm "${BASE}/b/yy"; + # + rm "${BASE}/b/l_x"; echo "1 This is a test file" > "${BASE}/b/l_x"; +} + +chk_testdata_1 () { + for ff in $TDIRS; do + # + egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; + return 1 + fi + tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)"; + return 1 + fi + # + for gg in $TFILES; do + egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + if [ "${BASE}/${ff}" != "${BASE}/b" ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checksum)"; + return 1 + fi + fi + tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 1 ]; then + if [ "${BASE}/${ff}" != "${BASE}/b" ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)"; + return 1 + fi + fi + done + done + # + # + # + egrep "CRIT.*POLICY \[ReadOnly\] ----H---T-.*${BASE}/b" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/b"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] CL-I-M--TS.*${BASE}/b/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/b/y"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] CL---M--TS.*${BASE}/b/l_x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/b/l_x"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] C--IHM--TS.*${BASE}/b/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/b/x"; + return 1 + fi + # + # + # + egrep "CRIT.*POLICY \[ReadOnly\] --------T-.*${BASE}/a/a/x" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/x"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] ---I----T-.*${BASE}/a/b/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/y"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] -L-I----T-.*${BASE}/a/b/l_y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/l_y"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] --------T-.*${BASE}/a/b" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/b/z" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/z"; + return 1 + fi + egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/c/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/c/y"; + return 1 + fi + tmp=`grep CRIT $LOGFILE | wc -l` + if [ $tmp -ne 11 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count"; + return 1 + fi + for ff in x y z; do + ./samhain --list-file "${BASE}/a/a/${ff}" -d "$PW_DIR/.samhain_file" > "$PW_DIR/.samhain_tmp" + diff "$PW_DIR/.samhain_tmp" "${BASE}/a/a/${ff}" >/dev/null + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "diff $PW_DIR/.samhain_tmp ${BASE}/a/a/${ff}" + return 1 + fi + done + + return 0 +} + + +############################################################## +# +# Common subroutines +# + +mkconfig_misc () +{ + test -f "${RCFILE}" || touch "${RCFILE}" + cat >> "${RCFILE}" <> "${RCFILE}" <> "${RCFILE}" <>"${RCFILE}" +} + +prep_init () +{ + rm -f ./.samhain_file + rm -f "${LOGFILE}" + rm -f ./.samhain_lock + + rm -f "${RCFILE}" + mkconfig_sev + mkconfig_log + mkconfig_misc +} + +run_init () +{ + rm -f test_log_valgrind + + ${VALGRIND} ./samhain -t init -p none 2>>test_log_valgrind + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "init..."; + else + [ -z "$quiet" ] && log_msg_fail "init..."; + return 1 + fi +} + +run_check () +{ + ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind + + if test x$? = x0; then + + ./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}" + + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_msg_fail "mv logfile..."; + return 1 + fi + [ -z "$verbose" ] || log_msg_ok "check..."; + else + [ -z "$quiet" ] && log_msg_fail "check..."; + return 1 + fi +} + +run_update () +{ + ${VALGRIND} ./samhain -t update -p none -l debug 2>>test_log_valgrind + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "update..."; + else + [ -z "$quiet" ] && log_msg_fail "update..."; + return 1 + fi +} + +run_check_after_update () +{ + rm -rf $LOGFILE + + ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind + + if test x$? = x0; then + # + tmp=`./samhain -j -L $LOGFILE | grep CRIT | wc -l` + if [ $tmp -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "update not successful(?)"; + return 1 + fi + # + # wtmp may not be readable + # + tmp=`./samhain -j -L $LOGFILE | grep ERR | grep -v wtmp | wc -l` + if [ $tmp -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "errors during check"; + return 1 + fi + # + [ -z "$VALGRIND" ] || { + tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; + if [ $tmp -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; + cat test_log_valgrind + return 1; + fi; + } + # + [ -z "$verbose" ] || log_msg_ok "check(2)..."; + else + [ -z "$quiet" ] && log_msg_fail "check(2)..."; + return 1 + fi +} + +prep_testdata () +{ + if test -d "$BASE"; then + if [ -d "${BASE}" ]; then + chmod -f -R 0700 "${BASE}" || { + [ -z "$quiet" ] && log_msg_fail "chmod -f -R 0700 ${BASE}"; + return 1; + } + fi + fi + + rm -rf "${BASE}" || { + [ -z "$quiet" ] && log_msg_fail "rm -rf ${BASE}"; + return 1; + } + + mkdir "${BASE}" || { + [ -z "$quiet" ] && log_msg_fail "mkdir ${BASE}"; + return 1; + } + + for ff in $TDIRS; do + mkdir "${BASE}/${ff}" || { + [ -z "$quiet" ] && log_msg_fail "mkdir ${BASE}/${ff}"; + return 1; + } + chmod 0755 "${BASE}/${ff}" + for gg in $TFILES; do + echo "1 This is a test file" > "${BASE}/${ff}/${gg}" + chmod 0644 "${BASE}/${ff}/${gg}" + ln -s "${BASE}/${ff}/${gg}" "${BASE}/${ff}/l_${gg}" + done + echo "2 This is a test file" >> "${BASE}/${ff}/y" + echo "2 This is a test file" >> "${BASE}/${ff}/z" + echo "3 This is a test file" >> "${BASE}/${ff}/z" + done +} + +check_err () +{ + if [ $1 -ne 0 ]; then + log_fail ${2} ${MAXTEST}; + return 1 + fi + return 0 +} + +testrun_internal () +{ + [ -z "$verbose" ] || echo Working directory: $PW_DIR + [ -z "$verbose" ] || { echo MAKE is $MAKE; echo; } + + # + # test standalone compilation + # + [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } + + if test -r "Makefile"; then + $MAKE distclean >/dev/null + fi + + ${TOP_SRCDIR}/configure ${BUILDOPTS} + + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE >/dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + [ -z "$verbose" ] || { echo; echo "${S}Running test suite${E}"; echo; } + + tcount=1 + POLICY=`eval echo '"$'"TESTPOLICY_$tcount"'"'` + + until [ -z "$POLICY" ] + do + prep_init + check_err $? ${tcount}; errval=$? + if [ $errval -eq 0 ]; then + prep_testdata + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + prep_testpolicy ${tcount} + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + run_init + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + eval mod_testdata_${tcount} + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + run_check + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + eval chk_testdata_${tcount} + check_err $? ${tcount}; errval=$? + fi + if [ $testrun1_setup -eq 0 ]; then + if [ $errval -eq 0 ]; then + run_update + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + run_check_after_update + check_err $? ${tcount}; errval=$? + fi + fi + # + if [ $errval -eq 0 ]; then + [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST}; + fi + # + let "tcount = tcount + 1" >/dev/null + # + if [ -z "$doall" -a $tcount -eq 10 ]; then + log_skip 10 $MAXTEST 'ACL/SELinux test (or use --really-all)' + let "tcount = tcount + 1" >/dev/null + fi + # + if [ -z "$doall" -a $tcount -eq 11 ]; then + log_skip 11 $MAXTEST 'ACL/SELinux test (or use --really-all)' + let "tcount = tcount + 1" >/dev/null + fi + # + POLICY=`eval echo '"$'"TESTPOLICY_$tcount"'"'` + done + + return 0 +} + +testrun1 () +{ + log_start "RUN STANDALONE" + testrun_internal + log_end "RUN STANDALONE" + return 0 +} + + + Index: /tags/2.5.0/test/testrun_1a.sh =================================================================== --- /tags/2.5.0/test/testrun_1a.sh (revision 189) +++ /tags/2.5.0/test/testrun_1a.sh (revision 189) @@ -0,0 +1,160 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +PREBUILDOPTS="--quiet $TRUST --enable-debug --enable-static --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" +export PREBUILDOPTS + +MAXTEST=1; export MAXTEST + +testrun_stealth () +{ + tcount=14 + + if test -r "Makefile"; then + $MAKE distclean >/dev/null + fi + + ${TOP_SRCDIR}/configure ${BUILDOPTS} + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE >/dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + CONVERT=`find_path convert` + if [ x"$CONVERT" = x ]; then + [ -z "$verbose" ] || log_msg_fail "ImageMagick convert not found"; + return 1 + fi + "$CONVERT" --help | grep ImageMagick >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Convert utility is not ImageMagick convert"; + return 1 + fi + "${CONVERT}" +compress stealth_template.jpg stealth_template.ps + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Converting stealth_template.jpg failed"; + return 1 + fi + + $MAKE samhain_stealth >/dev/null 2>>test_log + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "make samhain_stealth"; + return 1 + fi + capacity=`./samhain_stealth -i stealth_template.ps | awk '{ print $7 }'` + + prep_init + check_err $? ${tcount}; errval=$? + if [ $errval -eq 0 ]; then + prep_testdata + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + prep_testpolicy 1 + check_err $? ${tcount}; errval=$? + fi + + if [ $errval -eq 0 ]; then + fill=`cat "${RCFILE}" | wc -c` + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + let "capacity = capacity - fill" >/dev/null + let "capacity = capacity - 100" >/dev/null + until [ "$capacity" -le 0 ] + do + echo "###############################" >>"${RCFILE}" + let "capacity = capacity - 32" >/dev/null + done + + ./samhain_stealth -s stealth_template.ps "${RCFILE}" >/dev/null + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + cp stealth_template.ps "${RCFILE}" + check_err $? ${tcount}; errval=$? + fi + + if [ $errval -eq 0 ]; then + run_init + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + eval mod_testdata_1 + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + run_check + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + eval chk_testdata_1 + check_err $? ${tcount}; errval=$? + fi + if [ $testrun1_setup -eq 0 ]; then + if [ $errval -eq 0 ]; then + run_update + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + run_check_after_update + check_err $? ${tcount}; errval=$? + fi + fi + + if [ $errval -eq 0 ]; then + [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST}; + fi + return 0 +} + +testrun1a () +{ + log_start "RUN STANDALONE W/STEALTH" + # + # micro-stealth + # + #BUILDOPTS="$PREBUILDOPTS --enable-micro-stealth=137"; export BUILDOPTS + #testrun_internal + + CONVERT=`find_path convert` + if [ x"$CONVERT" = x ]; then + log_skip 1 ${MAXTEST} "ImageMagick convert not found"; + return 0 + fi + BUILDOPTS="$PREBUILDOPTS --enable-stealth=137"; export BUILDOPTS + testrun_stealth + check_err $? ${tcount}; + log_end "RUN STANDALONE W/STEALTH" + return 0 +} + Index: /tags/2.5.0/test/testrun_1b.sh =================================================================== --- /tags/2.5.0/test/testrun_1b.sh (revision 189) +++ /tags/2.5.0/test/testrun_1b.sh (revision 189) @@ -0,0 +1,458 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +MAXTEST=7; export MAXTEST +LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE +RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE + +testrun1b_modrc () +{ + ORIGINAL="\[EOF\]" + REPLACEMENT="\[PortCheck\]" + ex -s $RCFILE <>"$RCFILE" + echo "PortCheckInterface = 127.0.0.1" >>"$RCFILE" +} + +testrun1b_internal () +{ + BUILDOPTS="$1" + # + # test standalone compilation + # + [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } + # + if test -r "Makefile"; then + $MAKE distclean >/dev/null >&1 + fi + # + # Bootstrapping + # + ${TOP_SRCDIR}/configure >/dev/null 2>/dev/null + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure (bootstrap)..."; + $MAKE > /dev/null 2>&1 + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make (bootstrap)..."; + else + [ -z "$quiet" ] && log_msg_fail "make (bootstrap)..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure (bootstrap)..."; + return 1 + fi + # + # + ${TOP_SRCDIR}/configure ${BUILDOPTS} 2>/dev/null | \ + egrep 'use existing [./[:alnum:]]+ for gpg checksum' >/dev/null + # + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>&1 + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + SKIP=`awk '/^__ARCHIVE_FOLLOWS__/ { print NR + 1; exit 0; }' ${SCRIPTDIR}/test.sh` + + tail -n "+$SKIP" ${SCRIPTDIR}/test.sh >/dev/null 2>&1 + if [ $? -eq 0 ]; then + tail -n "+$SKIP" ${SCRIPTDIR}/test.sh | gunzip -c - 2>/dev/null | tar xf - && \ + mv "./testrc.gpg.asc" "$RCFILE" + else + tail "+$SKIP" ${SCRIPTDIR}/test.sh | gunzip -c - 2>/dev/null | tar xf - && \ + mv "./testrc.gpg.asc" "$RCFILE" + fi + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "extract gpg signed files..."; + else + [ -z "$quiet" ] && log_msg_fail "extract gpg signed files..."; + return 1 + fi + + if test "x$2" = "x"; then + : + else + CONVERT="$2" + if test -f "${TOP_SRCDIR}/stealth_template.jpg"; then + [ -z "$verbose" ] || log_msg_ok "convert..." + "${CONVERT}" +compress "${TOP_SRCDIR}/stealth_template.jpg" stealth_template.ps >/dev/null + else + [ -z "$quiet" ] && log_msg_fail "cannot find file stealth_template.jpg" + return 1 + fi + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_msg_fail "${CONVERT} +compress ${TOP_SRCDIR}/stealth_template.jpg stealth_template.ps"; + return 1 + fi + + [ -z "$verbose" ] || log_msg_ok "hide..." + ./samhain_stealth -s stealth_template.ps "$RCFILE" >/dev/null + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_msg_fail "${CONVERT} +compress ${TOP_SRCDIR}/stealth_template.jpg stealth_template.ps"; + return 1 + fi + + mv -f stealth_template.ps "$RCFILE" + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_msg_fail "mv -f stealth_template.ps $RCFILE"; + return 1 + fi + + fi + + rm -f ./.samhain_file + rm -f ./.samhain_log + rm -f ./.samhain_lock + + ./samhain -t init -p none -l info + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "init..."; + else + [ -z "$quiet" ] && log_msg_fail "init..."; + return 1 + fi + + mv $PW_DIR/.samhain_file.asc $PW_DIR/.samhain_file +} + +testrun1b_nogpg () +{ + BUILDOPTS="$1" + # + # test standalone compilation + # + [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } + # + if test -r "Makefile"; then + $MAKE distclean >/dev/null >&1 + fi + + ${TOP_SRCDIR}/configure ${BUILDOPTS} 2>/dev/null + # + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>&1 + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + rm -f ./.samhain_file + rm -f ./.samhain_log + rm -f ./.samhain_lock + + cp "${SCRIPTDIR}/testrc_1" "${RCFILE}" + + if test "x$2" = "xmodrc"; then + [ -z "$verbose" ] || log_msg_ok "mod rc..."; + testrun1b_modrc + fi + + ./samhain -t init -p none -l info + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "init..."; + else + [ -z "$quiet" ] && log_msg_fail "init..."; + return 1 + fi + +} + +do_test_1b () { + + ./samhain -t check -p none -l info + + if test x$? = x0; then + ./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}" + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_msg_fail "mv logfile..."; + return 1 + fi + [ -z "$verbose" ] || log_msg_ok "check..."; + else + [ -z "$quiet" ] && log_msg_fail "check..."; + return 1 + fi + # + tmp=`egrep "Checking.*/etc(>|\")" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 2 ]; then + [ -z "$verbose" ] || log_msg_fail "/etc"; + return 1 + fi + tmp=`egrep "Checking.*(>|\")" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 8 ]; then + [ -z "$verbose" ] || log_msg_fail "checking"; + return 1 + fi + egrep "ADDED" $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + [ -z "$verbose" ] || log_msg_fail "init was incomplete"; + return 1 + fi + # + return 0 +} + +do_test_1b_2 () { + + rm -f $PW_DIR/test_log_prelude + + "$PM" --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 & + PID=$! + + five_sec_sleep + + ./samhain -t check -p none -l info --set-prelude-severity=info --prelude --server-addr 127.0.0.1:5500 >/dev/null + + if test x$? = x0; then + ./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}" + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_msg_fail "mv logfile..."; + kill $PID + return 1 + fi + [ -z "$verbose" ] || log_msg_ok "check..."; + else + [ -z "$quiet" ] && log_msg_fail "check..."; + kill $PID + return 1 + fi + # + tmp=`egrep 'File original:.*name=etc.*path=/etc' test_log_prelude 2>/dev/null | wc -l` + if [ $tmp -lt 1 ]; then + [ -z "$verbose" ] || log_msg_fail "/etc"; + fi + tmp=`egrep 'Classification text: Checking' test_log_prelude 2>/dev/null | wc -l` + if [ $tmp -lt 1 ]; then + [ -z "$verbose" ] || log_msg_fail "checking"; + fi + # + if test "x$2" = "xmodrc"; then + tmp=`egrep 'Classification text: Service opened' test_log_prelude 2>/dev/null | wc -l` + if [ $tmp -lt 1 ]; then + [ -z "$verbose" ] || log_msg_fail "service"; + fi + tmp=`egrep 'Service: port=5500' test_log_prelude 2>/dev/null | wc -l` + if [ $tmp -lt 1 ]; then + [ -z "$verbose" ] || log_msg_fail "port 5500"; + fi + fi + # + kill $PID + return 0 +} + +testrun1b () +{ + log_start "RUN STANDALONE W/STEALTH W/GPG" + GPG=`find_path gpg` + if [ -z "$GPG" ]; then + log_skip 1 $MAXTEST 'gpg not found in $PATH' + log_skip 2 $MAXTEST 'gpg not found in $PATH' + log_skip 3 $MAXTEST 'gpg not found in $PATH' + log_skip 4 $MAXTEST 'gpg not found in $PATH' + log_skip 5 $MAXTEST 'gpg not found in $PATH' + log_skip 6 $MAXTEST 'gpg not found in $PATH' + log_skip 7 $MAXTEST 'gpg not found in $PATH' + else + eval "$GPG" --list-keys 0F571F6C >/dev/null 2>/dev/null + if [ $? -ne 0 ]; then + log_skip 1 $MAXTEST 'public PGP key 0x0F571F6C not present' + log_skip 2 $MAXTEST 'public PGP key 0x0F571F6C not present' + log_skip 3 $MAXTEST 'public PGP key 0x0F571F6C not present' + log_skip 4 $MAXTEST 'public PGP key 0x0F571F6C not present' + log_skip 5 $MAXTEST 'public PGP key 0x0F571F6C not present' + log_skip 6 $MAXTEST 'public PGP key 0x0F571F6C not present' + log_skip 7 $MAXTEST 'public PGP key 0x0F571F6C not present' + else + # + # ------------- first test ------------- + # + BUILDOPTS="--quiet $TRUST --enable-debug --with-gpg=${GPG} --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" + testrun1b_internal "${BUILDOPTS}" + do_test_1b + if [ $? -eq 0 ]; then + log_ok 1 $MAXTEST 'gpg signed config/database files' + else + log_fail 1 $MAXTEST 'gpg signed config/database files' + fi + + + # + # ------------- second test ------------- + # + BUILDOPTS="--quiet $TRUST --enable-debug --with-gpg=${GPG} --with-checksum --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" + testrun1b_internal "${BUILDOPTS}" + do_test_1b + if [ $? -eq 0 ]; then + log_ok 2 $MAXTEST 'gpg signed config/database files' + else + log_fail 2 $MAXTEST 'gpg signed config/database files' + fi + + + # + # ------------- third test ------------- + # + BUILDOPTS="--quiet $TRUST --enable-debug --with-gpg=${GPG} --with-checksum --with-fp=EF6CEF54701A0AFDB86AF4C31AAD26C80F571F6C --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" + testrun1b_internal "${BUILDOPTS}" + do_test_1b + if [ $? -eq 0 ]; then + log_ok 3 $MAXTEST 'gpg signed config/database files' + else + log_fail 3 $MAXTEST 'gpg signed config/database files' + fi + + + # + # ------------- fourth test ------------- + # + PRECONV=`find_path convert` + "${PRECONV}" --help | grep ImageMagick >/dev/null 2>&1 && \ + CONVERT="${PRECONV}" + + if [ -z "$CONVERT" ]; then + log_skip 2 $MAXTEST 'ImageMagick convert not found in $PATH' + else + BUILDOPTS="--quiet $TRUST --enable-debug --with-gpg=${GPG} --with-checksum --enable-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" + testrun1b_internal "${BUILDOPTS}" "$CONVERT" + do_test_1b + if [ $? -eq 0 ]; then + log_ok 4 $MAXTEST 'gpg signed config/database files' + else + log_fail 4 $MAXTEST 'gpg signed config/database files' + fi + fi + + + # + # ------------- fifth test ------------- + # + if ! test -d /var/run/prelude-manager + then + [ -z "$verbose" ] || log_msg_ok "create /var/run/prelude-manager..."; + sudo mkdir /var/run/prelude-manager + sudo chown prelude:rainer /var/run/prelude-manager + sudo chmod 770 /var/run/prelude-manager + fi + # + PM=`find_path prelude-manager` + if [ -z "$PM" ]; then + log_skip 5 $MAXTEST 'prelude-manager not found in $PATH' + elif [ -z "$doall" ]; then + log_skip 5 $MAXTEST 'logging to prelude (or use --really-all)' + else + BUILDOPTS="--quiet $TRUST --enable-debug --with-prelude --with-gpg=${GPG} --with-checksum --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" + testrun1b_internal "${BUILDOPTS} CFLAGS=-DSH_NOFAILOVER=1" + do_test_1b_2 + if [ $? -eq 0 ]; then + log_ok 5 $MAXTEST 'logging to prelude' + else + log_fail 5 $MAXTEST 'logging to prelude' + fi + fi + + # + # ------------- sixth test ------------- + # + if ! test -d /var/run/prelude-manager + then + [ -z "$verbose" ] || log_msg_ok "create /var/run/prelude-manager..."; + sudo mkdir /var/run/prelude-manager + sudo chown prelude:rainer /var/run/prelude-manager + sudo chmod 770 /var/run/prelude-manager + fi + # + PM=`find_path prelude-manager` + if [ -z "$PM" ]; then + log_skip 6 $MAXTEST 'prelude-manager not found in $PATH' + elif [ -z "$doall" ]; then + log_skip 6 $MAXTEST 'logging to prelude (or use --really-all)' + else + BUILDOPTS="--quiet $TRUST --with-prelude --enable-login-watch --enable-mounts-check --enable-process-check --enable-port-check --enable-suidcheck --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" + testrun1b_nogpg "${BUILDOPTS} CFLAGS=-DSH_NOFAILOVER=1" + do_test_1b_2 + if [ $? -eq 0 ]; then + log_ok 6 $MAXTEST 'logging to prelude' + else + log_fail 6 $MAXTEST 'logging to prelude' + fi + fi + + # + # ------------- seventh test ----------- + # + if ! test -d /var/run/prelude-manager + then + [ -z "$verbose" ] || log_msg_ok "create /var/run/prelude-manager..."; + sudo mkdir /var/run/prelude-manager + sudo chown prelude:rainer /var/run/prelude-manager + sudo chmod 770 /var/run/prelude-manager + fi + # + PM=`find_path prelude-manager` + if [ -z "$PM" ]; then + log_skip 7 $MAXTEST 'prelude-manager not found in $PATH' + elif [ -z "$doall" ]; then + log_skip 7 $MAXTEST 'logging to prelude (or use --really-all)' + else + BUILDOPTS="--quiet $TRUST --with-prelude --enable-login-watch --enable-mounts-check --enable-process-check --enable-port-check --enable-suidcheck --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" + testrun1b_nogpg "${BUILDOPTS} CFLAGS=-DSH_NOFAILOVER=1" "modrc" + do_test_1b_2 + if [ $? -eq 0 ]; then + log_ok 7 $MAXTEST 'logging to prelude' + else + log_fail 7 $MAXTEST 'logging to prelude' + fi + fi + + fi + fi + log_end "RUN STANDALONE W/STEALTH W/GPG" + return 0 +} + Index: /tags/2.5.0/test/testrun_1c.sh =================================================================== --- /tags/2.5.0/test/testrun_1c.sh (revision 189) +++ /tags/2.5.0/test/testrun_1c.sh (revision 189) @@ -0,0 +1,414 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +BUILDOPTS="--quiet $TRUST --enable-xml-log --enable-suidcheck --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" +export BUILDOPTS + +MAXTEST=7; export MAXTEST + +## Quarantine SUID/SGID files if found +# +# SuidCheckQuarantineFiles = yes + +## Method for Quarantining files: +# 0 - Delete or truncate the file. +# 1 - Remove SUID/SGID permissions from file. +# 2 - Move SUID/SGID file to quarantine dir. +# +# SuidCheckQuarantineMethod = 0 + +## For method 0 and 2, really delete instead of truncating +# +# SuidCheckQuarantineDelete = yes + +SUIDPOLICY_7=" +[ReadOnly] +file=${BASE} +[SuidCheck] +SuidCheckActive = yes +SuidCheckExclude = ${BASE}/a/a +SuidCheckInterval = 10 +SeveritySuidCheck = crit +SuidCheckQuarantineFiles = no +SuidCheckQuarantineMethod = 2 +SuidCheckQuarantineDelete = yes +" + +mod_suiddata_7 () { + one_sec_sleep + chmod 4444 "${BASE}/a/a/y" + chmod 4444 "${BASE}/a/a/a/y" + mkdir "${BASE}/a/abc" + touch "${BASE}/a/abc/y" + chmod 4444 "${BASE}/a/abc/y" +} + +chk_suiddata_7 () { + one_sec_sleep + tmp=`ls -l "${BASE}/a/a/y" 2>/dev/null | awk '{ print $1}'` + if [ "x$tmp" = "x-r-Sr--r--" ]; then + egrep "CRIT.*POLICY \[SuidCheck\].*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y"; + return 1 + fi + egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y"; + return 1 + fi + else + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (suid not kept)"; + return 1 + fi + tmp=`ls -l "${BASE}/a/a/a/y" 2>/dev/null | awk '{ print $1}'` + if [ "x$tmp" = "x-r-Sr--r--" ]; then + egrep "CRIT.*POLICY \[SuidCheck\].*${BASE}/a/a/a/y" $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/a/y"; + return 1 + fi + egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/a/y" $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/a/y"; + return 1 + fi + else + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/a/y (suid not kept)"; + return 1 + fi + tmp=`ls -l "${BASE}/a/abc/y" 2>/dev/null | awk '{ print $1}'` + if [ "x$tmp" = "x-r-Sr--r--" ]; then + egrep "CRIT.*POLICY \[SuidCheck\].*${BASE}/a/abc/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/abc/y"; + return 1 + fi + egrep "CRIT.*POLICY ADDED.*${BASE}/a/abc/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/abc/y"; + return 1 + fi + return 0; + else + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/abc/y (suid not kept)"; + return 1 + fi +} + + +SUIDPOLICY_6=" +[ReadOnly] +file=${BASE} +[SuidCheck] +SuidCheckActive = yes +SuidCheckInterval = 10 +SeveritySuidCheck = crit +SuidCheckQuarantineFiles = no +SuidCheckQuarantineMethod = 2 +SuidCheckQuarantineDelete = yes +" + +mod_suiddata_6 () { + one_sec_sleep + chmod 4755 "${BASE}/a/a/y" +} + +chk_suiddata_6 () { + one_sec_sleep + tmp=`ls -l "${BASE}/a/a/y" 2>/dev/null | awk '{ print $1}'` + if [ "x$tmp" = "x-rwsr-xr-x" ]; then + egrep "CRIT.*POLICY \[SuidCheck\].*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y"; + return 1 + fi + egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y"; + return 1 + fi + return 0; + else + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (suid not kept)"; + return 1 + fi +} + +SUIDPOLICY_5=" +[ReadOnly] +file=${BASE} +[SuidCheck] +SuidCheckActive = yes +SuidCheckInterval = 10 +SeveritySuidCheck = crit +SuidCheckQuarantineFiles = yes +SuidCheckQuarantineMethod = 2 +SuidCheckQuarantineDelete = yes +" + +mod_suiddata_5 () { + one_sec_sleep + chmod 4755 "${BASE}/a/a/y" +} + +chk_suiddata_5 () { + one_sec_sleep + if [ ! -f "${BASE}/a/a/x" ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/x (erroneously deleted)"; + return 1 + fi + if [ -f "${BASE}/a/a/y" ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not deleted)"; + return 1 + fi + if [ -f .quarantine/y ]; then + if [ -f .quarantine/y.info ]; then + return 0; + else + [ -z "$verbose" ] || log_msg_fail ".quarantine/y.info (missing)"; + return 1 + fi + else + [ -z "$verbose" ] || log_msg_fail ".quarantine/y (missing)"; + return 1 + fi +} + +SUIDPOLICY_4=" +[ReadOnly] +file=${BASE} +[SuidCheck] +SuidCheckActive = yes +SuidCheckInterval = 10 +SeveritySuidCheck = crit +SuidCheckQuarantineFiles = yes +SuidCheckQuarantineMethod = 2 +SuidCheckQuarantineDelete = no +" + +mod_suiddata_4 () { + one_sec_sleep + chmod 4755 "${BASE}/a/a/y" +} + +chk_suiddata_4 () { + one_sec_sleep + tmp=`cat "${BASE}/a/a/y" 2>/dev/null | wc -c` + if [ $tmp -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not truncated)"; + return 1 + fi + if [ -f .quarantine/y ]; then + if [ -f .quarantine/y.info ]; then + return 0; + else + [ -z "$verbose" ] || log_msg_fail ".quarantine/y.info (missing)"; + return 1 + fi + else + [ -z "$verbose" ] || log_msg_fail ".quarantine/y (missing)"; + return 1 + fi +} + +SUIDPOLICY_3=" +[ReadOnly] +file=${BASE} +[SuidCheck] +SuidCheckActive = yes +SuidCheckInterval = 10 +SeveritySuidCheck = crit +SuidCheckQuarantineFiles = yes +SuidCheckQuarantineMethod = 1 +SuidCheckQuarantineDelete = no +" + +mod_suiddata_3 () { + one_sec_sleep + chmod 4755 "${BASE}/a/a/y" +} + +chk_suiddata_3 () { + one_sec_sleep + tmp=`ls -l "${BASE}/a/a/y" 2>/dev/null | awk '{ print $1}'` + if [ "x$tmp" = "x-rwxr-xr-x" ]; then + return 0; + else + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (suid not removed)"; + return 1 + fi +} + +SUIDPOLICY_2=" +[ReadOnly] +file=${BASE} +[SuidCheck] +SuidCheckActive = yes +SuidCheckInterval = 10 +SeveritySuidCheck = crit +SuidCheckQuarantineFiles = yes +SuidCheckQuarantineMethod = 0 +SuidCheckQuarantineDelete = no +" + +mod_suiddata_2 () { + one_sec_sleep + chmod 4755 "${BASE}/a/a/y" +} + +chk_suiddata_2 () { + one_sec_sleep + tmp=`cat "${BASE}/a/a/y" 2>/dev/null | wc -c` + if [ $tmp -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not truncated)"; + return 1 + fi +} + +SUIDPOLICY_1=" +[ReadOnly] +file=${BASE} +[SuidCheck] +SuidCheckActive = yes +SuidCheckInterval = 10 +SeveritySuidCheck = crit +SuidCheckQuarantineFiles = yes +SuidCheckQuarantineMethod = 0 +SuidCheckQuarantineDelete = yes +" + +mod_suiddata_1 () { + one_sec_sleep + chmod 4755 "${BASE}/a/a/y" +} + +chk_suiddata_1 () { + one_sec_sleep + if [ -f "${BASE}/a/a/y" ]; then + [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not removed)"; + return 1 + fi +} + +prep_suidpolicy () +{ + test -f "${RCFILE}" || touch "${RCFILE}" + eval echo '"$'"SUIDPOLICY_$1"'"' >>"${RCFILE}" + if [ "x$1" = "x5" ]; then + chmod 4755 "${BASE}/a/a/x" + fi +} + +testrun_internal_1c () +{ + [ -z "$verbose" ] || echo Working directory: $PW_DIR + [ -z "$verbose" ] || { echo MAKE is $MAKE; echo; } + + # + # test standalone compilation + # + [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } + + if test -r "Makefile"; then + $MAKE distclean >/dev/null + fi + + ${TOP_SRCDIR}/configure ${BUILDOPTS} + + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE 'DBGDEF=-DSH_SUIDTESTDIR=\"${BASE}\"' >/dev/null 2>&1 + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + [ -z "$verbose" ] || { echo; echo "${S}Running test suite${E}"; echo; } + + tcount=1 + POLICY=`eval echo '"$'"SUIDPOLICY_$tcount"'"'` + + until [ -z "$POLICY" ] + do + prep_init + check_err $? ${tcount}; errval=$? + if [ $errval -eq 0 ]; then + prep_testdata + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + prep_suidpolicy ${tcount} + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + run_init + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + eval mod_suiddata_${tcount} + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + run_check + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + eval chk_suiddata_${tcount} + check_err $? ${tcount}; errval=$? + fi + if [ $testrun1_setup -eq 0 ]; then + if [ $errval -eq 0 ]; then + run_update + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + run_check_after_update + check_err $? ${tcount}; errval=$? + fi + fi + # + if [ $errval -eq 0 ]; then + [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST}; + fi + let "tcount = tcount + 1" >/dev/null + POLICY=`eval echo '"$'"SUIDPOLICY_$tcount"'"'` + done + + return 0 +} + +testrun1c () +{ + log_start "RUN STANDALONE W/SUIDCHK" + testrun_internal_1c + log_end "RUN STANDALONE W/SUIDCHK" + return 0 +} + Index: /tags/2.5.0/test/testrun_1d.sh =================================================================== --- /tags/2.5.0/test/testrun_1d.sh (revision 189) +++ /tags/2.5.0/test/testrun_1d.sh (revision 189) @@ -0,0 +1,261 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +BUILDOPTS="--quiet $TRUST --enable-xml-log --enable-process-check --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" +export BUILDOPTS + +MAXTEST=3; export MAXTEST + +PROCPOLICY_3=" +[ReadOnly] +file=${BASE} +[ProcessCheck] +ProcessCheckActive = yes +ProcessCheckPsPath = ${PW_DIR}/${SCRIPTDIR}/testrun_1d.sh +ProcessCheckPsArg = --fake +ProcessCheckMaxPid = 67000 +" + +chk_procdata_3 () { + one_sec_sleep + + egrep 'CRIT.*POLICY \[Process\] Fake pid: 66666[[:space:]]' $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Fake pid"; + return 1 + fi + egrep 'CRIT.*POLICY \[Process\] Fake pid: [012345789]+[[:space:]]' $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Fake pids incorrect"; + return 1 + fi +} + +PROCPOLICY_2=" +[ReadOnly] +file=${BASE} +[ProcessCheck] +ProcessCheckActive = yes +" + +chk_procdata_2 () { + one_sec_sleep + + egrep 'CRIT.*POLICY \[Process\] Hidden pid' $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Hidden pids (ps)"; + return 1 + fi +} + + +PROCPOLICY_1=" +[ReadOnly] +file=${BASE} +[ProcessCheck] +ProcessCheckActive = yes +ProcessCheckPsPath = ${PW_DIR}/${SCRIPTDIR}/testrun_1d.sh +ProcessCheckPsArg = --hide +" + + +chk_procdata_1 () { + one_sec_sleep + + egrep 'CRIT.*POLICY \[Process\] Hidden pid: [[:digit:]][[:space:]]' $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Hidden pids"; + return 1 + fi + egrep 'CRIT.*POLICY \[Process\] Hidden pid: [[:digit:]][[:digit:]]+[[:space:]]' $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Hidden pids incorrect"; + return 1 + fi +} + +prep_procpolicy () +{ + test -f "${RCFILE}" || touch "${RCFILE}" + eval echo '"$'"PROCPOLICY_$1"'"' >>"${RCFILE}" +} + +testrun_internal_1d () +{ + [ -z "$verbose" ] || echo Working directory: $PW_DIR + [ -z "$verbose" ] || { echo MAKE is $MAKE; echo; } + + # + # test standalone compilation + # + [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } + + if test -r "Makefile"; then + $MAKE distclean >/dev/null + fi + + tcount=1 + ${TOP_SRCDIR}/configure ${BUILDOPTS} + + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE >/dev/null 2>&1 + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + [ -z "$verbose" ] || { echo; echo "${S}Running test suite${E}"; echo; } + + POLICY=`eval echo '"$'"PROCPOLICY_$tcount"'"'` + + until [ -z "$POLICY" ] + do + prep_init + check_err $? ${tcount}; errval=$? + if [ $errval -eq 0 ]; then + prep_testdata + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + prep_procpolicy ${tcount} + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + run_init + check_err $? ${tcount}; errval=$? + fi + for iseq in 0 1 2 3 4 5 6 7 8 9; do + rm -f "$LOGFILE" + if [ $errval -eq 0 ]; then + run_check + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + eval chk_procdata_${tcount} + check_err $? ${tcount}; errval=$? + fi + done + # + if [ $errval -eq 0 ]; then + [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST}; + fi + let "tcount = tcount + 1" >/dev/null + POLICY=`eval echo '"$'"PROCPOLICY_$tcount"'"'` + + done + + return 0 +} + +testrun1d () +{ + log_start "RUN STANDALONE W/PROCESSCHECK" + testrun_internal_1d + log_end "RUN STANDALONE W/PROCESSCHECK" + return 0 +} + +proc_pspath () +{ + PS=ps + for ff in /usr/ucb /bin /usr/bin; do + if test -x "$ff/ps"; then + PS="$ff/ps" + break + fi + done + echo "$PS" +} + +proc_psarg () +{ + OS=`uname -s` + case $OS in + *Linux*|*linux*) + PSARG="-eT";; + *OpenBSD*) + PSARG="akx";; + *) + PS=`proc_pspath` + $PS ax >/dev/null 2>&1 + if test $? -eq 0; then + one=`$PS ax | wc -l` + else + one=0 + fi + $PS -e >/dev/null 2>&1 + if test $? -eq 0; then + two=`$PS -e | wc -l` + else + two=0 + fi + if test $one -ge $two + then + PSARG="ax" + else + PSARG="-e" + fi + ;; + esac + echo "$PSARG" +} + +proc_hide() +{ + PSPATH=`proc_pspath` + PSARG=`proc_psarg` + + "${PSPATH}" "${PSARG}" | egrep -v '^[[:space:]]*[[:digit:]]{1}[[:space:]]+' +} + +proc_fake() +{ + FAKE_PID=2 + PSPATH=`proc_pspath` + PSARG=`proc_psarg` + + "${PSPATH}" "${PSARG}" + if [ x"${PSARG}" = x-eT ]; then + echo "66666 66666 pts/2 S 0:14 THIS_IS_FAKE" + else + echo "66666 pts/2 S 0:14 THIS_IS_FAKE" + fi +} + +if [ "x$1" = "x--hide" ]; then + proc_hide; + exit 0; +fi + +if [ "x$1" = "x--fake" ]; then + proc_fake; + exit 0; +fi + Index: /tags/2.5.0/test/testrun_1e.sh =================================================================== --- /tags/2.5.0/test/testrun_1e.sh (revision 189) +++ /tags/2.5.0/test/testrun_1e.sh (revision 189) @@ -0,0 +1,238 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +BUILDOPTS="--quiet $TRUST --enable-xml-log --enable-port-check --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" +export BUILDOPTS + +MAXTEST=4; export MAXTEST + +PORTPOLICY_4=" +[ReadOnly] +file=${BASE} +[PortCheck] +PortCheckActive = yes +PortCheckUDP = no +" + +chk_portdata_4 () { + one_sec_sleep + + egrep 'CRIT.*POLICY \[ServiceNew\]' $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + + [ -z "$verbose" ] || log_msg_fail "Open ports"; + return 1 + fi +} + +refine_portpolicy_4 () +{ + cat "$LOGFILE" | grep ServiceNew | sed 's/.*port: //' | awk '{ print $1 }' | \ + while read line; do + echo "PortCheckSkip=$line" >>"${RCFILE}" + done + echo "PortCheckIgnore=2026/tcp" >>"${RCFILE}" + echo "PortCheckIgnore=2027/udp" >>"${RCFILE}" + echo "PortCheckIgnore=2028/tcp" >>"${RCFILE}" + echo "PortCheckIgnore=2029/udp" >>"${RCFILE}" +} + +PORTPOLICY_3=" +[ReadOnly] +file=${BASE} +[PortCheck] +PortCheckActive = yes +PortCheckUDP = no +" + +chk_portdata_3 () { + one_sec_sleep + + egrep 'CRIT.*POLICY \[ServiceNew\]' $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + + [ -z "$verbose" ] || log_msg_fail "Open ports"; + return 1 + fi +} + +refine_portpolicy_3 () +{ + cat "$LOGFILE" | grep ServiceNew | sed 's/.*port: //' | awk '{ print $1 }' | \ + while read line; do + echo "PortCheckIgnore=$line" >>"${RCFILE}" + done + echo "PortCheckIgnore=2026/tcp" >>"${RCFILE}" + echo "PortCheckIgnore=2027/udp" >>"${RCFILE}" + echo "PortCheckIgnore=2028/tcp" >>"${RCFILE}" + echo "PortCheckIgnore=2029/udp" >>"${RCFILE}" +} + + +PORTPOLICY_2=" +[ReadOnly] +file=${BASE} +[PortCheck] +PortCheckActive = yes +PortCheckUDP = no +" + +chk_portdata_2 () { + one_sec_sleep + + egrep 'CRIT.*POLICY \[ServiceNew\]' $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + + [ -z "$verbose" ] || log_msg_fail "Open ports"; + return 1 + fi +} + +refine_portpolicy_2 () +{ + cat "$LOGFILE" | grep ServiceNew | sed 's/.*port: //' | awk '{ print $1 }' | \ + while read line; do + echo "PortCheckOptional=$line" >>"${RCFILE}" + done +} + +PORTPOLICY_1=" +[ReadOnly] +file=${BASE} +[PortCheck] +PortCheckActive = yes +PortCheckUDP = no +" + +chk_portdata_1 () { + one_sec_sleep + + egrep 'CRIT.*POLICY \[ServiceNew\]' $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + + [ -z "$verbose" ] || log_msg_fail "Open ports"; + return 1 + fi +} + +refine_portpolicy_1 () +{ + cat "$LOGFILE" | grep ServiceNew | sed 's/.*port: //' | awk '{ print $1 }' | \ + while read line; do + echo "PortCheckRequired=$line" >>"${RCFILE}" + done +} + +prep_portpolicy () +{ + test -f "${RCFILE}" || touch "${RCFILE}" + eval echo '"$'"PORTPOLICY_$1"'"' >>"${RCFILE}" +} + +testrun_internal_1e () +{ + [ -z "$verbose" ] || echo Working directory: $PW_DIR + [ -z "$verbose" ] || { echo MAKE is $MAKE; echo; } + + # + # test standalone compilation + # + [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } + + if test -r "Makefile"; then + $MAKE distclean >/dev/null + fi + + tcount=1 + ${TOP_SRCDIR}/configure ${BUILDOPTS} + + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE >/dev/null 2>&1 + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + [ -z "$verbose" ] || { echo; echo "${S}Running test suite${E}"; echo; } + + POLICY=`eval echo '"$'"PORTPOLICY_$tcount"'"'` + + until [ -z "$POLICY" ] + do + prep_init + check_err $? ${tcount}; errval=$? + if [ $errval -eq 0 ]; then + prep_testdata + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + prep_portpolicy ${tcount} + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + run_init + check_err $? ${tcount}; errval=$? + fi + # + if [ $errval -eq 0 ]; then + eval refine_portpolicy_${tcount} + check_err $? ${tcount}; errval=$? + fi + # + rm -f "$LOGFILE" + # + if [ $errval -eq 0 ]; then + run_check + check_err $? ${tcount}; errval=$? + fi + if [ $errval -eq 0 ]; then + eval chk_portdata_${tcount} + check_err $? ${tcount}; errval=$? + fi + # + if [ $errval -eq 0 ]; then + [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST}; + fi + let "tcount = tcount + 1" >/dev/null + POLICY=`eval echo '"$'"PORTPOLICY_$tcount"'"'` + done + + return 0 +} + +testrun1e () +{ + log_start "RUN STANDALONE W/PORTCHECK" + testrun_internal_1e + log_end "RUN STANDALONE W/PORTCHECK" + return 0 +} + + Index: /tags/2.5.0/test/testrun_2.sh =================================================================== --- /tags/2.5.0/test/testrun_2.sh (revision 189) +++ /tags/2.5.0/test/testrun_2.sh (revision 189) @@ -0,0 +1,825 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE +RCFILE="$PW_DIR/testrc_2"; export RCFILE +HTML="$PW_DIR/yule.html"; export HTML + + +do_test_1 () { + + [ -z "$verbose" ] || { + echo; + echo "${S}Start Server${E}: ./yule -l info -p none &"; + echo; + } + + rm -f test_log_valgrind + + ${VALGRIND} ./yule.2 -l info -p none >/dev/null 2>>test_log_valgrind & + PROC_Y2=$! + five_sec_sleep + + [ -z "$verbose" ] || { + echo; + echo "${S}Start Server #2${E}: ./yule.2 -l info -p none &"; + echo; + } + + ${VALGRIND} ./yule -l info -p none -e info --bind-address=127.0.0.1 \ + --server-port=49778 >/dev/null 2>>test_log_valgrind & + PROC_Y=$! + five_sec_sleep + + [ -z "$verbose" ] || { + echo; + echo "${S}Start Client${E}: ./samhain.new -l none -p none -e info -t check"; + echo; + } + + ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; + else + [ -z "$quiet" ] && log_msg_fail "samhain.new -t check"; + kill $PROC_Y + kill $PROC_Y2 + return 1 + fi + + kill $PROC_Y + kill $PROC_Y2 + five_sec_sleep + + # cp ${LOGFILE} triple_test + # cp ${LOGFILE}2 triple_test_2 + + egrep "START(>|\").*Yule(>|\")" ${LOGFILE}2 >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server #2 start"; + return 1 + fi + egrep "remote_host.*Checking.*/bin" ${LOGFILE}2 >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client file check (relayed)"; + return 1 + fi + egrep "remote_host.*EXIT.*Samhain" ${LOGFILE}2 >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client exit (relayed)"; + return 1 + fi + egrep "EXIT.*Yule.*SIGTERM" ${LOGFILE}2 >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server #2 exit"; + return 1 + fi + + + egrep "START(>|\").*Yule(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server start"; + return 1 + fi + egrep "NEW CLIENT" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client connect"; + return 1 + fi + egrep "remote_host.*Checking.*/bin" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client file check"; + return 1 + fi + egrep "remote_host.*EXIT.*Samhain" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client exit"; + return 1 + fi + egrep "EXIT.*Yule.*SIGTERM" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server exit"; + return 1 + fi + + [ -z "$VALGRIND" ] || { + tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; + if [ $tmp -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; + cat test_log_valgrind + return 1; + fi; + } + + return 0 +} + +do_test_2 () { + + ORIGINAL="UseSeparateLogs=no" + REPLACEMENT="UseSeparateLogs=yes" + ex -s $RCFILE </dev/null 2>>test_log_valgrind & + PROC_Y=$! + five_sec_sleep + + [ -z "$verbose" ] || { + echo; + echo "${S}Start Client${E}: ./samhain.new -l none -p none -e info -t check"; + echo; + } + + ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; + else + [ -z "$quiet" ] && log_msg_fail "samhain.new -t check"; + kill $PROC_Y + return 1 + fi + + kill $PROC_Y + five_sec_sleep + + if [ -f ${LOGFILE}.${SH_LOCALHOST} ]; then + remhost=${SH_LOCALHOST} + else + remhost=`echo $SH_LOCALHOST | sed 's,\..*,,'` + fi + if [ -f ${LOGFILE}.${remhost} ]; then + CLIENTLOG="${LOGFILE}.${remhost}" + else + tail -n 1 ${SCRIPTDIR}/test.sh >/dev/null 2>&1 + if [ $? -eq 0 ]; then + CLIENTLOG=`ls -1 ${LOGFILE}.* 2>/dev/null | tail -n 1` + else + CLIENTLOG=`ls -1 ${LOGFILE}.* 2>/dev/null | tail -1` + fi + fi + + egrep "START(>|\").*Yule(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server start"; + return 1 + fi + egrep "NEW CLIENT" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client connect"; + return 1 + fi + egrep "remote_host.*Checking.*/bin" ${CLIENTLOG} >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client file check"; + return 1 + fi + egrep "remote_host.*EXIT.*Samhain" ${CLIENTLOG} >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client exit"; + return 1 + fi + egrep "EXIT.*Yule.*SIGTERM" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server exit"; + return 1 + fi + + [ -z "$VALGRIND" ] || { + tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; + if [ $tmp -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; + cat test_log_valgrind + return 1; + fi; + } + + rm -f ${LOGFILE}.${remhost} + return 0 +} + +do_test_3 () { + + ORIGINAL_1="ExportSeverity=none" + REPLACEMENT_1="ExportSeverity=mark" + ORIGINAL_2="UseSeparateLogs=yes" + REPLACEMENT_2="UseSeparateLogs=no" + ORIGINAL_3="LogSeverity=none" + REPLACEMENT_3="LogSeverity=debug" + ORIGINAL_4="# SetClientTimeLimit=1800" + REPLACEMENT_4="SetClientTimeLimit=20" + # takes too much time if we leave that in + ORIGINAL_5="dir=1" + REPLACEMENT_5="#dir=1" + ex -s $RCFILE </dev/null 2>>test_log_valgrind & + PROC_Y=$! + five_sec_sleep + + [ -z "$verbose" ] || { + echo; + echo "${S}Start Client${E}: ./samhain.new -l none -p none -t check"; + echo; + } + + ${VALGRIND} ./samhain.new -t check -p none -l none --forever --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind & + if test x$? = x0; then + PROC_S=$! + # echo "PID is ${PROC_S}" + [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; + five_sec_sleep + # Redirect the shells (un-)helpful job monitoring messages. + # The 'disown' buildin is not portable. + { kill -9 ${PROC_S}; sleep 40; } >/dev/null 2>&1 + else + [ -z "$quiet" ] && log_msg_fail "samhain.new -t check"; + kill $PROC_Y + return 1 + fi + + if [ -t 0 ]; then + # enable monitor mode again if interactive + set -m + fi + + + kill $PROC_Y + five_sec_sleep + + egrep "START(>|\").*Yule(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server start"; + return 1 + fi + egrep "NEW CLIENT" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client connect"; + return 1 + fi + egrep "remote_host.*File check completed.*" ${LOGFILE} >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client file check"; + return 1 + fi + egrep "Time limit exceeded" ${LOGFILE} >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client dead detection"; + return 1 + fi + egrep "EXIT.*Yule.*SIGTERM" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server exit"; + return 1 + fi + + [ -z "$VALGRIND" ] || { + tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; + if [ $tmp -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; + cat test_log_valgrind + return 1; + fi; + } + + rm -f ${LOGFILE} + return 0 +} + +do_test_4 () { + + # don't know what is supported on the test platform, so + # prepare for both (password and socket credential) + + # 'id -u' is posix + if test -f /usr/xpg4/bin/id + then + me=`/usr/xpg4/bin/id -u` + else + me=`id -u` + fi + + ORIGINAL_1="SetSocketAllowUid=0" + REPLACEMENT_1="SetSocketAllowUid=$me" + ex -s $RCFILE </dev/null 2>>test_log_valgrind & + PROC_Y=$! + five_sec_sleep + + [ -z "$verbose" ] || { + echo; + echo "${S}Start Client${E}: ./samhain.new -l none -p none -e info -t check"; + echo; + } + + $MAKE yulectl >/dev/null + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "make yulectl"; + kill $PROC_Y + return 1 + fi + + + ./yulectl -v -c RELOAD foobar1 >test_log_yulectl 2>/dev/null + + if [ $? -ne 0 ]; then + YULECTL_PASSWORD=samhain; export YULECTL_PASSWORD + ./yulectl -v -c RELOAD foobar1 >test_log_yulectl + if [ $? -ne 0 ]; then + kill ${PROC_Y} + [ -z "$verbose" ] || log_msg_fail "yulectl"; + return 1 + fi + fi + + ./yulectl -v -c RELOAD foobar2 >test_yulectl_log + + if [ $? -ne 0 ]; then + kill ${PROC_Y} + [ -z "$verbose" ] || log_msg_fail "yulectl"; + return 1 + fi + + ./yulectl -v -c RELOAD foobar3 >test_log_yulectl + + if [ $? -ne 0 ]; then + kill ${PROC_Y} + [ -z "$verbose" ] || log_msg_fail "yulectl"; + return 1 + fi + + ./yulectl -v -c LISTALL dummy >test_log_yulectl + + if [ $? -ne 0 ]; then + kill ${PROC_Y} + [ -z "$verbose" ] || log_msg_fail "yulectl"; + return 1 + fi + + tmp=`cat test_log_yulectl | grep RELOAD | wc -l` + if [ $tmp -ne 3 ]; then + kill ${PROC_Y} + [ -z "$verbose" ] || log_msg_fail "command confirmation"; + return 1 + fi + + ./yulectl -v -c CANCEL foobar3 >test_log_yulectl + + if [ $? -ne 0 ]; then + kill ${PROC_Y} + [ -z "$verbose" ] || log_msg_fail "yulectl"; + return 1 + fi + + ./yulectl -v -c LISTALL dummy >test_log_yulectl + + if [ $? -ne 0 ]; then + kill ${PROC_Y} + [ -z "$verbose" ] || log_msg_fail "yulectl"; + return 1 + fi + + tmp=`cat test_log_yulectl | grep RELOAD | wc -l` + if [ $tmp -ne 2 ]; then + kill ${PROC_Y} + [ -z "$verbose" ] || log_msg_fail "command confirmation"; + return 1 + fi + + kill ${PROC_Y} + one_sec_sleep + one_sec_sleep + kill -9 ${PROC_Y} >/dev/null 2>&1 + + [ -z "$VALGRIND" ] || { + tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; + if [ $tmp -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; + cat test_log_valgrind + return 1; + fi; + } + + return 0 +} + +do_test_5 () { + + [ -z "$verbose" ] || { + echo; + echo "${S}Start Server${E}: ./yule -l info -p none &"; + echo; + } + +( cat < +test + +Current time: %T
+ + +EOF +) >head.html + +( cat < +
+ + +EOF +) >foot.html + +( cat < + + %H + %S + %T + + +EOF +) >entry.html + + ${VALGRIND} ./yule -l info -p none -e none \ + >/dev/null 2>>test_log_valgrind & + PROC_Y=$! + five_sec_sleep + + egrep '' $HTML >/dev/null 2>&1 + if [ $? -ne 0 ]; then + # rm -f head.html; rm -f foot.html; rm -f entry.html; + kill $PROC_Y + [ -z "$verbose" ] || log_msg_fail "head.html (1)"; + return 1 + fi + + egrep '' $HTML >/dev/null 2>&1 + if [ $? -ne 0 ]; then + rm -f head.html; rm -f foot.html; rm -f entry.html; + kill $PROC_Y + [ -z "$verbose" ] || log_msg_fail "foot.html (1)"; + return 1 + fi + + [ -z "$verbose" ] || { + echo; + echo "${S}Start Client${E}: ./samhain.new -l none -p none -e info -t check"; + echo; + } + + ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; + else + kill $PROC_Y + [ -z "$quiet" ] && log_msg_fail "samhain.new -t check"; + return 1 + fi + + kill $PROC_Y + five_sec_sleep + + # rm -f head.html; rm -f foot.html; rm -f entry.html; + + egrep "START(>|\").*Yule(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server start"; + return 1 + fi + egrep "NEW CLIENT" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client connect"; + return 1 + fi + egrep "remote_host.*Checking.*/bin" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client file check"; + return 1 + fi + egrep "remote_host.*EXIT.*Samhain" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client exit"; + return 1 + fi + egrep "EXIT.*Yule.*SIGTERM" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server exit"; + return 1 + fi + + egrep '' $HTML >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "head.html"; + return 1 + fi + egrep '' $HTML >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "end head.html"; + return 1 + fi + + egrep '' $HTML >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "entry.html"; + return 1 + fi + egrep '' $HTML >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "end entry.html"; + return 1 + fi + + egrep '' $HTML >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "foot.html"; + return 1 + fi + egrep '' $HTML >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "end foot.html"; + return 1 + fi + + [ -z "$VALGRIND" ] || { + tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; + if [ $tmp -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; + cat test_log_valgrind + return 1; + fi; + } + + return 0 +} + + +testrun2_internal () +{ + [ -z "$verbose" ] || { + echo; + echo Working directory: $PW_DIR; echo MAKE is $MAKE; + echo; + } + # + # + [ -z "$verbose" ] || { echo; echo "${S}Building client and server${E}"; echo; } + # + if test -r "Makefile"; then + $MAKE distclean + fi + # + ${TOP_SRCDIR}/configure --quiet $TRUST --enable-debug --enable-network=client --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file --enable-encrypt=2 + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + # save binary and build server2 + # + cp samhain samhain.build || return 1 + $MAKE clean >/dev/null || return 1 + + ${TOP_SRCDIR}/configure --quiet $TRUST --enable-debug --enable-network=server --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=${RCFILE}2 --with-log-file=${LOGFILE}2 --with-pid-file=$PW_DIR/.samhain_lock2 --with-html-file=${HTML}2 --with-state-dir=$PW_DIR --enable-encrypt=2 --with-port=49778 + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + # save binary and build server + # + cp yule yule.2 || return 1 + $MAKE clean >/dev/null || return 1 + + ${TOP_SRCDIR}/configure --quiet $TRUST --enable-debug --enable-network=server --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-html-file=$HTML --with-state-dir=$PW_DIR --enable-encrypt=2 + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + + ##################################################################### + # + # + rm -f ./.samhain_file + rm -f ./.samhain_log + rm -f ./.samhain_lock + + cp ${SCRIPTDIR}/testrc_2.in testrc_2 + + ./samhain.build -t init -p none + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "init..."; + else + [ -z "$quiet" ] && log_msg_fail "init..."; + return 1 + fi + + # Create a password + + SHPW=`./yule -G` + if test x"$SHPW" = x; then + [ -z "$quiet" ] && log_msg_fail "password not generated -- aborting" + return 1 + fi + + # Set in client + + ./samhain_setpwd samhain.build new $SHPW >/dev/null + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "./samhain_setpwd samhain.build new $SHPW"; + else + [ -z "$quiet" ] && log_msg_fail "./samhain_setpwd samhain.build new $SHPW"; + return 1 + fi + + mv samhain.build.new samhain.new || return 1 + + # Set in server + + ./samhain_setpwd yule new $SHPW >/dev/null + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "./samhain_setpwd yule new $SHPW"; + else + [ -z "$quiet" ] && log_msg_fail "./samhain_setpwd yule new $SHPW"; + return 1 + fi + + mv yule.new yule || return 1 + + # + + rm -f ./.samhain_log* + rm -f ./.samhain_lock* + + SHCLT=`./yule -P $SHPW` + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "yule -P $SHPW"; + else + [ -z "$quiet" ] && log_msg_fail "yule -P $SHPW"; + return 1 + fi + + SHCLT1=`echo "${SHCLT}" | sed s%HOSTNAME%${SH_LOCALHOST}%` + AHOST=`find_hostname` + SHCLT2=`echo "${SHCLT}" | sed s%HOSTNAME%${AHOST}%` + + + echo $SHCLT1 >> testrc_2 + echo $SHCLT2 >> testrc_2 + cp testrc_2 testrc_22 + + do_test_1 + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok 1 ${MAXTEST} "Client logging"; + else + [ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Client logging"; + fi + + do_test_2 + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok 2 ${MAXTEST} "Client logging, separate logfiles"; + else + [ -z "$quiet" ] && log_fail 2 ${MAXTEST} "Client logging, separate logfiles"; + fi + + do_test_3 + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok 3 ${MAXTEST} "Dead client detection"; + else + [ -z "$quiet" ] && log_fail 3 ${MAXTEST} "Dead client detection"; + fi + + do_test_4 + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok 4 ${MAXTEST} "Server command socket"; + else + [ -z "$quiet" ] && log_fail 4 ${MAXTEST} "Server command socket"; + fi + + do_test_5 + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok 5 ${MAXTEST} "Server status file"; + else + [ -z "$quiet" ] && log_fail 5 ${MAXTEST} "Server status file"; + fi + + return $? +} + +MAXTEST=5; export MAXTEST + +testrun2 () +{ + log_start "RUN CLIENT/SERVER" + + if [ x"$1" = x ]; then + [ -z "$quiet" ] && log_msg_fail "Missing hostname" + fi + # + SH_LOCALHOST=$1; export SH_LOCALHOST + # + testrun2_internal + # + log_end "RUN CLIENT/SERVER" + + return 0 +} + Index: /tags/2.5.0/test/testrun_2a.sh =================================================================== --- /tags/2.5.0/test/testrun_2a.sh (revision 189) +++ /tags/2.5.0/test/testrun_2a.sh (revision 189) @@ -0,0 +1,306 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE +RCFILE="$PW_DIR/testrc_2"; export RCFILE + +SERVER_BUILDOPTS="--quiet $TRUST --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST} --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export SERVER_BUILDOPTS + +CLIENT_BUILDOPTS="--quiet $TRUST --enable-network=client --enable-srp --prefix=$PW_DIR --with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$RCFILE --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=localhost --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --enable-suidcheck"; export CLIENT_BUILDOPTS + +do_test_1_a () { + + [ -z "$verbose" ] || { + echo; + echo "${S}Start Server${E}: ./yule -l info -p none &"; + echo; + } + rm -f test_log_valgrind + + ${VALGRIND} ./yule -l info -p none >/dev/null 2>>test_log_valgrind & + PROC_Y=$! + five_sec_sleep + + [ -z "$verbose" ] || { + echo; + echo "${S}Start Client${E}: ./samhain.new -l none -p none -e info -t check"; + echo; + } + + ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; + else + [ -z "$quiet" ] && log_msg_fail "samhain.new -t check"; + kill $PROC_Y + return 1 + fi + + kill $PROC_Y + five_sec_sleep + + egrep "START(>|\").*Yule(>|\")" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server start"; + return 1 + fi + egrep "NEW CLIENT" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client connect"; + return 1 + fi + egrep "Checking.*/etc" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client file check"; + return 1 + fi + egrep "EXIT.*Samhain" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client exit"; + return 1 + fi + egrep "EXIT.*Yule.*SIGTERM" $LOGFILE >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server exit"; + return 1 + fi + + [ -z "$VALGRIND" ] || { + tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; + if [ $tmp -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; + cat test_log_valgrind + return 1; + fi; + } + + return 0 +} + +testrun2a_internal () +{ + [ -z "$verbose" ] || { + echo; + echo Working directory: $PW_DIR; echo MAKE is $MAKE; + echo; + } + # + # + [ -z "$verbose" ] || { echo; echo "${S}Building client and server${E}"; echo; } + # + if test -r "Makefile"; then + $MAKE distclean + fi + # + ${TOP_SRCDIR}/configure ${CLIENT_BUILDOPTS} + # + # Limit suid check + # + BASE="${PW_DIR}"; export BASE + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE 'DBGDEF=-DSH_SUIDTESTDIR=\"${BASE}\"' > /dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + # save binary and build server + # + cp samhain samhain.build || return 1 + $MAKE clean >/dev/null || return 1 + + ${TOP_SRCDIR}/configure ${SERVER_BUILDOPTS} + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + + ##################################################################### + # + # + rm -f ./.samhain_file + rm -f ./.samhain_log + rm -f ./.samhain_lock + rm -f ./rc.${SH_LOCALHOST} + rm -f ./file.${SH_LOCALHOST} + rm -f "./rc.${ALTHOST}" + rm -f "./file.${ALTHOST}" + + cp ${SCRIPTDIR}/testrc_2.in testrc_2 + + ./samhain.build -t init -p none + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "init..."; + else + [ -z "$quiet" ] && log_msg_fail "init..."; + return 1 + fi + + # Create a password + + SHPW=`./yule -G` + if test x"$SHPW" = x; then + [ -z "$quiet" ] && log_msg_fail "password not generated -- aborting" + return 1 + fi + + # Set in client + + ./samhain_setpwd samhain.build new $SHPW >/dev/null + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "./samhain_setpwd samhain.build new $SHPW"; + else + [ -z "$quiet" ] && log_msg_fail "./samhain_setpwd samhain.build new $SHPW"; + return 1 + fi + + mv samhain.build.new samhain.new || return 1 + + rm -f ./.samhain_log* + rm -f ./.samhain_lock + + SHCLT=`./yule -P $SHPW` + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "yule -P $SHPW"; + else + [ -z "$quiet" ] && log_msg_fail "yule -P $SHPW"; + return 1 + fi + + SHCLT1=`echo "${SHCLT}" | sed s%HOSTNAME%${SH_LOCALHOST}%` + AHOST=`find_hostname` + SHCLT2=`echo "${SHCLT}" | sed s%HOSTNAME%${AHOST}%` + + + echo $SHCLT1 >> testrc_2 + echo $SHCLT2 >> testrc_2 + + + cp ./testrc_2 ./rc.${SH_LOCALHOST} + mv ./.samhain_file ./file.${SH_LOCALHOST} + + ALTHOST=`find_hostname` + cp ./testrc_2 "./rc.${ALTHOST}" + cp ./file.${SH_LOCALHOST} "./file.${ALTHOST}" 2>/dev/null +} + +MAXTEST=5; export MAXTEST + +testrun2a () +{ + log_start "RUN FULL CLIENT/SERVER"; + # + if [ x"$1" = x ]; then + [ -z "$quiet" ] && log_msg_fail "Missing hostname" + fi + # + SH_LOCALHOST=$1; export SH_LOCALHOST + # + testrun2a_internal + do_test_1_a + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok 1 ${MAXTEST} "Client download+logging"; + else + [ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Client download+logging"; + fi + # + SERVER_BUILDOPTS_ORIG="${SERVER_BUILDOPTS}" + CLIENT_BUILDOPTS_ORIG="${CLIENT_BUILDOPTS}" + # + SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG} --disable-srp"; export SERVER_BUILDOPTS + CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --disable-srp"; export CLIENT_BUILDOPTS + # + testrun2a_internal + do_test_1_a + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok 2 ${MAXTEST} "SRP disabled"; + else + [ -z "$quiet" ] && log_fail 2 ${MAXTEST} "SRP disabled"; + fi + # + SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG} --disable-encrypt"; export SERVER_BUILDOPTS + CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --disable-encrypt"; export CLIENT_BUILDOPTS + # + testrun2a_internal + do_test_1_a + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok 3 ${MAXTEST} "Encryption disabled"; + else + [ -z "$quiet" ] && log_fail 3 ${MAXTEST} "Encryption disabled"; + fi + # + SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG} --enable-encrypt=1"; export SERVER_BUILDOPTS + CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --enable-encrypt=1"; export CLIENT_BUILDOPTS + # + testrun2a_internal + do_test_1_a + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok 4 ${MAXTEST} "Encryption (v1)"; + else + [ -z "$quiet" ] && log_fail 4 ${MAXTEST} "Encryption (v1)"; + fi + # + SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG}"; export SERVER_BUILDOPTS + CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --enable-encrypt=1"; export CLIENT_BUILDOPTS + # + testrun2a_internal + do_test_1_a + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok 5 ${MAXTEST} "Encryption backward compat"; + else + [ -z "$quiet" ] && log_fail 5 ${MAXTEST} "Encryption backward compat"; + fi + # + if [ -n "$cleanup" ]; then + rm -f ./rc.${SH_LOCALHOST} + rm -f ./file.${SH_LOCALHOST} + ALTHOST=`find_hostname` + rm -f "./file.${ALTHOST}" + rm -f "./rc.${ALTHOST}" + fi + # + log_end "RUN FULL CLIENT/SERVER" +} + Index: /tags/2.5.0/test/testrun_2b.sh =================================================================== --- /tags/2.5.0/test/testrun_2b.sh (revision 189) +++ /tags/2.5.0/test/testrun_2b.sh (revision 189) @@ -0,0 +1,215 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE +RCFILE="$PW_DIR/testrc_2"; export RCFILE +RCFILE_C="$PW_DIR/testrc_1.dyn"; export RCFILE_C + +SERVER_BUILDOPTS="--quiet $TRUST --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST} --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export SERVER_BUILDOPTS + +CLIENT_BUILDOPTS="--quiet $TRUST --enable-micro-stealth=137 --enable-debug --enable-network=client --enable-srp --prefix=$PW_DIR --with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER${RCFILE_C} --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=localhost --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS + +testrun2b_internal () +{ + GPG="$1" + + [ -z "$verbose" ] || { + echo; + echo Working directory: $PW_DIR; echo MAKE is $MAKE; echo GPG is $GPG; + echo; + } + + [ -z "$verbose" ] || { echo; echo "${S}Building client and server${E}"; echo; } + + if test -r "Makefile"; then + $MAKE distclean + fi + + ${TOP_SRCDIR}/configure --with-gpg=${GPG} --with-checksum=no ${CLIENT_BUILDOPTS} >/dev/null 2>&1 + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + SKIP=`awk '/^__ARCHIVE_FOLLOWS__/ { print NR + 1; exit 0; }' ${SCRIPTDIR}/test.sh` + + tail -n "+$SKIP" ${SCRIPTDIR}/test.sh >/dev/null 2>&1 + if [ $? -eq 0 ]; then + tail -n "+$SKIP" ${SCRIPTDIR}/test.sh | gunzip -c - 2>/dev/null | tar xf - && \ + mv "./testrc.gpg.asc" "${RCFILE_C}" + else + tail "+$SKIP" ${SCRIPTDIR}/test.sh | gunzip -c - 2>/dev/null | tar xf - && \ + mv "./testrc.gpg.asc" "${RCFILE_C}" + fi + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "extract gpg signed files..."; + else + [ -z "$quiet" ] && log_msg_fail "extract gpg signed files..."; + return 1 + fi + + # save binary and build server + + cp samhain samhain.build || return 1 + $MAKE clean >/dev/null || return 1 + + ${TOP_SRCDIR}/configure ${SERVER_BUILDOPTS} + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + + ##################################################################### + # + # + rm -f ./.samhain_file + rm -f ./.samhain_log + rm -f ./.samhain_lock + rm -f ./rc.${SH_LOCALHOST} + rm -f ./file.${SH_LOCALHOST} + + cp ${SCRIPTDIR}/testrc_2.in testrc_2 + + ./samhain.build -t init -p none + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "init..."; + else + [ -z "$quiet" ] && log_msg_fail "init..."; + return 1 + fi + + # Create a password + + SHPW=`./yule -G` + if test x"$SHPW" = x; then + [ -z "$quiet" ] && log_msg_fail "password not generated -- aborting" + return 1 + fi + + # Set in client + + ./samhain_setpwd samhain.build new $SHPW >/dev/null + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "./samhain_setpwd samhain.build new $SHPW"; + else + [ -z "$quiet" ] && log_msg_fail "./samhain_setpwd samhain.build new $SHPW"; + return 1 + fi + + mv samhain.build.new samhain.new || return 1 + + rm -f ./.samhain_log* + rm -f ./.samhain_lock + + SHCLT=`./yule -P $SHPW` + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "yule -P $SHPW"; + else + [ -z "$quiet" ] && log_msg_fail "yule -P $SHPW"; + return 1 + fi + + SHCLT1=`echo "${SHCLT}" | sed s%HOSTNAME%${SH_LOCALHOST}%` + AHOST=`find_hostname` + SHCLT2=`echo "${SHCLT}" | sed s%HOSTNAME%${AHOST}%` + + + echo $SHCLT1 >> testrc_2 + echo $SHCLT2 >> testrc_2 + + + cp "${RCFILE_C}" ./rc.${SH_LOCALHOST} + mv $PW_DIR/.samhain_file.asc ./file.${SH_LOCALHOST} + + ALTHOST=`find_hostname` + cp "${RCFILE_C}" "./rc.${ALTHOST}" + cp ./file.${SH_LOCALHOST} "./file.${ALTHOST}" 2>/dev/null +} + +MAXTEST=1; export MAXTEST + +testrun2b () +{ + log_start "RUN FULL CLIENT/SERVER W/GPG"; + # + if [ x"$1" = x ]; then + [ -z "$quiet" ] && log_msg_fail "Missing hostname" + fi + # + GPG=`find_path gpg` + if [ -z "$GPG" ]; then + log_skip 1 $MAXTEST 'gpg not found in $PATH' + else + eval "$GPG" --list-keys 0F571F6C >/dev/null 2>/dev/null + if [ $? -ne 0 ]; then + log_skip 1 $MAXTEST 'public PGP key 0x0F571F6C not present' + else + + SH_LOCALHOST=$1; export SH_LOCALHOST + + testrun2b_internal "$GPG" + + SAVE_VALGRIND="${VALGRIND}"; VALGRIND=''; export VALGRIND + do_test_1_a + VALGRIND="${SAVE_VALGRIND}"; export VALGRIND + if [ $? -eq 0 ]; then + [ -z "$quiet" ] && log_ok 1 ${MAXTEST} "Client download+logging w/gpg"; + else + [ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Client download+logging w/gpg"; + fi + + if [ -n "$cleanup" ]; then + rm -f ./rc.${SH_LOCALHOST} + rm -f ./file.${SH_LOCALHOST} + ALTHOST=`find_hostname` + rm -f "./file.${ALTHOST}" + rm -f "./rc.${ALTHOST}" + fi + fi + fi + log_end "RUN FULL CLIENT/SERVER W/GPG" +} + Index: /tags/2.5.0/test/testrun_2c.sh =================================================================== --- /tags/2.5.0/test/testrun_2c.sh (revision 189) +++ /tags/2.5.0/test/testrun_2c.sh (revision 189) @@ -0,0 +1,238 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +SERVER_BUILDOPTS="--quiet $TRUST --enable-xml-log --enable-debug --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST} --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-database=mysql"; export SERVER_BUILDOPTS + +CLIENT_BUILDOPTS="--quiet $TRUST --prefix=$PW_DIR --with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --enable-network=client --disable-mail --disable-external-scripts --enable-login-watch --enable-xml-log --enable-db-reload --with-logserver=localhost --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS + +MAXTEST=3; export MAXTEST + +testrun_threesockets () { + + GPG="$1" + + [ -z "$verbose" ] || { + echo; + echo Working directory: $PW_DIR; echo MAKE is $MAKE; echo GPG is $GPG; + echo; + } + + [ -z "$verbose" ] || { echo; echo "${S}Building client and server${E}"; echo; } + + if test -r "Makefile"; then + $MAKE distclean + fi + + ${TOP_SRCDIR}/configure --with-gpg=${GPG} --with-fp=EF6CEF54701A0AFDB86AF4C31AAD26C80F571F6C --with-checksum=no ${SERVER_BUILDOPTS} >/dev/null 2>&1 + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + rm -f ./.samhain_file + rm -f ./.samhain_log + rm -f ./.samhain_lock + rm -f ./rc.${SH_LOCALHOST} + rm -f ./file.${SH_LOCALHOST} + + cp ${SCRIPTDIR}/testrc_2.in testrc_2 + + ORIGINAL="DatabaseSeverity=none" + REPLACEMENT="DatabaseSeverity=warn" + ex -s $RCFILE < '"${DATE}"';" | mysql --password=samhain -u samhain samhain >test_log_db + # + egrep "START.*Yule" test_log_db >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server start"; + return 1 + fi + egrep "NEW CLIENT" test_log_db >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client connect"; + return 1 + fi + egrep "Checking.*/bin" test_log_db >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client file check"; + return 1 + fi + egrep "EXIT.*Samhain" test_log_db >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client exit"; + return 1 + fi + egrep "EXIT.*Yule.*SIGTERM" test_log_db >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server exit"; + return 1 + fi + return 0 +} + +testrun2c () +{ + log_start "RUN FULL CLIENT/SERVER W/MYSQL" + # + if [ -z "$doall" ]; then + log_skip 1 $MAXTEST 'Client/server w/mysql (or use --really-all)' + log_skip 2 $MAXTEST 'Client/server w/mysql (or use --really-all)' + log_skip 3 $MAXTEST 'Client/server w/mysql (or use --really-all)' + return 0 + fi + if [ x"$1" = x ]; then + [ -z "$quiet" ] && log_msg_fail "Missing hostname" + fi + MYSQL=`find_path mysql` + if [ -z "$MYSQL" ]; then + log_skip 1 $MAXTEST "mysql not found"; + log_skip 2 $MAXTEST "mysql not found"; + log_skip 3 $MAXTEST "mysql not found"; + return 1 + else + TEST=`echo "DESCRIBE log;" | mysql --password=samhain -u samhain samhain 2>/dev/null` + if [ $? -ne 0 -o -z "$TEST" ]; then + log_skip 1 $MAXTEST "mysql not default setup" + log_skip 2 $MAXTEST "mysql not default setup" + log_skip 3 $MAXTEST "mysql not default setup" + return 1 + fi + fi + # + SH_LOCALHOST=$1; export SH_LOCALHOST + # + DATE=`date '+%Y-%m-%d %T'` + # + testrun2a_internal + # + ORIGINAL="DatabaseSeverity=none" + REPLACEMENT="DatabaseSeverity=info" + ex -s $RCFILE </dev/null 2>>test_log + five_sec_sleep + netstat -pant 2>/dev/null | grep 49777 | grep yule >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_fail 2 ${MAXTEST} "Client/server w/mysql"; + else + NSOCK=`netstat -pand 2>/dev/null | grep STREAM | grep yule | wc -l` + if [ $NSOCK -ne 2 ]; then + [ -z "$quiet" ] && log_fail 2 ${MAXTEST} "Three sockets open"; + netstat -pand 2>/dev/null | grep yule + else + [ -z "$quiet" ] && log_ok 2 ${MAXTEST} "Three sockets open"; + fi + fi + PID=`cat .samhain_lock` + kill $PID + else + log_fail 2 ${MAXTEST} "Three sockets open"; + fi + # + GPG=`find_path gpg` + if [ -z "$GPG" ]; then + log_skip 3 $MAXTEST 'gpg not found in $PATH' + else + eval "$GPG" --list-keys 0F571F6C >/dev/null 2>/dev/null + if [ $? -ne 0 ]; then + log_skip 3 $MAXTEST 'public PGP key 0x0F571F6C not present' + else + testrun_threesockets "$GPG" + + if [ -f ./yule ]; then + ./yule -D >/dev/null 2>>test_log + five_sec_sleep + netstat -pant 2>/dev/null | grep 49777 | grep yule >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_fail 3 ${MAXTEST} "Three sockets open (gpg)"; + else + NSOCK=`netstat -pand 2>/dev/null | grep STREAM | grep yule | wc -l` + if [ $NSOCK -ne 2 ]; then + [ -z "$quiet" ] && log_fail 3 ${MAXTEST} "Three sockets open (gpg)"; + netstat -pand 2>/dev/null | grep yule + else + [ -z "$quiet" ] && log_ok 3 ${MAXTEST} "Three sockets open (gpg)"; + fi + fi + PID=`cat .samhain_lock` + kill $PID + else + log_fail 3 ${MAXTEST} "Three sockets open (gpg)"; + fi + fi + fi + # + if [ -n "$cleanup" ]; then + rm -f ./rc.${SH_LOCALHOST} + rm -f ./file.${SH_LOCALHOST} + ALTHOST=`find_hostname` + rm -f "./file.${ALTHOST}" + rm -f "./rc.${ALTHOST}" + fi + # + log_end "RUN FULL CLIENT/SERVER W/MYSQL" +} + Index: /tags/2.5.0/test/testrun_2d.sh =================================================================== --- /tags/2.5.0/test/testrun_2d.sh (revision 189) +++ /tags/2.5.0/test/testrun_2d.sh (revision 189) @@ -0,0 +1,134 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +SERVER_BUILDOPTS="--quiet $TRUST --enable-xml-log --enable-debug --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST} --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-database=postgresql"; export SERVER_BUILDOPTS + +CLIENT_BUILDOPTS="--quiet $TRUST --prefix=$PW_DIR --with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --enable-network=client --disable-mail --disable-external-scripts --enable-login-watch --enable-xml-log --enable-db-reload --with-logserver=localhost --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS + +create_pgpass () { +touch ~/.pgpass +chmod 600 ~/.pgpass +cat > ~/.pgpass << EOF +localhost:*:samhain:samhain:samhain +EOF +} + +check_psql_log () { + DATE="$1" + + rm -f test_log_db + # PGPASSWORD=samhain; export PGPASSWORD + create_pgpass + psql -U samhain -d samhain -c "SELECT * FROM log WHERE entry_status = 'NEW' and log_time > '${DATE}';" >test_log_db + # + egrep "START.*Yule" test_log_db >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server start"; + return 1 + fi + egrep "NEW CLIENT" test_log_db >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client connect"; + return 1 + fi + egrep "Checking.*/bin" test_log_db >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client file check"; + return 1 + fi + egrep "EXIT.*Samhain" test_log_db >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Client exit"; + return 1 + fi + egrep "EXIT.*Yule.*SIGTERM" test_log_db >/dev/null 2>&1 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "Server exit"; + return 1 + fi + return 0 +} + +MAXTEST=1; export MAXTEST + +testrun2d () +{ + log_start "RUN FULL CLIENT/SERVER W/POSTGRESQL" + # + if [ -z "$doall" ]; then + log_skip 1 $MAXTEST 'Client/server w/postgresql (or use --really-all)' + return 0 + fi + if [ x"$1" = x ]; then + [ -z "$quiet" ] && log_msg_fail "Missing hostname" + fi + PSQL=`find_path psql` + if [ -z "$PSQL" ]; then + log_skip 1 $MAXTEST "psql not found"; + return 1 + else + # PGPASSWORD="samhain"; export PGPASSWORD + create_pgpass + TEST=`psql -U samhain -d samhain -c "SELECT * FROM log LIMIT 1;" 2>/dev/null` + if [ $? -ne 0 -o -z "$TEST" ]; then + log_skip 1 $MAXTEST "psql not default setup" + return 1 + fi + fi + # + SH_LOCALHOST=$1; export SH_LOCALHOST + # + DATE=`date '+%Y-%m-%d %T'` + # + testrun2a_internal + # + ORIGINAL="DatabaseSeverity=none" + REPLACEMENT="DatabaseSeverity=info" + ex -s $RCFILE <, hash=<24F0130C63AC933216166E76B1BB925FF373DE2D49584E7A> +string=, hash= +string=, hash=<9F00F599072300DD276ABB38C8EB6DEC37790C116F9D2BDF> +string=, hash=<87FB2A9083851CF7470D2CF810E6DF9EB586445034A5A386> +string=, hash=<467DB80863EBCE488DF1CD1261655DE957896565975F9197> +string=, hash=<0C410A042968868A1671DA5A3FD29A725EC1E457D3CDB303> +string=, hash= +string=, hash=<3D9AEB03D1BD1A6357B2774DFD6D5B24DD68151D503974FC> +string=, hash=<00B83EB4E53440C576AC6AAEE0A7485825FD15E70A59FFE4> Index: /tags/2.5.0/test/testtimesrv.sh =================================================================== --- /tags/2.5.0/test/testtimesrv.sh (revision 189) +++ /tags/2.5.0/test/testtimesrv.sh (revision 189) @@ -0,0 +1,423 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE +LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE +PIDFILE="$PW_DIR/.samhain_lock"; export PIDFILE + +BASE="${PW_DIR}/testrun_testdata"; export BASE +TDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; export TDIRS +TFILES="x y z"; export TFILES + +prep_testdata () +{ + if test -d "$BASE"; then + chmod -f -R 0700 "${BASE}" || { + [ -z "$quiet" ] && log_msg_fail "chmod -f -R 0700 ${BASE}"; + return 1; + } + fi + + rm -rf "${BASE}" || { + [ -z "$quiet" ] && log_msg_fail "rm -rf ${BASE}"; + return 1; + } + + mkdir "${BASE}" || { + [ -z "$quiet" ] && log_msg_fail "mkdir ${BASE}"; + return 1; + } + + for ff in $TDIRS; do + mkdir "${BASE}/${ff}" || { + [ -z "$quiet" ] && log_msg_fail "mkdir ${BASE}/${ff}"; + return 1; + } + chmod 0755 "${BASE}/${ff}" + for gg in $TFILES; do + echo "This is a test file" > "${BASE}/${ff}/${gg}" + chmod 0644 "${BASE}/${ff}/${gg}" + done + done +} + +mkconfig_misc () +{ + test -f "${RCFILE}" || touch "${RCFILE}" + cat >> "${RCFILE}" <> "${RCFILE}" <> "${RCFILE}" </dev/null + fi + # + ${TOP_SRCDIR}/configure --quiet --enable-debug --enable-xml-log --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PIDFILE --with-data-file=$PW_DIR/.samhain_file + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + prep_init && prep_testdata && echo "$TESTPOLICY" >>$RCFILE + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_msg_fail "prepare..."; + return 1 + fi + + ./samhain -t init -p none + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "init..."; + else + [ -z "$quiet" ] && log_msg_fail "init..."; + return 1 + fi + + chmod 0555 "${BASE}/a/x" + chmod 0555 "${BASE}/b/x" + + ./samhain -t check -p none -l info -D + + count=0 + until [ -f $PIDFILE ]; do + one_sec_sleep + let "count = count + 1" >/dev/null + if [ $count -gt 12 ]; then + break; + fi + done + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "start daemon..."; + else + [ -z "$quiet" ] && log_msg_fail "start daemon..."; + return 1 + fi + + return 0 +} + +MAXTEST=14; export MAXTEST + +die () { + test -z "$stoponerr" && return 0; + PID=`cat $PIDFILE` + kill -9 $PID +} + +killdaemon () { + if [ -f $PIDFILE ]; then + PID=`cat $PIDFILE` + kill -9 $PID + fi +} + +check_err () { + if [ ${2} -ne 0 ]; then + die; + [ -z "$quiet" ] && log_fail ${1} ${MAXTEST} "${3}"; + return 1 + else + [ -z "$quiet" ] && log_ok ${1} ${MAXTEST} "${3}"; + fi +} + +daemontest_started () { + PID=`cat $PIDFILE` + + kill -0 $PID + check_err ${1} $? "started" +} + +daemontest_sigterm () { + PID=`cat $PIDFILE` + + kill -15 $PID + count=0 + while [ `kill -0 $PID` ]; do + one_sec_sleep + let "count = count + 1" >/dev/null + if [ $count -gt 12 ]; then + check_err ${1} 1 "sigterm" + return 1 + fi + done + check_err ${1} 0 "sigterm" +} + +daemontest_sigusr2 () { + PID=`cat $PIDFILE` + + tmp=`grep 'File check completed' $LOGFILE | wc -l` + kill -USR2 $PID + kill -TTOU $PID + + count=0 + tmp2=`grep 'SUSPEND' $LOGFILE | wc -l` + while [ $tmp2 -ne $2 ]; do + one_sec_sleep + let "count = count + 1" >/dev/null + if [ $count -gt 12 ]; then + check_err ${1} 1 "sigusr2: suspend" + return 1 + fi + tmp2=`grep 'SUSPEND' $LOGFILE | wc -l` + done + + kill -USR2 $PID + + count=0 + tmp2=$tmp + while [ $tmp2 -eq $tmp ]; do + one_sec_sleep + let "count = count + 1" >/dev/null + if [ $count -gt 12 ]; then + check_err ${1} 1 "sigusr2: wakeup" + return 1 + fi + tmp2=`grep 'File check completed' $LOGFILE | wc -l` + done + check_err ${1} 0 "sigusr2" +} + +daemontest_sigttou () { + PID=`cat $PIDFILE` + + tmp=`grep 'File check completed' $LOGFILE | wc -l` + kill -TTOU $PID + count=0 + tmp2=$tmp + while [ $tmp2 -eq $tmp ]; do + one_sec_sleep + let "count = count + 1" >/dev/null + if [ $count -gt 12 ]; then + check_err ${1} 1 "sigttou" + return 1 + fi + tmp2=`grep 'File check completed' $LOGFILE | wc -l` + done + check_err ${1} 0 "sigttou" +} + +daemontest_sighup () { + + if [ $2 -eq 1 ]; then + echo "dir=${BASE}/b" >>$RCFILE + tmp=`grep CRIT $LOGFILE | grep -v Runtime | wc -l` + if [ $tmp -ne 1 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count (before)"; + return 1 + fi + fi + + PID=`cat $PIDFILE` + kill -HUP $PID + + if [ $2 -eq 1 ]; then + kill -TTOU $PID + count=0 + tmp=`grep CRIT $LOGFILE | grep -v Runtime | wc -l` + while [ $tmp -lt 2 ]; do + one_sec_sleep + if [ $count -gt 12 ]; then + [ -z "$verbose" ] || log_msg_fail "policy count (after)"; + return 1 + fi + tmp=`grep CRIT $LOGFILE | grep -v Runtime | wc -l` + done + fi + + count=0 + tmp2=0 + while [ $tmp2 -ne $2 ]; do + one_sec_sleep + let "count = count + 1" >/dev/null + if [ $count -gt 12 ]; then + check_err ${1} 1 "sighup" + return 1 + fi + tmp2=`grep 'Runtime configuration reloaded' $LOGFILE | wc -l` + done + check_err ${1} 0 "sighup" +} + +daemontest_sigabrt () { + PID=`cat $PIDFILE` + kill -ABRT $PID + + count=0 + while [ -f $LOGFILE.lock ]; do + one_sec_sleep + let "count = count + 1" >/dev/null + if [ $count -gt 12 ]; then + check_err ${1} 1 "sigabrt" + return 1 + fi + done + + kill -TTOU $PID + + five_sec_sleep + + if [ -f $LOGFILE.lock ]; then + tmp=`grep '' $LOGFILE | wc -l` + tst=$2; let "tst = tst + 2" >/dev/null; + if [ $tmp -eq $tst ]; then + check_err ${1} 0 "sigabrt" + return 0 + fi + fi + check_err ${1} 1 "sigabrt" +} + +testtime0 () { + log_start "DAEMON CONTROL" + + testtime0_int; + + tcount=1 + + trap 'killdaemon' 1 3 15 + + daemontest_started $tcount; + + let "tcount = tcount + 1" >/dev/null + daemontest_sigttou $tcount; + let "tcount = tcount + 1" >/dev/null + daemontest_sigttou $tcount; + let "tcount = tcount + 1" >/dev/null + daemontest_sigttou $tcount; + + let "tcount = tcount + 1" >/dev/null + daemontest_sigusr2 $tcount 1; + let "tcount = tcount + 1" >/dev/null + daemontest_sigusr2 $tcount 2; + let "tcount = tcount + 1" >/dev/null + daemontest_sigusr2 $tcount 3; + + let "tcount = tcount + 1" >/dev/null + daemontest_sigabrt $tcount 1; + let "tcount = tcount + 1" >/dev/null + daemontest_sigabrt $tcount 2; + let "tcount = tcount + 1" >/dev/null + daemontest_sigabrt $tcount 3; + + let "tcount = tcount + 1" >/dev/null + daemontest_sighup $tcount 1; + let "tcount = tcount + 1" >/dev/null + daemontest_sighup $tcount 2; + let "tcount = tcount + 1" >/dev/null + daemontest_sighup $tcount 3; + + let "tcount = tcount + 1" >/dev/null + daemontest_sigterm $tcount; + + log_end "DAEMON CONTROL" +} + + Index: /tags/2.5.0/yulerc.template =================================================================== --- /tags/2.5.0/yulerc.template (revision 189) +++ /tags/2.5.0/yulerc.template (revision 189) @@ -0,0 +1,337 @@ +##################################################################### +# +# Configuration file template for yule. +# +##################################################################### +# +# NOTE: This is a log server-only configuration file TEMPLATE. +# +# NOTE: The log server ('yule') will look for THAT configuration file +# that has been defined at compile time with the configure option +# ./configure --with-config-file=FILE +# The default is "/usr/local/etc/.samhainrc" (NOT "yulerc"). +# +##################################################################### +# +# -- empty lines and lines starting with '#', ';' or '//' are ignored +# -- you can PGP clearsign this file -- samhain will check (if compiled +# with support) or otherwise ignore the signature +# -- CHECK mail address +# +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +# +##################################################################### + + +[Log] +## +## Switch on/OFF log facilities and set their threshold severity +## +## Values: debug, info, notice, warn, mark, err, crit, alert, none. +## 'mark' is used for timestamps. +## +## +## Use 'none' to SWITCH OFF a log facility +## +## By default, everything equal to and above the threshold is logged. +## The specifiers '*', '!', and '=' are interpreted as +## 'all', 'all but', and 'only', respectively (like syslogd(8) does, +## at least on Linux). Examples: +## MailSeverity=* +## MailSeverity=!warn +## MailSeverity==crit + +## E-mail +## +# MailSeverity=none +MailSeverity=crit + +## Console +## +# PrintSeverity=info + +## Logfile +## +# LogSeverity=none + +## Syslog +## +# SyslogSeverity=none + +## External script or program +## +# ExternalSeverity = none + +## Logging to a database +## +# DatabaseSeverity = none + + +# [Database] +## +## --- Logging to a relational database +## + +## Database name +# +# SetDBName = samhain + +## Database table +# +# SetDBTable = log + +## Database user +# +# SetDBUser = samhain + +## Database password +# +# SetDBPassword = (default: none) + +## Database host +# +# SetDBHost = localhost + +## Log the server timestamp for received messages +# +SetDBServerTstamp = True + +## Use a persistent connection +# +UsePersistent = True + + + +# [External] +## +## Interface to call external scripts/programs for logging +## + +## The absolute path to the command +## - Each invocation of this directive will end the definition of the +## preceding command, and start the definition of +## an additional, new command +# +# OpenCommand = (no default) + +## Type (log or rv) +## - log for log messages, srv for messages received by the server +# +# SetType = log + +## The command (full command line) to execute +# +# SetCommandLine = (no default) + +## The environment (KEY=value; repeat for more) +# +# SetEnviron = TZ=(your timezone) + +## The TIGER192 checksum (optional) +# +# SetChecksum = (no default) + +## User who runs the command +# +# SetCredentials = (default: samhain process uid) + +## Words not allowed in message +# +# SetFilterNot = (none) + +## Words required (ALL of them) +# +# SetFilterAnd = (none) + +## Words required (at least one) +# +# SetFilterOr = (none) + +## Deadtime between consecutive calls +# +# SetDeadtime = 0 + +## Add default environment (HOME, PATH, SHELL) +# +# SetDefault = no + + +##################################################### +# +# Miscellaneous configuration options +# +##################################################### + + +[Misc] +# whether to become a daemon process +Daemon=yes + +## Interval between time stamp messages +# +# SetLoopTime = 60 +SetLoopTime = 600 + +## Normally, client messages are regarded as data within a +## server message of fixed severity. The following two +## options cause the server to use the original severity/class +## of client messages for logging. +# +# UseClientSeverity = False +# UseClientClass = False + +## The maximum time between client messages (seconds) +## This allows the server to flag clients that have exceeded +## the timeout limits; i.e. might have died for some reason. +# +# SetClientTimeLimit = 86400 + +## Use client address as known to the communication layer (might be +## incorrect if the client is behind NAT). The default is to use +## the client name as claimed by the client, and verify it against +## the former (might be incorrect if the client has several +## interfaces, and its hostname resolves to the wrong interface). +# +# SetClientFromAccept = False + +## If SetClientFromAccept is False (default), severity of a +## failure to resolve the hostname claimed by the client +## to the IP address of the socket peer. +# +# SeverityLookup = crit + +## The console device (can also be a file or named pipe) +## - There are two console devices. Accordingly, you can use +## this directive a second time to set the second console device. +## If you have not defined the second device at compile time, +## and you don't want to use it, then: +## setting it to /dev/null is less effective than just leaving +## it alone (setting to /dev/null will waste time by opening +## /dev/null and writing to it) +# +# SetConsole = /dev/console + +## Use separate logfiles for individual clients +# +# UseSeparateLogs = False + +## Enable listening on port 514/udp for logging of remote syslog +## messages (if optionally compiled with support for this) +# +# SetUDPActive = False + + +## Activate the SysV IPC message queue +# +# MessageQueueActive = False + + +## If false, skip reverse lookup when connecting to a host known +## by name rather than IP address (i.e. trust the DNS) +# +# SetReverseLookup = True + +## If true, open a Unix domain socket to listen for commands that should +## be passed to clients upon next connection. Only works on systems +## that support passing of peer credentials (for authentication) via sockets. +## Use yulectl to access the socket. +# +# SetUseSocket = False + +## The UID of the user that is allowed to pass commands to the server +## via the Unix domain socket. +# +# SetSocketAllowUid = 0 + +## --- E-Mail --- + +# Only highest-level (alert) reports will be mailed immediately, +# others will be queued. Here you can define, when the queue will +# be flushed (Note: the queue is automatically flushed after +# completing a file check). +# +# SetMailTime = 86400 + +## Maximum number of mails to queue +# +# SetMailNum = 10 + +## Recipient (max. 8) +# +# SetMailAddress=root@localhost + +## Mail relay (IP address) +# +# SetMailRelay = NULL + +## Custom subject format +# +# MailSubject = NULL + +## --- end E-Mail --- + +# The binary. Setting the path will allow +# samhain to check for modifications between +# startup and exit. +# +# SamhainPath=/usr/local/bin/yule + +## The IP address of the time server +# +# SetTimeServer = (default: compiled-in) + +## Trusted Users (comma delimited list of user names) +# +# TrustedUser = (no default; this adds to the compiled-in list) + +## Custom format for message header. +## CAREFUL if you use XML logfile format. +## +## %S severity +## %T timestamp +## %C class +## +## %F source file +## %L source line +# +# MessageHeader="%S %T " + + +## Don't log path to config/database file on startup +# +# HideSetup = False + +## The syslog facility, if you log to syslog +# +# SyslogFacility = LOG_AUTHPRIV + + +## The message authentication method +## - If you change this, you *must* change it +## on client *and* server +# +# MACType = HMAC-TIGER + + +[Clients] +## +## This is a sample registry entry for a client at host 'HOSTNAME'. This entry +## is valid for the default password. +## You are STRONGLY ADVISED to reset te password (see the README) and +## compute your own entries using 'samhain -P ' +## +## Usually, HOSTNAME should be a fully qualified hostname, +## no numerical address. +## -- exception: if the client (samhain) cannot determine the +## fully qualified hostname of its host, +## the numerical address may be required. +## You will know if you get a message like: +## 'Invalid connection attempt: Not in +## client list what.ever.it.is' +## +## First entry is for challenge/response, second one for SRP authentication. +# +# Client=HOSTNAME@00000000@C39F0EEFBC64E4A8BBF72349637CC07577F714B420B62882 +# Client=HOSTNAME@8F81BA58956F8F42@8932D08C49CA76BD843C51EDD1D6640510FA032A7A2403E572BBDA2E5C6B753991CF7E091141D20A2499C5CD3E14C1639D17482E14E1548E5246ACF4E7193D524CDDAC9C9D6A9A36C596B4ECC68BEB0C5BB7082224946FC98E3ADE214EA1343E2DA8DF4229D4D8572AD8679228928A787B6E5390D3A713102FFCC9D0B2188C92